Neil Armstrong
91477a7964
Switch handshake->ecdh_bits to size_t and remove now useless cast & limit checks
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-03-31 15:24:18 +02:00
Neil Armstrong
98f6f78a70
Update mbedtls_pk_wrap_as_opaque() documentation for ECDH derivation usage
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-03-31 15:24:18 +02:00
Neil Armstrong
b7b549aa71
Force server-side TLS1.2 for ECDH- Opaque PK key test
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-03-31 15:24:18 +02:00
Neil Armstrong
1335222f13
Return translated PSA error in PSA version of ssl_get_ecdh_params_from_cert()
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-03-31 15:24:18 +02:00
Neil Armstrong
f788253ed3
Fix comment typo in PSA version of ssl_get_ecdh_params_from_cert()
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-03-31 15:24:17 +02:00
Neil Armstrong
023bf8d7c2
Add ECDH- Opaque PK key test
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-03-31 15:24:17 +02:00
Neil Armstrong
80325d00cf
Allow ECDSA PK Opaque keys for ECDH Derivation
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-03-31 15:24:17 +02:00
Neil Armstrong
104a7c1d29
Handle Opaque PK EC keys in ssl_get_ecdh_params_from_cert()
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-03-31 15:24:17 +02:00
Neil Armstrong
8113d25d1e
Add ecdh_psa_shared_key flag to protect PSA privkey if imported
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-03-31 15:24:17 +02:00
Neil Armstrong
5cd5f76d67
Use mbedtls_platform_zeroize() in ssl_get_ecdh_params_from_cert()
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-03-31 15:23:12 +02:00
Neil Armstrong
4f33fbc7e9
Use PSA define for max EC key pair size in ssl_get_ecdh_params_from_cert()
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-03-31 15:23:12 +02:00
Neil Armstrong
306d6074b3
Fix indentation issue in PSA version of ssl_get_ecdh_params_from_cert()
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-03-31 15:23:12 +02:00
Neil Armstrong
062de7dd79
Use PSA_BITS_TO_BYTES instead of open-coded calculation in PSA version of ssl_get_ecdh_params_from_cert()
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-03-31 15:23:12 +02:00
Neil Armstrong
1f4b39621b
Implement PSA server-side ECDH-RSA/ECDSA
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-03-31 15:23:12 +02:00
Ronald Cron
6476726ce4
Fix comments
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-31 14:13:57 +02:00
Ronald Cron
a980adf4ce
Merge pull request #5637 from ronald-cron-arm/version-negotiation-1
...
TLS 1.2/1.3 version negotiation - 1
2022-03-31 11:47:16 +02:00
Ronald Cron
ba120bb228
ssl_tls13_client.c: Fix ciphersuite final validation
...
As we may offer ciphersuites not compatible with
TLS 1.3 in the ClientHello check that the selected
one is compatible with TLS 1.3.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-31 09:35:33 +02:00
Ronald Cron
8fdad9e534
ssl_tls12_client.c: Remove duplicate of ciphersuite validation
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-31 09:35:33 +02:00
Ronald Cron
757a2abfe2
ssl_client.c: Extend and export ciphersuite validation function
...
Extend and export ciphersuite validation function
to be able to use it in TLS 1.2/3 specific code.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-31 09:35:33 +02:00
Ronald Cron
f735cf1f0f
ssl_tls.c: Fix ciphersuite selection regarding protocol version
...
Use the actual minimum and maximum of the minor
version to be negotiated to filter ciphersuites
to propose rather than the ones from the
configuration.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-31 09:35:33 +02:00
Ronald Cron
9847338429
ssl_tls13_client.c: Add check in supported_versions parsing
...
