yuzu-mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-mirror/mbedtls.git synced 2025-12-06 07:12:32 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity
28238 commits 89 branches 205 tags 114 MiB
Commit graph

371 commits

Author SHA1 Message Date
Ronald Cron 606671e06e tls13: server: Check mbedtls_ssl_set_hs_psk returned value 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2023-02-20 11:42:19 +01:00
Pengyu Lv 52ad333040 simplify helper function name 
Rename ssl_tls13_check_psk_mode_allowed_by_ticket to
ssl_tls13_ticket_permission_check

Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
 2023-02-14 14:32:37 +08:00
Xiaokang Qian 934ce6f6a9 Rename the finalize_client{server}_hello() 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2023-02-08 05:47:48 +00:00
Pengyu Lv 306a01da4d refactor: move ticket_flags check into a function 
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
 2023-02-02 16:57:49 +08:00
Pengyu Lv 766796839b Revert "TLS 1.3: SRV: Validate kex modes when parsing psk" 
This reverts commit f8e50a9607.

Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
 2023-02-02 16:57:42 +08:00
Pengyu Lv dadeb20383 TLS 1.3: SRV: Don't select ephemeral mode on resumption 
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
 2023-01-18 17:42:26 +08:00
Pengyu Lv f8e50a9607 TLS 1.3: SRV: Validate kex modes when parsing psk 
On resumption, after the psk identity is matched, we
should check if psk and/or psk_ephemeral, which are
allowed by session ticket, are valid to be selected.

Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
 2023-01-18 17:42:12 +08:00
Pengyu Lv 0b740bc85b TLS 1.3: SRV: Check ticket_flags in kex mode determination 
When determining the key exchange mode, ticket_flags
should be checked so that the server won't select the
kex mode that is forbidden from session ticket.

Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
 2023-01-18 17:37:57 +08:00
Pengyu Lv e2f1dbf5ae update docs of ssl_client2 and improve code format 
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
 2023-01-16 12:38:12 +08:00
Pengyu Lv 4938a566bf refine ticket_flags printing helper 
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
 2023-01-16 11:28:49 +08:00
Pengyu Lv 3643fdbab9 refine the state setting in tls13_handshake_wrapup 
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
 2023-01-13 11:06:02 +08:00
Pengyu Lv 189465306d remove MBEDTLS_ERR_SSL_TICKET_INVALID_KEX_MODE error 
Return MBEDTLS_ERR_ERROR_GENERIC_ERROR when ticket_flags
are not compatible with advertised key exchange mode.

Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
 2023-01-13 11:06:00 +08:00
Pengyu Lv 80270b2151 rename ticket_flags helper functions to generic ones 
Ticket flags is quite generic and may make sense in the
future versions of TLS or even in TLS 1.2 with new
extensions. This change remane the ticket_flags helper
functions with more generic `mbedtls_ssl_session` prefix
instead of `mbedtls_ssl_tls13_session`.

Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
 2023-01-13 11:05:59 +08:00
Pengyu Lv a1aa31b8b1 fix review comments 
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
 2023-01-13 11:05:58 +08:00
Pengyu Lv 9eacb44a5e improve code format and readability 
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
 2023-01-13 11:05:57 +08:00
Pengyu Lv e6487fe3c2 guard tls13_kex_modes related function calls with macro 
Handshake parameter field, tls13_kex_mode is only valid when
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED is set.
So, any functions / calls should be guarded by this macros.

Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
 2023-01-13 11:05:55 +08:00
Pengyu Lv 3eb49be6a8 move kex mode check in ticket_flags to psks_check_identity_match_ticket 
Move the kex mode check in ticket_flags to
ssl_tls13_offered_psks_check_identity_match_ticket and add new error
'MBEDTLS_ERR_SSL_TICKET_INVALID_KEX_MODE' to indicate the check
failure.

Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
 2023-01-13 11:05:55 +08:00
Pengyu Lv c7af2c4f8c tls13: send new session ticket only when client supports psk 
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
 2023-01-13 11:05:54 +08:00
Pengyu Lv c55eeb682d tls13: check if the session ticket is compatible with key exchange modes 
The server check if the ticket_flags is compatible with the advertised
key exchange modes in Pre-Shared Key Exchange Modes extension. The
incompatible ticket should be mark as not matched.

Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
 2023-01-13 11:05:53 +08:00
Pengyu Lv 9f92695c8d tls13: set key exchange mode in ticket_flags on client/server 
Set the ticket_flags when:
  - server: preparing NST (new session ticket) message
  - client: postprocessing NST message

Clear the ticket_flags when:
  - server: preparing NST message
  - client: parsing NST message

Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
 2023-01-13 11:05:53 +08:00
Gilles Peskine 449bd8303e Switch to the new code style 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-01-11 14:50:10 +01:00
Jerry Yu 141bbe7bee tls13: Adjust include files 
- remove duplicate and unused included
- Adjust the order to system, mbedtls global, local.

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-12-09 09:51:20 +08:00
Tom Cosgrove 1797b05602 Fix typos prior to release 
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
 2022-12-04 17:19:59 +00:00
Jerry Yu a8d3c5048f Rename new session ticket name for TLS 1.3 
NewSessionTicket is different with TLS 1.2.
It should not share same state.

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-11-19 20:12:35 +08:00
Jerry Yu 97be6a913e fix various issues 
- typo error
- replace `ssl->hanshake` with handshake

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-11-09 22:43:31 +08:00
Jerry Yu 7de2ff0310 Refactor extension list print 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-11-08 23:51:39 +08:00
Jerry Yu 79aa721ade Rename ext print function and macro 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-11-08 23:51:39 +08:00
Jerry Yu b95dd3683b Add missing mask set and tls13 unrecognized extension 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-11-08 23:51:38 +08:00
Jerry Yu c437ee3bac fix wrong return value 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-11-08 21:04:15 +08:00
Jerry Yu e5991328ff fix tls13 psk only test fail 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-11-08 16:16:29 +08:00
Jerry Yu 50e00e3ac6 Refactor server hello 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-11-06 11:54:22 +08:00
Jerry Yu edab637b51 Refactor new session ticket 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-11-06 11:54:22 +08:00
Jerry Yu 63a459cde5 Refactor client_hello parser and writer 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-11-06 11:54:21 +08:00
Jerry Yu 4b8f2f7266 Refactor sent extension message output 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-11-06 11:54:21 +08:00
Jerry Yu c4bf5d658e fix various issues 
- Signature of
  - mbedtls_tls13_set_hs_sent_ext_mask
  - check_received_extension and issues
- Also fix comment issue.
- improve readablity.

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-10-31 16:41:42 +08:00
Jerry Yu 0c354a211b introduce sent/recv extensions field 
And remove `extensions_present`

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-10-31 16:41:42 +08:00
Jerry Yu e18dc7eb9a Add forbidden extensions check for ClientHello 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-10-31 16:41:42 +08:00
Jerry Yu 471dee5a12 Add debug helpers to track extensions 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-10-31 16:41:42 +08:00
Ronald Cron 04e2133f45
Merge pull request #6482 from ronald-cron-arm/tls13-misc 
TLS 1.3: Update documentation for the coming release and misc
 2022-10-28 11:09:03 +02:00
Ronald Cron eac00ad2a6 tls13: server: Note down client not being authenticated in SSL context 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-10-25 20:02:03 +02:00
Gilles Peskine 744fd37d23
Merge pull request #6467 from davidhorstmann-arm/fix-unusual-macros-0 
Fix unusual macros
 2022-10-25 19:55:29 +02:00
Ronald Cron 766c0cdb1f tls13: Add missing kex guards 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-10-22 14:42:04 +02:00
Ronald Cron 41a443a68d tls13: Use MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK.*ENABLED 
Use MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED
instead of MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED to guard
code specific to one of the TLS 1.3 key exchange mode with
PSK.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-10-22 14:42:04 +02:00
Ronald Cron 928cbd34e7 tls13: Use MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 
Use MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
instead of MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED to guard
code specific to the TLS 1.3 ephemeral key exchange mode.

Use it also for the dependencies of TLS 1.3 only tests
relying on ephemeral key exchange mode, but for
tests in tls13-kex-modes.sh where the change is done
later using all
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_.*ENABLED macros.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-10-22 14:42:04 +02:00
Ronald Cron 49e4184812
Merge pull request #6299 from xkqian/tls13_add_servername_check 
Add server name check when proposing pre-share key
 2022-10-13 16:00:59 +02:00
Gilles Peskine 0fe6631486
Merge pull request #6291 from gilles-peskine-arm/platform.h-unconditional-3.2 
Include platform.h unconditionally
 2022-10-13 10:19:22 +02:00
Xiaokang Qian 28af501cae Fix the ticket_lifetime equal to 0 issue 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2022-10-13 08:18:19 +00:00
Xiaokang Qian be98f96de2 Remove useless hostname check in server side 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2022-10-12 11:03:44 +00:00
Xiaokang Qian 281fd1bdd8 Add server name check when proposeing pre-share key 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2022-10-12 11:03:41 +00:00
Jerry Yu c2bfaf00d9 fix wrong typo 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-10-11 18:07:19 +08:00
Jerry Yu 03aa174d7c Improve test message and title 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-10-10 21:48:37 +08:00
Jerry Yu a99cbfa2d3 fix various issues 
- rename function and variable
- change signature of `ssl_tls13_has_configured_psk`
- remove unnecessary statements
- remove unnecessary local variables
- wrong variable initial value
- improve output message

