Ronald Cron
297c608915
tls13: cli: Fix setting of early data transform
...
Fix setting of early data transform when we
do not send dummy CCS for middlebox compatibility.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-01-22 09:37:45 +01:00
Gilles Peskine
4d4891e18a
Merge pull request #8666 from valeriosetti/issue8340
...
Export the mbedtls_md_psa_alg_from_type function
2024-01-18 13:58:55 +00:00
Tom Cosgrove
f1ba1933cf
Merge pull request #8526 from yanrayw/issue/7011/send_record_size_limit_ext
...
TLS1.3: SRV/CLI: add support for sending Record Size Limit extension
2024-01-12 13:39:15 +00:00
Ronald Cron
ae2213c307
Merge pull request #8414 from lpy4105/issue/uniform-ssl-check-function
...
Harmonise the names and return values of check functions in TLS code
2024-01-11 13:51:39 +00:00
Waleed Elmelegy
148dfb6457
Change record size limit writing function
...
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
2024-01-10 16:17:27 +00:00
Yanray Wang
42017cd4c9
tls13: cli: write Record Size Limit ext in ClientHello
...
- add the support in library
- update corresponding test case
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2024-01-10 16:17:27 +00:00
Tom Cosgrove
3a6059beca
Merge pull request #7455 from KloolK/record-size-limit/comply-with-limit
...
Comply with the received Record Size Limit extension
2024-01-09 15:22:17 +00:00
Valerio Setti
384fbde49a
library/tests: replace md_psa.h with psa_util.h as include file for MD conversion
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-01-02 13:27:32 +01:00
Waleed Elmelegy
6a971fd61a
Refactor and improve Record size limit handling
...
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
2023-12-28 17:48:16 +00:00
Waleed Elmelegy
049cd302ed
Refactor record size limit extension handling
...
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
2023-12-20 17:28:31 +00:00
Pengyu Lv
94a42ccb3e
Add tls13 in ticket flags helper function names
...
```
sed -i \
"s/\(mbedtls_ssl\)_\(session_\(\w*_\)\?ticket\)/\1_tls13_\2/g" \
library/*.[ch]
```
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-12-08 11:12:46 +08:00
Pengyu Lv
0a1ff2b969
Consistent renaming
...
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-12-08 10:01:58 +08:00
Pengyu Lv
fc2cb9632b
tls13: rename mbedtls_ssl_conf_tls13_check_kex_modes
...
The function is renamed to
mbedtls_ssl_conf_tls13_is_kex_mode_enabled.
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-12-08 10:01:57 +08:00
Pengyu Lv
60a22567e4
tls13: change return value of mbedtls_ssl_conf_tls13_check_kex_modes
...
To keep the convention in TLS code, check functions should return 0
when check is successful.
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-12-08 10:01:57 +08:00
Jan Bruckner
f482dcc6c7
Comply with the received Record Size Limit extension
...
Fixes #7010
Signed-off-by: Jan Bruckner <jan@janbruckner.de>
2023-12-06 15:18:08 +00:00
Jerry Yu
c59c586ac4
change prototype of write_early_data_ext
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-12-06 18:21:15 +08:00
Jerry Yu
5233539d9f
share write_early_data_ext function
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-12-06 18:18:50 +08:00
Jerry Yu
c2b1bc4fb6
replace early data permission check
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-12-06 18:17:46 +08:00
Ronald Cron
a1e867c676
Merge pull request #8576 from yanrayw/issue/fix-tls13-session_negotiate-assignment
...
TLS13: CLI: EarlyData: Assign ciphersuite after associated verification in EE
2023-12-05 08:31:24 +00:00
Yanray Wang
744577a429
tls13: early_data: cli: check a PSK has been selected in EE
...
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-12-01 23:03:37 +08:00
Yanray Wang
9ae6534c20
tls13: early_data: cli: improve comment
...
This commit improves comment of why we assign the identifier of the
ciphersuite in handshake to `ssl->session_negotiate`.
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-12-01 17:46:08 +08:00
Yanray Wang
03a00768c0
tls13: early_data: cli: improve comment
...
This commit improves comment of the check for handshake parameters
in Encrypted Extension.
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-12-01 17:40:21 +08:00
Yanray Wang
e72dfff1d6
tls13: early_data: cli: improve comment
...
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-12-01 12:05:16 +08:00
Yanray Wang
2bef7fbc8d
tls13: early_data: cli: remove guard to fix failure
...
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-12-01 12:02:56 +08:00
Yanray Wang
b3e207d762
tls13: early_data: cli: rename early_data parser in nst
...
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-11-30 16:49:51 +08:00
Yanray Wang
0790041dc6
Revert "tls13: early_data: cli: remove nst_ prefix"
...
This reverts commit 3781ab40fb
.
