2cd5ce0c6b
Fix various issues cause rebase to latest code
...
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com >
2022-11-15 10:33:53 +00:00
ecc2948f21
Fix format issues
...
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com >
2022-11-14 03:15:05 +00:00
911c0cc4f0
Fix format issues in comments
...
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com >
2022-11-14 03:13:50 +00:00
0e97d4d16d
Add early data indication to client side
...
Add fields to mbedtls_ssl_context
Add write early data indication function
Add check whether write early data indication
Add early data option to ssl_client2
Add test cases for early data
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com >
2022-11-14 03:13:50 +00:00
97be6a913e
fix various issues
...
- typo error
- replace `ssl->hanshake` with handshake
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2022-11-09 22:43:31 +08:00
7de2ff0310
Refactor extension list print
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2022-11-08 23:51:39 +08:00
79aa721ade
Rename ext print function and macro
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2022-11-08 23:51:39 +08:00
0d5cfb7703
Refactor Certificate
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2022-11-06 11:54:22 +08:00
4b8f2f7266
Refactor sent extension message output
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2022-11-06 11:54:21 +08:00
d25cab0327
Refactor debug helpers for exts and hs message
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2022-11-06 11:54:21 +08:00
df0ad658a3
tls13: Add allowed extesions constants.
...
- And refactor check_received_extension
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2022-11-02 21:35:27 +08:00
7a485c1fdf
Add ext id and utilities
...
- Remove `MBEDTLS_SSL_EXT_*`
- Add macros and functions for translating iana identifer.
- Add internal identity for extension
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2022-10-31 16:41:42 +08:00
c4bf5d658e
fix various issues
...
- Signature of
- mbedtls_tls13_set_hs_sent_ext_mask
- check_received_extension and issues
- Also fix comment issue.
- improve readablity.
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2022-10-31 16:41:42 +08:00
03112ae022
change input extension_type
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2022-10-31 16:41:42 +08:00
0c354a211b
introduce sent/recv extensions field
...
And remove `extensions_present`
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2022-10-31 16:41:42 +08:00
ffa1582793
move get_extension mask
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2022-10-31 16:41:42 +08:00
2eaa76044b
Add extension check for Certificate
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2022-10-31 16:41:42 +08:00
471dee5a12
Add debug helpers to track extensions
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2022-10-31 16:41:42 +08:00
de08cf3543
tls13: Do not use MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
...
Use MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
instead.
Signed-off-by: Ronald Cron <ronald.cron@arm.com >
2022-10-22 14:42:04 +02:00
928cbd34e7
tls13: Use MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
...
Use MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
instead of MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED to guard
code specific to the TLS 1.3 ephemeral key exchange mode.
Use it also for the dependencies of TLS 1.3 only tests
relying on ephemeral key exchange mode, but for
tests in tls13-kex-modes.sh where the change is done
later using all
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_.*ENABLED macros.
Signed-off-by: Ronald Cron <ronald.cron@arm.com >
2022-10-22 14:42:04 +02:00
e3358e14b2
Merge pull request #6051 from mprse/permissions_2b_v2
...
Permissions 2b: TLS 1.3 sigalg selection
2022-09-28 09:50:04 +02:00
c27a9074c4
tls13: server: Add comment when trying another sig alg
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com >
2022-09-27 10:07:55 +02:00
067a1e735e
tls13: Try reasonable sig alg for CertificateVerify signature
...
Instead of fully validating beforehand
signature algorithms with regards to the
private key, do minimum validation and then
just try to compute the signature. If it
fails try another reasonable algorithm if any.
Signed-off-by: Ronald Cron <ronald.cron@arm.com >
2022-09-20 14:30:13 +02:00
38391bf9b6
tls13: Do not impose minimum hash size for RSA PSS signatures
...
When providing proof of possession of
an RSA private key, allow the usage for RSA
PSS signatures of a hash with a security
level lower that the security level of the
RSA private key.
We did not allow this in the first place to
align with the ECDSA case. But as it is not
mandated by the TLS 1.3 specification (in
contrary to ECDSA), let's allow it.
