Commit graph

29777 commits

Author SHA1 Message Date
Ronald Cron
b3d42fddae tests: write early data: Add HRR scenario
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-02-07 08:06:46 +01:00
Ronald Cron
05600e26f4 tests: write early data: Add "server rejects" scenario
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-02-07 08:06:46 +01:00
Ronald Cron
8fe2b01b52 tests: write early data: Add "not sent" scenario
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-02-07 08:06:46 +01:00
Ronald Cron
2fbbba9c51 tests: ssl: Add write early data unit test
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-02-07 08:06:46 +01:00
Xiaokang Qian
30bb7ce9a2 Add test case for early data writing
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-02-07 08:06:46 +01:00
Ronald Cron
a5561893e7 ssl_client2: Add support for early data writing
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-02-07 08:06:46 +01:00
Ronald Cron
2fe0ec8c31 ssl_client2: Add buffer overflow check
Add buffer overflow check to build_http_request().

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-02-07 08:06:46 +01:00
Ronald Cron
ccfaefa361 ssl_client2: Switch from int to size_t
Switch from int to size_t for some
data lengths and counter local
variables.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-02-07 08:06:46 +01:00
Ronald Cron
4e1bd470fb ssl_client2: Move code to build http request
Move code to build http request into a
dedicated function.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-02-07 08:06:46 +01:00
Ronald Cron
54a3829453 ssl_client2: Simplify early_data option
No need to define specific early data,
the idea is rather to just send the
usual request data as early data
instead of standard application data.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-02-07 08:06:46 +01:00
Xiaokang Qian
b62732e1d6 tls13: cli: Add mbedtls_ssl_write_early_data() API
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-02-07 08:06:46 +01:00
Valerio Setti
447bbce8b4 rsa: remove unnecessary check in priv/pub key parsing
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-02-07 08:02:03 +01:00
Gilles Peskine
30a303f1a8 ECDSA signature conversion: put bits first
Metadata, then inputs, then outputs.
https://github.com/Mbed-TLS/mbedtls/pull/8703#discussion_r1474697136

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-02-06 19:45:11 +01:00
Paul Elliott
e053cb2f12 Stop platform test failures with GCC and TSAN
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2024-02-06 18:10:43 +00:00
Gilles Peskine
8bdd8cdc4f
Merge pull request #8729 from adeaarm/crypto_struct_client_view
Add a client view of the multipart contexts
2024-02-06 17:29:55 +00:00
Gilles Peskine
f45589b492
Merge pull request #8198 from silabs-Kusumit/kdf_incorrect_initial_capacity
KDF incorrect initial capacity
2024-02-06 17:29:43 +00:00
Gilles Peskine
137e0c1a02
Merge pull request #8761 from valeriosetti/issue4681
Re-introduce enum-like checks from CHECK_PARAMS
2024-02-06 17:29:38 +00:00
Gilles Peskine
fb7001f15b
Merge pull request #8738 from gilles-peskine-arm/pk_import_into_psa-use_usage
Implement mbedtls_pk_get_psa_attributes
2024-02-06 17:28:54 +00:00
Ryan Everett
a76a0011ab Remove mutex calls in psa_wipe_all_key_slots
Code size and code style improvement, these calls aren't needed.

Signed-off-by: Ryan Everett <ryan.everett@arm.com>
2024-02-06 16:45:54 +00:00
Valerio Setti
1810fd9ac8 add changelog
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-02-06 17:03:32 +01:00
Valerio Setti
bb76f80218 pk_wrap: use proper raw buffer length in ecdsa_sign_psa()
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-02-06 16:57:23 +01:00
Valerio Setti
cf81f69977 psa_util: smarter raw length check in mbedtls_ecdsa_raw_to_der()
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-02-06 16:57:12 +01:00
Dave Rodgman
91d5fde944
Merge pull request #8745 from adeaarm/trail_key_id_field
Put the id field at the end of the psa_key_attributes_s structure
2024-02-06 15:55:56 +00:00
Valerio Setti
6269f3baf4 Revert "psa_util: allow larger raw buffers in mbedtls_ecdsa_raw_to_der()"
This reverts commit d4fc5d9d1c.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-02-06 16:55:18 +01:00
Ronald Cron
2261ab298f tests: early data status: Add HRR scenario
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-02-06 16:43:33 +01:00
Ronald Cron
d6dba675b8 tests: early data status: Add "server rejects" scenario
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-02-06 16:43:33 +01:00
Ronald Cron
265273e8b3 tests: early data status: Add "not sent" scenario
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-02-06 16:43:33 +01:00
Ronald Cron
5c208d7daf tests: ssl: Add scenario param to early data status testing function
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-02-06 16:43:33 +01:00
Ronald Cron
a7f94e49a8 tests: ssl: Add early data status unit test
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-02-06 16:43:33 +01:00
Ronald Cron
90e223364c tls13: cli: Refine early data status
The main purpose of the change is to
know from the status, at any point in
the handshake, if early data can be
sent or not and why.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-02-06 16:43:33 +01:00
Ronald Cron
fe59ff794d tls13: Send dummy CCS only once
Fix cases where the client was sending
two CCS, no harm but better to send only one.