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-10-08 14:35:47 +08:00
David Horstmann 21b89761f8 Refactor macro-spanning if in ssl_tls13_server.c 
Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2022-10-07 14:08:42 +01:00
Jerry Yu 25ab654781 Add dummy ticket support 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-10-07 10:11:05 +08:00
Manuel Pégourié-Gonnard e3358e14b2
Merge pull request #6051 from mprse/permissions_2b_v2 
Permissions 2b: TLS 1.3 sigalg selection
 2022-09-28 09:50:04 +02:00
Ronald Cron b72dac4ed7 Fix PSA identifier of RSA_PKCS1V15 signing algorithms 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-09-27 09:25:47 +02:00
Paul Elliott 2c282c9bd0
Merge pull request #6180 from yuhaoth/pr/add-tls13-multiple-session-tickets 
TLS 1.3: NewSessionTicket: Add support for sending multiple tickets per session.
 2022-09-23 15:48:33 +01:00
Jerry Yu 359e65f784 limit session ticket number when resumption 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-09-22 23:47:43 +08:00
Gilles Peskine 07ba2be20b
Merge pull request #6304 from yuhaoth/pr/exclude-pre_shared_key-from-hrr-msg 
TLS 1.3: PSK: Exclude pre_shared_key for HRR
 2022-09-22 10:21:06 +02:00
Jerry Yu b7e3fa7fbd move count decrement after success sent 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-09-22 13:21:29 +08:00
Jerry Yu d0766eca58 fix various issues 
- Improve comments
- Align count variable name to `new_session_tickets_count`
- move tickets_count init to handshake init

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-09-22 13:21:29 +08:00
Ronald Cron 67ea2543ed tls13: server: Add sig alg checks when selecting best certificate 
When selecting the server certificate based on
the signature algorithms supported by the client,
check the signature algorithms as close as possible
to the way they are checked to compute the
signature for the server to prove it possesses
the private key associated to the certificate.

That way we minimize the odds of selecting a
certificate for which the server will not be
able to compute the signature to prove it
possesses the private key associated to the
certificate.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-09-20 14:26:32 +02:00
Jerry Yu d4e7500a07 Enable multi session tickets on Server 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-09-19 14:24:03 +08:00
Ronald Cron be0224aef3
Merge pull request #6167 from yuhaoth/pr/finalize-tls13-session-tickets 2022-09-18 21:18:13 +02:00
Jerry Yu ad4d2bb3e1 Exclude pre_shared_key for HRR 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-09-16 18:16:49 +08:00
Gilles Peskine 945b23c46f Include platform.h unconditionally: automatic part 
We used to include platform.h only when MBEDTLS_PLATFORM_C was enabled, and
to define ad hoc replacements for mbedtls_xxx functions on a case-by-case
basis when MBEDTLS_PLATFORM_C was disabled. The only reason for this
complication was to allow building individual source modules without copying
platform.h. This is not something we support or recommend anymore, so get
rid of the complication: include platform.h unconditionally.

There should be no change in behavior since just including the header should
not change the behavior of a program.

This commit replaces most occurrences of conditional inclusion of
platform.h, using the following code:

```
perl -i -0777 -pe 's!#if.*\n#include "mbedtls/platform.h"\n(#else.*\n(#define (mbedtls|MBEDTLS)_.*\n|#include <(stdarg|stddef|stdio|stdlib|string|time)\.h>\n)*)?#endif.*!#include "mbedtls/platform.h"!mg' $(git grep -l '#include "mbedtls/platform.h"')
```

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-09-15 20:33:07 +02:00
Jerry Yu 0a55cc647c Remove unnecessary var and improve comment 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-09-15 16:15:06 +08:00
Jerry Yu f7dad3cfbe fix various issues 
- Naming
- format
- Reduce negative tolerance window

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-09-14 22:31:39 +08:00
Jerry Yu acff823846 Add negative tolerance window 
If `now == session->start` or the timer of
client is faster than server, client age might
be bigger than server.

