Commit graph

31 commits

Author SHA1 Message Date
Ronald Cron
38b8aa4f63
Merge pull request #5539 from xkqian/add_client_hello_to_server
Add client hello into server side
2022-04-22 10:26:00 +02:00
XiaokangQian
75d40ef8cb Refine code base on review
Remove useless hrr code
Share validate_cipher_suit between client and server
Fix test failure when tls13 only in server side

Change-Id: I5d6a7932bd8448ebf542bc86cdcab8862bc28e9b
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-04-20 11:05:24 +00:00
Ronald Cron
fd8cbda3ec Remove ECDH code specific to TLS 1.3
ECDH operations in TLS 1.3 are now done through PSA.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-04-19 18:31:24 +02:00
Glenn Strauss
cd78df6aa4 handshake->min_minor_ver to ->min_tls_version
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
2022-04-14 15:40:14 -04:00
Glenn Strauss
e3af4cb72a mbedtls_ssl_(read|write)_version using tls_version
remove use of MBEDTLS_SSL_MINOR_VERSION_*
remove use of MBEDTLS_SSL_MAJOR_VERSION_*
(only remaining use is in tests/suites/test_suite_ssl.data)

Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
2022-04-14 15:40:14 -04:00
Glenn Strauss
60bfe60d0f mbedtls_ssl_ciphersuite_t min_tls_version,max_tls_version
Store the TLS version in tls_version instead of major, minor version num

Note: existing application use which accesses the struct member
(using MBEDTLS_PRIVATE) is not compatible, as the struct is now smaller.

Reduce size of mbedtls_ssl_ciphersuite_t

members are defined using integral types instead of enums in
order to pack structure and reduce memory usage by internal
ciphersuite_definitions[]

Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
2022-04-14 15:40:12 -04:00
Glenn Strauss
2dfcea2b9d mbedtls_ssl_config min_tls_version, max_tls_version
Store the TLS version in tls_version instead of major, minor version num

Note: existing application use which accesses the struct member
(using MBEDTLS_PRIVATE) is not compatible on little-endian platforms,
but is compatible on big-endian platforms.  For systems supporting
only TLSv1.2, the underlying values are the same (=> 3).

New setter functions are more type-safe,
taking argument as enum mbedtls_ssl_protocol_version:
mbedtls_ssl_conf_max_tls_version()
mbedtls_ssl_conf_min_tls_version()

Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
2022-04-14 15:39:43 -04:00
Glenn Strauss
da7851c825 Rename mbedtls_ssl_session minor_ver to tls_version
Store the TLS version instead of minor version number in tls_version.

Note: struct member size changed from unsigned char to uint16_t
Due to standard structure padding, the structure size does not change
unless alignment is 1-byte (instead of 2-byte or more)

Note: existing application use which accesses the struct member
(using MBEDTLS_PRIVATE) is compatible on little-endian platforms,
but not compatible on big-endian platforms.  The enum values for
the lower byte of MBEDTLS_SSL_VERSION_TLS1_2 and of
MBEDTLS_SSL_VERSION_TLS1_3 matches MBEDTLS_SSL_MINOR_VERSION_3 and
MBEDTLS_SSL_MINOR_VERSION_4, respectively.

Note: care has been taken to preserve serialized session format,
which uses only the lower byte of the TLS version.

Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
2022-04-14 15:23:57 -04:00
Ronald Cron
11218dda96 ssl_client.c: Fix unused parameter
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-31 18:25:27 +02:00
Ronald Cron
6476726ce4 Fix comments
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-31 14:13:57 +02:00
Ronald Cron
757a2abfe2 ssl_client.c: Extend and export ciphersuite validation function
Extend and export ciphersuite validation function
to be able to use it in TLS 1.2/3 specific code.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-31 09:35:33 +02:00
Ronald Cron
f735cf1f0f ssl_tls.c: Fix ciphersuite selection regarding protocol version
Use the actual minimum and maximum of the minor
version to be negotiated to filter ciphersuites
to propose rather than the ones from the
configuration.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-31 09:35:33 +02:00
Ronald Cron
3cffc5ccb1 tls: Remove unnecessary checks of MBEDTLS_CIPHERSUITE_NODTLS
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-30 21:59:44 +02:00
Ronald Cron
150d579d7a ssl_client.c: Improve coding style
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-30 21:58:50 +02:00
Ronald Cron
da41b38c42 Improve and fix comments
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-30 14:10:03 +02:00
Ronald Cron
8ecd9937a9 ssl_client.c: Fix state change for DTLS 1.2
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-29 18:58:31 +02:00
Ronald Cron
fbd9f99f10 ssl_tls.c: Move some client specific functions to ssl_client.c
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-29 18:58:31 +02:00
Ronald Cron
5f4e91253f ssl_client.c: Add DTLS ClientHello message sending specifics
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-29 18:58:31 +02:00
Ronald Cron
4079abc7d1 ssl_client.c: Adapt extensions writing to the TLS 1.2 case
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-29 18:58:31 +02:00
Ronald Cron
11e1857f5e ssl_client.c: Fix key share code guards
In TLS 1.3 key sharing is not restricted to key
exchange with certificate authentication. It
happens in the PSK and ephemeral key exchange
mode as well where there is no certificate
authentication.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-29 18:58:31 +02:00
Ronald Cron
df823bf39b ssl_client.c: Re-order partially extension writing
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-29 18:57:54 +02:00
Ronald Cron
42c1cbf1de ssl_client.c: Adapt compression methods comment to TLS 1.2 case
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-29 18:56:58 +02:00
Ronald Cron
d491c2d779 ssl_client.c: Adapt ciphersuite writing to TLS 1.2 case
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-29 17:17:57 +02:00
Ronald Cron
a874aa818a ssl_client.c: Add DTLS 1.2 cookie support
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-29 17:17:57 +02:00
Ronald Cron
021b1785ef ssl_client.c: Adapt session id generation to the TLS 1.2 case
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-29 17:17:57 +02:00
Ronald Cron
58b803818d ssl_client.c: Adapt TLS random generation and writing to TLS 1.2 case
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-29 17:17:50 +02:00
Ronald Cron
1614eb668c ssl_client.c: Adapt TLS version writing to TLS 1.2 case
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-29 17:00:29 +02:00
Ronald Cron
86a477f5ee ssl_client.c: Adapt initial version selection to TLS 1.2 case
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-29 17:00:29 +02:00
Ronald Cron
5456a7f89c ssl_client.c: Expand ssl_write_client_hello_body doc with TLS 1.2 case
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-29 17:00:29 +02:00
Ronald Cron
71c2332860 ssl_client.c: Rename TLS 1.3 ClientHello writing functions
Rename TLS 1.3 ClientHello writing functions
aiming to support TLS 1.2 as well.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-29 17:00:29 +02:00
Ronald Cron
3d580bf4bd Move TLS 1.3 client hello writing to new TLS 1.2 and 1.3 client file
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-29 17:00:29 +02:00