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-11-30 16:44:44 +08:00
Yanray Wang
f4bad42670
itls13: early_data: cli: improve comment
...
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-11-30 15:58:07 +08:00
Yanray Wang
a29db7da2e
tls13: early_data: cli: assign ciphersuite properly
...
When early_data extension is enabled and sent in ClientHello,
the client does not know if the server will accept early data
and select the first proposed pre-shared key with a ciphersuite
that is different from the ciphersuite associated to the selected
pre-shared key. To address aforementioned case, we do associated
verification when parsing early_data ext in EncryptedExtensions.
Therefore we have to assign the ciphersuite in current handshake
to session_negotiate later than the associated verification.
This won't impact decryption of EncryptedExtensions since we
compute handshake keys by the ciphersuite in handshake not via
the one in session_negotiate.
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-11-30 14:27:38 +08:00
Yanray Wang
3781ab40fb
tls13: early_data: cli: remove nst_ prefix
...
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-11-23 18:17:14 +08:00
Yanray Wang
d012084e91
tls13: early_data: cli: optimize code
...
- remove unnecessary check
- using local variable session
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-11-23 16:38:20 +08:00
Yanray Wang
554ee62fba
tls13: early_data: fix wrong debug_ret message
...
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-11-22 18:55:03 +08:00
Yanray Wang
5da8ecffe6
tls13: nst early_data: remove duplicate code
...
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-11-22 18:52:21 +08:00
Yanray Wang
920db45818
tls13: early_data: support to parse max_early_data_size ext
...
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-11-22 10:33:11 +08:00
Jerry Yu
8e0174ac05
Add maximum ticket lifetime check
...
Also add comments for age cast
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-11-21 09:59:24 +08:00
Jerry Yu
cf9135100e
fix various issues
...
- fix CI failure due to wrong usage of ticket_lifetime
- Improve document and comments
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-11-21 09:58:19 +08:00
Jerry Yu
342a555eef
rename ticket received
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-11-21 09:58:19 +08:00
Jerry Yu
46c7926f74
Add maximum ticket lifetime check
...
Also add comments for age cast
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-11-21 09:58:19 +08:00
Jerry Yu
cebffc3446
change time unit of ticket to milliseconds
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-11-21 09:58:18 +08:00
Tom Cosgrove
53199b1c0a
Merge pull request #6720 from yuhaoth/pr/tls13-early-data-receive-0_rtt-and-eoed
...
TLS 1.3: EarlyData SRV: Write early data extension in EncryptedExtension
2023-11-07 13:59:13 +00:00
Dave Rodgman
4eb44e4780
Standardise some more headers
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-11-03 12:15:12 +00:00
Dave Rodgman
16799db69a
update headers
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-11-02 19:47:20 +00:00
Jerry Yu
960b7ebbcf
move psk check to EE message on client side
...
early_data extension is sent in EE. So it should
not be checked in SH message.
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-11-01 10:32:18 +08:00
Dave Rodgman
2eab462a8c
Fix IAR warnings
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-10-05 13:30:37 +01:00
Gilles Peskine
e820c0abc8
Update spelling "mbed TLS" to "Mbed TLS"
...
The official spelling of the trade mark changed from all-lowercase "mbed"
to normal proper noun capitalization "Mbed" a few years ago. We've been
using the new spelling in new text but still have the old spelling in a
lot of text. This commit updates most occurrences of "mbed TLS":
```
sed -i -e 's/mbed TLS/Mbed TLS/g' $(git ls-files ':!ChangeLog' ':!tests/data_files/**' ':!tests/suites/*.data' ':!programs/x509/*' ':!configs/tfm*')
```
Justification for the omissions:
* `ChangeLog`: historical text.
* `test/data_files/**`, `tests/suites/*.data`, `programs/x509/*`: many
occurrences are significant names in certificates and such. Changing
the spelling would invalidate many signatures and tests.
* `configs/tfm*`: this is an imported file. We'll follow the upstream
updates.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-09-12 19:18:17 +02:00
Valerio Setti
c9ae862225
tls: use TLS 1.3 guards in ssl_tls13 modules
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-07-25 11:23:50 +02:00
Valerio Setti
ea59c43499
tls: fix a comment a rename a variable/symbol
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-07-25 11:14:03 +02:00
Valerio Setti
3d237b5ff1
ssl_misc: fix guards for PSA data used in XXDH key exchanges
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-07-07 19:02:16 +02:00
Przemek Stekiel
408569f91a
Adapt function name: mbedtls_ssl_tls13_generate_and_write_dh_key_exchange
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-07-06 12:16:44 +02:00
Przemek Stekiel
7ac93bea8c
Adapt names: dh -> xxdh
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-07-05 09:26:26 +02:00
Przemek Stekiel
d5f79e7297
Adapt functions names for ffdh
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-07-05 09:26:26 +02:00