dba2677597
Update documentation
...
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com >
2022-10-03 17:01:02 +02:00
86dfe384c2
Fix documentation tags to be lower case
...
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com >
2022-09-30 14:03:04 +02:00
e5b8585f1e
Follow parameter naming convention
...
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com >
2022-09-30 13:54:02 +02:00
1c628d5700
Follow parameter naming comvention
...
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com >
2022-09-30 13:36:40 +02:00
3eff425b1a
Use only one limb parameter for assign
...
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com >
2022-09-30 13:36:40 +02:00
81e57021c6
Change the input parameters to be const
...
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com >
2022-09-30 13:36:40 +02:00
2b5bf4cec7
Fix doumentation
...
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com >
2022-09-30 13:36:40 +02:00
f4dd3b6a6d
Fix documentation
...
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com >
2022-09-30 13:36:40 +02:00
cfc0eb8d22
Remove unused parameter
...
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com >
2022-09-30 13:36:39 +02:00
87638a9ead
Add missing include
...
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com >
2022-09-30 13:36:39 +02:00
63c3282ec4
Remove retrun code from mod_raw_cond_assign/swap
...
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com >
2022-09-30 13:36:39 +02:00
24d183aa00
Use the new swap and assign function in the old interface
...
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com >
2022-09-30 13:36:39 +02:00
9f6615f146
Remove argument checking from constant time functions
...
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com >
2022-09-30 13:36:39 +02:00
12071d4403
Add conditional assign and swap function for MPI modulus
...
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com >
2022-09-30 13:33:35 +02:00
e1d31c4aad
Add conditional swap and assign function for MPI core
...
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com >
2022-09-30 13:33:30 +02:00
845de0898e
Merge pull request #6083 from tom-cosgrove-arm/issue-6015-montgomery-multiplication
...
Montgomery multiplication from bignum prototype
2022-09-30 10:35:21 +02:00
6da3a3b15f
Fix doc regarding aliasing of modulus input to mbedtls_mpi_core_montmul()
...
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com >
2022-09-29 17:20:18 +01:00
4386ead662
Correct the aliasing requirements in doc for mbedtls_mpi_core_montmul(), and test them
...
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com >
2022-09-29 14:40:21 +01:00
77c691f099
Merge pull request #6194 from xkqian/tls13_add_psk_client_cases
...
TLS 1.3: Add PSK client cases
2022-09-28 17:08:06 +02:00
e3358e14b2
Merge pull request #6051 from mprse/permissions_2b_v2
...
Permissions 2b: TLS 1.3 sigalg selection
2022-09-28 09:50:04 +02:00
f3f9e450b6
Merge pull request #6115 from AndrzejKurek/ecjpake-kdf-tls-1-2
...
Ad-hoc KDF for EC J-PAKE in TLS 1.2
2022-09-28 09:47:32 +02:00
ca343ae280
Improve message logs and test cases description in psk
...
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com >
2022-09-28 02:07:54 +00:00
c27a9074c4
tls13: server: Add comment when trying another sig alg
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com >
2022-09-27 10:07:55 +02:00
cb6e96305f
Change kex mode string name
...
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com >
2022-09-27 08:02:41 +00:00
b72dac4ed7
Fix PSA identifier of RSA_PKCS1V15 signing algorithms
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com >
2022-09-27 09:25:47 +02:00
b510cd2c50
Fix a copy-paste error - wrong macro used
...
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com >
2022-09-26 10:50:22 -04:00
5603efd525
Improve readability and formatting
...
Also use a sizeof instead of a constant for zeroization, as
requested in review.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com >
2022-09-26 10:49:16 -04:00
5beec4b339
Refine ssl_get_kex_mode_str() for easy automatic generation
...
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com >
2022-09-26 08:23:45 +00:00
ac8195f4f7
Fix wrongly kex mode fallback issue in psk cases
...
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com >
2022-09-26 06:31:58 +00:00
5596c74a98
Merge pull request #6140 from Zaya-dyno/validation_remove_change_auth_enc
...
