lib/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-06-24 01:41:35 +03:00
Code Activity
27,312 Commits 173 Branches 268 Tags
aa01a038b521931382951036a5cd49bddcc40b51
Commit Graph

6365 Commits

Author SHA1 Message Date
Xiaokang Qian
54413b10c2 Add early data support preparatory work 
Add MBEDTLS_SSL_EARLY_DATA configuration option
Define early_data_enabled field in mbedtls_ssl_config
Add function mbedtls_ssl_conf_early_data

Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2022-10-25 03:00:18 +00:00
Ronald Cron
571f1ff6dc Make sure TLS 1.2 kex macros are undefined in builds without TLS 1.2 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-10-22 14:42:04 +02:00
Ronald Cron
73fe8df922 Introduce and use MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED 
Introduce and use
MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED to
guard TLS code (both 1.2 and 1.3) specific
to handshakes involving PSKs.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-10-22 14:42:04 +02:00
Ronald Cron
e68ab4f55e Introduce and use MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED 
Introduce and use
MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED to
guard TLS code (both TLS 1.2 and 1.3) specific
to handshakes involving certificates.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-10-22 14:42:04 +02:00
Ronald Cron
928cbd34e7 tls13: Use MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 
Use MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
instead of MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED to guard
code specific to the TLS 1.3 ephemeral key exchange mode.

Use it also for the dependencies of TLS 1.3 only tests
relying on ephemeral key exchange mode, but for
tests in tls13-kex-modes.sh where the change is done
later using all
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_.*ENABLED macros.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-10-22 14:42:04 +02:00
Ronald Cron
d8d2ea5674 Add TLS 1.3 key exchange mode config options 
Add TLS 1.3 specific configuration options
to enable/disable the support for TLS 1.3
key exchange modes.

These configurations are introduced to
move away from the aforementioned
enablement/disablement based on
MBEDTLS_KEY_EXCHANGE_xxx_ENABLED options
that relate to group of TLS 1.2
ciphersuites.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-10-22 14:41:57 +02:00
Manuel Pégourié-Gonnard
98b91d40d6 RSA PKCS#1 v1.5 no longer depends on MD 
This has been the case since
https://github.com/Mbed-TLS/mbedtls/pull/6065 which forgot to update the
documentation, and also is_builtin_calling_md(), so update those.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-10-19 10:59:30 +02:00
Dave Rodgman
f33da19dfb Merge pull request #6413 from daverodgman/update_docs_links 
Update documentation links
 2022-10-14 17:42:48 +01:00
Gilles Peskine
8874cd570e Merge pull request #4826 from RcColes/development 
Add LMS implementation
 2022-10-14 18:33:01 +02:00
Ronald Cron
49e4184812 Merge pull request #6299 from xkqian/tls13_add_servername_check 
Add server name check when proposing pre-share key
 2022-10-13 16:00:59 +02:00
Raef Coles
29c490db97 Update LMS calculate_public_key docs 
To avoid the word "generate"

Signed-off-by: Raef Coles <raef.coles@arm.com>
 2022-10-13 14:30:34 +01:00
Raef Coles
07b70d9196 Correct typo in LMS config check 
Signed-off-by: Raef Coles <raef.coles@arm.com>
 2022-10-13 14:30:28 +01:00
Raef Coles
1b43a7448d Clean up LMS and LMOTS feature dependencies 
Remove SHA256 dependencies from tests, fix incorrect boolean logic in
check_config, and change depends_hashes.pl to disable LMS in one test

Signed-off-by: Raef Coles <raef.coles@arm.com>
 2022-10-13 14:30:26 +01:00
Raef Coles
3c4ae77fec Improve LMS private context documentation 
Signed-off-by: Raef Coles <raef.coles@arm.com>
 2022-10-13 14:29:45 +01:00
Raef Coles
285d44b180 Capitalize "Merkle" in LMS and LMOTS code 
As it is a proper noun

Signed-off-by: Raef Coles <raef.coles@arm.com>
 2022-10-13 14:29:43 +01:00
Raef Coles
9b0daf60fb Improve LMS private function warning 
Signed-off-by: Raef Coles <raef.coles@arm.com>
 2022-10-13 14:29:38 +01:00
Raef Coles
370cc43630 Make LMS public key export part of public key api 
Signed-off-by: Raef Coles <raef.coles@arm.com>
 2022-10-13 14:29:28 +01:00
Raef Coles
be3bdd8240 Rename LMS and LMOTS init/free functions 
To match convention

Signed-off-by: Raef Coles <raef.coles@arm.com>
 2022-10-13 14:29:18 +01:00
Raef Coles
2ac352a322 Make LMS functions args const where required 
Signed-off-by: Raef Coles <raef.coles@arm.com>
 2022-10-13 14:29:14 +01:00
Raef Coles
f6ddd51bfd Sanitize LMS and LMOTS macros 
Signed-off-by: Raef Coles <raef.coles@arm.com>
 2022-10-13 14:29:13 +01:00
Raef Coles
5127e859d7 Update LMS and LMOTS dependency macros 
Signed-off-by: Raef Coles <raef.coles@arm.com>
 2022-10-13 14:29:11 +01:00
Raef Coles
56fe20a473 Move MBEDTLS_PRIVATE required defines into lms.h 
From lmots.h, as it is a private header

