yuzu-emu/mbedtls
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
19357 commits 1 branch 0 tags 94 MiB
Commit graph

193 commits

Author SHA1 Message Date
Ronald Cron
6476726ce4 Fix comments 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-03-31 14:13:57 +02:00
Ronald Cron
ba120bb228 ssl_tls13_client.c: Fix ciphersuite final validation 
As we may offer ciphersuites not compatible with
TLS 1.3 in the ClientHello check that the selected
one is compatible with TLS 1.3.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-03-31 09:35:33 +02:00
Ronald Cron
9847338429 ssl_tls13_client.c: Add check in supported_versions parsing 
Add check in ServerHello supported_versions parsing
that the length of the extension data is exactly
two.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-03-31 09:33:41 +02:00
Ronald Cron
a77fc2756e ssl_tls13_client.c: versions ext writing : Fix available space check 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-03-31 09:27:35 +02:00
Ronald Cron
da41b38c42 Improve and fix comments 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-03-30 14:10:03 +02:00
Ronald Cron
dbe87f08ec Propose TLS 1.3 and TLS 1.2 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-03-29 18:58:31 +02:00
Ronald Cron
9f0fba374c Add logic to switch to TLS 1.2 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-03-29 18:58:31 +02:00
Ronald Cron
27c85e743f ssl_tls.c: Unify TLS 1.2 and TLS 1.3 SSL state logs 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-03-29 18:58:31 +02:00
Ronald Cron
11e1857f5e ssl_client.c: Fix key share code guards 
In TLS 1.3 key sharing is not restricted to key
exchange with certificate authentication. It
happens in the PSK and ephemeral key exchange
mode as well where there is no certificate
authentication.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-03-29 18:58:31 +02:00
Ronald Cron
3d580bf4bd Move TLS 1.3 client hello writing to new TLS 1.2 and 1.3 client file 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-03-29 17:00:29 +02:00
Ronald Cron
8f6d39a81d Make some handshake TLS 1.3 utility routines available for TLS 1.2 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-03-29 14:42:17 +02:00
Ronald Cron
7ffe7ebe38 ssl_tls13_client.c: Add some MBEDTLS_SSL_PROTO_TLS1_3 guards 
Add some MBEDTLS_SSL_PROTO_TLS1_3 guards that will
be necessary when the ClientHello writing code is
made available when MBEDTLS_SSL_PROTO_TLS1_2 is
enabled.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-03-29 14:42:17 +02:00
Ronald Cron
04fbd2b2ff ssl_tls13_client.c: Move writing of TLS 1.3 specific extensions 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-03-29 14:42:17 +02:00
Ronald Cron
5b98ac9c64 TLS 1.3: Move PSA ECDH private key destroy to dedicated function 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-03-29 14:42:17 +02:00
Ronald Cron
60ff79424e ssl_tls13_client.c: alpn: Miscellanous minor improvements 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-03-29 14:39:49 +02:00
Ronald Cron
13d8ea1dd9 ssl_tls13_client.c: alpn: Loop only once over protocol names 
This has although the benefit of getting rid of a
potential integer overflow (though very unlikely
and probably harmless).

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-03-29 14:39:49 +02:00
Ronald Cron
a0855a6d13 ssl_tls13_client.c: alpn: Add missing return value assignment 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-03-29 14:39:49 +02:00
XiaokangQian
c02768a399 Replace ssl->handshake with handshake in write_cookie_ext() 
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-03-25 07:50:56 +00:00
XiaokangQian
9b93c0dd8d Change cookie parameters for dtls and tls 1.3 
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-03-25 07:50:56 +00:00
XiaokangQian
25c9c9023c Refine cookie len to fix compile issues 
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-03-25 07:50:56 +00:00
XiaokangQian
9deb90f74e Change parameter names and code style 
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-03-25 07:50:56 +00:00
XiaokangQian
5e3c947841 Fix right-shift data loss issue with MBEDTLS_PUT_UINT16_BE in cookie 
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-03-25 07:50:56 +00:00
XiaokangQian
233397ef88 Update code base on comments 
Remove state MBEDTLS_SSL_CLIENT_CCS_AFTER_CLIENT_HELLO cause no early data
Change code styles and comments
Fix cookie write issues

Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-03-25 07:50:56 +00:00
XiaokangQian
0b64eedba8 Add cookies write in client hello 
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-03-25 07:50:56 +00:00
Ronald Cron
8d7afc642c
Merge pull request #5523 from ronald-cron-arm/one-flush-output-development 
TLS 1.3: One flush output
 2022-03-21 08:44:04 +01:00
Ronald Cron
a8b38879e1 Move state change from CLIENT_CERTIFICATE_VERIFY to its main handler 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-03-10 13:58:17 +01:00
Ronald Cron
7a94aca81a Move state change from CLIENT_CERTIFICATE to its main handler 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-03-10 13:58:04 +01:00
Ronald Cron
5bb8fc830a Call Certificate writing generic handler only if necessary 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-03-09 07:51:52 +01:00
Ronald Cron
9f55f6316e Move state change from CSS states to their main handler 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-03-09 07:51:52 +01:00
Ronald Cron
3addfa4964 Move state change from WRITE_CLIENT_HELLO to its main handler 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-03-09 07:51:52 +01:00
Ronald Cron
9df7c80c78 TLS 1.3: Always go through the CLIENT_CERTIFICATE state 
Even if certificate authentication is disabled at build
time, go through the MBEDTLS_SSL_CLIENT_CERTIFICATE state.
It simplifies overall the code for a small code size
cost when certificate authentication is disabled at build
time. Furthermore that way we have only one point in the
code where we switch to the handshake keys for record
encryption.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-03-09 07:50:08 +01:00
Paul Elliott
17f452aec4
Merge pull request #5448 from lhuang04/tls13_alpn 
Port ALPN support for tls13 client from tls13-prototype
 2022-03-08 17:53:38 +00:00
Manuel Pégourié-Gonnard
d815114f93
Merge pull request #5524 from mprse/tls_ecdh_2c 
TLS ECDH 2c: ECHDE in TLS 1.3 (client-side)
 2022-03-08 11:43:45 +01:00
Przemek Stekiel
e894c5c4a5 Fix code style (indentation) in ssl_tls13_generate_and_write_ecdh_key_exchange() 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-03-02 08:45:56 +01:00
Jerry Yu
ca133a34c5 Change state machine 
Skip CertificateVerfiy if empty certificate or no
CertificateRequest received.

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-02-22 10:17:58 +08:00
Jerry Yu
90f152dfac fix psk only build fail 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-02-22 10:17:58 +08:00
Jerry Yu
72637c734b fix write certificate fail 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-02-22 10:17:58 +08:00
Jerry Yu
8511f125af Add certificteVerify 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-02-22 10:17:58 +08:00
Jerry Yu
5cc3506c9f Add write certificate and client handler 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-02-22 10:17:58 +08:00
Jerry Yu
566c781290 Add dummy state for client_certifiate 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-02-22 10:17:58 +08:00
Jerry Yu
cc43c6bee5 fix coding style issue 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-02-21 09:06:00 +08:00
Jerry Yu
fb4b6478ee tls13_only: improve guards of files. 
To improve readability of the preprocess guards.

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-02-21 09:06:00 +08:00
Przemyslaw Stekiel
0f5ecefbe9 Clean up the code 
- remove redundant local buffer
- fix code style

Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-02-15 08:53:36 +01:00
Przemyslaw Stekiel
169f115bf0 ssl_client2: init psa crypto for TLS 1.3 build 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-02-14 17:15:04 +01:00
lhuang04
86cacac91a Port ALPN support for tls13 client from tls13-prototype 
Summary:
Port ALPN implementation of tls13 client from
[tls13-prototype](https://github.com/hannestschofenig/mbedtls/blob/tls13-prototype/library/ssl_tls13_client.c#L1124).

Test Plan:

Reviewers:

Subscribers:

Tasks:

Tags:
Signed-off-by: lhuang04 <lhuang04@fb.com>
 2022-02-14 08:03:32 -08:00
Przemyslaw Stekiel
4f419e55a1 ssl_tls13_write_key_share_ext: initialize key_exchange_len (compiler warning) 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-02-14 10:19:53 +01:00
Przemyslaw Stekiel
6d6aabdb0d Remove unused function: ssl_tls13_check_ecdh_params() 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-02-14 10:13:10 +01:00
Przemyslaw Stekiel
9e23ddb09d Change ssl_tls13_read_public_ecdhe_share() to use PSA-specific parsing code. 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-02-14 10:13:00 +01:00
Przemyslaw Stekiel
ea859c24b7 Change ssl_tls13_generate_and_write_ecdh_key_exchange() to use PSA 
Generate ECDH private key using psa_generate_key()
Export the public part of the ECDH private key using psa_export_public_key()

Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-02-11 15:17:05 +01:00
Jerry Yu
7840f81303 fix client_auth fail 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-02-09 19:43:22 +08:00