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-09-14 14:50:44 +08:00
Jerry Yu 4746b10c2e fix various issues 
- Format issues
- Possible memory leak
- Improve naming and comment issues

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-09-13 15:37:46 +08:00
Jerry Yu 8d4bbbae4f fix ticket age check issues 
- Ticket age and ticket age add, obfuscated age
  use different unit. Align the units to million
  seconds.
- Add maximum ticket age check. Until now,
  ticket_lifetime is not recorded in server side.
  Check it with maximum ticket_lifetime.
- Free session when error found.

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-09-13 15:37:46 +08:00
Jerry Yu 466dda8553 Rename resumption master secret compute function 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-09-13 14:28:15 +08:00
Jerry Yu 58af2335d9 Add possible group tests for psk with ECDHE 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-09-06 14:49:39 +08:00
Jerry Yu fd310ebf2d fix coding style issues 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-09-06 09:16:35 +08:00
Jerry Yu 8253486c4f Add session ticket support for server 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-08-31 23:24:25 +08:00
Jerry Yu 95699e72f3 Add session ticket identity check 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-08-31 23:24:25 +08:00
Jerry Yu 1e05b6dd6d fix coding style and unnecessary assignment 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-08-31 10:35:52 +08:00
Jerry Yu e5834fd0d7 remove unnecessary test 
also optimize check sum

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-08-29 20:33:33 +08:00
Jerry Yu 0baf907e11 remove select_ciphersuite 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-08-25 11:21:04 +08:00
Jerry Yu c5a23a0f12 fix various issues 
- code style
- variable initialize
- update comments


Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-08-25 11:09:35 +08:00
Jerry Yu f35ba384ff Add select ciphersuite entry function 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-08-23 22:01:58 +08:00
Jerry Yu dd1bef788e Add ciphersuite_info check 
return null if no valid ciphersuite info

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-08-23 17:57:02 +08:00
Jerry Yu 29d9faa468 fix various issues. 
- comments issues
- code format style issues
- naming improvement.
- error return improvements

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-08-23 17:53:43 +08:00
Jerry Yu 5725f1cf3a Align ciphersuite with overwrite. 
Selected ciphersuite MUST be same with ciphsersuite of PSK.
Overwrite the old ciphersuite with the one of PSK.

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-08-21 17:50:27 +08:00
Jerry Yu 9f7f646b11 Revert "remove psk key when ephemeral selected" 
This reverts commit 5c28e7aa0e.

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-08-21 12:59:17 +08:00
Jerry Yu e9d4fc09a3 fix binder value security issue 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-08-21 12:59:17 +08:00
Jerry Yu 24b8c813c4 fix comments and wrong initial value issues 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-08-21 12:55:45 +08:00
Jerry Yu 6cf6b47b5c fix format and comment issues 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-08-21 12:54:53 +08:00
Jerry Yu 5c28e7aa0e remove psk key when ephemeral selected 
ephemeral is selected, `handshake->psk` must be removed.
Otherwise the encrypt key will be caculate fail.

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-08-11 21:25:35 +08:00
Jerry Yu 56acc9421c Write key_share base on key_exchange mode. 
In ServerHello, write key share should base on key_exchange mode, not
base on configuration.

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-08-11 21:25:35 +08:00
Jerry Yu f0bad2554a Continue check next psk key when binder mismatch 
with matched identity and mismatch binder, should check next psk key.
Exit with error will break multi-psk cases.

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-08-11 21:25:35 +08:00
Jerry Yu 32e1370fbc Add config check for pre_shared_key parser 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-08-11 21:25:35 +08:00
Jerry Yu e95c8af266 Align ciphersuite with psk key 
With OpenSSL and GnuTLS client, if the MAC of ciphersuite
does not match selected binder, client will reject connection.
This change is to select ciphersuite base on algo of psk binder.

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-08-11 21:25:35 +08:00
Jerry Yu 40f3771e18 Add handshake psk export function. 
Rename `ssl_tls13_get_psk` and export the
function.

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-08-11 21:25:35 +08:00
Thomas Daubney 31e03a8e15 Replace hard-coded zeroes for constant 
Replace two occurances of hard-coded zero for
MBEDTLS_SSL_COMPRESS_NULL in TLS 1.3 code.

