66b0d61718
Add comments when can_do() is safe to use
...
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com >
2022-06-20 21:12:29 +02:00
75fe8c7e54
Change place of ssl_tls13_check_ephemeral_key_exchange
...
Change-Id: Id49172f7375e2a0771ad1216fb7eead808f0db3e
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com >
2022-06-15 09:42:45 +00:00
129aeb9b0e
Update test cases and support sni ca override
...
Change-Id: I6052acde0b0ec1c25537f8dd81a35562da05a393
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com >
2022-06-02 09:29:18 +00:00
f2a942073e
Fix SNI test failure
...
Change-Id: Id3fce36af9bc52cac858b473168451945aa974f4
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com >
2022-05-30 08:07:16 +00:00
9b2b7716b0
Change mbedtls_ssl_parse_server_name_ext base on comments
...
Change-Id: I4ae831925cb1899afafb7dc626bfad9be24a5c8c
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com >
2022-05-30 08:07:16 +00:00
40a3523eb7
Add support of server name extension to server side
...
Change-Id: Iccf5017e306ba6ead2e1026a29f397ead084cc4d
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com >
2022-05-30 08:07:16 +00:00
8395d7a37d
Change guard of mbedtls_ssl_cipher_to_psa() with USE_PSA_CRYPTO || SSL_PROTO_TLS1_3
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com >
2022-05-18 13:24:34 +02:00
9edf51d8cd
Merge pull request #5785 from gabor-mezei-arm/5460_unify_parsing_sig_alg_ext
...
Unify parsing of the signature algorithms extension in TLS 1.2 and TLS 1.3
CI ABI API check job failure is expected as the PR do some changes in ssl_misc.h.
@RcColes if you eventually want to request some changes, they can be done in a follow-up PR.
2022-05-17 17:01:55 +02:00
696956da24
Typo
...
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com >
2022-05-13 17:02:19 +02:00
5c65c5781f
Fix additional misspellings found by codespell
...
Remaining hits seem to be hex data, certificates,
and other miscellaneous exceptions.
List generated by running codespell -w -L
keypair,Keypair,KeyPair,keyPair,ciph,nd
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com >
2022-05-11 21:25:54 +01:00
8b0ecbccf4
Redo of PR#5345. Fixed spelling and typographical errors found by CodeSpell.
...
Signed-off-by: Shaun Case <warmsocks@gmail.com >
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com >
2022-05-11 21:25:51 +01:00
c1051b62aa
Remove MBEDTLS_SSL_SIG_ALG_SET macro
...
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com >
2022-05-11 14:29:19 +02:00
3631cf693a
Rename signiture algorithm macros to better suite with TLS 1.2
...
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com >
2022-05-11 14:29:19 +02:00
a3d016ce41
Rename and rewrite mbedtls_ssl_sig_hash_set_find function
...
Rename `mbedtls_ssl_sig_hash_set_find` function to a suitable name
and rewrite to operate TLS signature algorithm identifiers.
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com >
2022-05-11 14:29:18 +02:00
15b95a6c52
Use common macro for the invalid signiture algorithm botn in TLS 1.2 and 1.3
...
Introduce a new macro MBEDTLS_TLS_SIG_NONE for invalid signiture algorithm.
It is intended to use in common code of TLS 1.2 and 1.3.
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com >
2022-05-11 14:29:18 +02:00
078e803d2c
Unify parsing of the signature algorithms extension
...
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com >
2022-05-11 14:29:08 +02:00
9bbb7bacae
Merge pull request #5791 from superna9999/5788-unify-non-opaque-and-opaque-psks
...
Unify non-opaque and opaque PSKs
2022-05-09 10:15:16 +02:00
aad9b0a286
Update code base on comments
...
Change-Id: Ibc5043154515d2801565a2b99741dfda1344211c
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com >
2022-05-09 01:11:21 +00:00
eaf3651e31
Rebase and solve conflicts
...
Change handshake_msg related functions
Share the ssl_write_sig_alg_ext
Change-Id: I3d342baac302aa1d87c6f3ef75d85c7dc030070c
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com >
2022-05-07 01:37:04 +00:00
8ecd66884f
Keep raw PSK when set via mbedtls_ssl_conf_psk() and feed as input_bytes
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com >
2022-05-05 14:01:49 +02:00
80f6f32495
Make mbedtls_ssl_psk_derive_premaster() only for when MBEDTLS_USE_PSA_CRYPTO is not selected
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com >
2022-05-04 11:08:41 +02:00
044a32c4c6
Remove mbedtls_ssl_get_psk() and it's usage when MBEDTLS_USE_PSA_CRYPTO is selected
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com >
2022-05-04 11:08:41 +02:00
e952a30d47
Remove RAW PSK when MBEDTLS_USE_PSA_CRYPTO is selected
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com >
2022-05-04 11:08:41 +02:00
501c93220d
Import PSK as opaque PSA key for mbedtls_ssl_conf_psk() & mbedtls_ssl_set_hs_psk()
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com >
2022-05-04 11:08:41 +02:00
67397fa4fd
Merge pull request #5704 from mprse/mixed_psk_2cx
...
