c2b1bc4fb6
replace early data permission check
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2023-12-06 18:17:46 +08:00
ea96ac3da9
fix various issues
...
- get ticket_flags with function.
- improve output message and check it.
- improve `ssl_server2` help message
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2023-12-06 18:17:37 +08:00
3db60dfe5e
rename nst early data write function
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2023-12-06 18:16:56 +08:00
fceddb310e
Add early data permission check
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2023-12-06 18:14:54 +08:00
01da35e2c8
add early data extension of NST
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2023-12-06 18:14:52 +08:00
42020fb186
revert output message which used by testing
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2023-12-05 17:35:53 +08:00
ebb1b1d48f
fix ci test failure
...
"skip parse certificate verify" can not be changed.
It is used in `Authentication: client badcert, server none`
test.
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2023-12-05 11:02:15 +08:00
b55f9eb5c5
fix various issues
...
- remove unnecessary statements
- improve macro name
- improve output message
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2023-12-05 10:27:17 +08:00
fb0f47b1f8
tls13: srv: check tls version in ClientHello with min_tls_version
...
When server is configured as TLS 1.3 only and receives ClientHello
from a TLS 1.2 only client, it's expected to abort the handshake
instead of downgrading protocol to TLS 1.2 and continuing handshake.
This commit adds a check to make sure server min_tls_version always
larger than received version in ClientHello.
Signed-off-by: Yanray Wang <yanray.wang@arm.com >
2023-12-04 17:50:36 +08:00
197199f154
tls12 & tls13 server: remove RNG check in write_server_hello
...
RNG check is added in ssl_conf_check when calling mbedtls_ssl_setup,
so there is no need to check it again.
Signed-off-by: Yanray Wang <yanray.wang@arm.com >
2023-12-04 11:03:14 +08:00
7bb40a3650
send unexpected alert when not received eoed or app during reading early data
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2023-12-04 10:04:15 +08:00
fbf039932a
Send decode error alert when EOED parsing fail
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2023-12-04 10:00:37 +08:00
3be850782c
fix various issues
...
- improve comments
- rename function and macros name
- remove unnecessary comments
- remove extra empty lines
- remove unnecessary condition
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2023-12-04 09:58:54 +08:00
0af63dc263
improve comments and output message
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2023-12-01 17:18:04 +08:00
ee4d729555
print received early application data
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2023-12-01 16:53:50 +08:00
e96551276a
switch inbound transform to handshake
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2023-12-01 16:53:50 +08:00
75c9ab76b5
implement parser of eoed
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2023-12-01 16:53:50 +08:00
b4ed4602f2
implement coordinate of eoed
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2023-12-01 16:34:00 +08:00
d5c3496ce2
Add dummy framework of eoed state
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2023-12-01 16:32:31 +08:00
59d420f17b
empty process_end_of_early_data
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2023-12-01 16:30:34 +08:00
9b72e39701
re-introduce process_wait_flight2
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2023-12-01 16:27:08 +08:00
e32fac3d23
remove wait_flight2 state
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2023-12-01 16:25:16 +08:00
d33f7a8c72
improve document
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2023-11-29 15:09:21 +08:00
87b5ed4e5b
Add server side end-of-early-data handler
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2023-11-22 16:48:39 +08:00
7d8c3fe12c
Add wait flight2 state.
...
The state is come from RFC8446 section A.2
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2023-11-22 16:48:39 +08:00
4e9b70e03a
Add early transform computation when accepted
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2023-11-22 16:48:39 +08:00
60e997205d
replace check string
...
The output has been changed
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2023-11-21 09:59:25 +08:00
713ce1f889
various improvement
...
- improve change log entry
- improve comments
- remove unnecessary statement
- change type of client_age
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2023-11-21 09:59:25 +08:00
d84c14f80c
improve code style
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2023-11-21 09:59:24 +08:00
9cb953a402
improve document
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2023-11-21 09:59:24 +08:00
8e0174ac05
Add maximum ticket lifetime check
...
Also add comments for age cast
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2023-11-21 09:59:24 +08:00
cf9135100e
fix various issues
...
- fix CI failure due to wrong usage of ticket_lifetime
- Improve document and comments
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2023-11-21 09:58:19 +08:00
25ba4d40ef
rename ticket_creation to ticket_creation_time
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2023-11-21 09:58:19 +08:00
46c7926f74
Add maximum ticket lifetime check
...
Also add comments for age cast
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2023-11-21 09:58:19 +08:00
28e7c554f4
Change the bottom of tolerance window
...
The unit of ticket time has been changed to milliseconds.
And age difference might be negative
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2023-11-21 09:58:19 +08:00
31b601aa15
improve comments
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2023-11-21 09:58:18 +08:00
ec6d07870d
Replace start with ticket_creation
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2023-11-21 09:58:18 +08:00
f16efbc78d
fix various issues
...
- Add comments for ticket test hooks
- improve code style.
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2023-11-21 09:58:18 +08:00
cebffc3446
change time unit of ticket to milliseconds
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2023-11-21 09:58:18 +08:00
97137f91b6
Merge pull request #7071 from yuhaoth/pr/tls13-ticket-add-max_early_data_size-field
...
TLS 1.3 EarlyData: add `max_early_data_size` field for ticket
2023-11-20 08:04:57 +00:00
53199b1c0a
Merge pull request #6720 from yuhaoth/pr/tls13-early-data-receive-0_rtt-and-eoed
...
TLS 1.3: EarlyData SRV: Write early data extension in EncryptedExtension
2023-11-07 13:59:13 +00:00
4122c16abd
Merge pull request #6945 from lpy4105/issue/6935/ticket_flags-kex-mode-determination
...
TLS 1.3: SRV: Check ticket_flags on kex mode determination when resumption
2023-11-07 09:26:21 +00:00
7ef9fd8989
fix various issues
...
- Debug message
- Improve comments
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2023-11-07 14:31:37 +08:00
2bea94ce2e
check the ticket version unconditional
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2023-11-07 14:18:17 +08:00
44670c6eda
Revert "TLS 1.3: SRV: Don't select ephemeral mode on resumption"
...
This reverts commit dadeb20383pengyu.lv@arm.com >
2023-11-07 09:58:53 +08:00
16799db69a
update headers
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com >
2023-11-02 19:47:20 +00:00
82fd6c11bd
Add selected key and ciphersuite check
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2023-11-01 10:32:17 +08:00
ce3b95e2c9
move ticket version check
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2023-11-01 10:32:17 +08:00
454dda3e25
fix various issues
...
- improve output message
- Remove unnecessary checks
- Simplify test command
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2023-11-01 10:28:43 +08:00
dbd1e0d986
tls13: add helpers to check if psk[_ephemeral] allowed by ticket
...
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com >
2023-10-31 10:17:17 +08:00
