Neil Armstrong
e858996413
Use PSA version of mbedtls_ct_hmac() in mbedtls_ssl_decrypt_buf()
...
Due to mbedtls_ct_hmac() implementation the decryption MAC key
must be exportable.
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-02-25 15:17:50 +01:00
Neil Armstrong
2968d306e4
Implement mbedtls_ct_hmac() using PSA hash API
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-02-25 15:16:50 +01:00
Neil Armstrong
cf8841a076
Remove non-PSA MAC keys in mbedtls_ssl_transform when MBEDTLS_USE_PSA_CRYPTO is defined
...
Also remove last usage of non-PSA MAC keys in ssl_decrypt_non_etm_cbc() SSL test.
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-02-25 15:16:49 +01:00
Neil Armstrong
4f091290bd
Remove Obsolete SSLs tests with truncated MAC tags & NULL/CBC cipher
...
These tests are related to an obsolete feature removed from the library.
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-02-25 15:16:49 +01:00
Neil Armstrong
f4cc062935
Setup MAC PSA keys in build_transforms() to pass ssl_crypt_record() with PSA crypto
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-02-25 15:16:49 +01:00
Neil Armstrong
46a1760922
Allow USE_PSA_CRYPTO for handshake TLS tests
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-02-25 15:16:49 +01:00
Ronald Cron
4579a972bf
Merge pull request #5426 from gilles-peskine-arm/ssl-get-version-3.1
...
Add accessors to mbedtls_ssl_context: user data, version
ABI-API-checking fails which was expected as this PR adds a new field in mbedtls_ssl_context and mbedtls_ssl_config.
2022-02-21 17:03:24 +01:00
Manuel Pégourié-Gonnard
e3a2dd787e
Merge pull request #5521 from AndrzejKurek/rsa-pss-use-psa
...
Make RSA-PSS verification use PSA with MBEDTLS_USE_PSA_CRYPTO
2022-02-21 16:58:57 +01:00
Gilles Peskine
49d7ddf7f3
Serializing a context does not save the user data
...
The user data is typically a pointer to a data structure or a handle which
may no longer be valid after the session is restored. If the user data needs
to be preserved, let the application do it. This way, it is a conscious
decision for the application to save/restore either the pointer/handle
itself or the object it refers to.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-02-21 15:14:01 +01:00
Gilles Peskine
80dae04f24
Make user_data fields private
...
Add accessor functions.
Add unit tests for the accessor functions.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-02-21 15:14:01 +01:00
Gilles Peskine
1255b0de98
Positive unit testing for SSL context version functions
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-02-21 15:14:01 +01:00
Paul Elliott
436b72690d
Merge pull request #5362 from yuhaoth/pr/enable-tls13-only-build
...
TLS1.3:Enable tls13 only build
2022-02-21 11:22:37 +00:00
Manuel Pégourié-Gonnard
9b545c04f7
Merge pull request #5520 from gabor-mezei-arm/5402_implement_hkdf_expand_based_on_psa_hmac
...
HKDF 1b: Implement Expand in TLS 1.3 based on PSA HMAC
2022-02-21 09:30:31 +01:00
Jerry Yu
baa4934e7b
Add check tests
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-02-21 09:06:00 +08:00
Jerry Yu
53d23e2c95
Guards tls_prf functions with TLS1_2
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-02-21 09:06:00 +08:00
Gabor Mezei
cbe5ba500a
Add tests for mbedtls_psa_hkdf_expand
...
Add test cases which test psa_import_key and psa_mac_sign_setup
function call if they return error.
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-02-17 17:01:49 +01:00
Gabor Mezei
8e3602569b
Typo
...
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-02-17 11:50:02 +01:00
Manuel Pégourié-Gonnard
4fa604cc3b
Merge pull request #5511 from SiliconLabs/feature/PSEC-3195-PSA-test-suites-NOT-using-UID-0
...
feat: Update test_suite_psa_its to NOT use UID=0
2022-02-17 11:49:33 +01:00
Andrzej Kurek
32048a6d92
pk_verify_ext: introduce more tests for signature length mismatches
...
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-02-16 06:17:00 -05:00
Gabor Mezei
d917081b8b
Typo
...
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-02-15 16:25:27 +01:00
Gabor Mezei
7381242748
Use PSA_INIT()
...
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-02-15 16:24:58 +01:00
Andrzej Kurek
8666df6f18
Add signature length mismatch handling when using PSA in pk_verify_ext
...
Introduce a regression test for that too.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-02-15 08:23:02 -05:00
Andrzej Kurek
853ad7bfcf
Use macros in tests for PSA init/deinit routines
...
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-02-15 07:13:03 -05:00
Gilles Peskine
bebeae9428
Merge pull request #5504 from gstrauss/mbedtls_pem_get_der
...
Add accessor to get der from mbedtls_pem_context
2022-02-10 23:56:57 +01:00
Gabor Mezei
b35759ded8
Add tests for mbedtls_psa_hkdf_expand
...
The tests are based on the test of mbedtls_hkdf_expand.
