yuzu-mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-mirror/mbedtls.git synced 2026-02-04 14:54:19 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity
26208 commits 89 branches 205 tags 114 MiB
Commit graph

26208 commits

This branch
This branch
All branches
Author SHA1 Message Date
Gilles Peskine bbccdd485c pk no longer needs pk_write for ECDSA with MBEDTLS_USE_PSA_CRYPTO 
The dependency is still useful for RSA, for which PSA encodes keys with an
ASN.1 structure.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-02-08 13:39:10 +01:00
Gilles Peskine 13caa94746 Don't use pk_write in ecdsa_sign_wrap with USE_PSA_CRYPTO 
Under MBEDTLS_USE_PSA_CRYPTO, ecdsa_sign_wrap() was calling
mbedtls_pk_write_key_der() to write a private key in SEC1 format, only to
then extract the part that represents the private value which is what
psa_import_key() actually wants. Instead, call an mpi function to directly
get the private key in the desired format.

This slightly reduces the code size and stack usage, and removes a
dependency on pk_write.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-02-08 13:39:10 +01:00
Gilles Peskine b4a87b07f8 Don't use pk_write in ecdsa_verify_wrap with USE_PSA_CRYPTO 
Under MBEDTLS_USE_PSA_CRYPTO, ecdsa_verify_wrap() was calling
mbedtls_pk_write_pubkey() to write a public key in the form of a
subjectPublicKey, only to then extract the part that represents the EC
point which psa_import_key() actually wants. Instead, call an ecp
function to directly get the public key in the desired format (just the
point).

This slightly reduces the code size and stack usage, and removes a
dependency on pk_write.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-02-08 13:39:10 +01:00
Manuel Pégourié-Gonnard 9cb1aa21c4
Merge pull request #6970 from valeriosetti/issue6857 
driver-only ECDSA: get testing parity in PK
 2023-02-08 13:33:15 +01:00
Pol Henarejos b3b220cbf8
Correct style. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2023-02-08 12:52:18 +01:00
Pol Henarejos aa426e023c
SHA3 cannot be tested alone, as ENTROPY_C needs also SHA256 enabled. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2023-02-08 12:52:10 +01:00
Gilles Peskine 199ee456b1 Summarize how to improve MBEDTLS_PSA_CRYPTO_CLIENT 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-02-08 12:35:19 +01:00
Gilles Peskine 58e935fc6b add a missing 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-02-08 12:07:12 +01:00
Xiaokang Qian 0de0d863b6 Rebase code to restore reco-delay and fix some style issues 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2023-02-08 07:41:42 +00:00
Yanray Wang 303829709d compat.sh: simplify code of iterating on VERIFY for PSK tests 
Since PSK cipher suites do not allow client certificate verification,
PSK test cases should be executed under VERIFY=NO. SUB_VERIFIES is
used to constrain verification option for PSK tests.

With aforementioned change, the latter check of
$VERIFY=YES && $TYPE!=PSK is redundant so it's removed.

