0c477d32e2
test: include also test_suite_ecp for the coverage analysis
...
Only some test cases are skipped for which ECP_C is mandatory,
but the other ones are included.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no >
2023-04-11 11:33:50 +02:00
6c496a1553
solve disparities for ECP_LIGHT between ref/accel
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no >
2023-04-11 11:33:50 +02:00
5278986d2d
psa: fix ECP guards for key derivation
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no >
2023-04-11 11:33:50 +02:00
3f8d23eaef
pk_wrap: fix guards in eckey_check_pair to only include 1 option at build time
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no >
2023-04-11 11:33:50 +02:00
d4a5d461de
library: add remaining changes for the new ECP_LIGHT symbol
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no >
2023-04-11 11:33:50 +02:00
0d2980f117
pk: adapt to new ECP_LIGHT symbol
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no >
2023-04-11 11:33:50 +02:00
fd122f4e95
ecp: introduce new ECP_LIGHT symbol
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no >
2023-04-11 11:33:50 +02:00
22d9ff6d3c
Merge pull request #7353 from xkqian/tls13_fix_code_style
...
Improve code styles for tls13 related files
2023-04-11 09:18:22 +01:00
5634f87d68
Merge pull request #7418 from xkqian/big_number_ecc_update_comment
...
Update SEC1 link in ecp.c
2023-04-11 09:34:07 +02:00
c9e8a65d06
Merge pull request #7298 from lpy4105/issue/6840/add-cache-entry-removal-api
...
ssl_cache: misc improvements
2023-04-11 09:30:40 +02:00
b16a50eeab
Merge pull request #7392 from valeriosetti/issue7388
...
PK: use PSA to complete public key when USE_PSA is enabled
2023-04-11 09:09:06 +02:00
49f39c1e91
Fix the wrong debug _message function to _ret
...
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com >
2023-04-10 08:29:17 +00:00
09c3cccf97
Update the todo comment of record size limits
...
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com >
2023-04-10 08:29:17 +00:00
8bce0e6f5e
Update group ext debug message in ssl_tls13_server.c
...
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com >
2023-04-10 08:29:17 +00:00
91bb3f0665
Wrap lines in library/ssl_tls13_client.c
...
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com >
2023-04-10 08:29:17 +00:00
9f1747bb1f
Wrap lines which exceed 80 chars in ssl_tls13_server.c
...
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com >
2023-04-10 08:29:14 +00:00
958b6ffe98
Wrap lines which exceed 80 chars in ssl_tls13_client.c
...
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com >
2023-04-10 08:27:52 +00:00
7343738695
Wrap lines which exceed 80 chars in ssl_tls13_generic.c
...
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com >
2023-04-10 08:27:51 +00:00
123cde824c
Improve code styles(line numbers) for tls13_key.c
...
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com >
2023-04-10 08:27:51 +00:00
669c7c35f0
Update SEC1 link in ecp.c
...
Old link doesn't work any more, update it to one
new link to refer version 2
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com >
2023-04-10 07:36:35 +00:00
e3746d7ce6
ssl_cache: Error renaming and document improvement
...
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com >
2023-04-10 14:40:03 +08:00
520c0384e7
pkparse: fix return value
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no >
2023-04-07 11:38:09 +02:00
1df94f841b
pk: fix return codes' precedence and code style
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no >
2023-04-07 11:04:32 +02:00
f740767c00
Merge pull request #7391 from valeriosetti/issue7387
...
PK: don't use mbedtls_ecp_check_pub_priv() when USE_PSA is enabled
2023-04-07 10:17:18 +02:00
9d65f0ef12
pk_wrap: simplify prototype of eckey_check_pair_psa()
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no >
2023-04-07 08:53:17 +02:00
aad6306212
pkparse: fix guards position
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no >
2023-04-07 08:45:34 +02:00
4bf73ad83f
pkparse: use proper sizing for buffer
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no >
2023-04-07 08:45:34 +02:00
34f6755b34
pkparse: add new function for deriving public key from private using PSA
...
Instead of using the legacy mbedtls_ecp_mul() function which makes use of
ECP's math, this commit adds a new function named pk_derive_public_key()
which implements the same behavior using PSA functions.
The flow is simple:
- import the private key into PSA
- export its public part
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no >
2023-04-07 08:45:34 +02:00
f286664069
pk_wrap: minor code optimizations
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no >
2023-04-07 08:37:46 +02:00
0b3de6fcec
Merge pull request #7288 from ronald-cron-arm/tls13-server-version-negotiation
...
