e3a2dd787e
Merge pull request #5521 from AndrzejKurek/rsa-pss-use-psa
...
Make RSA-PSS verification use PSA with MBEDTLS_USE_PSA_CRYPTO
2022-02-21 16:58:57 +01:00
4fded1359a
Use PSA_INIT()
...
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com >
2022-02-21 15:47:24 +01:00
d860e0f18b
Add comment
...
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com >
2022-02-21 15:46:39 +01:00
0e7c6f4961
Check return value of psa_destroy_key
...
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com >
2022-02-21 15:46:39 +01:00
26c6741c58
Add better name for variable.
...
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com >
2022-02-21 15:46:39 +01:00
320d21cecf
Update documentation
...
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com >
2022-02-21 15:46:39 +01:00
c5efb8e58b
Use PSA error code
...
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com >
2022-02-21 15:46:38 +01:00
5d7d201b87
Update test
...
Testing the hash length in this context is not applicable because there is no way
to specify it when calling mbedtls_psa_hkdf_extract.
Change to test invalid `alg` parameter.
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com >
2022-02-21 15:46:33 +01:00
ebc9368173
typo
...
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com >
2022-02-21 15:44:51 +01:00
298a2d6109
Use ASSERT_ALLOC
...
Change the calloc functions to ASSERT_ALLOC to check the
return value of calloc as well.
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com >
2022-02-21 15:43:52 +01:00
89c1a95f8f
Delete leftover code
...
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com >
2022-02-21 15:42:59 +01:00
b1f53976ee
Add documentation for mbedtls_psa_hkdf_extract
...
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com >
2022-02-21 15:42:59 +01:00
62bf024025
Make the mbedtls_psa_hkdf_extract function more PSA compatible
...
Change the return value to `psa_status_t`.
Add `prk_size` and `prk_len` parameters.
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com >
2022-02-21 15:42:57 +01:00
73cb6f54de
Add tests for mbedtls_psa_hkdf_extrct
...
The tests are based on the the test of mbedtls_hkdf_extract.
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com >
2022-02-21 15:41:42 +01:00
9f4bb319c9
Implement HKDF extract in TLS 1.3 based on PSA HMAC
...
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com >
2022-02-21 15:23:29 +01:00
57bf02bd58
ssl_conf_{min,max}_version documentation: update for 1.3 and improve
...
Mention that TLS 1.3 is supported, in addition to (D)TLS 1.2.
Improve and clarify the documentation. In particular, emphasise that the
minor version numbers are the internal numbers which are off by one from the
human numbers.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com >
2022-02-21 15:14:02 +01:00
ce4f00de69
Reference get_version_number from the conf_xxx_version documentation
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com >
2022-02-21 15:14:02 +01:00
d44e050339
get_version_number documentation: explicitly mention VERSION_UNKNOWN
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com >
2022-02-21 15:14:02 +01:00
860429f8af
Add version number debug check to the GnuTLS interop test as well
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com >
2022-02-21 15:14:02 +01:00
9cb08822a1
Minor clarification
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com >
2022-02-21 15:14:02 +01:00
ded2a42ac1
Use a union instead of casts
...
Same intended semantics, no casts.
Limitation: this doesn't work on architectures where
sizeof(uintptr_t) < sizeof(void*), which is somewhat weird but possible if
pointers contain redundant information.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com >
2022-02-21 15:14:02 +01:00
1e265d2e68
Fix swapped documentation of set_user_data_{n,p}
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com >
2022-02-21 15:14:02 +01:00
49d7ddf7f3
Serializing a context does not save the user data
...
The user data is typically a pointer to a data structure or a handle which
may no longer be valid after the session is restored. If the user data needs
to be preserved, let the application do it. This way, it is a conscious
decision for the application to save/restore either the pointer/handle
itself or the object it refers to.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com >
2022-02-21 15:14:01 +01:00
80dae04f24
Make user_data fields private
...
