Jerry Yu
6ba9f1c959
Add extension check for NewSessionTicket
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-10-31 16:41:42 +08:00
Jerry Yu
2c5363e58b
Add extension check for ServerHello and HRR
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-10-31 16:41:42 +08:00
Jerry Yu
c55a6af9eb
Add extensions check for CertificateRequest
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-10-31 16:41:42 +08:00
Jerry Yu
cbd082f396
Add extension check for EncryptedExtensions
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-10-31 16:41:42 +08:00
Ronald Cron
a709a0f2c6
tls13: Declare PSK ephemeral key exchange mode first
...
In the PSK exchange modes extension declare first
PSK ephemeral if we support both PSK ephemeral
and PSK. This is aligned with our implementation
giving precedence to PSK ephemeral over pure PSK
and improve compatibility with GnuTLS.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-10-25 19:05:26 +02:00
Ronald Cron
083da8eb53
tls13: client: Improve coding style
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-10-22 14:42:04 +02:00
Ronald Cron
766c0cdb1f
tls13: Add missing kex guards
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-10-22 14:42:04 +02:00
Ronald Cron
41a443a68d
tls13: Use MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK.*ENABLED
...
Use MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED
instead of MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED to guard
code specific to one of the TLS 1.3 key exchange mode with
PSK.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-10-22 14:42:04 +02:00
Ronald Cron
928cbd34e7
tls13: Use MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
...
Use MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
instead of MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED to guard
code specific to the TLS 1.3 ephemeral key exchange mode.
Use it also for the dependencies of TLS 1.3 only tests
relying on ephemeral key exchange mode, but for
tests in tls13-kex-modes.sh where the change is done
later using all
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_.*ENABLED macros.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-10-22 14:42:04 +02:00
Ronald Cron
d29e13eb1b
tls: Use the same function in TLS 1.2 and 1.3 to check PSK conf
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-10-21 14:34:20 +02:00
Andrzej Kurek
c19fb08dd3
Add missing ECDH dependency in tls 1.3 client
...
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-10-19 08:35:08 -04:00
Jerry Yu
c79742303d
Remove unnecessary empty line and fix format issue
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-10-11 21:22:33 +08:00
Jerry Yu
4f77ecf409
disable session resumption when ticket expired
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-10-10 22:10:08 +08:00
Jerry Yu
6916e70521
fix various issues
...
- adjust guards. Remove duplicate guards and adjust format.
- Return success at function end. Not `ret`
- change input len
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-10-10 21:33:51 +08:00
Jerry Yu
a99cbfa2d3
fix various issues
...
- rename function and variable
- change signature of `ssl_tls13_has_configured_psk`
- remove unnecessary statements
- remove unnecessary local variables
- wrong variable initial value
- improve output message
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-10-08 14:35:47 +08:00
Jerry Yu
21f9095fa8
Revert "move ciphersuite validation to set_session"
...
This reverts commit 19ae6f62c7
.
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-10-08 14:35:34 +08:00
Jerry Yu
4a698341c9
Re-org selected_identity parser
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-10-07 10:11:05 +08:00
Jerry Yu
6183cc7470
Re-org binders writer
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-10-07 10:11:05 +08:00
Jerry Yu
f75364bee1
Re-organize identities writer
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-10-07 10:11:05 +08:00
Jerry Yu
8b41e893a2
fix various issues
...
- Re-order code and comments
- move comment above `write_identities`
- move `write_binder` above `write_identities`.
- Add has_{psk,identity} into {ticket,psk}_get_{psk,identity}
- rename `*_session_tickets_*` to `_ticket_`
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-10-07 10:11:05 +08:00
Jerry Yu
19ae6f62c7
move ciphersuite validation to set_session
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-10-07 10:11:05 +08:00
Jerry Yu
b300e3c5be
add selected_identity parser
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-10-07 10:11:05 +08:00
Jerry Yu
1a0a0f4416
Add binders writer
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-10-07 10:11:05 +08:00
Jerry Yu
f7c125917c
Add identites writer
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-10-07 10:11:05 +08:00
Jerry Yu
0c6105bc9e
empty pre_shared_key functions
...
To easy review
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-10-07 10:11:05 +08:00
Xiaokang Qian
ca343ae280
Improve message logs and test cases description in psk
...
