mbedtls

Author	SHA1	Message	Date
Ronald Cron	d29e13eb1b	tls: Use the same function in TLS 1.2 and 1.3 to check PSK conf Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-10-21 14:34:20 +02:00
Andrzej Kurek	c19fb08dd3	Add missing ECDH dependency in tls 1.3 client Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-10-19 08:35:08 -04:00
Jerry Yu	c79742303d	Remove unnecessary empty line and fix format issue Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-10-11 21:22:33 +08:00
Jerry Yu	4f77ecf409	disable session resumption when ticket expired Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-10-10 22:10:08 +08:00
Jerry Yu	6916e70521	fix various issues - adjust guards. Remove duplicate guards and adjust format. - Return success at function end. Not `ret` - change input len Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-10-10 21:33:51 +08:00
Jerry Yu	a99cbfa2d3	fix various issues - rename function and variable - change signature of `ssl_tls13_has_configured_psk` - remove unnecessary statements - remove unnecessary local variables - wrong variable initial value - improve output message Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-10-08 14:35:47 +08:00
Jerry Yu	21f9095fa8	Revert "move ciphersuite validation to set_session" This reverts commit `19ae6f62c7`. Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-10-08 14:35:34 +08:00
Jerry Yu	4a698341c9	Re-org selected_identity parser Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-10-07 10:11:05 +08:00
Jerry Yu	6183cc7470	Re-org binders writer Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-10-07 10:11:05 +08:00
Jerry Yu	f75364bee1	Re-organize identities writer Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-10-07 10:11:05 +08:00
Jerry Yu	8b41e893a2	fix various issues - Re-order code and comments - move comment above `write_identities` - move `write_binder` above `write_identities`. - Add has_{psk,identity} into {ticket,psk}_get_{psk,identity} - rename `_session_tickets_` to `_ticket_` Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-10-07 10:11:05 +08:00
Jerry Yu	19ae6f62c7	move ciphersuite validation to set_session Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-10-07 10:11:05 +08:00
Jerry Yu	b300e3c5be	add selected_identity parser Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-10-07 10:11:05 +08:00
Jerry Yu	1a0a0f4416	Add binders writer Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-10-07 10:11:05 +08:00
Jerry Yu	f7c125917c	Add identites writer Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-10-07 10:11:05 +08:00
Jerry Yu	0c6105bc9e	empty pre_shared_key functions To easy review Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-10-07 10:11:05 +08:00
Xiaokang Qian	ca343ae280	Improve message logs and test cases description in psk Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>	2022-09-28 02:07:54 +00:00
Xiaokang Qian	cb6e96305f	Change kex mode string name Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>	2022-09-27 08:02:41 +00:00
Xiaokang Qian	5beec4b339	Refine ssl_get_kex_mode_str() for easy automatic generation Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>	2022-09-26 08:23:45 +00:00
Xiaokang Qian	ac8195f4f7	Fix wrongly kex mode fallback issue in psk cases Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>	2022-09-26 06:31:58 +00:00
Xiaokang Qian	8939930b82	Rebase and fix some test failures Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>	2022-09-23 01:49:33 +00:00
Xiaokang Qian	5001bfc619	Add key exchange mode log in client side Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>	2022-09-23 01:49:33 +00:00
XiaokangQian	335cfaadf9	Finalize client side code for psk Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-09-23 01:48:26 +00:00
Jerry Yu	f7dad3cfbe	fix various issues - Naming - format - Reduce negative tolerance window Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-09-14 22:31:39 +08:00
Jerry Yu	95db17ed5f	fix various issues - improve obfuscated ticket age generator - improve psk getter Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-09-14 10:37:58 +08:00
Jerry Yu	466dda8553	Rename resumption master secret compute function Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-09-13 14:28:15 +08:00
Jerry Yu	fd310ebf2d	fix coding style issues Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-09-06 09:16:35 +08:00
Jerry Yu	661dd943b6	Add dummy server name extension paser Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-08-31 23:24:25 +08:00
