yuzu-emu/mbedtls
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
21282 commits 1 branch 0 tags 94 MiB
Commit graph

21282 commits

This branch
This branch
All branches
Author SHA1 Message Date
Andrzej Kurek
702776f7cc Restrict the EC J-PAKE to PMS input type to secret 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-09-16 06:22:44 -04:00
Jerry Yu
ad4d2bb3e1 Exclude pre_shared_key for HRR 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-09-16 18:16:49 +08:00
Manuel Pégourié-Gonnard
138387fc8c Fix some typos, improve wording & formatting 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-09-16 12:03:52 +02:00
Manuel Pégourié-Gonnard
d18c24b166 EC J-PAKE is now implemented in PSA 
Quite unrelated to the other commits in this branch, but I happened to
spot it, so I fixed it.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-09-16 12:03:52 +02:00
Manuel Pégourié-Gonnard
c998e43eb4 Add ChangeLog entry about driver-only hashes. 
(The first entry will need editing if support for ENTROPY_C is sorted out
before the next release.)

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-09-16 12:03:52 +02:00
Manuel Pégourié-Gonnard
72687b76ca Clarify dependencies in mbedtls_config.h 
- One module was missing the warning on psa_crypto_init().
- For modules that are affected by USE_PSA_CRYPTO, it makes more sense
to mention that in the warning.
- Attempt to improve the description of the TLS 1.3 situation.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-09-16 12:03:52 +02:00
Manuel Pégourié-Gonnard
f17f85ef0c Simplify definition of TLS 1.3 MD max size. 
Actually this macro is never used in parts that depend on USE_PSA, so
it's always using PSA.

Currently the macro seems a bit redundant, but:
- since it's public we can't remove it;
- and there are plans in the future to make it more precise (actually
the largest hash that matters for TLS 1.3 is SHA-384 now).

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-09-16 12:03:52 +02:00
Manuel Pégourié-Gonnard
e896705c1a Take advantage of legacy_or_psa.h being public 
Opportunities for using the macros were spotted using:

    git grep -E -n -A2 'MBEDTLS_(MD|SHA)[0-9]+_C' | egrep 'PSA_WANT_ALG_(MD|SHA)'

then manually filtering the results.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-09-16 12:03:52 +02:00
Manuel Pégourié-Gonnard
07018f97d2 Make legacy_or_psa.h public. 
As a public header, it should no longer include common.h, just use
build_info.h which is what we actually need anyway.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-09-16 12:02:48 +02:00
Jerry Yu
6ee726e1ab Replace md translation function 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-09-16 16:32:27 +08:00
Manuel Pégourié-Gonnard
1c341c8bc9
Merge pull request #6284 from daverodgman/contributing 
Clarify legal requirements for contributions
 2022-09-16 09:01:56 +02:00
Jerry Yu
a5df584d87 fix build fail for test_psa_crypto_config_accel_hash_use_psa 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-09-16 11:28:54 +08:00
Przemek Stekiel
c454aba203 ssl-opt.sh: add tests for key_opaque_algs option 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-09-15 14:22:29 +02:00
Przemek Stekiel
632939df4b ssl_client2: print pk key name when provided using key_opaque_algs 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-09-15 14:16:11 +02:00
Przemek Stekiel
dca224628b ssl_tls13_select_sig_alg_to_psa_alg: optimize code 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-09-15 14:16:11 +02:00
Przemek Stekiel
f937e669bd Guard new code with MBEDTLS_USE_PSA_CRYPTO 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-09-15 14:16:11 +02:00
Przemek Stekiel
3c326f9697 Add function to convert sig_alg to psa alg and use it 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-09-15 14:16:11 +02:00
Przemek Stekiel
b40f2e81ec TLS 1.3: Take into account key policy while picking a signature algorithm 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-09-15 14:10:19 +02:00
Dave Rodgman
f184625223 Clarify legal requirements for contributions 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2022-09-15 11:52:44 +01:00
Manuel Pégourié-Gonnard
c42c7e660e Update documentation in legacy_or_psa.h 
- Some things that were indicated as in the near future are now done.
- Clarify when these macros are needed and when they're not.
- Prepare to make the header public.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-09-15 11:28:24 +02:00
Manuel Pégourié-Gonnard
1dc37258de Style: wrap a long line 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-09-15 11:10:26 +02:00
Manuel Pégourié-Gonnard
409a620dea
Merge pull request #6255 from mprse/md_tls13 
Driver-only hashes: TLS 1.3
 2022-09-15 10:37:46 +02:00
Jerry Yu
0a55cc647c Remove unnecessary var and improve comment 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-09-15 16:15:06 +08:00
Werner Lewis
07c830c164 Fix setting for default test suite directory 
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
 2022-09-15 09:02:07 +01:00
Manuel Pégourié-Gonnard
18dff1f226
Merge pull request #5871 from superna9999/4153-psa-expose-ec-j-pake 
Expose ECJPAKE through the PSA Crypto API
 2022-09-15 09:25:55 +02:00
Ronald Cron
62e24ba186
Merge pull request #6260 from yuhaoth/pr/add-multiple-pre-config-psks 
TLS 1.3:Add multiple pre-configured psk test for server
 2022-09-15 08:58:40 +02:00
Andrzej Kurek
4ba0e45f8e all.sh: don't build with ECJPAKE_TO_PMS if SHA256 is not available 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-09-14 14:58:49 -04:00
Andrzej Kurek
d60907b85d Define ECJPAKE_TO_PMS in config_psa only if SHA_256 is available 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-09-14 14:57:51 -04:00
Werner Lewis
52ae326ebb Update references to file targets in docstrings 
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
 2022-09-14 16:52:45 +01:00
Werner Lewis
ac446c8a04 Add combination_pairs helper function 
Wrapper function for itertools.combinations_with_replacement, with
explicit cast due to imprecise typing with older versions of mypy.

