4079abc7d1
ssl_client.c: Adapt extensions writing to the TLS 1.2 case
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com >
2022-03-29 18:58:31 +02:00
11e1857f5e
ssl_client.c: Fix key share code guards
...
In TLS 1.3 key sharing is not restricted to key
exchange with certificate authentication. It
happens in the PSK and ephemeral key exchange
mode as well where there is no certificate
authentication.
Signed-off-by: Ronald Cron <ronald.cron@arm.com >
2022-03-29 18:58:31 +02:00
d491c2d779
ssl_client.c: Adapt ciphersuite writing to TLS 1.2 case
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com >
2022-03-29 17:17:57 +02:00
cb5ef6a532
Remove duplicated includes
...
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com >
2022-03-29 17:10:01 +02:00
55c49a3335
Use proper macro guard
...
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com >
2022-03-29 17:09:15 +02:00
86a477f5ee
ssl_client.c: Adapt initial version selection to TLS 1.2 case
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com >
2022-03-29 17:00:29 +02:00
3d580bf4bd
Move TLS 1.3 client hello writing to new TLS 1.2 and 1.3 client file
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com >
2022-03-29 17:00:29 +02:00
8f6d39a81d
Make some handshake TLS 1.3 utility routines available for TLS 1.2
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com >
2022-03-29 14:42:17 +02:00
90f012037d
ssl_tls12_server.c: Simplify TLS version check in ClientHello
...
The TLS server code only support TLS 1.2 thus simplify
the check of the version proposed by the client.
Signed-off-by: Ronald Cron <ronald.cron@arm.com >
2022-03-29 14:42:17 +02:00
4dcbca952e
ssl_tls.c: Move mbedtls_ssl_set_calc_verify_md() to TLS 1.2 section
...
In ssl_tls.c, move mbedtls_ssl_set_calc_verify_md() under the
"if defined(MBEDTLS_SSL_PROTO_TLS1_2)" pre-processor directive
as it is specific to TLS 1.2.
Signed-off-by: Ronald Cron <ronald.cron@arm.com >
2022-03-29 14:42:17 +02:00
de1adee51a
Rename ssl_cli/srv.c
...
Rename ssl_cli.c and ssl_srv.c to reflect the fact
that they are TLS 1.2 specific now. Align there new
names with the TLS 1.3 ones.
Signed-off-by: Ronald Cron <ronald.cron@arm.com >
2022-03-29 14:39:49 +02:00
63d97ad0bb
Merge pull request #5559 from yuhaoth/pr/add-rsae-sha384-sha512
...
Add rsae sha384 sha512
2022-03-29 14:01:51 +02:00
5d9a1fe9e9
PSA code depends on MBEDTLS_SSL_PROTO_TLS1_3
...
With TLS 1.3 support MBEDTLS_PSA_CRYPTO_C is enabled so PSA support
is always enabled.
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com >
2022-03-26 15:47:15 +01:00
20438976f9
Change comments and styles base on review
...
Change-Id: Idde76114aba0a47b61355677dd33ea9de7deee9d
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com >
2022-03-25 08:09:29 +00:00
9b93c0dd8d
Change cookie parameters for dtls and tls 1.3
...
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com >
2022-03-25 07:50:56 +00:00
25c9c9023c
Refine cookie len to fix compile issues
...
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com >
2022-03-25 07:50:56 +00:00
6c6f10265d
fix various issues
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2022-03-25 11:09:50 +08:00
e26acee896
Refactor guards for sig algs
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2022-03-23 21:01:33 +08:00
f8aa9a44aa
fix various issues
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2022-03-23 20:54:38 +08:00
8c3388620d
create sig_alg decode function
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2022-03-23 13:34:04 +08:00
0c23fc39c3
fix various guards issues
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2022-03-23 12:20:01 +08:00
cef3f33012
Guard rsa sig algs with rsa_c and pkcs1_v{15,21}
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2022-03-22 23:16:42 +08:00
3a58b462b6
add pss_rsae_sha{384,512}
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2022-03-22 15:13:34 +08:00
1bf075fffd
Use SSL error codes
...
The `psa_ssl_status_to_mbedtls` function is not only used for
cipher operations so transalte to TLS error codes.