Validation remove change auth enc
2022-09-23 17:04:31 +02:00
12a1e85caa
Merge pull request #6138 from Zaya-dyno/validation_remove_change_key_agree
...
Validation remove change key agree
2022-09-23 17:04:20 +02:00
87953f228f
Merge pull request #6091 from Zaya-dyno/validation_remove_change_pk
...
Validation remove change pk
2022-09-23 17:03:30 +02:00
2c282c9bd0
Merge pull request #6180 from yuhaoth/pr/add-tls13-multiple-session-tickets
...
TLS 1.3: NewSessionTicket: Add support for sending multiple tickets per session.
2022-09-23 15:48:33 +01:00
8939930b82
Rebase and fix some test failures
...
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com >
2022-09-23 01:49:33 +00:00
5001bfc619
Add key exchange mode log in client side
...
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com >
2022-09-23 01:49:33 +00:00
335cfaadf9
Finalize client side code for psk
...
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com >
2022-09-23 01:48:26 +00:00
359e65f784
limit session ticket number when resumption
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2022-09-22 23:47:43 +08:00
f3bdf9dd51
fix various issues
...
- improve document about configuration item.
- format issue
- variable type issue.
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2022-09-22 23:47:14 +08:00
07ba2be20b
Merge pull request #6304 from yuhaoth/pr/exclude-pre_shared_key-from-hrr-msg
...
TLS 1.3: PSK: Exclude pre_shared_key for HRR
2022-09-22 10:21:06 +02:00
1475ac49a4
Merge pull request #6107 from Zaya-dyno/validation_remove_change_hash
...
Validation remove change hash
2022-09-22 09:24:44 +02:00
d5c82fb821
Merge pull request #6085 from Zaya-dyno/validation_remove_change_cipher
...
Validation remove and change in files related to cipher in library
2022-09-22 09:10:13 +02:00
b7e3fa7fbd
move count decrement after success sent
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2022-09-22 13:21:29 +08:00
d0766eca58
fix various issues
...
- Improve comments
- Align count variable name to `new_session_tickets_count`
- move tickets_count init to handshake init
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2022-09-22 13:21:29 +08:00
c573882674
Merge remote-tracking branch 'upstream/development' into issue-6015-montgomery-multiplication
2022-09-21 12:08:43 +01:00
d433cd7d07
Merge pull request #6283 from mpg/driver-only-hashes-wrap-up
...
Driver only hashes wrap-up
2022-09-21 08:29:46 +02:00
4782823ec3
Ensure we explicitly document the modulus for fixed-width arithmetic
...
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com >
2022-09-20 13:51:50 +01:00
b0b77e1b13
Document and test aliasing of the bignums given to mbedtls_mpi_core_mla()
...
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com >
2022-09-20 13:33:40 +01:00
067a1e735e
tls13: Try reasonable sig alg for CertificateVerify signature
...
Instead of fully validating beforehand
signature algorithms with regards to the
private key, do minimum validation and then
just try to compute the signature. If it
fails try another reasonable algorithm if any.
Signed-off-by: Ronald Cron <ronald.cron@arm.com >
2022-09-20 14:30:13 +02:00
38391bf9b6
tls13: Do not impose minimum hash size for RSA PSS signatures
...
When providing proof of possession of
an RSA private key, allow the usage for RSA
PSS signatures of a hash with a security
level lower that the security level of the
RSA private key.
We did not allow this in the first place to
align with the ECDSA case. But as it is not
mandated by the TLS 1.3 specification (in
contrary to ECDSA), let's allow it.
Signed-off-by: Ronald Cron <ronald.cron@arm.com >
2022-09-20 14:29:41 +02:00
67ea2543ed
tls13: server: Add sig alg checks when selecting best certificate
...
When selecting the server certificate based on
the signature algorithms supported by the client,
check the signature algorithms as close as possible
to the way they are checked to compute the
signature for the server to prove it possesses
the private key associated to the certificate.
That way we minimize the odds of selecting a
certificate for which the server will not be
able to compute the signature to prove it
possesses the private key associated to the
certificate.
Signed-off-by: Ronald Cron <ronald.cron@arm.com >
2022-09-20 14:26:32 +02:00
