XiaokangQian 
							
						 
					 
					
						
						
							
						
						aad9b0a286 
					 
					
						
						
							
							Update code base on comments  
						
						... 
						
						
						
						Change-Id: Ibc5043154515d2801565a2b99741dfda1344211c
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com > 
						
						
					 
					
						2022-05-09 01:11:21 +00:00 
						 
				 
			
				
					
						
							
							
								XiaokangQian 
							
						 
					 
					
						
						
							
						
						eaf3651e31 
					 
					
						
						
							
							Rebase and solve conflicts  
						
						... 
						
						
						
						Change handshake_msg related functions
Share the ssl_write_sig_alg_ext
Change-Id: I3d342baac302aa1d87c6f3ef75d85c7dc030070c
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com > 
						
						
					 
					
						2022-05-07 01:37:04 +00:00 
						 
				 
			
				
					
						
							
							
								Neil Armstrong 
							
						 
					 
					
						
						
							
						
						8ecd66884f 
					 
					
						
						
							
							Keep raw PSK when set via mbedtls_ssl_conf_psk() and feed as input_bytes  
						
						... 
						
						
						
						Signed-off-by: Neil Armstrong <narmstrong@baylibre.com > 
						
						
					 
					
						2022-05-05 14:01:49 +02:00 
						 
				 
			
				
					
						
							
							
								Neil Armstrong 
							
						 
					 
					
						
						
							
						
						80f6f32495 
					 
					
						
						
							
							Make mbedtls_ssl_psk_derive_premaster() only for when MBEDTLS_USE_PSA_CRYPTO is not selected  
						
						... 
						
						
						
						Signed-off-by: Neil Armstrong <narmstrong@baylibre.com > 
						
						
					 
					
						2022-05-04 11:08:41 +02:00 
						 
				 
			
				
					
						
							
							
								Neil Armstrong 
							
						 
					 
					
						
						
							
						
						044a32c4c6 
					 
					
						
						
							
							Remove mbedtls_ssl_get_psk() and it's usage when MBEDTLS_USE_PSA_CRYPTO is selected  
						
						... 
						
						
						
						Signed-off-by: Neil Armstrong <narmstrong@baylibre.com > 
						
						
					 
					
						2022-05-04 11:08:41 +02:00 
						 
				 
			
				
					
						
							
							
								Neil Armstrong 
							
						 
					 
					
						
						
							
						
						e952a30d47 
					 
					
						
						
							
							Remove RAW PSK when MBEDTLS_USE_PSA_CRYPTO is selected  
						
						... 
						
						
						
						Signed-off-by: Neil Armstrong <narmstrong@baylibre.com > 
						
						
					 
					
						2022-05-04 11:08:41 +02:00 
						 
				 
			
				
					
						
							
							
								Neil Armstrong 
							
						 
					 
					
						
						
							
						
						501c93220d 
					 
					
						
						
							
							Import PSK as opaque PSA key for mbedtls_ssl_conf_psk() & mbedtls_ssl_set_hs_psk()  
						
						... 
						
						
						
						Signed-off-by: Neil Armstrong <narmstrong@baylibre.com > 
						
						
					 
					
						2022-05-04 11:08:41 +02:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
							
						
						67397fa4fd 
					 
					
						
						
							
							Merge pull request  #5704  from mprse/mixed_psk_2cx  
						
						... 
						
						
						
						Mixed PSK 2a, 2b, 2c: enable client/server support opaque RSA-PSK, ECDHE-PSK, DHE-PSK 
						
						
					 
					
						2022-04-29 10:47:16 +02:00 
						 
				 
			
				
					
						
							
							
								Przemek Stekiel 
							
						 
					 
					
						
						
							
						
						169bf0b8b0 
					 
					
						
						
							
							Fix comments (#endif flags)  
						
						... 
						
						
						
						Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com > 
						
						
					 
					
						2022-04-29 07:53:29 +02:00 
						 
				 
			
				
					
						
							
							
								Gilles Peskine 
							
						 
					 
					
						
						
							
						
						8855e36030 
					 
					
						
						
							
							Merge pull request  #5674  from superna9999/5668-abstract-tls-mode-cleanup  
						
						... 
						
						
						
						Cipher cleanup: abstract TLS mode 
						
						
					 
					
						2022-04-28 12:33:38 +02:00 
						 
				 
			
				
					
						
							
							
								Przemek Stekiel 
							
						 
					 
					
						
						
							
						
						8a4b7fd7c3 
					 
					
						
						
							
							Optimize code  
						
						... 
						
