Commit graph

3984 commits

Author SHA1 Message Date
Manuel Pégourié-Gonnard d0d8a935b2 Blind operations on the secret
I'm not sure this is necessary, because it is only multiplied by xm2 which is
already random and secret, but OTOH, xm2 is related to a public value, so
let's add blinding with a random value that's only use for blinding, just to
be extra sure.
2015-09-07 12:43:11 +02:00
Manuel Pégourié-Gonnard 55f3d84faa fixup-include 2015-09-07 12:43:11 +02:00
Manuel Pégourié-Gonnard c907081a20 Polish the source 2015-09-07 12:43:11 +02:00
Manuel Pégourié-Gonnard f7368c983a Polish API and documentation 2015-09-07 12:43:11 +02:00
Manuel Pégourié-Gonnard e1927101fb Unify round two 2015-09-07 12:43:11 +02:00
Manuel Pégourié-Gonnard d8204a7bea Provide symmetric API for the first round 2015-09-07 12:43:11 +02:00
Manuel Pégourié-Gonnard e2d3a4e1b4 Unify loading of test vectors in tests 2015-09-07 12:43:11 +02:00
Manuel Pégourié-Gonnard ce4567614b Rename variable to prepare for cli/srv unification 2015-09-07 12:43:10 +02:00
Manuel Pégourié-Gonnard 6b798b9dae Tune up some comments 2015-09-07 12:43:10 +02:00
Manuel Pégourié-Gonnard e0ad57b0b3 Replace explicit IDs with table look-ups
That's a first step towards merging symmetric version of different functions
2015-09-07 12:43:10 +02:00
Manuel Pégourié-Gonnard 5f18829609 Add derive_pms, completing first working version 2015-09-07 12:43:10 +02:00
Manuel Pégourié-Gonnard 6449391852 Store our role in the context 2015-09-07 12:43:10 +02:00
Manuel Pégourié-Gonnard 614bd5e919 Add write_client_params 2015-09-07 12:43:10 +02:00
Manuel Pégourié-Gonnard ec0eece2ba Add read_client_params 2015-09-07 12:43:10 +02:00
Manuel Pégourié-Gonnard bed9e41761 Add writing of server params 2015-09-07 12:43:10 +02:00
Manuel Pégourié-Gonnard 8d31e80da4 Improve testing strategy
- reference handshake tests that we get the right values (not much now, but
  much more later when we get to deriving the PMS)
- random handshake in addition tests our generate/write functions against our
  read functions, that are tested by the reference handshake, and will be
further tested in the test suite later against invalid inputs
2015-09-07 12:43:10 +02:00
Manuel Pégourié-Gonnard 1a7c5ef42b Optimize some case of mbedtls_ecp_muladd()
Those are used by EC-JPAKE
2015-09-07 12:43:10 +02:00
Manuel Pégourié-Gonnard cb7cd03412 Add first draft or read_server_params 2015-09-07 12:43:10 +02:00
Manuel Pégourié-Gonnard 23dcbe3f16 Add support for passphrase in the context 2015-09-07 12:43:10 +02:00
Manuel Pégourié-Gonnard 4e8bc78ad9 Add context-using functions for Hello extensions
Also re-order functions in the header so that they appear in the order they're
use, ie free() last.
2015-09-07 12:43:10 +02:00
Manuel Pégourié-Gonnard 7af8bc1007 Start introducing mbedtls_ecjpake_context 2015-09-07 12:43:10 +02:00
Manuel Pégourié-Gonnard 3aed1851b3 Re-order functions.
Use the same order for all read-write pair of functions
2015-09-07 12:43:09 +02:00
Manuel Pégourié-Gonnard 9028c5af9a Improve const correctness of read() functions 2015-09-07 12:43:09 +02:00
Manuel Pégourié-Gonnard 082767ff0c Add ecjpake_kkpp_read/write 2015-09-07 12:43:09 +02:00
Manuel Pégourié-Gonnard 4f2cd95e1d Fix potential memory leaks 2015-09-07 12:43:09 +02:00