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-02-10 10:57:24 +01:00
Andrzej Kurek
7db1b78fff
Make RSA-PSS verification use PSA with MBEDTLS_USE_PSA_CRYPTO
...
Duplicate a test case but with a different expected error
due to error translation to and from PSA.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-02-09 14:13:44 -05:00
Gabor Mezei
748ab4ae77
Use ASSERT_ALLOC
...
Change the calloc functions to ASSERT_ALLOC to check the
return value of calloc as well.
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-02-09 16:31:48 +01:00
Manuel Pégourié-Gonnard
1df23b903f
Check the result of PEM decoding
...
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-02-08 14:53:50 -05:00
Manuel Pégourié-Gonnard
33ab075f45
Add success case for pem_read testing
...
Currently all cases were negative, so the block that exercised
mbedtls_pem_get_der() would never be reached.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-02-08 14:53:50 -05:00
Glenn Strauss
72bd4e4d6a
Add accessor to get buf from mbedtls_pem_context
...
Co-authored-by: Gilles Peskine <gilles.peskine@arm.com>
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
2022-02-08 14:53:46 -05:00
pespacek
443c78eb83
BUGFIX: PSA test vectors use UID 1 instead of 0.
...
Test vector to test rejection of uid = 0 was added.
Signed-off-by: pespacek <peter.spacek@silabs.com>
2022-02-08 15:19:26 +01:00
pespacek
d62e906b1c
TEST: added psa_its_set expected failure test
...
Signed-off-by: pespacek <peter.spacek@silabs.com>
2022-02-08 15:19:26 +01:00
Manuel Pégourié-Gonnard
45c5768a74
Merge pull request #5434 from mprse/tls_use_psa
...
TLS Cipher: use PSA crypto
2022-02-08 10:27:25 +01:00
Ronald Cron
6a0b1ef27e
Merge pull request #5282 from AndrzejKurek/import-opaque-driver-wrappers
...
Add tests for an opaque import in the driver wrappers
2022-02-07 11:14:43 +01:00
Andrzej Kurek
ba4cadef14
Test drivers: rename import call source to driver location
...
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-02-03 10:27:01 -05:00
Andrzej Kurek
333e0fac1d
Formatting and documentation fixes
...
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-02-03 09:42:47 -05:00
Przemyslaw Stekiel
5648d577a4
Optimize psa_cipher_encrypt_helper()
...
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2022-02-03 14:55:24 +01:00
Przemyslaw Stekiel
8c010eb467
Fix comments, code style, remove debug code
...
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2022-02-03 14:55:24 +01:00
Przemyslaw Stekiel
d66387f8fa
Init psa status to PSA_ERROR_CORRUPTION_DETECTED
...
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2022-02-03 09:16:41 +01:00
Przemyslaw Stekiel
f4facef9ba
Adapt ssl_decrypt_non_etm_cbc() test for psa crypto and remove redundant test cases
...
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2022-02-03 09:16:41 +01:00
Manuel Pégourié-Gonnard
1ab2d6966c
Merge pull request #5385 from AndrzejKurek/use-psa-crypto-reduced-configs
...
Resolve problems with reduced configs using USE_PSA_CRYPTO
2022-02-02 10:20:26 +01:00
Przemyslaw Stekiel
77aec8d181
Rename ssl_psa_status_to_mbedtls->psa_ssl_status_to_mbedtls
...
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2022-01-31 20:22:53 +01:00
Przemyslaw Stekiel
89dad93a78
Rename psa_status_to_mbedtls->ssl_psa_status_to_mbedtls and add conversion for PSA_ERROR_INVALID_SIGNATURE
...
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2022-01-31 15:39:24 +01:00
Przemyslaw Stekiel
4a36dd3da6
ssl test ssl_decrypt_non_etm_cbc(): add missing ret check
...
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2022-01-31 15:38:29 +01:00
Przemyslaw Stekiel
f4ca3f0e52
ssl test build_transforms(): in psa mode distinguish encrypt/decrypt keys
...
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2022-01-31 15:38:29 +01:00
Przemyslaw Stekiel
f57b45660d
Rename tls_mbedtls_cipher_to_psa() to be consistent with function naming convention.
...
New function name: mbedtls_ssl_cipher_to_psa().
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2022-01-31 15:38:29 +01:00
Przemyslaw Stekiel
f4b3f087ae
test_suite_ssl.data: remove redundant test cases(short tag + GCM)
...
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2022-01-31 15:38:29 +01:00
Przemyslaw Stekiel
5b2de0c35c
test_suite_ssl.data: remove redundant test cases
...
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2022-01-31 15:38:29 +01:00
Przemyslaw Stekiel
93cf4eea67
Adapt test_suite_ssl for psa crypto
...
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2022-01-31 15:38:29 +01:00
Gilles Peskine
c6753a6c90
Merge pull request #5363 from AndrzejKurek/clarify-testing-set-nonce-set-lengths
...
PSA AEAD: extend testing of set_nonce + set_lengths
2022-01-25 17:02:26 +01:00