yuzu-mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-mirror/mbedtls.git synced 2025-12-06 07:12:32 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity
27542 commits 89 branches 205 tags 114 MiB
Commit graph

302 commits

Author SHA1 Message Date
Jerry Yu 141bbe7bee tls13: Adjust include files 
- remove duplicate and unused included
- Adjust the order to system, mbedtls global, local.

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-12-09 09:51:20 +08:00
Xiaokang Qian 2cd5ce0c6b Fix various issues cause rebase to latest code 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2022-11-15 10:33:53 +00:00
Xiaokang Qian ecc2948f21 Fix format issues 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2022-11-14 03:15:05 +00:00
Xiaokang Qian 911c0cc4f0 Fix format issues in comments 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2022-11-14 03:13:50 +00:00
Xiaokang Qian 0e97d4d16d Add early data indication to client side 
Add fields to mbedtls_ssl_context
Add write early data indication function
Add check whether write early data indication
Add early data option to ssl_client2
Add test cases for early data

Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2022-11-14 03:13:50 +00:00
Jerry Yu 97be6a913e fix various issues 
- typo error
- replace `ssl->hanshake` with handshake

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-11-09 22:43:31 +08:00
Jerry Yu 7de2ff0310 Refactor extension list print 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-11-08 23:51:39 +08:00
Jerry Yu 79aa721ade Rename ext print function and macro 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-11-08 23:51:39 +08:00
Jerry Yu 0d5cfb7703 Refactor Certificate 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-11-06 11:54:22 +08:00
Jerry Yu 4b8f2f7266 Refactor sent extension message output 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-11-06 11:54:21 +08:00
Jerry Yu d25cab0327 Refactor debug helpers for exts and hs message 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-11-06 11:54:21 +08:00
Jerry Yu df0ad658a3 tls13: Add allowed extesions constants. 
- And refactor check_received_extension

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-11-02 21:35:27 +08:00
Jerry Yu 7a485c1fdf Add ext id and utilities 
- Remove `MBEDTLS_SSL_EXT_*`
- Add macros and functions for translating iana identifer.
- Add internal identity for extension

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-10-31 16:41:42 +08:00
Jerry Yu c4bf5d658e fix various issues 
- Signature of
  - mbedtls_tls13_set_hs_sent_ext_mask
  - check_received_extension and issues
- Also fix comment issue.
- improve readablity.

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-10-31 16:41:42 +08:00
Jerry Yu 03112ae022 change input extension_type 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-10-31 16:41:42 +08:00
Jerry Yu 0c354a211b introduce sent/recv extensions field 
And remove `extensions_present`

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-10-31 16:41:42 +08:00
Jerry Yu ffa1582793 move get_extension mask 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-10-31 16:41:42 +08:00
Jerry Yu 2eaa76044b Add extension check for Certificate 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-10-31 16:41:42 +08:00
Jerry Yu 471dee5a12 Add debug helpers to track extensions 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-10-31 16:41:42 +08:00
Ronald Cron de08cf3543 tls13: Do not use MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED 
Use MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
instead.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-10-22 14:42:04 +02:00
Ronald Cron 928cbd34e7 tls13: Use MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 
Use MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
instead of MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED to guard
code specific to the TLS 1.3 ephemeral key exchange mode.

Use it also for the dependencies of TLS 1.3 only tests
relying on ephemeral key exchange mode, but for
tests in tls13-kex-modes.sh where the change is done
later using all
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_.*ENABLED macros.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-10-22 14:42:04 +02:00
Manuel Pégourié-Gonnard e3358e14b2
Merge pull request #6051 from mprse/permissions_2b_v2 
Permissions 2b: TLS 1.3 sigalg selection
 2022-09-28 09:50:04 +02:00
Ronald Cron c27a9074c4 tls13: server: Add comment when trying another sig alg 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-09-27 10:07:55 +02:00
Ronald Cron 067a1e735e tls13: Try reasonable sig alg for CertificateVerify signature 
Instead of fully validating beforehand
signature algorithms with regards to the
private key, do minimum validation and then
just try to compute the signature. If it
fails try another reasonable algorithm if any.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-09-20 14:30:13 +02:00
Ronald Cron 38391bf9b6 tls13: Do not impose minimum hash size for RSA PSS signatures 
When providing proof of possession of
an RSA private key, allow the usage for RSA
PSS signatures of a hash with a security
level lower that the security level of the
RSA private key.