Add accessor functions.
Add unit tests for the accessor functions.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com >
2022-02-21 15:14:01 +01:00
66971f8ab1
Add prototype for automatically generated debug helper
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com >
2022-02-21 15:14:01 +01:00
c63a1e0e15
Fix mbedtls_ssl_get_version() for TLSv1.3
...
Test it in ssl-opt.sh.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com >
2022-02-21 15:14:01 +01:00
1255b0de98
Positive unit testing for SSL context version functions
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com >
2022-02-21 15:14:01 +01:00
e1a0c25f71
New function to access the TLS version from a context as an enum
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com >
2022-02-21 15:14:01 +01:00
915896f03c
Add accessor function from mbedtls_ssl_context to the configuration
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com >
2022-02-21 15:14:01 +01:00
69477b5706
Add a field for application data to TLS structures
...
In structure types that are passed to user callbacks, add a field that the
library won't ever care about. The application can use this field to either
identify an instance of the structure with a handle, or store a pointer to
extra data.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com >
2022-02-21 15:14:01 +01:00
b9987fc344
Handle MBEDTLS_SHA256_USE_A64_* on Windows on ARM64 too
...
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com >
2022-02-21 12:26:11 +00:00
436b72690d
Merge pull request #5362 from yuhaoth/pr/enable-tls13-only-build
...
TLS1.3:Enable tls13 only build
2022-02-21 11:22:37 +00:00
4901978308
Modifies data files to match new test function name
...
This commit alters the relevant .data files
such that the new function name change of check_iv
to iv_len_validity is relfected there.
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com >
2022-02-21 09:57:51 +00:00
f3ebd90a1c
SECLIB-667: Accelerate SHA-256 with A64 crypto extensions
...
Provide an additional pair of #defines, MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT
and MBEDTLS_SHA256_USE_A64_CRYPTO_ONLY. At most one of them may be
specified. If used, it is necessary to compile with -march=armv8-a+crypto.
The MBEDTLS_SHA256_PROCESS_ALT and MBEDTLS_SHA256_ALT mechanisms
continue to work, and are mutually exclusive with A64_CRYPTO.
There should be minimal code size impact if no A64_CRYPTO option is set.
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com >
2022-02-21 08:37:26 +00:00
9b545c04f7
Merge pull request #5520 from gabor-mezei-arm/5402_implement_hkdf_expand_based_on_psa_hmac
...
HKDF 1b: Implement Expand in TLS 1.3 based on PSA HMAC
2022-02-21 09:30:31 +01:00
f1b23caa4e
move wrong comments
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2022-02-21 09:06:01 +08:00
18621dfd23
remove extra empty line
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2022-02-21 09:06:01 +08:00
50f2f703a7
remove extra guards
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2022-02-21 09:06:01 +08:00
840fbb2817
guards populate_transform reference
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2022-02-21 09:06:01 +08:00
4f9e3efbeb
move session_save/load_tls12
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2022-02-21 09:06:01 +08:00
d9d91da7c7
move sig_hash_*
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2022-02-21 09:06:01 +08:00
ee40f9d4b3
move get_key_exchange_md_tls12
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2022-02-21 09:06:01 +08:00
9bccc4c63f
move populate_transform
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2022-02-21 09:06:01 +08:00
e93ffcd2c7
move tls_prf_get_type
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2022-02-21 09:06:01 +08:00
392112c058
move tls12prf_from_cs
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2022-02-21 09:06:01 +08:00
0b3d7c1ea1
move parse_finished
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2022-02-21 09:06:01 +08:00
3c8e47bbbf
move write_finished
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2022-02-21 09:06:01 +08:00
2a9fff571d
move wrapup
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2022-02-21 09:06:01 +08:00
aef0015ba0
move wrapup_free_hs_transform
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2022-02-21 09:06:01 +08:00
b7ba49ef74
move calc_finished_tls_sha384
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2022-02-21 09:06:01 +08:00
