Jerry Yu
e96551276a
switch inbound transform to handshake
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-12-01 16:53:50 +08:00
Jerry Yu
75c9ab76b5
implement parser of eoed
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-12-01 16:53:50 +08:00
Jerry Yu
b4ed4602f2
implement coordinate of eoed
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-12-01 16:34:00 +08:00
Jerry Yu
d5c3496ce2
Add dummy framework of eoed state
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-12-01 16:32:31 +08:00
Jerry Yu
59d420f17b
empty process_end_of_early_data
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-12-01 16:30:34 +08:00
Jerry Yu
9b72e39701
re-introduce process_wait_flight2
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-12-01 16:27:08 +08:00
Jerry Yu
e32fac3d23
remove wait_flight2 state
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-12-01 16:25:16 +08:00
Jerry Yu
d33f7a8c72
improve document
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-11-29 15:09:21 +08:00
Jerry Yu
87b5ed4e5b
Add server side end-of-early-data handler
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-11-22 16:48:39 +08:00
Jerry Yu
7d8c3fe12c
Add wait flight2 state.
...
The state is come from RFC8446 section A.2
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-11-22 16:48:39 +08:00
Jerry Yu
4e9b70e03a
Add early transform computation when accepted
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-11-22 16:48:39 +08:00
Jerry Yu
60e997205d
replace check string
...
The output has been changed
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-11-21 09:59:25 +08:00
Jerry Yu
713ce1f889
various improvement
...
- improve change log entry
- improve comments
- remove unnecessary statement
- change type of client_age
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-11-21 09:59:25 +08:00
Jerry Yu
d84c14f80c
improve code style
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-11-21 09:59:24 +08:00
Jerry Yu
9cb953a402
improve document
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-11-21 09:59:24 +08:00
Jerry Yu
8e0174ac05
Add maximum ticket lifetime check
...
Also add comments for age cast
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-11-21 09:59:24 +08:00
Jerry Yu
cf9135100e
fix various issues
...
- fix CI failure due to wrong usage of ticket_lifetime
- Improve document and comments
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-11-21 09:58:19 +08:00
Jerry Yu
25ba4d40ef
rename ticket_creation
to ticket_creation_time
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-11-21 09:58:19 +08:00
Jerry Yu
46c7926f74
Add maximum ticket lifetime check
...
Also add comments for age cast
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-11-21 09:58:19 +08:00
Jerry Yu
28e7c554f4
Change the bottom of tolerance window
...
The unit of ticket time has been changed to milliseconds.
And age difference might be negative
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-11-21 09:58:19 +08:00
Jerry Yu
31b601aa15
improve comments
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-11-21 09:58:18 +08:00
Jerry Yu
ec6d07870d
Replace start
with ticket_creation
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-11-21 09:58:18 +08:00
Jerry Yu
f16efbc78d
fix various issues
...
- Add comments for ticket test hooks
- improve code style.
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-11-21 09:58:18 +08:00
Jerry Yu
cebffc3446
change time unit of ticket to milliseconds
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-11-21 09:58:18 +08:00
Ronald Cron
97137f91b6
Merge pull request #7071 from yuhaoth/pr/tls13-ticket-add-max_early_data_size-field
...
TLS 1.3 EarlyData: add `max_early_data_size` field for ticket
2023-11-20 08:04:57 +00:00
Tom Cosgrove
53199b1c0a
Merge pull request #6720 from yuhaoth/pr/tls13-early-data-receive-0_rtt-and-eoed
...
TLS 1.3: EarlyData SRV: Write early data extension in EncryptedExtension
2023-11-07 13:59:13 +00:00
Tom Cosgrove
4122c16abd
Merge pull request #6945 from lpy4105/issue/6935/ticket_flags-kex-mode-determination
...
TLS 1.3: SRV: Check ticket_flags on kex mode determination when resumption
2023-11-07 09:26:21 +00:00
Jerry Yu
7ef9fd8989
fix various issues
...
- Debug message
- Improve comments
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-11-07 14:31:37 +08:00
Jerry Yu
2bea94ce2e
check the ticket version unconditional
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-11-07 14:18:17 +08:00
Pengyu Lv
44670c6eda
Revert "TLS 1.3: SRV: Don't select ephemeral mode on resumption"
...
This reverts commit dadeb20383
.
