Ronald Cron 
							
						 
					 
					
						
						
						
						
							
						
						
							a2900bcd1e 
							
						 
					 
					
						
						
							
							tls13: keys: Simplify code guard  
						
						... 
						
						
						
						Signed-off-by: Ronald Cron <ronald.cron@arm.com> 
						
						
					 
					
						2022-10-22 14:42:04 +02:00 
						 
				 
			
				
					
						
							
							
								Ronald Cron 
							
						 
					 
					
						
						
						
						
							
						
						
							82be0d4b4d 
							
						 
					 
					
						
						
							
							tls13: Do not use MBEDTLS_KEY_EXCHANGE_SOME_ECDHE_ENABLED  
						
						... 
						
						
						
						Signed-off-by: Ronald Cron <ronald.cron@arm.com> 
						
						
					 
					
						2022-10-22 14:42:04 +02:00 
						 
				 
			
				
					
						
							
							
								Ronald Cron 
							
						 
					 
					
						
						
						
						
							
						
						
							41a443a68d 
							
						 
					 
					
						
						
							
							tls13: Use MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK.*ENABLED  
						
						... 
						
						
						
						Use MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED
instead of MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED to guard
code specific to one of the TLS 1.3 key exchange mode with
PSK.
Signed-off-by: Ronald Cron <ronald.cron@arm.com> 
						
						
					 
					
						2022-10-22 14:42:04 +02:00 
						 
				 
			
				
					
						
							
							
								Ronald Cron 
							
						 
					 
					
						
						
						
						
							
						
						
							fa1e04a7c4 
							
						 
					 
					
						
						
							
							tls13: keys: Fix PSK build only case  
						
						... 
						
						
						
						When deriving the handshake stage master
secret, in the case of a PSK only build,
the only possible key exchange mode is PSK
and there is no ephemeral key exchange
shared secret in that case. Thus do not
error out in that case in the first
phae of the derivation dedicated to the
shared secret.
Signed-off-by: Ronald Cron <ronald.cron@arm.com> 
						
						
					 
					
						2022-10-21 14:34:20 +02:00 
						 
				 
			
				
					
						
							
							
								Ronald Cron 
							
						 
					 
					
						
						
						
						
							
						
						
							9a6a49c7cb 
							
						 
					 
					
						
						
							
							tls13: keys: Fail if the group type is not ECDHE or DHE  
						
						... 
						
						
						
						Signed-off-by: Ronald Cron <ronald.cron@arm.com> 
						
						
					 
					
						2022-10-21 14:34:20 +02:00 
						 
				 
			
				
					
						
							
							
								Ronald Cron 
							
						 
					 
					
						
						
						
						
							
						
						
							b15d4d8966 
							
						 
					 
					
						
						
							
							tls13: keys: Fix error code  
						
						... 
						
						
						
						Signed-off-by: Ronald Cron <ronald.cron@arm.com> 
						
						
					 
					
						2022-10-21 14:34:20 +02:00 
						 
				 
			
				
					
						
							
							
								Ronald Cron 
							
						 
					 
					
						
						
						
						
							
						
						
							3b056202d3 
							
						 
					 
					
						
						
							
							tls13: keys: Do not use handshake->premaster  
						
						... 
						
						
						
						`handshake->premaster` was used to store the
(EC)DHE shared secret but in TLS 1.3 there is
no need to store it in a context.
Futhermore, `handshake->premaster` and more
specifically its sizing is TLS 1.2 specific
thus better to not use it in TLS 1.3.
Allocate a buffer to store the shared secret
instead. Allocation instead of a stack buffer
as the maintenance of the size of such buffer
is harder (new elliptic curve for ECDHE,
support for FFDHE ... ).
Signed-off-by: Ronald Cron <ronald.cron@arm.com> 
						
						
					 
					
						2022-10-21 14:34:20 +02:00 
						 
				 
			
				
					
						
							
							
								Ronald Cron 
							
						 
					 
					
						
						
						
						
							
						
						
							4c7edb2b9b 
							
						 
					 
					
						
						
							
							tls13: keys: Fix indentation  
						
						... 
						
						
						
						Signed-off-by: Ronald Cron <ronald.cron@arm.com> 
						
						
					 
					
						2022-10-21 14:34:20 +02:00 
						 
				 
			
				
					
						
							
							
								Ronald Cron 
							
						 
					 
					
						
						
						
						
							
						
						
							831fee68c3 
							
						 
					 
					
						
						
							
							tls13: keys: Avoid input buffer copy  
						
						... 
						
