226aa15702
Make handshake hashing functions return int
...
There are three family of functions: update_checksum, calc_verify,
calc_finished, that perform hashing operations and were returning void
so far. This is not correct, as hashing functions can return errors (for
example, on hardware failure when accelerated). Change them to return
int.
This commit just changes the types: for now the functions always return
0, and their return value is not checked; this will be fixed in the
next few commits.
There is a related function in TLS 1.3,
mbedtls_ssl_reset_transcript_for_hrr, which also handles hashes, and
already returns int but does not correctly check for errors from hashing
functions so far, it will also be handled in the next few commits.
There's a special case with handshake_params_init: _init functions
should return void, so we'll need to split out the part that can return
errors, see the next commit.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com >
2023-02-21 15:39:12 +01:00
4938a566bf
refine ticket_flags printing helper
...
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com >
2023-01-16 11:28:49 +08:00
acecf9c95b
make ticket_flags param types consistent
...
When ticket_flags used as parameter, use unsigned int,
instead of uint8_t or mbedtls_ssl_tls13_ticket_flags.Also
remove the definition of mbedtls_ssl_tls13_ticket_flags.
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com >
2023-01-16 11:23:24 +08:00
ee455c01ce
move ticket_flags debug helpers
...
The debug helpers printing ticket_flags status are
moved to ssl_tls.c and ssl_debug_helpers.h.
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com >
2023-01-13 11:06:01 +08:00
449bd8303e
Switch to the new code style
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com >
2023-01-11 14:50:10 +01:00
28d4d43416
Merge pull request #6863 from valeriosetti/issue6830
...
Remove uses of mbedtls_ecp_curve_info in TLS (with USE_PSA)
2023-01-10 10:01:17 +01:00
cd0a565644
Merge pull request #6703 from yuhaoth/pr/tls13-misc-from-prototype
...
TLS 1.3: Upstream misc fix from prototype
2023-01-05 14:35:54 +01:00
67419f0e11
tls: fix + save code size when DEBUG_C is not enabled
...
Some PSA curves' symbols (PSA_WANT_) were not matching the corresponding
MBEDTLS_ECP_DP_. This was fixed together with the removal of extra code
when DEBUG_C is not enabled.
Signed-off-by: Valerio Setti <vsetti@baylibre.com >
2023-01-04 17:36:00 +01:00
18c9fed857
tls: remove dependency from mbedtls_ecp_curve functions
...
Signed-off-by: Valerio Setti <vsetti@baylibre.com >
2023-01-03 13:03:34 +01:00
c98624af3c
Merge pull request #6680 from valeriosetti/issue6599
...
Allow isolation of EC J-PAKE password when used in TLS
2022-12-14 11:04:33 +01:00
016f682796
tls: pake: small code refactoring for password setting functions
...
Signed-off-by: Valerio Setti <vsetti@baylibre.com >
2022-12-09 14:17:50 +01:00
0c2a738c23
fix various issues
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2022-12-09 09:51:20 +08:00
ddda050604
tls13: Upstream various fix in prototype
...
- Adjust max input_max_frag_len
- Guard transform_negotiate
- Adjust function position
- update comments
- fix wrong requirements
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2022-12-09 09:51:20 +08:00
2e19981e17
tls13: guards transform negotiate
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2022-12-09 09:51:20 +08:00
eb3f788b03
tls: pake: do not destroy password key in TLS
...
Signed-off-by: Valerio Setti <vsetti@baylibre.com >
2022-12-08 18:42:58 +01:00
ae7fe7ee53
tls: pake: avoid useless psa_pake_abort in setting opaque password
...
Signed-off-by: Valerio Setti <vsetti@baylibre.com >
2022-12-07 17:36:59 +01:00
70d1fa538a
tls: pake: fix missing return values check
...
Signed-off-by: Valerio Setti <vsetti@baylibre.com >
2022-12-07 16:20:27 +01:00
c689ed8633
tls: pake: minor adjustments
...
Signed-off-by: Valerio Setti <vsetti@baylibre.com >
2022-12-07 14:40:38 +01:00
90af1a10ab
Merge pull request #6734 from daverodgman/fix_test_dep_spelling
...
Fix spelling of test dependency
2022-12-07 09:06:29 +00:00
556e8a3219
Fix additional mis-spelling
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com >
2022-12-06 16:31:25 +00:00
6ee56aa18f
Add default values for conf->*early_data*
...
- early_data default to disable
- max_early_data_size default to built-in value
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2022-12-06 18:00:47 +08:00
39da9857df
remove limitation of max_early_data_size
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2022-12-06 16:58:36 +08:00
12c46bd14f
fix various issues
...
- disable reuse of max_early_data_size.
- make conf_early_data available for server.
- various comment issues
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2022-12-06 11:02:51 +08:00
757f359474
tls: pake: do not destroy key on errors while setting opaque password
...
Signed-off-by: Valerio Setti <vsetti@baylibre.com >
2022-12-02 11:07:11 +01:00
cc4e007ff6
Add max_early_data_size to mbedtls_ssl_config
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2022-12-01 23:11:48 +08:00
0944329036
tls: pake: add check for empty passwords in mbedtls_ssl_set_hs_ecjpake_password()
...