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2022-09-28 02:07:54 +00:00
Xiaokang Qian
cb6e96305f
Change kex mode string name
...
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2022-09-27 08:02:41 +00:00
Xiaokang Qian
5beec4b339
Refine ssl_get_kex_mode_str() for easy automatic generation
...
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2022-09-26 08:23:45 +00:00
Xiaokang Qian
ac8195f4f7
Fix wrongly kex mode fallback issue in psk cases
...
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2022-09-26 06:31:58 +00:00
Xiaokang Qian
8939930b82
Rebase and fix some test failures
...
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2022-09-23 01:49:33 +00:00
Xiaokang Qian
5001bfc619
Add key exchange mode log in client side
...
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2022-09-23 01:49:33 +00:00
XiaokangQian
335cfaadf9
Finalize client side code for psk
...
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-09-23 01:48:26 +00:00
Jerry Yu
f7dad3cfbe
fix various issues
...
- Naming
- format
- Reduce negative tolerance window
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-09-14 22:31:39 +08:00
Jerry Yu
95db17ed5f
fix various issues
...
- improve obfuscated ticket age generator
- improve psk getter
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-09-14 10:37:58 +08:00
Jerry Yu
466dda8553
Rename resumption master secret compute function
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-09-13 14:28:15 +08:00
Jerry Yu
fd310ebf2d
fix coding style issues
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-09-06 09:16:35 +08:00
Jerry Yu
661dd943b6
Add dummy server name extension paser
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-08-31 23:24:25 +08:00
Jerry Yu
e976492a11
Add session ticket tests for client
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-08-31 23:24:25 +08:00
Jerry Yu
e6527512d2
Add obfuscated_ticket_age write
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-08-31 23:24:25 +08:00
Jerry Yu
db8c5faed7
Add getting session ticket for client
...
- Move ssl_get_psk_to_offer to `ssl_tls13_client.c`
- Rename to `ssl_tls13_get_psk_to_offer`
- Add session ticket parser
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-08-31 23:24:25 +08:00
Thomas Daubney
31e03a8e15
Replace hard-coded zeroes for constant
...
Replace two occurances of hard-coded zero for
MBEDTLS_SSL_COMPRESS_NULL in TLS 1.3 code.
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
2022-07-26 16:13:23 +01:00
Jerry Yu
a66fecebe7
Add endpoint/ticket_flag field for session
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-07-22 23:08:43 +08:00
Ronald Cron
4beb870fa8
Merge pull request #6064 from xkqian/tls13_add_psk
...
Add psk code to tls13 client side
2022-07-22 11:35:05 +02:00
XiaokangQian
bee71453b2
Improve the buffer pointer check in write pre_shared key
...
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-07-21 15:30:04 +02:00
XiaokangQian
3ad67bf4e3
Rename functions and add test messages
...
Change-Id: Iab51b031ae82d7b2d384de708858be64be75f9ed
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-07-21 15:30:04 +02:00
XiaokangQian
7c12d31813
Refine comments for psk related code
...
Change-Id: Iff5c176bb902919abc8d4fb78a185aa68704a791
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-07-21 15:30:04 +02:00
XiaokangQian
8698195566
Address comments of various issues
...
Improve comments
Change coding style
Rename functions
Change-Id: Ia111aef303932cfeee693431c3d48f90342b32e5
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-07-21 15:30:04 +02:00
XiaokangQian
adab9a6440
Fix transcript issues and add cases against openssl
...
Change-Id: I496674bdb79f074368f11beaa604ce17a3062bc3
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-07-21 15:30:04 +02:00
XiaokangQian
008d2bf80b
Address comments in psk client review
...
Improve comments
Refine cipher suite related code in psk
Refine get_psk_offered()
Change-Id: Ic3b0b5f86eb1e71f11bb499961aa8494284f1840
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-07-21 15:30:04 +02:00
XiaokangQian
eb69aee6af
Add psk code to tls13 client side
...
Change-Id: I222b2c9d393889448e5e6ad06638536b54edb703
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-07-21 15:30:04 +02:00
Ronald Cron
799077177b
TLS 1.3: Use selected key exchange mode field
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-07-20 17:49:58 +02:00
Ronald Cron
7f9ccfeccc
TLS 1.3: Remove unnecessary key exchange mode check
...