Signed-off-by: Ronald Cron <ronald.cron@arm.com >
2022-09-20 14:29:41 +02:00
be0224aef3
Merge pull request #6167 from yuhaoth/pr/finalize-tls13-session-tickets
2022-09-18 21:18:13 +02:00
dca224628b
ssl_tls13_select_sig_alg_to_psa_alg: optimize code
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com >
2022-09-15 14:16:11 +02:00
f937e669bd
Guard new code with MBEDTLS_USE_PSA_CRYPTO
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com >
2022-09-15 14:16:11 +02:00
3c326f9697
Add function to convert sig_alg to psa alg and use it
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com >
2022-09-15 14:16:11 +02:00
b40f2e81ec
TLS 1.3: Take into account key policy while picking a signature algorithm
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com >
2022-09-15 14:10:19 +02:00
da6452578f
ssl_tls13_generic.c: fix hash buffer sizes (use PSA_HASH_MAX_SIZE)
...
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com >
2022-09-14 12:50:51 +02:00
0852ef8b96
mbedtls_ssl_reset_transcript_for_hrr: remove redundant 'else' statement
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com >
2022-09-13 18:08:54 +02:00
9dfbf3a006
ssl_tls13_generic.c: optimize code to save memory
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com >
2022-09-13 18:08:54 +02:00
47e3cb1875
ssl_tls13_generic.c: adapt guards for MBEDTLS_SHAxxx_C
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com >
2022-09-13 18:08:54 +02:00
db8c5faed7
Add getting session ticket for client
...
- Move ssl_get_psk_to_offer to `ssl_tls13_client.c`
- Rename to `ssl_tls13_get_psk_to_offer`
- Add session ticket parser
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2022-08-31 23:24:25 +08:00
a242e83b21
Rename the sha384 checksum context to reflect its purpose
...
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com >
2022-08-22 17:02:04 -04:00
95b743ca17
Rename get_pk_type_and_md_alg
...
The function is for both tls12 and tls13 now.
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2022-07-28 23:08:00 +08:00
f6b8c3297a
Merge pull request #6065 from mpg/explore2
...
Driver-only hashes: RSA 1.5 and PK + strategy doc
2022-07-28 10:43:38 +02:00
3ad67bf4e3
Rename functions and add test messages
...
Change-Id: Iab51b031ae82d7b2d384de708858be64be75f9ed
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com >
2022-07-21 15:30:04 +02:00
8698195566
Address comments of various issues
...
Improve comments
Change coding style
Rename functions
Change-Id: Ia111aef303932cfeee693431c3d48f90342b32e5
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com >
2022-07-21 15:30:04 +02:00
008d2bf80b
Address comments in psk client review
...
Improve comments
Refine cipher suite related code in psk
Refine get_psk_offered()
Change-Id: Ic3b0b5f86eb1e71f11bb499961aa8494284f1840
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com >
2022-07-21 15:30:04 +02:00
abac037a7b
Migrate from old inline to new actual function.
...
This is mostly:
sed -i 's/mbedtls_psa_translate_md/mbedtls_hash_info_psa_from_md/' \
library/*.c tests/suites/*.function
This should be good for code size as the old inline function was used
from 10 translation units inside the library, so we have 10 copies at
least.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com >
2022-07-18 21:28:38 +02:00
ce7d76e2ee
Merge remote-tracking branch 'mbedtls-restricted/development-restricted' into mbedtls-3.2.0rc0-pr
2022-07-11 10:22:37 +02:00
0e39ece23f
Merge pull request #5916 from yuhaoth/pr/tls13-refactor-get-sig-alg-from-pk
...
Refactor signature algorithm chooser
2022-07-04 09:10:08 +02:00
959e5e030b
fix format issue
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2022-06-29 16:20:17 +08:00
660cb4209c
Remove pkcs1 from key cert and sig alg map
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2022-06-29 16:20:17 +08:00
2f244c43b4
Merge pull request #5980 from mprse/md_dep_fix
...
Remove MD dependencies from mbedtls_x509_sig_alg_gets(), ssl_tls13_parse_certificate_verify()
2022-06-29 10:18:41 +02:00
c2e0493e6e
Add rsa_pkcs1 for cert sig match
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2022-06-29 16:18:31 +08:00
cc5391048e
fix various issues
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2022-06-29 16:18:30 +08:00
aebaaaf527
add debug messages
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2022-06-29 16:16:09 +08:00
a1255e6b8c
fix various issues
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2022-06-29 16:16:09 +08:00