Manuel Pégourié-Gonnard b1b250b68c Add ecjpake_kkp_read/write() 2015-09-07 12:43:09 +02:00
Manuel Pégourié-Gonnard 967cd7192d Add test vector for ZKP verification 2015-09-07 12:43:09 +02:00
Manuel Pégourié-Gonnard 6029a85572 Add ecjpake_zpk_read()
Not really tested yet
2015-09-07 12:43:09 +02:00
Manuel Pégourié-Gonnard c618195bc4 Fix base point in ecjpake_write_zkp() 2015-09-07 12:43:09 +02:00
Manuel Pégourié-Gonnard d9a3f47ecd Add mbedtls_ecp_gen_keypair_base() 2015-09-07 12:43:09 +02:00
Manuel Pégourié-Gonnard 8489f17277 First draft of ecjpake_write_zkp() 2015-09-07 12:43:09 +02:00
Manuel Pégourié-Gonnard 3dbf2fbb89 Implement hashing function for ZKP 2015-09-07 12:43:09 +02:00
Manuel Pégourié-Gonnard 4d8685b4ff Add skeleton for EC J-PAKE module 2015-09-07 12:43:09 +02:00
Manuel Pégourié-Gonnard 14d800507a Remove "private" setting from module.json 2015-09-04 15:35:47 +02:00
Manuel Pégourié-Gonnard 0a0c22e0ef Add ChangeLog entry about license change 2015-09-04 14:38:26 +02:00
Manuel Pégourié-Gonnard aac5502553 Bump version to 2.1.0 2015-09-04 14:33:31 +02:00
Manuel Pégourié-Gonnard 67e4652bfc Fix bug in bump_version.sh
Missing quotes around "version" in module.json
2015-09-04 14:31:16 +02:00
Manuel Pégourié-Gonnard 37ff14062e Change main license to Apache 2.0 2015-09-04 14:21:07 +02:00
Manuel Pégourié-Gonnard f9c599cd8a Bump yotta patch version 2015-09-03 16:45:26 +02:00
Simon Butcher 2d43479ac5 Merge branch 'development' of ssh://github.com/ARMmbed/mbedtls into development 2015-09-03 13:08:55 +01:00
Simon Butcher 1a66081d7f Merge branch 'iotssl-457-badtail' into development 2015-09-03 13:08:09 +01:00
Simon Butcher 52754594b6 Merging iotssl-457-badtail with development branch 2015-09-03 13:06:01 +01:00
Manuel Pégourié-Gonnard f851f14214 Moe top-level Readme to markdown
For consistency
2015-09-03 13:29:45 +02:00
Simon Butcher ed51594337 Merge pull request #265 from ARMmbed/iotssl-460-bugfixes
Iotssl 460 bugfixes
2015-09-02 23:36:36 +01:00
Simon Butcher 1662c4a338 Merge pull request #264 from ARMmbed/misc
Misc improvements
2015-09-02 17:51:23 +01:00
Manuel Pégourié-Gonnard f459a0f5f2 Bump yotta patch version 2015-09-02 10:24:46 +02:00
Manuel Pégourié-Gonnard b2beb84be6 Changelog entry fro the previous commit 2015-09-01 19:37:32 +02:00
Manuel Pégourié-Gonnard f81ee2eba8 Add NULL checks to top-level SSL functions
On normal use these should never be useful, but if the application has issues,
it's best for us to return an error than to crash.
2015-09-01 17:43:40 +02:00
Manuel Pégourié-Gonnard fdbdd72b8b Skip to trusted certs early in the chain
This helps in the case where an intermediate certificate is directly trusted.
In that case we want to ignore what comes after it in the chain, not only for
performance but also to avoid false negatives (eg an old root being no longer
trusted while the newer intermediate is directly trusted).

closes #220
2015-09-01 17:24:42 +02:00
Manuel Pégourié-Gonnard 560fea3767 Add tests for verify callback
As we're about to change the chain construction logic, we want to make sure
the callback will still be called exactly when it should, and not on the
(upcoming) ignored certs in the chain.
2015-09-01 17:24:42 +02:00