Signed-off-by: Werner Lewis <werner.lewis@arm.com>
 2022-09-14 16:52:45 +01:00
Werner Lewis
b6e809133d Use typing.cast instead of unqualified cast 
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
 2022-09-14 16:52:45 +01:00
Werner Lewis
00d02423a5 Remove argparser default for directory 
This reverts commit f156c43702. Adds a
comment to explain reasoning for current implementation.

Signed-off-by: Werner Lewis <werner.lewis@arm.com>
 2022-09-14 16:52:42 +01:00
Werner Lewis
858cffde1e Add toggle for test case count in descriptions 
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
 2022-09-14 16:52:25 +01:00
Werner Lewis
34d6d3e4e5 Update comments/docstrings in TestGenerator 
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
 2022-09-14 16:52:18 +01:00
Jerry Yu
f7dad3cfbe fix various issues 
- Naming
- format
- Reduce negative tolerance window

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-09-14 22:31:39 +08:00
Przemyslaw Stekiel
67ffab5600 ssl.h: use PSA hash buffer size when PSA is used 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-09-14 14:51:14 +02:00
Andrzej Kurek
18f8e8d62c Document the input size restriction for EC J-PAKE to PMS 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-09-14 08:44:34 -04:00
Andrzej Kurek
d8705bc7b7 Add tests for the newly created ad-hoc EC J-PAKE KDF 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-09-14 08:39:41 -04:00
Andrzej Kurek
08d34b8693 Add an EC J-PAKE KDF to transform K -> SHA256(K.X) for TLS 1.2 
TLS uses it to derive the session secret. The algorithm takes a serialized
point in an uncompressed form, extracts the X coordinate and computes
SHA256 of it. It is only expected to work with P-256.
Fixes #5978.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-09-14 08:39:26 -04:00
Ronald Cron
208257b39f
Merge pull request #6259 from yuhaoth/pr/add-psk_ephemeral-possible-group-tests 
TLS 1.3: PSK: Add possible group tests for psk with ECDHE
 2022-09-14 14:21:46 +02:00
Przemyslaw Stekiel
ab9b9d4669 ssl_tls13_keys.h: use PSA max hash size 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-09-14 13:51:07 +02:00
Przemyslaw Stekiel
da6452578f ssl_tls13_generic.c: fix hash buffer sizes (use PSA_HASH_MAX_SIZE) 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-09-14 12:50:51 +02:00
Neil Armstrong
6a12a7704d Fix typo in comment 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-09-14 12:17:42 +02:00
Jerry Yu
673b0f9ad3 Randomize order of psks 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-09-14 18:02:26 +08:00
Przemyslaw Stekiel
034492bd56 ssl.h: Fix hash guards 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-09-14 11:09:20 +02:00
Przemyslaw Stekiel
004c2181f0 ssl_misc.h: hash guards adaptations 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-09-14 11:00:57 +02:00
Manuel Pégourié-Gonnard
b2407f2b91
Merge pull request #6261 from mprse/hash_size_macro 
Create MBEDTLS_MAX_HASH_SIZE in hash_info.h
 2022-09-14 10:00:06 +02:00
Jerry Yu
acff823846 Add negative tolerance window 
If `now == session->start` or the timer of
client is faster than server, client age might
be bigger than server.

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-09-14 14:50:44 +08:00
Jerry Yu
95db17ed5f fix various issues 
- improve obfuscated ticket age generator
- improve psk getter

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-09-14 10:37:58 +08:00
Przemek Stekiel
ce0aa58fd9 check_config.h: make TLS1.3 requirements verification more readable 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-09-13 18:08:54 +02:00