						
						
						In mbedtls_ssl_tls13_evolve_secret() avoid
to copy the input buffer into a local buffer
as the copy is avoidable.
This also fixes a potential overflow as the
size of the local buffer was not checked when
copying into it.
With the current calls to mbedtls_ssl_tls13_evolve_secret()
no buffer overflow was expected to happen though.
Signed-off-by: Ronald Cron <ronald.cron@arm.com> 
						
						
					 
					
						2022-10-21 14:34:20 +02:00 
						 
				 
			
				
					
						
							
							
								Andrzej Kurek 
							
						 
					 
					
						
						
						
						
							
						
						
							c610e7402e 
							
						 
					 
					
						
						
							
							Formatting & unnecessary (void) fixes  
						
						... 
						
						
						
						Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com> 
						
						
					 
					
						2022-10-19 08:35:09 -04:00 
						 
				 
			
				
					
						
							
							
								Andrzej Kurek 
							
						 
					 
					
						
						
						
						
							
						
						
							ecb630925f 
							
						 
					 
					
						
						
							
							Fix constant name in ssl_tls13_keys  
						
						... 
						
						
						
						Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com> 
						
						
					 
					
						2022-10-19 08:35:09 -04:00 
						 
				 
			
				
					
						
							
							
								Andrzej Kurek 
							
						 
					 
					
						
						
						
						
							
						
						
							e5a5cc1944 
							
						 
					 
					
						
						
							
							Remove the dependency of tls1_3 key evolution tests on curve25519  
						
						... 
						
						
						
						Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com> 
						
						
					 
					
						2022-10-19 08:35:09 -04:00 
						 
				 
			
				
					
						
							
							
								Jerry Yu 
							
						 
					 
					
						
						
						
						
							
						
						
							6ee726e1ab 
							
						 
					 
					
						
						
							
							Replace md translation function  
						
						... 
						
						
						
						Signed-off-by: Jerry Yu <jerry.h.yu@arm.com> 
						
						
					 
					
						2022-09-16 16:32:27 +08:00 
						 
				 
			
				
					
						
							
							
								Jerry Yu 
							
						 
					 
					
						
						
						
						
							
						
						
							a5df584d87 
							
						 
					 
					
						
						
							
							fix build fail for test_psa_crypto_config_accel_hash_use_psa  
						
						... 
						
						
						
						Signed-off-by: Jerry Yu <jerry.h.yu@arm.com> 
						
						
					 
					
						2022-09-16 11:28:54 +08:00 
						 
				 
			
				
					
						
							
							
								Jerry Yu 
							
						 
					 
					
						
						
						
						
							
						
						
							46bffe0e82 
							
						 
					 
					
						
						
							
							Refine rsumption master secret compute function  
						
						... 
						
						
						
						Signed-off-by: Jerry Yu <jerry.h.yu@arm.com> 
						
						
					 
					
						2022-09-13 15:09:49 +08:00 
						 
				 
			
				
					
						
							
							
								Jerry Yu 
							
						 
					 
					
						
						
						
						
							
						
						
							466dda8553 
							
						 
					 
					
						
						
							
							Rename resumption master secret compute function  
						
						... 
						
						
						
						Signed-off-by: Jerry Yu <jerry.h.yu@arm.com> 
						
						
					 
					
						2022-09-13 14:28:15 +08:00 
						 
				 
			
				
					
						
							
							
								Jerry Yu 
							
						 
					 
					
						
						
						
						
							
						
						
							49d63f8c36 
							
						 
					 
					
						
						
							
							Implement generate resumption master secret  
						
						... 
						
						
						
						Signed-off-by: Jerry Yu <jerry.h.yu@arm.com> 
						
						
					 
					
						2022-08-31 23:24:25 +08:00 
						 
				 
			
				
					
						
							
							
								Jerry Yu 
							
						 
					 
					
						
						
						
						
							
						
						
							c5a23a0f12 
							
						 
					 
					
						
						
							
							fix various issues  
						
						... 
						
						
						
						- code style
- variable initialize
- update comments
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com> 
						
						
					 
					
						2022-08-25 11:09:35 +08:00 
						 
				 
			
				
					
						
							
							
								Jerry Yu 
							
						 
					 
					
						
						
						
						
							
						
						
							29d9faa468 
							
						 
					 
					
						
						
							
							fix various issues.  
						
						... 
						
						
						
						- comments issues
- code format style issues
- naming improvement.
- error return improvements
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com> 
						
						
					 
					
						2022-08-23 17:53:43 +08:00 
						 
				 
			
				
					
						
							
							
								Jerry Yu 
							
						 
					 
					
						
						
						
						
							
						
						
							01e42d2d4c 
							
						 
					 
					
						
						
							
							fix issues in export handshake psk  
						
						... 
						
