Commit graph

19220 commits

Author SHA1 Message Date
Neil Armstrong
e451295179 Remove md_info in ssl_tls12_populate_transform() when USE_PSA_CRYPTO is defined
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-03-30 16:41:12 +02:00
Paul Elliott
571f1187b6
Merge pull request #5642 from mprse/ecp_export
Add ECP keypair export function
2022-03-29 17:19:04 +01:00
Dave Rodgman
1c41501949
Merge pull request #5632 from tom-cosgrove-arm/seclib-667-sha512-acceleration-mbedtls-internal
SECLIB-667: Accelerate SHA-512 with A64 crypto extensions
2022-03-29 15:34:12 +01:00
Ronald Cron
63d97ad0bb
Merge pull request #5559 from yuhaoth/pr/add-rsae-sha384-sha512
Add rsae sha384 sha512
2022-03-29 14:01:51 +02:00
Jerry Yu
d73d0a327a remove unnecessary condition
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-03-29 16:37:51 +08:00
Manuel Pégourié-Gonnard
39f2f73e69
Merge pull request #5630 from ronald-cron-arm/restore-full-compat-testing
Restore full TLS compatibility testing
2022-03-28 18:31:17 +02:00
Ronald Cron
e44d8e7eea
Merge pull request #5369 from xkqian/add_2nd_client_hello
Add 2nd client hello
2022-03-28 12:18:41 +02:00
XiaokangQian
5c252620c5 Move MAC-ALL to self._ciphs in ssl-opt.sh
Change-Id: I60d29560f8937a0001ab4a30086bac255fc4b1eb
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-03-28 08:53:45 +00:00
Przemek Stekiel
6a478ef054 mbedtls_ecp_group_cmp: change names of parameters to more suitable
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-03-28 07:25:12 +02:00
Przemek Stekiel
ab5274bb19 Remove parameters validation using ECP_VALIDATE_RET
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-03-28 07:23:08 +02:00
Przemek Stekiel
2076cbe511 Add function name to changelog
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-03-28 07:22:11 +02:00
XiaokangQian
2e17fb8c93 Change code base on comments
Add all of the group pairs for hrr cases
Re-order some parameters

Change-Id: Id7e131d1ed4279bbd586613800df7bd87dfa4c54
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-03-28 03:30:05 +00:00
Ronald Cron
fb39f15fa1 ssl_tls.c: Use ETM status only in CBC mode case
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-25 16:50:18 +01:00
Ronald Cron
862902dd57 ssl_srv.c: Mark ETM as disabled if cipher is not CBC
Encrypt-Then-Mac (ETM) is supported in Mbed TLS TLS
1.2 server only for the CBC cipher mode thus make it
clear in the SSL context.

The previous code was ok as long as the check of
the ETM status was done only in the case of the CBC
cipher mode but fragile as #5573 revealed.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-25 16:50:18 +01:00
Ronald Cron
618955d381 compat.sh: Fix check for OpenSSL support
If OpenSSL does not support a mode (tls12 or
dtls12 or tls13) just skip the tests involving
OpenSSL.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-25 16:50:18 +01:00
Ronald Cron
2c74ff629d compat.sh: Restore full TLS compatibility testing
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-25 16:50:18 +01:00
XiaokangQian
a1931448f0 Update hrr test cases generation code without change class
Change-Id: I38f620213bf5349d33ecad080538294633f85566
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-03-25 11:58:22 +00:00
XiaokangQian
eff93f947d Rebase code to latest and solve conflicts
Change-Id: Id89af63e5d63347f6365c87b2aed419cc31fe0d4
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-03-25 10:47:55 +00:00
XiaokangQian
8031ba7fbf Update code base on comments
Change run title
Remove dedicate ciphersuite and sig alg
Update test cases

Change-Id: Ic0e9adf56062e744f7bafbc6bb562baeaafd89f0
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-03-25 09:27:53 +00:00
Manuel Pégourié-Gonnard
cefa904759
Merge pull request #5622 from paul-elliott-arm/timing_delay_accessor
Accessor for mbedtls_timing_delay_context final delay
2022-03-25 09:14:41 +01:00
XiaokangQian
83f818811e Update test cases in tls13-compat.sh
Change-Id: I5e080b3343492dd80ede1305f95d4b5b98cd44a3
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-03-25 08:12:35 +00:00
XiaokangQian
68a87e4606 Remove the option r in generate_tls13_compat_tests.py
Integrate two options into one
Use one dedicate cipher suite TLS_AES_256_GCM_SHA384
Use on dedicate signature algorithm ecdsa_secp384r1_sha384

