2b5d3ded1f
remove remaining occurencies of mbedtls_ecc_group_to_psa() from TLS
...
Signed-off-by: Valerio Setti <vsetti@baylibre.com >
2023-01-09 11:04:52 +01:00
40d9ca907b
tls: remove useless legacy function
...
Signed-off-by: Valerio Setti <vsetti@baylibre.com >
2023-01-04 16:08:04 +01:00
18c9fed857
tls: remove dependency from mbedtls_ecp_curve functions
...
Signed-off-by: Valerio Setti <vsetti@baylibre.com >
2023-01-03 13:03:34 +01:00
4064a82802
Merge pull request #5600 from yuhaoth/pr/refactor-cookie-members-of-handshake
...
Refactor cookie members of handshake
2022-12-14 10:55:34 +01:00
ed4f59eec3
Fix another typo where 'PSK' was 'PKS'
...
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com >
2022-12-05 12:07:50 +00:00
e01304f6d8
fix type conversion issue
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2022-12-05 19:58:46 +08:00
ac5ca5a0ea
Refactor cookie members of handshake struct
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2022-12-05 19:58:45 +08:00
1797b05602
Fix typos prior to release
...
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com >
2022-12-04 17:19:59 +00:00
ffc330fafa
Merge pull request #6264 from hannestschofenig/rfc9146_2
...
CID update to RFC 9146
2022-11-29 09:25:14 +01:00
ef25a99f20
Merge pull request #6533 from valeriosetti/issue5847
...
Use PSA EC-JPAKE in TLS (1.2) - Part 2
2022-11-23 13:27:30 +01:00
5151bdf46e
tls: psa_pake: add missing braces
...
Signed-off-by: Valerio Setti <vsetti@baylibre.com >
2022-11-21 14:30:02 +01:00
61ea17d30a
tls: psa_pake: fix return values in parse functions
...
Ensure they all belong to the MBEDTLS_ERR_SSL_* group
Signed-off-by: Valerio Setti <vsetti@baylibre.com >
2022-11-18 12:11:00 +01:00
6b3dab03b5
tls: psa_pake: use a single function for round one and two in key exchange read/write
...
Signed-off-by: Valerio Setti <vsetti@baylibre.com >
2022-11-17 17:14:54 +01:00
9bed8ec5d8
tls: psa_pake: make round two reading function symmatric to the writing one
...
Signed-off-by: Valerio Setti <vsetti@baylibre.com >
2022-11-17 16:36:19 +01:00
a08b1a40a0
tls: psa_pake: move move key exchange read/write functions to ssl_tls.c
...
Inlined functions might cause the compiled code to have different sizes
depending on the usage and this not acceptable in some cases.
Therefore read/write functions used in the initial key exchange are
moved to a standard C file.
Signed-off-by: Valerio Setti <vsetti@baylibre.com >
2022-11-17 16:34:59 +01:00
ec71b0937f
Introduce a test for single signature algorithm correctness
...
The value of the first sent signature algorithm is overwritten.
This test forces only a single algorithm to be sent and then
validates that the client received such algorithm.
04 03 is the expected value for SECP256R1_SHA256.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com >
2022-11-17 14:58:14 +00:00
02c25b5f83
tls12: psa_pake: use common code for parsing/writing round one and round two data
...
Share a common parsing code for both server and client for parsing
round one and two.
Signed-off-by: Valerio Setti <vsetti@baylibre.com >
2022-11-16 13:56:12 +01:00
d384b64dd2
Merge branch 'development' into rfc9146_2
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com >
2022-11-14 17:43:15 +00:00
ca7d506556
Use PSA PAKE API when MBEDTLS_USE_PSA_CRYPTO is selected
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com >
Signed-off-by: Valerio Setti <vsetti@baylibre.com >
2022-11-08 10:58:45 +01:00
a4b4041219
Shared code to free x509 structs
...
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com >
2022-10-28 12:51:35 -04:00
88f5fd9099
Merge pull request #6479 from AndrzejKurek/depends-py-no-psa
...
Enable running depends.py in a configuration without MBEDTLS_USE_PSA_CRYPTO and remove perl dependency scripts
2022-10-26 20:02:57 +02:00
744fd37d23
Merge pull request #6467 from davidhorstmann-arm/fix-unusual-macros-0
...
Fix unusual macros
2022-10-25 19:55:29 +02:00
468c50656e
Fix key exchange dependencies for ssl_parse_server_ecdh_params
...
Resulting from particular configs in which this code is used.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com >
2022-10-24 15:55:18 -04:00
d29e13eb1b
tls: Use the same function in TLS 1.2 and 1.3 to check PSK conf
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com >
2022-10-21 14:34:20 +02:00
b21bbef061
Refactor macro-spanning if in ssl_tls12_client.c
...
Signed-off-by: David Horstmann <david.horstmann@arm.com >
2022-10-06 18:00:51 +01:00
945b23c46f
Include platform.h unconditionally: automatic part
...
