Hanno Becker
6454993e2e
Safeguard against calling p255 reduction with single-width MPI
...
(In this case, there's nothing to do anyway since we only do a
quasi-reduction to N+1 limbs)
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2022-04-11 07:35:58 +01:00
Hanno Becker
25bb732ea7
Simplify x25519 reduction using internal bignum MLA helper
...
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2022-04-11 07:03:48 +01:00
Hanno Becker
aef9cc4f96
Rename mpi_mul_hlp -> mbedtls_mpi_core_mla and expose internally
...
This paves the way for the helper to be used from the ECP module
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2022-04-11 07:03:43 +01:00
Andrzej Kurek
57f58b0e65
Prefer TEST_EQUAL over TEST_ASSERT in test suites
...
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-04-08 16:51:03 -04:00
Gilles Peskine
b4f874d1da
raw_key_agreement_fail: Add a nominal run
...
Ensure that the nominal run works properly, so that it's apparent that the
injected failure is responsible for the failure of the handshake.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-08 16:50:38 -04:00
Gilles Peskine
6cbc9986fb
Remove redundant empty slot count check
...
USE_PSA_DONE() already checks that there are no used key slots.
The call to TEST_ASSERT() wouldn't have worked properly on failure anyway,
since it would jump back to the exit label.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-04-08 16:47:19 -04:00
Andrzej Kurek
28f883eba5
Remove RSA & DTLS dependency in raw key agreement test
...
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-04-08 16:46:57 -04:00
Gilles Peskine
e1730e492d
Merge pull request #5708 from AndrzejKurek/timeless-struggles
...
Remove the dependency on MBEDTLS_TIME_H from the timing module
2022-04-08 18:43:16 +02:00
Adam Wolf
039080fba7
Fix spelling of 'reasonable' in comments
...
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2022-04-08 16:49:04 +01:00
Paul Elliott
ed334d2e2f
Merge pull request #5623 from gstrauss/inline-cert_cb
...
Introduce mbedtls_ssl_hs_cb_t typedef
2022-04-08 16:04:31 +01:00
Krzysztof Stachowiak
8790fa2088
Add ChangeLog entry
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2022-04-08 15:17:47 +01:00
Krzysztof Stachowiak
de6effa645
Change the MSVC static runtime CMake option name and moved it into the library directory
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2022-04-08 15:17:32 +01:00
Neil Armstrong
cb87403560
Use 1024 bits RSA key size for RSA PK Opaque tests
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-04-08 15:14:40 +02:00
Neil Armstrong
95a892311d
Comment decrypt & encrypt callback entries of mbedtls_pk_ecdsa_opaque_info as not relevant
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-04-08 15:13:51 +02:00
Neil Armstrong
7df6677c34
Remove now invalid comment in pk_opaque_ecdsa_can_do()
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-04-08 15:13:06 +02:00
Neil Armstrong
56e71d4d1a
Update documentation of mbedtls_pk_setup_opaque()
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-04-08 15:12:42 +02:00
Neil Armstrong
eccf88fa48
Only accept RSA key pair in mbedtls_pk_setup_opaque()
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-04-08 15:11:50 +02:00
Dave Rodgman
f945e0a475
Update ChangeLog.d/alert_reentrant.txt
...
Co-authored-by: Gilles Peskine <gilles.peskine@arm.com>
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2022-04-08 12:59:30 +01:00
Dave Rodgman
e2e7e9400b
Fail for types not of size 2, 4 or 8
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2022-04-08 12:46:30 +01:00
Hanno Becker
baae59cd49
Improve documentation of absence-of-padding check
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2022-04-08 12:46:29 +01:00
Hanno Becker
0d7dd3cd43
Check that size_t and ptrdiff_t don't have padding
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2022-04-08 12:46:26 +01:00
Hanno Becker
4ab3850605
Check that integer types don't use padding bits in selftest
...
This commit modifies programs/test/selftest to include a check that
none of the standard integer types (unsigned) [short, int, long, long]
uses padding bits, which we currently don't support.
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2022-04-08 12:45:05 +01:00
Hanno Becker
8813c03cb0
Add ChangeLog entry
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2022-04-08 12:16:55 +01:00
Hanno Becker
5e18f74abb
Make alert sending function re-entrant
...
Fixes #1916
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2022-04-08 12:16:43 +01:00
Jacob Schloss
d8a573b9d9
Fix spelling of 'features' in comment
...
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2022-04-08 10:23:14 +01:00
Krzysztof Stachowiak
bb54237ecf
Remove redundant check from CMakeLists.txt
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2022-04-08 10:10:27 +01:00
microplankton
1f33e4a632
Add an option to link with MSVC static runtime instead of the dynamic one
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2022-04-08 10:10:20 +01:00
Gilles Peskine
e756f642cd
Seed the PRNG even if time() isn't available
...
time() is only needed to seed the PRNG non-deterministically. If it isn't
available, do seed it, but pick a static seed.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-04-08 04:46:41 -04:00
Andrzej Kurek
5735369f4a
Remove the dependency on MBEDTLS_HAVE_TIME from MBEDTLS_TIMING_C
...
