mbedtls

Author	SHA1	Message	Date
Glenn Strauss	cd78df6aa4	handshake->min_minor_ver to ->min_tls_version Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>	2022-04-14 15:40:14 -04:00
Glenn Strauss	e3af4cb72a	mbedtls_ssl_(read\|write)_version using tls_version remove use of MBEDTLS_SSL_MINOR_VERSION_* remove use of MBEDTLS_SSL_MAJOR_VERSION_* (only remaining use is in tests/suites/test_suite_ssl.data) Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>	2022-04-14 15:40:14 -04:00
Glenn Strauss	60bfe60d0f	mbedtls_ssl_ciphersuite_t min_tls_version,max_tls_version Store the TLS version in tls_version instead of major, minor version num Note: existing application use which accesses the struct member (using MBEDTLS_PRIVATE) is not compatible, as the struct is now smaller. Reduce size of mbedtls_ssl_ciphersuite_t members are defined using integral types instead of enums in order to pack structure and reduce memory usage by internal ciphersuite_definitions[] Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>	2022-04-14 15:40:12 -04:00
Manuel Pégourié-Gonnard	1b05aff3ad	Merge pull request #5624 from superna9999/5312-tls-server-ecdh TLS ECDH 3b: server-side static ECDH (1.2)	2022-04-07 11:46:25 +02:00
Przemek Stekiel	a9f9335ee9	ssl_tls13_generate_and_write_ecdh_key_exchange(): remove redundant check This check can be removed as if the buffer is too small for the key, then export will fail. Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-04-04 17:32:30 +02:00
Neil Armstrong	91477a7964	Switch handshake->ecdh_bits to size_t and remove now useless cast & limit checks Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-03-31 15:24:18 +02:00
Ronald Cron	6476726ce4	Fix comments Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-31 14:13:57 +02:00
Ronald Cron	ba120bb228	ssl_tls13_client.c: Fix ciphersuite final validation As we may offer ciphersuites not compatible with TLS 1.3 in the ClientHello check that the selected one is compatible with TLS 1.3. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-31 09:35:33 +02:00
Ronald Cron	9847338429	ssl_tls13_client.c: Add check in supported_versions parsing Add check in ServerHello supported_versions parsing that the length of the extension data is exactly two. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-31 09:33:41 +02:00
Ronald Cron	a77fc2756e	ssl_tls13_client.c: versions ext writing : Fix available space check Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-31 09:27:35 +02:00
Ronald Cron	da41b38c42	Improve and fix comments Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-30 14:10:03 +02:00
Ronald Cron	dbe87f08ec	Propose TLS 1.3 and TLS 1.2 Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-29 18:58:31 +02:00
Ronald Cron	9f0fba374c	Add logic to switch to TLS 1.2 Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-29 18:58:31 +02:00
Ronald Cron	27c85e743f	ssl_tls.c: Unify TLS 1.2 and TLS 1.3 SSL state logs Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-29 18:58:31 +02:00
Ronald Cron	11e1857f5e	ssl_client.c: Fix key share code guards In TLS 1.3 key sharing is not restricted to key exchange with certificate authentication. It happens in the PSK and ephemeral key exchange mode as well where there is no certificate authentication. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-29 18:58:31 +02:00
Ronald Cron	3d580bf4bd	Move TLS 1.3 client hello writing to new TLS 1.2 and 1.3 client file Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-29 17:00:29 +02:00
Ronald Cron	8f6d39a81d	Make some handshake TLS 1.3 utility routines available for TLS 1.2 Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-29 14:42:17 +02:00
Ronald Cron	7ffe7ebe38	ssl_tls13_client.c: Add some MBEDTLS_SSL_PROTO_TLS1_3 guards Add some MBEDTLS_SSL_PROTO_TLS1_3 guards that will be necessary when the ClientHello writing code is made available when MBEDTLS_SSL_PROTO_TLS1_2 is enabled. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-29 14:42:17 +02:00
Ronald Cron	04fbd2b2ff	ssl_tls13_client.c: Move writing of TLS 1.3 specific extensions Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-29 14:42:17 +02:00
Ronald Cron	5b98ac9c64	TLS 1.3: Move PSA ECDH private key destroy to dedicated function Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-29 14:42:17 +02:00
Ronald Cron	60ff79424e	ssl_tls13_client.c: alpn: Miscellanous minor improvements Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-29 14:39:49 +02:00
