Commit graph

2125 commits

Author SHA1 Message Date
Jerry Yu
79c004148d Add PSA && TLS1_3 check_config
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-03-22 15:13:34 +08:00
Jerry Yu
3a58b462b6 add pss_rsae_sha{384,512}
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-03-22 15:13:34 +08:00
Dave Rodgman
2cecd8aaad
Merge pull request #3624 from daxtens/timeless
RFC: Fix builds with MBEDTLS_HAVE_TIME disabled and test
2022-03-15 16:43:19 +00:00
Manuel Pégourié-Gonnard
10e5cdbbbf
Merge pull request #5454 from gstrauss/cert_cb-user_data
server certificate selection callback
2022-03-10 11:51:42 +01:00
Manuel Pégourié-Gonnard
d815114f93
Merge pull request #5524 from mprse/tls_ecdh_2c
TLS ECDH 2c: ECHDE in TLS 1.3 (client-side)
2022-03-08 11:43:45 +01:00
Andrzej Kurek
541318ad70 Refactor ssl_context_info time printing
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-03-04 05:07:45 -05:00
Andrzej Kurek
554b820747 Guard cache_timeout in ssl_server2 with MBEDTLS_HAVE_TIME
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-03-04 05:07:45 -05:00
Andrzej Kurek
6056e7af4f Fix benchmark and udp_proxy dependency on MBEDTLS_HAVE_TIME
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-03-04 05:07:45 -05:00
Andrzej Kurek
06a00afeec Fix requirement mismatch in fuzz/common.c
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-03-04 05:07:45 -05:00
David Horstmann
ca53459bed programs/fuzz: Remove superfluous MBEDTLS_HAVE_TIME
MBEDTLS_HAVE_TIME_ALT implies MBEDTLS_HAVE_TIME, so an extra
check for MBEDTLS_HAVE_TIME is not needed.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
2022-03-04 05:07:45 -05:00
David Horstmann
4e0cc40d0f programs/fuzz: Use build_info.h in common.h
Remove direct inclusion of mbedtls_config.h and replace with
build_info.h, as is the convention in Mbed TLS 3.0.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
2022-03-04 05:07:45 -05:00
David Horstmann
5b9cb9e8ca programs/test: fix build without MBEDTLS_HAVE_TIME
Allow programs/test/udp_proxy.c to build when MBEDTLS_HAVE_TIME is
not defined. In this case, do not attempt to seed the pseudo-random
number generator used to sometimes produce corrupt packets and other
erroneous data.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
2022-03-04 05:07:45 -05:00
Raoul Strackx
9ed9bc9377 programs/ssl: Fix compile errors when MBEDTLS_HAVE_TIME is not defined
Signed-off-by: Raoul Strackx <raoul.strackx@fortanix.com>
[dja: add some more fixes, tweak title]
Signed-off-by: Daniel Axtens <dja@axtens.net>
2022-03-04 05:07:45 -05:00
Daniel Axtens
f071024bf8 Do not include time.h without MBEDTLS_HAVE_TIME
MBEDTLS_HAVE_TIME is documented as: "System has time.h and time()."

If that is not defined, do not attempt to include time.h.

A particular problem is platform-time.h, which should only be included if
MBEDTLS_HAVE_TIME is defined, which makes everything messier. Maybe it
should be refactored to have the check inside the header.

Signed-off-by: Daniel Axtens <dja@axtens.net>
2022-03-04 05:07:45 -05:00
Przemek Stekiel
3f076dfb6d Fix comments for conditional compilation
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-03-04 09:36:46 +01:00
Glenn Strauss
48a37f01b3 Add cert_cb use to programs/ssl/ssl_server2.c
(for use by some tests/)

Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
2022-02-25 19:55:53 -05:00
Manuel Pégourié-Gonnard
6d2479516c
Merge pull request #5533 from paul-elliott-arm/fix_fuzz_privkey_null_ctx
Fix null context when using dummy_rand with mbedtls_pk_parse_key()
2022-02-16 09:55:01 +01:00
Paul Elliott
5d7e61fb61 Fix uninitialised return value.
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2022-02-15 16:05:17 +00:00
Manuel Pégourié-Gonnard
a1b506996d
Merge pull request #5526 from paul-elliott-arm/fix_fuzzer_null_ref
Ensure ctr_drbg is initialised every time in fuzz_server
2022-02-15 10:31:03 +01:00
Paul Elliott
a1dc3e5a60 Add safety to dummy_random in case of NULL context
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2022-02-14 18:26:21 +00:00
Przemyslaw Stekiel
169f115bf0 ssl_client2: init psa crypto for TLS 1.3 build
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2022-02-14 17:15:04 +01:00
Paul Elliott
bb0168144e Ensure valid context is used in fuzz_dtlsserver
A valid ctr_drbg context is now a prerequisite for using dummy_random()

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2022-02-14 15:57:11 +00:00
Paul Elliott
51a7679a8e Ensure context is passed in to dummy_rand
In fuzz_privkey, we switched over to using dummy_rand(), which uses
ctr_drbg internally, and thus requires an initialised ctr_drbg_context
to be passed in via p_rng when calling mbedtls_pk_parse_key().