The timing module might include time.h on its own when on
a suitable platform, even if MBEDTLS_HAVE_TIME is disabled.
Co-authored-by: Tom Cosgrove <tom.cosgrove@arm.com>
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-04-08 04:41:42 -04:00
Gilles Peskine
7d904e7127
Test MBEDTLS_PSA_CRYPTO_CONFIG_FILE and MBEDTLS_PSA_CRYPTO_USER_CONFIG_FILE
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-07 21:59:53 +02:00
Gilles Peskine
e10df779b7
Test MBEDTLS_USER_CONFIG_FILE as such
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-07 21:59:53 +02:00
Gilles Peskine
f4798279c0
Remove obsolete comment
...
mbedtls/mbedtls_config.h (formerly mbedtls/config.h) used to be included
directly in many places, so we wanted to test that all of these places
allowed the MBEDTLS_CONFIG_FILE override. Now mbedtls/mbedtls_config.h is
only included via build_info.h, so this is not relevant anymore.
It is no longer particularly useful to test MBEDTLS_CONFIG_FILE with the
full config, but it isn't harmful either, so keep it that way.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-07 21:59:53 +02:00
Gilles Peskine
2003c2f455
Simplify build_mbedtls_config_file
...
$CONFIG_H no longer includes check_config.h since Mbed TLS 3.0.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-07 21:40:25 +02:00
Gilles Peskine
f4c6eb0a49
Support alternative MBEDTLS_PSA_CRYPTO_CONFIG_FILE
...
When MBEDTLS_PSA_CRYPTO_CONFIG is enabled, support an alternative file to
include instead of "psa/crypto_config.h", and an additional file to include
after it. This follows the model of the existing MBEDTLS_{,USER_}CONFIG_FILE.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-07 21:40:22 +02:00
Glenn Strauss
236e17ec26
Introduce mbedtls_ssl_hs_cb_t typedef
...
Inline func for mbedtls_ssl_conf_cert_cb()
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
2022-04-07 14:18:30 -04:00
Thomas Daubney
7435d2d08e
Renames encrypt setup tests
...
Similar to the previous commit, this commit removes
the word 'multi-part' from the encrypt setup tests.
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
2022-04-07 15:21:47 +01:00
Gilles Peskine
a91b68564c
Merge pull request #5429 from yuhaoth/pr/fix-parallel-build-fail-of-cmake_out_source
...
fix parallel build fail of cmake out source
2022-04-07 16:21:43 +02:00
Gilles Peskine
8e5e8d73db
Merge pull request #5686 from AndrzejKurek/off-by-one-ssl-opt
...
Fix an off-by-one error in ssl-opt.sh
2022-04-07 16:20:55 +02:00
Thomas Daubney
5defdfcc8a
Renames decrypt setup tests
...
The word multi-part is implied and has hence been
removed.
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
2022-04-07 15:17:32 +01:00
Thomas Daubney
6f57be93ec
Removes unecessary statement
...
After other changes had taken place the call to
PSA_ASSERT( psa_get_key_attributes( key, &attributes ) )
was no longer needed.
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
2022-04-07 15:10:34 +01:00
Thomas Daubney
d9c69b7655
Changes PSA initialisation
...
Commit adds in call to PSA_INIT()
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
2022-04-07 14:57:10 +01:00
Przemek Stekiel
e3ee221893
Free other secret in tls12_prf context
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-04-07 15:41:56 +02:00
Przemek Stekiel
23650286ac
Add psa_tls12_prf_set_other_key() function to store other secret input
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-04-07 15:41:46 +02:00
Przemek Stekiel
c4b814a9c2
psa_tls12_prf_key_derivation_state_t: add optional step to set other key
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-04-07 15:01:50 +02:00
Przemek Stekiel
f4e8f01964
psa_tls12_prf_key_derivation_t: add other_secret and other_secret_length fields to handle mixed PSK
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-04-07 15:01:50 +02:00
Przemek Stekiel
37c81c4f05
Extend PSA_ALG_TLS12_PSK_TO_MS alg (add #PSA_KEY_DERIVATION_INPUT_OTHER_SECRET input)
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-04-07 15:01:50 +02:00
Neil Armstrong
c1152e4a0f
Handle and return translated PSA errors in mbedtls_pk_wrap_as_opaque()
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-04-07 15:01:24 +02:00
Neil Armstrong
7e1b4a45fa
Use PSA_BITS_TO_BYTES instead of open-coded calculation in mbedtls_pk_wrap_as_opaque()
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-04-07 15:01:24 +02:00
Neil Armstrong
b354742371
Update documentation of mbedtls_pk_setup_opaque()
...
The function now accepts a RSA key pair in addition to an ECC
key pair.
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-04-07 15:01:24 +02:00
Neil Armstrong
295aeb17e6
Add support for RSA Opaque PK key in mbedtls_pk_write_pubkey_der()
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-04-07 15:01:24 +02:00