8847 commits

Author	SHA1	Message	Date
XiaokangQian	cec9ae6259	Change the code places of CERTIFICATE_REQUEST ... Change-Id: I3aa293184fea4f960782675bdd520256c808bd4e Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-05-07 01:37:04 +00:00
XiaokangQian	45c22201b3	Update test cases and encrypted extension state set ... Change-Id: Ie1acd10b61cefa9414169b276a0c5c5ff2f9eb79 Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-05-07 01:37:04 +00:00
XiaokangQian	2f150e184f	Update status and add test cases for client certificate request ... Change-Id: If9b9672540d2b427496b7297aa484b8bcfeb75c5 Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-05-07 01:37:04 +00:00
XiaokangQian	1f1f1e3372	Temp change to align with client/server hello style ... Change-Id: I8befbbcb5d6f7fdb230022825dcb856e19d9bec0 Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-05-07 01:37:04 +00:00
XiaokangQian	9dc4450647	Fix commets issue about coding styles ... Change-Id: I930a062e137562e0b129b9b9b191e5c864f8104d Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-05-07 01:37:04 +00:00
XiaokangQian	eaf3651e31	Rebase and solve conflicts ... Change handshake_msg related functions Share the ssl_write_sig_alg_ext Change-Id: I3d342baac302aa1d87c6f3ef75d85c7dc030070c Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-05-07 01:37:04 +00:00
Xiaofei Bai	5ee73d84a9	Address review comments ... Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com>	2022-05-07 01:37:04 +00:00
Xiaofei Bai	9ca09d497f	Add writing CertificateRequest msg on server side ... Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com>	2022-05-07 01:37:04 +00:00
Ronald Cron	25b1f5d2b7	Merge pull request #5545 from xffbai/tls13-write-enc-ext ... TLS1.3: add writing encrypted extensions on server side.	2022-05-06 13:54:45 +02:00
Przemek Stekiel	c1e41bb2b5	rsa.c: remove redundant include of md.h ... rsa.c includes rsa.h that includes md.h Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-05-06 11:42:18 +02:00
Jerry Yu	ef2b98a246	fix coding style issues ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-05-06 16:40:05 +08:00
Jerry Yu	f86eb75c58	fix various issues ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-05-06 11:16:55 +08:00
Neil Armstrong	8ecd66884f	Keep raw PSK when set via mbedtls_ssl_conf_psk() and feed as input_bytes ... Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-05-05 14:01:49 +02:00
Jerry Yu	e110d258d9	Add set outbound transform ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-05-05 19:59:59 +08:00
Werner Lewis	e59a531455	Fix memcpy() UB in mbedtls_asn1_named_data() ... Removes a case in mbedtls_asn1_named_data() where memcpy() could be called with a null pointer and zero length. A test case is added for this code path, to catch the undefined behavior when running tests with UBSan. Signed-off-by: Werner Lewis <werner.lewis@arm.com>	2022-05-04 11:45:06 +01:00
Neil Armstrong	80f6f32495	Make mbedtls_ssl_psk_derive_premaster() only for when MBEDTLS_USE_PSA_CRYPTO is not selected ... Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-05-04 11:08:41 +02:00
Neil Armstrong	044a32c4c6	Remove mbedtls_ssl_get_psk() and it's usage when MBEDTLS_USE_PSA_CRYPTO is selected ... Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-05-04 11:08:41 +02:00
Neil Armstrong	cd05f0b9e5	Drop skip PMS generation for opaque XXX-PSK now Opaque PSA key is always present when MBEDTLS_USE_PSA_CRYPTO selected ... Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-05-04 11:08:41 +02:00
Neil Armstrong	e952a30d47	Remove RAW PSK when MBEDTLS_USE_PSA_CRYPTO is selected ... Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-05-04 11:08:41 +02:00
Neil Armstrong	61f237afb7	Remove PSA-only code dealing with non-opaque PSA key ... Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-05-04 11:08:41 +02:00
Neil Armstrong	501c93220d	Import PSK as opaque PSA key for mbedtls_ssl_conf_psk() & mbedtls_ssl_set_hs_psk() ... Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-05-04 11:08:41 +02:00