Add check in ServerHello supported_versions parsing
that the length of the extension data is exactly
two.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-31 09:33:41 +02:00
Ronald Cron
1fa4f6863b
ssl_tls.c: Return in error if default config fails
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-31 09:27:35 +02:00
Ronald Cron
a77fc2756e
ssl_tls13_client.c: versions ext writing : Fix available space check
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-31 09:27:35 +02:00
Ronald Cron
37bdaab64f
tls: Simplify the logic of the config version check and test it
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-31 09:26:58 +02:00
Ronald Cron
3cffc5ccb1
tls: Remove unnecessary checks of MBEDTLS_CIPHERSUITE_NODTLS
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-30 21:59:44 +02:00
Ronald Cron
150d579d7a
ssl_client.c: Improve coding style
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-30 21:58:50 +02:00
Neil Armstrong
e451295179
Remove md_info in ssl_tls12_populate_transform() when USE_PSA_CRYPTO is defined
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-03-30 16:41:12 +02:00
Neil Armstrong
253e9e7e6d
Use mbedtls_rsa_info directly in rsa_verify_wrap()
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-03-30 16:39:07 +02:00
Neil Armstrong
ea54dbe7c2
Fix comment typo in rsa_verify_wrap()
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-03-30 16:39:07 +02:00
Neil Armstrong
19e6bc4c9f
Use new PSA to mbedtls PK error mapping functions in rsa_verify_wrap()
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-03-30 16:39:07 +02:00
Neil Armstrong
8a44bb47ac
Handle INVALID_SIGNATURE instead of INVALID_PADDING in rsa_verify_wrap()
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-03-30 16:39:07 +02:00
Neil Armstrong
82cf804e34
Fix 80 characters indentation in rsa_verify_wrap()
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-03-30 16:39:07 +02:00
Neil Armstrong
6baea78072
Use now shared RSA_PUB_DER_MAX_BYTES define in pk_wrap.c
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-03-30 16:39:07 +02:00
Neil Armstrong
a33280af6c
Check psa_destroy_key() return in rsa_verify_wrap()
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-03-30 16:39:07 +02:00
Neil Armstrong
059a80c212
Map INVALID_PADDING from PSA to MbedTLS error in rsa_verify_wrap()
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-03-30 16:39:07 +02:00
Neil Armstrong
52f41f8228
PK: RSA verification PSA wrap implementation
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-03-30 16:39:07 +02:00
Neil Armstrong
56d51274d8
Initialize PSA crypto in test_suite_pk for RSA verify tests
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-03-30 16:39:07 +02:00
Ronald Cron
da41b38c42
Improve and fix comments
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-30 14:10:03 +02:00
Manuel Pégourié-Gonnard
3304f253d7
Merge pull request #5653 from paul-elliott-arm/handshake_over
...
Add mbedtls_ssl_is_handshake_over()
2022-03-30 12:16:40 +02:00
Gabor Mezei
e42d8bf83b
Add macro guard for header file
...
Some of the macros are used by the test data files and must be moved
before the macros guard.
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-03-30 11:33:06 +02:00
Manuel Pégourié-Gonnard
abed05f335
Merge pull request #5652 from arturallmann/issue-commit
...
Fix comment typo in threading.c
2022-03-30 10:01:24 +02:00
Ronald Cron
8ecd9937a9
ssl_client.c: Fix state change for DTLS 1.2
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-29 18:58:31 +02:00
Ronald Cron
3cec8e8864
tests: Init PSA crypto if TLS 1.3 is enabled
...
Initialize PSA crypto in tests if TLS 1.3 is
enabled as done when MBEDTLS_USE_PSA_CRYPTO
is enabled.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-29 18:58:31 +02:00
Ronald Cron
a1b8f6e914
ssl-opt.sh: Do not force TLS 1.3 on client
...
For TLS 1.3 tests, do not force TLS 1.3
version on client to play the negotiation
game whenever possible.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-29 18:58:31 +02:00
Ronald Cron
f3b425bbde
ssl-opt.sh: Force TLS 1.2 on server
...
To maximize the number of tests where MbedTLS
client proposes both TLS 1.2 and TLS 1.3 to
the server, force the TLS 1.2 version on the
server side rather than on the client side
in TLS 1.2 specific tests.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-29 18:58:31 +02:00
Ronald Cron
f660655b84
TLS: Allow hybrid TLS 1.2/1.3 in default configurations
...
This implies that when both TLS 1.2 and TLS 1.3
are included in the build all the TLS 1.2 tests
using the default configuration now go through
a version negotiation on the client side.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-29 18:58:31 +02:00
Ronald Cron
e71639d39b
Simplify TLS major version default value setting
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-29 18:58:31 +02:00
Ronald Cron
dbe87f08ec
Propose TLS 1.3 and TLS 1.2
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-29 18:58:31 +02:00
Ronald Cron
9f0fba374c
Add logic to switch to TLS 1.2
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-29 18:58:31 +02:00
Ronald Cron
e1d3f06399
Allow hybrid TLS 1.3 + TLS 1.2 configuration
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-29 18:58:31 +02:00