Jerry Yu	e976492a11	Add session ticket tests for client Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-08-31 23:24:25 +08:00
Jerry Yu	e6527512d2	Add obfuscated_ticket_age write Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-08-31 23:24:25 +08:00
Jerry Yu	db8c5faed7	Add getting session ticket for client - Move ssl_get_psk_to_offer to `ssl_tls13_client.c` - Rename to `ssl_tls13_get_psk_to_offer` - Add session ticket parser Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-08-31 23:24:25 +08:00
Thomas Daubney	31e03a8e15	Replace hard-coded zeroes for constant Replace two occurances of hard-coded zero for MBEDTLS_SSL_COMPRESS_NULL in TLS 1.3 code. Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>	2022-07-26 16:13:23 +01:00
Jerry Yu	a66fecebe7	Add endpoint/ticket_flag field for session Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-07-22 23:08:43 +08:00
Ronald Cron	4beb870fa8	Merge pull request #6064 from xkqian/tls13_add_psk Add psk code to tls13 client side	2022-07-22 11:35:05 +02:00
XiaokangQian	bee71453b2	Improve the buffer pointer check in write pre_shared key Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-07-21 15:30:04 +02:00
XiaokangQian	3ad67bf4e3	Rename functions and add test messages Change-Id: Iab51b031ae82d7b2d384de708858be64be75f9ed Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-07-21 15:30:04 +02:00
XiaokangQian	7c12d31813	Refine comments for psk related code Change-Id: Iff5c176bb902919abc8d4fb78a185aa68704a791 Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-07-21 15:30:04 +02:00
XiaokangQian	8698195566	Address comments of various issues Improve comments Change coding style Rename functions Change-Id: Ia111aef303932cfeee693431c3d48f90342b32e5 Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-07-21 15:30:04 +02:00
XiaokangQian	adab9a6440	Fix transcript issues and add cases against openssl Change-Id: I496674bdb79f074368f11beaa604ce17a3062bc3 Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-07-21 15:30:04 +02:00
XiaokangQian	008d2bf80b	Address comments in psk client review Improve comments Refine cipher suite related code in psk Refine get_psk_offered() Change-Id: Ic3b0b5f86eb1e71f11bb499961aa8494284f1840 Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-07-21 15:30:04 +02:00
XiaokangQian	eb69aee6af	Add psk code to tls13 client side Change-Id: I222b2c9d393889448e5e6ad06638536b54edb703 Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-07-21 15:30:04 +02:00
Ronald Cron	799077177b	TLS 1.3: Use selected key exchange mode field Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-07-20 17:49:58 +02:00
Ronald Cron	7f9ccfeccc	TLS 1.3: Remove unnecessary key exchange mode check If there is a PSK involved in the key exchange and thus no certificate we do not go through the MBEDTLS_SSL_CERTIFICATE_REQUEST state thus there is no reason to check that in the coordination function of that state. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-07-20 17:47:23 +02:00
Jerry Yu	3afdf36de7	Add hash length check Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-07-20 18:12:08 +08:00
Jerry Yu	0a430c8aaf	Rename resumption_key and the hardcode len `resumption_key` is better name. Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-07-20 11:07:29 +08:00
Jerry Yu	08aed4def9	fix comments and time_t type issues Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-07-20 11:07:29 +08:00
Jerry Yu	a0446a0344	Add check_return flag Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-07-20 11:07:29 +08:00
Jerry Yu	4e6c42a533	fix various issues - wrong typo - unnecessary comments/debug code - wrong location Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-07-20 11:07:29 +08:00
Jerry Yu	cb3b1396f3	move resume psk ticket computation to end Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-07-20 11:07:29 +08:00
Jerry Yu	af2c0c8dd6	fix various comment/format issues Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-07-20 11:07:29 +08:00
Jerry Yu	a357cf4d4c	Rename new_session_ticket state Both client and server side use `MBEDTLS_SSL_NEW_SESSION_TICKET` now Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-07-20 11:07:29 +08:00
Jerry Yu	f8a4994ec7	Add tls13 new session ticket parser Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-07-20 11:07:29 +08:00
Ronald Cron	ce7d76e2ee	Merge remote-tracking branch 'mbedtls-restricted/development-restricted' into mbedtls-3.2.0rc0-pr	2022-07-11 10:22:37 +02:00
