80270b2151
rename ticket_flags helper functions to generic ones
...
Ticket flags is quite generic and may make sense in the
future versions of TLS or even in TLS 1.2 with new
extensions. This change remane the ticket_flags helper
functions with more generic `mbedtls_ssl_session` prefix
instead of `mbedtls_ssl_tls13_session`.
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com >
2023-01-13 11:05:59 +08:00
9eacb44a5e
improve code format and readability
...
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com >
2023-01-13 11:05:57 +08:00
9356678047
filter the tickets with tls13_kex_mode on client side.
...
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com >
2023-01-13 11:05:56 +08:00
9f92695c8d
tls13: set key exchange mode in ticket_flags on client/server
...
Set the ticket_flags when:
- server: preparing NST (new session ticket) message
- client: postprocessing NST message
Clear the ticket_flags when:
- server: preparing NST message
- client: parsing NST message
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com >
2023-01-13 11:05:53 +08:00
449bd8303e
Switch to the new code style
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com >
2023-01-11 14:50:10 +01:00
83c5ad4873
Merge pull request #6787 from yuhaoth/pr/workaround-gnutls_anti_replay_fail
...
TLS 1.3: EarlyData: Workaround anti replay fail from GnuTLS
2023-01-11 09:05:36 +01:00
28d4d43416
Merge pull request #6863 from valeriosetti/issue6830
...
Remove uses of mbedtls_ecp_curve_info in TLS (with USE_PSA)
2023-01-10 10:01:17 +01:00
3e60cada5d
Improve comment and changlog
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2023-01-10 14:58:08 +08:00
bdb936b7a5
Workaround anti replay fail of GnuTLS
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2023-01-07 20:19:55 +08:00
cd0a565644
Merge pull request #6703 from yuhaoth/pr/tls13-misc-from-prototype
...
TLS 1.3: Upstream misc fix from prototype
2023-01-05 14:35:54 +01:00
18c9fed857
tls: remove dependency from mbedtls_ecp_curve functions
...
Signed-off-by: Valerio Setti <vsetti@baylibre.com >
2023-01-03 13:03:34 +01:00
ddda050604
tls13: Upstream various fix in prototype
...
- Adjust max input_max_frag_len
- Guard transform_negotiate
- Adjust function position
- update comments
- fix wrong requirements
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2022-12-09 09:51:20 +08:00
ac5ca5a0ea
Refactor cookie members of handshake struct
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2022-12-05 19:58:45 +08:00
4a8c9e2cff
tls13: Add definition of mbedtls_ssl_{write,read}_early_data
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com >
2022-11-23 14:29:37 +01:00
1d1d53622f
Merge pull request #6490 from xkqian/tls13_parse_early_data_indication_ee
...
The internal CI merge job ran successfully.
2022-11-23 12:31:25 +01:00
b157e915ad
Move the early data status set afeter all of the extensions parse
...
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com >
2022-11-23 08:12:26 +00:00
e861ba01d4
Remove the duplicate early_data_status check
...
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com >
2022-11-23 03:21:02 +00:00
ca09afc60a
Remove useless function and parse early data in ee
...
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com >
2022-11-23 02:16:49 +00:00
8bee89994d
Add parse function for early data in encrypted extentions
...
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com >
2022-11-22 09:40:07 +00:00
a8d3c5048f
Rename new session ticket name for TLS 1.3
...
NewSessionTicket is different with TLS 1.2.
It should not share same state.
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2022-11-19 20:12:35 +08:00
0cc4320e16
Add EARLY_DATA guard to the early data extension in session ticket
...
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com >
2022-11-16 08:43:50 +00:00
2cd5ce0c6b
Fix various issues cause rebase to latest code
...
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com >
2022-11-15 10:33:53 +00:00
fe3483f9a1
Update early data doument and config dependencies
...
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com >
2022-11-14 03:16:22 +00:00
ae07cd995a
Change ticket_flag base on review
...
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com >
2022-11-14 03:16:22 +00:00
2d87a9eeb5
Pend one alert in case wrong EXT_EARLY_DATA length
...
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com >
2022-11-14 03:16:22 +00:00
a042b8406d
Address some format issues
...
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com >
2022-11-14 03:16:19 +00:00
f447e8a8d3
Address comments base on reviews
...
Improve early data indication check
Update test case to gnutls server
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com >
2022-11-14 03:15:36 +00:00
a341225fd0
Change function name ssl_tls13_early_data_has_valid_ticket
...
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com >
2022-11-14 03:15:05 +00:00
01323a46c6
Add session ticket related check when send early data
...
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com >
2022-11-14 03:15:05 +00:00
ecc2948f21
Fix format issues
...
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com >
2022-11-14 03:15:05 +00:00
76332816c7
Define the EARLY_DATA_STATUS
...
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com >
2022-11-14 03:15:05 +00:00
b781a2323c
Move ssl_tls13_has_configured_ticket() back to tls13 client
...
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com >
2022-11-14 03:13:51 +00:00
0e97d4d16d
Add early data indication to client side
...
Add fields to mbedtls_ssl_context
Add write early data indication function
Add check whether write early data indication
Add early data option to ssl_client2
Add test cases for early data
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com >
2022-11-14 03:13:50 +00:00
97be6a913e
fix various issues
...
- typo error
- replace `ssl->hanshake` with handshake
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2022-11-09 22:43:31 +08:00
7de2ff0310
Refactor extension list print
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2022-11-08 23:51:39 +08:00
79aa721ade
Rename ext print function and macro
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2022-11-08 23:51:39 +08:00
50e00e3ac6
Refactor server hello
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2022-11-06 11:54:22 +08:00
edab637b51
Refactor new session ticket
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2022-11-06 11:54:22 +08:00
6d0e78ba22
Refactor certificate request
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2022-11-06 11:54:22 +08:00
9eba750916
Refactor encrypted extensions
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2022-11-06 11:54:22 +08:00
4b8f2f7266
Refactor sent extension message output
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2022-11-06 11:54:21 +08:00
c4bf5d658e
fix various issues
...
- Signature of
- mbedtls_tls13_set_hs_sent_ext_mask
- check_received_extension and issues
- Also fix comment issue.
- improve readablity.
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2022-10-31 16:41:42 +08:00
0c354a211b
introduce sent/recv extensions field
...
And remove `extensions_present`
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2022-10-31 16:41:42 +08:00
9872eb2d69
change return type for unexpected extension
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2022-10-31 16:41:42 +08:00
43ff252688
Remove unnecessary checks.
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2022-10-31 16:41:42 +08:00
6ba9f1c959
Add extension check for NewSessionTicket
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2022-10-31 16:41:42 +08:00
2c5363e58b
Add extension check for ServerHello and HRR
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2022-10-31 16:41:42 +08:00
c55a6af9eb
Add extensions check for CertificateRequest
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2022-10-31 16:41:42 +08:00
cbd082f396
Add extension check for EncryptedExtensions
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2022-10-31 16:41:42 +08:00
a709a0f2c6
tls13: Declare PSK ephemeral key exchange mode first
...
In the PSK exchange modes extension declare first
PSK ephemeral if we support both PSK ephemeral
and PSK. This is aligned with our implementation
giving precedence to PSK ephemeral over pure PSK
and improve compatibility with GnuTLS.
Signed-off-by: Ronald Cron <ronald.cron@arm.com >
2022-10-25 19:05:26 +02:00