						
						
						Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com > 
						
						
					 
					
						2022-04-28 10:21:03 +02:00 
						 
				 
			
				
					
						
							
							
								Przemek Stekiel 
							
						 
					 
					
						
						
							
						
						8abcee9290 
					 
					
						
						
							
							Fix typos  
						
						... 
						
						
						
						Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com > 
						
						
					 
					
						2022-04-28 09:16:28 +02:00 
						 
				 
			
				
					
						
							
							
								Neil Armstrong 
							
						 
					 
					
						
						
							
						
						2230e6c06d 
					 
					
						
						
							
							Simplify PSA transform->ivlen set in ssl_tls12_populate_transform()  
						
						... 
						
						
						
						Signed-off-by: Neil Armstrong <narmstrong@baylibre.com > 
						
						
					 
					
						2022-04-27 10:36:14 +02:00 
						 
				 
			
				
					
						
							
							
								Gilles Peskine 
							
						 
					 
					
						
						
							
						
						301711e96e 
					 
					
						
						
							
							Simplify mbedtls_ssl_get_base_mode  
						
						... 
						
						
						
						Reduce the amount of ifdef's by making the USE_PSA_CRYPTO and
non-USE_PSA_CRYPTO definitions independent.
No behavior change.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com > 
						
						
					 
					
						2022-04-27 10:28:55 +02:00 
						 
				 
			
				
					
						
							
							
								Gilles Peskine 
							
						 
					 
					
						
						
							
						
						e108d987ea 
					 
					
						
						
							
							Simplify mbedtls_ssl_get_mode  
						
						... 
						
						
						
						Reduce the imbrications between preprocessor directives and C instructions.
Handle encrypt-then-mac separately.
No behavior change.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com > 
						
						
					 
					
						2022-04-27 10:28:55 +02:00 
						 
				 
			
				
					
						
							
							
								Przemek Stekiel 
							
						 
					 
					
						
						
							
						
						99114f3084 
					 
					
						
						
							
							Fix build flags for opaque/raw psk checks  
						
						... 
						
						
						
						Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com > 
						
						
					 
					
						2022-04-22 14:54:34 +02:00 
						 
				 
			
				
					
						
							
							
								Przemek Stekiel 
							
						 
					 
					
						
						
							
						
						b293aaa61b 
					 
					
						
						
							
							Enable support for psa opaque DHE-PSK key exchange on the client side  
						
						... 
						
						
						
						Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com > 
						
						
					 
					
						2022-04-22 14:54:33 +02:00 
						 
				 
			
				
					
						
							
							
								Przemek Stekiel 
							
						 
					 
					
						
						
							
						
						19b80f8151 
					 
					
						
						
							
							Enable support for psa opaque ECDHE-PSK key exchange on the client side  
						
						... 
						
						
						
						Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com > 
						
						
					 
					
						2022-04-22 14:52:28 +02:00 
						 
				 
			
				
					
						
							
							
								Przemek Stekiel 
							
						 
					 
					
						
						
							
						
						51a1f36be0 
					 
					
						
						
							
							setup_psa_key_derivation(): change salt parameter to other_secret  
						
						... 
						
						
						
						Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com > 
						
						
					 
					
						2022-04-22 14:52:28 +02:00 
						 
				 
			
				
					
						
							
							
								Przemek Stekiel 
							
						 
					 
					
						
						
							
						
						c2033409e3 
					 
					
						
						
							
							Add support for psa rsa-psk key exchange  
						
						... 
						
						
						
						Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com > 
						
						
					 
					
						2022-04-22 14:52:27 +02:00 
						 
				 
			
				
					
						
							
							
								Przemek Stekiel 
							
						 
					 
					
						
						
							
						
						ae4ed30435 
					 
					
						
						
							
							Fix naming: random bytes are the seed (not salt) in derivation process  
						
						... 
						
						
						
						Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com > 
						
						
					 
					
						2022-04-22 14:52:27 +02:00 
						 
				 
			
				
					
						
							
							
								Przemek Stekiel 
							
						 
					 
					
						
						
							
						
						1f02703e53 
					 
					
						
						
							
							setup_psa_key_derivation(): add optional salt parameter  
						
						... 
						
						
						
						Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com > 
						
						
					 
					
						2022-04-22 14:52:27 +02:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
							
						
						55132c6a9a 
					 
					
						
						
							
							Merge pull request  #5703  from superna9999/5322-ecdh-remove-legacy-context  
						
						... 
						