TLS: TLS 1.2 / 1.3 version negotiation on server side
2023-04-06 16:26:19 +01:00
3615be65f8
Merge pull request #7342 from gabor-mezei-arm/6679_prevent_mpi_mod_write_from_corrupting_the_input
...
Prevent mpi_mod_write from corrupting the input
2023-04-06 15:56:28 +01:00
44c6694be7
Merge pull request #7351 from gabor-mezei-arm/7109_ecp_fast_reduction_testing
...
Test unlikely cases of ECC modular reduction
2023-04-06 15:55:19 +01:00
dad02b2bec
tls13: srv: Fix comment
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com >
2023-04-06 10:32:05 +02:00
fe01ec2d57
tls12: srv: Use sizeof() instead of constant
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com >
2023-04-06 10:32:05 +02:00
c564938180
Add downgrade protection mechanism
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com >
2023-04-06 10:32:05 +02:00
e45afd760d
Use specific pointer to loop over proposed cipher suites
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com >
2023-04-06 10:32:01 +02:00
eff5673e09
Improve and align variable names for supported versions data
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com >
2023-04-06 10:26:18 +02:00
3bd2b02486
Check for TLS 1.3 version first
...
Check for TLS 1.3 version first when parsing
the supported versions extension as it is
the most likely version.
Signed-off-by: Ronald Cron <ronald.cron@arm.com >
2023-04-06 10:26:18 +02:00
b828c7d3de
Fix, improve and add comments
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com >
2023-04-06 10:26:18 +02:00
097ba146e7
tls: srv: Set hybrid TLS 1.2/1.3 as default configuration
...
Set hybrid TLS 1.2/1.3 as default server
configuration if both TLS 1.2 and TLS 1.3
are enabled at build time.
Signed-off-by: Ronald Cron <ronald.cron@arm.com >
2023-04-06 10:26:18 +02:00
3b35455a69
tls: srv: Allow server hybrid TLS 1.2 and 1.3 configuration
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com >
2023-04-06 10:26:18 +02:00
6291b23080
tls: Add logic in handshake step to enable server version negotiation
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com >
2023-04-06 10:26:18 +02:00
8a12aeec93
tls: Initialize SSL context tls_version in mbedtls_ssl_setup()
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com >
2023-04-06 10:26:18 +02:00
5af4c7f0e2
tls13: srv: Add detection to negotiate TLS 1.2
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com >
2023-04-06 10:26:18 +02:00
8c527d0be8
tls13: srv: Parse supported versions extension early
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com >
2023-04-06 10:26:18 +02:00
2f16b4ec66
tls13: srv: Postpone cipher suite selection
...
Postpone TLS 1.3 cipher suite selection
when we are sure we negotiate the version
1.3 of the protocol.
Signed-off-by: Ronald Cron <ronald.cron@arm.com >
2023-04-06 10:26:18 +02:00
cada410365
tls13: srv: Postpone legacy session id copy
...
To avoid doing it twice in case we eventually
negotiate the version 1.2 of the protocol,
postpone the copy of the legacy session id.
Signed-off-by: Ronald Cron <ronald.cron@arm.com >
2023-04-06 10:26:18 +02:00
d540d995b2
tls13: srv: Postpone client random copy
...
To avoid doing it twice in case we eventually
negotiate the version 1.2 of the protocol,
postpone the copy of the client random
bytes.
Signed-off-by: Ronald Cron <ronald.cron@arm.com >
2023-04-06 10:26:18 +02:00
6458239b36
tls13: srv: Move TLS version setting
...
When parsing the ClientHello message,
move the setting of the TLS version
to TLS 1.3 after the computation of
the end of the list of cipher suites.
At that point we are able to compute
the address and end address of the
list of extensions and thus able to
search and parse the supported_versions
extension to select which version
of the TLS protocol we are going to
negotiate.
Signed-off-by: Ronald Cron <ronald.cron@arm.com >
2023-04-06 10:26:18 +02:00
47dce630f4
tls13: Add function to search for a supported_versions extension
...
Move in a dedicated function the search for the
supported_versions extension in a list of
extensions, to be able to use it on server side
as well.
Signed-off-by: Ronald Cron <ronald.cron@arm.com >
2023-04-06 10:26:17 +02:00
