Pengyu Lv
0a1ff2b969
Consistent renaming
...
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-12-08 10:01:58 +08:00
Pengyu Lv
fc2cb9632b
tls13: rename mbedtls_ssl_conf_tls13_check_kex_modes
...
The function is renamed to
mbedtls_ssl_conf_tls13_is_kex_mode_enabled.
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-12-08 10:01:57 +08:00
Pengyu Lv
60a22567e4
tls13: change return value of mbedtls_ssl_conf_tls13_check_kex_modes
...
To keep the convention in TLS code, check functions should return 0
when check is successful.
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-12-08 10:01:57 +08:00
Jerry Yu
c59c586ac4
change prototype of write_early_data_ext
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-12-06 18:21:15 +08:00
Jerry Yu
5233539d9f
share write_early_data_ext function
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-12-06 18:18:50 +08:00
Jerry Yu
c2b1bc4fb6
replace early data permission check
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-12-06 18:17:46 +08:00
Ronald Cron
a1e867c676
Merge pull request #8576 from yanrayw/issue/fix-tls13-session_negotiate-assignment
...
TLS13: CLI: EarlyData: Assign ciphersuite after associated verification in EE
2023-12-05 08:31:24 +00:00
Yanray Wang
744577a429
tls13: early_data: cli: check a PSK has been selected in EE
...
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-12-01 23:03:37 +08:00
Yanray Wang
9ae6534c20
tls13: early_data: cli: improve comment
...
This commit improves comment of why we assign the identifier of the
ciphersuite in handshake to `ssl->session_negotiate`.
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-12-01 17:46:08 +08:00
Yanray Wang
03a00768c0
tls13: early_data: cli: improve comment
...
This commit improves comment of the check for handshake parameters
in Encrypted Extension.
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-12-01 17:40:21 +08:00
Yanray Wang
e72dfff1d6
tls13: early_data: cli: improve comment
...
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-12-01 12:05:16 +08:00
Yanray Wang
2bef7fbc8d
tls13: early_data: cli: remove guard to fix failure
...
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-12-01 12:02:56 +08:00
Yanray Wang
b3e207d762
tls13: early_data: cli: rename early_data parser in nst
...
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-11-30 16:49:51 +08:00
Yanray Wang
0790041dc6
Revert "tls13: early_data: cli: remove nst_ prefix"
...
This reverts commit 3781ab40fb
.
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-11-30 16:44:44 +08:00
Yanray Wang
f4bad42670
itls13: early_data: cli: improve comment
...
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-11-30 15:58:07 +08:00
Yanray Wang
a29db7da2e
tls13: early_data: cli: assign ciphersuite properly
...
When early_data extension is enabled and sent in ClientHello,
the client does not know if the server will accept early data
and select the first proposed pre-shared key with a ciphersuite
that is different from the ciphersuite associated to the selected
pre-shared key. To address aforementioned case, we do associated
verification when parsing early_data ext in EncryptedExtensions.
Therefore we have to assign the ciphersuite in current handshake
to session_negotiate later than the associated verification.
This won't impact decryption of EncryptedExtensions since we
compute handshake keys by the ciphersuite in handshake not via
the one in session_negotiate.
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-11-30 14:27:38 +08:00
Yanray Wang
3781ab40fb
tls13: early_data: cli: remove nst_ prefix
...
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-11-23 18:17:14 +08:00
Yanray Wang
d012084e91
tls13: early_data: cli: optimize code
...
- remove unnecessary check
- using local variable session
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-11-23 16:38:20 +08:00
Yanray Wang
554ee62fba
tls13: early_data: fix wrong debug_ret message
...
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-11-22 18:55:03 +08:00
Yanray Wang
5da8ecffe6
tls13: nst early_data: remove duplicate code
...
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-11-22 18:52:21 +08:00
Yanray Wang
920db45818
tls13: early_data: support to parse max_early_data_size ext
...
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-11-22 10:33:11 +08:00
Jerry Yu
8e0174ac05
Add maximum ticket lifetime check
...
Also add comments for age cast
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-11-21 09:59:24 +08:00
Jerry Yu
cf9135100e
fix various issues
...
- fix CI failure due to wrong usage of ticket_lifetime
- Improve document and comments
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-11-21 09:58:19 +08:00
Jerry Yu
342a555eef
rename ticket received
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-11-21 09:58:19 +08:00
Jerry Yu
46c7926f74
Add maximum ticket lifetime check
...
