yuzu-emu/mbedtls
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
21284 commits 1 branch 0 tags 94 MiB
Commit graph

7201 commits

Author SHA1 Message Date
Ronald Cron
6ec2123bf3 ssl-opt.sh: Align prefix of TLS 1.3 opaque key tests 
Align prefix of TLS 1.3 opaque key tests
with the prefix of the othe TLS 1.3 tests.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-09-20 14:30:13 +02:00
Ronald Cron
067a1e735e tls13: Try reasonable sig alg for CertificateVerify signature 
Instead of fully validating beforehand
signature algorithms with regards to the
private key, do minimum validation and then
just try to compute the signature. If it
fails try another reasonable algorithm if any.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-09-20 14:30:13 +02:00
Ronald Cron
67ea2543ed tls13: server: Add sig alg checks when selecting best certificate 
When selecting the server certificate based on
the signature algorithms supported by the client,
check the signature algorithms as close as possible
to the way they are checked to compute the
signature for the server to prove it possesses
the private key associated to the certificate.

That way we minimize the odds of selecting a
certificate for which the server will not be
able to compute the signature to prove it
possesses the private key associated to the
certificate.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-09-20 14:26:32 +02:00
Werner Lewis
05feee1841 Restore vbuf value after modification 
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
 2022-09-20 12:05:58 +01:00
Werner Lewis
ccae25b4bf Add explicit mbedtls_ecp_tls_read_group_id call 
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
 2022-09-20 10:00:07 +01:00
Werner Lewis
7403d93f8a Add leading zeros to group metadata 
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
 2022-09-20 09:41:05 +01:00
Werner Lewis
57807308d5 Fix typo in MBEDTLS_ECP_DP_BP512R1 
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
 2022-09-20 09:16:11 +01:00
Manuel Pégourié-Gonnard
1367f40d38 Fix memory corruption in an SSL test function 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-09-19 11:00:23 +02:00
Manuel Pégourié-Gonnard
73f9233a73 Use full config for testing driver-only hashes 
Stating from the default config means a few things are implicitly
excluded; starting from the full config makes it all fully explicit.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-09-19 10:47:05 +02:00
Manuel Pégourié-Gonnard
79e1467799 Fix include path for programs 
Same problem as #6101, same fix (the second commit of #6111).

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-09-19 09:27:53 +02:00
Jerry Yu
7a51305478 Add multi-session tickets test 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-09-19 14:26:07 +08:00
Ronald Cron
be0224aef3
Merge pull request #6167 from yuhaoth/pr/finalize-tls13-session-tickets 2022-09-18 21:18:13 +02:00
Gilles Peskine
1716f06ee3
Merge pull request #6093 from wernerlewis/bignum_test_script 
Add bignum test case generation script
 2022-09-17 10:37:26 +02:00
Werner Lewis
c2fb540c67 Use a script specific description in CLI help 
Previous changes used the docstring of the test_generation module,
which does not inform a user about the script.

Signed-off-by: Werner Lewis <werner.lewis@arm.com>
 2022-09-16 17:03:54 +01:00
Andrzej Kurek
2be1689504 Add capacity testing to EC J-PAKE to PMS tests 
Let the caller restrict the capacity but limit it to 32 bytes.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-09-16 07:14:04 -04:00
Andrzej Kurek
d37850404a Add derivation step testing to EC J-PAKE to PMS tests 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-09-16 06:45:44 -04:00
Manuel Pégourié-Gonnard
07018f97d2 Make legacy_or_psa.h public. 
As a public header, it should no longer include common.h, just use
build_info.h which is what we actually need anyway.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-09-16 12:02:48 +02:00
Przemek Stekiel
c454aba203 ssl-opt.sh: add tests for key_opaque_algs option 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-09-15 14:22:29 +02:00
Manuel Pégourié-Gonnard
409a620dea
Merge pull request #6255 from mprse/md_tls13 
Driver-only hashes: TLS 1.3
 2022-09-15 10:37:46 +02:00
Manuel Pégourié-Gonnard
18dff1f226
Merge pull request #5871 from superna9999/4153-psa-expose-ec-j-pake 
Expose ECJPAKE through the PSA Crypto API
 2022-09-15 09:25:55 +02:00
Ronald Cron
62e24ba186
Merge pull request #6260 from yuhaoth/pr/add-multiple-pre-config-psks 
TLS 1.3:Add multiple pre-configured psk test for server
 2022-09-15 08:58:40 +02:00
Andrzej Kurek
4ba0e45f8e all.sh: don't build with ECJPAKE_TO_PMS if SHA256 is not available 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-09-14 14:58:49 -04:00
Werner Lewis
52ae326ebb Update references to file targets in docstrings 
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
 2022-09-14 16:52:45 +01:00
Werner Lewis
ac446c8a04 Add combination_pairs helper function 
Wrapper function for itertools.combinations_with_replacement, with
explicit cast due to imprecise typing with older versions of mypy.

