Commit graph

384 commits

Author SHA1 Message Date
Jerry Yu
ac5ca5a0ea Refactor cookie members of handshake struct
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-12-05 19:58:45 +08:00
Jerry Yu
3ce61ffca6 fix comments and function name issues
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-11-28 17:34:06 +08:00
Jerry Yu
3d9b590f02 guards transform_earlydata
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-11-28 17:34:06 +08:00
Dave Rodgman
bf9b23abf8
Merge pull request #6648 from gilles-peskine-arm/psa-ecb-null-0
Fix NULL+0 undefined behavior in PSA crypto ECB
2022-11-25 17:07:46 +00:00
Gilles Peskine
5a34b36bbd Remove more now-redundant definitions of inline
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-11-25 13:26:44 +01:00
Manuel Pégourié-Gonnard
ef25a99f20
Merge pull request #6533 from valeriosetti/issue5847
Use PSA EC-JPAKE in TLS (1.2) - Part 2
2022-11-23 13:27:30 +01:00
Valerio Setti
d4a9b1ab8d tls: psa_pake: remove useless defines and fix a comment
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2022-11-22 11:11:10 +01:00
Valerio Setti
6b3dab03b5 tls: psa_pake: use a single function for round one and two in key exchange read/write
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2022-11-17 17:14:54 +01:00
Valerio Setti
9bed8ec5d8 tls: psa_pake: make round two reading function symmatric to the writing one
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2022-11-17 16:36:19 +01:00
Valerio Setti
a08b1a40a0 tls: psa_pake: move move key exchange read/write functions to ssl_tls.c
Inlined functions might cause the compiled code to have different sizes
depending on the usage and this not acceptable in some cases.
Therefore read/write functions used in the initial key exchange are
moved to a standard C file.

Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2022-11-17 16:34:59 +01:00
Valerio Setti
4a9caaa0c9 tls12: psa_pake: check elliptic curve's TLS ID on handshake
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2022-11-16 14:50:10 +01:00
Valerio Setti
fbbc1f3812 tls12: psa_pake: use proper defines for the output size of each step in ECJPAKE
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2022-11-16 14:49:52 +01:00
Valerio Setti
02c25b5f83 tls12: psa_pake: use common code for parsing/writing round one and round two data
Share a common parsing code for both server and client for parsing
round one and two.

Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2022-11-16 13:56:12 +01:00
Xiaokang Qian
a042b8406d Address some format issues
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2022-11-14 03:16:19 +00:00
Xiaokang Qian
f447e8a8d3 Address comments base on reviews
Improve early data indication check
Update test case to gnutls server

Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2022-11-14 03:15:36 +00:00
Xiaokang Qian
ecc2948f21 Fix format issues
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2022-11-14 03:15:05 +00:00
Xiaokang Qian
338f727683 Move EARLY_DATA_OFF/ON guard to ssl_misc.h
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2022-11-14 03:15:03 +00:00
Xiaokang Qian
b781a2323c Move ssl_tls13_has_configured_ticket() back to tls13 client
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2022-11-14 03:13:51 +00:00
Xiaokang Qian
893ad81966 Remove useless early_secrets field
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2022-11-14 03:13:51 +00:00
Xiaokang Qian
0e97d4d16d Add early data indication to client side
Add fields to mbedtls_ssl_context
Add write early data indication function
Add check whether write early data indication
Add early data option to ssl_client2
Add test cases for early data

Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2022-11-14 03:13:50 +00:00
Jerry Yu
b95dd3683b Add missing mask set and tls13 unrecognized extension
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-11-08 23:51:38 +08:00
Jerry Yu
ea52ed91cf fix typo and spell issues
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-11-08 21:01:17 +08:00
Neil Armstrong
ca7d506556 Use PSA PAKE API when MBEDTLS_USE_PSA_CRYPTO is selected
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2022-11-08 10:58:45 +01:00
Jerry Yu
d25cab0327 Refactor debug helpers for exts and hs message
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-11-06 11:54:21 +08:00
Jerry Yu
df0ad658a3 tls13: Add allowed extesions constants.
- And refactor check_received_extension

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-11-02 21:35:27 +08:00
Jerry Yu
7a485c1fdf Add ext id and utilities
- Remove `MBEDTLS_SSL_EXT_*`
- Add macros and functions for translating iana identifer.
- Add internal identity for extension

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-10-31 16:41:42 +08:00
Jerry Yu
c4bf5d658e fix various issues
- Signature of
  - mbedtls_tls13_set_hs_sent_ext_mask
  - check_received_extension and issues
- Also fix comment issue.
- improve readablity.