We did not allow this in the first place to
align with the ECDSA case. But as it is not
mandated by the TLS 1.3 specification (in
contrary to ECDSA), let's allow it.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-09-20 14:29:41 +02:00
Ronald Cron be0224aef3
Merge pull request #6167 from yuhaoth/pr/finalize-tls13-session-tickets 2022-09-18 21:18:13 +02:00
Przemek Stekiel dca224628b ssl_tls13_select_sig_alg_to_psa_alg: optimize code 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-09-15 14:16:11 +02:00
Przemek Stekiel f937e669bd Guard new code with MBEDTLS_USE_PSA_CRYPTO 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-09-15 14:16:11 +02:00
Przemek Stekiel 3c326f9697 Add function to convert sig_alg to psa alg and use it 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-09-15 14:16:11 +02:00
Przemek Stekiel b40f2e81ec TLS 1.3: Take into account key policy while picking a signature algorithm 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-09-15 14:10:19 +02:00
Przemyslaw Stekiel da6452578f ssl_tls13_generic.c: fix hash buffer sizes (use PSA_HASH_MAX_SIZE) 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-09-14 12:50:51 +02:00
Przemek Stekiel 0852ef8b96 mbedtls_ssl_reset_transcript_for_hrr: remove redundant 'else' statement 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-09-13 18:08:54 +02:00
Przemek Stekiel 9dfbf3a006 ssl_tls13_generic.c: optimize code to save memory 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-09-13 18:08:54 +02:00
Przemek Stekiel 47e3cb1875 ssl_tls13_generic.c: adapt guards for MBEDTLS_SHAxxx_C 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-09-13 18:08:54 +02:00
Jerry Yu db8c5faed7 Add getting session ticket for client 
- Move ssl_get_psk_to_offer to `ssl_tls13_client.c`
- Rename to `ssl_tls13_get_psk_to_offer`
- Add session ticket parser

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-08-31 23:24:25 +08:00
Andrzej Kurek a242e83b21 Rename the sha384 checksum context to reflect its purpose 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-08-22 17:02:04 -04:00
Jerry Yu 95b743ca17 Rename get_pk_type_and_md_alg 
The function is for both tls12 and tls13 now.

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-07-28 23:08:00 +08:00
Manuel Pégourié-Gonnard f6b8c3297a
Merge pull request #6065 from mpg/explore2 
Driver-only hashes: RSA 1.5 and PK + strategy doc
 2022-07-28 10:43:38 +02:00
XiaokangQian 3ad67bf4e3 Rename functions and add test messages 
Change-Id: Iab51b031ae82d7b2d384de708858be64be75f9ed
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-07-21 15:30:04 +02:00
XiaokangQian 8698195566 Address comments of various issues 
Improve comments
Change coding style
Rename functions

Change-Id: Ia111aef303932cfeee693431c3d48f90342b32e5
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-07-21 15:30:04 +02:00
XiaokangQian 008d2bf80b Address comments in psk client review 
Improve comments
Refine cipher suite related code in psk
Refine get_psk_offered()

Change-Id: Ic3b0b5f86eb1e71f11bb499961aa8494284f1840
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-07-21 15:30:04 +02:00
Manuel Pégourié-Gonnard abac037a7b Migrate from old inline to new actual function. 
This is mostly:

    sed -i 's/mbedtls_psa_translate_md/mbedtls_hash_info_psa_from_md/' \
    library/*.c tests/suites/*.function