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
 2022-07-26 16:13:23 +01:00
Ronald Cron e579ece305
Merge pull request #6087 from yuhaoth/pr/add-tls13-serialize_session_save_load 
TLS 1.3: Add serialize session save load
I can see that https://github.com/Mbed-TLS/mbedtls/pull/6087#discussion_r927935696 and https://github.com/Mbed-TLS/mbedtls/pull/6087#discussion_r924252403 are addressed in  #6123. Thus I am ok to merge it as it is.
 2022-07-23 08:57:11 +02:00
Ronald Cron 340c559cb3
Merge pull request #6079 from yuhaoth/pr/add-tls13-parse-pre_shared_key_offered_psks 
TLS 1.3: PSK: Add parser/writer of pre_shared_key extension on server side.
 2022-07-23 08:50:45 +02:00
Jerry Yu 13ab81d5ac Add handshake failure in pre_shared_key withou psk_kex_modes 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-07-22 23:17:11 +08:00
Jerry Yu a66fecebe7 Add endpoint/ticket_flag field for session 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-07-22 23:08:43 +08:00
Jerry Yu 6f1db3fc92 fix format and potential non-PSK fail issue 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-07-22 23:05:59 +08:00
Jerry Yu ce6ed7076a Change the order of key_exchange determine 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-07-22 21:49:53 +08:00
Jerry Yu ba9b6e9e53 fix unkown identity case 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-07-22 21:45:05 +08:00
Jerry Yu 568ec2502a fix format/name issues 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-07-22 21:27:34 +08:00
Jerry Yu 2f0abc94d8 fix typo/type/format issues 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-07-22 19:34:48 +08:00
Jerry Yu 77f0148e11 Add psk/psk_ephemeral key exchange check 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-07-21 23:27:22 +08:00
Ronald Cron 32578b3bd0
Merge pull request #6069 from yuhaoth/pr/add-tls13-write-new-session-ticket 
TLS 1.3:add tls13 write new session ticket
Validated by the internal CI and Travis.
 2022-07-21 16:17:35 +02:00
Jerry Yu 96a2e368dc TLS 1.3: Add pre-shared-key multiple psk parser 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-07-21 18:00:13 +08:00
Jerry Yu 6119715e05 Change type cast to size_t 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-07-21 16:28:02 +08:00
Jerry Yu 1c9247cff4 TLS 1.3: Add pre_share_key last ext check 
From RFC, pre_share_key must be the last one.
Add check for it. And with/without psk, it should
be check

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-07-21 16:19:50 +08:00
Jerry Yu 352cd7db59 fix various issues 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-07-21 16:19:50 +08:00
Jerry Yu daf375aa8b fix issues of check_binder_match 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-07-21 16:19:50 +08:00
Jerry Yu bb852029f4 fix naming issues 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-07-21 16:19:50 +08:00
Jerry Yu 6e74a7e3c7 Add check return flags 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-07-21 16:19:50 +08:00
Jerry Yu 997549353e fix various code format issues 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-07-21 16:19:50 +08:00
Jerry Yu 032b15ce5e Add write selected_identity 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-07-21 16:19:50 +08:00
Jerry Yu 1c105560b4 add offered psks parser 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-07-21 16:19:50 +08:00
Jerry Yu fca4d579a4 fix various issues 
- unnecessary comments
- format issue
- improve readability

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-07-21 10:37:48 +08:00
Ronald Cron 799077177b TLS 1.3: Use selected key exchange mode field 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-07-20 17:49:58 +02:00
Jerry Yu 6cb4fcd1a5 Remove key exchange mode check. 
This change does not meet RFC requirements.
It should be revert after key exchange mode issue
fixed

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-07-20 22:41:00 +08:00
Jerry Yu e67bef4aba Add tls13 write new session ticket 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-07-20 22:41:00 +08:00
Jerry Yu 854dd9e23f fix comment issue 
Co-authored-by: Xiaokang Qian <53458466+xkqian@users.noreply.github.com>
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-07-15 14:38:38 +08:00
Jerry Yu 299e31f10e fix various issue 
- remove unused test case
- add alert message
- improve readabitlity