Ronald Cron	81a334fc02	tls13: Fix buffer overread checks in ssl_tls13_parse_alpn_ext() Some coding style alignement as well. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-06-28 09:21:13 +02:00
Ronald Cron	fb508b8f21	tls13: Move state changes up to state main handler Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-06-28 09:21:13 +02:00
Ronald Cron	5afb904022	tls13: Move out of place handshake field reset Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-06-28 09:18:42 +02:00
Ronald Cron	828aff6ead	tls13: Rename server_hello_coordinate to preprocess_server_hello Rename server_hello_coordinate to preprocess_server_hello as it is more aligned with what the function does. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-06-28 09:18:42 +02:00
Ronald Cron	db5dfa1f1c	tls13: Move ServerHello fetch to the ServerHello top handler Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-06-28 09:18:42 +02:00
Ronald Cron	9d6a545714	tls13: Re-organize EncryptedExtensions message parsing code Align the organization of the EncryptedExtensions message parsing code with the organization of the other message parsing codes. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-06-28 09:18:42 +02:00
Ronald Cron	c80835943c	tls13: Fix pointer calculation before space check Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-06-28 09:18:42 +02:00
Ronald Cron	2827106199	tls13: Add missing buffer overread check Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-06-28 09:18:42 +02:00
Ronald Cron	1938588e80	tls13: Align some debug messages with TLS 1.2 ones Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-06-24 12:06:46 +02:00
Manuel Pégourié-Gonnard	a3115dc0e6	Mark static int SSL functions CHECK_RETURN_CRITICAL Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2022-06-20 21:12:52 +02:00
XiaokangQian	23c5be6b94	Enable SNI test for both tls12 and tls13 Change-Id: Iae5c39668db7caa1a59d7e67f226a5286d91db22 CustomizedGitHooks: yes Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-06-07 09:43:13 +00:00
Jerry Yu	e3d67cb263	Improve readability Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-05-19 15:33:10 +08:00
Jerry Yu	e8c1fca67c	move trafic set to generic Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-05-18 16:57:45 +08:00
Gabor Mezei	696956da24	Typo Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2022-05-13 17:02:19 +02:00
Gabor Mezei	078e803d2c	Unify parsing of the signature algorithms extension Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2022-05-11 14:29:08 +02:00
Jerry Yu	93a13f2c38	Share magic word of HRR Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-05-09 15:48:59 +08:00
Jerry Yu	f86eb75c58	fix various issues Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-05-06 11:16:55 +08:00
Jerry Yu	e110d258d9	Add set outbound transform Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-05-05 19:59:59 +08:00
Jerry Yu	89e103c54c	tls13: Share write ecdh_key_exchange function Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-04-22 16:45:01 +08:00
Ronald Cron	38b8aa4f63	Merge pull request #5539 from xkqian/add_client_hello_to_server Add client hello into server side	2022-04-22 10:26:00 +02:00
XiaokangQian	0803755347	Update code base on review comments Refine named_group parsing Refine cipher_suites parsing Remove hrr related part Share code between client and server side Some code style changes Change-Id: Ia9ffd5ef9c0b64325f633241e0ea1669049fe33a Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-04-20 07:50:14 +00:00
XiaokangQian	9b5d04b078	Share parse_key_share() between client and server Change-Id: I3fd2604296dc0e1e8380f5405429a6b0feb6e981 Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-04-20 07:43:48 +00:00
Ronald Cron	fd8cbda3ec	Remove ECDH code specific to TLS 1.3 ECDH operations in TLS 1.3 are now done through PSA. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-04-19 18:31:24 +02:00
Ronald Cron	fd6193c285	ssl_tls13_client: Add downgrade attack protection Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-04-19 18:31:24 +02:00
Glenn Strauss	cd78df6aa4	handshake->min_minor_ver to ->min_tls_version Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>	2022-04-14 15:40:14 -04:00
Glenn Strauss	e3af4cb72a	mbedtls_ssl_(read\|write)_version using tls_version remove use of MBEDTLS_SSL_MINOR_VERSION_* remove use of MBEDTLS_SSL_MAJOR_VERSION_* (only remaining use is in tests/suites/test_suite_ssl.data) Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>	2022-04-14 15:40:14 -04:00
