eden-emu/mbedtls
15
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
24168 commits 89 branches 205 tags 107 MiB
Commit graph

24168 commits

This branch
This branch
All branches
Author SHA1 Message Date
Dave Rodgman
651fb529f9 Make pkcs7_parse test not depend on MBEDTLS_RSA_C 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-03-12 10:00:44 +00:00
Dave Rodgman
4fa8590b62 Fix test dependency 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-03-12 09:34:08 +00:00
Dave Rodgman
25b2dfa6da Fix comment typo 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-03-12 08:50:58 +00:00
Dave Rodgman
957cc36be9 Improve wording; use PKCS #7 not PKCS7 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-03-12 08:50:58 +00:00
Dave Rodgman
3fe2abf306 Apply suggestions from code review 
Co-authored-by: Tom Cosgrove <tom.cosgrove@arm.com>
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-03-12 08:50:58 +00:00
Dave Rodgman
d12b592bc1 Changelog 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-03-12 08:50:58 +00:00
Dave Rodgman
7c33b0cac6 Remove pre-production warnings 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-03-12 08:50:58 +00:00
Dave Rodgman
3ef7a6af12
Merge pull request #7269 from daverodgman/pkcs7-no-datetime 2023-03-11 12:57:54 +00:00
Dave Rodgman
f8565b3c2b Add more PKCS #7 tests with expired cert 
Add test which uses an expired cert but is otherwise OK, which
passes if and only if MBEDTLS_HAVE_TIME_DATE is not set.

Add similar test which verifies against a different data file,
which must fail regardless of MBEDTLS_HAVE_TIME_DATE.

Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-03-11 10:26:39 +00:00
Dave Rodgman
2e8442565a Add PKCS #7 test files using expired cert 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-03-11 10:24:30 +00:00
Dave Rodgman
cc77fe8e52 Fix PKCS #7 tests when MBEDTLS_HAVE_TIME_DATE unset 
Ensure that verification of an expired cert still fails, but
update the test to handle the different error code.

Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-03-11 09:46:13 +00:00
Gilles Peskine
d0f9b0bacc Don't warn about Msan/Valgrind if AESNI isn't actually built 
The warning is only correct if the assembly code for AESNI is built, not if
MBEDTLS_AESNI_C is activated but MBEDTLS_HAVE_ASM is disabled or the target
architecture isn't x86_64.

This is a partial fix for #7236.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-03-10 22:28:25 +01:00
Gilles Peskine
d4f31c87d1 Update bibliographic references 
There are new versions of the Intel whitepapers and they've moved.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-03-10 22:21:47 +01:00
Dave Rodgman
9c9601bac5
Merge pull request #7247 from daverodgman/zero-signers 2023-03-10 18:44:11 +00:00
Dave Rodgman
d51b1c5666 Remove duplicate test macros 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-03-10 17:44:08 +00:00
Manuel Pégourié-Gonnard
2301a80a73
Merge pull request #7245 from mpg/driver-only-ecdsa-wrapup 
Driver-only ecdsa wrapup
 2023-03-10 17:23:29 +01:00
Przemek Stekiel
55ceff6d2f Code optimization and style fixes 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-03-10 14:36:16 +01:00
Dave Rodgman
ca43e0d0ac Fix test file extension 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-03-10 13:06:01 +00:00
Dave Rodgman
f2f2dbcfd7 Add test case for PKCS7 file with zero signers 
The test file was created by manually modifying
tests/data_files/pkcs7_data_without_cert_signed.der, using
ASN.1 JavaScript decoder  https://lapo.it/asn1js/

Changes made:
The SignerInfos set was truncated to zero length.
All the parent sequences, sets, etc were then adjusted
for their new reduced length.

Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-03-10 12:52:00 +00:00
Manuel Pégourié-Gonnard
c2495f78e6 Add a ChangeLog entry for driver-only ECDSA 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-03-10 12:37:16 +01:00
Manuel Pégourié-Gonnard
439dbc5c60 Fix dependency for TLS 1.3 as well 
Turns out TLS 1.3 is using the PK layer for signature generation &
verification, and the PK layer is influenced by USE_PSA_CRYPTO.

Also update docs/use-psa-crypto.md accordingly.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-03-10 12:37:15 +01:00
Manuel Pégourié-Gonnard
45bcb6aac8 Fix dependencies of 1.2 ECDSA key exchanges 
Having ECDSA in PSA doesn't help if we're not using PSA from TLS 1.2...