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-07-13 23:06:36 +08:00
Jerry Yu e19e3b9eb8 Add psk_key_exchange_modes parser 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-07-12 09:53:35 +00:00
Ronald Cron ce7d76e2ee Merge remote-tracking branch 'mbedtls-restricted/development-restricted' into mbedtls-3.2.0rc0-pr 2022-07-11 10:22:37 +02:00
Jerry Yu 9d3e2fa372 Add negative tests 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-06-29 16:19:06 +08:00
Jerry Yu cc5391048e fix various issues 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-06-29 16:18:30 +08:00
Jerry Yu aebaaaf527 add debug messages 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-06-29 16:16:09 +08:00
Jerry Yu d099cf0325 fix unused variable issue 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-06-29 16:13:47 +08:00
Jerry Yu f55886a217 fix various issues 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-06-29 16:13:46 +08:00
Jerry Yu fb526693c1 Rename sig_alg cert_key check 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-06-29 16:13:45 +08:00
Jerry Yu f249ef7821 refactor get sig algo from pk 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-06-29 16:13:40 +08:00
Ronald Cron 7898fd456a
Merge pull request #5970 from gabor-mezei-arm/5229_Send_dummy_change_cipher_spec_records_from_server 
TLS 1.3 server: Send dummy change_cipher_spec records

The internal CI PR-merge job ran successfully thus good to go.
 2022-06-29 09:47:49 +02:00
Gabor Mezei f7044eaec8
Fix name 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2022-06-28 16:01:49 +02:00
Gabor Mezei 96ae926572
Typo 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2022-06-28 11:56:26 +02:00
Gabor Mezei 5471912269
Move switching to handshake transform after sending CCS record 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2022-06-28 11:56:26 +02:00
Ronald Cron 7b8404608a tls13: Rename ssl_tls13_write_hello_retry_request_coordinate 
Rename ssl_tls13_write_hello_retry_request_coordinate to
ssl_tls13_prepare_hello_retry_request as it is more
aligned with what the function does.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-06-28 09:21:13 +02:00
Ronald Cron 63dc463ed6 tls13: Simplify switch to the inbound handshake keys on server side 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-06-28 09:21:13 +02:00
Ronald Cron 154d1b68d6 tls13: Fix wrong usage of MBEDTLS_SSL_CHK_BUF(_READ)_PTR macros 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-06-28 09:18:42 +02:00
Ronald Cron b94854f8e3
Merge pull request #5973 from ronald-cron-arm/tls13-misc-tests 
TLS 1.3: Enable and add tests
 2022-06-28 09:15:17 +02:00
Ronald Cron 1938588e80 tls13: Align some debug messages with TLS 1.2 ones 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-06-24 12:06:46 +02:00
XiaokangQian 95d5f549f1 Fix coding styles 
Change-Id: I0ac8ddab13767b0188112dfbbdb2264d36ed230a
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-06-24 05:42:15 +00:00
Gabor Mezei 7b39bf178e
Send dummy change_cipher_spec records from TLS 1.3 server 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2022-06-22 17:07:21 +02:00
XiaokangQian acb3992251 Add ALPN extension to the server side 
CustomizedGitHooks: yes
Change-Id: I6fe1516963e7b5727710872ee91fea7fc51d2776
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-06-22 06:34:58 +00:00
Manuel Pégourié-Gonnard a3115dc0e6 Mark static int SSL functions CHECK_RETURN_CRITICAL 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-06-20 21:12:52 +02:00
Ronald Cron ca3c6a5698
Merge pull request #5817 from xkqian/tls13_add_server_name 
Tls13 add server name
 2022-06-16 08:30:09 +02:00
XiaokangQian 75fe8c7e54 Change place of ssl_tls13_check_ephemeral_key_exchange 
Change-Id: Id49172f7375e2a0771ad1216fb7eead808f0db3e
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-06-15 09:42:45 +00:00
XiaokangQian fb665a8452 Adress the comments about styles and pick_cert 
Change-Id: Iee89a27aaea6ebc8eb01c6c9985487f081ef7343
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-06-15 03:57:21 +00:00
XiaokangQian 07aad0710c Refine function name ssl_tls13_pick_key_cert 
Change-Id: I821e1485d9cfcca88fa3e18d345766ea48c64250
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-06-14 05:35:09 +00:00
XiaokangQian 81802f43a2 Select certificate base on the received signature list 
Change-Id: Ife707db7fcfdb1e761ba86804cbf5dd766a5ee33
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-06-13 03:58:06 +00:00
XiaokangQian 96287d98d8 Remove the certificate key check against the received signature 
Change-Id: I07d8d46c58dec499f96cb7307fc0af15149d9df7
CustomizedGitHooks: yes
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-06-08 08:37:53 +00:00