We used to include platform.h only when MBEDTLS_PLATFORM_C was enabled, and
to define ad hoc replacements for mbedtls_xxx functions on a case-by-case
basis when MBEDTLS_PLATFORM_C was disabled. The only reason for this
complication was to allow building individual source modules without copying
platform.h. This is not something we support or recommend anymore, so get
rid of the complication: include platform.h unconditionally.
There should be no change in behavior since just including the header should
not change the behavior of a program.
This commit replaces most occurrences of conditional inclusion of
platform.h, using the following code:
```
perl -i -0777 -pe 's!#if.*\n#include "mbedtls/platform.h"\n(#else.*\n(#define (mbedtls|MBEDTLS)_.*\n|#include <(stdarg|stddef|stdio|stdlib|string|time)\.h>\n)*)?#endif.*!#include "mbedtls/platform.h"!mg' $(git grep -l '#include "mbedtls/platform.h"')
```
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com >
2022-09-15 20:33:07 +02:00
fd6cca4448
CID update to RFC 9146
...
The DTLS 1.2 CID specification has been published as RFC 9146. This PR updates the implementation to match the RFC content.
Signed-off-by: Hannes Tschofenig <hannes.tschofenig@arm.com >
2022-09-07 17:15:05 +02:00
40afdd2791
Make use of MBEDTLS_MAX_HASH_SIZE macro
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com >
2022-09-06 14:18:45 +02:00
0ce592169e
Use hash_info_get_size in ssl_tls12_client
...
This way the code does not rely on the MBEDTLS_MD_C define
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com >
2022-08-22 17:46:50 -04:00
953ce3962f
Merge pull request #5971 from yuhaoth/pr/add-rsa-pss-rsae-for-tls12
...
Add rsa pss rsae for tls12
2022-08-09 10:21:45 +01:00
27036c9e28
Merge pull request #6142 from tom-cosgrove-arm/fix-comments-in-docs-and-comments
...
Fix a/an typos in doxygen and other comments
2022-07-29 12:59:05 +01:00
c3bf748dc7
fix vertical alignment
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2022-07-29 10:27:17 +08:00
95b743ca17
Rename get_pk_type_and_md_alg
...
The function is for both tls12 and tls13 now.
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2022-07-28 23:08:00 +08:00
693a47ab1d
add rsa_pss_rsae_* support in tls12
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2022-07-28 23:08:00 +08:00
ce7f18c00b
Fix a/an typos in doxygen and other comments
...
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com >
2022-07-28 05:50:56 +01:00
20f89a9605
Remove uses of SSL compression
...
Remove or modify current uses of session compression.
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com >
2022-07-26 16:13:03 +01:00
a357cf4d4c
Rename new_session_ticket state
...
Both client and server side use
`MBEDTLS_SSL_NEW_SESSION_TICKET` now
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2022-07-20 11:07:29 +08:00
ce7d76e2ee
Merge remote-tracking branch 'mbedtls-restricted/development-restricted' into mbedtls-3.2.0rc0-pr
2022-07-11 10:22:37 +02:00
6e80e09bd1
Merge pull request #5915 from AndrzejKurek/cid-resumption-clash
...
Fix DTLS 1.2 session resumption
2022-07-06 15:03:36 +01:00
21b50808cd
Clarify the need for calling mbedtls_ssl_derive_keys after extension parsing
...
Use a more straightforward condition to note that session resumption
is happening.
Co-authored-by: Ronald Cron <ronald.cron@arm.com >
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com >
2022-07-06 03:26:55 -04:00
bd10c4e2af
Test accessors to config DN hints for cert request
...
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com >
2022-06-29 02:54:28 -04:00
a3115dc0e6
Mark static int SSL functions CHECK_RETURN_CRITICAL
...
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com >
2022-06-20 21:12:52 +02:00
66b0d61718
Add comments when can_do() is safe to use
...
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com >
2022-06-20 21:12:29 +02:00
7cf872557a
Rearrange the session resumption code
...
Previously, the transforms were populated before extension
parsing, which resulted in the client rejecting a server
hello that contained a connection ID.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com >
2022-06-14 08:26:19 -04:00
8b0ecbccf4
Redo of PR#5345. Fixed spelling and typographical errors found by CodeSpell.
...
Signed-off-by: Shaun Case <warmsocks@gmail.com >
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com >
2022-05-11 21:25:51 +01:00
8ecd66884f
Keep raw PSK when set via mbedtls_ssl_conf_psk() and feed as input_bytes
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com >
2022-05-05 14:01:49 +02:00
80f6f32495
Make mbedtls_ssl_psk_derive_premaster() only for when MBEDTLS_USE_PSA_CRYPTO is not selected
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com >
2022-05-04 11:08:41 +02:00
cd05f0b9e5
Drop skip PMS generation for opaque XXX-PSK now Opaque PSA key is always present when MBEDTLS_USE_PSA_CRYPTO selected
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com >
2022-05-04 11:08:41 +02:00
e952a30d47
Remove RAW PSK when MBEDTLS_USE_PSA_CRYPTO is selected
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com >
2022-05-04 11:08:41 +02:00
61f237afb7
Remove PSA-only code dealing with non-opaque PSA key
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com >
2022-05-04 11:08:41 +02:00
