Commit graph

19147 commits

Author SHA1 Message Date
Gilles Peskine
6bf5c8cb1d
Merge pull request #5506 from superna9999/4964-extend-psa-one-shot-multipart
Extend PSA operation setup tests to always cover both one-shot and multipart
2022-03-07 17:04:37 +01:00
Gilles Peskine
15364ffb03
Merge pull request #5579 from SiliconLabs/erase_secret_before_free
Erase secrets in allocated memory before freeing said memory
2022-03-07 17:04:04 +01:00
Gilles Peskine
fdfc10b250
Merge pull request #4408 from gilles-peskine-arm/storage-format-check-mononicity
Check storage format tests for regressions
2022-03-07 17:02:34 +01:00
Przemek Stekiel
72373f3819 WIP: Add asymmetric_encrypt test case
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-03-07 16:48:18 +01:00
Neil Armstrong
6d5baf5f1e Use PSA MAC verify API in mbedtls_ssl_cookie_check()
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-03-07 14:33:21 +01:00
Neil Armstrong
be52f500c8 Use PSA_ALG_TRUNCATED_MAC() to limit to COOKIE_HMAC_LEN in mbedtls_ssl_cookie_setup()
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-03-07 14:33:21 +01:00
Neil Armstrong
7cd0270d6c Drop mutex in mbedtls_ssl_cookie_ctx when PSA is used
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-03-07 14:33:21 +01:00
Neil Armstrong
2217d6f825 Generate cookie MAC key with psa_generate_key
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-03-07 14:33:21 +01:00
pespacek
b9ca22dead Improving readability of x509_crt and x509write_crt for PR
Signed-off-by: pespacek <peter.spacek@silabs.com>
2022-03-07 13:59:44 +01:00
pespacek
d924e55944 Improving readability of x509_crt and x509write_crt
Signed-off-by: pespacek <peter.spacek@silabs.com>
2022-03-07 13:31:54 +01:00
Przemek Stekiel
7a58208809 Change names rsa->asymmetric_encryption
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-03-07 10:49:04 +01:00
Neil Armstrong
fd4c259a7b Use PSA_INIT() in mac_multipart_internal_func()
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-03-07 10:11:11 +01:00
Przemek Stekiel
7fc0751f78 Restore build options for mbedtls_ecc_group_of_psa() and related functions
Additional issue created to simplifiy usage of BUILTIN_KEY_TYPE_xxx && BUILTIN_ALG_yy macros https://github.com/ARMmbed/mbedtls/issues/5596

Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-03-06 20:43:46 +01:00
Gilles Peskine
dcf2ff53c8 Ensure files get closed when they go out of scope
This is automatic in CPython but not guaranteed by the language. Be friendly
to other Python implementations.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-03-04 20:02:00 +01:00
Gilles Peskine
4a9630a651 Fix typo and align on US spelling
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-03-04 20:00:29 +01:00
Tom Cosgrove
70245bee01 Add ChangeLog entry for fix to mbedtls_md_process() test
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2022-03-04 16:48:49 +00:00
Ron Eldor
0df1ecd5fd Fix test_suite_md API violation
Add a call to `mbedtls_md_starts()` in the `mbedtls_md_process()`
test, as it violates the API usage. Fixes #2227.

Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2022-03-04 16:48:17 +00:00
Neil Armstrong
77b69ab971 Remove non-PSA MAC key in mbedtls_ssl_cookie_ctx
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-03-04 14:45:45 +01:00
Neil Armstrong
23d34ce372 Use PSA HMAC API in ssl_cookie_hmac()
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-03-04 14:45:45 +01:00
Neil Armstrong
d633201279 Import PSA HMAC key in mbedtls_ssl_cookie_setup()
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-03-04 14:45:18 +01:00
Przemek Stekiel
f25b16cadd test_psa_compliance: update tag to fix-pr-5139-3
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-03-04 14:25:09 +01:00
Andrzej Kurek
541318ad70 Refactor ssl_context_info time printing
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-03-04 05:07:45 -05:00
Andrzej Kurek
554b820747 Guard cache_timeout in ssl_server2 with MBEDTLS_HAVE_TIME
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-03-04 05:07:45 -05:00
Andrzej Kurek
469fa95cbc Add the timing test dependency on MBEDTLS_HAVE_TIME
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-03-04 05:07:45 -05:00
Andrzej Kurek
6056e7af4f Fix benchmark and udp_proxy dependency on MBEDTLS_HAVE_TIME
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-03-04 05:07:45 -05:00
Andrzej Kurek
09e803ce0d Provide a dummy implementation of timing.c
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-03-04 05:07:45 -05:00
Andrzej Kurek
06a00afeec Fix requirement mismatch in fuzz/common.c
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-03-04 05:07:45 -05:00
Andrzej Kurek
108bf520e0 Add a missing guard for time.h in net_sockets.c
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-03-04 05:07:45 -05:00
Andrzej Kurek
3475b26375 Add a changelog entry
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-03-04 05:07:45 -05:00
David Horstmann
61faf665e6 Use $PWD instead of $(pwd) for consistency
Change the new baremetal all.sh tests to use $PWD rather than
calling pwd again directly.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
2022-03-04 05:07:45 -05:00
David Horstmann
ca53459bed programs/fuzz: Remove superfluous MBEDTLS_HAVE_TIME
MBEDTLS_HAVE_TIME_ALT implies MBEDTLS_HAVE_TIME, so an extra
check for MBEDTLS_HAVE_TIME is not needed.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
2022-03-04 05:07:45 -05:00
David Horstmann
4e0cc40d0f programs/fuzz: Use build_info.h in common.h
Remove direct inclusion of mbedtls_config.h and replace with
build_info.h, as is the convention in Mbed TLS 3.0.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
2022-03-04 05:07:45 -05:00
David Horstmann
5b9cb9e8ca programs/test: fix build without MBEDTLS_HAVE_TIME
Allow programs/test/udp_proxy.c to build when MBEDTLS_HAVE_TIME is
not defined. In this case, do not attempt to seed the pseudo-random
number generator used to sometimes produce corrupt packets and other
erroneous data.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
2022-03-04 05:07:45 -05:00
Daniel Axtens
814c8133c8 tests: add baremetal full config build
To be able to test utility programs for an absence of time.h, we need a
baremetal config that is not crypto only. Add one.