Signed-off-by: Werner Lewis <werner.lewis@arm.com>
 2022-09-14 16:52:45 +01:00
Werner Lewis
b6e809133d Use typing.cast instead of unqualified cast 
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
 2022-09-14 16:52:45 +01:00
Andrzej Kurek
d8705bc7b7 Add tests for the newly created ad-hoc EC J-PAKE KDF 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-09-14 08:39:41 -04:00
Ronald Cron
208257b39f
Merge pull request #6259 from yuhaoth/pr/add-psk_ephemeral-possible-group-tests 
TLS 1.3: PSK: Add possible group tests for psk with ECDHE
 2022-09-14 14:21:46 +02:00
Jerry Yu
673b0f9ad3 Randomize order of psks 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-09-14 18:02:26 +08:00
Manuel Pégourié-Gonnard
b2407f2b91
Merge pull request #6261 from mprse/hash_size_macro 
Create MBEDTLS_MAX_HASH_SIZE in hash_info.h
 2022-09-14 10:00:06 +02:00
Przemek Stekiel
dcec7ac3e8 test_psa_crypto_config_accel_hash_use_psa: enable tls.1.3 at the end and adapt comment 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-09-13 18:08:54 +02:00
Przemek Stekiel
a4af13a46c test_psa_crypto_config_accel_hash_use_psa: enable TLS 1.3 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-09-13 18:08:54 +02:00
Dave Rodgman
8cc46aa22c
Merge pull request #6275 from daverodgman/fixcopyright 
Correct copyright and license in crypto_spe.h
 2022-09-13 11:23:52 +01:00
Jerry Yu
a02841bb8a revert changes on PSK tests 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-09-13 11:07:27 +08:00
Dave Rodgman
53a18f23ac Correct copyright and license in crypto_spe.h 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2022-09-12 17:57:32 +01:00
Werner Lewis
3dc45198e6 Replace L/R inputs with A/B 
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
 2022-09-12 17:35:27 +01:00
Werner Lewis
1fade8adb6 Move symbol definition out of __init__ 
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
 2022-09-12 17:34:15 +01:00
Andrzej Kurek
d681746a51 Split some ssl-opt.sh test cases into two 
There's a slightly different behaviour without MBEDTLS_SSL_ASYNC_PRIVATE
that has to be handled.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-09-12 05:37:46 -04:00
Andrzej Kurek
07e3570f8c Add an ssl-opt.sh run to all.sh for the accel_hash_use_psa config 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-09-12 05:37:46 -04:00
Andrzej Kurek
934e9cd47f Switch to the new version of hash algorithm checking in ssl-opt.sh 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-09-12 05:34:23 -04:00
Andrzej Kurek
9c061a2d19 Add a posibility to check for the availability of hash algs to ssl-opt 
The new function now dispatches a check for either an MBEDTLS
or PSA define to check for SHA_XXX.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-09-12 05:34:23 -04:00
Manuel Pégourié-Gonnard
f6a6a2d815
Merge pull request #6216 from AndrzejKurek/tls-tests-no-md-compat 
TLS without MD - compat.sh addition to all.sh hash acceleration tests
 2022-09-12 10:23:49 +02:00
Przemek Stekiel
40afdd2791 Make use of MBEDTLS_MAX_HASH_SIZE macro 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-09-06 14:18:45 +02:00
Neil Armstrong
2a73f21878 Fixup expected status handling in ecjpake_setup() and add more coverage for psa_pake_set_password_key() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-09-06 11:34:54 +02:00
Jerry Yu
58af2335d9 Add possible group tests for psk with ECDHE 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-09-06 14:49:39 +08:00
Jerry Yu
079472b4c9 Add multiple pre-configured psk test for server 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-09-06 11:44:18 +08:00
Neil Armstrong
78c4e8e9cb Make ecjpake_do_round() return void and use TEST_ASSERT with a descriptive text instead of returning a value 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-09-05 18:08:13 +02:00
Neil Armstrong
51009d7297 Add comment in ecjpake_do_round() explaining input errors can be detected any time in the input sequence 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-09-05 17:59:54 +02:00
Andrzej Kurek
5e0654a324 Add a compat.sh run to psa_crypto_config_accel_hash_use_psa 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-09-04 09:31:17 -04:00
Andrzej Kurek
c502210291 Adjust pkparse test dependencies 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-09-02 15:33:20 -04:00
Werner Lewis
855e45c817 Use simpler int to hex string conversion 
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
 2022-09-02 17:26:19 +01:00
Werner Lewis
56013081c7 Remove unused imports 
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
 2022-09-02 12:57:37 +01:00
Werner Lewis
a4668a6b6c Rework TestGenerator to add file targets 
BaseTarget-derived targets are now added to TestGenerator.targets in
initialization. This reduces repeated code in generate_xxx_tests.py
scripts which use this framework.

