7ffe7ebe38
ssl_tls13_client.c: Add some MBEDTLS_SSL_PROTO_TLS1_3 guards
...
Add some MBEDTLS_SSL_PROTO_TLS1_3 guards that will
be necessary when the ClientHello writing code is
made available when MBEDTLS_SSL_PROTO_TLS1_2 is
enabled.
Signed-off-by: Ronald Cron <ronald.cron@arm.com >
2022-03-29 14:42:17 +02:00
04fbd2b2ff
ssl_tls13_client.c: Move writing of TLS 1.3 specific extensions
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com >
2022-03-29 14:42:17 +02:00
5b98ac9c64
TLS 1.3: Move PSA ECDH private key destroy to dedicated function
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com >
2022-03-29 14:42:17 +02:00
60ff79424e
ssl_tls13_client.c: alpn: Miscellanous minor improvements
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com >
2022-03-29 14:39:49 +02:00
13d8ea1dd9
ssl_tls13_client.c: alpn: Loop only once over protocol names
...
This has although the benefit of getting rid of a
potential integer overflow (though very unlikely
and probably harmless).
Signed-off-by: Ronald Cron <ronald.cron@arm.com >
2022-03-29 14:39:49 +02:00
a0855a6d13
ssl_tls13_client.c: alpn: Add missing return value assignment
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com >
2022-03-29 14:39:49 +02:00
c02768a399
Replace ssl->handshake with handshake in write_cookie_ext()
...
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com >
2022-03-25 07:50:56 +00:00
9b93c0dd8d
Change cookie parameters for dtls and tls 1.3
...
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com >
2022-03-25 07:50:56 +00:00
25c9c9023c
Refine cookie len to fix compile issues
...
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com >
2022-03-25 07:50:56 +00:00
9deb90f74e
Change parameter names and code style
...
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com >
2022-03-25 07:50:56 +00:00
5e3c947841
Fix right-shift data loss issue with MBEDTLS_PUT_UINT16_BE in cookie
...
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com >
2022-03-25 07:50:56 +00:00
233397ef88
Update code base on comments
...
Remove state MBEDTLS_SSL_CLIENT_CCS_AFTER_CLIENT_HELLO cause no early data
Change code styles and comments
Fix cookie write issues
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com >
2022-03-25 07:50:56 +00:00
0b64eedba8
Add cookies write in client hello
...
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com >
2022-03-25 07:50:56 +00:00
8d7afc642c
Merge pull request #5523 from ronald-cron-arm/one-flush-output-development
...
TLS 1.3: One flush output
2022-03-21 08:44:04 +01:00
a8b38879e1
Move state change from CLIENT_CERTIFICATE_VERIFY to its main handler
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com >
2022-03-10 13:58:17 +01:00
7a94aca81a
Move state change from CLIENT_CERTIFICATE to its main handler
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com >
2022-03-10 13:58:04 +01:00
5bb8fc830a
Call Certificate writing generic handler only if necessary
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com >
2022-03-09 07:51:52 +01:00
9f55f6316e
Move state change from CSS states to their main handler
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com >
2022-03-09 07:51:52 +01:00
3addfa4964
Move state change from WRITE_CLIENT_HELLO to its main handler
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com >
2022-03-09 07:51:52 +01:00
9df7c80c78
TLS 1.3: Always go through the CLIENT_CERTIFICATE state
...
Even if certificate authentication is disabled at build
time, go through the MBEDTLS_SSL_CLIENT_CERTIFICATE state.
It simplifies overall the code for a small code size
cost when certificate authentication is disabled at build
time. Furthermore that way we have only one point in the
code where we switch to the handshake keys for record
encryption.
Signed-off-by: Ronald Cron <ronald.cron@arm.com >
2022-03-09 07:50:08 +01:00
17f452aec4
Merge pull request #5448 from lhuang04/tls13_alpn
...
Port ALPN support for tls13 client from tls13-prototype
2022-03-08 17:53:38 +00:00
d815114f93
Merge pull request #5524 from mprse/tls_ecdh_2c
...
