cd0a565644
Merge pull request #6703 from yuhaoth/pr/tls13-misc-from-prototype
...
TLS 1.3: Upstream misc fix from prototype
2023-01-05 14:35:54 +01:00
67419f0e11
tls: fix + save code size when DEBUG_C is not enabled
...
Some PSA curves' symbols (PSA_WANT_) were not matching the corresponding
MBEDTLS_ECP_DP_. This was fixed together with the removal of extra code
when DEBUG_C is not enabled.
Signed-off-by: Valerio Setti <vsetti@baylibre.com >
2023-01-04 17:36:00 +01:00
40d9ca907b
tls: remove useless legacy function
...
Signed-off-by: Valerio Setti <vsetti@baylibre.com >
2023-01-04 16:08:04 +01:00
18c9fed857
tls: remove dependency from mbedtls_ecp_curve functions
...
Signed-off-by: Valerio Setti <vsetti@baylibre.com >
2023-01-03 13:03:34 +01:00
01f6e61781
Merge pull request #986 from Mbed-TLS/merge-back-3.3.0-3
...
Merge back 3.3.0 3
2022-12-14 19:18:05 +00:00
4064a82802
Merge pull request #5600 from yuhaoth/pr/refactor-cookie-members-of-handshake
...
Refactor cookie members of handshake
2022-12-14 10:55:34 +01:00
ddda050604
tls13: Upstream various fix in prototype
...
- Adjust max input_max_frag_len
- Guard transform_negotiate
- Adjust function position
- update comments
- fix wrong requirements
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2022-12-09 09:51:20 +08:00
a5b2c52885
Merge remote-tracking branch 'restricted/development-restricted' into mbedtls-3.3.0rc0-pr
2022-12-08 14:10:59 +00:00
ac5ca5a0ea
Refactor cookie members of handshake struct
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2022-12-05 19:58:45 +08:00
acbb6dc364
Merge remote-tracking branch 'origin/development' into merge-dev
2022-12-05 10:59:23 +00:00
1797b05602
Fix typos prior to release
...
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com >
2022-12-04 17:19:59 +00:00
3ce61ffca6
fix comments and function name issues
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2022-11-28 17:34:06 +08:00
3d9b590f02
guards transform_earlydata
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2022-11-28 17:34:06 +08:00
bf9b23abf8
Merge pull request #6648 from gilles-peskine-arm/psa-ecb-null-0
...
Fix NULL+0 undefined behavior in PSA crypto ECB
2022-11-25 17:07:46 +00:00
5a34b36bbd
Remove more now-redundant definitions of inline
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com >
2022-11-25 13:26:44 +01:00
ef25a99f20
Merge pull request #6533 from valeriosetti/issue5847
...
Use PSA EC-JPAKE in TLS (1.2) - Part 2
2022-11-23 13:27:30 +01:00
d4a9b1ab8d
tls: psa_pake: remove useless defines and fix a comment
...
Signed-off-by: Valerio Setti <vsetti@baylibre.com >
2022-11-22 11:11:10 +01:00
6b3dab03b5
tls: psa_pake: use a single function for round one and two in key exchange read/write
...
Signed-off-by: Valerio Setti <vsetti@baylibre.com >
2022-11-17 17:14:54 +01:00
9bed8ec5d8
tls: psa_pake: make round two reading function symmatric to the writing one
...
Signed-off-by: Valerio Setti <vsetti@baylibre.com >
2022-11-17 16:36:19 +01:00
a08b1a40a0
tls: psa_pake: move move key exchange read/write functions to ssl_tls.c
...
Inlined functions might cause the compiled code to have different sizes
depending on the usage and this not acceptable in some cases.
Therefore read/write functions used in the initial key exchange are
moved to a standard C file.
Signed-off-by: Valerio Setti <vsetti@baylibre.com >
2022-11-17 16:34:59 +01:00
4a9caaa0c9
tls12: psa_pake: check elliptic curve's TLS ID on handshake
...
Signed-off-by: Valerio Setti <vsetti@baylibre.com >
2022-11-16 14:50:10 +01:00
fbbc1f3812
tls12: psa_pake: use proper defines for the output size of each step in ECJPAKE
...
Signed-off-by: Valerio Setti <vsetti@baylibre.com >
2022-11-16 14:49:52 +01:00
02c25b5f83
tls12: psa_pake: use common code for parsing/writing round one and round two data
...
Share a common parsing code for both server and client for parsing
round one and two.
Signed-off-by: Valerio Setti <vsetti@baylibre.com >
2022-11-16 13:56:12 +01:00
e9f92c4fbc
tls: Fix in_cid buffer size in transform structure
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com >
2022-11-16 10:23:05 +01:00
a042b8406d
Address some format issues
...
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com >
2022-11-14 03:16:19 +00:00
f447e8a8d3
Address comments base on reviews
...