Signed-off-by: Raef Coles <raef.coles@arm.com>
 2022-10-13 14:29:10 +01:00
Raef Coles
ab300f15e8 Move public header content from lmots.h to lms.h 
Signed-off-by: Raef Coles <raef.coles@arm.com>
 2022-10-13 14:29:08 +01:00
Raef Coles
403558c1c9 Fix LMS function documentation 
Signed-off-by: Raef Coles <raef.coles@arm.com>
 2022-10-13 14:28:57 +01:00
Raef Coles
9b88ee5d5d Fix LMS and LMOTS coding style violations 
Signed-off-by: Raef Coles <raef.coles@arm.com>
 2022-10-13 14:28:40 +01:00
Raef Coles
366d67d9af Shorted LMS and LMOTS line-lengths 
To attempt to comply with the 80-char suggestion

Signed-off-by: Raef Coles <raef.coles@arm.com>
 2022-10-13 14:28:38 +01:00
Raef Coles
e9479a0264 Update LMS API to support multiple parameter sets 
Parameterise macros to allow variation of sizes

Signed-off-by: Raef Coles <raef.coles@arm.com>
 2022-10-13 14:28:36 +01:00
Raef Coles
ab4f87413a Add MBEDTLS_LMS_PRIVATE define 
To enable private key operations

Signed-off-by: Raef Coles <raef.coles@arm.com>
 2022-10-13 14:28:35 +01:00
Raef Coles
01c71a17b3 Update LMS and LMOTS api 
Fix function names and parameters. Move macros to be more private.
Update implementation.

Signed-off-by: Raef Coles <raef.coles@arm.com>
 2022-10-13 14:28:25 +01:00
Raef Coles
c8f9604d7b Use PSA hashing for LMS and LMOTS 
Signed-off-by: Raef Coles <raef.coles@arm.com>
 2022-10-13 14:28:23 +01:00
Raef Coles
7dce69a27a Make LMOTS a private api 
Signed-off-by: Raef Coles <raef.coles@arm.com>
 2022-10-13 14:28:22 +01:00
Raef Coles
2ad6e611f0 Update LMS/LMOTS documentation 
Signed-off-by: Raef Coles <raef.coles@arm.com>
 2022-10-13 14:28:20 +01:00
Raef Coles
0aa18e041f Note that LMS sign function is for testing only 
Signed-off-by: Raef Coles <raef.coles@arm.com>
 2022-10-13 14:28:18 +01:00
Raef Coles
c464746d45 Document LMS and LMOTS contexts 
And add some comments about the source of their type IDs

Signed-off-by: Raef Coles <raef.coles@arm.com>
 2022-10-13 14:28:17 +01:00
Raef Coles
8ff6df538c Add LMS implementation 
Also an LM-OTS implementation as one is required for LMS.

Signed-off-by: Raef Coles <raef.coles@arm.com>
 2022-10-13 14:28:15 +01:00
Gilles Peskine
0fe6631486 Merge pull request #6291 from gilles-peskine-arm/platform.h-unconditional-3.2 
Include platform.h unconditionally
 2022-10-13 10:19:22 +02:00
Pol Henarejos
c9754c3ec1 Merge branch 'Mbed-TLS:development' into sha3 2022-10-13 08:28:13 +02:00
Dave Rodgman
b319684bca Additional updates to docs links 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2022-10-12 16:47:08 +01:00
Xiaokang Qian
baa4764d77 Fix typo issues 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2022-10-12 11:06:51 +00:00
Xiaokang Qian
ed3afcd6c3 Fix various typo and macro guards issues 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2022-10-12 11:06:51 +00:00
Xiaokang Qian
03409290d2 Add MBEDTLS_SSL_SESSION_TICKETS guard to server name check 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2022-10-12 11:06:51 +00:00
Xiaokang Qian
2f9efd3038 Address comments base on review 
Change function name to ssl_session_set_hostname()
Remove hostname_len
Change hostname to c_string
Update test cases to multi session tickets

Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2022-10-12 11:06:49 +00:00
Xiaokang Qian
bc663a0461 Refine code based on commnets 
Change code layout
Change hostname_len type to size_t
Fix various issues

Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2022-10-12 11:06:01 +00:00
Xiaokang Qian
adf84a4a8c Remove public api mbedtls_ssl_reset_hostname() 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2022-10-12 11:05:11 +00:00
Xiaokang Qian
281fd1bdd8 Add server name check when proposeing pre-share key 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2022-10-12 11:03:41 +00:00
Gilles Peskine
8fd3254cfc Merge pull request #6374 from mprse/enc_types 
Test TLS 1.2 builds with each encryption type
 2022-10-12 12:45:50 +02:00
Ronald Cron
78317c832b Merge pull request #6327 from yuhaoth/pr/tls13-psk-after-session-tickets 
TLS 1.3: PSK and NewSessionTicket: Add support for sending PSK and Ticket together.
 2022-10-12 12:39:51 +02:00
Gilles Peskine
fcee740b83 Automatically enable PK_PARSE for RSA in PSA 
PSA crypto currently needs MBEDTLS_PK_PARSE_C to parse RSA keys to do almost
anything with them (import, get attributes, export public from private, any
cryptographic operations). Force it on, for symmetry with what we're doing
for MBEDTLS_PK_WRITE_C. Fixes #6409.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-10-11 21:15:24 +02:00
Gilles Peskine
fd94304f9d PSA RSA needs pk_write 
The PSA crypto code needs mbedtls_pk_write_key_der() and
mbedtls_pk_write_pubkey() when using RSA without drivers. We were already
forcing MBEDTLS_PK_WRITE_C when MBEDTLS_USE_PSA_CRYPTO is enabled. Do so
also when MBEDTLS_PSA_CRYPTO_C is enabled as well as MBEDTLS_RSA_C, even
without MBEDTLS_USE_PSA_CRYPTO. Fixes #6408.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-10-11 21:09:12 +02:00
Przemek Stekiel
d61a4d3d1a Fix missing guard and double-space 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-10-11 09:40:40 +02:00