Signed-off-by: Daniel Axtens <dja@axtens.net>
2022-03-04 05:07:45 -05:00
Raoul Strackx
9ed9bc9377 programs/ssl: Fix compile errors when MBEDTLS_HAVE_TIME is not defined
Signed-off-by: Raoul Strackx <raoul.strackx@fortanix.com>
[dja: add some more fixes, tweak title]
Signed-off-by: Daniel Axtens <dja@axtens.net>
2022-03-04 05:07:45 -05:00
Daniel Axtens
446af202f6 tests: prevent inclusion of time.h in baremetal compiles
baremetal compiles should not include time.h, as MBEDTLS_HAVE_TIME is
undefined. To test this, provide an overriding include directory that
has a time.h which throws a meaningful error if included.

Signed-off-by: Daniel Axtens <dja@axtens.net>
2022-03-04 05:07:45 -05:00
Daniel Axtens
f071024bf8 Do not include time.h without MBEDTLS_HAVE_TIME
MBEDTLS_HAVE_TIME is documented as: "System has time.h and time()."

If that is not defined, do not attempt to include time.h.

A particular problem is platform-time.h, which should only be included if
MBEDTLS_HAVE_TIME is defined, which makes everything messier. Maybe it
should be refactored to have the check inside the header.

Signed-off-by: Daniel Axtens <dja@axtens.net>
2022-03-04 05:07:45 -05:00
Daniel Axtens
09e34b78ee Add header guard around malloc(0) returning NULL implementation
Make it safe to import the config multiple times without having
multiple definition errors.

(This prevents errors in the fuzzers in a later patch.)

Signed-off-by: Daniel Axtens <dja@axtens.net>
2022-03-04 05:07:45 -05:00
Neil Armstrong
bca99ee0ac Add PSA key in mbedtls_ssl_cookie_ctx
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-03-04 10:20:20 +01:00
Przemek Stekiel
3f076dfb6d Fix comments for conditional compilation
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-03-04 09:36:46 +01:00
Neil Armstrong
e87804920a Use new PSA to mbedtls PK error mapping functions in rsa_decrypt_wrap()
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-03-03 16:54:16 +01:00
Neil Armstrong
b556a42656 Use now shared RSA_PRV_DER_MAX_BYTES define in pk_wrap.c
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-03-03 16:52:47 +01:00
Neil Armstrong
f47135756c Map INVALID_PADDING from PSA to MbedTLS error in rsa_decrypt_wrap()
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-03-03 16:52:47 +01:00
Neil Armstrong
0d46786034 Fix style issue in rsa_decrypt_wrap()
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-03-03 16:52:47 +01:00
Neil Armstrong
f1b564bb8d Check psa_destroy_key() return in rsa_decrypt_wrap()
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-03-03 16:52:47 +01:00
Neil Armstrong
18f43c7304 PK: RSA decrypt PSA wrap implementation
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-03-03 16:52:47 +01:00
Neil Armstrong
502da11df1 Initialize PSA crypto in test_suite_pk pk_rsa_decrypt_test_vec() when USE_PSA_CRYPTO is enabled
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-03-03 16:52:47 +01:00
Neil Armstrong
e4edcf761d Use new PSA to mbedtls PK error mapping functions in ecdsa_sign_wrap()
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-03-03 16:46:41 +01:00
Neil Armstrong
ff70f0bf77 Check psa_destroy_key() return in rsa_sign_wrap()
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-03-03 16:44:06 +01:00
Neil Armstrong
edcc73c992 Fix 80 characters indentation in ecdsa_sign_wrap()
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-03-03 16:44:06 +01:00