Improve early data indication check
Update test case to gnutls server
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com >
2022-11-14 03:15:36 +00:00
ecc2948f21
Fix format issues
...
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com >
2022-11-14 03:15:05 +00:00
338f727683
Move EARLY_DATA_OFF/ON guard to ssl_misc.h
...
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com >
2022-11-14 03:15:03 +00:00
b781a2323c
Move ssl_tls13_has_configured_ticket() back to tls13 client
...
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com >
2022-11-14 03:13:51 +00:00
893ad81966
Remove useless early_secrets field
...
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com >
2022-11-14 03:13:51 +00:00
0e97d4d16d
Add early data indication to client side
...
Add fields to mbedtls_ssl_context
Add write early data indication function
Add check whether write early data indication
Add early data option to ssl_client2
Add test cases for early data
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com >
2022-11-14 03:13:50 +00:00
b95dd3683b
Add missing mask set and tls13 unrecognized extension
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2022-11-08 23:51:38 +08:00
ea52ed91cf
fix typo and spell issues
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2022-11-08 21:01:17 +08:00
ca7d506556
Use PSA PAKE API when MBEDTLS_USE_PSA_CRYPTO is selected
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com >
Signed-off-by: Valerio Setti <vsetti@baylibre.com >
2022-11-08 10:58:45 +01:00
d25cab0327
Refactor debug helpers for exts and hs message
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2022-11-06 11:54:21 +08:00
df0ad658a3
tls13: Add allowed extesions constants.
...
- And refactor check_received_extension
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2022-11-02 21:35:27 +08:00
7a485c1fdf
Add ext id and utilities
...
- Remove `MBEDTLS_SSL_EXT_*`
- Add macros and functions for translating iana identifer.
- Add internal identity for extension
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2022-10-31 16:41:42 +08:00
c4bf5d658e
fix various issues
...
- Signature of
- mbedtls_tls13_set_hs_sent_ext_mask
- check_received_extension and issues
- Also fix comment issue.
- improve readablity.
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2022-10-31 16:41:42 +08:00
03112ae022
change input extension_type
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2022-10-31 16:41:42 +08:00
0c354a211b
introduce sent/recv extensions field
...
And remove `extensions_present`
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2022-10-31 16:41:42 +08:00
ffa1582793
move get_extension mask
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2022-10-31 16:41:42 +08:00
d15992d3ce
fix wrong setting of unrecognized ext
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2022-10-31 16:41:42 +08:00
e18dc7eb9a
Add forbidden extensions check for ClientHello
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2022-10-31 16:41:42 +08:00
73fe8df922
Introduce and use MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED
...
Introduce and use
MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED to
guard TLS code (both 1.2 and 1.3) specific
to handshakes involving PSKs.
Signed-off-by: Ronald Cron <ronald.cron@arm.com >
2022-10-22 14:42:04 +02:00
e68ab4f55e
Introduce and use MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED
...
Introduce and use
MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED to
guard TLS code (both TLS 1.2 and 1.3) specific
to handshakes involving certificates.
Signed-off-by: Ronald Cron <ronald.cron@arm.com >
2022-10-22 14:42:04 +02:00
41a443a68d
tls13: Use MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK.*ENABLED
...
Use MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED
instead of MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED to guard
code specific to one of the TLS 1.3 key exchange mode with
PSK.
Signed-off-by: Ronald Cron <ronald.cron@arm.com >
2022-10-22 14:42:04 +02:00
928cbd34e7
tls13: Use MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
...
Use MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
instead of MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED to guard
code specific to the TLS 1.3 ephemeral key exchange mode.
Use it also for the dependencies of TLS 1.3 only tests
relying on ephemeral key exchange mode, but for
tests in tls13-kex-modes.sh where the change is done
later using all
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_.*ENABLED macros.
Signed-off-by: Ronald Cron <ronald.cron@arm.com >
2022-10-22 14:42:04 +02:00
d29e13eb1b
tls: Use the same function in TLS 1.2 and 1.3 to check PSK conf
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com >
2022-10-21 14:34:20 +02:00
3b056202d3
tls13: keys: Do not use handshake->premaster
...
`handshake->premaster` was used to store the
(EC)DHE shared secret but in TLS 1.3 there is
no need to store it in a context.
Futhermore, `handshake->premaster` and more
specifically its sizing is TLS 1.2 specific
thus better to not use it in TLS 1.3.
Allocate a buffer to store the shared secret
instead. Allocation instead of a stack buffer
as the maintenance of the size of such buffer
is harder (new elliptic curve for ECDHE,
support for FFDHE ... ).
Signed-off-by: Ronald Cron <ronald.cron@arm.com >
2022-10-21 14:34:20 +02:00
ed3afcd6c3
Fix various typo and macro guards issues
...
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com >
2022-10-12 11:06:51 +00:00
