eden-emu/mbedtls
19
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
20734 commits 89 branches 205 tags 107 MiB
Commit graph

20734 commits

This branch
This branch
All branches
Author SHA1 Message Date
Neil Armstrong
321116c755 Remove spurious debug in ssl_tls12_populate_transform() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-03-02 15:06:15 +01:00
Przemek Stekiel
38df86cc6c Simplyfy asymmetric_decrypt() test function 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-03-02 09:11:04 +01:00
Przemek Stekiel
e894c5c4a5 Fix code style (indentation) in ssl_tls13_generate_and_write_ecdh_key_exchange() 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-03-02 08:45:56 +01:00
Gilles Peskine
a9b4c436ee
Merge pull request #5588 from gilles-peskine-arm/mypy-on-jenkins 
Make mypy unconditional
 2022-03-01 20:48:42 +01:00
Gilles Peskine
e356f075f5
Merge pull request #5512 from gilles-peskine-arm/psa-driver-interface-tweaks-202201 
PSA driver description spec: minor tweaks to the JSON format
 2022-03-01 20:46:14 +01:00
Gilles Peskine
92e08fba4c
Merge pull request #5475 from miudr/fix_issue_5140 
Fix AEAD multipart incorrect offset in test_suite_psa_crypto.function
 2022-03-01 20:45:54 +01:00
Dave Rodgman
2cf0d4f072
Merge pull request #5584 from gilles-peskine-arm/cmake-Wunused-function 
Build tests with -Wunused-function with cmake
 2022-03-01 19:17:16 +00:00
Paul Elliott
06898650f9
Merge pull request #5471 from yuhaoth/pr/add-tls13-client-certificate-verify 
TLS1.3: Add write client Certificate and CertificateVerify
 2022-03-01 18:42:00 +00:00
Przemek Stekiel
4400be408b Adapt test cases for invalid bits with and without ECC keys enabled 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-03-01 17:02:46 +01:00
Przemek Stekiel
15565eeb59 Move publick key check out of MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-03-01 17:01:39 +01:00
Neil Armstrong
19915c2c00 Rename error translation functions and move them to library/pk_wrap.* 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-03-01 15:21:02 +01:00
Przemek Stekiel
a81aed2dae Clean up init values of psa crypto status and fix switch default case 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-03-01 15:13:30 +01:00
Przemek Stekiel
f110dc05be Clenup conditional compilation flags. 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-03-01 14:48:05 +01:00
Przemek Stekiel
dcab6ccb3b Return PSA_ERROR_INVALID_ARGUMENT for a public key, and PSA_ERROR_NOT_SUPPORTED for a type that is not handled. 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-03-01 14:29:49 +01:00
Neil Armstrong
0f49f83625 Use now shared ECP_PUB_DER_MAX_BYTES define in pk_wrap.c 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-03-01 10:05:33 +01:00
Neil Armstrong
e9ecd27890 Rename max sizes of RSA & EC DER keys defines 
Rename to match the required pattern of defines:
'^(MBEDTLS|PSA)_[0-9A-Z_]*[0-9A-Z]$'

Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-03-01 10:03:21 +01:00
Neil Armstrong
e0326a6acc Move max sizes of RSA & EC DER keys into private pkwrite.h 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-03-01 09:58:58 +01:00
Gilles Peskine
5831b4fd77
Merge pull request #5372 from AndrzejKurek/doxygen-fixes-compact-doxyfile 
Remove default values and comments from mbedtls.doxyfile
 2022-02-28 23:49:15 +01:00
Neil Armstrong
4766f99fe5 Add multi-part mac sign/verify test 
The test is based on the AEAD multi-part test, re-using the
design on aead_multipart_internal_func() to test differnet
sequence of psa_mac_update() for MAC update or verify.

Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-02-28 18:37:30 +01:00
Gilles Peskine
f48bd4bccb
Merge pull request #5371 from AndrzejKurek/doxygen-duplicate-parameter-docs 
doxygen: merge multiple descriptions of the same return codes
 2022-02-28 17:09:45 +01:00
Gilles Peskine
0037fcd6c7
Merge pull request #4910 from gilles-peskine-arm/check_config-chachapoly-development 
Add check_config checks for AEAD
 2022-02-28 17:07:48 +01:00
Gilles Peskine
254efe5f0c Make mypy unconditional 
Running mypy was optional for a transition period when it wasn't installed
on the CI. Now that it is, make it mandatory, to avoid silently skipping an
expected check if mypy doesn't work for some reason.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-02-28 16:06:36 +01:00
Neil Armstrong
60234f87a6 Revert "Introduce new mac_key_policy_multi() variant of mac_key_policy() testing multiple updates occurences" 
This reverts commit 3ccd08b343.

Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-02-28 15:21:38 +01:00
Gilles Peskine
9c656ec718 Fix unused function warning 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-02-26 19:56:12 +01:00
Gilles Peskine
d5438a5678 Enable -Wunused-function in cmake builds for tests 
This has been the case when building with make since
d3d8a64dfa. Be consistent.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-02-26 19:54:41 +01:00
Glenn Strauss
0ebf24a668 Adjust comment describing mbedtls_ssl_conf_sni() 
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
 2022-02-25 19:55:53 -05:00
Glenn Strauss
48a37f01b3 Add cert_cb use to programs/ssl/ssl_server2.c 
(for use by some tests/)

Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
 2022-02-25 19:55:53 -05:00
Glenn Strauss
6989407261 Add accessor to retrieve SNI during handshake 
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
 2022-02-25 19:55:53 -05:00
Glenn Strauss
36872dbd0b Provide means to reset handshake cert list 
Extend mbedtls_ssl_set_hs_own_cert() to reset handshake cert list
if cert provided is null.  Previously, mbedtls_ssl_set_hs_own_cert()
only provided a way to append to the handshake certificate list,
without providing a way to replace the handshake certificate list.

Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
 2022-02-25 19:55:48 -05:00
Glenn Strauss
2ed95279c0 Add server certificate selection callback 
https://github.com/ARMmbed/mbedtls/issues/5430

Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
 2022-02-25 17:31:49 -05:00
Gilles Peskine
588d7a7538 Add a missing requires_max_content_len 
Slightly reduce the amount of data so that the test passes with 512.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-02-25 21:23:25 +01:00
Gilles Peskine
c6d197b68a ssl-opt needs debug messages 
Many test cases in ssl-opt.sh need error messages (MBEDTLS_ERROR_C) or SSL
traces (MBEDTLS_DEBUG_C). Some sample configurations don't include these
options. When running ssl-opt.sh on those configurations, enable the
required options. They must be listed in the config*.h file, commented out.

Run ssl-opt in the following configurations with debug options:
ccm-psk-tls1_2, ccm-psk-dtls1_2, suite-b.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-02-25 21:22:25 +01:00
Gilles Peskine
6e86e54abb Adapt tests for PSK in PSK-only builds 
In a PSK-only build:
* Skip tests that rely on a specific non-PSK cipher suite.
* Skip tests that exercise a certificate authentication feature.
* Pass a pre-shared key in tests that don't mind the key exchange type.

This commit only considers PSK-only builds vs builds with certificates. It
does not aim to do something useful for builds with an asymmetric key
exchange and a pre-shared key for authentication.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-02-25 21:06:21 +01:00
Gilles Peskine
2fe796f1b7 Add some missing dependencies: EXTENDED_MASTER_SECRET, CACHE 
This commit is not necessarily complete, but it's a step forward.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-02-25 21:06:21 +01:00
Gilles Peskine
3561526249 Only run "Default" tests if the expected ciphersuite is enabled 
These tests ensure that a certain cipher suite is in use, so they fail in
builds that lack one of the corresponding algorithms.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-02-25 21:06:21 +01:00
Gilles Peskine
a165b5ced6 Automatically skip tests for some absent features: tickets, ALPN 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-02-25 21:06:21 +01:00
Gilles Peskine
82a4ab2486 ssl-opt: automatically skip DTLS tests in builds without DTLS 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-02-25 21:06:21 +01:00
Gilles Peskine
168f17c233 New sample/test configuration: small DTLS 1.2 
1. Copy config-ccm-psk-tls1_2.h
2. Add DTLS support
3. Add some TLS and DTLS features that are useful in low-bandwidth,
   low-reliability networks
4. Reduce the SSL buffer to a very small size

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-02-25 21:06:11 +01:00
Gilles Peskine
7451e5a1c6 Minimal TLS configuration: documentation improvements 
Some of the options have been moved around, but there are no semantic
changes.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-02-25 21:05:37 +01:00
Steven Cooreman
4b94f10b93 Add changelog entry for zeroizing key buffers before freeing 
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
 2022-02-25 16:53:11 +01:00
Neil Armstrong
3ccd08b343 Introduce new mac_key_policy_multi() variant of mac_key_policy() testing multiple updates occurences 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-02-25 16:15:08 +01:00
Neil Armstrong
ee9686b446 Fix style issue in hash_setup() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-02-25 15:47:34 +01:00
Gilles Peskine
fd222da2e9 Fix the build when MBEDTLS_PLATFORM_C is unset 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-02-25 15:26:40 +01:00
Neil Armstrong
e858996413 Use PSA version of mbedtls_ct_hmac() in mbedtls_ssl_decrypt_buf() 
Due to mbedtls_ct_hmac() implementation the decryption MAC key
must be exportable.

Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-02-25 15:17:50 +01:00
Neil Armstrong
2968d306e4 Implement mbedtls_ct_hmac() using PSA hash API 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-02-25 15:16:50 +01:00
Neil Armstrong
cf8841a076 Remove non-PSA MAC keys in mbedtls_ssl_transform when MBEDTLS_USE_PSA_CRYPTO is defined 
Also remove last usage of non-PSA MAC keys in ssl_decrypt_non_etm_cbc() SSL test.

Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-02-25 15:16:49 +01:00
Neil Armstrong
4f091290bd Remove Obsolete SSLs tests with truncated MAC tags & NULL/CBC cipher 
These tests are related to an obsolete feature removed from the library.

Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-02-25 15:16:49 +01:00
Neil Armstrong
f4cc062935 Setup MAC PSA keys in build_transforms() to pass ssl_crypt_record() with PSA crypto 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-02-25 15:16:49 +01:00
Neil Armstrong
26e6d6764e Use PSA MAC API in mbedtls_ssl_encrypt/decrypt_buf() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-02-25 15:16:49 +01:00
Neil Armstrong
46a1760922 Allow USE_PSA_CRYPTO for handshake TLS tests 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-02-25 15:16:49 +01:00