This should be good for code size as the old inline function was used
from 10 translation units inside the library, so we have 10 copies at
least.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-07-18 21:28:38 +02:00
Ronald Cron ce7d76e2ee Merge remote-tracking branch 'mbedtls-restricted/development-restricted' into mbedtls-3.2.0rc0-pr 2022-07-11 10:22:37 +02:00
Ronald Cron 0e39ece23f
Merge pull request #5916 from yuhaoth/pr/tls13-refactor-get-sig-alg-from-pk 
Refactor signature algorithm chooser
 2022-07-04 09:10:08 +02:00
Jerry Yu 959e5e030b fix format issue 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-06-29 16:20:17 +08:00
Jerry Yu 660cb4209c Remove pkcs1 from key cert and sig alg map 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-06-29 16:20:17 +08:00
Manuel Pégourié-Gonnard 2f244c43b4
Merge pull request #5980 from mprse/md_dep_fix 
Remove MD dependencies from mbedtls_x509_sig_alg_gets(), ssl_tls13_parse_certificate_verify()
 2022-06-29 10:18:41 +02:00
Jerry Yu c2e0493e6e Add rsa_pkcs1 for cert sig match 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-06-29 16:18:31 +08:00
Jerry Yu cc5391048e fix various issues 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-06-29 16:18:30 +08:00
Jerry Yu aebaaaf527 add debug messages 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-06-29 16:16:09 +08:00
Jerry Yu a1255e6b8c fix various issues 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-06-29 16:16:09 +08:00
Jerry Yu 53f5c15155 Add debug message 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-06-29 16:16:08 +08:00
Jerry Yu 80dd5db808 Remove pkcs1 from certificate verify. 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-06-29 16:16:08 +08:00
Jerry Yu f085678879 remove unnecessary check 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-06-29 16:16:07 +08:00
Jerry Yu 0c6be8f863 move big function 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-06-29 16:16:07 +08:00
Jerry Yu f3b46b5082 Add debug message 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-06-29 16:16:05 +08:00
Jerry Yu d099cf0325 fix unused variable issue 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-06-29 16:13:47 +08:00
Jerry Yu f55886a217 fix various issues 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-06-29 16:13:46 +08:00
Jerry Yu fb526693c1 Rename sig_alg cert_key check 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-06-29 16:13:45 +08:00
Jerry Yu 7ab7f2b184 Remove pkcs1 from certificate_verify 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-06-29 16:13:44 +08:00
Jerry Yu f249ef7821 refactor get sig algo from pk 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-06-29 16:13:40 +08:00
Przemek Stekiel 4dc874453e ssl_tls13_parse_certificate_verify(): optimize the code 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-06-28 11:05:42 +02:00
Ronald Cron 11b5332ffc tls13: Fix certificate extension size write 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-06-28 09:21:13 +02:00
Ronald Cron 154d1b68d6 tls13: Fix wrong usage of MBEDTLS_SSL_CHK_BUF(_READ)_PTR macros 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-06-28 09:18:42 +02:00
Przemek Stekiel 6a5e01858f ssl_tls13_parse_certificate_verify(): remove md dependency 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-06-27 11:53:13 +02:00
Ronald Cron 2b1a43c101 tls13: Add missing overread check in Certificate msg parsing. 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-06-27 09:28:49 +02:00
Ronald Cron e3dac4aaa1 tls13: Add Certificate msg parsing tests with invalid vector lengths 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-06-27 09:28:42 +02:00
Ronald Cron 9738a8d0fd
Merge pull request #943 from ronald-cron-arm/tls13-fix-key-usage-checks 
TLS 1.3: Fix certificate key usage checks
 2022-06-27 08:32:17 +02:00
Ronald Cron 1938588e80 tls13: Align some debug messages with TLS 1.2 ones 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-06-24 12:06:46 +02:00
Manuel Pégourié-Gonnard a3115dc0e6 Mark static int SSL functions CHECK_RETURN_CRITICAL 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-06-20 21:12:52 +02:00
Ronald Cron 30c5a2520e tls13: Fix certificate key usage checks 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-06-17 08:49:52 +02:00
Ronald Cron ca3c6a5698
Merge pull request #5817 from xkqian/tls13_add_server_name 
Tls13 add server name
 2022-06-16 08:30:09 +02:00
XiaokangQian 81802f43a2 Select certificate base on the received signature list 
Change-Id: Ife707db7fcfdb1e761ba86804cbf5dd766a5ee33
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-06-13 03:58:06 +00:00
Paul Elliott 5f2bc754d6
Merge pull request #5792 from yuhaoth/pr/add-tls13-moving-state-tests 
Pr/add-tls13-moving-state-tests
 2022-06-08 13:39:52 +01:00
Manuel Pégourié-Gonnard 3a833271aa
Merge pull request #5727 from SiliconLabs/feature/PSEC-3207-TLS13-hashing-HMAC-to-PSA 
Feature psec-3207 move TLS13 hashing and hmac to psa
 2022-06-08 11:53:35 +02:00
pespacek d9aaf768b5 Fixing CI complains. 
Signed-off-by: pespacek <peter.spacek@silabs.com>
 2022-06-08 09:44:11 +02:00
pespacek b06acd734b Fixing PSA return status 
Signed-off-by: pespacek <peter.spacek@silabs.com>
 2022-06-07 13:07:21 +02:00
pespacek 670913f4dc Fixing return value for ssl_tls13_write_certificate_body() 
Signed-off-by: pespacek <peter.spacek@silabs.com>
 2022-06-07 10:53:39 +02:00
Jerry Yu 0a92d6c8eb fix move state to handshake over fail 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-05-31 15:06:04 +08:00
XiaokangQian 0557c94fef Add back SNI related code to validate_certificate 
Change-Id: I75883858016d4163cd7c64c3418eb3ca24fa46ea
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-05-30 08:10:53 +00:00
XiaokangQian e7a5da597f Remove SNI related code 
Change-Id: Ic44bdb27b1bdc5c9057078dfed936fc36bddebbe
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-05-30 00:59:29 +00:00
XiaokangQian aca9048b5f Change base on review 
Fix comments
Add test cases for client authentication with empty certificate

