560ef5975c
Merge pull request #5613 from mprse/tls_ecdh_2a
...
TLS ECDH 2a: server-side ECDHE-ECDSA and ECDHE-RSA (1.2)
2022-03-17 09:29:41 +01:00
dd482bfd6a
Modify own_pubkey_max_len calculation
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com >
2022-03-16 11:43:22 +01:00
a4e15cc0d5
Fix comment: add fields size
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com >
2022-03-16 11:32:42 +01:00
855938e17d
Move mbedtls_ecdh_setup() to no-psa path
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com >
2022-03-16 11:29:29 +01:00
338b61d6e4
Fix code style
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com >
2022-03-16 11:24:09 +01:00
ce1d792315
Remove duplicated code
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com >
2022-03-14 16:16:25 +01:00
fc91a1f030
Use PSA for private key generation and public key export only for ECDHE keys
...
This should be cleaned when server-side static ECDH (1.2) support is added (#5320 ).
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com >
2022-03-14 12:05:27 +01:00
a21af3da00
Use mbedtls_psa_parse_tls_ecc_group() instead PSA_KEY_TYPE_ECC_KEY_PAIR( mbedtls_ecc_group_to_psa() )
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com >
2022-03-14 10:09:13 +01:00
0a60c129de
Add intermediate variables to increase code readability
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com >
2022-03-14 09:54:51 +01:00
e9f00445bc
Destroy ecdh_psa_privkey on failure
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com >
2022-03-14 09:42:32 +01:00
130c4b5567
Use PSA version of key agreement only for ECDHE keys
...
This should be cleaned when server-side static ECDH (1.2) support is added (#5320 ).
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com >
2022-03-14 09:18:24 +01:00
fd32e9609b
ssl_parse_client_key_exchange(): read the curve identifier and the peer's public key and compute the shared secret using PSA
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com >
2022-03-09 16:01:59 +01:00
b6ce0b6cd8
ssl_prepare_server_key_exchange(): generate a private/public key and write out the curve identifier and public key using PSA
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com >
2022-03-09 16:01:50 +01:00
6989407261
Add accessor to retrieve SNI during handshake
...
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com >
2022-02-25 19:55:53 -05:00
2ed95279c0
Add server certificate selection callback
...
https://github.com/ARMmbed/mbedtls/issues/5430
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com >
2022-02-25 17:31:49 -05:00
e754193e87
Remove guard inside ssl_srv.c
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2022-02-21 09:06:00 +08:00
fb4b6478ee
tls13_only: improve guards of files.
...
To improve readability of the preprocess guards.
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2022-02-21 09:06:00 +08:00
c5aef88be6
tls13_only: guard ssl_{cli,srv}.c with TLS1_2
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2022-02-21 09:06:00 +08:00
c3091b1c8c
tls13_only: compile pass
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2022-02-21 09:06:00 +08:00
8c010eb467
Fix comments, code style, remove debug code
...
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com >
2022-02-03 14:55:24 +01:00
2c87a200a3
ssl_write_encrypt_then_mac_ext(): adapt to psa crypto
...
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com >
2022-01-31 15:39:24 +01:00
971988528d
fix coding style issues
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2022-01-25 12:46:17 +08:00
eb821c6916
remove check_sig_hash
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2022-01-25 12:46:17 +08:00
24811fb2e0
replace check_sig_hash with is_offered
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2022-01-25 12:46:17 +08:00
1bab301c0d
Add signature algorithm supported check
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2022-01-25 12:46:17 +08:00
713013fa80
fix various issues
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2022-01-25 12:46:17 +08:00
6106fdc085
fix build fail without TLS13
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2022-01-25 12:46:17 +08:00
1abd1bc22f
Change write_sig_alg_ext of tls12
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2022-01-25 12:46:17 +08:00
0e5bcb6bf5
Replace directly access for sig_hashes
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2022-01-25 12:46:16 +08:00
18cd43909b
Align signature_algorithms extension name
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2022-01-25 12:46:16 +08:00
d491ea4f18
fix comment issue
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2022-01-13 16:15:25 +08:00
b925f21806
fix comment issues
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2022-01-12 11:17:02 +08:00
ffef9c52d4
fix alignment issue
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2021-12-24 22:31:08 +08:00
b47d0f893e
Replace SUPPORTED_ELLIPTIC_CURVES with SUPPORTED_GROUPS
...
According to RFC7919 and RFC8442 , they are same.
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2021-12-20 17:38:50 +08:00
69a63426af
psa: Fix the size of hash buffers
...
Fix the size of hash buffers for PSA hash
operations.
Signed-off-by: Ronald Cron <ronald.cron@arm.com >
2021-12-03 18:55:33 +01:00
be7b21da22
Merge branch 'development' into 3649_move_constant_time_functions_into_separate_module
2021-11-24 10:44:13 +01:00
01f3dae3f3
Refactor elliptic curve extension for NamedGroups
...
The refactoring is needed for the group api to work
properly. Code is modified to use mbedtls_get_supported_groups
instead of direct access so that both deprecated and new api
are useable.
Signed-off-by: Brett Warren <brett.warren@arm.com >
2021-10-29 14:07:46 +01:00
22c9a6fccc
Rename internal header constant_time.h to constant_time_internal.h
...
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com >
2021-10-20 12:15:20 +02:00
90437e3762
Rename constant-time functions to have mbedtls_ct prefix
...
Rename functions to better suite with the module name.
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com >
2021-10-20 11:59:27 +02:00
765862c4f3
Move mbedtls_cf_memcmp to a new public header
...
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com >
2021-10-19 12:22:25 +02:00
d96a5c2d86
Fix wrong usage of counter len macro
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2021-09-29 17:46:51 +08:00
9cb55698aa
Propagate usage of mask generation functions
...
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com >
2021-09-28 16:42:19 +02:00
4602564d7a
Unify memcmp functions
...
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com >
2021-09-28 16:33:47 +02:00
db9a38c672
Move contatnt-time memcmp functions to the contant-time module
...
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com >
2021-09-28 16:16:14 +02:00
d9a94fe3d0
Add counter length macro
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2021-09-28 20:10:26 +08:00
957f0fa1f7
Add length macro for in_ctr
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2021-09-27 16:34:58 +08:00
94180e708f
Minor coding style improvement
...
Signed-off-by: Joe Subbiani <joe.subbiani@arm.com >
2021-08-20 16:20:44 +01:00
e4603eece9
Compress byte reading macros in if statements
...
exchange MBEDTLS_BYTE_x in if statements with MBEDTLS_GET_UINT16_BE
Signed-off-by: Joe Subbiani <joe.subbiani@arm.com >
2021-08-20 13:05:30 +01:00
1f6c3aeb63
Tidy up ssl_*.c grouped MBEDTLS_BYTE_x macros
...
exchange groups of the byte reading macros with MBEDTLS_PUT_UINTxyz
and then shift the pointer afterwards. Easier to read as you can
see how big the data is that you are putting in, and in the case of
UINT32 AND UINT64 it saves some vertical space.
Signed-off-by: Joe Subbiani <joe.subbiani@arm.com >
2021-08-20 12:19:57 +01:00
6dd7364553
Replace instances of byte reading macros with PUT
...
Instances of a group of byte reading macros which are equivilant to
MBEDTLS_PUT_UINTx_yz
Signed-off-by: Joe Subbiani <joe.subbiani@arm.com >
2021-08-19 09:57:41 +01:00
