Gilles Peskine
07ba2be20b
Merge pull request #6304 from yuhaoth/pr/exclude-pre_shared_key-from-hrr-msg
...
TLS 1.3: PSK: Exclude pre_shared_key for HRR
2022-09-22 10:21:06 +02:00
Ronald Cron
be0224aef3
Merge pull request #6167 from yuhaoth/pr/finalize-tls13-session-tickets
2022-09-18 21:18:13 +02:00
Jerry Yu
ad4d2bb3e1
Exclude pre_shared_key for HRR
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-09-16 18:16:49 +08:00
Jerry Yu
0a55cc647c
Remove unnecessary var and improve comment
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-09-15 16:15:06 +08:00
Jerry Yu
f7dad3cfbe
fix various issues
...
- Naming
- format
- Reduce negative tolerance window
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-09-14 22:31:39 +08:00
Jerry Yu
acff823846
Add negative tolerance window
...
If `now == session->start` or the timer of
client is faster than server, client age might
be bigger than server.
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-09-14 14:50:44 +08:00
Jerry Yu
4746b10c2e
fix various issues
...
- Format issues
- Possible memory leak
- Improve naming and comment issues
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-09-13 15:37:46 +08:00
Jerry Yu
8d4bbbae4f
fix ticket age check issues
...
- Ticket age and ticket age add, obfuscated age
use different unit. Align the units to million
seconds.
- Add maximum ticket age check. Until now,
ticket_lifetime is not recorded in server side.
Check it with maximum ticket_lifetime.
- Free session when error found.
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-09-13 15:37:46 +08:00
Jerry Yu
466dda8553
Rename resumption master secret compute function
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-09-13 14:28:15 +08:00
Jerry Yu
58af2335d9
Add possible group tests for psk with ECDHE
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-09-06 14:49:39 +08:00
Jerry Yu
fd310ebf2d
fix coding style issues
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-09-06 09:16:35 +08:00
Jerry Yu
8253486c4f
Add session ticket support for server
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-08-31 23:24:25 +08:00
Jerry Yu
95699e72f3
Add session ticket identity check
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-08-31 23:24:25 +08:00
Jerry Yu
1e05b6dd6d
fix coding style and unnecessary assignment
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-08-31 10:35:52 +08:00
Jerry Yu
e5834fd0d7
remove unnecessary test
...
also optimize check sum
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-08-29 20:33:33 +08:00
Jerry Yu
0baf907e11
remove select_ciphersuite
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-08-25 11:21:04 +08:00
Jerry Yu
c5a23a0f12
fix various issues
...
- code style
- variable initialize
- update comments
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-08-25 11:09:35 +08:00
Jerry Yu
f35ba384ff
Add select ciphersuite entry function
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-08-23 22:01:58 +08:00
Jerry Yu
dd1bef788e
Add ciphersuite_info check
...
return null if no valid ciphersuite info
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-08-23 17:57:02 +08:00
Jerry Yu
29d9faa468
fix various issues.
...
- comments issues
- code format style issues
- naming improvement.
- error return improvements
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-08-23 17:53:43 +08:00
Jerry Yu
5725f1cf3a
Align ciphersuite with overwrite.
...
Selected ciphersuite MUST be same with ciphsersuite of PSK.
Overwrite the old ciphersuite with the one of PSK.
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-08-21 17:50:27 +08:00
Jerry Yu
9f7f646b11
Revert "remove psk key when ephemeral selected"
...
This reverts commit 5c28e7aa0e
.
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-08-21 12:59:17 +08:00
Jerry Yu
e9d4fc09a3
fix binder value security issue
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-08-21 12:59:17 +08:00
Jerry Yu
24b8c813c4
fix comments and wrong initial value issues
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-08-21 12:55:45 +08:00
Jerry Yu
6cf6b47b5c
fix format and comment issues
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-08-21 12:54:53 +08:00
Jerry Yu
5c28e7aa0e
remove psk key when ephemeral selected
...
ephemeral is selected, `handshake->psk` must be removed.
Otherwise the encrypt key will be caculate fail.
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-08-11 21:25:35 +08:00
Jerry Yu
56acc9421c
Write key_share base on key_exchange mode.