Prevent to send even more CCS when early data
are involved without having to add conditional
state transitions.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-02-06 16:43:33 +01:00
Ronald Cron
bfcdc069ef tests: ssl: Use get TLS 1.3 ticket helper for early data test
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-02-06 16:43:33 +01:00
Ronald Cron
1f6e4e4a49 tests: ssl: Add helper function to get a TLS 1.3 ticket
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-02-06 16:43:33 +01:00
Ronald Cron
ced99be007 tests: ssl: Add early data handshake option
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-02-06 16:43:33 +01:00
Ronald Cron
b4ad3e750b tests: ssl: First reset to all zeroes options in init
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-02-06 16:43:33 +01:00
Ronald Cron
fb53647b0b tests: ssl: Move group list to options
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-02-06 16:43:33 +01:00
Valerio Setti
2b6a7b37f4 suite_psa_crypto_util: use 521 bits data and bit-size instead of 528
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-02-06 16:21:44 +01:00
Paul Elliott
79e2e5d2d0 Add comment to set/increment step functions
These functions are thread safe, but using them from within multiple
threads at the same time may not have the intended effect, given order
cannot be guaranteed. Also, standardise header comment formatting.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2024-02-06 15:10:03 +00:00
Dave Rodgman
e093281a8b Pacify check-names
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2024-02-06 15:00:58 +00:00
Valerio Setti
94c5806a64 suite_psa_crypto_util: make ecdsa_raw_to_der_incremental() more readable
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-02-06 15:49:06 +01:00
Dave Rodgman
d09f96b829 Improve docs
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2024-02-06 13:51:58 +00:00
Valerio Setti
eae7fce829 add changelog
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-02-06 14:40:59 +01:00
Dave Rodgman
22b934e6d2 Use struct not union
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2024-02-06 13:16:13 +00:00
Dave Rodgman
f4e8234f93 Improve docs
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2024-02-06 13:16:13 +00:00
Manuel Pégourié-Gonnard
5c9cc0b30f
Merge pull request #8727 from ronald-cron-arm/tls13-ignore-early-data-when-rejected
TLS 1.3: SRV: Ignore early data when rejected
2024-02-06 13:16:03 +00:00
Dave Rodgman
ec9936d122 Improve gcc guards
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2024-02-06 13:04:09 +00:00
Paul Elliott
f20728ee49 Fix missed case for removing accessor
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2024-02-06 12:49:45 +00:00
Dave Rodgman
b327a1e706 Change unaligned access method for old gcc
gcc bug https://gcc.gnu.org/bugzilla/show_bug.cgi?id=94662 shows
that __attribute__ aligned may be ignored.

Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2024-02-06 11:32:01 +00:00
Ronald Cron
d0a772740e tests: early data: Complete the handshake
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-02-06 11:15:48 +01:00
Gilles Peskine
735ac3ec05 Fix builds with secp224k1 as the only curve
Normally, if an elliptic curve is enabled in the legacy API then it's also
enabled in the PSA API. In particular, if the legacy API has at least one
curve then that curve also works with PSA. There is an exception with
secp224k1 which PSA does not support. In a build with secp224k1 as the only
legacy curve, MBEDTLS_PK_HAVE_ECC_KEYS is enabled (because you can use the
curve through PK) but PSA does not support any elliptic curve, so we can't
run PK-PSA bridge tests.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-02-06 11:11:32 +01:00