10015 Commits

Author	SHA1	Message	Date
Dave Rodgman	c36a56e890	Use mbedtls_xor in TLS messaging layer ... Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2022-11-22 17:32:44 +00:00
Dave Rodgman	74b345f282	Use mbedtls_xor in PKCS #5 ... Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2022-11-22 17:32:44 +00:00
Dave Rodgman	99a507ee55	Use mbedtls_xor in md ... Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2022-11-22 17:32:44 +00:00
Dave Rodgman	d22fb73e3e	Use mbedtls_xor in GCM ... Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2022-11-22 17:32:44 +00:00
Dave Rodgman	2e9db8e9bf	Use mbedtls_xor in DES ... Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2022-11-22 17:32:44 +00:00
Dave Rodgman	ffb5499988	Use mbedtls_xor in CTR_DRBG ... Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2022-11-22 17:32:44 +00:00
Dave Rodgman	8c0ff81ce7	Use mbedtls_xor in CMAC ... Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2022-11-22 17:32:44 +00:00
Dave Rodgman	c1d9022bab	Use mbedtls_xor in ChaCha20 ... Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2022-11-22 17:32:43 +00:00
Dave Rodgman	0d3b55bca8	Use mbedtls_xor in ccm ... Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2022-11-22 17:32:43 +00:00
Dave Rodgman	d23399eb69	Use mbedtls_xor in Camellia ... Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2022-11-22 17:32:43 +00:00
Dave Rodgman	7bb6b84b29	Use mbedtls_xor in ARIA ... Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2022-11-22 17:32:43 +00:00
Dave Rodgman	a8cf607458	Use mbedtls_xor in AES ... Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2022-11-22 17:32:43 +00:00
Valerio Setti	99d88c1ab4	tls: psa_pake: fix missing casting in mbedtls_psa_ecjpake_write_round ... Signed-off-by: Valerio Setti <vsetti@baylibre.com>	2022-11-22 16:03:43 +01:00
Dave Rodgman	c3d8041fe7	Introduce mbedtls_xor ... Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2022-11-22 15:01:39 +00:00
Tom Cosgrove	452c99c173	Use mbedtls_mpi_core_sub_int() in mbedtls_mpi_sub_abs() ... Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>	2022-11-22 14:58:15 +00:00
Tom Cosgrove	f7ff4c9a11	Tidy up, remove MPI_CORE(), and apply the naming convention ... Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>	2022-11-22 14:58:15 +00:00
Hanno Becker	d9b2348d8f	Extract MPI_CORE(sub_int) from the prototype ... Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>	2022-11-22 14:58:15 +00:00
Bence Szépkúti	a17d038ee1	Merge branch 'development' into pr3431	2022-11-22 15:54:52 +01:00
Gilles Peskine	4f19d86e3f	Merge pull request #6608 from mprse/ecjpake_password_fix ... Make a copy of the password key in operation object while setting j-pake password	2022-11-22 14:52:12 +01:00
Aditya Deshpande	2f7fd76d91	Replace PSA_KEY_AGREEMENT_MAX_SHARED_SECRET_SIZE with PSA_RAW_KEY_AGREEMENT_OUTPUT_MAX_SIZE in psa_key_agreement_internal(). ... Signed-off-by: Aditya Deshpande <aditya.deshpande@arm.com>	2022-11-22 11:10:34 +00:00
Valerio Setti	d4a9b1ab8d	tls: psa_pake: remove useless defines and fix a comment ... Signed-off-by: Valerio Setti <vsetti@baylibre.com>	2022-11-22 11:11:10 +01:00
Xiaokang Qian	8bee89994d	Add parse function for early data in encrypted extentions ... Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>	2022-11-22 09:40:07 +00:00
Przemek Stekiel	0bdec19c93	Further optimizations of pake set_password implementation ... Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-11-22 09:10:35 +01:00
Jerry Yu	fdd24b8c49	Revert change in flight transmit ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-11-22 14:08:03 +08:00
Gilles Peskine	339406daf9	Merge pull request #6609 from gilles-peskine-arm/mpi_sint-min-ub ... Fix undefined behavior in bignum: NULL+0 and -most-negative-sint	2022-11-21 19:51:58 +01:00
Przemek Stekiel	ad0f357178	Optimize pake code that sets/use password key ... Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-11-21 15:04:37 +01:00
Przemek Stekiel	e2d6b5f45b	psa_key_slot_get_slot_number: Move documentation to header file ... Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-11-21 15:03:52 +01:00
Valerio Setti	5151bdf46e	tls: psa_pake: add missing braces ... Signed-off-by: Valerio Setti <vsetti@baylibre.com>	2022-11-21 14:30:02 +01:00
Valerio Setti	79f6b6bb1b	tls: psa_pake: fixing mbedtls_psa_ecjpake_write_round() ... It might happen that the psa_pake_output() function returns elements which are not exactly 32 or 65 bytes as expected, but 1 bytes less. As a consequence, insted of hardcoding the expected value for the length in the output buffer, we write the correct one as obtained from psa_pake_output() Signed-off-by: Valerio Setti <vsetti@baylibre.com>	2022-11-21 14:17:03 +01:00
