mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-02-06 12:40:02 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
30,953 Commits 170 Branches 263 Tags
Commit Graph

208 Commits

Author SHA1 Message Date
Ronald Cron
9a6a49c7cb tls13: keys: Fail if the group type is not ECDHE or DHE 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-10-21 14:34:20 +02:00
Ronald Cron
b15d4d8966 tls13: keys: Fix error code 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-10-21 14:34:20 +02:00
Ronald Cron
3b056202d3 tls13: keys: Do not use handshake->premaster 
`handshake->premaster` was used to store the
(EC)DHE shared secret but in TLS 1.3 there is
no need to store it in a context.

Futhermore, `handshake->premaster` and more
specifically its sizing is TLS 1.2 specific
thus better to not use it in TLS 1.3.

Allocate a buffer to store the shared secret
instead. Allocation instead of a stack buffer
as the maintenance of the size of such buffer
is harder (new elliptic curve for ECDHE,
support for FFDHE ... ).

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-10-21 14:34:20 +02:00
Ronald Cron
4c7edb2b9b tls13: keys: Fix indentation 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-10-21 14:34:20 +02:00
Ronald Cron
831fee68c3 tls13: keys: Avoid input buffer copy 
In mbedtls_ssl_tls13_evolve_secret() avoid
to copy the input buffer into a local buffer
as the copy is avoidable.

This also fixes a potential overflow as the
size of the local buffer was not checked when
copying into it.

With the current calls to mbedtls_ssl_tls13_evolve_secret()
no buffer overflow was expected to happen though.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-10-21 14:34:20 +02:00
Andrzej Kurek
c610e7402e Formatting & unnecessary (void) fixes 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-10-19 08:35:09 -04:00
Andrzej Kurek
ecb630925f Fix constant name in ssl_tls13_keys 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-10-19 08:35:09 -04:00
Andrzej Kurek
e5a5cc1944 Remove the dependency of tls1_3 key evolution tests on curve25519 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-10-19 08:35:09 -04:00
Jerry Yu
6ee726e1ab Replace md translation function 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-09-16 16:32:27 +08:00
Jerry Yu
a5df584d87 fix build fail for test_psa_crypto_config_accel_hash_use_psa 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-09-16 11:28:54 +08:00
Jerry Yu
46bffe0e82 Refine rsumption master secret compute function 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-09-13 15:09:49 +08:00
Jerry Yu
466dda8553 Rename resumption master secret compute function 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-09-13 14:28:15 +08:00
Jerry Yu
49d63f8c36 Implement generate resumption master secret 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-08-31 23:24:25 +08:00
Jerry Yu
c5a23a0f12 fix various issues 
- code style
- variable initialize
- update comments


Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-08-25 11:09:35 +08:00
Jerry Yu
29d9faa468 fix various issues. 
- comments issues
- code format style issues
- naming improvement.
- error return improvements

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-08-23 17:53:43 +08:00
Jerry Yu
01e42d2d4c fix issues in export handshake psk 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-08-21 13:00:07 +08:00
Jerry Yu
5d01c05d93 fix various issues 
- wrong typo in comments
- replace psk null check with key_exchange_mode check
- set psk NULL when error return in export hs psk

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-08-21 12:55:01 +08:00
Jerry Yu
6cf6b47b5c fix format and comment issues 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-08-21 12:54:53 +08:00
Ronald Cron
295d93ebe8 Add psk handshake with gnutls 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-08-11 21:25:35 +08:00
Jerry Yu
40f3771e18 Add handshake psk export function. 
Rename `ssl_tls13_get_psk` and export the
function.

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-08-11 21:25:35 +08:00
Manuel Pégourié-Gonnard
f6b8c3297a
Merge pull request #6065 from mpg/explore2 
Driver-only hashes: RSA 1.5 and PK + strategy doc
 2022-07-28 10:43:38 +02:00
Ronald Cron
799077177b TLS 1.3: Use selected key exchange mode field 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-07-20 17:49:58 +02:00
Ronald Cron
2d8b7ac898 TLS 1.3: Fix selected key exchange mode check 
ECDHE operations have to be done in
ephemeral and PSK-ephemeral key exchange
mode, not just ephemeral key exhange mode.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-07-20 17:46:58 +02:00
Manuel Pégourié-Gonnard
abac037a7b Migrate from old inline to new actual function. 
This is mostly:

    sed -i 's/mbedtls_psa_translate_md/mbedtls_hash_info_psa_from_md/' \
    library/*.c tests/suites/*.function