Also add comments for age cast
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-11-21 09:58:19 +08:00
Jerry Yu
cebffc3446
change time unit of ticket to milliseconds
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-11-21 09:58:18 +08:00
Tom Cosgrove
53199b1c0a
Merge pull request #6720 from yuhaoth/pr/tls13-early-data-receive-0_rtt-and-eoed
...
TLS 1.3: EarlyData SRV: Write early data extension in EncryptedExtension
2023-11-07 13:59:13 +00:00
Dave Rodgman
4eb44e4780
Standardise some more headers
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-11-03 12:15:12 +00:00
Dave Rodgman
16799db69a
update headers
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-11-02 19:47:20 +00:00
Jerry Yu
960b7ebbcf
move psk check to EE message on client side
...
early_data extension is sent in EE. So it should
not be checked in SH message.
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-11-01 10:32:18 +08:00
Dave Rodgman
2eab462a8c
Fix IAR warnings
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-10-05 13:30:37 +01:00
Gilles Peskine
e820c0abc8
Update spelling "mbed TLS" to "Mbed TLS"
...
The official spelling of the trade mark changed from all-lowercase "mbed"
to normal proper noun capitalization "Mbed" a few years ago. We've been
using the new spelling in new text but still have the old spelling in a
lot of text. This commit updates most occurrences of "mbed TLS":
```
sed -i -e 's/mbed TLS/Mbed TLS/g' $(git ls-files ':!ChangeLog' ':!tests/data_files/**' ':!tests/suites/*.data' ':!programs/x509/*' ':!configs/tfm*')
```
Justification for the omissions:
* `ChangeLog`: historical text.
* `test/data_files/**`, `tests/suites/*.data`, `programs/x509/*`: many
occurrences are significant names in certificates and such. Changing
the spelling would invalidate many signatures and tests.
* `configs/tfm*`: this is an imported file. We'll follow the upstream
updates.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-09-12 19:18:17 +02:00
Valerio Setti
c9ae862225
tls: use TLS 1.3 guards in ssl_tls13 modules
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-07-25 11:23:50 +02:00
Valerio Setti
ea59c43499
tls: fix a comment a rename a variable/symbol
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-07-25 11:14:03 +02:00
Valerio Setti
3d237b5ff1
ssl_misc: fix guards for PSA data used in XXDH key exchanges
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-07-07 19:02:16 +02:00
Przemek Stekiel
408569f91a
Adapt function name: mbedtls_ssl_tls13_generate_and_write_dh_key_exchange
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-07-06 12:16:44 +02:00
Przemek Stekiel
7ac93bea8c
Adapt names: dh -> xxdh
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-07-05 09:26:26 +02:00
Przemek Stekiel
d5f79e7297
Adapt functions names for ffdh
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-07-05 09:26:26 +02:00
Przemek Stekiel
6f199859b6
Adapt handshake fields to ffdh
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-07-05 09:25:00 +02:00
Valerio Setti
dbd01cb677
tls13: fix guards for PSA error translating function
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-07-04 09:18:52 +02:00
Manuel Pégourié-Gonnard
56b159a12a
Merge pull request #7627 from mprse/ffdh_tls13_v2
...
Make use of FFDH keys in TLS 1.3 v.2
2023-07-03 10:12:33 +02:00
Przemek Stekiel
a05e9c1ec8
Fix selection of default FFDH group
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-06-15 17:07:16 +02:00
Przemek Stekiel
7d42c0d0e5
Code cleanup #2
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-06-13 12:30:40 +02:00
Andrzej Kurek
a6033ac431
Add missing guards in tls 1.3
...
Error translation is only used with these
defines on.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2023-06-13 05:46:47 -04:00
Andrzej Kurek
1e4a030b00
Fix wrong array size calculation in error translation code
...
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2023-06-13 05:46:47 -04:00
Andrzej Kurek
0064484a70
Optimize error translation code size
...
Introducing an intermediate function
saves code size that's otherwise taken by excessive,
repeated arguments in each place that
was translating errors.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2023-06-13 05:46:46 -04:00
Przemek Stekiel
75a5a9c205
Code cleanup
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-06-13 09:57:23 +02:00
Przemek Stekiel
29c219c285
Combine mbedtls_ssl_tls13_generate_and_write_ecdh/ffdh_key_exchange functions
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-06-06 12:31:09 +02:00
Przemek Stekiel
c89f3ea9f2
Add support for FFDH in TLS 1.3
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-06-06 12:31:08 +02:00
Manuel Pégourié-Gonnard
02b10d8266
Add missing include
...
Fix build failures with config full
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-06-06 10:33:54 +02:00