						
						
						Signed-off-by: Jerry Yu <jerry.h.yu@arm.com> 
						
						
					 
					
						2022-08-21 13:00:07 +08:00 
						 
				 
			
				
					
						
							
							
								Jerry Yu 
							
						 
					 
					
						
						
						
						
							
						
						
							5d01c05d93 
							
						 
					 
					
						
						
							
							fix various issues  
						
						... 
						
						
						
						- wrong typo in comments
- replace psk null check with key_exchange_mode check
- set psk NULL when error return in export hs psk
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com> 
						
						
					 
					
						2022-08-21 12:55:01 +08:00 
						 
				 
			
				
					
						
							
							
								Jerry Yu 
							
						 
					 
					
						
						
						
						
							
						
						
							6cf6b47b5c 
							
						 
					 
					
						
						
							
							fix format and comment issues  
						
						... 
						
						
						
						Signed-off-by: Jerry Yu <jerry.h.yu@arm.com> 
						
						
					 
					
						2022-08-21 12:54:53 +08:00 
						 
				 
			
				
					
						
							
							
								Ronald Cron 
							
						 
					 
					
						
						
						
						
							
						
						
							295d93ebe8 
							
						 
					 
					
						
						
							
							Add psk handshake with gnutls  
						
						... 
						
						
						
						Signed-off-by: Ronald Cron <ronald.cron@arm.com>
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com> 
						
						
					 
					
						2022-08-11 21:25:35 +08:00 
						 
				 
			
				
					
						
							
							
								Jerry Yu 
							
						 
					 
					
						
						
						
						
							
						
						
							40f3771e18 
							
						 
					 
					
						
						
							
							Add handshake psk export function.  
						
						... 
						
						
						
						Rename `ssl_tls13_get_psk` and export the
function.
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com> 
						
						
					 
					
						2022-08-11 21:25:35 +08:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
							
							
						
						
						
							
						
						
							f6b8c3297a 
							
						 
					 
					
						
						
							
							Merge pull request  #6065  from mpg/explore2  
						
						... 
						
						
						
						Driver-only hashes: RSA 1.5 and PK + strategy doc 
						
						
					 
					
						2022-07-28 10:43:38 +02:00 
						 
				 
			
				
					
						
							
							
								Ronald Cron 
							
						 
					 
					
						
						
						
						
							
						
						
							799077177b 
							
						 
					 
					
						
						
							
							TLS 1.3: Use selected key exchange mode field  
						
						... 
						
						
						
						Signed-off-by: Ronald Cron <ronald.cron@arm.com> 
						
						
					 
					
						2022-07-20 17:49:58 +02:00 
						 
				 
			
				
					
						
							
							
								Ronald Cron 
							
						 
					 
					
						
						
						
						
							
						
						
							2d8b7ac898 
							
						 
					 
					
						
						
							
							TLS 1.3: Fix selected key exchange mode check  
						
						... 
						
						
						
						ECDHE operations have to be done in
ephemeral and PSK-ephemeral key exchange
mode, not just ephemeral key exhange mode.
Signed-off-by: Ronald Cron <ronald.cron@arm.com> 
						
						
					 
					
						2022-07-20 17:46:58 +02:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
						
						
							
						
						
							abac037a7b 
							
						 
					 
					
						
						
							
							Migrate from old inline to new actual function.  
						
						... 
						
						
						
						This is mostly:
    sed -i 's/mbedtls_psa_translate_md/mbedtls_hash_info_psa_from_md/' \
    library/*.c tests/suites/*.function
This should be good for code size as the old inline function was used
from 10 translation units inside the library, so we have 10 copies at
least.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com> 
						
						
					 
					
						2022-07-18 21:28:38 +02:00 
						 
				 
			
				
					
						
							
							
								Ronald Cron 
							
						 
					 
					
						
						
						
						
							
						
						
							ce7d76e2ee 
							
						 
					 
					
						
						
							
							Merge remote-tracking branch 'mbedtls-restricted/development-restricted' into mbedtls-3.2.0rc0-pr  
						
						
						
						
					 
					
						2022-07-11 10:22:37 +02:00 
						 
				 
			
				
					
						
							
							
								Przemek Stekiel 
							
						 
					 
					
						
						
						
						
							
						
						
							1b0ebdf363 
							
						 
					 
					
						
						
							
							Zeroize hkdf_label buffer  
						
						... 
						