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2022-02-11 19:10:14 +00:00
Paul Elliott
00738bf65e Ensure ctr_drbg is initialised every time
ctr_drbg is a local variable and thus needs initialisation every time
LLVMFuzzerTestOneInput() is called, the rest of the variables inside the
if(initialised) block are all static.

Add extra validation to attempt to catch this issue in future.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2022-02-10 18:38:53 +00:00
Glenn Strauss
a941b62985 Create public macros for ssl_ticket key,name sizes
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
2022-02-09 15:28:28 -05:00
Glenn Strauss
e328245618 Add test case use of mbedtls_ssl_ticket_rotate
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
2022-02-09 14:33:16 -05:00
Manuel Pégourié-Gonnard
9193f7d836
Merge pull request #5436 from mpg/prog-hmac-cipher-psa
PSA: example programs for HMAC and AEAD vs legacy
2022-02-09 10:53:49 +01:00
Manuel Pégourié-Gonnard
ae1bae8412 Give a magic constant a name
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-02-08 11:36:28 +01:00
Manuel Pégourié-Gonnard
c82504e22c Clean up output from cipher_aead_demo
Used to print "cipher:" when it was the cipher part of a program that
had both cipher and PSA. Now it doesn't really make sense. Align the
output to match the PSA version of this program.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-02-08 11:31:36 +01:00
Manuel Pégourié-Gonnard
5e6c884315 Improve info() function in cipher_aead_demo
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-02-08 11:29:59 +01:00
Manuel Pégourié-Gonnard
64754e1b8d Wrap long lines
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-02-08 11:21:14 +01:00
Manuel Pégourié-Gonnard
340808ca67 Add comments on error codes
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-02-08 11:15:26 +01:00
Manuel Pégourié-Gonnard
48bae0295c Avoid hardcoding a size
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-02-08 11:14:58 +01:00
Manuel Pégourié-Gonnard
cf99beb8fe Improve naming consistency
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-02-08 10:54:26 +01:00
Manuel Pégourié-Gonnard
6f20595b6e
Merge pull request #5462 from gilles-peskine-arm/ssl-test-pkey-message-clarity
Clarify key types message from ssl_client2 and ssl_server2
2022-02-03 11:33:03 +01:00
Manuel Pégourié-Gonnard
1ab2d6966c
Merge pull request #5385 from AndrzejKurek/use-psa-crypto-reduced-configs
Resolve problems with reduced configs using USE_PSA_CRYPTO
2022-02-02 10:20:26 +01:00
Manuel Pégourié-Gonnard
f6ea19c66c Work around bug in PSA_MAC_LENGTH()
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-02-01 13:08:21 +01:00
Manuel Pégourié-Gonnard
12ec5719e7 Fix bug in md_hmac_demo
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-02-01 09:47:46 +01:00
Manuel Pégourié-Gonnard
29088a4146 Avoid duplicate program names
Visual Studio and CMake didn't like having targets with the same name,
albeit in different directories.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-02-01 09:38:26 +01:00
Manuel Pégourié-Gonnard
6fdc9e8df1 Move aead_non_psa out of the psa/ directory
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-02-01 09:29:13 +01:00
Gilles Peskine
cc50f1be43 Fix copypasta
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-01-31 22:53:30 +01:00
Manuel Pégourié-Gonnard
69bb3f5332 Move hmac_non_psa out of psa/ directory
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-01-31 13:09:47 +01:00
Manuel Pégourié-Gonnard
248b385f1b Add comments to AEAD (non-PSA) examples
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-01-31 12:56:39 +01:00
Manuel Pégourié-Gonnard
6349794648 Demonstrate better practices in HMAC examples
- avoid hardcoded sizes when there's a macro for that
- avoid mutable global variables
- zeroize potentially-sensitive local buffer on exit

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-01-31 12:30:02 +01:00
Manuel Pégourié-Gonnard
f392a02c50 Add comments to the HMAC (non-)PSA examples
Also clean up / align the structure on existing examples.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-01-31 12:06:07 +01:00
Manuel Pégourié-Gonnard
fd1d13c8bd Avoid requiring too much C99 support
MSVC 2013, still supported and used in our CI, did not support that.

   aead_psa.c(78): error C2099: initializer is not a constant
   aead_psa.c(168): error C2057: expected constant expression
   aead_psa.c(168): error C2466: cannot allocate an array of constant size 0
   aead_psa.c(168): error C2133: 'out' : unknown size
   aead_psa.c(169): warning C4034: sizeof returns 0

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-01-28 12:52:35 +01:00
Manuel Pégourié-Gonnard
7d5ef1731b Split aead_cipher_psa
Same as previous commit

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-01-28 12:49:37 +01:00
Manuel Pégourié-Gonnard
edf6e83cbc Split hmac_md_psa.c
Having two programs might make comparison easier, and will make it
easier to people to use just the PSA one as an example.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-01-27 12:36:39 +01:00
Manuel Pégourié-Gonnard
1a45c713f0 Fix cleanup code
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-01-27 12:22:28 +01:00
Manuel Pégourié-Gonnard
3aae30c224 Use PSA macros for buffer sizes
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-01-27 12:11:49 +01:00