Mixed PSK 2a, 2b, 2c: enable client/server support opaque RSA-PSK, ECDHE-PSK, DHE-PSK
2022-04-29 10:47:16 +02:00
169bf0b8b0
Fix comments (#endif flags)
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com >
2022-04-29 07:53:29 +02:00
8855e36030
Merge pull request #5674 from superna9999/5668-abstract-tls-mode-cleanup
...
Cipher cleanup: abstract TLS mode
2022-04-28 12:33:38 +02:00
8a4b7fd7c3
Optimize code
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com >
2022-04-28 10:21:03 +02:00
8abcee9290
Fix typos
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com >
2022-04-28 09:16:28 +02:00
2230e6c06d
Simplify PSA transform->ivlen set in ssl_tls12_populate_transform()
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com >
2022-04-27 10:36:14 +02:00
301711e96e
Simplify mbedtls_ssl_get_base_mode
...
Reduce the amount of ifdef's by making the USE_PSA_CRYPTO and
non-USE_PSA_CRYPTO definitions independent.
No behavior change.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com >
2022-04-27 10:28:55 +02:00
e108d987ea
Simplify mbedtls_ssl_get_mode
...
Reduce the imbrications between preprocessor directives and C instructions.
Handle encrypt-then-mac separately.
No behavior change.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com >
2022-04-27 10:28:55 +02:00
99114f3084
Fix build flags for opaque/raw psk checks
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com >
2022-04-22 14:54:34 +02:00
b293aaa61b
Enable support for psa opaque DHE-PSK key exchange on the client side
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com >
2022-04-22 14:54:33 +02:00
19b80f8151
Enable support for psa opaque ECDHE-PSK key exchange on the client side
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com >
2022-04-22 14:52:28 +02:00
51a1f36be0
setup_psa_key_derivation(): change salt parameter to other_secret
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com >
2022-04-22 14:52:28 +02:00
c2033409e3
Add support for psa rsa-psk key exchange
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com >
2022-04-22 14:52:27 +02:00
ae4ed30435
Fix naming: random bytes are the seed (not salt) in derivation process
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com >
2022-04-22 14:52:27 +02:00
1f02703e53
setup_psa_key_derivation(): add optional salt parameter
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com >
2022-04-22 14:52:27 +02:00
55132c6a9a
Merge pull request #5703 from superna9999/5322-ecdh-remove-legacy-context
...
TLS ECDH 4: remove legacy context
2022-04-22 14:27:06 +02:00
f2c82f0a3b
Introduce MBEDTLS_SSL_SOME_SUITES_USE_CBC_ETM macro to determine if Encrypt-then-MAC with CBC is used in a ciphersuite
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com >
2022-04-22 14:25:59 +02:00
ccc074e44d
Use correct condition to use encrypt_then_mac in ssl_tls.c
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com >
2022-04-22 14:25:59 +02:00
d1be7674a4
Use PSA_BLOCK_CIPHER_BLOCK_LENGTH instead of PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE in ssl_tls12_populate_transform()
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com >
2022-04-22 14:25:59 +02:00
6b27c97a91
Rename mbedtls_get_mode() to mbedtls_ssl_get_mode()
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com >
2022-04-22 14:25:59 +02:00
ab555e0a6c
Rename mbedtls_get_mode_from_XXX to mbedtls_ssl_get_mode_from_XXX
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com >
2022-04-22 14:25:59 +02:00
a0eeb7f470
Remove cipher_info in ssl_tls12_populate_transform() when USE_PSA_CRYPTO is defined
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com >
2022-04-22 14:25:59 +02:00
7fea33ea4d
Use mbedtls_get_mode_from_ciphersuite() in ssl_tls12_populate_transform()
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com >
2022-04-22 14:25:59 +02:00
4bf4c8675f
Introduce mbedtls_get_mode_from_ciphersuite() by reusing mbedtls_get_mode_from_transform() logic
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com >
2022-04-22 14:25:59 +02:00
8a0f3e8cf0
Introduce mbedtls_ssl_mode_t & mbedtls_get_mode_from_transform()
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com >
2022-04-22 14:25:26 +02:00
4d3a60475c
Change default config version to development style
...
Change-Id: I9c1088f235524211e727d03b96de8d82e60bd426
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com >
2022-04-21 13:46:17 +00:00