Neil Armstrong	b743d95051	Do not erase input key in psa_tls12_prf_psk_to_ms_set_key() ... When ALG_TLS12_PSK_TO_MS() is used, first derivation is correct but the following derivations output data is incorrect. This is because input key is erased in psa_tls12_prf_psk_to_ms_set_key() since commit 03faf5d2c1. Fixes: 03faf5d2c1 ("psa_tls12_prf_psk_to_ms_set_key: clear buffers after usage") Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-05-04 11:06:22 +02:00
Neil Armstrong	30beca35f1	Guard pk_opaque_rsa_decrypt() with PSA_WANT_KEY_TYPE_RSA_KEY_PAIR ... Then mbedtls_pk_error_from_psa_rsa() also needs to be guarded with PSA_WANT_KEY_TYPE_RSA_KEY_PAIR to be used by pk_opaque_rsa_decrypt() Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-05-04 11:02:37 +02:00
Jerry Yu	9da5e5a2f2	fix coding style issues ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-05-03 15:46:09 +08:00
Jerry Yu	de66d12afc	remove out couter reset ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-05-03 12:15:19 +08:00
Jerry Yu	39730a70cd	remove variable initial ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-05-03 12:14:04 +08:00
Jerry Yu	8937eb491a	fix various issues ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-05-03 12:12:14 +08:00
Neil Armstrong	6c26adc900	Do not make pk_opaque_rsa_decrypt() depend on MBEDTLS_RSA_C ... Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-05-02 14:43:04 +02:00
Neil Armstrong	1082818003	Implement PK Opaque RSA decrypt ... Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-05-02 09:14:58 +02:00
Manuel Pégourié-Gonnard	068a13d909	Merge pull request #5771 from superna9999/5761-rsa-decrypt-rework-pk-wrap-as-opaque ... RSA decrypt 0: Rework `mbedtls_pk_wrap_as_opaque()`	2022-05-02 09:06:49 +02:00
Manuel Pégourié-Gonnard	67397fa4fd	Merge pull request #5704 from mprse/mixed_psk_2cx ... Mixed PSK 2a, 2b, 2c: enable client/server support opaque RSA-PSK, ECDHE-PSK, DHE-PSK	2022-04-29 10:47:16 +02:00
Przemek Stekiel	169bf0b8b0	Fix comments (#endif flags) ... Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-04-29 07:53:29 +02:00
Neil Armstrong	a1fc18fa55	Change mbedtls_pk_wrap_as_opaque() signature to specify alg, usage and key_enrollment_algorithm ... Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-04-28 13:27:59 +02:00
Gilles Peskine	8855e36030	Merge pull request #5674 from superna9999/5668-abstract-tls-mode-cleanup ... Cipher cleanup: abstract TLS mode	2022-04-28 12:33:38 +02:00
Przemek Stekiel	8a4b7fd7c3	Optimize code ... Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-04-28 10:21:03 +02:00
Jerry Yu	ab452cc257	fix name issue ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-04-28 15:27:08 +08:00
Przemek Stekiel	8abcee9290	Fix typos ... Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-04-28 09:16:28 +02:00
Neil Armstrong	2230e6c06d	Simplify PSA transform->ivlen set in ssl_tls12_populate_transform() ... Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-04-27 10:36:14 +02:00
Neil Armstrong	3bf040ed70	Reorganize PSA/!PSA code in mbedtls_ssl_ticket_setup() ... Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-04-27 10:35:28 +02:00
Gilles Peskine	301711e96e	Simplify mbedtls_ssl_get_base_mode ... Reduce the amount of ifdef's by making the USE_PSA_CRYPTO and non-USE_PSA_CRYPTO definitions independent. No behavior change. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2022-04-27 10:28:55 +02:00
Gilles Peskine	e108d987ea	Simplify mbedtls_ssl_get_mode ... Reduce the imbrications between preprocessor directives and C instructions. Handle encrypt-then-mac separately. No behavior change. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2022-04-27 10:28:55 +02:00
Jerry Yu	4d3841a4d1	fix various issues ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-04-25 19:41:47 +08:00
Xiaofei Bai	cba64af50d	TLS1.3: add writing encrypted extensions ... Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com>	2022-04-25 19:41:47 +08:00
Ronald Cron	eecd0d2fc3	Merge pull request #5679 from yuhaoth/pr/add-tls13-write-server-hello	2022-04-25 09:28:40 +02:00
Jerry Yu	e65d801580	fix undeclare error ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-04-23 10:34:35 +08:00
Biswapriyo Nath	d7e0ee42b8	cmake: Fix runtime library install location in mingw ... This install DLLs in bin directory instead of lib. Signed-off-by: Biswapriyo Nath <nathbappai@gmail.com>	2022-04-22 20:59:50 +05:30