Change-Id: Icbe39b985e1942edc4b1e37ce3352eed4f316ab7
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-03-25 08:09:29 +00:00
XiaokangQian
20438976f9 Change comments and styles base on review
Change-Id: Idde76114aba0a47b61355677dd33ea9de7deee9d
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-03-25 08:09:29 +00:00
XiaokangQian
af56fd3b9d Disable some reported warnings in pylint
Change-Id: Ia01e4a425f8b8d83be53d02885cf8ae4cbb20c98
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-03-25 08:08:01 +00:00
XiaokangQian
b9cd73f640 Fix errors from pylint
Change-Id: I6cbbf8a0b0acedf651fada6ab54fa03dc4ad9cf5
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-03-25 08:06:57 +00:00
XiaokangQian
7069cbc8d5 generate all tls13 hrr test cases for compatible mode
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-03-25 08:06:08 +00:00
XiaokangQian
c02768a399 Replace ssl->handshake with handshake in write_cookie_ext()
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-03-25 07:50:56 +00:00
XiaokangQian
9b93c0dd8d Change cookie parameters for dtls and tls 1.3
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-03-25 07:50:56 +00:00
XiaokangQian
25c9c9023c Refine cookie len to fix compile issues
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-03-25 07:50:56 +00:00
XiaokangQian
9deb90f74e Change parameter names and code style
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-03-25 07:50:56 +00:00
XiaokangQian
5e3c947841 Fix right-shift data loss issue with MBEDTLS_PUT_UINT16_BE in cookie
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-03-25 07:50:56 +00:00
XiaokangQian
233397ef88 Update code base on comments
Remove state MBEDTLS_SSL_CLIENT_CCS_AFTER_CLIENT_HELLO cause no early data
Change code styles and comments
Fix cookie write issues

Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-03-25 07:50:56 +00:00
XiaokangQian
0b64eedba8 Add cookies write in client hello
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-03-25 07:50:56 +00:00
XiaokangQian
8372e18080 Add 2nd client hello
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-03-25 07:50:56 +00:00
Ronald Cron
90045241e7
Merge pull request #5659 from yuhaoth/pr/fix-wrong-check-certificate-verify
TLS1.3: Fix incorrect check for certificate verify
2022-03-25 08:35:41 +01:00
Jerry Yu
6c6f10265d fix various issues
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-03-25 11:09:50 +08:00
Paul Elliott
42d5e51a98 Make test function name more accurate
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2022-03-24 19:41:28 +00:00
Jerry Yu
72d81e56b6 Add cert_sig_algs into offered list
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-03-24 22:13:57 +08:00
Jerry Yu
7de79850c9 Add cert_sig_algs for compat generate script
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-03-24 20:09:00 +08:00
Jerry Yu
bd1b3278b1 Remove useless code
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-03-24 13:07:28 +08:00
Jerry Yu
e6e73d63ec fix comments issue
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-03-24 13:07:28 +08:00
Tom Cosgrove
226aca195f Fix running of all.sh on macOS
Was getting 'dd: unknown operand status'

Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2022-03-23 21:40:56 +00:00
Tom Cosgrove
b7f5b97650 Minor changes to sha256.c to bring it in line with sha512.c
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2022-03-23 21:40:56 +00:00
Tom Cosgrove
87fbfb5d82 SECLIB-667: Accelerate SHA-512 with A64 crypto extensions
Provide an additional pair of #defines, MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT
and MBEDTLS_SHA512_USE_A64_CRYPTO_ONLY. At most one of them may be
specified. If used, it is necessary to compile with -march=armv8.2-a+sha3.

The MBEDTLS_SHA512_PROCESS_ALT and MBEDTLS_SHA512_ALT mechanisms
continue to work, and are mutually exclusive with SHA512_USE_A64_CRYPTO.

There should be minimal code size impact if no A64_CRYPTO option is set.

The SHA-512 implementation was originally written by Simon Tatham for PuTTY,
under the MIT licence; dual-licensed as Apache 2 with his kind permission.

Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2022-03-23 21:40:53 +00:00
Jerry Yu
e26acee896 Refactor guards for sig algs
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-03-23 21:01:33 +08:00
Jerry Yu
f8aa9a44aa fix various issues
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-03-23 20:54:38 +08:00
Manuel Pégourié-Gonnard
5e4bf95d09
Merge pull request #5602 from superna9999/5174-md-hmac-dtls-cookies
MD: HMAC in DTLS cookies
2022-03-23 13:05:24 +01:00
Jerry Yu
8c3388620d create sig_alg decode function
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-03-23 13:34:04 +08:00
Jerry Yu
0c23fc39c3 fix various guards issues
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-03-23 12:20:01 +08:00
Jerry Yu
7533982f68 guard pk_error_from_psa_ecdsa with USE_PSA_CRYPTO
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-03-23 12:06:31 +08:00