If there is a PSK involved in the key exchange
and thus no certificate we do not go through the
MBEDTLS_SSL_CERTIFICATE_REQUEST state thus there
is no reason to check that in the coordination
function of that state.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-07-20 17:47:23 +02:00
Jerry Yu
3afdf36de7
Add hash length check
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-07-20 18:12:08 +08:00
Jerry Yu
0a430c8aaf
Rename resumption_key and the hardcode len
...
`resumption_key` is better name.
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-07-20 11:07:29 +08:00
Jerry Yu
08aed4def9
fix comments and time_t type issues
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-07-20 11:07:29 +08:00
Jerry Yu
a0446a0344
Add check_return flag
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-07-20 11:07:29 +08:00
Jerry Yu
4e6c42a533
fix various issues
...
- wrong typo
- unnecessary comments/debug code
- wrong location
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-07-20 11:07:29 +08:00
Jerry Yu
cb3b1396f3
move resume psk ticket computation to end
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-07-20 11:07:29 +08:00
Jerry Yu
af2c0c8dd6
fix various comment/format issues
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-07-20 11:07:29 +08:00
Jerry Yu
a357cf4d4c
Rename new_session_ticket state
...
Both client and server side use
`MBEDTLS_SSL_NEW_SESSION_TICKET` now
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-07-20 11:07:29 +08:00
Jerry Yu
f8a4994ec7
Add tls13 new session ticket parser
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-07-20 11:07:29 +08:00
Ronald Cron
ce7d76e2ee
Merge remote-tracking branch 'mbedtls-restricted/development-restricted' into mbedtls-3.2.0rc0-pr
2022-07-11 10:22:37 +02:00
Ronald Cron
81a334fc02
tls13: Fix buffer overread checks in ssl_tls13_parse_alpn_ext()
...
Some coding style alignement as well.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-06-28 09:21:13 +02:00
Ronald Cron
fb508b8f21
tls13: Move state changes up to state main handler
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-06-28 09:21:13 +02:00
Ronald Cron
5afb904022
tls13: Move out of place handshake field reset
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-06-28 09:18:42 +02:00
Ronald Cron
828aff6ead
tls13: Rename server_hello_coordinate to preprocess_server_hello
...
Rename server_hello_coordinate to preprocess_server_hello
as it is more aligned with what the function does.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-06-28 09:18:42 +02:00
Ronald Cron
db5dfa1f1c
tls13: Move ServerHello fetch to the ServerHello top handler
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-06-28 09:18:42 +02:00
Ronald Cron
9d6a545714
tls13: Re-organize EncryptedExtensions message parsing code
...
Align the organization of the EncryptedExtensions
message parsing code with the organization of the
other message parsing codes.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-06-28 09:18:42 +02:00
Ronald Cron
c80835943c
tls13: Fix pointer calculation before space check
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-06-28 09:18:42 +02:00
Ronald Cron
2827106199
tls13: Add missing buffer overread check
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-06-28 09:18:42 +02:00
Ronald Cron
1938588e80
tls13: Align some debug messages with TLS 1.2 ones
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-06-24 12:06:46 +02:00
Manuel Pégourié-Gonnard
a3115dc0e6
Mark static int SSL functions CHECK_RETURN_CRITICAL
...
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-06-20 21:12:52 +02:00
XiaokangQian
23c5be6b94
Enable SNI test for both tls12 and tls13
...
Change-Id: Iae5c39668db7caa1a59d7e67f226a5286d91db22
CustomizedGitHooks: yes
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-06-07 09:43:13 +00:00
Jerry Yu
e3d67cb263
Improve readability
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-05-19 15:33:10 +08:00
Jerry Yu
e8c1fca67c
move trafic set to generic
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-05-18 16:57:45 +08:00
Gabor Mezei
696956da24
Typo
...
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-05-13 17:02:19 +02:00
Gabor Mezei
078e803d2c
Unify parsing of the signature algorithms extension
...
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-05-11 14:29:08 +02:00
Jerry Yu
93a13f2c38
Share magic word of HRR
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-05-09 15:48:59 +08:00
Jerry Yu
f86eb75c58
fix various issues
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-05-06 11:16:55 +08:00
Jerry Yu
e110d258d9
Add set outbound transform
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-05-05 19:59:59 +08:00
Jerry Yu
89e103c54c
tls13: Share write ecdh_key_exchange function
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-04-22 16:45:01 +08:00
Ronald Cron
38b8aa4f63
Merge pull request #5539 from xkqian/add_client_hello_to_server
...
