Commit graph

28622 commits

Author SHA1 Message Date
Jerry Yu
95648b0134 Some minor improvement
- move early data check to `prepare`
- avoid `((void) output_len)
- replace check with `session_ticket_allow`  in 2nd place

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-12-06 18:21:16 +08:00
Jerry Yu
c59c586ac4 change prototype of write_early_data_ext
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-12-06 18:21:15 +08:00
Jerry Yu
163e12f7ff remove assignment for session->max_early_data_size
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-12-06 18:21:09 +08:00
Jerry Yu
ebe1de62f9 fix various issue
- rename connection time variable
- remove unnecessary comments

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-12-06 18:20:25 +08:00
Jerry Yu
9e7f9bc253 Add missing debug message
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-12-06 18:20:22 +08:00
Jerry Yu
db97163ac7 add ticket max_early_data_size check
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-12-06 18:20:13 +08:00
Jerry Yu
5233539d9f share write_early_data_ext function
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-12-06 18:18:50 +08:00
Jerry Yu
0069abc141 improve comments of new session ticket
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-12-06 18:18:46 +08:00
Jerry Yu
1a160703f8 set max_early_data_size of ticket to keep consistent
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-12-06 18:18:43 +08:00
Jerry Yu
f135bac89c Add max_early_data_size check
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-12-06 18:18:39 +08:00
Jerry Yu
930ce4cfac Revert "change max_early_data_size source"
This reverts commit 3d8d6a770f3a0f3045820970bc4a5d6ee7df8e10.

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-12-06 18:18:36 +08:00
Jerry Yu
2f5d93b1c9 Revert "set init value for max_early_data_size in session"
This reverts commit 8b02d75ed1af883e135979d24e38c0847e66fede.

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-12-06 18:18:33 +08:00
Jerry Yu
d450fd25ae change max_early_data_size source
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-12-06 18:18:31 +08:00
Jerry Yu
525990fb62 set init value for max_early_data_size in session
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-12-06 18:18:28 +08:00
Jerry Yu
db6fda71e5 improve early data comments
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-12-06 18:17:51 +08:00
Jerry Yu
10795a0c3b replace ticket permission set
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-12-06 18:17:48 +08:00
Jerry Yu
c2b1bc4fb6 replace early data permission check
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-12-06 18:17:46 +08:00
Jerry Yu
4da7c22cd6 add early data flag check function
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-12-06 18:17:44 +08:00
Jerry Yu
ea96ac3da9 fix various issues
- get ticket_flags with function.
- improve output message and check it.
- improve `ssl_server2` help message

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-12-06 18:17:37 +08:00
Jerry Yu
3db60dfe5e rename nst early data write function
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-12-06 18:16:56 +08:00
Jerry Yu
391c943340 Add tests for ticket early data permission bit
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-12-06 18:16:48 +08:00
Jerry Yu
3c2b21ed0e Enable multi max_early_data_size value for connections
For test purpose, we set different value for each
session

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-12-06 18:14:56 +08:00
Jerry Yu
fceddb310e Add early data permission check
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-12-06 18:14:54 +08:00
Jerry Yu
01da35e2c8 add early data extension of NST
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-12-06 18:14:52 +08:00
Valerio Setti
bced8bc8d7 ssl_tls12_server: export/import PK parsed key in TLS side
Instead of setting both algorithm and enrollement algorithm in the
PK module when parsing the key:

- for Weierstrass keys we only set ECDSA algorithm,
- for Montgomery keys we don't set any algorithm.

Reasons:
- PK module can only do ECDSA and not ECDH
- ECDH is only used in TLS
- Montgomery keys cannot be used to do ECDSA, while Weierstrass ones
  can do both ECDSA and ECDH.