Biswapriyo Nath	0f2e87bdf5	cmake: Use GnuInstallDirs to customize install directories ... Replace custom LIB_INSTALL_DIR with standard CMAKE_INSTALL_LIBDIR variable. For backward compatibility, set CMAKE_INSTALL_LIBDIR if LIB_INSTALL_DIR is set. Signed-off-by: Biswapriyo Nath <nathbappai@gmail.com>	2022-04-22 20:59:28 +05:30
Gilles Peskine	2f8c2a5fc5	Merge pull request #5753 from tom-cosgrove-arm/fix-missing-prototypes-warnings-a64-sha256-sha512 ... Hide unnecessarily public functions in SHA-256 and SHA-512 A64 acceleration	2022-04-22 16:45:23 +02:00
Gilles Peskine	72b99edf31	Merge pull request #5381 from mpg/benchmark-ecc-heap ... Improve benchmarking of ECC heap usage	2022-04-22 16:43:11 +02:00
Jerry Yu	955ddd75a3	fix various issues ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-04-22 22:27:33 +08:00
Przemek Stekiel	99114f3084	Fix build flags for opaque/raw psk checks ... Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-04-22 14:54:34 +02:00
Przemek Stekiel	cb322eac6b	Enable support for psa opaque DHE-PSK key exchange on the server side ... Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-04-22 14:54:33 +02:00
Przemek Stekiel	b293aaa61b	Enable support for psa opaque DHE-PSK key exchange on the client side ... Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-04-22 14:54:33 +02:00
Przemek Stekiel	14d11b0877	Enable support for psa opaque ECDHE-PSK key exchange on the server side ... Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-04-22 14:53:55 +02:00
Przemek Stekiel	19b80f8151	Enable support for psa opaque ECDHE-PSK key exchange on the client side ... Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-04-22 14:52:28 +02:00
Przemek Stekiel	51a1f36be0	setup_psa_key_derivation(): change salt parameter to other_secret ... Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-04-22 14:52:28 +02:00
Przemek Stekiel	aeb710fec5	Enable support for psa opaque RSA-PSK key exchange on the server side ... Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-04-22 14:52:28 +02:00
Przemek Stekiel	f2534ba69b	tls12_client: skip PMS generation for opaque RSA-PSK ... Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-04-22 14:52:27 +02:00
Przemek Stekiel	c2033409e3	Add support for psa rsa-psk key exchange ... Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-04-22 14:52:27 +02:00
Przemek Stekiel	ae4ed30435	Fix naming: random bytes are the seed (not salt) in derivation process ... Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-04-22 14:52:27 +02:00
Przemek Stekiel	1f02703e53	setup_psa_key_derivation(): add optional salt parameter ... Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-04-22 14:52:27 +02:00
Manuel Pégourié-Gonnard	55132c6a9a	Merge pull request #5703 from superna9999/5322-ecdh-remove-legacy-context ... TLS ECDH 4: remove legacy context	2022-04-22 14:27:06 +02:00
Neil Armstrong	76b7407bd7	Use MBEDTLS_SSL_SOME_SUITES_USE_CBC_ETM to enable ssl_write_encrypt_then_mac_ext() ... Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-04-22 14:25:59 +02:00
Neil Armstrong	f2c82f0a3b	Introduce MBEDTLS_SSL_SOME_SUITES_USE_CBC_ETM macro to determine if Encrypt-then-MAC with CBC is used in a ciphersuite ... Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-04-22 14:25:59 +02:00
Neil Armstrong	ccc074e44d	Use correct condition to use encrypt_then_mac in ssl_tls.c ... Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-04-22 14:25:59 +02:00
Neil Armstrong	d1be7674a4	Use PSA_BLOCK_CIPHER_BLOCK_LENGTH instead of PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE in ssl_tls12_populate_transform() ... Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-04-22 14:25:59 +02:00
Neil Armstrong	6b27c97a91	Rename mbedtls_get_mode() to mbedtls_ssl_get_mode() ... Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-04-22 14:25:59 +02:00
Neil Armstrong	ab555e0a6c	Rename mbedtls_get_mode_from_XXX to mbedtls_ssl_get_mode_from_XXX ... Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-04-22 14:25:59 +02:00
Neil Armstrong	858581e81a	Remove cipher_info in mbedtls_ssl_ticket_setup() when USE_PSA_CRYPTO is defined ... Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-04-22 14:25:59 +02:00
Neil Armstrong	a0eeb7f470	Remove cipher_info in ssl_tls12_populate_transform() when USE_PSA_CRYPTO is defined ... Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-04-22 14:25:59 +02:00