Ronald Cron	13d8ea1dd9	ssl_tls13_client.c: alpn: Loop only once over protocol names This has although the benefit of getting rid of a potential integer overflow (though very unlikely and probably harmless). Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-29 14:39:49 +02:00
Ronald Cron	a0855a6d13	ssl_tls13_client.c: alpn: Add missing return value assignment Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-29 14:39:49 +02:00
XiaokangQian	c02768a399	Replace ssl->handshake with handshake in write_cookie_ext() Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-03-25 07:50:56 +00:00
XiaokangQian	9b93c0dd8d	Change cookie parameters for dtls and tls 1.3 Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-03-25 07:50:56 +00:00
XiaokangQian	25c9c9023c	Refine cookie len to fix compile issues Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-03-25 07:50:56 +00:00
XiaokangQian	9deb90f74e	Change parameter names and code style Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-03-25 07:50:56 +00:00
XiaokangQian	5e3c947841	Fix right-shift data loss issue with MBEDTLS_PUT_UINT16_BE in cookie Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-03-25 07:50:56 +00:00
XiaokangQian	233397ef88	Update code base on comments Remove state MBEDTLS_SSL_CLIENT_CCS_AFTER_CLIENT_HELLO cause no early data Change code styles and comments Fix cookie write issues Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-03-25 07:50:56 +00:00
XiaokangQian	0b64eedba8	Add cookies write in client hello Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-03-25 07:50:56 +00:00
Ronald Cron	8d7afc642c	Merge pull request #5523 from ronald-cron-arm/one-flush-output-development TLS 1.3: One flush output	2022-03-21 08:44:04 +01:00
Ronald Cron	a8b38879e1	Move state change from CLIENT_CERTIFICATE_VERIFY to its main handler Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-10 13:58:17 +01:00
Ronald Cron	7a94aca81a	Move state change from CLIENT_CERTIFICATE to its main handler Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-10 13:58:04 +01:00
Ronald Cron	5bb8fc830a	Call Certificate writing generic handler only if necessary Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-09 07:51:52 +01:00
Ronald Cron	9f55f6316e	Move state change from CSS states to their main handler Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-09 07:51:52 +01:00
Ronald Cron	3addfa4964	Move state change from WRITE_CLIENT_HELLO to its main handler Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-09 07:51:52 +01:00
Ronald Cron	9df7c80c78	TLS 1.3: Always go through the CLIENT_CERTIFICATE state Even if certificate authentication is disabled at build time, go through the MBEDTLS_SSL_CLIENT_CERTIFICATE state. It simplifies overall the code for a small code size cost when certificate authentication is disabled at build time. Furthermore that way we have only one point in the code where we switch to the handshake keys for record encryption. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-09 07:50:08 +01:00
Paul Elliott	17f452aec4	Merge pull request #5448 from lhuang04/tls13_alpn Port ALPN support for tls13 client from tls13-prototype	2022-03-08 17:53:38 +00:00
Manuel Pégourié-Gonnard	d815114f93	Merge pull request #5524 from mprse/tls_ecdh_2c TLS ECDH 2c: ECHDE in TLS 1.3 (client-side)	2022-03-08 11:43:45 +01:00
Przemek Stekiel	e894c5c4a5	Fix code style (indentation) in ssl_tls13_generate_and_write_ecdh_key_exchange() Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-03-02 08:45:56 +01:00
Jerry Yu	ca133a34c5	Change state machine Skip CertificateVerfiy if empty certificate or no CertificateRequest received. Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-02-22 10:17:58 +08:00
Jerry Yu	90f152dfac	fix psk only build fail Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-02-22 10:17:58 +08:00
Jerry Yu	72637c734b	fix write certificate fail Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-02-22 10:17:58 +08:00
Jerry Yu	8511f125af	Add certificteVerify Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-02-22 10:17:58 +08:00
Jerry Yu	5cc3506c9f	Add write certificate and client handler Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-02-22 10:17:58 +08:00
Jerry Yu	566c781290	Add dummy state for client_certifiate Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-02-22 10:17:58 +08:00
Jerry Yu	cc43c6bee5	fix coding style issue Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-02-21 09:06:00 +08:00
Jerry Yu	fb4b6478ee	tls13_only: improve guards of files. To improve readability of the preprocess guards. Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-02-21 09:06:00 +08:00