Glenn Strauss	60bfe60d0f	mbedtls_ssl_ciphersuite_t min_tls_version,max_tls_version Store the TLS version in tls_version instead of major, minor version num Note: existing application use which accesses the struct member (using MBEDTLS_PRIVATE) is not compatible, as the struct is now smaller. Reduce size of mbedtls_ssl_ciphersuite_t members are defined using integral types instead of enums in order to pack structure and reduce memory usage by internal ciphersuite_definitions[] Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>	2022-04-14 15:40:12 -04:00
Manuel Pégourié-Gonnard	1b05aff3ad	Merge pull request #5624 from superna9999/5312-tls-server-ecdh TLS ECDH 3b: server-side static ECDH (1.2)	2022-04-07 11:46:25 +02:00
Przemek Stekiel	a9f9335ee9	ssl_tls13_generate_and_write_ecdh_key_exchange(): remove redundant check This check can be removed as if the buffer is too small for the key, then export will fail. Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-04-04 17:32:30 +02:00
Neil Armstrong	91477a7964	Switch handshake->ecdh_bits to size_t and remove now useless cast & limit checks Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-03-31 15:24:18 +02:00
Ronald Cron	6476726ce4	Fix comments Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-31 14:13:57 +02:00
Ronald Cron	ba120bb228	ssl_tls13_client.c: Fix ciphersuite final validation As we may offer ciphersuites not compatible with TLS 1.3 in the ClientHello check that the selected one is compatible with TLS 1.3. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-31 09:35:33 +02:00
Ronald Cron	9847338429	ssl_tls13_client.c: Add check in supported_versions parsing Add check in ServerHello supported_versions parsing that the length of the extension data is exactly two. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-31 09:33:41 +02:00
Ronald Cron	a77fc2756e	ssl_tls13_client.c: versions ext writing : Fix available space check Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-31 09:27:35 +02:00
Ronald Cron	da41b38c42	Improve and fix comments Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-30 14:10:03 +02:00
Ronald Cron	dbe87f08ec	Propose TLS 1.3 and TLS 1.2 Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-29 18:58:31 +02:00
Ronald Cron	9f0fba374c	Add logic to switch to TLS 1.2 Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-29 18:58:31 +02:00
Ronald Cron	27c85e743f	ssl_tls.c: Unify TLS 1.2 and TLS 1.3 SSL state logs Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-29 18:58:31 +02:00
Ronald Cron	11e1857f5e	ssl_client.c: Fix key share code guards In TLS 1.3 key sharing is not restricted to key exchange with certificate authentication. It happens in the PSK and ephemeral key exchange mode as well where there is no certificate authentication. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-29 18:58:31 +02:00
Ronald Cron	3d580bf4bd	Move TLS 1.3 client hello writing to new TLS 1.2 and 1.3 client file Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-29 17:00:29 +02:00
Ronald Cron	8f6d39a81d	Make some handshake TLS 1.3 utility routines available for TLS 1.2 Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-29 14:42:17 +02:00
Ronald Cron	7ffe7ebe38	ssl_tls13_client.c: Add some MBEDTLS_SSL_PROTO_TLS1_3 guards Add some MBEDTLS_SSL_PROTO_TLS1_3 guards that will be necessary when the ClientHello writing code is made available when MBEDTLS_SSL_PROTO_TLS1_2 is enabled. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-29 14:42:17 +02:00
Ronald Cron	04fbd2b2ff	ssl_tls13_client.c: Move writing of TLS 1.3 specific extensions Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-29 14:42:17 +02:00
Ronald Cron	5b98ac9c64	TLS 1.3: Move PSA ECDH private key destroy to dedicated function Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-29 14:42:17 +02:00
Ronald Cron	60ff79424e	ssl_tls13_client.c: alpn: Miscellanous minor improvements Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-29 14:39:49 +02:00
Ronald Cron	13d8ea1dd9	ssl_tls13_client.c: alpn: Loop only once over protocol names This has although the benefit of getting rid of a potential integer overflow (though very unlikely and probably harmless). Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-29 14:39:49 +02:00
Ronald Cron	a0855a6d13	ssl_tls13_client.c: alpn: Add missing return value assignment Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-29 14:39:49 +02:00

1 2 3 4 5 ...

326 commits