						
						
						TLS ECDH 4: remove legacy context 
						
						
					 
					
						2022-04-22 14:27:06 +02:00 
						 
				 
			
				
					
						
							
							
								Neil Armstrong 
							
						 
					 
					
						
						
							
						
						f2c82f0a3b 
					 
					
						
						
							
							Introduce MBEDTLS_SSL_SOME_SUITES_USE_CBC_ETM macro to determine if Encrypt-then-MAC with CBC is used in a ciphersuite  
						
						... 
						
						
						
						Signed-off-by: Neil Armstrong <narmstrong@baylibre.com > 
						
						
					 
					
						2022-04-22 14:25:59 +02:00 
						 
				 
			
				
					
						
							
							
								Neil Armstrong 
							
						 
					 
					
						
						
							
						
						ccc074e44d 
					 
					
						
						
							
							Use correct condition to use encrypt_then_mac in ssl_tls.c  
						
						... 
						
						
						
						Signed-off-by: Neil Armstrong <narmstrong@baylibre.com > 
						
						
					 
					
						2022-04-22 14:25:59 +02:00 
						 
				 
			
				
					
						
							
							
								Neil Armstrong 
							
						 
					 
					
						
						
							
						
						d1be7674a4 
					 
					
						
						
							
							Use PSA_BLOCK_CIPHER_BLOCK_LENGTH instead of PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE in ssl_tls12_populate_transform()  
						
						... 
						
						
						
						Signed-off-by: Neil Armstrong <narmstrong@baylibre.com > 
						
						
					 
					
						2022-04-22 14:25:59 +02:00 
						 
				 
			
				
					
						
							
							
								Neil Armstrong 
							
						 
					 
					
						
						
							
						
						6b27c97a91 
					 
					
						
						
							
							Rename mbedtls_get_mode() to mbedtls_ssl_get_mode()  
						
						... 
						
						
						
						Signed-off-by: Neil Armstrong <narmstrong@baylibre.com > 
						
						
					 
					
						2022-04-22 14:25:59 +02:00 
						 
				 
			
				
					
						
							
							
								Neil Armstrong 
							
						 
					 
					
						
						
							
						
						ab555e0a6c 
					 
					
						
						
							
							Rename mbedtls_get_mode_from_XXX to mbedtls_ssl_get_mode_from_XXX  
						
						... 
						
						
						
						Signed-off-by: Neil Armstrong <narmstrong@baylibre.com > 
						
						
					 
					
						2022-04-22 14:25:59 +02:00 
						 
				 
			
				
					
						
							
							
								Neil Armstrong 
							
						 
					 
					
						
						
							
						
						a0eeb7f470 
					 
					
						
						
							
							Remove cipher_info in ssl_tls12_populate_transform() when USE_PSA_CRYPTO is defined  
						
						... 
						
						
						
						Signed-off-by: Neil Armstrong <narmstrong@baylibre.com > 
						
						
					 
					
						2022-04-22 14:25:59 +02:00 
						 
				 
			
				
					
						
							
							
								Neil Armstrong 
							
						 
					 
					
						
						
							
						
						7fea33ea4d 
					 
					
						
						
							
							Use mbedtls_get_mode_from_ciphersuite() in ssl_tls12_populate_transform()  
						
						... 
						
						
						
						Signed-off-by: Neil Armstrong <narmstrong@baylibre.com > 
						
						
					 
					
						2022-04-22 14:25:59 +02:00 
						 
				 
			
				
					
						
							
							
								Neil Armstrong 
							
						 
					 
					
						
						
							
						
						4bf4c8675f 
					 
					
						
						
							
							Introduce mbedtls_get_mode_from_ciphersuite() by reusing mbedtls_get_mode_from_transform() logic  
						
						... 
						
						
						
						Signed-off-by: Neil Armstrong <narmstrong@baylibre.com > 
						
						
					 
					
						2022-04-22 14:25:59 +02:00 
						 
				 
			
				
					
						
							
							
								Neil Armstrong 
							
						 
					 
					
						
						
							
						
						8a0f3e8cf0 
					 
					
						
						
							
							Introduce mbedtls_ssl_mode_t & mbedtls_get_mode_from_transform()  
						
						... 
						
						
						
						Signed-off-by: Neil Armstrong <narmstrong@baylibre.com > 
						
						
					 
					
						2022-04-22 14:25:26 +02:00 
						 
				 
			
				
					
						
							
							
								XiaokangQian 
							
						 
					 
					
						
						
							
						
						4d3a60475c 
					 
					
						
						
							
							Change default config version to development style  
						
						... 
						
