62b49cd06a
Merge pull request #5472 from yuhaoth/pr/move-client-auth
...
Move client_auth to handshake
2022-02-09 10:57:00 +01:00
6ca6faa67e
Merge pull request #5080 from xffbai/add-tls13-read-certificate-request
...
add tls1_3 read certificate request
2022-02-09 09:51:55 +01:00
c234ecf695
Update mbedtls_ssl_handshake_free() and address review comments.
...
Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com >
2022-02-08 10:26:42 +00:00
51f515a503
update based on comments
...
Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com >
2022-02-08 07:28:04 +00:00
422370d633
Improve a comment and fix some whitespace
...
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com >
2022-02-07 11:55:21 +01:00
6928a5164d
Compile mbedtls_ssl_cipher_to_psa() conditionally under MBEDTLS_USE_PSA_CRYPTO only
...
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com >
2022-02-03 14:55:24 +01:00
0d63b84fa4
Add mbedtls_ssl_check_curve_tls_id() (internal)
...
This can be used to validate the server's choice of group in the PSA
case (this will be done in the next commit).
Note that new function doesn't depend on ECP_C, as it only requires
mbedtls_ssl_get_groups(), which is always available. As a general rule,
functions for defining and enforcing policy in the TLS module should not
depend on low-level modules but work with TLS-level identifiers are much
as possible, and this new function follows that principle.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com >
2022-02-03 11:08:15 +01:00
d66387f8fa
Init psa status to PSA_ERROR_CORRUPTION_DETECTED
...
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com >
2022-02-03 09:16:41 +01:00
f9cd60853f
ssl_tls1X_populate_transform(): import psa keys only if alg is not MBEDTLS_SSL_NULL_CIPHER
...
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com >
2022-02-01 11:25:55 +01:00
77aec8d181
Rename ssl_psa_status_to_mbedtls->psa_ssl_status_to_mbedtls
...
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com >
2022-01-31 20:22:53 +01:00
89dad93a78
Rename psa_status_to_mbedtls->ssl_psa_status_to_mbedtls and add conversion for PSA_ERROR_INVALID_SIGNATURE
...
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com >
2022-01-31 15:39:24 +01:00
f57b45660d
Rename tls_mbedtls_cipher_to_psa() to be consistent with function naming convention.
...
New function name: mbedtls_ssl_cipher_to_psa().
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com >
2022-01-31 15:38:29 +01:00
9b22c2b1e6
Rename: mbedtls_cipher_to_psa -> tls_mbedtls_cipher_to_psa
...
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com >
2022-01-31 15:38:29 +01:00
6be9cf542f
Cleanup the code
...
Use conditional compilation for psa and mbedtls code (MBEDTLS_USE_PSA_CRYPTO).
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com >
2022-01-31 15:38:29 +01:00
ce09e7d868
Use psa_status_to_mbedtls() for psa error case
...
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com >
2022-01-31 15:38:29 +01:00
fe7397d8a7
Fix key attributes encrypt or decrypt only (not both)
...
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com >
2022-01-31 15:38:29 +01:00
e87475d834
Move psa_status_to_mbedtls to ssl_misc.h
...
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com >
2022-01-31 15:38:29 +01:00
1fe065b235
Fix conditional compilation (MBEDTLS_USE_PSA_CRYPTO)
...
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com >
2022-01-31 15:38:29 +01:00
76e1583483
Convert psa status to mbedtls
...
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com >
2022-01-31 15:38:28 +01:00
11a33e6d90
Use PSA_BITS_TO_BYTES macro to convert key bits to bytes
...
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com >
2022-01-31 15:38:28 +01:00
ffccda45df
ssl_tls12_populate_transform: store the en/decryption keys and alg in the new fields
...
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com >
2022-01-31 15:38:28 +01:00
8f80fb9b1d
Adapt in mbedtls_ssl_transform_init() and mbedtls_ssl_transform_free() after extending mbedtls_ssl_transform struct
...
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com >
2022-01-31 15:38:28 +01:00
430f337b49
Add helper function to translate mbedtls cipher type/mode pair to psa: algorithm, key type and key size.
...
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com >
2022-01-31 15:38:28 +01:00
6d42bb430c
Update mbedtls_ssl_handshake_free()
...
Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com >
2022-01-28 10:05:51 +00:00
fb28b88e26
move client_auth to handshake
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2022-01-28 11:05:58 +08:00
8499b6ce25
Only free verify_cookie in tls 1.3 case.
...
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com >
2022-01-27 09:00:11 +00:00
34909746df
Change cookie free code and some comments
...
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com >
2022-01-27 02:25:04 +00:00
f1e7d12cb6
Fix compile issues in mbedtls_ssl_session_reset_msg_layer
...
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com >
2022-01-26 10:53:15 +00:00
2b01dc30cb
Add hrr no change check and allign mbedtls_ssl_session_reset_msg_layer
...
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com >
2022-01-26 10:53:15 +00:00
78b1fa7e81
Update code base on comments
...
Move reset transcript for hrr to generic
Reset SHA256 or SHA384 other than both
Rename message layer reset
Add check log for hrr parse successfully
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com >
2022-01-26 10:53:15 +00:00
d9e068e10b
Change code based on comments
...
Align coding styles
Add hrr parameter for ssl_tls13_parse_server_hello
Add reset steps for SHA384 in HRR
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com >
2022-01-26 10:51:13 +00:00
51eff22c9b
Align oode style with server hello parse
...
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com >
2022-01-26 10:51:13 +00:00
647719a172
Add hello retry request in client side
...
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com >
2022-01-26 10:50:06 +00:00
ed5e9f431d
Change ecdsa sig_algs order for tls1.3
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2022-01-26 12:41:12 +08:00
0b994b8061
fix typo error
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2022-01-25 17:22:12 +08:00
53037894ab
change the defaut sig_algs order
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2022-01-25 14:38:01 +08:00
18c833e2eb
fix tls1_2 only sig_algs order issue
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2022-01-25 14:38:01 +08:00
f377d644f5
Refactor duplicate check
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2022-01-25 14:38:01 +08:00
6ade743a43
Add mbedtls_printf alias for !PLATFORM_C
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2022-01-25 14:38:01 +08:00
370e146acb
fix comments issues
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2022-01-25 12:46:17 +08:00
909df7b17b
Refactor *_sig_algs tables
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2022-01-25 12:46:17 +08:00
b476a44fc6
Add static assert check
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2022-01-25 12:46:17 +08:00
941e07ff02
fix test_no_platform fail
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2022-01-25 12:46:17 +08:00
1a8b481ce6
Remove duplicated signature algorithm in default settings
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2022-01-25 12:46:17 +08:00
600ded7ea5
Reserve end tag space at sig_algs_len init.
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2022-01-25 12:46:17 +08:00
a68dca24ee
move overflow inside loop
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2022-01-25 12:46:17 +08:00
8afd6e4308
fix typo issues in comments
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2022-01-25 12:46:17 +08:00
eb821c6916
remove check_sig_hash
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2022-01-25 12:46:17 +08:00
1bab301c0d
Add signature algorithm supported check
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2022-01-25 12:46:17 +08:00
7ddc38cedb
fix various issues
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2022-01-25 12:46:17 +08:00