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-10-31 16:41:42 +08:00
Jerry Yu
03112ae022 change input extension_type
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-10-31 16:41:42 +08:00
Jerry Yu
0c354a211b introduce sent/recv extensions field
And remove `extensions_present`

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-10-31 16:41:42 +08:00
Jerry Yu
ffa1582793 move get_extension mask
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-10-31 16:41:42 +08:00
Jerry Yu
d15992d3ce fix wrong setting of unrecognized ext
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-10-31 16:41:42 +08:00
Jerry Yu
e18dc7eb9a Add forbidden extensions check for ClientHello
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-10-31 16:41:42 +08:00
Ronald Cron
73fe8df922 Introduce and use MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED
Introduce and use
MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED to
guard TLS code (both 1.2 and 1.3) specific
to handshakes involving PSKs.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-10-22 14:42:04 +02:00
Ronald Cron
e68ab4f55e Introduce and use MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED
Introduce and use
MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED to
guard TLS code (both TLS 1.2 and 1.3) specific
to handshakes involving certificates.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-10-22 14:42:04 +02:00
Ronald Cron
41a443a68d tls13: Use MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK.*ENABLED
Use MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED
instead of MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED to guard
code specific to one of the TLS 1.3 key exchange mode with
PSK.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-10-22 14:42:04 +02:00
Ronald Cron
928cbd34e7 tls13: Use MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Use MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
instead of MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED to guard
code specific to the TLS 1.3 ephemeral key exchange mode.

Use it also for the dependencies of TLS 1.3 only tests
relying on ephemeral key exchange mode, but for
tests in tls13-kex-modes.sh where the change is done
later using all
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_.*ENABLED macros.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-10-22 14:42:04 +02:00
Ronald Cron
d29e13eb1b tls: Use the same function in TLS 1.2 and 1.3 to check PSK conf
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-10-21 14:34:20 +02:00
Ronald Cron
3b056202d3 tls13: keys: Do not use handshake->premaster
`handshake->premaster` was used to store the
(EC)DHE shared secret but in TLS 1.3 there is
no need to store it in a context.

Futhermore, `handshake->premaster` and more
specifically its sizing is TLS 1.2 specific
thus better to not use it in TLS 1.3.

Allocate a buffer to store the shared secret
instead. Allocation instead of a stack buffer
as the maintenance of the size of such buffer
is harder (new elliptic curve for ECDHE,
support for FFDHE ... ).

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-10-21 14:34:20 +02:00
Xiaokang Qian
ed3afcd6c3 Fix various typo and macro guards issues
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2022-10-12 11:06:51 +00:00
Xiaokang Qian
ed0620cb13 Refine code base on comments
Move code to proper macro guards protection
Fix typo issues

Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2022-10-12 11:06:51 +00:00
Xiaokang Qian
03409290d2 Add MBEDTLS_SSL_SESSION_TICKETS guard to server name check
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2022-10-12 11:06:51 +00:00
Xiaokang Qian
a3b451f950 Adress kinds of comments base on review
Rename function name to mbedtls_ssl_session_set_hostname
Add two extra check cases for server name
Fix some coding styles

Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2022-10-12 11:06:51 +00:00
Xiaokang Qian
2f9efd3038 Address comments base on review
Change function name to ssl_session_set_hostname()
Remove hostname_len
Change hostname to c_string
Update test cases to multi session tickets

Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2022-10-12 11:06:49 +00:00
Xiaokang Qian
bc663a0461 Refine code based on commnets
Change code layout
Change hostname_len type to size_t
Fix various issues

Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2022-10-12 11:06:01 +00:00
Paul Elliott
2c282c9bd0
Merge pull request #6180 from yuhaoth/pr/add-tls13-multiple-session-tickets
TLS 1.3: NewSessionTicket: Add support for sending multiple tickets per session.
2022-09-23 15:48:33 +01:00
Jerry Yu
f3bdf9dd51 fix various issues
- improve document about configuration item.
- format issue
- variable type issue.

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-09-22 23:47:14 +08:00
Jerry Yu
d0766eca58 fix various issues
- Improve comments
- Align count variable name to `new_session_tickets_count`
- move tickets_count init to handshake init

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-09-22 13:21:29 +08:00
Manuel Pégourié-Gonnard
d433cd7d07
Merge pull request #6283 from mpg/driver-only-hashes-wrap-up
Driver only hashes wrap-up
2022-09-21 08:29:46 +02:00
Jerry Yu
d4e7500a07 Enable multi session tickets on Server
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-09-19 14:24:03 +08:00
Ronald Cron
be0224aef3
Merge pull request #6167 from yuhaoth/pr/finalize-tls13-session-tickets 2022-09-18 21:18:13 +02:00