						
						
						Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com> 
						
						
					 
					
						2022-06-23 09:22:49 +02:00 
						 
				 
			
				
					
						
							
							
								Przemek Stekiel 
							
						 
					 
					
						
						
						
						
							
						
						
							38ab400dc4 
							
						 
					 
					
						
						
							
							Adapt code to be consistent with the existing code  
						
						... 
						
						
						
						- init status to error
- use simple assignment to status
- fix code style (spaces)
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com> 
						
						
					 
					
						2022-06-23 09:05:40 +02:00 
						 
				 
			
				
					
						
							
							
								Przemek Stekiel 
							
						 
					 
					
						
						
						
						
							
						
						
							d5ae365b97 
							
						 
					 
					
						
						
							
							Use PSA HKDF-Extrat/Expand algs instead mbedtls_psa_hkdf_extract(), mbedtls_psa_hkdf_xpand()  
						
						... 
						
						
						
						Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com> 
						
						
					 
					
						2022-06-21 07:22:33 +02:00 
						 
				 
			
				
					
						
							
							
								Przemek Stekiel 
							
						 
					 
					
						
						
						
						
							
						
						
							88e7101d03 
							
						 
					 
					
						
						
							
							Remove mbedtls_psa_hkdf_extract(), mbedtls_psa_hkdf_expand()  
						
						... 
						
						
						
						Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com> 
						
						
					 
					
						2022-06-21 07:22:33 +02:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
						
						
							
						
						
							a3115dc0e6 
							
						 
					 
					
						
						
							
							Mark static int SSL functions CHECK_RETURN_CRITICAL  
						
						... 
						
						
						
						Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com> 
						
						
					 
					
						2022-06-20 21:12:52 +02:00 
						 
				 
			
				
					
						
							
							
								Paul Elliott 
							
						 
					 
					
						
						
							
							
						
						
						
							
						
						
							8fba70f66c 
							
						 
					 
					
						
						
							
							Merge pull request  #5749  from yuhaoth/pr/add-tls13-finished-message-and-wrapup  
						
						... 
						
						
						
						TLS 1.3: Add Finished Message and wrapup 
						
						
					 
					
						2022-05-25 12:02:06 +01:00 
						 
				 
			
				
					
						
							
							
								Jerry Yu 
							
						 
					 
					
						
						
						
						
							
						
						
							fd5ea0458f 
							
						 
					 
					
						
						
							
							add compute application transform  
						
						... 
						
						
						
						Signed-off-by: Jerry Yu <jerry.h.yu@arm.com> 
						
						
					 
					
						2022-05-19 14:29:48 +08:00 
						 
				 
			
				
					
						
							
							
								Jerry Yu 
							
						 
					 
					
						
						
						
						
							
						
						
							545432310d 
							
						 
					 
					
						
						
							
							remove zeorize from keys  
						
						... 
						
						
						
						Signed-off-by: Jerry Yu <jerry.h.yu@arm.com> 
						
						
					 
					
						2022-05-19 11:23:25 +08:00 
						 
				 
			
				
					
						
							
							
								Neil Armstrong 
							
						 
					 
					
						
						
						
						
							
						
						
							0fa8ce3498 
							
						 
					 
					
						
						
							
							TLS 1.3 only have AEAD ciphers, drop the PSA_ALG_IS_AEAD() check in mbedtls_ssl_tls13_get_cipher_key_info()  
						
						... 
						
						
						
						Signed-off-by: Neil Armstrong <narmstrong@baylibre.com> 
						
						
					 
					
						2022-05-18 13:19:29 +02:00 
						 
				 
			
				
					
						
							
							
								Neil Armstrong 
							
						 
					 
					
						
						
						
						
							
						
						
							b818e16b29 
							
						 
					 
					
						
						
							
							Move out common PSA code from mbedtls_ssl_tls13_generate_handshake_keys/mbedtls_ssl_tls13_generate_application_keys  
						
						... 
						
						
						
						Signed-off-by: Neil Armstrong <narmstrong@baylibre.com> 
						
						
					 
					
						2022-05-18 13:19:29 +02:00 
						 
				 
			
				
					
						
							
							
								Neil Armstrong 
							
						 
					 
					
						
						
						
						
							
						
						
							e3b0b8ab67 
							
						 
					 
					
						
						
							
							Remove non-PSA code in mbedtls_ssl_tls13_generate_handshake_keys/mbedtls_ssl_tls13_generate_application_keys  
						
						... 
						