						
						
						Change-Id: I9c1088f235524211e727d03b96de8d82e60bd426
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com > 
						
						
					 
					
						2022-04-21 13:46:17 +00:00 
						 
				 
			
				
					
						
							
							
								XiaokangQian 
							
						 
					 
					
						
						
							
						
						060d867598 
					 
					
						
						
							
							Update parse_key_share in server side and version config  
						
						... 
						
						
						
						Change-Id: Ic91c061027d0ee4dca2055df21809cbb4388f3ef
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com > 
						
						
					 
					
						2022-04-21 09:24:56 +00:00 
						 
				 
			
				
					
						
							
							
								XiaokangQian 
							
						 
					 
					
						
						
							
						
						75d40ef8cb 
					 
					
						
						
							
							Refine code base on review  
						
						... 
						
						
						
						Remove useless hrr code
Share validate_cipher_suit between client and server
Fix test failure when tls13 only in server side
Change-Id: I5d6a7932bd8448ebf542bc86cdcab8862bc28e9b
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com > 
						
						
					 
					
						2022-04-20 11:05:24 +00:00 
						 
				 
			
				
					
						
							
							
								XiaokangQian 
							
						 
					 
					
						
						
							
						
						8f9dfe41c0 
					 
					
						
						
							
							Fix comments about coding styles and test cases  
						
						... 
						
						
						
						Change-Id: I70ebc05e9dd9fa084d7b0ce724a25464c3425e22
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com > 
						
						
					 
					
						2022-04-20 07:45:50 +00:00 
						 
				 
			
				
					
						
							
							
								XiaokangQian 
							
						 
					 
					
						
						
							
						
						ed582dd023 
					 
					
						
						
							
							Update based on comments  
						
						... 
						
						
						
						Remove cookie support from server side
Change code to align with coding styles
Re-order functions of client_hello
Change-Id: If31509ece402f8276e6cac37f261e0b166d05e18
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com > 
						
						
					 
					
						2022-04-20 07:43:48 +00:00 
						 
				 
			
				
					
						
							
							
								XiaokangQian 
							
						 
					 
					
						
						
							
						
						c4b8c99a38 
					 
					
						
						
							
							Rebase and solve conflicts and issues  
						
						... 
						
						
						
						Change-Id: I17246c5b2f8a8ec4989c8b0b83b55cad0491b78a
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com > 
						
						
					 
					
						2022-04-20 07:43:48 +00:00 
						 
				 
			
				
					
						
							
							
								Paul Elliott 
							
						 
					 
					
						
						
							
						
						a2da9c7e45 
					 
					
						
						
							
							Merge pull request  #5631  from gstrauss/enum-tls-vers  
						
						... 
						
						
						
						Unify internal/external TLS protocol version enums 
						
						
					 
					
						2022-04-19 17:05:26 +01:00 
						 
				 
			
				
					
						
							
							
								Glenn Strauss 
							
						 
					 
					
						
						
							
						
						041a37635b 
					 
					
						
						
							
							Remove some tls_ver < MBEDTLS_SSL_VERSION_TLS1_2 checks  
						
						... 
						
						
						
						mbedtls no longer supports earlier TLS protocol versions
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com > 
						
						
					 
					
						2022-04-14 15:40:14 -04:00 
						 
				 
			
				
					
						
							
							
								Glenn Strauss 
							
						 
					 
					
						
						
							
						
						60bfe60d0f 
					 
					
						
						
							
							mbedtls_ssl_ciphersuite_t min_tls_version,max_tls_version  
						
						... 
						
						
						
						Store the TLS version in tls_version instead of major, minor version num
Note: existing application use which accesses the struct member
(using MBEDTLS_PRIVATE) is not compatible, as the struct is now smaller.
Reduce size of mbedtls_ssl_ciphersuite_t
members are defined using integral types instead of enums in
order to pack structure and reduce memory usage by internal
ciphersuite_definitions[]
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com > 
						
						
					 
					
						2022-04-14 15:40:12 -04:00 
						 
				 
			
				
					
						
							
							
								Glenn Strauss 
							
						 
					 
					
						
						
							
						
						2dfcea2b9d 
					 
					
						
						
							
							mbedtls_ssl_config min_tls_version, max_tls_version  
						
						... 
						