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-11-07 09:58:53 +08:00
Dave Rodgman
16799db69a
update headers
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-11-02 19:47:20 +00:00
Jerry Yu
82fd6c11bd
Add selected key and ciphersuite check
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-11-01 10:32:17 +08:00
Jerry Yu
ce3b95e2c9
move ticket version check
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-11-01 10:32:17 +08:00
Jerry Yu
454dda3e25
fix various issues
...
- improve output message
- Remove unnecessary checks
- Simplify test command
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-11-01 10:28:43 +08:00
Pengyu Lv
dbd1e0d986
tls13: add helpers to check if psk[_ephemeral] allowed by ticket
...
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-10-31 10:17:17 +08:00
Pengyu Lv
29daf4a36b
tls13: server: fully check ticket_flags with available kex mode.
...
We need to fully check if the provided session ticket could be
used in the handshake, so that we wouldn't cause handshake
failure in some cases. Here we bring f8e50a9
back.
Example scenario:
A client proposes to a server, that supports only the psk_ephemeral
key exchange mode, two tickets, the first one is allowed only for
pure PSK key exchange mode and the second one is psk_ephemeral only.
We need to select the second tickets instead of the first one whose
ticket_flags forbid psk_ephemeral and thus cause a handshake
failure.
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-10-31 09:34:14 +08:00
Pengyu Lv
cfb23b8090
tls13: server: parse pre_shared_key only when some psk is selectable
...
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-10-30 15:26:26 +08:00
Jerry Yu
71c14f1db6
write early data indication in EE msg
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-10-27 10:52:49 +08:00
Jerry Yu
985c967a14
tls13: add more checks for server early data
...
- check if it is enabled
- check if it is psk mode
- check if it is resumption
- check if it is tls13 version
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-10-27 10:52:27 +08:00
Pengyu Lv
7b711710b2
Add check_ticket_flags helper function
...
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-10-24 17:07:14 +08:00
Pengyu Lv
ed5e4e86a5
Merge branch 'development' into issue/6935/ticket_flags-kex-mode-determination
2023-10-18 18:03:07 +08:00
Jerry Yu
b47b2990d6
fix various issues
...
- fix wrong typo
- remove redundant check
- remove psk mode tests
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-10-18 15:50:35 +08:00
Jerry Yu
ab0da370a4
Add early data status update
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-10-12 15:02:01 +08:00
Jerry Yu
33bf240e53
Add max_early_data_size into copy list
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-10-12 15:00:26 +08:00
Dave Rodgman
2eab462a8c
Fix IAR warnings
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-10-05 13:30:37 +01:00
Manuel Pégourié-Gonnard
de8f56e936
Merge pull request #7884 from valeriosetti/issue7612
...
TLS: Clean up (EC)DH dependencies
2023-08-01 07:13:36 +00:00
Valerio Setti
c9ae862225
tls: use TLS 1.3 guards in ssl_tls13 modules
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-07-25 11:23:50 +02:00
Valerio Setti
ea59c43499
tls: fix a comment a rename a variable/symbol
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-07-25 11:14:03 +02:00
Gilles Peskine
6aca2c9613
Merge pull request #7716 from mpg/psa-util-internal
...
Split psa_util.h between internal and public
2023-07-10 18:33:23 +02:00
Manuel Pégourié-Gonnard
5c41ae867b
Merge pull request #7887 from ronald-cron-arm/fix-hrr-in-psk-kem
...
tls13: server: Fix spurious HRR
2023-07-10 09:58:13 +02:00
Valerio Setti
3d237b5ff1
ssl_misc: fix guards for PSA data used in XXDH key exchanges
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-07-07 19:02:16 +02:00
Ronald Cron
8a74f07c2a
tls13: server: Fix spurious HRR
...
If the server during a TLS 1.3 handshake selects
the PSK key exchange mode, it does not matter
if it did not find in the key share extension
a key share for a group it supports. Such a
key share is used and necessary only in the
case of the ephemeral or PSK ephemeral key
exchange mode. This is a possible scenario in
the case of a server that supports only the PSK
key exchange mode and a client that also
supports a key exchange mode with ephemeral keys.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2023-07-07 15:53:12 +02:00
Manuel Pégourié-Gonnard
d55d66f5ec
Fix missing includes
...
