Neil Armstrong
0151c55b56
Add documentation of PSA_PAKE_OPERATION_INIT
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-05-20 11:50:58 +02:00
Neil Armstrong
5ff6a7fa97
Add missing psa_pake_cipher_suite_init()
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-05-20 11:50:57 +02:00
Neil Armstrong
fb99302726
Add missing PSA_PAKE_CIPHER_SUITE_INIT
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-05-20 10:45:01 +02:00
Gilles Peskine
e4d3a6a4e8
Merge pull request #5804 from superna9999/5797-remove-cipher-deps-tls
...
Remove Cipher dependencies in TLS
2022-05-19 21:02:12 +02:00
Dave Rodgman
afe149d76e
Merge pull request #5846 from bootstrap-prime/development
...
Fix typos in documentation and constants with typo finding tool
2022-05-19 16:53:32 +01:00
Paul Elliott
4283a6b121
Merge pull request #5736 from gilles-peskine-arm/psa-raw_key_agreement-buffer_too_small
...
Make psa_raw_key_agreement return BUFFER_TOO_SMALL
2022-05-19 16:06:02 +01:00
bootstrap-prime
6dbbf44d78
Fix typos in documentation and constants with typo finding tool
...
Signed-off-by: bootstrap-prime <bootstrap.prime@gmail.com>
2022-05-18 14:15:33 -04:00
Neil Armstrong
8395d7a37d
Change guard of mbedtls_ssl_cipher_to_psa() with USE_PSA_CRYPTO || SSL_PROTO_TLS1_3
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-05-18 13:24:34 +02:00
Neil Armstrong
0fa8ce3498
TLS 1.3 only have AEAD ciphers, drop the PSA_ALG_IS_AEAD() check in mbedtls_ssl_tls13_get_cipher_key_info()
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-05-18 13:19:29 +02:00
Neil Armstrong
b818e16b29
Move out common PSA code from mbedtls_ssl_tls13_generate_handshake_keys/mbedtls_ssl_tls13_generate_application_keys
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-05-18 13:19:29 +02:00
Neil Armstrong
e3b0b8ab67
Remove non-PSA code in mbedtls_ssl_tls13_generate_handshake_keys/mbedtls_ssl_tls13_generate_application_keys
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-05-18 13:19:29 +02:00
Neil Armstrong
93617245c3
Code style fixes
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-05-18 13:19:29 +02:00
Neil Armstrong
689557ca12
Make CIPHER_C guard code as alternate of USE_PSA_CRYPTO in mbedtls_ssl_ciphersuite_get_cipher_key_bitlen()
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-05-18 13:19:29 +02:00
Neil Armstrong
4f4f271850
In mbedtls_ssl_tls13_generate_handshake_keys() and mbedtls_ssl_tls13_generate_application_keys(), avoid calling mbedtls_cipher_info_from_type()
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-05-18 13:19:29 +02:00
Neil Armstrong
a8093f5c48
In mbedtls_ssl_tls13_populate_transform() make sure mbedtls_cipher_info_from_type() is only called when USE_PSA is disabled
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-05-18 13:19:29 +02:00
Neil Armstrong
801abb69a5
Provide a PSA definition of mbedtls_ssl_ciphersuite_get_cipher_key_bitlen() when MBEDTLS_USE_PSA_CRYPTO is defined
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-05-18 13:19:29 +02:00
Manuel Pégourié-Gonnard
6ab65e28cf
Merge pull request #5842 from mprse/decrypt_tests
...
RSA decrypt 2: TLS 1.2 integration testing
2022-05-18 12:58:50 +02:00
Gilles Peskine
42ed963c72
Update PSA compliance test branch
...
Update to a branch with a fix for the test case
"expected error for psa_raw_key_agreement - Small buffer size"
since we just fixed the corresponding bug.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-05-17 17:23:09 +02:00
Ronald Cron
9edf51d8cd
Merge pull request #5785 from gabor-mezei-arm/5460_unify_parsing_sig_alg_ext
...
Unify parsing of the signature algorithms extension in TLS 1.2 and TLS 1.3
CI ABI API check job failure is expected as the PR do some changes in ssl_misc.h.
@RcColes if you eventually want to request some changes, they can be done in a follow-up PR.
