ea96ac3da9
fix various issues
...
- get ticket_flags with function.
- improve output message and check it.
- improve `ssl_server2` help message
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2023-12-06 18:17:37 +08:00
3db60dfe5e
rename nst early data write function
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2023-12-06 18:16:56 +08:00
fceddb310e
Add early data permission check
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2023-12-06 18:14:54 +08:00
01da35e2c8
add early data extension of NST
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2023-12-06 18:14:52 +08:00
42020fb186
revert output message which used by testing
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2023-12-05 17:35:53 +08:00
ebb1b1d48f
fix ci test failure
...
"skip parse certificate verify" can not be changed.
It is used in `Authentication: client badcert, server none`
test.
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2023-12-05 11:02:15 +08:00
b55f9eb5c5
fix various issues
...
- remove unnecessary statements
- improve macro name
- improve output message
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2023-12-05 10:27:17 +08:00
fb0f47b1f8
tls13: srv: check tls version in ClientHello with min_tls_version
...
When server is configured as TLS 1.3 only and receives ClientHello
from a TLS 1.2 only client, it's expected to abort the handshake
instead of downgrading protocol to TLS 1.2 and continuing handshake.
This commit adds a check to make sure server min_tls_version always
larger than received version in ClientHello.
Signed-off-by: Yanray Wang <yanray.wang@arm.com >
2023-12-04 17:50:36 +08:00
197199f154
tls12 & tls13 server: remove RNG check in write_server_hello
...
RNG check is added in ssl_conf_check when calling mbedtls_ssl_setup,
so there is no need to check it again.
Signed-off-by: Yanray Wang <yanray.wang@arm.com >
2023-12-04 11:03:14 +08:00
7bb40a3650
send unexpected alert when not received eoed or app during reading early data
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2023-12-04 10:04:15 +08:00
fbf039932a
Send decode error alert when EOED parsing fail
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2023-12-04 10:00:37 +08:00
3be850782c
fix various issues
...
- improve comments
- rename function and macros name
- remove unnecessary comments
- remove extra empty lines
- remove unnecessary condition
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2023-12-04 09:58:54 +08:00
0af63dc263
improve comments and output message
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2023-12-01 17:18:04 +08:00
ee4d729555
print received early application data
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2023-12-01 16:53:50 +08:00
e96551276a
switch inbound transform to handshake
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2023-12-01 16:53:50 +08:00
75c9ab76b5
implement parser of eoed
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2023-12-01 16:53:50 +08:00
b4ed4602f2
implement coordinate of eoed
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2023-12-01 16:34:00 +08:00
d5c3496ce2
Add dummy framework of eoed state
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2023-12-01 16:32:31 +08:00
59d420f17b
empty process_end_of_early_data
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2023-12-01 16:30:34 +08:00
9b72e39701
re-introduce process_wait_flight2
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2023-12-01 16:27:08 +08:00
e32fac3d23
remove wait_flight2 state
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2023-12-01 16:25:16 +08:00
d33f7a8c72
improve document
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2023-11-29 15:09:21 +08:00
87b5ed4e5b
Add server side end-of-early-data handler
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2023-11-22 16:48:39 +08:00
7d8c3fe12c
Add wait flight2 state.
...
The state is come from RFC8446 section A.2
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2023-11-22 16:48:39 +08:00
4e9b70e03a
Add early transform computation when accepted
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2023-11-22 16:48:39 +08:00
60e997205d
replace check string
...
The output has been changed
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2023-11-21 09:59:25 +08:00
713ce1f889
various improvement
...
- improve change log entry
- improve comments
- remove unnecessary statement
- change type of client_age
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2023-11-21 09:59:25 +08:00
d84c14f80c
improve code style
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2023-11-21 09:59:24 +08:00
9cb953a402
improve document
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2023-11-21 09:59:24 +08:00
8e0174ac05
Add maximum ticket lifetime check
...
Also add comments for age cast
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2023-11-21 09:59:24 +08:00
cf9135100e
fix various issues
...
- fix CI failure due to wrong usage of ticket_lifetime
- Improve document and comments
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2023-11-21 09:58:19 +08:00
25ba4d40ef
rename ticket_creation
to ticket_creation_time
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2023-11-21 09:58:19 +08:00
46c7926f74
Add maximum ticket lifetime check
...
Also add comments for age cast
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2023-11-21 09:58:19 +08:00
28e7c554f4
Change the bottom of tolerance window
...
The unit of ticket time has been changed to milliseconds.
And age difference might be negative
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2023-11-21 09:58:19 +08:00
31b601aa15
improve comments
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2023-11-21 09:58:18 +08:00
ec6d07870d
Replace start
with ticket_creation
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2023-11-21 09:58:18 +08:00
f16efbc78d
fix various issues
...
- Add comments for ticket test hooks
- improve code style.
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2023-11-21 09:58:18 +08:00
cebffc3446
change time unit of ticket to milliseconds
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2023-11-21 09:58:18 +08:00
97137f91b6
Merge pull request #7071 from yuhaoth/pr/tls13-ticket-add-max_early_data_size-field
...
TLS 1.3 EarlyData: add `max_early_data_size` field for ticket
2023-11-20 08:04:57 +00:00
53199b1c0a
Merge pull request #6720 from yuhaoth/pr/tls13-early-data-receive-0_rtt-and-eoed
...
TLS 1.3: EarlyData SRV: Write early data extension in EncryptedExtension
2023-11-07 13:59:13 +00:00
4122c16abd
Merge pull request #6945 from lpy4105/issue/6935/ticket_flags-kex-mode-determination
...
TLS 1.3: SRV: Check ticket_flags on kex mode determination when resumption
2023-11-07 09:26:21 +00:00
7ef9fd8989
fix various issues
...
- Debug message
- Improve comments
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2023-11-07 14:31:37 +08:00
2bea94ce2e
check the ticket version unconditional
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2023-11-07 14:18:17 +08:00
44670c6eda
Revert "TLS 1.3: SRV: Don't select ephemeral mode on resumption"
...
This reverts commit dadeb20383
.
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com >
2023-11-07 09:58:53 +08:00
16799db69a
update headers
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com >
2023-11-02 19:47:20 +00:00
82fd6c11bd
Add selected key and ciphersuite check
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2023-11-01 10:32:17 +08:00
ce3b95e2c9
move ticket version check
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2023-11-01 10:32:17 +08:00
454dda3e25
fix various issues
...
- improve output message
- Remove unnecessary checks
- Simplify test command
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2023-11-01 10:28:43 +08:00
dbd1e0d986
tls13: add helpers to check if psk[_ephemeral] allowed by ticket
...
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com >
2023-10-31 10:17:17 +08:00
29daf4a36b
tls13: server: fully check ticket_flags with available kex mode.
...
We need to fully check if the provided session ticket could be
used in the handshake, so that we wouldn't cause handshake
failure in some cases. Here we bring f8e50a9
back.
Example scenario:
A client proposes to a server, that supports only the psk_ephemeral
key exchange mode, two tickets, the first one is allowed only for
pure PSK key exchange mode and the second one is psk_ephemeral only.
We need to select the second tickets instead of the first one whose
ticket_flags forbid psk_ephemeral and thus cause a handshake
failure.
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com >
2023-10-31 09:34:14 +08:00