Signed-off-by: Werner Lewis <werner.lewis@arm.com>
 2022-09-02 11:56:34 +01:00
Andrzej Kurek
7a32072038 Setup / deinitialize PSA in pk tests only if no MD is used 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-09-02 04:07:15 -04:00
Andrzej Kurek
26909f348f Add PSA initialization and teardown to tests using pkcs5 
If PSA is defined and there is no MD - an initialization
is required.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-09-02 04:05:37 -04:00
Andrzej Kurek
a57267c758 Add a possibility to call PSA_INIT without MBEDTLS_PSA_CRYPTO_C 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-09-02 04:05:37 -04:00
Andrzej Kurek
37a17e890c Enable PKCS5 in no-md builds in all.sh 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-09-02 04:05:33 -04:00
Andrzej Kurek
ed98e95c81 Adjust pkcs5 test dependencies 
Hashing via PSA is now supported 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-09-02 04:03:25 -04:00
Andrzej Kurek
dd36c76f09 Provide a version of pkcs5_pbkdf2_hmac without MD usage 
Use the new implementation locally
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-09-02 04:03:25 -04:00
Manuel Pégourié-Gonnard
97fc247d6a
Merge pull request #6232 from AndrzejKurek/pkcs12-no-md 
Remove MD dependency from pkcs12 module
 2022-09-02 09:43:13 +02:00
Tuvshinzaya Erdenekhuu
7714368667 Remove unused variable 
Signed-off-by: Tuvshinzaya Erdenekhuu <tuvshinzaya.erdenekhuu@arm.com>
 2022-09-01 17:11:14 +01:00
Tuvshinzaya Erdenekhuu
08b223443f Add new tests 
Signed-off-by: Tuvshinzaya Erdenekhuu <tuvshinzaya.erdenekhuu@arm.com>
 2022-09-01 16:18:00 +01:00
Tuvshinzaya Erdenekhuu
fe7524de03 Make minor style change 
Signed-off-by: Tuvshinzaya Erdenekhuu <tuvshinzaya.erdenekhuu@arm.com>
 2022-09-01 16:07:18 +01:00
Andrzej Kurek
7bd12c5d5e Remove MD dependency from pkcs12 module 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-09-01 08:57:41 -04:00
Manuel Pégourié-Gonnard
0777ec1625
Merge pull request #6109 from superna9999/6100-crash-in-test-suite-x509write 
Crash in test suite x509write config full no seedfile
 2022-09-01 11:18:30 +02:00
Werner Lewis
a4b7720cb5 Use combinations_with_replacement for inputs 
When generating combinations of values, `itertools.combinations` will
not allow inputs to be repeated. This is replaced so that cases where
input values match are generated, i.e. ("0", "0").