Also, move the definition of PSA_HAVE_FULL_ECDSA outside the
MBEDTLS_PSA_CRYPTO_CONFIG guards so that it is available in all cases.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-03-10 12:37:15 +01:00
Dave Rodgman
ac447837d3
Merge pull request #7206 from xkqian/test_memory_management_in_pkcs7 
Test memory management in pkcs7
 2023-03-10 11:29:50 +00:00
Przemek Stekiel
e9254a0e55 Adapt driver dispatch documentation for user/peer getters 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>

Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-03-10 09:18:03 +01:00
Przemek Stekiel
4cd20313fe Use user/peer instead role in jpake TLS code 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-03-10 09:18:03 +01:00
Przemek Stekiel
f3ae020c37 Use user/peer instead role in jpake driver-wrapper tests 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-03-10 09:18:03 +01:00
Przemek Stekiel
af94c13b2c Add tests for user/peer input getters 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-03-10 09:18:03 +01:00
Przemek Stekiel
1e7a927118 Add input getters for jpake user and peer 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-03-10 09:18:03 +01:00
Przemek Stekiel
0c946e9aa9 Addapt jpake tests and add cases for set_user, set_peer 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-03-10 09:18:03 +01:00
Przemek Stekiel
26c909d587 Enable support for user/peer for JPAKE 
This is only partial support. Only 'client' and 'server' values are accepted for peer and user.
Remove support for role.

Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-03-10 09:18:02 +01:00
Gilles Peskine
a4c6a3c355
Merge pull request #7237 from davidhorstmann-arm/move-getting-started-guide 
Move docs/getting_started.md to docs repo
 2023-03-09 23:31:25 +01:00
Gilles Peskine
4da92832b0
Merge pull request #7117 from valeriosetti/issue6862 
driver-only ECDSA: enable ECDSA-based TLS 1.2 key exchanges
 2023-03-09 20:49:44 +01:00
Gilles Peskine
a25203c5f9
Merge pull request #7208 from paul-elliott-arm/interruptible_sign_hash_new_verify_tests 
Interruptible_{sign|verify}_hash: Add public key verification tests
 2023-03-09 20:48:13 +01:00
Dave Rodgman
bf4016e5d5
Merge pull request #6567 from mprse/ecjpake-driver-dispatch 2023-03-09 19:23:05 +00:00
Tom Cosgrove
94e841290d Don't check prerequisites for MBEDTLS_AESCE_C if we won't use it 
Fixes #7234

Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
 2023-03-09 17:17:42 +00:00
Dave Rodgman
8657e3280a Add corrupt PKCS #7 test files 
Generated by running "make <filename>" and commiting the result.

Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-03-09 15:59:15 +00:00
valerio
2bf85e349d ssl-opt: enable test for accelerated ECDH + USE_PSA 
Signed-off-by: valerio <valerio.setti@nordicsemi.no>
 2023-03-09 16:39:07 +01:00
valerio
f27472b128 ssl-opt: enable test and fix failures for reference ECDH + USE_PSA" 
Signed-off-by: valerio <valerio.setti@nordicsemi.no>
 2023-03-09 16:20:38 +01:00
Przemek Stekiel
89e268dfb9 Add change log entry (SubjectAltName extension in CSR) 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-03-09 14:04:17 +01:00
Przemek Stekiel
42510a91c4 Use for loop instead while loop 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-03-09 14:04:17 +01:00
Przemek Stekiel
68ca81c8fe Change separator for SAN names to ';' 
When ';' is used as a separator san names must be provided in quotation marks:
./cert_req filename=../../tests/data_files/server8.key subject_name=dannybackx.hopto.org san="URI:http://pki.example.com/;IP:127.1.1.0;DNS:example.com"

Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-03-09 14:04:11 +01:00
Gabor Mezei
fffd6d9ded
Fix maximum cannonical value 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2023-03-09 13:43:15 +01:00
Gabor Mezei
e4710ae9ed
Add and fix comments 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2023-03-09 13:43:02 +01:00
Przemek Stekiel
b8eaf635ba Remove MBEDTLS_SHA256_C from PSA_WANT_ALG_JPAKE config and adapt test dependencies 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-03-09 12:14:26 +01:00
David Horstmann
369930dec2 Move docs/getting_started.md to docs repo 
Delete docs/getting_started.md as it has been moved to the dedicated
documentation repo.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2023-03-09 09:52:13 +00:00
Janos Follath
9e1d889766
Merge pull request #7231 from tom-cosgrove-arm/update-changelog-230308 
Update ChangeLog to make "fix" explicit
 2023-03-09 08:47:49 +00:00
Janos Follath
042e433eda Threat Model: clarify attack vectors 
Timing attacks can be launched by any of the main 3 attackers. Clarify
exactly how these are covered.

Signed-off-by: Janos Follath <janos.follath@arm.com>
 2023-03-08 20:07:59 +00:00
Janos Follath
d5a09400ae Threat Model: improve wording 
Signed-off-by: Janos Follath <janos.follath@arm.com>
 2023-03-08 19:58:29 +00:00
Dave Rodgman
5e5aa4a4e6
Merge pull request #7218 from tom-cosgrove-arm/fix-typos-230307 
Fix typos in development prior to release
 2023-03-08 17:19:59 +00:00
Dave Rodgman
51b62ef23d
Merge pull request #7228 from tom-cosgrove-arm/fix-alignment.h-on-32-bit-systems 
Fix mbedtls_bswap64() on 32-bit systems
 2023-03-08 17:19:29 +00:00