Przemyslaw Stekiel	0f5ecefbe9	Clean up the code - remove redundant local buffer - fix code style Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>	2022-02-15 08:53:36 +01:00
Przemyslaw Stekiel	169f115bf0	ssl_client2: init psa crypto for TLS 1.3 build Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>	2022-02-14 17:15:04 +01:00
lhuang04	86cacac91a	Port ALPN support for tls13 client from tls13-prototype Summary: Port ALPN implementation of tls13 client from [tls13-prototype](https://github.com/hannestschofenig/mbedtls/blob/tls13-prototype/library/ssl_tls13_client.c#L1124). Test Plan: Reviewers: Subscribers: Tasks: Tags: Signed-off-by: lhuang04 <lhuang04@fb.com>	2022-02-14 08:03:32 -08:00
Przemyslaw Stekiel	4f419e55a1	ssl_tls13_write_key_share_ext: initialize key_exchange_len (compiler warning) Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>	2022-02-14 10:19:53 +01:00
Przemyslaw Stekiel	6d6aabdb0d	Remove unused function: ssl_tls13_check_ecdh_params() Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>	2022-02-14 10:13:10 +01:00
Przemyslaw Stekiel	9e23ddb09d	Change ssl_tls13_read_public_ecdhe_share() to use PSA-specific parsing code. Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>	2022-02-14 10:13:00 +01:00
Przemyslaw Stekiel	ea859c24b7	Change ssl_tls13_generate_and_write_ecdh_key_exchange() to use PSA Generate ECDH private key using psa_generate_key() Export the public part of the ECDH private key using psa_export_public_key() Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>	2022-02-11 15:17:05 +01:00
Jerry Yu	7840f81303	fix client_auth fail Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-02-09 19:43:22 +08:00
Ronald Cron	6ca6faa67e	Merge pull request #5080 from xffbai/add-tls13-read-certificate-request add tls1_3 read certificate request	2022-02-09 09:51:55 +01:00
Xiaofei Bai	7c8b6a97b9	Update CertificateRequest skip condition Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com>	2022-02-08 15:21:13 +00:00
Xiaofei Bai	c234ecf695	Update mbedtls_ssl_handshake_free() and address review comments. Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com>	2022-02-08 10:26:42 +00:00
Xiaofei Bai	51f515a503	update based on comments Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com>	2022-02-08 07:28:04 +00:00
Xiaofei Bai	6d42bb430c	Update mbedtls_ssl_handshake_free() Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com>	2022-01-28 10:05:51 +00:00
Xiaofei Bai	82f0a9a1db	Rebase and address review comments Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com>	2022-01-27 07:53:52 +00:00
XiaokangQian	a909061c2a	Refine HRR parse successfully message in test cases Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-01-27 03:48:27 +00:00
XiaokangQian	34909746df	Change cookie free code and some comments Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-01-27 02:25:04 +00:00
XiaokangQian	52da558103	Change code base on comments Align the alert type in parse_server_hello Remove MBEDTLS_SSL_COOKIE_C guard Enable cookie for both DTLS and TLS1.3 Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-01-26 10:53:15 +00:00
XiaokangQian	aec1f3e913	Cookie fields are used only by DTLS 1.3 Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-01-26 10:53:15 +00:00
XiaokangQian	b119a35d07	Refine fatal alert in parse_server_hello Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-01-26 10:53:15 +00:00
XiaokangQian	d59be77ce7	Refine code based on comments Add comments for parse hrr key share and cookie Change variable names based on RFC8466 Refine fatal allerts in parse server hello and hrr Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-01-26 10:53:15 +00:00
XiaokangQian	43550bd761	Prepare function to parse hrr cookie extension Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-01-26 10:53:15 +00:00
XiaokangQian	2b01dc30cb	Add hrr no change check and allign mbedtls_ssl_session_reset_msg_layer Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-01-26 10:53:15 +00:00
XiaokangQian	355e09ae9d	Change code base on comments Change functions name Change some comments Improve hrr test case for gnutls Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-01-26 10:53:15 +00:00
XiaokangQian	78b1fa7e81	Update code base on comments Move reset transcript for hrr to generic Reset SHA256 or SHA384 other than both Rename message layer reset Add check log for hrr parse successfully Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-01-26 10:53:15 +00:00