Signed-off-by: Werner Lewis <werner.lewis@arm.com>
 2022-08-31 16:55:44 +01:00
Jerry Yu
e976492a11 Add session ticket tests for client 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-08-31 23:24:25 +08:00
Ronald Cron
e00d6d6b55
Merge pull request #6135 from yuhaoth/pr/tls13-finalize-external-psk-negotiation 
TLS 1.3: SRV: Finalize external PSK negotiation
 2022-08-31 17:21:57 +02:00
Tuvshinzaya Erdenekhuu
7e2e2a9762 Add new checks in rsa_invalid_param test 
This new checks covers previous commits

Signed-off-by: Tuvshinzaya Erdenekhuu <tuvshinzaya.erdenekhuu@arm.com>
 2022-08-31 10:15:59 +01:00
Tuvshinzaya Erdenekhuu
61f1372b8c Remove unused variables from shax.function 
Signed-off-by: Tuvshinzaya Erdenekhuu <tuvshinzaya.erdenekhuu@arm.com>
 2022-08-31 10:15:25 +01:00
Tuvshinzaya Erdenekhuu
ca6fde2e1f Enable invalid param test in sha512 
Signed-off-by: Tuvshinzaya Erdenekhuu <tuvshinzaya.erdenekhuu@arm.com>
 2022-08-31 10:15:25 +01:00
Tuvshinzaya Erdenekhuu
1db192bc5a Enable invalid param test in sha256 
Signed-off-by: Tuvshinzaya Erdenekhuu <tuvshinzaya.erdenekhuu@arm.com>
 2022-08-31 10:15:25 +01:00
Tuvshinzaya Erdenekhuu
d5ebedffd0 Removed unused variable in cipher test 
Signed-off-by: Tuvshinzaya Erdenekhuu <tuvshinzaya.erdenekhuu@arm.com>
 2022-08-31 10:14:57 +01:00
Tuvshinzaya Erdenekhuu
104eb7f4a8 Enabled invalid param test for gcm 
Signed-off-by: Tuvshinzaya Erdenekhuu <tuvshinzaya.erdenekhuu@arm.com>
 2022-08-31 10:14:57 +01:00
Tuvshinzaya Erdenekhuu
6c68927948 Enabled invalid param test for cipher 
Signed-off-by: Tuvshinzaya Erdenekhuu <tuvshinzaya.erdenekhuu@arm.com>
 2022-08-31 10:14:57 +01:00
Tuvshinzaya Erdenekhuu
c7d7220814 Enabled invalid param test in camellia 
Signed-off-by: Tuvshinzaya Erdenekhuu <tuvshinzaya.erdenekhuu@arm.com>
 2022-08-31 10:14:57 +01:00
Tuvshinzaya Erdenekhuu
c855bf5285 Enabled invalid param test for aes 
Signed-off-by: Tuvshinzaya Erdenekhuu <tuvshinzaya.erdenekhuu@arm.com>
 2022-08-31 10:14:57 +01:00
Tuvshinzaya Erdenekhuu
0050b918f0 Added new tests in pk_invalid_param 
Signed-off-by: Tuvshinzaya Erdenekhuu <tuvshinzaya.erdenekhuu@arm.com>
 2022-08-31 10:14:25 +01:00
Tuvshinzaya Erdenekhuu
ed99ed34f3 Add spaces to comply with coding style 
Signed-off-by: Tuvshinzaya Erdenekhuu <tuvshinzaya.erdenekhuu@arm.com>
 2022-08-31 10:14:25 +01:00
Tuvshinzaya Erdenekhuu
c388af63e4 Remove extra spacings 
Signed-off-by: Tuvshinzaya Erdenekhuu <tuvshinzaya.erdenekhuu@arm.com>
 2022-08-31 10:14:25 +01:00
Tuvshinzaya Erdenekhuu
79bf51a109 Add new test for invalid param in pk.c 
Signed-off-by: Tuvshinzaya Erdenekhuu <tuvshinzaya.erdenekhuu@arm.com>
 2022-08-31 10:14:25 +01:00
Jerry Yu
6688669124 replace psk&dhe with psk_or_ephemeral 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-08-31 17:08:34 +08:00
Neil Armstrong
e5fdf20a79 Make ecjpake_rounds test depends on PSA_WANT_ALG_TLS12_PSK_TO_MS 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-08-31 10:49:18 +02:00
Neil Armstrong