Neil Armstrong	7fea33ea4d	Use mbedtls_get_mode_from_ciphersuite() in ssl_tls12_populate_transform() ... Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-04-22 14:25:59 +02:00
Neil Armstrong	fe635e42c9	Use mbedtls_get_mode_from_ciphersuite() in server-side ssl_write_encrypt_then_mac_ext() ... Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-04-22 14:25:59 +02:00
Neil Armstrong	4bf4c8675f	Introduce mbedtls_get_mode_from_ciphersuite() by reusing mbedtls_get_mode_from_transform() logic ... Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-04-22 14:25:59 +02:00
Neil Armstrong	136f8409df	Replace PSA/Cipher logic with mbedtls_get_mode_from_transform() ... Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-04-22 14:25:26 +02:00
Neil Armstrong	8a0f3e8cf0	Introduce mbedtls_ssl_mode_t & mbedtls_get_mode_from_transform() ... Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-04-22 14:25:26 +02:00
Jerry Yu	a09f5e98ef	fix build fail ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-04-22 16:46:03 +08:00
Jerry Yu	cfc04b3541	Update comments in write server hello ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-04-22 16:45:02 +08:00
Jerry Yu	e74e04af1a	Rename write supported_versions ext ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-04-22 16:45:02 +08:00
Jerry Yu	d9436a1baa	remove guards for write_key_share ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-04-22 16:45:02 +08:00
Jerry Yu	57d4841eda	fix write key_share issues ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-04-22 16:45:02 +08:00
Jerry Yu	637a3f1090	fix various issues ... typo issue, variable `ret` init value and remove finalize_server_hello Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-04-22 16:45:01 +08:00
Jerry Yu	1c3e688df1	fix comments issues ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-04-22 16:45:01 +08:00
Jerry Yu	349a61388b	fix write selected_version fail ... And rename write_supported_versions to write selected_version Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-04-22 16:45:01 +08:00
Jerry Yu	fb9f54db8c	fix comments issue ... Co-authored-by: Ronald Cron <ronald.cron@arm.com> Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-04-22 16:45:01 +08:00
Jerry Yu	89e103c54c	tls13: Share write ecdh_key_exchange function ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-04-22 16:45:01 +08:00
Jerry Yu	3bf2c6449d	tls13: write server hello compile pass ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-04-22 16:45:01 +08:00
Jerry Yu	56404d70c4	tls13:server:Add finalize write_server_hello and dummy body ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-04-22 16:45:01 +08:00
Jerry Yu	f4b27e4351	tls13:server:Add prepare write_server_hello ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-04-22 16:45:01 +08:00
Jerry Yu	5b64ae9bad	tls13:server:Add base framework for serverhello ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-04-22 16:45:01 +08:00
Ronald Cron	38b8aa4f63	Merge pull request #5539 from xkqian/add_client_hello_to_server ... Add client hello into server side	2022-04-22 10:26:00 +02:00
XiaokangQian	e8ff350698	Update code to align with tls13 coding standard ... Change-Id: I3c98b7d0db63aecc712a67f4e8da2cb9945c8f17 Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-04-22 02:34:40 +00:00
Manuel Pégourié-Gonnard	70701e39b5	Merge pull request #5726 from mprse/mixed_psk_1_v2 ... Mixed PSK 1: Extend PSK-to-MS algorithm in PSA (v.2)	2022-04-21 17:11:52 +02:00
Manuel Pégourié-Gonnard	90c70146b5	Merge pull request #5728 from superna9999/5711-pk-opaque-rsa-pss-sign ... RSA-PSS sign 1: PK	2022-04-21 17:11:18 +02:00
XiaokangQian	4d3a60475c	Change default config version to development style ... Change-Id: I9c1088f235524211e727d03b96de8d82e60bd426 Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-04-21 13:46:17 +00:00
XiaokangQian	4e8cd7b903	Remove useless selected_group ... Change-Id: I5fb76b5bf4b22d0231c17314783781f9e7c309a3 Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-04-21 13:30:18 +00:00
Neil Armstrong	13e76be02b	Reorganize & simplify mbedtls_pk_sign_ext() handling of wrapped RSA-PSS ... Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-04-21 12:08:52 +02:00