Some files relied on psa_util.h to provide the includes they need.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-07-06 12:47:28 +02:00
Przemek Stekiel
408569f91a
Adapt function name: mbedtls_ssl_tls13_generate_and_write_dh_key_exchange
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-07-06 12:16:44 +02:00
Przemek Stekiel
7ac93bea8c
Adapt names: dh -> xxdh
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-07-05 09:26:26 +02:00
Przemek Stekiel
d5f79e7297
Adapt functions names for ffdh
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-07-05 09:26:26 +02:00
Manuel Pégourié-Gonnard
56b159a12a
Merge pull request #7627 from mprse/ffdh_tls13_v2
...
Make use of FFDH keys in TLS 1.3 v.2
2023-07-03 10:12:33 +02:00
Przemek Stekiel
8c0a95374f
Adapt remaining guards to FFDH
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-06-15 17:07:10 +02:00
Przemek Stekiel
29c219c285
Combine mbedtls_ssl_tls13_generate_and_write_ecdh/ffdh_key_exchange functions
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-06-06 12:31:09 +02:00
Przemek Stekiel
63706628d0
Adapt guards for FFDH
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-06-06 12:31:08 +02:00
Przemek Stekiel
c89f3ea9f2
Add support for FFDH in TLS 1.3
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-06-06 12:31:08 +02:00
Manuel Pégourié-Gonnard
02b10d8266
Add missing include
...
Fix build failures with config full
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-06-06 10:33:54 +02:00
Manuel Pégourié-Gonnard
1f2a587cdf
Use actual function instead of static inline
...
Large static inline functions used from several translation units in the
library are bad for code size as we end up with multiple copies. Use the
actual function instead. There's already a comment that says so.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-06-06 10:33:54 +02:00
Manuel Pégourié-Gonnard
2d6d993662
Use MD<->PSA functions from MD light
...
As usual, just a search-and-replace plus:
1. Removing things from hash_info.[ch]
2. Adding new auto-enable MD_LIGHT in build-info.h
3. Including md_psa.h where needed
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-06-06 10:33:54 +02:00
YxC
da609130f3
fix: correct calling to time function in tls13 client&server
...
Call `mbedtls_time` to handle the case when MBEDTLS_PLATFORM_TIME_MACRO is defined
Signed-off-by: Yuxiang Cao <yuxiang.cao@fortanix.com>
2023-05-22 13:22:00 -07:00
Xiaokang Qian
49f39c1e91
Fix the wrong debug _message function to _ret
...
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2023-04-10 08:29:17 +00:00
Xiaokang Qian
09c3cccf97
Update the todo comment of record size limits
...
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2023-04-10 08:29:17 +00:00
Xiaokang Qian
8bce0e6f5e
Update group ext debug message in ssl_tls13_server.c
...
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2023-04-10 08:29:17 +00:00
Xiaokang Qian
9f1747bb1f
Wrap lines which exceed 80 chars in ssl_tls13_server.c
...
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2023-04-10 08:29:14 +00:00
Ronald Cron
dad02b2bec
tls13: srv: Fix comment
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2023-04-06 10:32:05 +02:00
Ronald Cron
e45afd760d
Use specific pointer to loop over proposed cipher suites
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2023-04-06 10:32:01 +02:00
Ronald Cron
eff5673e09
Improve and align variable names for supported versions data
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2023-04-06 10:26:18 +02:00
Ronald Cron
3bd2b02486
Check for TLS 1.3 version first
...
Check for TLS 1.3 version first when parsing
the supported versions extension as it is
the most likely version.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2023-04-06 10:26:18 +02:00
Ronald Cron
b828c7d3de
Fix, improve and add comments
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2023-04-06 10:26:18 +02:00
Ronald Cron
5af4c7f0e2
tls13: srv: Add detection to negotiate TLS 1.2
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2023-04-06 10:26:18 +02:00
Ronald Cron
8c527d0be8
tls13: srv: Parse supported versions extension early
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2023-04-06 10:26:18 +02:00
Ronald Cron
2f16b4ec66
tls13: srv: Postpone cipher suite selection
...
Postpone TLS 1.3 cipher suite selection
when we are sure we negotiate the version
1.3 of the protocol.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2023-04-06 10:26:18 +02:00
Ronald Cron
cada410365
tls13: srv: Postpone legacy session id copy
...
To avoid doing it twice in case we eventually
negotiate the version 1.2 of the protocol,
postpone the copy of the legacy session id.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2023-04-06 10:26:18 +02:00
Ronald Cron
d540d995b2
tls13: srv: Postpone client random copy
...