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com >
2022-03-21 17:00:53 +01:00
adfeadc6e5
Extend PSA error translation
...
Add new error codes to the PSA to mbedtls error translation.
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com >
2022-03-21 17:00:53 +01:00
f4042f076b
Merge pull request #5573 from superna9999/5176-5177-5178-5179-tsl-record-hmac
...
TLS record HMAC
2022-03-21 11:36:44 +01:00
8d7afc642c
Merge pull request #5523 from ronald-cron-arm/one-flush-output-development
...
TLS 1.3: One flush output
2022-03-21 08:44:04 +01:00
10e5cdbbbf
Merge pull request #5454 from gstrauss/cert_cb-user_data
...
server certificate selection callback
2022-03-10 11:51:42 +01:00
00d012f2be
Fix type of force_flush parameter
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com >
2022-03-09 07:51:52 +01:00
66dbf9118e
TLS 1.3: Do not send handshake data in handshake step handlers
...
Send data (call to mbedtls_ssl_flush_output()) only from
the loop over the handshake steps. That way, we do not
have to take care of the partial writings (MBEDTLS_ERR_SSL_WANT_WRITE
error code) on the network in handshake step handlers.
Signed-off-by: Ronald Cron <ronald.cron@arm.com >
2022-03-09 07:51:52 +01:00
d815114f93
Merge pull request #5524 from mprse/tls_ecdh_2c
...
TLS ECDH 2c: ECHDE in TLS 1.3 (client-side)
2022-03-08 11:43:45 +01:00
6989407261
Add accessor to retrieve SNI during handshake
...
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com >
2022-02-25 19:55:53 -05:00
cf8841a076
Remove non-PSA MAC keys in mbedtls_ssl_transform when MBEDTLS_USE_PSA_CRYPTO is defined
...
Also remove last usage of non-PSA MAC keys in ssl_decrypt_non_etm_cbc() SSL test.
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com >
2022-02-25 15:16:49 +01:00
39b8e7dde4
Add, Initialize & Free HMAC keys in mbedtls_ssl_transform
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com >
2022-02-23 09:24:57 +01:00
3e536442f5
fix various issues
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2022-02-22 10:17:58 +08:00
a23b9d954c
fix undefine error
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2022-02-22 10:17:58 +08:00
1bb5a1ffe3
Implement received sig_algs check
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2022-02-22 10:17:58 +08:00
90f152dfac
fix psk only build fail
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2022-02-22 10:17:58 +08:00
8511f125af
Add certificteVerify
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2022-02-22 10:17:58 +08:00
5cc3506c9f
Add write certificate and client handler
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2022-02-22 10:17:58 +08:00
bef175db96
Wrap derive_keys with TLS1_2 option
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2022-02-21 09:06:00 +08:00
7d2396332d
fix wrong setting of max_minor version
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2022-02-21 09:06:00 +08:00
c5aef88be6
tls13_only: guard ssl_{cli,srv}.c with TLS1_2
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2022-02-21 09:06:00 +08:00
c3091b1c8c
tls13_only: compile pass
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2022-02-21 09:06:00 +08:00
e14b644f4d
Merge pull request #5456 from mpg/cleanup-ecdh-psa
...
Cleanup PSA-based ECDHE in TLS 1.2
2022-02-15 09:09:07 +01:00
b15f33d496
Enable ecdh_psa_xxx fields in struct mbedtls_ssl_handshake_params for TLS 1.3
...
These fields need to be enabled for 1.3 even if MBEDTLS_USE_PSA_CRYPTO isn't (1.3 should always use PSA).
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com >
2022-02-10 15:24:27 +01:00
62b49cd06a
Merge pull request #5472 from yuhaoth/pr/move-client-auth
...
Move client_auth to handshake
2022-02-09 10:57:00 +01:00
6ca6faa67e
Merge pull request #5080 from xffbai/add-tls13-read-certificate-request
...
add tls1_3 read certificate request
2022-02-09 09:51:55 +01:00
5c7d1cce97
fix typo error
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2022-02-08 21:08:29 +08:00
2d9a694088
change type of client_auth
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2022-02-08 21:07:10 +08:00