Przemek Stekiel	4e47a91d2e	Fix indentation issues ... Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-04-21 11:53:57 +02:00
Przemek Stekiel	03faf5d2c1	psa_tls12_prf_psk_to_ms_set_key: clear buffers after usage ... Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-04-21 11:53:57 +02:00
Przemek Stekiel	937b90febf	Add null check for pms allocation ... Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-04-21 11:53:57 +02:00
Przemek Stekiel	e47201b34a	rename: psa_tls12_prf_set_other_key->psa_tls12_prf_psk_to_ms_set_other_key and adapt code ... Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-04-21 11:53:57 +02:00
Przemek Stekiel	2503f7e4cb	Handle empty other secret when passed with input bytes ... Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-04-21 11:53:57 +02:00
XiaokangQian	060d867598	Update parse_key_share in server side and version config ... Change-Id: Ic91c061027d0ee4dca2055df21809cbb4388f3ef Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-04-21 09:24:56 +00:00
XiaokangQian	0a1b54ed73	Minor change the place of some functions ... Change-Id: I2626e68cf837d8ca4086cb35a8482cee315cde97 Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-04-21 03:01:38 +00:00
XiaokangQian	75d40ef8cb	Refine code base on review ... Remove useless hrr code Share validate_cipher_suit between client and server Fix test failure when tls13 only in server side Change-Id: I5d6a7932bd8448ebf542bc86cdcab8862bc28e9b Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-04-20 11:05:24 +00:00
XiaokangQian	318dc763a6	Fix test failure issue and update code styles ... Change-Id: I0b08da1b083abdb19dc383e6f4b210f66659c109 Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-04-20 09:43:51 +00:00
XiaokangQian	de33391fa0	Rebase and solve conflicts ... Change-Id: I7f838ff5b607fe5e6b68d74d0edc1def8fc9a744 Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-04-20 08:49:42 +00:00
XiaokangQian	0803755347	Update code base on review comments ... Refine named_group parsing Refine cipher_suites parsing Remove hrr related part Share code between client and server side Some code style changes Change-Id: Ia9ffd5ef9c0b64325f633241e0ea1669049fe33a Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-04-20 07:50:14 +00:00
XiaokangQian	17f974c63e	Re-order the ciphersuite matching code in parse_client_hello ... Change-Id: I16d11bca42993d4abc2a1b19fa087366c591927c Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-04-20 07:45:50 +00:00
XiaokangQian	84823779ce	Only store the first group in ssl_tls13_parse_supported_groups_ext() ... Change-Id: I4427149aeb6eb453150e522e4c7b11187e2e3825 Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-04-20 07:45:50 +00:00
XiaokangQian	3f84d5d0cd	Update test cases and fix the test failure ... Change-Id: If93506fc3764d49836b229d51e4ad5b008cc3343 Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-04-20 07:45:50 +00:00
XiaokangQian	b67384d05c	Fix coding style and comments styles ... Change-Id: Ifa37a3288fbb6b5206fc0640fa11fa36cb3189ff Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-04-20 07:45:50 +00:00
XiaokangQian	f8ceb94fe7	Fix the parse_sig_alg_ext fail issue ... Change-Id: Ib31e0929c5b6868ab6c3023b20472321fc07ba3c Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-04-20 07:45:50 +00:00
XiaokangQian	8f9dfe41c0	Fix comments about coding styles and test cases ... Change-Id: I70ebc05e9dd9fa084d7b0ce724a25464c3425e22 Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-04-20 07:45:50 +00:00
XiaokangQian	cfd925f3e8	Fix comments and remove hrr related code ... Change-Id: Iab1fc5415b3b7f7b5bcb0a41a01f4234cc3497d6 Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-04-20 07:45:50 +00:00
XiaokangQian	ed582dd023	Update based on comments ... Remove cookie support from server side Change code to align with coding styles Re-order functions of client_hello Change-Id: If31509ece402f8276e6cac37f261e0b166d05e18 Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-04-20 07:43:48 +00:00
XiaokangQian	4080a7f687	Change code style and some share functions ... Change variables and functions name style Refine supported_version Refine client hello parse Change-Id: Iabc1db51e791588f999c60db464326e2bdf7b2c4 Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-04-20 07:43:48 +00:00