So the idea is that once TLS needs the key to do ECDH (either Weierstrass
and Montgomery), it exports the one parsed from the PK module and then
re-imports it setting proper algorithm and flags. In this way the TLS
module will own the new key so it will be its duty to clear it on
exit.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-12-06 10:40:47 +01:00
Xiaokang Qian
611c717c02 Sync the early_data option with internal parameters in ssl_client2
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2023-12-06 09:24:58 +00:00
Valerio Setti
fbbafa0d2d pkparse: do not set key algorithm for Montgomery keys in pk_ecc_set_key()
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-12-06 10:07:34 +01:00
Xiaokang Qian
f8fe11d14d Remove the generic file read functions and simply the early data read
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2023-12-06 07:40:50 +00:00
Ronald Cron
40f3f1c36f
Merge pull request #7058 from yuhaoth/pr/tls13-early-data-parsing-0-rtt-data
TLS 1.3 EarlyData SRV: Parsing 0-RTT data
2023-12-06 06:47:32 +00:00
Xiaokang Qian
eaebedb30b Refine the detect code to enable early data or not
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2023-12-06 02:55:16 +00:00
Xiaokang Qian
b1db72923e Rename the generic read functions to ssl_read_file_text
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2023-12-06 02:33:38 +00:00
Xiaokang Qian
6c678d7543 Improve the comments of early data input
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2023-12-06 02:20:51 +00:00
Jerry Yu
42020fb186 revert output message which used by testing
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-12-05 17:35:53 +08:00
Ronald Cron
a1e867c676
Merge pull request #8576 from yanrayw/issue/fix-tls13-session_negotiate-assignment
TLS13: CLI: EarlyData: Assign ciphersuite after associated verification in EE
2023-12-05 08:31:24 +00:00
Valerio Setti
4ac2c18834 pk_wrap: try both ECDSA signature schemes in ecdsa_sign_psa()
Instead of extracting key's properties in order to check whether it
supports deterministic or non-deterministic ECDSA, we try both.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-12-05 07:59:01 +01:00
Xiaokang Qian
70fbdcf904 Change early data flag to input file
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2023-12-05 05:50:08 +00:00
Jerry Yu
ebb1b1d48f fix ci test failure
"skip parse certificate verify" can not be changed.
It is used in `Authentication: client badcert, server none`
test.

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-12-05 11:02:15 +08:00
Jerry Yu
b55f9eb5c5 fix various issues
- remove unnecessary statements
- improve macro name
- improve output message

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-12-05 10:27:17 +08:00
Valerio Setti
5e18b90c95 config-tfm: disable CIPHER_C
We also add a check in "all.sh" components:
- component_test_tfm_config_p256m_driver_accel_ec
- component_test_tfm_config
to ensure that CIPHER_C was not re-enabled accidentally.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-12-04 15:24:25 +01:00
Valerio Setti
58d0206f39 test_suite_block_cipher: fix depends_on for Camellia tests
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-12-04 15:24:25 +01:00
Valerio Setti
20e93a2a9d driver-only-builds: update documentation for AEADs
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-12-04 15:24:25 +01:00
Valerio Setti
10149c9516 changelog: add changelog for AEAD support without CIPHER_C
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-12-04 15:24:23 +01:00
Gabor Mezei
fe23daf8a3
Remove leftover code from initial changelog support
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2023-12-04 14:37:31 +01:00
Valerio Setti
302a487499 test_driver_key_management: rename counter for export_public_key() hits
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-12-04 11:04:42 +01:00
Valerio Setti
829ce0facf test_driver_cipher: add forced return status for encrypt and set_iv
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-12-04 11:04:42 +01:00
Valerio Setti
7ef35a9b3c test_suite_psa_crypto_driver_wrappers: add counter for failing psa_cipher_update()
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-12-04 11:04:42 +01:00
Valerio Setti
83e0de8481 crypto_extra: revert changes to mbedtls_psa_random_free()
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-12-04 11:04:42 +01:00
Valerio Setti
0ca1868fcd test_suite_psa_crypto_driver_wrappers: fix missing hit counter reset before test
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-12-04 11:04:42 +01:00
Valerio Setti
7448367f68 test_suite_psa_crypto_slot_management: modify check on open key slots
This commit
- Reverts changes previously done to psa_crypto_helpers.[c,h]
- Implements a new check for open key slots in
  mbedtls_test_helper_is_psa_leaking():
   - when CTR_DRBG does not use AES_C or PSA does not have an external
     RNG, then we allow 1 key slot (it's the one holding the AES key)
   - when the above conditions are not met, then we fallback to the
     usual check for "no open key slots remaining"

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-12-04 11:04:42 +01:00
Valerio Setti
7ab90723c4 mbedtls_config: update descriptions of MBEDTLS_CTR_DRBG_C and MBEDTLS_PSA_CRYPTO_C
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-12-04 11:04:42 +01:00