2022-05-17 17:01:55 +02:00
Paul Elliott
a478441517
Merge pull request #5748 from yuhaoth/pr/add-tls13-write-certificate-and-verify
...
TLS1.3:Add Certificate and CertificateVerify message on Server Side
2022-05-17 15:47:36 +01:00
Gilles Peskine
3e56130fb9
psa_raw_key_agreement: return BUFFER_TOO_SMALL when warranted
...
psa_raw_key_agreement() returned PSA_ERROR_INVALID_ARGUMENT instead of
PSA_ERROR_BUFFER_TOO_SMALL when the output buffer was too small for ECDH,
the only algorithm that is currently implemented. Make it return the correct
error code.
The reason for the wrong error code is that ecdh.c returns
MBEDTLS_ERR_ECP_BAD_INPUT_DATA, presumably for similarith with dhm.c. It
might make sense to change ecdh.c to use MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL,
but dhm.c doesn't have an existing BUFFER_TOO_SMALL error. To minimize the
impact of the fix, handle this in the PSA layer.
Fixes #5735 .
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-05-16 19:37:54 +02:00
Gilles Peskine
7be11a790d
Use TEST_LE_U in some places where it applies
...
Systematically replace "TEST_ASSERT( $x <= $y )" by "TEST_LE_U( $x, $y )" in
test_suite_psa_crypto. In this file, all occurrences of this pattern are
size_t so unsigned.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-05-16 19:37:53 +02:00
Gilles Peskine
d1465429a2
New test helper macros TEST_LE_U, TEST_LE_S
...
Test assertions for integer comparisons that display the compared values on
failure. Similar to TEST_EQUAL.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-05-16 19:33:11 +02:00
Gilles Peskine
3ff25443c8
Separate the validation of the size macros and of the function
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-05-16 19:33:11 +02:00
Gilles Peskine
d4a258a08f
Improve PSA_RAW_KEY_AGREEMENT_OUTPUT_SIZE validation
...
We want to check:
1. actual output <= PSA_RAW_KEY_AGREEMENT_OUTPUT_SIZE (the output fits
if the caller uses the key-specific buffer size macro)
2. actual output <= PSA_RAW_KEY_AGREEMENT_OUTPUT_MAX_SIZE (the output fits
if the caller uses the generic buffer size macro)
3. PSA_RAW_KEY_AGREEMENT_OUTPUT_SIZE <= PSA_RAW_KEY_AGREEMENT_OUTPUT_MAX_SIZE
(consistency in the calculation)
We were only testing (1) and (2). Test (3) as well. (1) and (3) together
imply (2) so there's no need to test (2).
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-05-16 19:33:11 +02:00
Gilles Peskine
992bee8b6e
Test psa_raw_key_agreement with a larger/smaller buffer
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-05-16 19:33:11 +02:00
Dave Rodgman
2a045325f9
Merge pull request #5766 from leorosen/fix-var-init
...
Add missing local variable initialization
2022-05-16 14:47:00 +01:00
Przemek Stekiel
8da6da3da2
ssl-opt.sh: add test of RSA Opaque keys with TLS 1.2 server for decryption
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-05-16 14:37:50 +02:00
Gilles Peskine
9b7e29663f
Merge pull request #4211 from ccawley2011/mingw
...
Fix compilation with MinGW32
2022-05-16 12:30:37 +02:00
Gilles Peskine
f46019165f
Merge pull request #5840 from bensze01/python_3.10_support
...
Add minimum requirements for Python 3.10 support
2022-05-16 12:29:36 +02:00
Leonid Rozenboim
a3008e7e2e
Add missing local variable initialization
...
These issues were flagged by Coverity as instances where a local
variable may be used prior to being initialized. Please note that
none of these changes fixes any particular bug, this is just an attempt
to add more robustness.
Signed-off-by: Leonid Rozenboim <leonid.rozenboim@oracle.com>
2022-05-13 18:08:11 +01:00
Gabor Mezei
696956da24
Typo
...
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-05-13 17:02:19 +02:00
Gabor Mezei
0a4298bbe9
Remove unnecessary duble conversion
...
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-05-13 17:02:18 +02:00
Bence Szépkúti
44f138d539
Add minimum requirements for Python 3.10 support
...
