Commit graph

4819 commits

Author SHA1 Message Date
Jerry Yu
e226cef124 Add NamedGroup IANA values and helper functions
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-09-08 09:52:15 +08:00
Jerry Yu
1bc2c1f1a3 fix various issues
fix comments, format and name conversion issues

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-09-03 16:29:20 +08:00
Jerry Yu
a2cf7bd243 fix comment issues
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-09-03 16:29:20 +08:00
Jerry Yu
995ecd396f fix wrong iana values and comments
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-09-03 16:29:20 +08:00
Jerry Yu
b3317e1a01 Add extension types in rfc8446
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-09-03 16:29:19 +08:00
Jerry Yu
7984d9931e Add tls1.3 extension IANA values
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-09-03 16:29:19 +08:00
Jerry Yu
a13c7e739c add dummy client hello process
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-09-03 16:29:19 +08:00
Manuel Pégourié-Gonnard
e45ee40f7e
Merge pull request #4811 from hanno-arm/tls13_ciphersuite_api
Add TLS 1.3 ciphersuite and key exchange identifiers and API
2021-08-30 09:47:46 +02:00
Jerry Yu
cadebe5343 fix several format and comment issues
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-08-25 18:13:42 +08:00
Andrey Starodubtsev
90cc33aad6 Misprint was fixed
Signed-off-by: Andrey Starodubtsev <andrey.starodubtsev@gmail.com>
2021-08-23 12:20:41 +03:00
Manuel Pégourié-Gonnard
01a78599b0
Merge pull request #4864 from hanno-arm/upstream_sig_alg_identifers
TLS 1.3 MVP: Upstream TLS 1.3 SignatureAlgorithm identifiers and configuration API
2021-08-19 09:12:59 +02:00
Jerry Yu
447a3bee17 fix wrong typo and format issues
Change-Id: I99a4c7d28c26bfcc43bc8947485d1dfafb6974dc
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-08-18 09:55:36 +08:00
Manuel Pégourié-Gonnard
684543a3a8
Merge pull request #4807 from hanno-arm/bio_recv_ret_0_eof
Document that returning 0 from the recv callback means EOF
2021-08-17 10:30:46 +02:00
Jerry Yu
7899de839c fix comments and format issues
Change-Id: I927d97f9d788389d6abb9edbda0f7c3e2f8e9b63
CustomizedGitHooks: yes
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-08-17 13:26:59 +08:00
Manuel Pégourié-Gonnard
93a3ca6caf
Merge pull request #4413 from gilles-peskine-arm/tls_ext_cid-config
Allow configuring MBEDTLS_TLS_EXT_CID at compile time
2021-08-13 10:49:50 +02:00
Gilles Peskine
7dd2f504b3 Allow configuring MBEDTLS_TLS_EXT_CID at compile time
The numerical identifier of the CID extension hasn't been settled yet
and different implementations use values from different drafts. Allow
configuring the value at compile time.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-08-12 10:31:01 +02:00
Hanno Becker
5d045a8b89 Stick to 'ephemeral' instead of ECDHE for TLS 1.3 key exchanges
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-08-12 06:31:14 +01:00
Hanno Becker
674f9480cf Fix typo: algorithmc -> algorithms
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-08-12 06:31:14 +01:00
Hanno Becker
d4fa9bc710 Remove outdated mentioning of version-specific ciphersuite config
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-08-12 06:31:14 +01:00
Hanno Becker
a2535931ac Add Doxygen documentation for TLS 1.3 key exchange macros
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-08-12 06:31:14 +01:00
Hanno Becker
71f1ed66c2 Add identifiers and API for configuration of TLS 1.3 key exchanges
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-08-12 06:28:45 +01:00
Hanno Becker
e486b2d7bb Document use of mbedtls_ssl_conf_ciphersuites() for TLS 1.3
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-08-12 06:28:45 +01:00
Hanno Becker
8ca26923eb Add TLS 1.3 ciphersuites
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-08-12 06:28:45 +01:00
Hanno Becker
e043d15d75 Turn comments of 1.3 record transforms into Doxygen documentation
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-08-12 06:22:52 +01:00
Hanno Becker
1cd6e0021f Add experimental API for configuration of TLS 1.3 sig algs
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-08-10 13:55:43 +01:00
Hanno Becker
551265f879 Add TLS 1.3 IANA signature-algorithm values
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-08-10 13:03:48 +01:00
Hanno Becker
3aa186f946 Add transforms to be used for TLS 1.3
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-08-10 09:24:19 +01:00
Hanno Becker
0e719ff341 Improve the documentation of legacy msg layer transforms
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-08-10 09:24:08 +01:00
Hanno Becker
b6bbbb174d Fix typo in documentation of ssl->transform_out
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-08-10 09:00:14 +01:00
Gilles Peskine
3fbc5d3cf2
Merge pull request #4815 from gilles-peskine-arm/generate_errors-multiline-3.0
Move MBEDTLS_ERR_xxx Doxygen comments before the definition
2021-08-03 13:46:21 +02:00
Gilles Peskine
cfb5d393ed
Merge pull request #4659 from spencer-burke/fixing_4222
Remove duplicated check in `check_config.h`
2021-08-03 12:53:34 +02:00
Gilles Peskine
d297157fe8 Move MBEDTLS_ERR_xxx Doxygen comments before the definition
Now that descriptions of error codes no longer have to be on the same line
for the sake of generate_errors.pl, move them to their own line before the
definition. This aligns them with what we do for other definitions, and
means that we no longer need to have very long lines containing both the C
definition and the comment.

```
perl -i -pe 's~^(#define +MBEDTLS_ERR_\w+ +-\w+) */\*[*!]<(.*)\*/~/**$2*/\n$1~' include/mbedtls/*.h
```