To avoid doing it twice in case we eventually
negotiate the version 1.2 of the protocol,
postpone the copy of the client random
bytes.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2023-04-06 10:26:18 +02:00
Ronald Cron
6458239b36
tls13: srv: Move TLS version setting
...
When parsing the ClientHello message,
move the setting of the TLS version
to TLS 1.3 after the computation of
the end of the list of cipher suites.
At that point we are able to compute
the address and end address of the
list of extensions and thus able to
search and parse the supported_versions
extension to select which version
of the TLS protocol we are going to
negotiate.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2023-04-06 10:26:18 +02:00
Paul Elliott
d01a3bca05
Merge tag 'v3.4.0' into mbedtls-3.4.0_mergeback
...
Mbed TLS 3.4.0
2023-03-27 18:09:49 +01:00
Valerio Setti
080a22ba75
ssl_tls13: use PSA_WANT_ALG_ECDH as symbol for marking ECDH capability
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-03-22 10:48:34 +01:00
Valerio Setti
0c8ec3983e
ssl_tls: fix proper guards for accelerated ECDH
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-03-22 10:48:34 +01:00
Paul Elliott
f1eb5e2a04
Merge branch 'development-restricted' into mbedtls-3.4.0rc0-pr
...
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2023-03-21 15:35:17 +00:00
Jan Bruckner
1a38e54436
Changes from 2nd review
...
Signed-off-by: Jan Bruckner <jan@janbruckner.de>
2023-03-15 14:15:11 +01:00
Jan Bruckner
a0589e75a0
Changes from review
...
Signed-off-by: Jan Bruckner <jan@janbruckner.de>
2023-03-15 11:04:45 +01:00
Jan Bruckner
151f64283f
Add parsing for Record Size Limit extension in TLS 1.3
...
Fixes #7007
Signed-off-by: Jan Bruckner <jan@janbruckner.de>
2023-03-14 08:41:25 +01:00
Paul Elliott
e4622a3436
Merge remote-tracking branch 'development/development' into development-restricted
...
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2023-03-13 17:49:32 +00:00
Manuel Pégourié-Gonnard
43cc127d3a
Fix code style
...
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-02-21 15:39:12 +01:00
Manuel Pégourié-Gonnard
b8b07aa24a
Handle errors from functions that now return int
...
A few functions were changed from returning void to returning int three
commits ago. Make sure their callers check the return values.
This commits was basically a matter of declaring newly-int-returning
functions MBEDTLS_CHECK_RETURN_CRITICAL and then fixing the resulting
warnings. A few functions had to be made int in the process; they were
applied the same process as well.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-02-21 15:39:12 +01:00
Ronald Cron
d89360b87b
Fix and improve documentation, comments and logs
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2023-02-21 14:57:25 +01:00
Ronald Cron
25e9ec61f0
tls13: server: Select preferred cipher suite
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2023-02-20 11:42:19 +01:00
Ronald Cron
fc7ae87ad4
tls13: server: Check ciphersuite list length parity once
...
Check ciphersuite list length parity once,
mainly to enable the possibility of getting
out of the loop of the ciphersuites whenever
we want.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2023-02-20 11:42:19 +01:00
Ronald Cron
606671e06e
tls13: server: Check mbedtls_ssl_set_hs_psk returned value
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2023-02-20 11:42:19 +01:00
Pengyu Lv
52ad333040
simplify helper function name
...
Rename ssl_tls13_check_psk_mode_allowed_by_ticket to
ssl_tls13_ticket_permission_check
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-02-14 14:32:37 +08:00
Xiaokang Qian
934ce6f6a9
Rename the finalize_client{server}_hello()
...
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2023-02-08 05:47:48 +00:00
Pengyu Lv
306a01da4d
refactor: move ticket_flags check into a function
...
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-02-02 16:57:49 +08:00
Pengyu Lv
766796839b
Revert "TLS 1.3: SRV: Validate kex modes when parsing psk"
...
This reverts commit f8e50a9607
.
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-02-02 16:57:42 +08:00
Pengyu Lv
dadeb20383
TLS 1.3: SRV: Don't select ephemeral mode on resumption
...
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-01-18 17:42:26 +08:00
Pengyu Lv
f8e50a9607
TLS 1.3: SRV: Validate kex modes when parsing psk
...
On resumption, after the psk identity is matched, we
should check if psk and/or psk_ephemeral, which are
allowed by session ticket, are valid to be selected.
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-01-18 17:42:12 +08:00