						
						
						Signed-off-by: Neil Armstrong <narmstrong@baylibre.com> 
						
						
					 
					
						2022-05-18 13:19:29 +02:00 
						 
				 
			
				
					
						
							
							
								Neil Armstrong 
							
						 
					 
					
						
						
						
						
							
						
						
							93617245c3 
							
						 
					 
					
						
						
							
							Code style fixes  
						
						... 
						
						
						
						Signed-off-by: Neil Armstrong <narmstrong@baylibre.com> 
						
						
					 
					
						2022-05-18 13:19:29 +02:00 
						 
				 
			
				
					
						
							
							
								Neil Armstrong 
							
						 
					 
					
						
						
						
						
							
						
						
							4f4f271850 
							
						 
					 
					
						
						
							
							In mbedtls_ssl_tls13_generate_handshake_keys() and mbedtls_ssl_tls13_generate_application_keys(), avoid calling mbedtls_cipher_info_from_type()  
						
						... 
						
						
						
						Signed-off-by: Neil Armstrong <narmstrong@baylibre.com> 
						
						
					 
					
						2022-05-18 13:19:29 +02:00 
						 
				 
			
				
					
						
							
							
								Neil Armstrong 
							
						 
					 
					
						
						
						
						
							
						
						
							a8093f5c48 
							
						 
					 
					
						
						
							
							In mbedtls_ssl_tls13_populate_transform() make sure mbedtls_cipher_info_from_type() is only called when USE_PSA is disabled  
						
						... 
						
						
						
						Signed-off-by: Neil Armstrong <narmstrong@baylibre.com> 
						
						
					 
					
						2022-05-18 13:19:29 +02:00 
						 
				 
			
				
					
						
							
							
								Jerry Yu 
							
						 
					 
					
						
						
						
						
							
						
						
							ff2269889d 
							
						 
					 
					
						
						
							
							Add client finished  
						
						... 
						
						
						
						Signed-off-by: Jerry Yu <jerry.h.yu@arm.com> 
						
						
					 
					
						2022-05-18 09:58:48 +08:00 
						 
				 
			
				
					
						
							
							
								Shaun Case 
							
						 
					 
					
						
						
						
						
							
						
						
							8b0ecbccf4 
							
						 
					 
					
						
						
							
							Redo of PR#5345. Fixed spelling and typographical errors found by CodeSpell.  
						
						... 
						
						
						
						Signed-off-by: Shaun Case <warmsocks@gmail.com>
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com> 
						
						
					 
					
						2022-05-11 21:25:51 +01:00 
						 
				 
			
				
					
						
							
							
								Jerry Yu 
							
						 
					 
					
						
						
						
						
							
						
						
							ef2b98a246 
							
						 
					 
					
						
						
							
							fix coding style issues  
						
						... 
						
						
						
						Signed-off-by: Jerry Yu <jerry.h.yu@arm.com> 
						
						
					 
					
						2022-05-06 16:40:05 +08:00 
						 
				 
			
				
					
						
							
							
								Jerry Yu 
							
						 
					 
					
						
						
						
						
							
						
						
							f86eb75c58 
							
						 
					 
					
						
						
							
							fix various issues  
						
						... 
						
						
						
						Signed-off-by: Jerry Yu <jerry.h.yu@arm.com> 
						
						
					 
					
						2022-05-06 11:16:55 +08:00 
						 
				 
			
				
					
						
							
							
								Jerry Yu 
							
						 
					 
					
						
						
						
						
							
						
						
							e110d258d9 
							
						 
					 
					
						
						
							
							Add set outbound transform  
						
						... 
						
						
						
						Signed-off-by: Jerry Yu <jerry.h.yu@arm.com> 
						
						
					 
					
						2022-05-05 19:59:59 +08:00 
						 
				 
			
				
					
						
							
							
								Glenn Strauss 
							
						 
					 
					
						
						
						
						
							
						
						
							07c641605e 
							
						 
					 
					
						
						
							
							Rename mbedtls_ssl_transform minor_ver to tls_version  
						
						... 
						
						
						
						Store the TLS version in tls_version instead of minor version number.
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com> 
						
						
					 
					
						2022-04-14 15:23:54 -04:00 
						 
				 
			
				
					
						
							
							
								Gabor Mezei 
							
						 
					 
					
						
						
							
							
						
						
						
							
						
						
							29e7ca89d5 
							
						 
					 
					
						
						
							
							Fix typo  
						
						... 
						
						
						
						Signed-off-by: Gabor Mezei <gabor.mezei@arm.com> 
						
						
					 
					
						2022-03-29 17:08:49 +02:00