Commit graph

26021 commits

Author SHA1 Message Date
Valerio Setti
19fec5487d test: remove GENPRIME dependency when RSA_KEY_PAIR_GENERATE
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-07-25 12:31:50 +02:00
Valerio Setti
fe478909f0 psa_crypto_rsa: fix guards for importing the key
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-07-25 12:27:19 +02:00
Valerio Setti
7e6aaa1ea5 psa: fix missed LEGACY symbols caused by the rebase
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-07-11 16:59:21 +02:00
Valerio Setti
980383421a config_psa: enable KEY_PAIR_GENERATE only when GENPRIME is defined
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-07-11 16:32:50 +02:00
Valerio Setti
76df8c1900 psa: remove redundant GENPRIME when RSA_KEY_PAIR_GENERATE is defined
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-07-11 14:11:28 +02:00
Valerio Setti
0d5c5e5a38 config_psa: enable KEY_PAIR_[IMPORT/EXPORT] as soon as BASIC is enabled
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-07-11 14:06:00 +02:00
Valerio Setti
a9a3c5581e config_psa: enable GENPRIME when BUILTIN_KEY_TYPE_RSA_KEY_PAIR_GENERATE
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-07-11 14:06:00 +02:00
Valerio Setti
42796e25cf generate_psa_tests: fix automatically generated tests for RSA
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-07-11 14:06:00 +02:00
Valerio Setti
acab57b6b4 test: replace RSA_KEY_PAIR_LEGACY with proper symbols
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-07-11 14:06:00 +02:00
Valerio Setti
b2bcedbf9a library: replace MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_LEGACY
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-07-11 14:06:00 +02:00
Valerio Setti
f6d4dfb745 library: replace PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_LEGACY symbols with proper ones
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-07-11 14:06:00 +02:00
Dave Rodgman
4999f15d98
Merge pull request #7878 from beni-sandu/development
aesce: use correct target attribute when building with clang
2023-07-11 10:54:14 +01:00
Gilles Peskine
19280ad9b3
Merge pull request #7908 from gilles-peskine-arm/ssl-opt-fix-hrr-test-curves-groups
Fix failure of ssl-opt "TLS 1.3: no HRR in case of PSK key exchange mode"
2023-07-11 11:25:26 +02:00
Gilles Peskine
b387fcf59b Adapt names (curves -> groups) in a separately added test case
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-07-11 09:19:13 +02:00
Gilles Peskine
6aca2c9613
Merge pull request #7716 from mpg/psa-util-internal
Split psa_util.h between internal and public
2023-07-10 18:33:23 +02:00
Gilles Peskine
d9f0c76f9e
Merge pull request #7879 from tgonzalezorlandoarm/development
tests/test_suite_pem: Augment DES test cases with AES: PEM
2023-07-10 18:28:01 +02:00
Dave Rodgman
f3e488ec40
Merge pull request #7216 from lpy4105/issue/6840/add-getters-for-some-fields
Add getters for some fields
2023-07-10 17:14:11 +01:00
Manuel Pégourié-Gonnard
f614bde912
Merge pull request #7656 from mprse/ffdh_tls13_v2_drivers
FFDH 4: driver-only parity testing - with TLS 1.3
2023-07-10 13:08:47 +02:00
Dave Rodgman
e183ecef3d
Merge pull request #7136 from yanrayw/5692-record-compatsh-test-cases
Record the outcome of each test case in compat.sh
2023-07-10 12:08:32 +01:00
Manuel Pégourié-Gonnard
5c41ae867b
Merge pull request #7887 from ronald-cron-arm/fix-hrr-in-psk-kem
tls13: server: Fix spurious HRR
2023-07-10 09:58:13 +02:00
Pengyu Lv
5a3f5f450c Add changelog entries
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-07-10 13:25:28 +08:00
Pengyu Lv
5cbb93ef14 Add test for cache timeout getter
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-07-10 13:25:24 +08:00
Pengyu Lv
db6143364a Add test for endpoint getter
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-07-10 11:33:23 +08:00
Pengyu Lv
30e0870937 Add test for hostname getter
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-07-10 11:33:23 +08:00
Pengyu Lv
08daebb410 Make endpoint getter parameter a pointer to const
It would be convenient for users to query the endpoint
type directly from a ssl context:

```
    mbedtls_ssl_conf_get_endpoint(
        mbedtls_ssl_context_get_config(&ssl))
```

Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-07-10 11:33:23 +08:00
Pengyu Lv
accd53ff6a Add getter access to endpoint field in mbedtls_ssl_config
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-07-10 11:33:23 +08:00
Pengyu Lv
918ebf3975 Add getter access to hostname field in mbedtls_ssl_context
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-07-10 11:33:23 +08:00
Pengyu Lv
af724dd112 ssl_cache: Add getter access to timeout field
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-07-10 11:33:23 +08:00
Dave Rodgman
7dbd2bf90c
Merge pull request #7441 from gilles-peskine-arm/mbedtls_x509_crt_parse_path-qemu-bug
More mbedtls_x509_crt_parse_path() tests, and note qemu-user bug when 32-bit code run on 64-bit host
2023-07-07 19:15:31 +01:00
Paul Elliott
2dfe7993af
Merge pull request #6914 from davidhorstmann-arm/cmake-pass-through-config-defines
Pass `MBEDTLS_CONFIG_FILE` defines through cmake
2023-07-07 17:01:57 +01:00
Tom Cosgrove
c5f41bfeb8
Merge pull request #7212 from sergio-nsk/patch-4
Fix error: comparison of integers of different signs: 'SOCKET' and 'int'
2023-07-07 16:45:55 +01:00
Dave Rodgman
602a0919f3
Merge pull request #7464 from yuhaoth/pr/Change-clock-source-to-bootime-for-ms-time
Replace CLOCK_MONOTONIC with CLOCK_BOOTTIME for `mbedtls_ms_time` on linux
2023-07-07 15:42:17 +01:00
Manuel Pégourié-Gonnard
461d59b2f8
Merge pull request #7858 from mprse/ffdh_tls13_v2_f
Make use of FFDH keys in TLS 1.3 - follow-up
2023-07-07 16:19:35 +02:00
Dave Rodgman
8abb3497ad
Merge branch 'development' into mbedtls_x509_crt_parse_path-qemu-bug
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-07-07 15:11:35 +01:00
Ronald Cron
c75ff730cd Add change log
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2023-07-07 15:53:34 +02:00
Ronald Cron
8a74f07c2a tls13: server: Fix spurious HRR
If the server during a TLS 1.3 handshake selects
the PSK key exchange mode, it does not matter
if it did not find in the key share extension
a key share for a group it supports. Such a
key share is used and necessary only in the
case of the ephemeral or PSK ephemeral key
exchange mode. This is a possible scenario in
the case of a server that supports only the PSK
key exchange mode and a client that also
supports a key exchange mode with ephemeral keys.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2023-07-07 15:53:12 +02:00
Dave Rodgman
c4749b1c66
Merge pull request #7584 from gilles-peskine-arm/fuzz-file-open-fail
Fuzz programs: print an error if loading the reproducer fails
2023-07-07 11:51:59 +01:00
David Horstmann
2d3ba07bf4 Add ChangeLog entry for CMake config defines
Signed-off-by: David Horstmann <david.horstmann@arm.com>
2023-07-07 11:25:40 +01:00
Dave Rodgman
1917ee7cd1
Merge pull request #7867 from gilles-peskine-arm/readme-python3.8
Officially require Python 3.8
2023-07-07 09:58:15 +01:00
Manuel Pégourié-Gonnard
9967f11066
Merge pull request #7810 from valeriosetti/issue7771
Define PSA_WANT_xxx_KEY_PAIR_yyy step 2/ECC
2023-07-07 10:22:47 +02:00
Przemek Stekiel
46b2d2b643 Fix code style
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-07-07 09:34:17 +02:00
Dave Rodgman
aa00e81901
Merge pull request #7492 from gilles-peskine-arm/psa-driver-doc-entry-point
README: add section about drivers
2023-07-06 15:35:18 +01:00
Tomás González
3719f9ec91 tests/test_suite_pem: Augment DES test cases with AES: PEM
A few negative test cases in test_suite_pem.data rely on DES
(“invalid iv”, “malformed”). DES is deprecated.
Construct similar test cases using AES.

Signed-off-by: Tomás González <tomasagustin.gonzalezorlando@arm.com>
2023-07-06 14:21:23 +01:00
Dave Rodgman
2230258530
Merge pull request #7890 from yanrayw/aes_comment_fix 2023-07-06 13:52:33 +01:00
Gilles Peskine
e1d5b07304 Link to the guide for writing a driver
Don't link to the proposed specifications: they aren't good entry points
because they describe what we want to achieve, not what exists today. The
guide links to them, that's enough.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-07-06 13:13:43 +02:00
Manuel Pégourié-Gonnard
a30c5cfc66 Use minimal include in test_suite_random
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-07-06 12:47:29 +02:00
Manuel Pégourié-Gonnard
999ce227fc Make the PSA-mbedtls RNG API public
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-07-06 12:47:28 +02:00
Manuel Pégourié-Gonnard
d55d66f5ec Fix missing includes
Some files relied on psa_util.h to provide the includes they need.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-07-06 12:47:28 +02:00
Manuel Pégourié-Gonnard
abfe640864 Rationalize includes in psa_util
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-07-06 12:47:27 +02:00
Manuel Pégourié-Gonnard
801d5b441d Remove unnecessary (and harmful) include
Besides being unnecessary, it was causing problem when build SSL test
programs, which include this header, then in turn trying to include the
internal header from library, which didn't work.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-07-06 12:47:26 +02:00