This commit does not change the output of generate_errors.pl.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-08-02 22:51:03 +02:00
Gilles Peskine
8bb9b80d18
Merge pull request #4806 from hanno-arm/ssl_session_serialization_version
Store TLS version in SSL session structure
2021-08-02 12:45:55 +02:00
Hanno Becker
57723135b3 Document temporary overlap of TLS version in SSL context and session
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-08-01 19:40:44 +01:00
Gilles Peskine
69813477b0
Merge pull request #4758 from paul-elliott-arm/fix_cipher_output_size
Fix divide by zero if macro used with wrong key type
2021-07-30 18:56:18 +02:00
Dave Rodgman
677c6c4cac
Merge pull request #4801 from hanno-arm/ssl_session_exported_private
Explicitly mark fields as private via MBEDTLS_PRIVATE(...)
2021-07-30 14:39:07 +01:00
Manuel Pégourié-Gonnard
b637150dfe
Merge pull request #4730 from TRodziewicz/finish_removing_tls_1.0_and_1.1
Remove all TLS 1.0 and 1.1 instances and add some compatibility tests
2021-07-27 09:42:53 +02:00
Hanno Becker
218dec824e Document that returning 0 from the recv callback means EOF
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-07-23 07:24:25 +01:00
Hanno Becker
fadbdbb576 Store TLS version in SSL session structure
Instances of `mbedtls_ssl_session` represent data enabling session resumption.

With the introduction of TLS 1.3, the format of this data changes. We therefore
need TLS-version field as part of `mbedtlsl_ssl_session` which allows distinguish
1.2 and 1.3 sessions.

This commit introduces such a TLS-version field to mbedtls_ssl_session.

The change has a few ramifications:

- Session serialization/deserialization routines need to be adjusted.

  This is achieved by adding the TLS-version after the header of
  Mbed TLS version+config, and by having the subsequent structure
  of the serialized data depend on the value of this field.

  The details are described in terms of the RFC 8446 presentation language.

  The 1.2 session (de)serialization are moved into static helper functions,
  while the top-level session (de)serialization only parses the Mbed TLS
  version+config header and the TLS-version field, and dispatches according
  to the found version.

  This way, it will be easy to add support for TLS 1.3 sessions in the future.

- Tests for session serialization need to be adjusted

- Once we add support for TLS 1.3, with runtime negotiation of 1.2 vs. 1.3,
  we will need to have some logic comparing the TLS version of the proposed session
  to the negotiated TLS version. For now, however, we only support TLS 1.2,
  and no such logic is needed. Instead, we just store the TLS version in the
  session structure at the same point when we populate mbedtls_ssl_context.minor_ver.

The change introduces some overlap between `mbedtls_ssl_session.minor_ver` and
`mbedtls_ssl_context.minor_ver`, which should be studied and potentially resolved.
However, with both fields being private and explicitly marked so, this can happen
in a later change.

Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-07-23 06:25:48 +01:00
Gilles Peskine
3b9bea0757
Merge pull request #4750 from yutotakano/fix-reserved-identifier-clash
Replace reserved identifier clashes with suitable replacements
2021-07-22 16:20:56 +02:00
Hanno Becker
0379942744 Explicitly mark mbedtls_ssl_config.respect_cli_pref as private
This was always intended to be explicitly marked private.

Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-07-22 11:37:05 +01:00
Hanno Becker
95832d8872 Explicitly mark mbedtls_ssl_session.exported as private
This was an oversight during concurrent merging
in the run-up to Mbed TLS 3.0.

Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-07-22 11:37:01 +01:00
Paul Elliott
6603e2b81c Add fix to update output size macro as well.
Same issue with zero block length applies here.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-07-14 12:39:54 +01:00
Paul Elliott
c22950c9d0 Change PSA Cipher macro safety to use block length
Although checking if the key was symmetric was correct, its easier to
read if we just check the block length is not zero before we use it in a
division.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-07-14 12:39:54 +01:00
Yuto Takano
538a0cbcf4 Replace _RR with prec_RR to prevent reserved identifier clashes
Signed-off-by: Yuto Takano <yuto.takano@arm.com>
2021-07-14 10:20:09 +01:00
Archana
ef6aa5c46d Support Curve448 via the PSA API
Enable Curve448 support
Add test vectors to evaluate
* RFC 7748
* a known-answer public key export test.
* a known-answer ECDH (X448) test.

Signed-off-by: Archana <archana.madhavan@silabs.com>
2021-07-12 08:07:14 +05:30
Paul Elliott
a02003babe Fix divide by zero if macro used with wrong key
If PSA_CIPHER_ENCRYPT_OUTPUT_SIZE was called on a non symmetric key,
then a divide by zero could happen, as PSA_CIPHER_BLOCK_LENGTH will
return 0 for such a key, and PSA_ROUND_UP_TO_MULTIPLE will divide by the
block length.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-07-07 17:24:46 +01:00
Dave Rodgman
1bc9e934e2 Manual updates to version information
This covers a few files that were missed by scripts/bump_version.sh

Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2021-07-01 09:26:12 +01:00
Dave Rodgman
9f5774f56d
Merge pull request #4739 from gabor-mezei-arm/3258_fp30_implement_one-shot_MAC_and_cipher
Implement one-shot cipher
2021-06-30 17:04:23 +01:00
Dave Rodgman
0a7ff4a4e2
Merge pull request #4741 from gabor-mezei-arm/3267_fp30_sign_verify_key_policies
Key policy extension for PSA_KEY_USAGE_SIGN/VERIFY_HASH
2021-06-30 14:50:57 +01:00