TLS ECDH 2c: ECHDE in TLS 1.3 (client-side)
2022-03-08 11:43:45 +01:00
e894c5c4a5
Fix code style (indentation) in ssl_tls13_generate_and_write_ecdh_key_exchange()
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com >
2022-03-02 08:45:56 +01:00
ca133a34c5
Change state machine
...
Skip CertificateVerfiy if empty certificate or no
CertificateRequest received.
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2022-02-22 10:17:58 +08:00
90f152dfac
fix psk only build fail
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2022-02-22 10:17:58 +08:00
72637c734b
fix write certificate fail
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2022-02-22 10:17:58 +08:00
8511f125af
Add certificteVerify
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2022-02-22 10:17:58 +08:00
5cc3506c9f
Add write certificate and client handler
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2022-02-22 10:17:58 +08:00
566c781290
Add dummy state for client_certifiate
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2022-02-22 10:17:58 +08:00
cc43c6bee5
fix coding style issue
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2022-02-21 09:06:00 +08:00
fb4b6478ee
tls13_only: improve guards of files.
...
To improve readability of the preprocess guards.
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2022-02-21 09:06:00 +08:00
0f5ecefbe9
Clean up the code
...
- remove redundant local buffer
- fix code style
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com >
2022-02-15 08:53:36 +01:00
169f115bf0
ssl_client2: init psa crypto for TLS 1.3 build
...
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com >
2022-02-14 17:15:04 +01:00
86cacac91a
Port ALPN support for tls13 client from tls13-prototype
...
Summary:
Port ALPN implementation of tls13 client from
[tls13-prototype](https://github.com/hannestschofenig/mbedtls/blob/tls13-prototype/library/ssl_tls13_client.c#L1124 ).
Test Plan:
Reviewers:
Subscribers:
Tasks:
Tags:
Signed-off-by: lhuang04 <lhuang04@fb.com >
2022-02-14 08:03:32 -08:00
4f419e55a1
ssl_tls13_write_key_share_ext: initialize key_exchange_len (compiler warning)
...
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com >
2022-02-14 10:19:53 +01:00
6d6aabdb0d
Remove unused function: ssl_tls13_check_ecdh_params()
...
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com >
2022-02-14 10:13:10 +01:00
9e23ddb09d
Change ssl_tls13_read_public_ecdhe_share() to use PSA-specific parsing code.
...
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com >
2022-02-14 10:13:00 +01:00
ea859c24b7
Change ssl_tls13_generate_and_write_ecdh_key_exchange() to use PSA
...
Generate ECDH private key using psa_generate_key()
Export the public part of the ECDH private key using psa_export_public_key()
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com >
2022-02-11 15:17:05 +01:00
7840f81303
fix client_auth fail
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2022-02-09 19:43:22 +08:00
6ca6faa67e
Merge pull request #5080 from xffbai/add-tls13-read-certificate-request
...
add tls1_3 read certificate request
2022-02-09 09:51:55 +01:00
7c8b6a97b9
Update CertificateRequest skip condition
...
Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com >
2022-02-08 15:21:13 +00:00
c234ecf695
Update mbedtls_ssl_handshake_free() and address review comments.
...
Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com >
2022-02-08 10:26:42 +00:00
51f515a503
update based on comments
...
Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com >
2022-02-08 07:28:04 +00:00
6d42bb430c
Update mbedtls_ssl_handshake_free()
...
Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com >
2022-01-28 10:05:51 +00:00
82f0a9a1db
Rebase and address review comments
...
Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com >
2022-01-27 07:53:52 +00:00
a909061c2a
Refine HRR parse successfully message in test cases
...
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com >
2022-01-27 03:48:27 +00:00
34909746df
Change cookie free code and some comments
...
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com >
2022-01-27 02:25:04 +00:00
52da558103
Change code base on comments
...
Align the alert type in parse_server_hello
Remove MBEDTLS_SSL_COOKIE_C guard
Enable cookie for both DTLS and TLS1.3
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com >
2022-01-26 10:53:15 +00:00
aec1f3e913
Cookie fields are used only by DTLS 1.3
...
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com >
2022-01-26 10:53:15 +00:00
b119a35d07
Refine fatal alert in parse_server_hello
...
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com >
2022-01-26 10:53:15 +00:00