This should be good for code size as the old inline function was used
from 10 translation units inside the library, so we have 10 copies at
least.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-07-18 21:28:38 +02:00
Ronald Cron
ce7d76e2ee Merge remote-tracking branch 'mbedtls-restricted/development-restricted' into mbedtls-3.2.0rc0-pr 2022-07-11 10:22:37 +02:00
Przemek Stekiel
1b0ebdf363 Zeroize hkdf_label buffer 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-06-23 09:22:49 +02:00
Przemek Stekiel
38ab400dc4 Adapt code to be consistent with the existing code 
- init status to error
- use simple assignment to status
- fix code style (spaces)

Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-06-23 09:05:40 +02:00
Przemek Stekiel
d5ae365b97 Use PSA HKDF-Extrat/Expand algs instead mbedtls_psa_hkdf_extract(), mbedtls_psa_hkdf_xpand() 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-06-21 07:22:33 +02:00
Przemek Stekiel
88e7101d03 Remove mbedtls_psa_hkdf_extract(), mbedtls_psa_hkdf_expand() 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-06-21 07:22:33 +02:00
Manuel Pégourié-Gonnard
a3115dc0e6 Mark static int SSL functions CHECK_RETURN_CRITICAL 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-06-20 21:12:52 +02:00
Paul Elliott
8fba70f66c
Merge pull request #5749 from yuhaoth/pr/add-tls13-finished-message-and-wrapup 
TLS 1.3: Add Finished Message and wrapup
 2022-05-25 12:02:06 +01:00
Jerry Yu
fd5ea0458f add compute application transform 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-05-19 14:29:48 +08:00
Jerry Yu
545432310d remove zeorize from keys 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-05-19 11:23:25 +08:00
Neil Armstrong
0fa8ce3498 TLS 1.3 only have AEAD ciphers, drop the PSA_ALG_IS_AEAD() check in mbedtls_ssl_tls13_get_cipher_key_info() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-05-18 13:19:29 +02:00
Neil Armstrong
b818e16b29 Move out common PSA code from mbedtls_ssl_tls13_generate_handshake_keys/mbedtls_ssl_tls13_generate_application_keys 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-05-18 13:19:29 +02:00
Neil Armstrong
e3b0b8ab67 Remove non-PSA code in mbedtls_ssl_tls13_generate_handshake_keys/mbedtls_ssl_tls13_generate_application_keys 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-05-18 13:19:29 +02:00
Neil Armstrong
93617245c3 Code style fixes 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-05-18 13:19:29 +02:00
Neil Armstrong
4f4f271850 In mbedtls_ssl_tls13_generate_handshake_keys() and mbedtls_ssl_tls13_generate_application_keys(), avoid calling mbedtls_cipher_info_from_type() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-05-18 13:19:29 +02:00
Neil Armstrong
a8093f5c48 In mbedtls_ssl_tls13_populate_transform() make sure mbedtls_cipher_info_from_type() is only called when USE_PSA is disabled 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-05-18 13:19:29 +02:00
Jerry Yu
ff2269889d Add client finished 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-05-18 09:58:48 +08:00
Shaun Case
8b0ecbccf4 Redo of PR#5345. Fixed spelling and typographical errors found by CodeSpell. 
Signed-off-by: Shaun Case <warmsocks@gmail.com>
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2022-05-11 21:25:51 +01:00
Jerry Yu
ef2b98a246 fix coding style issues 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-05-06 16:40:05 +08:00
Jerry Yu
f86eb75c58 fix various issues 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-05-06 11:16:55 +08:00
Jerry Yu
e110d258d9 Add set outbound transform 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-05-05 19:59:59 +08:00
Glenn Strauss
07c641605e Rename mbedtls_ssl_transform minor_ver to tls_version 
Store the TLS version in tls_version instead of minor version number.

Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
 2022-04-14 15:23:54 -04:00
Gabor Mezei
29e7ca89d5
Fix typo 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2022-03-29 17:08:49 +02:00
Gabor Mezei
c09437526c
Remove commented out code 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2022-03-29 17:08:15 +02:00
Gabor Mezei
ed6d6589b3
Use hash algoritm for parameter instead of HMAC 
To be compatible with the other functions `mbedtls_psa_hkdf_extract` and
`mbedtls_psa_hkdf_expand` use hash algorithm for parameter.

Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2022-03-26 17:28:06 +01:00
Gabor Mezei
07732f7015
Translate from mbedtls_md_type_t to psa_algorithm_t 
Do the translation as early as possible from mbedtls_md_type_t to psa_algorithm_t.

Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2022-03-26 17:04:19 +01:00
Gabor Mezei
5d9a1fe9e9
PSA code depends on MBEDTLS_SSL_PROTO_TLS1_3 
With TLS 1.3 support MBEDTLS_PSA_CRYPTO_C is enabled so PSA support
is always enabled.

Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2022-03-26 15:47:15 +01:00