Signed-off-by: Valerio Setti <vsetti@baylibre.com >
2022-12-01 15:06:09 +01:00
a9a97dca63
psa_pake: add support for opaque password
...
Signed-off-by: Valerio Setti <vsetti@baylibre.com >
2022-11-28 18:26:16 +01:00
3d9b590f02
guards transform_earlydata
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2022-11-28 17:34:06 +08:00
ef25a99f20
Merge pull request #6533 from valeriosetti/issue5847
...
Use PSA EC-JPAKE in TLS (1.2) - Part 2
2022-11-23 13:27:30 +01:00
99d88c1ab4
tls: psa_pake: fix missing casting in mbedtls_psa_ecjpake_write_round
...
Signed-off-by: Valerio Setti <vsetti@baylibre.com >
2022-11-22 16:03:43 +01:00
d4a9b1ab8d
tls: psa_pake: remove useless defines and fix a comment
...
Signed-off-by: Valerio Setti <vsetti@baylibre.com >
2022-11-22 11:11:10 +01:00
79f6b6bb1b
tls: psa_pake: fixing mbedtls_psa_ecjpake_write_round()
...
It might happen that the psa_pake_output() function returns
elements which are not exactly 32 or 65 bytes as expected, but
1 bytes less.
As a consequence, insted of hardcoding the expected value for
the length in the output buffer, we write the correct one as
obtained from psa_pake_output()
Signed-off-by: Valerio Setti <vsetti@baylibre.com >
2022-11-21 14:17:03 +01:00
1fb3299ad7
Replace internal usage of is_handshake_over.
...
NEW_SESSION_TICKETS* are processed in handshake_step.
Change the stop condition from `mbedtls_ssl_is_handshake_over`
to directly check.
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2022-11-19 20:12:34 +08:00
5ed73ff6de
Add NEW_SESSION_TICKET* into handshake over states
...
All state list after HANDSHAKE_OVER as is_handshakeover
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2022-11-19 20:12:34 +08:00
6848a61922
Revert "Replace internal usage of mbedtls_ssl_is_handshake_over"
...
This reverts commit 1d3ed2975e7ef0d84050a3aece02eec1f890dec3.
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2022-11-19 20:12:34 +08:00
e219c11b4e
Replace internal usage of mbedtls_ssl_is_handshake_over
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2022-11-19 20:12:34 +08:00
61ea17d30a
tls: psa_pake: fix return values in parse functions
...
Ensure they all belong to the MBEDTLS_ERR_SSL_* group
Signed-off-by: Valerio Setti <vsetti@baylibre.com >
2022-11-18 12:11:00 +01:00
aca21b717c
tls: psa_pake: enforce not empty passwords
...
Signed-off-by: Valerio Setti <vsetti@baylibre.com >
2022-11-17 18:20:50 +01:00
819de86895
tls: removed extra white spaces and other minor fix
...
Signed-off-by: Valerio Setti <vsetti@baylibre.com >
2022-11-17 18:05:19 +01:00
6b3dab03b5
tls: psa_pake: use a single function for round one and two in key exchange read/write
...
Signed-off-by: Valerio Setti <vsetti@baylibre.com >
2022-11-17 17:14:54 +01:00
9bed8ec5d8
tls: psa_pake: make round two reading function symmatric to the writing one
...
Signed-off-by: Valerio Setti <vsetti@baylibre.com >
2022-11-17 16:36:19 +01:00
30ebe11f86
tls: psa_pake: add a check on read size on both rounds
...
Signed-off-by: Valerio Setti <vsetti@baylibre.com >
2022-11-17 16:35:02 +01:00
a08b1a40a0
tls: psa_pake: move move key exchange read/write functions to ssl_tls.c
...
Inlined functions might cause the compiled code to have different sizes
depending on the usage and this not acceptable in some cases.
Therefore read/write functions used in the initial key exchange are
moved to a standard C file.
Signed-off-by: Valerio Setti <vsetti@baylibre.com >
2022-11-17 16:34:59 +01:00
02c25b5f83
tls12: psa_pake: use common code for parsing/writing round one and round two data
...
Share a common parsing code for both server and client for parsing
round one and two.
Signed-off-by: Valerio Setti <vsetti@baylibre.com >
2022-11-16 13:56:12 +01:00
aeb8bf2ab0
Merge pull request #6170 from yuhaoth/pr/tls13-cleanup-extensions-parser
...
TLS 1.3: Add extension check for message parsers
2022-11-11 19:00:46 +00:00
97be6a913e
fix various issues
...
- typo error
- replace `ssl->hanshake` with handshake
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2022-11-09 22:43:31 +08:00
7de2ff0310
Refactor extension list print
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2022-11-08 23:51:39 +08:00
79aa721ade
Rename ext print function and macro
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2022-11-08 23:51:39 +08:00
b95dd3683b
Add missing mask set and tls13 unrecognized extension
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2022-11-08 23:51:38 +08:00
ea52ed91cf
fix typo and spell issues
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2022-11-08 21:01:17 +08:00
