Ronald Cron
fe59ff794d
tls13: Send dummy CCS only once
...
Fix cases where the client was sending
two CCS, no harm but better to send only one.
Prevent to send even more CCS when early data
are involved without having to add conditional
state transitions.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-02-06 16:43:33 +01:00
Manuel Pégourié-Gonnard
5c9cc0b30f
Merge pull request #8727 from ronald-cron-arm/tls13-ignore-early-data-when-rejected
...
TLS 1.3: SRV: Ignore early data when rejected
2024-02-06 13:16:03 +00:00
Ronald Cron
31e2d83eee
tls13: srv: Improve coding
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-02-05 16:45:57 +01:00
Manuel Pégourié-Gonnard
32c28cebb4
Merge pull request #8715 from valeriosetti/issue7964
...
Remove all internal functions from public headers
2024-02-05 15:09:15 +00:00
Jerry Yu
263dbf7167
tls13: srv: Do not allow early data indication in 2nd ClientHello
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-02-02 17:31:20 +01:00
Jerry Yu
4caf3ca08c
tls13: srv: Add discard_early_data_record SSL field
...
Add discard_early_data_record in SSL context for
the record layer to know if it has to discard
some potential early data record and how.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-02-02 17:31:20 +01:00
Ronald Cron
78a38f607c
tls13: srv: Do not use early_data_status
...
Due to the scope reduction for
mbedtls_ssl_read_early_data(), on
server as early data state variable
we now only need a flag in the
handshake context indicating if
the server has accepted early data
or not.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-02-01 20:10:35 +01:00
Ronald Cron
3b9034544e
Revert "tls13: Introduce early_data_state SSL context field"
...
This reverts commit 0883b8b625
.
Due to the scope reduction of mbedtls_ssl_read_early_data()
it is not necessary anymore to refine the usage
of early_data_status/state rather the opposite.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-02-01 20:03:57 +01:00
Ronald Cron
ed7d4bfda5
tls13: srv: Simplify mbedtls_ssl_read_early_data() API
...
Do not progress the handshake in the API, just
read early data if some has been detected by
a previous call to mbedtls_ssl_handshake(),
mbedtls_ssl_handshake_step(),
mbedtls_ssl_read() or mbedtls_ssl_write().
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-02-01 16:45:07 +01:00
Ronald Cron
0883b8b625
tls13: Introduce early_data_state SSL context field
...
Introduce early_data_state SSL context field to
distinguish better this internal state from
the status values defined for the
mbedtls_ssl_get_early_data_status() API.
Distinguish also between the client and
server states. Note that the client state
are going to be documented and reworked
as part of the implementation of
mbedtls_ssl_write_early_data().
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-02-01 16:45:04 +01:00
Ronald Cron
7b6ee9482e
tls13: srv: Reject early data in case of HRR
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-02-01 16:40:47 +01:00
Jerry Yu
d9ca354dbd
tls13: srv: Add mbedtls_ssl_read_early_data() API
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-02-01 16:40:47 +01:00
Jerry Yu
6a5904db45
tls13: srv: Move early data size check placeholder
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-02-01 16:40:47 +01:00
Ronald Cron
5d0ae9021f
tls13: srv: Refine early data status
...
The main purpose is to know from the status
if early data can be received of not and
why.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-02-01 16:40:47 +01:00
Valerio Setti
b4f5076270
debug: move internal functions declarations to an internal header file
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-01-18 15:30:46 +01:00
Gilles Peskine
4d4891e18a
Merge pull request #8666 from valeriosetti/issue8340
...
Export the mbedtls_md_psa_alg_from_type function
2024-01-18 13:58:55 +00:00
Tom Cosgrove
f1ba1933cf
Merge pull request #8526 from yanrayw/issue/7011/send_record_size_limit_ext
...
TLS1.3: SRV/CLI: add support for sending Record Size Limit extension
2024-01-12 13:39:15 +00:00
Ronald Cron
ae2213c307
Merge pull request #8414 from lpy4105/issue/uniform-ssl-check-function
...
Harmonise the names and return values of check functions in TLS code
2024-01-11 13:51:39 +00:00
Ronald Cron
7c14afcaaa
Merge pull request #8595 from yanrayw/issue/8593/srv-CH-fix-version-check
...
TLS1.3: SRV: check `min_tls_version` when parsing ClientHello
2024-01-11 13:34:09 +00:00
Waleed Elmelegy
fbe42743eb
Fix issue in checking in writing extensions
...
Fix issue in checking if server received
record size limit extension.
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
2024-01-10 16:17:27 +00:00
Waleed Elmelegy
d2fc90e024
Stop sending record size limit extension if it's not sent from client
...
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
2024-01-10 16:17:27 +00:00
Waleed Elmelegy
47d2946943
tls13: server: write Record Size Limit ext in EncryptedExtensions
...
