934ce6f6a9
Rename the finalize_client{server}_hello()
...
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com >
2023-02-08 05:47:48 +00:00
ac4c625dea
Add hash check of ciphersuite for ticket psk
...
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com >
2023-02-08 05:47:48 +00:00
6be8290aba
Change to CCS after client hello only if we offer early data
...
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com >
2023-02-08 05:47:48 +00:00
7179f810f1
Restore the empty lines
...
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com >
2023-02-08 05:47:48 +00:00
b58462157e
Refine the ciphersuite and select id check for early data
...
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com >
2023-02-08 05:47:48 +00:00
7892b6caad
Refine the comment about generating early secrects in post server hello
...
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com >
2023-02-08 05:47:48 +00:00
bd0ab06d50
Skip CCS once we proposed early data even it is rejected
...
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com >
2023-02-08 05:47:48 +00:00
f6d8fd3d6b
Improve the coding style of new lines
...
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com >
2023-02-08 05:47:48 +00:00
79f77528f5
Move state change to finalize client hello
...
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com >
2023-02-08 05:47:47 +00:00
3f616c2493
Move selected_identity zero check to post_server_hello
...
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com >
2023-02-08 05:47:47 +00:00
1d8e86ce00
Get hash_alg by mbedtls_psa_translate_md
...
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com >
2023-02-08 05:47:47 +00:00
ea28a78384
Revert new field and check ciphersuite match when resume by exist info_id
...
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com >
2023-02-08 05:47:47 +00:00
4224244883
Improve coding styles and add comments
...
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com >
2023-02-08 05:47:47 +00:00
33ff868dca
Fix various errors
...
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com >
2023-02-08 05:47:47 +00:00
43a83f247c
Move the place where call set_outbound_transform to switch handshake key
...
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com >
2023-02-08 05:47:47 +00:00
907461319a
Fix compile error and warnings
...
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com >
2023-02-08 05:47:47 +00:00
f10f474981
Check server selected cipher suite indicating a Hash associated with the PSK
...
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com >
2023-02-08 05:47:47 +00:00
592021aceb
Add CCS after client hello in case of early data and comp mode
...
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com >
2023-02-08 05:47:47 +00:00
303f82c5b9
Skip generating early secrets in some cases
...
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com >
2023-02-08 05:47:47 +00:00
2a674937dd
Pend a illeagal allert when selected_identity isn't 0
...
Handshake should abort will illeagal parameter allert when
receiving early data extentions but the selected_identity
parsed from pre-share key isn't equal to 0.
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com >
2023-02-08 05:46:48 +00:00
126929f825
Move early keys generation into mbedtls_ssl_tls13_finalize_write_client_hello
...
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com >
2023-02-08 05:46:45 +00:00
19d4416a45
Refine code to remove finalize_write_end_of_early_data()
...
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com >
2023-02-08 05:44:00 +00:00
7094f66879
Remove useless duplicted mbedtls_ssl_tls13_ticket_get_psk
...
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com >
2023-02-08 05:44:00 +00:00
854db28bb7
Set hs_psk,ciphercuit_info and kex mode when writing pre-share key
...
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com >
2023-02-08 05:44:00 +00:00
57a138d5c3
Update message log for end of early data test cases
...
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com >
2023-02-08 05:44:00 +00:00
742578ca2c
Remove end_of_early_data_coordinate() to align with exist style
...
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com >
2023-02-08 05:44:00 +00:00
bc75bc0c3a
Switch to MBEDTLS_SSL_END_OF_EARLY_DATA as needed
...
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com >
2023-02-08 05:44:00 +00:00
c81a15a019
Change the comment format of end_of_early_data
...
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com >
2023-02-08 05:44:00 +00:00
7ed30e59af
Fix the issue that gnutls server doesn't support packet
...
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com >
2023-02-08 05:44:00 +00:00
da8402dde6
Switch outbound back to handshake key after end_of_early_data
...
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com >
2023-02-08 05:43:59 +00:00
bf09376bda
Remove useless prepare_write_end_of_early_data
...
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com >
2023-02-08 05:43:59 +00:00
34aab55aa7
Add prepare function to switch transform to early keys
...
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com >
2023-02-08 05:43:58 +00:00
125afcb060
Add end-of-early-data write
...
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com >
2023-02-08 05:43:58 +00:00
9b84ea75de
remove ssl_tls13_has_compat_ticket_flags
...
This content of the function is moved to
ssl_tls13_has_configured_ticket.
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com >
2023-01-16 14:08:23 +08:00
4938a566bf
refine ticket_flags printing helper
...
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com >
2023-01-16 11:28:49 +08:00
80270b2151
rename ticket_flags helper functions to generic ones
...
Ticket flags is quite generic and may make sense in the
future versions of TLS or even in TLS 1.2 with new
extensions. This change remane the ticket_flags helper
functions with more generic `mbedtls_ssl_session` prefix
instead of `mbedtls_ssl_tls13_session`.
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com >
2023-01-13 11:05:59 +08:00
9eacb44a5e
improve code format and readability
...
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com >
2023-01-13 11:05:57 +08:00
9356678047
filter the tickets with tls13_kex_mode on client side.
...
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com >
2023-01-13 11:05:56 +08:00
9f92695c8d
tls13: set key exchange mode in ticket_flags on client/server
...
Set the ticket_flags when:
- server: preparing NST (new session ticket) message
- client: postprocessing NST message
Clear the ticket_flags when:
- server: preparing NST message
- client: parsing NST message
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com >
2023-01-13 11:05:53 +08:00
449bd8303e
Switch to the new code style
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com >
2023-01-11 14:50:10 +01:00
83c5ad4873
Merge pull request #6787 from yuhaoth/pr/workaround-gnutls_anti_replay_fail
...
TLS 1.3: EarlyData: Workaround anti replay fail from GnuTLS
2023-01-11 09:05:36 +01:00
28d4d43416
Merge pull request #6863 from valeriosetti/issue6830
...
Remove uses of mbedtls_ecp_curve_info in TLS (with USE_PSA)
2023-01-10 10:01:17 +01:00
3e60cada5d
Improve comment and changlog
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2023-01-10 14:58:08 +08:00
bdb936b7a5
Workaround anti replay fail of GnuTLS
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2023-01-07 20:19:55 +08:00
cd0a565644
Merge pull request #6703 from yuhaoth/pr/tls13-misc-from-prototype
...
TLS 1.3: Upstream misc fix from prototype
2023-01-05 14:35:54 +01:00
18c9fed857
tls: remove dependency from mbedtls_ecp_curve functions
...
Signed-off-by: Valerio Setti <vsetti@baylibre.com >
2023-01-03 13:03:34 +01:00
ddda050604
tls13: Upstream various fix in prototype
...
- Adjust max input_max_frag_len
- Guard transform_negotiate
- Adjust function position
- update comments
- fix wrong requirements
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2022-12-09 09:51:20 +08:00
ac5ca5a0ea
Refactor cookie members of handshake struct
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2022-12-05 19:58:45 +08:00
4a8c9e2cff
tls13: Add definition of mbedtls_ssl_{write,read}_early_data
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com >
2022-11-23 14:29:37 +01:00
1d1d53622f
Merge pull request #6490 from xkqian/tls13_parse_early_data_indication_ee
...
The internal CI merge job ran successfully.
2022-11-23 12:31:25 +01:00