Add client hello into server side
2022-04-22 10:26:00 +02:00
XiaokangQian
0803755347
Update code base on review comments
...
Refine named_group parsing
Refine cipher_suites parsing
Remove hrr related part
Share code between client and server side
Some code style changes
Change-Id: Ia9ffd5ef9c0b64325f633241e0ea1669049fe33a
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-04-20 07:50:14 +00:00
XiaokangQian
9b5d04b078
Share parse_key_share() between client and server
...
Change-Id: I3fd2604296dc0e1e8380f5405429a6b0feb6e981
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-04-20 07:43:48 +00:00
Ronald Cron
fd8cbda3ec
Remove ECDH code specific to TLS 1.3
...
ECDH operations in TLS 1.3 are now done through PSA.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-04-19 18:31:24 +02:00
Ronald Cron
fd6193c285
ssl_tls13_client: Add downgrade attack protection
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-04-19 18:31:24 +02:00
Glenn Strauss
cd78df6aa4
handshake->min_minor_ver to ->min_tls_version
...
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
2022-04-14 15:40:14 -04:00
Glenn Strauss
e3af4cb72a
mbedtls_ssl_(read|write)_version using tls_version
...
remove use of MBEDTLS_SSL_MINOR_VERSION_*
remove use of MBEDTLS_SSL_MAJOR_VERSION_*
(only remaining use is in tests/suites/test_suite_ssl.data)
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
2022-04-14 15:40:14 -04:00
Glenn Strauss
60bfe60d0f
mbedtls_ssl_ciphersuite_t min_tls_version,max_tls_version
...
Store the TLS version in tls_version instead of major, minor version num
Note: existing application use which accesses the struct member
(using MBEDTLS_PRIVATE) is not compatible, as the struct is now smaller.
Reduce size of mbedtls_ssl_ciphersuite_t
members are defined using integral types instead of enums in
order to pack structure and reduce memory usage by internal
ciphersuite_definitions[]
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
2022-04-14 15:40:12 -04:00
Manuel Pégourié-Gonnard
1b05aff3ad
Merge pull request #5624 from superna9999/5312-tls-server-ecdh
...
TLS ECDH 3b: server-side static ECDH (1.2)
2022-04-07 11:46:25 +02:00
Przemek Stekiel
a9f9335ee9
ssl_tls13_generate_and_write_ecdh_key_exchange(): remove redundant check
...
This check can be removed as if the buffer is too small for the key, then export will fail.
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-04-04 17:32:30 +02:00
Neil Armstrong
91477a7964
Switch handshake->ecdh_bits to size_t and remove now useless cast & limit checks
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-03-31 15:24:18 +02:00
Ronald Cron
6476726ce4
Fix comments
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-31 14:13:57 +02:00
Ronald Cron
ba120bb228
ssl_tls13_client.c: Fix ciphersuite final validation
...
As we may offer ciphersuites not compatible with
TLS 1.3 in the ClientHello check that the selected
one is compatible with TLS 1.3.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-31 09:35:33 +02:00
Ronald Cron
9847338429
ssl_tls13_client.c: Add check in supported_versions parsing
...
Add check in ServerHello supported_versions parsing
that the length of the extension data is exactly
two.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-31 09:33:41 +02:00
Ronald Cron
a77fc2756e
ssl_tls13_client.c: versions ext writing : Fix available space check
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-31 09:27:35 +02:00
Ronald Cron
da41b38c42
Improve and fix comments
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-30 14:10:03 +02:00
Ronald Cron
dbe87f08ec
Propose TLS 1.3 and TLS 1.2
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-29 18:58:31 +02:00
Ronald Cron
9f0fba374c
Add logic to switch to TLS 1.2
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-29 18:58:31 +02:00
Ronald Cron
27c85e743f
ssl_tls.c: Unify TLS 1.2 and TLS 1.3 SSL state logs
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-29 18:58:31 +02:00
Ronald Cron
11e1857f5e
ssl_client.c: Fix key share code guards
...
