Commit graph

8817 commits

Author SHA1 Message Date
Simon Butcher 195bddebcc Merge remote-tracking branch 'restricted/pr/528' into development
* restricted/pr/528:
  Update query_config.c
  Fix failure in SSLv3 per-version suites test
  Adjust DES exclude lists in test scripts
  Clarify 3DES changes in ChangeLog
  Fix documentation for 3DES removal
  Exclude 3DES tests in test scripts
  Fix wording of ChangeLog and 3DES_REMOVE docs
  Reduce priority of 3DES ciphersuites
2019-03-01 12:45:45 +00:00
Simon Butcher 74ac6e3fec Merge remote-tracking branch 'public/pr/2028' into development
* public/pr/2028:
  Update the crypto submodule to a78c958
  Fix ChangeLog entry to correct release version
  Fix typo in x509write test data
  Add ChangeLog entry for unused bits in bitstrings
  Improve docs for named bitstrings and their usage
  Add tests for (named) bitstring to suite_asn1write
  Add new function mbedtls_asn1_write_named_bitstring()
2019-03-01 12:44:19 +00:00
Simon Butcher bbed914b41 Merge remote-tracking branch 'public/pr/2447' into development
* public/pr/2447:
  Unbump version to 0.0.0
2019-03-01 12:41:25 +00:00
Simon Butcher 700cbac98a Merge remote-tracking branch 'public/pr/2448' into development
* public/pr/2448:
  Reword changelog entry
  Update change log
  Reenable GnuTLS next based tests
2019-03-01 12:40:43 +00:00
Manuel Pégourié-Gonnard 56b9a939a0 Update query_config.c 2019-03-01 10:23:46 +01:00
Manuel Pégourié-Gonnard aa946b2d49 Fix failure in SSLv3 per-version suites test
The test used 3DES as the suite for SSLv3, which now makes the handshake fails
with "no ciphersuite in common", failing the test as well. Use Camellia
instead (as there are not enough AES ciphersuites before TLS 1.2 to
distinguish between the 3 versions).

Document some dependencies, but not all. Just trying to avoid introducing new
issues by using a new cipher here, not trying to make it perfect, which is a
much larger task out of scope of this commit.
2019-03-01 10:22:04 +01:00
Andres Amaya Garcia 419bd0011f Adjust DES exclude lists in test scripts 2019-03-01 10:22:04 +01:00
Andres Amaya Garcia f8dffb3f34 Clarify 3DES changes in ChangeLog 2019-03-01 10:22:04 +01:00
Andres Amaya Garcia bdfba79f0d Fix documentation for 3DES removal 2019-03-01 10:21:11 +01:00
Andres Amaya Garcia 2dadab7d3f Exclude 3DES tests in test scripts 2019-03-01 10:21:11 +01:00
Andres Amaya Garcia 22a8905686 Fix wording of ChangeLog and 3DES_REMOVE docs 2019-03-01 10:21:11 +01:00
Andres Amaya Garcia 4a512281ec Reduce priority of 3DES ciphersuites 2019-03-01 10:19:27 +01:00
Simon Butcher 1e198f5a98 Update the crypto submodule to a78c958
Update the crypto submodule to commit a78c958b17
to include the equivalent changes in this PR within the submodule.
2019-02-28 09:54:01 +00:00
Andres Amaya Garcia ce04951a6c Fix ChangeLog entry to correct release version 2019-02-28 09:40:12 +00:00
Andres Amaya Garcia 412ddf3812 Fix typo in x509write test data 2019-02-28 09:38:03 +00:00
Andres Amaya Garcia d588ff7156 Add ChangeLog entry for unused bits in bitstrings 2019-02-28 09:38:03 +00:00
Andres Amaya Garcia d8233f76db Improve docs for named bitstrings and their usage 2019-02-28 09:36:30 +00:00
Andres Amaya Garcia 7067f812f8 Add tests for (named) bitstring to suite_asn1write 2019-02-28 09:36:30 +00:00
Andres Amaya Garcia 6e95914f0e Add new function mbedtls_asn1_write_named_bitstring()
Add a new function mbedtls_asn1_write_named_bitstring() that removes
trailing 0s at the end of DER encoded bitstrings. The function is
implemented according to Hanno Becker's suggestions.