XiaokangQian	53f20b71c5	Improve ssl_tls13_parse_server_hello Avoid coping random bytes in hrr Send illegal parameter alert when cipher suite mismatch Send illegal parameter alert when supported_version not exist Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-01-26 10:51:13 +00:00
XiaokangQian	d9e068e10b	Change code based on comments Align coding styles Add hrr parameter for ssl_tls13_parse_server_hello Add reset steps for SHA384 in HRR Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-01-26 10:51:13 +00:00
XiaokangQian	8945db36ab	Reduce paramter hrr from ssl_tls13_parse_server_hello Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-01-26 10:51:13 +00:00
XiaokangQian	b48894eca4	Add buffer check for named group Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-01-26 10:51:13 +00:00
XiaokangQian	16acd4b3e4	Reject the second HRR earlier and align naming styles Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-01-26 10:51:13 +00:00
XiaokangQian	b851da8a44	Re-construct the code to merge hello and hrr based on comments Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-01-26 10:51:13 +00:00
XiaokangQian	0b56a8f85c	Replace curve_list with group_list and add update test scripts Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-01-26 10:51:13 +00:00
XiaokangQian	51eff22c9b	Align oode style with server hello parse Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-01-26 10:51:13 +00:00
XiaokangQian	647719a172	Add hello retry request in client side Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-01-26 10:50:06 +00:00
Xiaofei Bai	69fcd39774	Update CertificateRequest tests and the parsing function Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com>	2022-01-26 09:32:29 +00:00
Xiaofei Bai	de3f13e0b8	update based on comments Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com>	2022-01-26 09:31:54 +00:00
Xiaofei Bai	f6d3696eda	fix test failures Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com>	2022-01-26 09:31:54 +00:00
Xiaofei Bai	a0ab777cfc	update based on comments. Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com>	2022-01-26 09:31:54 +00:00
Xiaofei Bai	e1e344213a	Add TLS1.3 process certificate request Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com>	2022-01-26 09:31:52 +00:00
Jerry Yu	f017ee4203	merge write sig_alg of tls12 and tls13 Signed-off-by: Jerry Yu <jerry.h.yu@arm.com> # Conflicts: # library/ssl_misc.h	2022-01-25 12:46:17 +08:00
Ronald Cron	188ed19456	Merge pull request #5351 from yuhaoth/pr/remove-duplicate-supported_group_ext Remove duplicate function for writing supported_groups extension	2022-01-17 09:13:14 +01:00
Jerry Yu	b925f21806	fix comment issues Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-01-12 11:17:02 +08:00
Jerry Yu	f46b016058	skip some extensions if ephemeral not enabled Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-01-11 16:28:00 +08:00
Jerry Yu	7581c11fc7	Remove tls13_write_supported_groups_ext Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2021-12-20 22:25:41 +08:00
Gilles Peskine	923d5c9e3c	Rename ssl_debug_helpers.h It's no longer generated, so rename it accordingly. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2021-12-15 12:56:54 +01:00
Ronald Cron	6f135e1148	Rename MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL to MBEDTLS_SSL_PROTO_TLS1_3 As we have now a minimal viable implementation of TLS 1.3, let's remove EXPERIMENTAL from the config option enabling it. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2021-12-10 13:47:55 +01:00
Dave Rodgman	76a2b306ac	Merge pull request #4981 from yuhaoth/pr/add-debug-helpers-generated Add debug helpers generated	2021-12-10 11:56:55 +00:00
Jerry Yu	e3b3412bc4	Add tests for enum helper Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2021-12-10 12:45:52 +08:00
Jerry Yu	e78ee99624	add enum value to string helpers Only add helpers for enum in `ssl.h`. Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2021-12-10 12:43:30 +08:00
Ronald Cron	d4c64027a5	tls13: Move state transition after sending CCS to ssl_tls13_client.c Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2021-12-09 13:40:22 +01:00
Ronald Cron	49ad6197ca	Add injection of dummy's ChangeCipherSpec for middlebox compatibility Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2021-12-09 13:40:22 +01:00
Xiaofei Bai	d25fab6f79	Update based on comments Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com>	2021-12-02 06:36:27 +00:00
Xiaofei Bai	eef150418f	Fix variable names in ssl_tls13_generic/client.c Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com>	2021-11-26 08:08:36 +00:00

1 2 3 4 5

249 commits