In TLS 1.3 key sharing is not restricted to key
exchange with certificate authentication. It
happens in the PSK and ephemeral key exchange
mode as well where there is no certificate
authentication.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-29 18:58:31 +02:00
Ronald Cron
3d580bf4bd
Move TLS 1.3 client hello writing to new TLS 1.2 and 1.3 client file
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-29 17:00:29 +02:00
Ronald Cron
8f6d39a81d
Make some handshake TLS 1.3 utility routines available for TLS 1.2
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-29 14:42:17 +02:00
Ronald Cron
7ffe7ebe38
ssl_tls13_client.c: Add some MBEDTLS_SSL_PROTO_TLS1_3 guards
...
Add some MBEDTLS_SSL_PROTO_TLS1_3 guards that will
be necessary when the ClientHello writing code is
made available when MBEDTLS_SSL_PROTO_TLS1_2 is
enabled.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-29 14:42:17 +02:00
Ronald Cron
04fbd2b2ff
ssl_tls13_client.c: Move writing of TLS 1.3 specific extensions
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-29 14:42:17 +02:00
Ronald Cron
5b98ac9c64
TLS 1.3: Move PSA ECDH private key destroy to dedicated function
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-29 14:42:17 +02:00
Ronald Cron
60ff79424e
ssl_tls13_client.c: alpn: Miscellanous minor improvements
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-29 14:39:49 +02:00
Ronald Cron
13d8ea1dd9
ssl_tls13_client.c: alpn: Loop only once over protocol names
...
This has although the benefit of getting rid of a
potential integer overflow (though very unlikely
and probably harmless).
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-29 14:39:49 +02:00
Ronald Cron
a0855a6d13
ssl_tls13_client.c: alpn: Add missing return value assignment
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-29 14:39:49 +02:00
XiaokangQian
c02768a399
Replace ssl->handshake with handshake in write_cookie_ext()
...
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-03-25 07:50:56 +00:00
XiaokangQian
9b93c0dd8d
Change cookie parameters for dtls and tls 1.3
...
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-03-25 07:50:56 +00:00
XiaokangQian
25c9c9023c
Refine cookie len to fix compile issues
...
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-03-25 07:50:56 +00:00
XiaokangQian
9deb90f74e
Change parameter names and code style
...
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-03-25 07:50:56 +00:00
XiaokangQian
5e3c947841
Fix right-shift data loss issue with MBEDTLS_PUT_UINT16_BE in cookie
...
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-03-25 07:50:56 +00:00
XiaokangQian
233397ef88
Update code base on comments
...
Remove state MBEDTLS_SSL_CLIENT_CCS_AFTER_CLIENT_HELLO cause no early data
Change code styles and comments
Fix cookie write issues
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-03-25 07:50:56 +00:00
XiaokangQian
0b64eedba8
Add cookies write in client hello
...
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-03-25 07:50:56 +00:00
Ronald Cron
8d7afc642c
Merge pull request #5523 from ronald-cron-arm/one-flush-output-development
...
TLS 1.3: One flush output
2022-03-21 08:44:04 +01:00
Ronald Cron
a8b38879e1
Move state change from CLIENT_CERTIFICATE_VERIFY to its main handler
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-10 13:58:17 +01:00
Ronald Cron
7a94aca81a
Move state change from CLIENT_CERTIFICATE to its main handler
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-10 13:58:04 +01:00
Ronald Cron
5bb8fc830a
Call Certificate writing generic handler only if necessary
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-09 07:51:52 +01:00
Ronald Cron
9f55f6316e
Move state change from CSS states to their main handler
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-09 07:51:52 +01:00
Ronald Cron
3addfa4964
Move state change from WRITE_CLIENT_HELLO to its main handler
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-09 07:51:52 +01:00
Ronald Cron
9df7c80c78
TLS 1.3: Always go through the CLIENT_CERTIFICATE state
...
Even if certificate authentication is disabled at build
time, go through the MBEDTLS_SSL_CLIENT_CERTIFICATE state.
It simplifies overall the code for a small code size
cost when certificate authentication is disabled at build
time. Furthermore that way we have only one point in the
code where we switch to the handshake keys for record
encryption.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-09 07:50:08 +01:00
Paul Elliott
17f452aec4
Merge pull request #5448 from lhuang04/tls13_alpn
...
Port ALPN support for tls13 client from tls13-prototype
2022-03-08 17:53:38 +00:00
Manuel Pégourié-Gonnard
d815114f93
Merge pull request #5524 from mprse/tls_ecdh_2c
...