This commit also changes the functions x509write_crt_set_ns_cert_type
and crt_set_key_usage to call the new function as the use named
bitstrings instead of the regular bitstrings.
2019-02-28 09:36:30 +00:00
Jaeden Amero 86016a03a1 Merge remote-tracking branch 'origin/pr/2338' into development 2019-02-22 12:55:30 +00:00
Jaeden Amero e895342522 Merge remote-tracking branch 'origin/pr/2427' into development 2019-02-22 12:53:13 +00:00
Jaeden Amero d247762a8d Merge remote-tracking branch 'origin/pr/2460' into development 2019-02-22 12:52:51 +00:00
Hanno Becker 85fd913950 Fix typo in check_config.h 2019-02-22 12:50:35 +00:00
Jaeden Amero caca307f42 crypto: Update submodule to Mbed Crypto 1.0.0d6 2019-02-22 10:48:48 +00:00
Jaeden Amero 415620c1f2 Merge remote-tracking branch 'origin/pr/2105' into development
Additional work done as part of merge:
    - Run ./tests/scripts/check-generated-files.sh and check in the
      resulting changes to programs/ssl/query_config.c
2019-02-22 10:33:15 +00:00
Jaeden Amero 461bd3dcca Merge remote-tracking branch 'origin/pr/2454' into development 2019-02-22 10:32:44 +00:00
Jaeden Amero 9f47f82218 Merge remote-tracking branch 'origin/pr/2391' into development 2019-02-22 10:32:44 +00:00
Jaeden Amero 8963b0311c Merge remote-tracking branch 'origin/pr/2411' into development 2019-02-22 10:32:44 +00:00
Jaeden Amero d9516b508a Merge remote-tracking branch 'origin/pr/2407' into development 2019-02-22 10:32:44 +00:00
Jaeden Amero 0ae63f7bc3 Merge remote-tracking branch 'origin/pr/2383' into development 2019-02-22 10:32:43 +00:00
Hanno Becker 241b524964 Disable restartable ECC in full config PSA test in all.sh 2019-02-22 10:26:30 +00:00
Hanno Becker 1ce51e4dc3 Forbid setting MBEDTLS_ECP_RESTARTABLE and MBEDTLS_USE_PSA_CRYPTO_C
Restartable ECC isn't supported in PSA yet.
2019-02-22 10:25:47 +00:00
Jaeden Amero 3497323f79 Initialize PSA Crypto operation contexts
It is now required to initialize PSA Crypto operation contexts before
calling psa_*_setup(). Otherwise, one gets a PSA_ERROR_BAD_STATE error.
2019-02-20 10:58:55 +00:00
k-stachowiak cddbd01e4f Reword changelog entry 2019-02-19 12:40:34 +01:00
k-stachowiak 6409724059 Update change log 2019-02-19 12:25:24 +01:00
Hanno Becker 135baef1bd Define maximum EC public key length depending on enabled curves 2019-02-18 17:04:24 +00:00
Hanno Becker 28f78440d8 Grep for debug output witnessing use of PSA in ECDHE ssl-opt.sh 2019-02-18 16:47:50 +00:00
Hanno Becker 4af484e29a Regenerate VS2010 project file 2019-02-18 16:42:02 +00:00
Hanno Becker 3b7c4a0ff0 Regenerate VisualStudio project file 2019-02-18 16:42:02 +00:00
Hanno Becker 354e248d81 Add ssl-opt.sh tests for PSA-based ECDH with various ECC curves 2019-02-18 16:42:02 +00:00
Hanno Becker 0a94a64bbd Add debugging output to confirm that PSA was used for ECDHE 2019-02-18 16:42:02 +00:00
Hanno Becker c14a3bb5a6 Make variable in ssl_write_client_key_exchange() more descriptive 2019-02-18 16:42:02 +00:00
Hanno Becker 4a63ed421c Implement ClientKeyExchange writing in PSA-based ECDHE suites
- Populate the ECDH private key slot with a fresh private EC key
  designated for the correct algorithm.
- Export the public part of the ECDH private key from PSA and
  reformat it to suite the format of the ClientKeyExchange message.
- Perform the PSA-based ECDH key agreement and store the result
  as the premaster secret for the connection.
2019-02-18 16:42:01 +00:00
Hanno Becker bb89e2727f Implement ServerKeyExchange parsing for PSA-based ECDHE suites
- Reformat the server's ECDH public key to make it suitable
  for the PSA key agreement API. Currently, the key agreement
  API needs a full SubjectPublicKeyInfo structure, while the
  TLS ServerKeyExchange message only contains a ECPoint structure.
2019-02-18 16:42:01 +00:00
Hanno Becker df51dbe17f Add fields for PSA-based ECDHE to handshake structure
This is the first in a series of commits adding client-side
support for PSA-based ECDHE.

Previously, the state of an ECDHE key agreement was maintained
in the field mbedtls_ssl_handshake_params::ecdh_ctx, of type
::mbedtls_ecdh_context and manipulated through the ECDH API.

The ECDH API will be superseeded by the PSA Crypto API for key
agreement, which needs the following data:
(a) A raw buffer holding the public part of the key agreement
    received from our peer.
(b) A key slot holding the private part of the key agreement.
(c) The algorithm to use.
The commit adds fields to ::mbedtls_ssl_handshake_params
representing these three inputs to PSA-based key agreement.

Specifically, it adds a field for the key slot holding the
ECDH private key, a field for the EC curve identifier, and
a buffer holding the peer's public key.

Note: Storing the peer's public key buffer is slightly
inefficient, as one could perform the ECDH computation
as soon as the peer sends its public key, either working
with in-place or using a stack-buffer to reformat the
public key before passing it to PSA. This optimization
is left for a later commit.
2019-02-18 16:41:55 +00:00
Hanno Becker f75f912c31 Add functions to psa_util module to convert EC public keys 2019-02-18 16:37:12 +00:00
k-stachowiak 17a38d3a74 Reenable GnuTLS next based tests 2019-02-18 15:29:56 +01:00
k-stachowiak 28cb6fbd47 Unbump version to 0.0.0 2019-02-18 12:01:03 +01:00
Manuel Pégourié-Gonnard 9c99dc862c
Merge pull request #2395 from ARMmbed/development-psa-merged-dev-8e76332
Merge updated development-psa into development
2019-02-18 11:55:54 +01:00
Andrzej Kurek 064128c1b0 Update submodule pointer to commit 0574e6a of mbed-crypto/development 2019-02-15 10:20:05 -05:00