- add the support in library
- update corresponding test cases.
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
2024-01-10 16:17:27 +00:00
Tom Cosgrove
3a6059beca
Merge pull request #7455 from KloolK/record-size-limit/comply-with-limit
...
Comply with the received Record Size Limit extension
2024-01-09 15:22:17 +00:00
Valerio Setti
384fbde49a
library/tests: replace md_psa.h with psa_util.h as include file for MD conversion
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-01-02 13:27:32 +01:00
Pengyu Lv
94a42ccb3e
Add tls13 in ticket flags helper function names
...
```
sed -i \
"s/\(mbedtls_ssl\)_\(session_\(\w*_\)\?ticket\)/\1_tls13_\2/g" \
library/*.[ch]
```
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-12-08 11:12:46 +08:00
Yanray Wang
90acdc65e5
tl13: srv: improve comment
...
Improve comment when received version 1.2 of the protocol while TLS
1.2 is disabled on server side.
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-12-08 11:00:38 +08:00
Yanray Wang
2bef917a3c
tls13: srv: return BAD_PROTOCOL_VERSION if chosen unsupported version
...
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-12-08 11:00:35 +08:00
Yanray Wang
177e49ad7a
tls13: srv: improve DEBUG_MSG in case of TLS 1.2 disabled
...
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-12-08 11:00:33 +08:00
Yanray Wang
408ba6f7b8
tls13: srv: replace with internal API to check is_tls12_enabled
...
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-12-08 11:00:30 +08:00
Pengyu Lv
bc4aab7673
Add "_is_" to functions ssl_tls13_key_exchange_.*_available
...
Done by command:
```
sed -i \
"s/ssl_tls13_key_exchange_\(.*\)_available/ssl_tls13_key_exchange_is_\1_available/g" \
library/*.[ch]
```
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-12-08 10:01:58 +08:00
Pengyu Lv
b2cfafbb9e
Consistent renaming
...
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-12-08 10:01:58 +08:00
Pengyu Lv
0a1ff2b969
Consistent renaming
...
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-12-08 10:01:58 +08:00
Pengyu Lv
4f537f73fa
tls13: rename mbedtls_ssl_session_check_ticket_flags
...
The function is renamed to mbedtls_ssl_session_ticket_has_flags.
Descriptions are added.
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-12-08 10:01:58 +08:00
Pengyu Lv
d72e858fd1
tls13: srv: rename ssl_tls13_ticket_permission_check
...
The function is renamed to
ssl_tls13_ticket_is_kex_mode_permitted
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-12-08 10:01:57 +08:00
Pengyu Lv
981ec14744
tls13: rename ssl_tls13_check_*_key_exchange functions
...
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-12-08 10:01:57 +08:00
Jan Bruckner
f482dcc6c7
Comply with the received Record Size Limit extension
...
Fixes #7010
Signed-off-by: Jan Bruckner <jan@janbruckner.de>
2023-12-06 15:18:08 +00:00
Jerry Yu
95648b0134
Some minor improvement
...
- move early data check to `prepare`
- avoid `((void) output_len)
- replace check with `session_ticket_allow` in 2nd place
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-12-06 18:21:16 +08:00
Jerry Yu
c59c586ac4
change prototype of write_early_data_ext
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-12-06 18:21:15 +08:00
Jerry Yu
163e12f7ff
remove assignment for session->max_early_data_size
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-12-06 18:21:09 +08:00
Jerry Yu
9e7f9bc253
Add missing debug message
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-12-06 18:20:22 +08:00
Jerry Yu
db97163ac7
add ticket max_early_data_size check
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-12-06 18:20:13 +08:00
Jerry Yu
5233539d9f
share write_early_data_ext function
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-12-06 18:18:50 +08:00
Jerry Yu
0069abc141
improve comments of new session ticket
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-12-06 18:18:46 +08:00
Jerry Yu
1a160703f8
set max_early_data_size of ticket to keep consistent
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-12-06 18:18:43 +08:00
Jerry Yu
f135bac89c
Add max_early_data_size check
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-12-06 18:18:39 +08:00
Jerry Yu
930ce4cfac
Revert "change max_early_data_size source"
...
This reverts commit 3d8d6a770f3a0f3045820970bc4a5d6ee7df8e10.
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-12-06 18:18:36 +08:00
Jerry Yu
2f5d93b1c9
Revert "set init value for max_early_data_size in session"
...
This reverts commit 8b02d75ed1af883e135979d24e38c0847e66fede.
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-12-06 18:18:33 +08:00
Jerry Yu
d450fd25ae
change max_early_data_size source
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-12-06 18:18:31 +08:00
Jerry Yu
525990fb62
set init value for max_early_data_size in session
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-12-06 18:18:28 +08:00
Jerry Yu
db6fda71e5
improve early data comments
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-12-06 18:17:51 +08:00