eae1dfcc46 Change to more efficient error injection in ecjpake_do_round() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-08-31 10:49:18 +02:00
Neil Armstrong
db5b960a7e Permit any psa_pake_input() step to fail when error injected in input 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-08-31 10:49:18 +02:00
Neil Armstrong
75673abef5 Only build ecjpake_do_round() is PSA_WANT_ALG_JPAKE is defined 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-08-31 10:49:18 +02:00
Neil Armstrong
8c2e8a6cda Add ecjpake_rounds_inject tests to exercise error injection 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-08-31 10:49:18 +02:00
Neil Armstrong
f983caf6c4 Move JPAKE rounds into a common function, add reordering and error injection 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-08-31 10:49:18 +02:00
Neil Armstrong
1e855601ca Fix psa_pake_get_implicit_key() state & add corresponding tests in ecjpake_rounds() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-08-31 10:49:18 +02:00
Neil Armstrong
a557cb8c8b Fixing XXX_ALG_ECJPAKE to XXX_ALG_JPAKE to match specification 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-08-31 10:49:18 +02:00
Neil Armstrong
a24278a74a Add invalid hash ecjpake_setup() test case 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-08-31 10:49:18 +02:00
Neil Armstrong
9c8b492052 Add advanced psa_pake_input/psa_pake_output test in ecjpake_setup() test 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-08-31 10:49:18 +02:00
Neil Armstrong
50de0ae0c4 Add check calling psa_pake_setup() on an already initialized operation in ecjpake_setup() test 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-08-31 10:49:18 +02:00
Neil Armstrong
98506ab677 Add checks for INVALID_ARGUMENT for psa_pake_output/psa_pake_input in ecjpake_setup() test 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-08-31 10:49:18 +02:00
Neil Armstrong
645cccd6a8 Add checks for BAD_STATE before calling psa_pake_setup() in ecjpake_setup() test 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-08-31 10:49:18 +02:00
Neil Armstrong
707d9574f8 Add checks for psa_pake_set_user/psa_pake_set_peer in test_suite_psa_crypto 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-08-31 10:49:18 +02:00
Neil Armstrong
ebd9a03743 Cleanup PSA pake test dependency 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-08-31 10:49:18 +02:00
Neil Armstrong
d597bc705f Add PSA PAKE tests 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-08-31 10:49:18 +02:00
Jerry Yu
7101b87040 fix wrong description 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-08-31 14:15:23 +08:00
Gilles Peskine
076f7257e9 Don't remove programs/fuzz/Makefile 
Other programs/*/Makefile are only created by CMake, but programs/fuzz has
its own Makefile in the repository. Fixes #6247.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-08-30 21:02:44 +02:00
Gilles Peskine
dd06efbb8d Don't try restoring a file if no backup is available 
This caused `all.sh --force` to fail on a clean build tree.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-08-30 21:02:00 +02:00