Dave Rodgman	9e1836cc16	Merge pull request #6593 from Mbed-TLS/fix_tls12_sent_sigalgs ... Fix TLS1.2 signature algorithms list entry getting overwritten by length.	2022-11-21 10:09:57 +00:00
Jerry Yu	9b421456b0	Revert change in dtls1.2 ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-11-19 20:12:35 +08:00
Jerry Yu	668070d5f4	Remove unnecessary replace ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-11-19 20:12:35 +08:00
Jerry Yu	a8d3c5048f	Rename new session ticket name for TLS 1.3 ... NewSessionTicket is different with TLS 1.2. It should not share same state. Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-11-19 20:12:35 +08:00
Jerry Yu	cfda4bbeac	Replace handshake over in flight transmit ... Fix deadloop in DTLS resumption test. Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-11-19 20:12:35 +08:00
Jerry Yu	1fb3299ad7	Replace internal usage of is_handshake_over. ... NEW_SESSION_TICKETS* are processed in handshake_step. Change the stop condition from `mbedtls_ssl_is_handshake_over` to directly check. Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-11-19 20:12:34 +08:00
Jerry Yu	5ed73ff6de	Add NEW_SESSION_TICKET* into handshake over states ... All state list after HANDSHAKE_OVER as is_handshakeover Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-11-19 20:12:34 +08:00
Jerry Yu	6848a61922	Revert "Replace internal usage of mbedtls_ssl_is_handshake_over" ... This reverts commit 1d3ed2975e7ef0d84050a3aece02eec1f890dec3. Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-11-19 20:12:34 +08:00
Jerry Yu	e219c11b4e	Replace internal usage of mbedtls_ssl_is_handshake_over ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-11-19 20:12:34 +08:00
Valerio Setti	61ea17d30a	tls: psa_pake: fix return values in parse functions ... Ensure they all belong to the MBEDTLS_ERR_SSL_* group Signed-off-by: Valerio Setti <vsetti@baylibre.com>	2022-11-18 12:11:00 +01:00
Valerio Setti	aca21b717c	tls: psa_pake: enforce not empty passwords ... Signed-off-by: Valerio Setti <vsetti@baylibre.com>	2022-11-17 18:20:50 +01:00
Valerio Setti	819de86895	tls: removed extra white spaces and other minor fix ... Signed-off-by: Valerio Setti <vsetti@baylibre.com>	2022-11-17 18:05:19 +01:00
Valerio Setti	6b3dab03b5	tls: psa_pake: use a single function for round one and two in key exchange read/write ... Signed-off-by: Valerio Setti <vsetti@baylibre.com>	2022-11-17 17:14:54 +01:00
Valerio Setti	9bed8ec5d8	tls: psa_pake: make round two reading function symmatric to the writing one ... Signed-off-by: Valerio Setti <vsetti@baylibre.com>	2022-11-17 16:36:19 +01:00
Valerio Setti	30ebe11f86	tls: psa_pake: add a check on read size on both rounds ... Signed-off-by: Valerio Setti <vsetti@baylibre.com>	2022-11-17 16:35:02 +01:00
Valerio Setti	a988364767	tls: psa_pake: fix missing new round one parsing function on tls12 server ... Signed-off-by: Valerio Setti <vsetti@baylibre.com>	2022-11-17 16:35:02 +01:00
Valerio Setti	a08b1a40a0	tls: psa_pake: move move key exchange read/write functions to ssl_tls.c ... Inlined functions might cause the compiled code to have different sizes depending on the usage and this not acceptable in some cases. Therefore read/write functions used in the initial key exchange are moved to a standard C file. Signed-off-by: Valerio Setti <vsetti@baylibre.com>	2022-11-17 16:34:59 +01:00
Andrzej Kurek	ec71b0937f	Introduce a test for single signature algorithm correctness ... The value of the first sent signature algorithm is overwritten. This test forces only a single algorithm to be sent and then validates that the client received such algorithm. 04 03 is the expected value for SECP256R1_SHA256. Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-11-17 14:58:14 +00:00
Paul Elliott	96a0fd951f	Fix signature algorithms list entry getting overwritten by length. ... Fix bug whereby the supported signature algorithm list sent by the server in the certificate request would not leave enough space for the length to be written, and thus the first element would get overwritten, leaving two random bytes in the last entry. Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2022-11-17 14:58:14 +00:00
Przemek Stekiel	369ae0afc3	Zeroize pake password buffer before free ... Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-11-17 14:14:31 +01:00
Przemek Stekiel	152ae07682	Change password ec j-pake operation fields to more suitable ... Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-11-17 13:24:36 +01:00