yuzu-mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-mirror/mbedtls.git synced 2025-12-06 07:12:32 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity
23252 commits 89 branches 205 tags 114 MiB
Commit graph

176 commits

Author SHA1 Message Date
Jerry Yu 545432310d remove zeorize from keys 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-05-19 11:23:25 +08:00
Neil Armstrong 0fa8ce3498 TLS 1.3 only have AEAD ciphers, drop the PSA_ALG_IS_AEAD() check in mbedtls_ssl_tls13_get_cipher_key_info() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-05-18 13:19:29 +02:00
Neil Armstrong b818e16b29 Move out common PSA code from mbedtls_ssl_tls13_generate_handshake_keys/mbedtls_ssl_tls13_generate_application_keys 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-05-18 13:19:29 +02:00
Neil Armstrong e3b0b8ab67 Remove non-PSA code in mbedtls_ssl_tls13_generate_handshake_keys/mbedtls_ssl_tls13_generate_application_keys 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-05-18 13:19:29 +02:00
Neil Armstrong 93617245c3 Code style fixes 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-05-18 13:19:29 +02:00
Neil Armstrong 4f4f271850 In mbedtls_ssl_tls13_generate_handshake_keys() and mbedtls_ssl_tls13_generate_application_keys(), avoid calling mbedtls_cipher_info_from_type() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-05-18 13:19:29 +02:00
Neil Armstrong a8093f5c48 In mbedtls_ssl_tls13_populate_transform() make sure mbedtls_cipher_info_from_type() is only called when USE_PSA is disabled 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-05-18 13:19:29 +02:00
Jerry Yu ff2269889d Add client finished 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-05-18 09:58:48 +08:00
Shaun Case 8b0ecbccf4 Redo of PR#5345. Fixed spelling and typographical errors found by CodeSpell. 
Signed-off-by: Shaun Case <warmsocks@gmail.com>
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2022-05-11 21:25:51 +01:00
Jerry Yu ef2b98a246 fix coding style issues 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-05-06 16:40:05 +08:00
Jerry Yu f86eb75c58 fix various issues 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-05-06 11:16:55 +08:00
Jerry Yu e110d258d9 Add set outbound transform 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-05-05 19:59:59 +08:00
Glenn Strauss 07c641605e Rename mbedtls_ssl_transform minor_ver to tls_version 
Store the TLS version in tls_version instead of minor version number.

Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
 2022-04-14 15:23:54 -04:00
Gabor Mezei 29e7ca89d5
Fix typo 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2022-03-29 17:08:49 +02:00
Gabor Mezei c09437526c
Remove commented out code 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2022-03-29 17:08:15 +02:00
Gabor Mezei ed6d6589b3
Use hash algoritm for parameter instead of HMAC 
To be compatible with the other functions `mbedtls_psa_hkdf_extract` and
`mbedtls_psa_hkdf_expand` use hash algorithm for parameter.

Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2022-03-26 17:28:06 +01:00
Gabor Mezei 07732f7015
Translate from mbedtls_md_type_t to psa_algorithm_t 
Do the translation as early as possible from mbedtls_md_type_t to psa_algorithm_t.

Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2022-03-26 17:04:19 +01:00
Gabor Mezei 5d9a1fe9e9
PSA code depends on MBEDTLS_SSL_PROTO_TLS1_3 
With TLS 1.3 support MBEDTLS_PSA_CRYPTO_C is enabled so PSA support
is always enabled.

Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2022-03-26 15:47:15 +01:00
Gabor Mezei 58db65354b
Use the PSA-based HKDF functions 
Use the `mbedtls_psa_hkdf_extract` and `mbedtls_psa_hkdf_expand`
functions in the HKDF handling.

Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2022-03-21 17:00:53 +01:00
Manuel Pégourié-Gonnard 8d4bc5eeb9
Merge pull request #5481 from gabor-mezei-arm/5401_implement_hkdf_extract_based_on_psa_hmac 
HKDF 1a: Implement Extract in TLS 1.3 based on PSA HMAC
 2022-03-17 11:55:48 +01:00
Manuel Pégourié-Gonnard d815114f93
Merge pull request #5524 from mprse/tls_ecdh_2c 
TLS ECDH 2c: ECHDE in TLS 1.3 (client-side)
 2022-03-08 11:43:45 +01:00
Gabor Mezei d860e0f18b
Add comment 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2022-02-21 15:46:39 +01:00
Gabor Mezei 0e7c6f4961
Check return value of psa_destroy_key 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2022-02-21 15:46:39 +01:00
Gabor Mezei 26c6741c58
Add better name for variable. 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2022-02-21 15:46:39 +01:00
Gabor Mezei c5efb8e58b
Use PSA error code 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2022-02-21 15:46:38 +01:00
Gabor Mezei 89c1a95f8f
Delete leftover code 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2022-02-21 15:42:59 +01:00
Gabor Mezei 62bf024025
Make the mbedtls_psa_hkdf_extract function more PSA compatible 
Change the return value to `psa_status_t`.
Add `prk_size` and `prk_len` parameters.

Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2022-02-21 15:42:57 +01:00
Gabor Mezei 9f4bb319c9
Implement HKDF extract in TLS 1.3 based on PSA HMAC 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2022-02-21 15:23:29 +01:00
Gabor Mezei 8e3602569b
Typo 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2022-02-17 11:50:02 +01:00
Gabor Mezei 8d5a4cbfdb
Check return value of psa_destroy_key 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2022-02-15 16:23:17 +01:00
Gabor Mezei 833713c35c
Add better name for variable 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2022-02-15 16:16:08 +01:00
Przemyslaw Stekiel c0824bfb11 Change mbedtls_ssl_tls13_key_schedule_stage_handshake() to use psa_raw_key_agreement() 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-02-14 10:19:45 +01:00
Gabor Mezei 9607ab4dbd
Prevent function not used compilation error 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2022-02-10 10:57:24 +01:00
Gabor Mezei a3eecd242c
Implement HKDF expand in TLS 1.3 based on PSA HMAC 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2022-02-10 10:57:23 +01:00
Przemyslaw Stekiel f9cd60853f ssl_tls1X_populate_transform(): import psa keys only if alg is not MBEDTLS_SSL_NULL_CIPHER 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-02-01 11:25:55 +01:00
Przemyslaw Stekiel 77aec8d181 Rename ssl_psa_status_to_mbedtls->psa_ssl_status_to_mbedtls 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-01-31 20:22:53 +01:00
Przemyslaw Stekiel 89dad93a78 Rename psa_status_to_mbedtls->ssl_psa_status_to_mbedtls and add conversion for PSA_ERROR_INVALID_SIGNATURE 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-01-31 15:39:24 +01:00
Przemyslaw Stekiel f57b45660d Rename tls_mbedtls_cipher_to_psa() to be consistent with function naming convention. 
New function name:  mbedtls_ssl_cipher_to_psa().

Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-01-31 15:38:29 +01:00
Przemyslaw Stekiel 9b22c2b1e6 Rename: mbedtls_cipher_to_psa -> tls_mbedtls_cipher_to_psa 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-01-31 15:38:29 +01:00
Przemyslaw Stekiel 6be9cf542f Cleanup the code 
Use conditional compilation for psa and mbedtls code (MBEDTLS_USE_PSA_CRYPTO).

Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-01-31 15:38:29 +01:00
Przemyslaw Stekiel fe7397d8a7 Fix key attributes encrypt or decrypt only (not both) 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-01-31 15:38:29 +01:00
Przemyslaw Stekiel dd7b501c92 Move PSA init after taglen is set 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-01-31 15:38:29 +01:00
Przemyslaw Stekiel e87475d834 Move psa_status_to_mbedtls to ssl_misc.h 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-01-31 15:38:29 +01:00
Przemyslaw Stekiel 1fe065b235 Fix conditional compilation (MBEDTLS_USE_PSA_CRYPTO) 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-01-31 15:38:29 +01:00
Przemyslaw Stekiel 76e1583483 Convert psa status to mbedtls 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-01-31 15:38:28 +01:00
Przemyslaw Stekiel 11a33e6d90 Use PSA_BITS_TO_BYTES macro to convert key bits to bytes 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-01-31 15:38:28 +01:00
Przemyslaw Stekiel ae77b0ab28 mbedtls_ssl_tls13_populate_transform: store the en/decryption keys and alg in the new fields 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-01-31 15:38:28 +01:00
lhuang04 a3890a3427 Swap the client and server random for TLS 1.3 
Summary:

Test Plan:

Reviewers:

Subscribers:

Tasks:

Tags:
Signed-off-by: lhuang04 <lhuang04@fb.com>
 2022-01-27 06:00:43 -08:00
Ronald Cron 6f135e1148 Rename MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL to MBEDTLS_SSL_PROTO_TLS1_3 
As we have now a minimal viable implementation of TLS 1.3,
let's remove EXPERIMENTAL from the config option enabling
it.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2021-12-10 13:47:55 +01:00
Jerry Yu a5563f6115 move position of base_key init 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2021-12-10 18:14:36 +08:00
Jerry Yu b737f6a9be move base_key init 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2021-12-10 17:55:59 +08:00
Jerry Yu 9c07473ebc fix various issues 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2021-12-10 17:12:43 +08:00
Jerry Yu 889b3b76da fix clang build fail 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2021-12-10 12:57:45 +08:00
Jerry Yu 4a2fa5d0aa Move erase handshake secrets 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2021-12-10 10:37:14 +08:00
Jerry Yu 27224f58be fix coding style issue 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2021-12-10 10:33:27 +08:00
Jerry Yu 23ab7a46a3 move zeroize master secrets 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2021-12-10 10:33:27 +08:00
Jerry Yu 2c70a39d97 move zeroize randbytes 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2021-12-10 10:33:27 +08:00
Jerry Yu 6eaa41c15e Fix overflow error 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2021-12-06 18:16:30 +08:00
Xiaofei Bai d25fab6f79 Update based on comments 
Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com>
 2021-12-02 06:36:27 +00:00
Xiaofei Bai feecbbbb93 Fix some variable names in code comment 
Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com>
 2021-11-26 08:08:36 +00:00
Xiaofei Bai b7972840fd Fix variable names in ssl_tls13_keys.* 
Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com>
 2021-11-26 08:08:36 +00:00
Xiaofei Bai 746f9481ea Fix 1_3/13 usages in macros and function names 
Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com>
 2021-11-26 08:08:36 +00:00
XiaokangQian a4c99f2c2d Remove useless blank line 
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2021-11-11 06:46:35 +00:00
XiaokangQian 3306284776 Change code base on comments 
Remove client certificate verify in tests.
Change the layout of structure to fix abi_api check issues.
Add comments of Finished.
Align with the coding styles.

Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2021-11-11 03:37:45 +00:00
XiaokangQian d0aa3e9307 Inprove code base on review comments 
Change debug messag for server finished.
Change name of generate_application_keys.
Remove the client vertificate tests from ssl-opt.sh.
Add test strings for server finished in ssl-opt.sh.

Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2021-11-10 06:17:40 +00:00
XiaokangQian aaa0e197a8 Change the alignment and names of functions and a macro 
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2021-11-10 03:07:04 +00:00
XiaokangQian c5c39d5800 Change code for styles and comments .etc 
Remove useless code in union.
Rename functions and parameters.
Move definitions into othe files.

Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2021-11-10 01:47:23 +00:00
XiaokangQian b51f8841c4 Change comments for export_keys callback 
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2021-11-10 01:47:23 +00:00
XiaokangQian ac0385c08f Change code based on comments 
Move set_state function into client
Add back export_key callback function in generate
application keys

Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2021-11-10 01:47:23 +00:00
XiaokangQian 61bdbbc18b Add cleanup in functions for secure reason 
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2021-11-10 01:47:23 +00:00
XiaokangQian f26f6ade0c Rebase and solve conflicts 
Remove the double definition and change name

Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2021-11-10 01:47:23 +00:00
XiaokangQian f13c56032f Revert some changes about tls13 and macros 
There is one PR #4988 to change it in the future

Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2021-11-10 01:47:23 +00:00
XiaokangQian 7c91705e21 Remove support for MBEDTLS_SSL_EXPORT_KEYS 
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2021-11-10 01:47:23 +00:00
XiaokangQian a763498490 Change code based on commetns 
Focus on the code style, naming rule,etc.

Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2021-11-10 01:47:23 +00:00
XiaokangQian 4cab0240c7 Change coding style 
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2021-11-10 01:47:23 +00:00
XiaokangQian aa5f5c1f5d TLS1.3: Add server finish processing in client side 
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2021-11-10 01:47:22 +00:00
Jerry Yu ad3a113fc6 Remove MBEDTLS_SSL_EXPORT_KEYS 
It is always on now in `development`

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2021-10-25 10:46:43 +08:00
Jerry Yu b85277e3af Address various issues 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2021-10-25 10:41:29 +08:00
Jerry Yu 435208a949 Improve generate_handshake_keys 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2021-10-25 10:41:29 +08:00
Jerry Yu c068b6671e Rename tls13 prefix to fix coding issues 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2021-10-25 10:41:28 +08:00
Jerry Yu f0ac2352d6 Refactor key_schedule_stage_handshake 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2021-10-25 10:41:28 +08:00
Jerry Yu 5ccfcd4ca1 Add local variable to represent handshake 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2021-10-25 10:41:28 +08:00
Jerry Yu a0650ebb9d tls13: add handshake key schedule 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2021-10-25 10:41:28 +08:00
Jerry Yu 61e35e0047 tls13: add generate handshake keys 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2021-10-25 10:41:28 +08:00
Jerry Yu 6ca7c7fd6b Remove useless variables 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2021-09-28 18:51:40 +08:00
Jerry Yu e06f4532ef remove useless code 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2021-09-27 16:34:58 +08:00
Jerry Yu 4836952f9d fix tls1_3 prefix issues 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2021-09-27 16:34:58 +08:00
Jerry Yu b65eb2f3cf Revert "tls13: add generate handshake keys" 
This reverts commit f02ca4158674b974ae103849c43e0c92efc40e8c.

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2021-09-27 16:34:58 +08:00
Jerry Yu e3131ef7f3 fix various issues 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2021-09-27 16:34:58 +08:00
Jerry Yu 000f976070 Rename get_handshake_transcript 
- Remove tls13 prefix
- Remove TLS1_3 macro wrap

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2021-09-27 16:34:58 +08:00
Jerry Yu 4925ef5da1 tls13: add generate handshake keys 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2021-09-27 16:34:58 +08:00
Jerry Yu 89ea321d96 tls13: add key_schedule_stage_early_data 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2021-09-27 16:34:58 +08:00
Joe Subbiani 2194dc477a Replace MBEDTLS_CHAR_x with MBEDTLS_BYTE_x 
The CHAR macros casted to an unsigned char which in this project
is garunteed to be 8 bits - the same as uint8_t (which BYTE casts
to) therefore, instances of CHAR have been swapped with BYTE and
the number of macros have been cut down

Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>
 2021-08-19 09:56:47 +01:00
Joe Subbiani cd84d76e9b Add Character byte reading macros 
These cast to an unsigned char rather than a uint8_t
like with MBEDTLS_BYTE_x
These save alot of space and will improve maintence by
replacing the appropriate code with MBEDTLS_CHAR_x

Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>
 2021-08-19 09:55:41 +01:00
Hanno Becker dfba065d80 Adjust ssl_tls13_keys.c to consolidated CID/1.3 padding granularity 
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2021-08-02 04:54:03 +01:00
Hanno Becker f62a730e80 Add missing semicolon in TLS 1.3 transform generation code 
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2021-08-02 04:54:03 +01:00
Hanno Becker edd5bf0a95 Fix and document minimum length of record ciphertext in TLS 1.3 
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2021-08-02 04:54:03 +01:00
Hanno Becker 7887a77c25 Match parameter check in TLS 1.3 populate transform to 1.2 version 
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2021-08-02 04:54:03 +01:00
Hanno Becker c94060c641 Add TLS 1.3 specific key to SSL transform conversion function 
This commit adds the TLS 1.3 specific internal function

```
  mbedtls_ssl_tls13_populate_transform()
```

which creates an instance of the SSL transform structure
`mbedtls_ssl_transform` representing a TLS 1.3 record protection
mechanism.

It is analogous to the existing internal helper function

```
   ssl_tls12_populate_transform()
```

which creates transform structures representing record
protection mechanisms in TLS 1.2 and earlier.

Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2021-08-02 04:52:49 +01:00
Hanno Becker cd817b0630 Remove misleading comment in TLS 1.3 key schedule code 
The implementation documentation of

```
   mbedtls_ssl_tls1_3_derive_early_secrets()
```

mentioned the PSK binder key, which is misleading because the
function doesn't actually calculate it.

Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2021-05-31 19:40:45 +01:00