XiaokangQian	9b5d04b078	Share parse_key_share() between client and server ... Change-Id: I3fd2604296dc0e1e8380f5405429a6b0feb6e981 Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-04-20 07:43:48 +00:00
XiaokangQian	c4b8c99a38	Rebase and solve conflicts and issues ... Change-Id: I17246c5b2f8a8ec4989c8b0b83b55cad0491b78a Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-04-20 07:43:48 +00:00
XiaokangQian	8840888fbc	Fix some CI issues ... Change-Id: I68ee024f29b7b8dd586f2c45e91950657e76bad8 Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-04-20 07:43:48 +00:00
XiaokangQian	c5763b5efd	Change some code style ... Change-Id: I67bb642e81693489345867ca87d7e9daa22f83ea Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-04-20 07:43:48 +00:00
XiaokangQian	3207a32b1e	Fix unused parameter issue and not defined cookie issue ... Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-04-20 07:43:48 +00:00
XiaokangQian	7ac3ab3404	Add hello retry request count for server ... Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-04-20 07:43:48 +00:00
XiaokangQian	a9c58419f2	Fix compile and test issues ... Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-04-20 07:43:48 +00:00
XiaokangQian	7807f9f5c9	Add client hello into server side ... Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-04-20 07:43:48 +00:00
Ronald Cron	fd8cbda3ec	Remove ECDH code specific to TLS 1.3 ... ECDH operations in TLS 1.3 are now done through PSA. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-04-19 18:31:24 +02:00
Ronald Cron	fd6193c285	ssl_tls13_client: Add downgrade attack protection ... Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-04-19 18:31:24 +02:00
Ronald Cron	217d699d85	Fix Doxygen marks ... Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-04-19 18:28:51 +02:00
Paul Elliott	a2da9c7e45	Merge pull request #5631 from gstrauss/enum-tls-vers ... Unify internal/external TLS protocol version enums	2022-04-19 17:05:26 +01:00
Tom Cosgrove	c144ca6473	Hide unnecessarily public functions in SHA-256 and SHA-512 A64 acceleration ... Fixes #5752 Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>	2022-04-19 13:52:24 +01:00
Hanno Becker	606cb1626f	Add comment explaining structure of UMAAL assembly ... Signed-off-by: Hanno Becker <hanno.becker@arm.com>	2022-04-17 06:59:33 +01:00
Hanno Becker	d46d96cc3f	Add 2-fold unrolled assembly for umaal based multiplication ... Signed-off-by: Hanno Becker <hanno.becker@arm.com>	2022-04-17 06:19:55 +01:00
Hanno Becker	63eb28c728	Use separate counters for 8-fold and single multiplication steps ... Compilers are likely to generate shorter assembly for loops of the form `while( cnt-- ) { ... }` rather than `for( ; count >= X; count -= X ) { ... }`. (E.g. the latter needs a subtract+compare+branch after each loop, while the former only needs decrement+branch). Signed-off-by: Hanno Becker <hanno.becker@arm.com>	2022-04-17 06:16:03 +01:00
Hanno Becker	eacf3b9eb4	Simplify organization of inline assembly for bignum ... Signed-off-by: Hanno Becker <hanno.becker@arm.com>	2022-04-17 06:16:03 +01:00
Gilles Peskine	09dc05b880	Merge pull request #5635 from gilles-peskine-arm/psa-test-op-fail ... PSA: systematically test operation failure	2022-04-15 10:52:47 +02:00
Manuel Pégourié-Gonnard	63ed7cbf36	Merge pull request #5701 from hanno-arm/mpi_mul_hlp ... Make size of output in mpi_mul_hlp() explicit	2022-04-15 10:09:06 +02:00
Glenn Strauss	8315811ea7	Remove restrictive proto ver negotiation checks ... Overly restrictive protocol version negotiation checks might be "version intolerant". TLS 1.3 and DTLS 1.3 move the version to the "supported_versions" ClientHello extension. Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>	2022-04-14 15:40:14 -04:00
Glenn Strauss	bbdc83b55b	Use mbedtls_ssl_protocol_version in public structs ... Use mbedtls_ssl_protocol_version in public structs, even when doing so results in a binary-incompatible change to the public structure (PR feedback from @ronald-cron-arm) Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>	2022-04-14 15:40:14 -04:00
Glenn Strauss	cd78df6aa4	handshake->min_minor_ver to ->min_tls_version ... Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>	2022-04-14 15:40:14 -04:00