TLS ECDH 2c: ECHDE in TLS 1.3 (client-side)
2022-03-08 11:43:45 +01:00
Przemek Stekiel
e894c5c4a5
Fix code style (indentation) in ssl_tls13_generate_and_write_ecdh_key_exchange()
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-03-02 08:45:56 +01:00
Jerry Yu
ca133a34c5
Change state machine
...
Skip CertificateVerfiy if empty certificate or no
CertificateRequest received.
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-02-22 10:17:58 +08:00
Jerry Yu
90f152dfac
fix psk only build fail
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-02-22 10:17:58 +08:00
Jerry Yu
72637c734b
fix write certificate fail
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-02-22 10:17:58 +08:00
Jerry Yu
8511f125af
Add certificteVerify
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-02-22 10:17:58 +08:00
Jerry Yu
5cc3506c9f
Add write certificate and client handler
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-02-22 10:17:58 +08:00
Jerry Yu
566c781290
Add dummy state for client_certifiate
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-02-22 10:17:58 +08:00
Jerry Yu
cc43c6bee5
fix coding style issue
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-02-21 09:06:00 +08:00
Jerry Yu
fb4b6478ee
tls13_only: improve guards of files.
...
To improve readability of the preprocess guards.
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-02-21 09:06:00 +08:00
Przemyslaw Stekiel
0f5ecefbe9
Clean up the code
...
- remove redundant local buffer
- fix code style
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2022-02-15 08:53:36 +01:00
Przemyslaw Stekiel
169f115bf0
ssl_client2: init psa crypto for TLS 1.3 build
...
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2022-02-14 17:15:04 +01:00
lhuang04
86cacac91a
Port ALPN support for tls13 client from tls13-prototype
...
Summary:
Port ALPN implementation of tls13 client from
[tls13-prototype](https://github.com/hannestschofenig/mbedtls/blob/tls13-prototype/library/ssl_tls13_client.c#L1124 ).
Test Plan:
Reviewers:
Subscribers:
Tasks:
Tags:
Signed-off-by: lhuang04 <lhuang04@fb.com>
2022-02-14 08:03:32 -08:00
Przemyslaw Stekiel
4f419e55a1
ssl_tls13_write_key_share_ext: initialize key_exchange_len (compiler warning)
...
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2022-02-14 10:19:53 +01:00
Przemyslaw Stekiel
6d6aabdb0d
Remove unused function: ssl_tls13_check_ecdh_params()
...
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2022-02-14 10:13:10 +01:00
Przemyslaw Stekiel
9e23ddb09d
Change ssl_tls13_read_public_ecdhe_share() to use PSA-specific parsing code.
...
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2022-02-14 10:13:00 +01:00
Przemyslaw Stekiel
ea859c24b7
Change ssl_tls13_generate_and_write_ecdh_key_exchange() to use PSA
...
Generate ECDH private key using psa_generate_key()
Export the public part of the ECDH private key using psa_export_public_key()
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2022-02-11 15:17:05 +01:00
Jerry Yu
7840f81303
fix client_auth fail
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-02-09 19:43:22 +08:00
Ronald Cron
6ca6faa67e
Merge pull request #5080 from xffbai/add-tls13-read-certificate-request
...
add tls1_3 read certificate request
2022-02-09 09:51:55 +01:00
Xiaofei Bai
7c8b6a97b9
Update CertificateRequest skip condition
...
Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com>
2022-02-08 15:21:13 +00:00
Xiaofei Bai
c234ecf695
Update mbedtls_ssl_handshake_free() and address review comments.
...
Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com>
2022-02-08 10:26:42 +00:00
Xiaofei Bai
51f515a503
update based on comments
...
Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com>
2022-02-08 07:28:04 +00:00
Xiaofei Bai
6d42bb430c
Update mbedtls_ssl_handshake_free()
...
Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com>
2022-01-28 10:05:51 +00:00
Xiaofei Bai
82f0a9a1db
Rebase and address review comments
...
Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com>
2022-01-27 07:53:52 +00:00
XiaokangQian
a909061c2a
Refine HRR parse successfully message in test cases
...
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-01-27 03:48:27 +00:00
XiaokangQian
34909746df
Change cookie free code and some comments
...
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-01-27 02:25:04 +00:00