Commit graph

19498 commits

Author SHA1 Message Date
Paul Elliott
02758a51df Add tls CID tests
Add tests to test tls coneection id functionality, including the new
'own cid' accessor.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2022-03-31 19:21:41 +01:00
Paul Elliott
0113cf1022 Add accessor for own cid to ssl context
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2022-03-31 19:21:41 +01:00
Ronald Cron
cbd7bfd30e ssl-opt.sh: Force TLS 1.2 on server for TLS 1.2 specific tests
Force TLS 1.2 on OpenSSL/GnuTLS server
for TLS 1.2 specific tests.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-31 18:25:27 +02:00
Ronald Cron
634d865d80 ssl-opt.sh: Fix "no TLS 1.3 server support" test check
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-31 18:25:27 +02:00
Ronald Cron
11218dda96 ssl_client.c: Fix unused parameter
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-31 18:25:27 +02:00
Ronald Cron
bdb4f58cea Add and update documentation of some minor version fields
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-31 18:24:59 +02:00
Paul Elliott
ff59a34606 Prevent free of uninitialised variables
In an error case it was possible for mbedtls_mpi variables to be free'd
uninitialised.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2022-03-31 17:14:13 +01:00
Ronald Cron
82c785fac3 Make handshake::min_minor_ver client only
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-31 15:44:41 +02:00
Dave Rodgman
017a19997a Update references to old Github organisation
Replace references to ARMmbed organisation with the new
org, Mbed-TLS, following project migration.

Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2022-03-31 14:43:16 +01:00
Neil Armstrong
91477a7964 Switch handshake->ecdh_bits to size_t and remove now useless cast & limit checks
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-03-31 15:24:18 +02:00
Neil Armstrong
98f6f78a70 Update mbedtls_pk_wrap_as_opaque() documentation for ECDH derivation usage
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-03-31 15:24:18 +02:00
Neil Armstrong
b7b549aa71 Force server-side TLS1.2 for ECDH- Opaque PK key test
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-03-31 15:24:18 +02:00
Neil Armstrong
1335222f13 Return translated PSA error in PSA version of ssl_get_ecdh_params_from_cert()
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-03-31 15:24:18 +02:00
Neil Armstrong
f788253ed3 Fix comment typo in PSA version of ssl_get_ecdh_params_from_cert()
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-03-31 15:24:17 +02:00
Neil Armstrong
023bf8d7c2 Add ECDH- Opaque PK key test
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-03-31 15:24:17 +02:00
Neil Armstrong
80325d00cf Allow ECDSA PK Opaque keys for ECDH Derivation
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-03-31 15:24:17 +02:00
Neil Armstrong
104a7c1d29 Handle Opaque PK EC keys in ssl_get_ecdh_params_from_cert()
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-03-31 15:24:17 +02:00
Neil Armstrong
8113d25d1e Add ecdh_psa_shared_key flag to protect PSA privkey if imported
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-03-31 15:24:17 +02:00
Neil Armstrong
5cd5f76d67 Use mbedtls_platform_zeroize() in ssl_get_ecdh_params_from_cert()
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-03-31 15:23:12 +02:00
Neil Armstrong
4f33fbc7e9 Use PSA define for max EC key pair size in ssl_get_ecdh_params_from_cert()
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-03-31 15:23:12 +02:00
Neil Armstrong
306d6074b3 Fix indentation issue in PSA version of ssl_get_ecdh_params_from_cert()
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-03-31 15:23:12 +02:00
Neil Armstrong
062de7dd79 Use PSA_BITS_TO_BYTES instead of open-coded calculation in PSA version of ssl_get_ecdh_params_from_cert()
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-03-31 15:23:12 +02:00
Neil Armstrong
1f4b39621b Implement PSA server-side ECDH-RSA/ECDSA
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-03-31 15:23:12 +02:00
Ronald Cron
6476726ce4 Fix comments
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-31 14:13:57 +02:00
Ronald Cron
a980adf4ce
Merge pull request #5637 from ronald-cron-arm/version-negotiation-1
TLS 1.2/1.3 version negotiation - 1
2022-03-31 11:47:16 +02:00
Ronald Cron
ba120bb228 ssl_tls13_client.c: Fix ciphersuite final validation
As we may offer ciphersuites not compatible with
TLS 1.3 in the ClientHello check that the selected
one is compatible with TLS 1.3.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-31 09:35:33 +02:00
Ronald Cron
8fdad9e534 ssl_tls12_client.c: Remove duplicate of ciphersuite validation
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-31 09:35:33 +02:00
Ronald Cron
757a2abfe2 ssl_client.c: Extend and export ciphersuite validation function
Extend and export ciphersuite validation function
to be able to use it in TLS 1.2/3 specific code.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-31 09:35:33 +02:00
Ronald Cron
f735cf1f0f ssl_tls.c: Fix ciphersuite selection regarding protocol version
Use the actual minimum and maximum of the minor
version to be negotiated to filter ciphersuites
to propose rather than the ones from the
configuration.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-31 09:35:33 +02:00
Ronald Cron
9847338429 ssl_tls13_client.c: Add check in supported_versions parsing
Add check in ServerHello supported_versions parsing
that the length of the extension data is exactly
two.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-31 09:33:41 +02:00
Ronald Cron
1fa4f6863b ssl_tls.c: Return in error if default config fails
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-31 09:27:35 +02:00
Ronald Cron
a77fc2756e ssl_tls13_client.c: versions ext writing : Fix available space check
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-31 09:27:35 +02:00
Ronald Cron
37bdaab64f tls: Simplify the logic of the config version check and test it
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-31 09:26:58 +02:00
Ronald Cron
3cffc5ccb1 tls: Remove unnecessary checks of MBEDTLS_CIPHERSUITE_NODTLS
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-30 21:59:44 +02:00
Ronald Cron
150d579d7a ssl_client.c: Improve coding style
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-30 21:58:50 +02:00
Neil Armstrong
e451295179 Remove md_info in ssl_tls12_populate_transform() when USE_PSA_CRYPTO is defined
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-03-30 16:41:12 +02:00
Neil Armstrong
253e9e7e6d Use mbedtls_rsa_info directly in rsa_verify_wrap()
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-03-30 16:39:07 +02:00
Neil Armstrong
ea54dbe7c2 Fix comment typo in rsa_verify_wrap()
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-03-30 16:39:07 +02:00
Neil Armstrong
19e6bc4c9f Use new PSA to mbedtls PK error mapping functions in rsa_verify_wrap()
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-03-30 16:39:07 +02:00
Neil Armstrong
8a44bb47ac Handle INVALID_SIGNATURE instead of INVALID_PADDING in rsa_verify_wrap()
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-03-30 16:39:07 +02:00
Neil Armstrong
82cf804e34 Fix 80 characters indentation in rsa_verify_wrap()
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-03-30 16:39:07 +02:00
Neil Armstrong
6baea78072 Use now shared RSA_PUB_DER_MAX_BYTES define in pk_wrap.c
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-03-30 16:39:07 +02:00
Neil Armstrong
a33280af6c Check psa_destroy_key() return in rsa_verify_wrap()
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-03-30 16:39:07 +02:00
Neil Armstrong
059a80c212 Map INVALID_PADDING from PSA to MbedTLS error in rsa_verify_wrap()
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-03-30 16:39:07 +02:00
Neil Armstrong
52f41f8228 PK: RSA verification PSA wrap implementation
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-03-30 16:39:07 +02:00
Neil Armstrong
56d51274d8 Initialize PSA crypto in test_suite_pk for RSA verify tests
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-03-30 16:39:07 +02:00
Ronald Cron
da41b38c42 Improve and fix comments
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-30 14:10:03 +02:00
Manuel Pégourié-Gonnard
3304f253d7
Merge pull request #5653 from paul-elliott-arm/handshake_over
Add mbedtls_ssl_is_handshake_over()
2022-03-30 12:16:40 +02:00
Gabor Mezei
e42d8bf83b
Add macro guard for header file
Some of the macros are used by the test data files and must be moved
before the macros guard.

Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-03-30 11:33:06 +02:00
Manuel Pégourié-Gonnard
abed05f335
Merge pull request #5652 from arturallmann/issue-commit
Fix comment typo in threading.c
2022-03-30 10:01:24 +02:00