Glenn Strauss	041a37635b	Remove some tls_ver < MBEDTLS_SSL_VERSION_TLS1_2 checks ... mbedtls no longer supports earlier TLS protocol versions Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>	2022-04-14 15:40:14 -04:00
Glenn Strauss	e3af4cb72a	mbedtls_ssl_(read|write)_version using tls_version ... remove use of MBEDTLS_SSL_MINOR_VERSION_* remove use of MBEDTLS_SSL_MAJOR_VERSION_* (only remaining use is in tests/suites/test_suite_ssl.data) Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>	2022-04-14 15:40:14 -04:00
Glenn Strauss	60bfe60d0f	mbedtls_ssl_ciphersuite_t min_tls_version,max_tls_version ... Store the TLS version in tls_version instead of major, minor version num Note: existing application use which accesses the struct member (using MBEDTLS_PRIVATE) is not compatible, as the struct is now smaller. Reduce size of mbedtls_ssl_ciphersuite_t members are defined using integral types instead of enums in order to pack structure and reduce memory usage by internal ciphersuite_definitions[] Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>	2022-04-14 15:40:12 -04:00
Glenn Strauss	2dfcea2b9d	mbedtls_ssl_config min_tls_version, max_tls_version ... Store the TLS version in tls_version instead of major, minor version num Note: existing application use which accesses the struct member (using MBEDTLS_PRIVATE) is not compatible on little-endian platforms, but is compatible on big-endian platforms. For systems supporting only TLSv1.2, the underlying values are the same (=> 3). New setter functions are more type-safe, taking argument as enum mbedtls_ssl_protocol_version: mbedtls_ssl_conf_max_tls_version() mbedtls_ssl_conf_min_tls_version() Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>	2022-04-14 15:39:43 -04:00
Glenn Strauss	da7851c825	Rename mbedtls_ssl_session minor_ver to tls_version ... Store the TLS version instead of minor version number in tls_version. Note: struct member size changed from unsigned char to uint16_t Due to standard structure padding, the structure size does not change unless alignment is 1-byte (instead of 2-byte or more) Note: existing application use which accesses the struct member (using MBEDTLS_PRIVATE) is compatible on little-endian platforms, but not compatible on big-endian platforms. The enum values for the lower byte of MBEDTLS_SSL_VERSION_TLS1_2 and of MBEDTLS_SSL_VERSION_TLS1_3 matches MBEDTLS_SSL_MINOR_VERSION_3 and MBEDTLS_SSL_MINOR_VERSION_4, respectively. Note: care has been taken to preserve serialized session format, which uses only the lower byte of the TLS version. Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>	2022-04-14 15:23:57 -04:00
Glenn Strauss	07c641605e	Rename mbedtls_ssl_transform minor_ver to tls_version ... Store the TLS version in tls_version instead of minor version number. Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>	2022-04-14 15:23:54 -04:00
Glenn Strauss	dff84620a0	Unify internal/external TLS protocol version enums ... Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>	2022-04-14 13:45:20 -04:00
Hanno Becker	3577131bb4	Reintroduce trimming of input in mbedtls_mpi_mul_int() ... Removing the trimming has significant memory impact. While it is clearly what we want to do eventually for constant-time'ness, it should be fixed alongside a strategy to contain the ramifications on memory usage. Signed-off-by: Hanno Becker <hanno.becker@arm.com>	2022-04-14 11:52:11 +01:00
Neil Armstrong	769dc05597	Remove bad dependency on MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED for ecdh_ctx guard ... Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-04-14 09:56:24 +02:00
Neil Armstrong	282750215c	Remove PSA only code from non-PSA code block code in ssl_write_client_key_exchange() ... Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-04-13 15:05:11 +02:00
Neil Armstrong	11d4945248	Simplify compile-time PSA/non-PSA ECDH(E) code in ssl_write_client_key_exchange() ... Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-04-13 15:03:43 +02:00
Neil Armstrong	1f198d8dee	Simplify by moving ssl_check_server_ecdh_params in the ECDHE non-PSA compile-time block ... Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-04-13 15:02:30 +02:00