Signed-off-by: Yanray Wang <yanray.wang@arm.com>
 2023-02-08 14:58:35 +08:00
Xiaokang Qian 8dc4ce76c7 Fix various coding style and comment issues 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2023-02-08 05:47:48 +00:00
Xiaokang Qian 6b980011e5 Replace session_negotiate->ciphersuite with handshake->ciphersuite_info->id 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2023-02-08 05:47:48 +00:00
Xiaokang Qian 53c4c27d35 Update the comment of ciphersuite check for early data 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2023-02-08 05:47:48 +00:00
Xiaokang Qian 64bc9bc33d Add comments to describe the early data behavior-encrypt/rejected... 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2023-02-08 05:47:48 +00:00
Xiaokang Qian e04afdc44f Refine the condition of whether re-generate early keys 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2023-02-08 05:47:48 +00:00
Xiaokang Qian eb31cbc791 Share the hash check code between ticket and external psk 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2023-02-08 05:47:48 +00:00
Xiaokang Qian 4ef8ba2938 Assign the ciphersuite in finalize_hrr{server_hello} 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2023-02-08 05:47:48 +00:00
Xiaokang Qian bb883244aa Remove useless comments of outbound switch 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2023-02-08 05:47:48 +00:00
Xiaokang Qian 02f5e14073 Combine the alert check of selected_id and ciphercuite 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2023-02-08 05:47:48 +00:00
Xiaokang Qian 934ce6f6a9 Rename the finalize_client{server}_hello() 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2023-02-08 05:47:48 +00:00
Xiaokang Qian ac4c625dea Add hash check of ciphersuite for ticket psk 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2023-02-08 05:47:48 +00:00
Xiaokang Qian 6be8290aba Change to CCS after client hello only if we offer early data 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2023-02-08 05:47:48 +00:00
Xiaokang Qian 7179f810f1 Restore the empty lines 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2023-02-08 05:47:48 +00:00
Xiaokang Qian b58462157e Refine the ciphersuite and select id check for early data 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2023-02-08 05:47:48 +00:00
Xiaokang Qian 44051f6376 Refine the state change after write client hello 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2023-02-08 05:47:48 +00:00
Xiaokang Qian 7892b6caad Refine the comment about generating early secrects in post server hello 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2023-02-08 05:47:48 +00:00
Xiaokang Qian bd0ab06d50 Skip CCS once we proposed early data even it is rejected 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2023-02-08 05:47:48 +00:00
Xiaokang Qian f6d8fd3d6b Improve the coding style of new lines 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2023-02-08 05:47:48 +00:00
Xiaokang Qian 79f77528f5 Move state change to finalize client hello 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2023-02-08 05:47:47 +00:00
Xiaokang Qian 3f616c2493 Move selected_identity zero check to post_server_hello 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2023-02-08 05:47:47 +00:00
Xiaokang Qian 1d8e86ce00 Get hash_alg by mbedtls_psa_translate_md 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2023-02-08 05:47:47 +00:00
Xiaokang Qian ea28a78384 Revert new field and check ciphersuite match when resume by exist info_id 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2023-02-08 05:47:47 +00:00
Xiaokang Qian 4224244883 Improve coding styles and add comments 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2023-02-08 05:47:47 +00:00
Xiaokang Qian 33ff868dca Fix various errors 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2023-02-08 05:47:47 +00:00
Xiaokang Qian 43a83f247c Move the place where call set_outbound_transform to switch handshake key 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2023-02-08 05:47:47 +00:00
Xiaokang Qian 907461319a Fix compile error and warnings 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2023-02-08 05:47:47 +00:00
Xiaokang Qian f10f474981 Check server selected cipher suite indicating a Hash associated with the PSK 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2023-02-08 05:47:47 +00:00
Xiaokang Qian 592021aceb Add CCS after client hello in case of early data and comp mode 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2023-02-08 05:47:47 +00:00
Xiaokang Qian 303f82c5b9 Skip generating early secrets in some cases 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2023-02-08 05:47:47 +00:00
Xiaokang Qian b46275c7ec Add TLS1_3 guard to finalize_write_client_hello() to fix compile issue 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2023-02-08 05:47:43 +00:00
Xiaokang Qian 2a674937dd Pend a illeagal allert when selected_identity isn't 0 
Handshake should abort will illeagal parameter allert when
receiving early data extentions but the selected_identity
parsed from pre-share key isn't equal to 0.

Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2023-02-08 05:46:48 +00:00
Xiaokang Qian 5b410075cf Remove useless comments about handshake messages for TLS13 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2023-02-08 05:46:48 +00:00
Xiaokang Qian 126929f825 Move early keys generation into mbedtls_ssl_tls13_finalize_write_client_hello 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2023-02-08 05:46:45 +00:00
Xiaokang Qian 19d4416a45 Refine code to remove finalize_write_end_of_early_data() 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2023-02-08 05:44:00 +00:00
Xiaokang Qian 7094f66879 Remove useless duplicted mbedtls_ssl_tls13_ticket_get_psk 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2023-02-08 05:44:00 +00:00
Xiaokang Qian 854db28bb7 Set hs_psk,ciphercuit_info and kex mode when writing pre-share key 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2023-02-08 05:44:00 +00:00
Xiaokang Qian 57a138d5c3 Update message log for end of early data test cases 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2023-02-08 05:44:00 +00:00
Xiaokang Qian 742578ca2c Remove end_of_early_data_coordinate() to align with exist style 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2023-02-08 05:44:00 +00:00
Xiaokang Qian bc75bc0c3a Switch to MBEDTLS_SSL_END_OF_EARLY_DATA as needed 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2023-02-08 05:44:00 +00:00
Xiaokang Qian c81a15a019 Change the comment format of end_of_early_data 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2023-02-08 05:44:00 +00:00