...
In ServerHello, write key share should base on key_exchange mode, not
base on configuration.
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-08-11 21:25:35 +08:00
Jerry Yu
f0bad2554a
Continue check next psk key when binder mismatch
...
with matched identity and mismatch binder, should check next psk key.
Exit with error will break multi-psk cases.
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-08-11 21:25:35 +08:00
Jerry Yu
32e1370fbc
Add config check for pre_shared_key parser
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-08-11 21:25:35 +08:00
Jerry Yu
e95c8af266
Align ciphersuite with psk key
...
With OpenSSL and GnuTLS client, if the MAC of ciphersuite
does not match selected binder, client will reject connection.
This change is to select ciphersuite base on algo of psk binder.
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-08-11 21:25:35 +08:00
Jerry Yu
40f3771e18
Add handshake psk export function.
...
Rename `ssl_tls13_get_psk` and export the
function.
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-08-11 21:25:35 +08:00
Thomas Daubney
31e03a8e15
Replace hard-coded zeroes for constant
...
Replace two occurances of hard-coded zero for
MBEDTLS_SSL_COMPRESS_NULL in TLS 1.3 code.
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
2022-07-26 16:13:23 +01:00
Ronald Cron
e579ece305
Merge pull request #6087 from yuhaoth/pr/add-tls13-serialize_session_save_load
...
TLS 1.3: Add serialize session save load
I can see that https://github.com/Mbed-TLS/mbedtls/pull/6087#discussion_r927935696 and https://github.com/Mbed-TLS/mbedtls/pull/6087#discussion_r924252403 are addressed in #6123 . Thus I am ok to merge it as it is.
2022-07-23 08:57:11 +02:00
Ronald Cron
340c559cb3
Merge pull request #6079 from yuhaoth/pr/add-tls13-parse-pre_shared_key_offered_psks
...
TLS 1.3: PSK: Add parser/writer of pre_shared_key extension on server side.
2022-07-23 08:50:45 +02:00
Jerry Yu
13ab81d5ac
Add handshake failure in pre_shared_key withou psk_kex_modes
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-07-22 23:17:11 +08:00
Jerry Yu
a66fecebe7
Add endpoint/ticket_flag field for session
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-07-22 23:08:43 +08:00
Jerry Yu
6f1db3fc92
fix format and potential non-PSK fail issue
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-07-22 23:05:59 +08:00
Jerry Yu
ce6ed7076a
Change the order of key_exchange determine
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-07-22 21:49:53 +08:00
Jerry Yu
ba9b6e9e53
fix unkown identity case
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-07-22 21:45:05 +08:00
Jerry Yu
568ec2502a
fix format/name issues
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-07-22 21:27:34 +08:00
Jerry Yu
2f0abc94d8
fix typo/type/format issues
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-07-22 19:34:48 +08:00
Jerry Yu
77f0148e11
Add psk/psk_ephemeral key exchange check
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-07-21 23:27:22 +08:00
Ronald Cron
32578b3bd0
Merge pull request #6069 from yuhaoth/pr/add-tls13-write-new-session-ticket
...
TLS 1.3:add tls13 write new session ticket
Validated by the internal CI and Travis.
2022-07-21 16:17:35 +02:00
Jerry Yu
96a2e368dc
TLS 1.3: Add pre-shared-key multiple psk parser
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-07-21 18:00:13 +08:00
Jerry Yu
6119715e05
Change type cast to size_t
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-07-21 16:28:02 +08:00
Jerry Yu
1c9247cff4
TLS 1.3: Add pre_share_key last ext check
...
From RFC, pre_share_key must be the last one.
Add check for it. And with/without psk, it should
be check
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-07-21 16:19:50 +08:00
Jerry Yu
352cd7db59
fix various issues
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-07-21 16:19:50 +08:00
Jerry Yu
daf375aa8b
fix issues of check_binder_match
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-07-21 16:19:50 +08:00
Jerry Yu
bb852029f4
fix naming issues
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-07-21 16:19:50 +08:00
Jerry Yu
6e74a7e3c7
Add check return flags
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-07-21 16:19:50 +08:00