This is needed for min_requirements.py, since it installs the oldest
possible version of all the requirements.
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2022-05-13 16:52:28 +02:00
Jerry Yu
b89125b81a
Add test without server certificate
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-05-13 15:50:04 +08:00
Dave Rodgman
d87e46f3de
Merge pull request #3641 from okhowang/c99
...
Pass c99 to compiler
2022-05-12 14:01:10 +01:00
Jerry Yu
23d1a256ec
fix hrr handler undefine fail
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-05-12 20:11:16 +08:00
Manuel Pégourié-Gonnard
1cd4f6a873
Merge pull request #5794 from mprse/cipher_dep
...
Fix undeclared dependencies: CIPHER
2022-05-12 13:09:04 +02:00
Manuel Pégourié-Gonnard
4014a0408e
Merge pull request #5617 from gilles-peskine-arm/chacha20-rfc7539-test-vector
...
PSA: ChaCha20: add RFC 7539 test vector with counter=1
2022-05-12 12:34:20 +02:00
Manuel Pégourié-Gonnard
9bc53a2e84
Merge pull request #5806 from josesimoes/fix-3031
...
Remove prompt to exit in all programs
2022-05-12 10:50:31 +02:00
Dave Rodgman
8b65420f42
Add comment
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2022-05-12 09:45:03 +01:00
Przemek Stekiel
da5f483ad8
all.sh: Fix order of CIPHER dependencies
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-05-12 10:42:20 +02:00
Przemek Stekiel
a09f835bd8
Fix CIPHER dependencies dependeny and error messages
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-05-12 10:42:20 +02:00
Przemek Stekiel
179d74831f
all.sh: add build/test config crypto_full minus CIPHER
...
Dependency list:
- ['MBEDTLS_CIPHER_C']
- ['MBEDTLS_CMAC_C', 'MBEDTLS_NIST_KW_C', 'MBEDTLS_PKCS12_C', 'MBEDTLS_PKCS5_C', 'MBEDTLS_CCM_C', 'MBEDTLS_GCM_C', 'MBEDTLS_PSA_CRYPTO_C']
- ['MBEDTLS_PSA_CRYPTO_SE_C', 'MBEDTLS_PSA_CRYPTO_STORAGE_C', 'MBEDTLS_USE_PSA_CRYPTO']
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-05-12 10:42:20 +02:00
Przemek Stekiel
10f3a601b4
all.sh: add build/test config full minus CIPHER
...
Dependency list:
- ['MBEDTLS_CIPHER_C']
- ['MBEDTLS_CMAC_C', 'MBEDTLS_NIST_KW_C', 'MBEDTLS_PKCS12_C', 'MBEDTLS_PKCS5_C', 'MBEDTLS_CCM_C', 'MBEDTLS_GCM_C', 'MBEDTLS_PSA_CRYPTO_C', 'MBEDTLS_SSL_TLS_C', 'MBEDTLS_SSL_TICKET_C']
- ['MBEDTLS_PSA_CRYPTO_SE_C', 'MBEDTLS_PSA_CRYPTO_STORAGE_C', 'MBEDTLS_SSL_PROTO_TLS1_3', 'MBEDTLS_SSL_CLI_C', 'MBEDTLS_SSL_SRV_C', 'MBEDTLS_SSL_DTLS_ANTI_REPLAY', 'MBEDTLS_SSL_DTLS_CONNECTION_ID', 'MBEDTLS_USE_PSA_CRYPTO']
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-05-12 10:42:20 +02:00
Przemek Stekiel
ea805b4f20
mbedtls_config.h, check_config.h: fix CIPHER dependencies
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-05-12 10:42:20 +02:00
Dave Rodgman
58f591526e
Merge pull request #5732 from daverodgman/warmsocks_spellingfixes
...
Fixed spelling and typographical errors found by CodeSpell
2022-05-12 09:26:29 +01:00
Manuel Pégourié-Gonnard
34f6ac7c22
Merge pull request #5812 from adeaarm/development
...
Fix key_id and owner_id accessor macros
2022-05-12 10:25:02 +02:00
Dave Rodgman
c9c6e8d189
Improve comments
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2022-05-12 09:22:50 +01:00
Jerry Yu
5a26f3000d
Refactor cert exchange states
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-05-12 14:44:59 +08:00