Change-Id: Id8a741ddd997ca92e36832f26088eb0e67830ad8
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-05-26 00:47:11 +00:00
XiaokangQian 989f06d52d Change some comments base on review 
Change-Id: I3db2b8ca8162eb368d2f17dfeffee8b25f9edf6f
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-05-26 00:47:11 +00:00
XiaokangQian 63e713e8ab Fix comments 
Change-Id: Ib741f876f4d296df79565a2b8a2971918db1a77f
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-05-26 00:47:11 +00:00
XiaokangQian c3017f620f Remove useless guards and refine checking 
Change-Id: I9cd3073826fc65c203e479d83bed72331ff8963d
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-05-26 00:47:10 +00:00
XiaokangQian 189ded2b07 Remove coordinate functions and change state machine in server side 
Change-Id: Id4abf78f493e77afc289409db691c9c61acde1d2
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-05-26 00:46:13 +00:00
XiaokangQian 6b916b1616 Add client certificate parse and certificate verify 
Change-Id: I638db78922a03db6f8bd70c6c5f56fb60365547d
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-05-26 00:40:53 +00:00
pespacek 3493587e05 FEATURE: mbedtls_md() in ssl_tls13_write_certificate_verify_body() 
replaced withpsa_hash_compute()
Signed-off-by: pespacek <peter.spacek@silabs.com>
 2022-05-23 13:10:48 +02:00
pespacek a1378105cf FEATURE: use psa_hash_xxx rather than mbedtls_md_xxx for TLS 1.3. 
ssl_tls13_parse_certificate_verify()
Signed-off-by: pespacek <peter.spacek@silabs.com>
 2022-05-23 13:10:47 +02:00
Jerry Yu e3d67cb263 Improve readability 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-05-19 15:33:10 +08:00
Jerry Yu fd5ea0458f add compute application transform 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-05-19 14:29:48 +08:00
Jerry Yu cc0a13fcf8 remove unnecessary empty line 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-05-19 10:14:24 +08:00
Jerry Yu e8c1fca67c move trafic set to generic 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-05-18 16:57:45 +08:00
Jerry Yu d6e253ded9 fix various issues 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-05-18 16:57:45 +08:00
Jerry Yu 03ed50ba6a Add handshake wrapup 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-05-18 09:58:48 +08:00
Jerry Yu ff2269889d Add client finished 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-05-18 09:58:48 +08:00
Ronald Cron 9edf51d8cd
Merge pull request #5785 from gabor-mezei-arm/5460_unify_parsing_sig_alg_ext 
Unify parsing of the signature algorithms extension in TLS 1.2 and TLS 1.3
CI ABI API check job failure is expected as the PR do some changes in ssl_misc.h.
@RcColes if you eventually want to request some changes, they can be done in a follow-up PR.
 2022-05-17 17:01:55 +02:00
Andrzej Kurek 5c65c5781f Fix additional misspellings found by codespell 
Remaining hits seem to be hex data, certificates,
and other miscellaneous exceptions.
List generated by running codespell -w -L 
keypair,Keypair,KeyPair,keyPair,ciph,nd

Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-05-11 21:25:54 +01:00
Gabor Mezei 078e803d2c
Unify parsing of the signature algorithms extension 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2022-05-11 14:29:08 +02:00
Jerry Yu fbe3e64b76 fix various issues 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-05-09 15:49:03 +08:00