						
						
						Store the TLS version in tls_version instead of major, minor version num
Note: existing application use which accesses the struct member
(using MBEDTLS_PRIVATE) is not compatible on little-endian platforms,
but is compatible on big-endian platforms.  For systems supporting
only TLSv1.2, the underlying values are the same (=> 3).
New setter functions are more type-safe,
taking argument as enum mbedtls_ssl_protocol_version:
mbedtls_ssl_conf_max_tls_version()
mbedtls_ssl_conf_min_tls_version()
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com > 
						
						
					 
					
						2022-04-14 15:39:43 -04:00 
						 
				 
			
				
					
						
							
							
								Glenn Strauss 
							
						 
					 
					
						
						
							
						
						da7851c825 
					 
					
						
						
							
							Rename mbedtls_ssl_session minor_ver to tls_version  
						
						... 
						
						
						
						Store the TLS version instead of minor version number in tls_version.
Note: struct member size changed from unsigned char to uint16_t
Due to standard structure padding, the structure size does not change
unless alignment is 1-byte (instead of 2-byte or more)
Note: existing application use which accesses the struct member
(using MBEDTLS_PRIVATE) is compatible on little-endian platforms,
but not compatible on big-endian platforms.  The enum values for
the lower byte of MBEDTLS_SSL_VERSION_TLS1_2 and of
MBEDTLS_SSL_VERSION_TLS1_3 matches MBEDTLS_SSL_MINOR_VERSION_3 and
MBEDTLS_SSL_MINOR_VERSION_4, respectively.
Note: care has been taken to preserve serialized session format,
which uses only the lower byte of the TLS version.
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com > 
						
						
					 
					
						2022-04-14 15:23:57 -04:00 
						 
				 
			
				
					
						
							
							
								Glenn Strauss 
							
						 
					 
					
						
						
							
						
						07c641605e 
					 
					
						
						
							
							Rename mbedtls_ssl_transform minor_ver to tls_version  
						
						... 
						
						
						
						Store the TLS version in tls_version instead of minor version number.
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com > 
						
						
					 
					
						2022-04-14 15:23:54 -04:00 
						 
				 
			
				
					
						
							
							
								Glenn Strauss 
							
						 
					 
					
						
						
							
						
						dff84620a0 
					 
					
						
						
							
							Unify internal/external TLS protocol version enums  
						
						... 
						
						
						
						Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com > 
						
						
					 
					
						2022-04-14 13:45:20 -04:00 
						 
				 
			
				
					
						
							
							
								Neil Armstrong 
							
						 
					 
					
						
						
							
						
						f3f46416e3 
					 
					
						
						
							
							Remove ecdh_ctx variable, init & free when USE_PSA_CRYPTO isn't selected  
						
						... 
						
						
						
						Signed-off-by: Neil Armstrong <narmstrong@baylibre.com > 
						
						
					 
					
						2022-04-12 14:43:39 +02:00 
						 
				 
			
				
					
						
							
							
								Neil Armstrong 
							
						 
					 
					
						
						
							
						
						a33a255dcf 
					 
					
						
						
							
							Disable non-PSA ECDHE code in mbedtls_ssl_psk_derive_premaster() when USE_PSA_CRYPTO is selected  
						
						... 
						
						
						
						Signed-off-by: Neil Armstrong <narmstrong@baylibre.com > 
						
						
					 
					
						2022-04-12 14:40:47 +02:00 
						 
				 
			
				
					
						
							
							
								Glenn Strauss 
							
						 
					 
					
						
						
							
						
						236e17ec26 
					 
					
						
						
							
							Introduce mbedtls_ssl_hs_cb_t typedef  
						
						... 
						
						
						
						Inline func for mbedtls_ssl_conf_cert_cb()
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com > 
						
						
					 
					
						2022-04-07 14:18:30 -04:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
							
						
						1b05aff3ad 
					 
					
						
						
							
							Merge pull request  #5624  from superna9999/5312-tls-server-ecdh  
						
						... 
						
						
						
						TLS ECDH 3b: server-side static ECDH (1.2) 
						
						
					 
					
						2022-04-07 11:46:25 +02:00 
						 
				 
			
				
					
						
							
							
								Neil Armstrong 
							
						 
					 
					
						
						
							
						
						f716a700a1 
					 
					
						
						
							
							Rename mbedtls_ssl_handshake_params variable ecdh_psa_shared_key to ecdh_psa_privkey_is_external  
						
						... 
						
						
						
						Signed-off-by: Neil Armstrong <narmstrong@baylibre.com > 
						
						
					 
					
						2022-04-04 11:23:46 +02:00