Commit graph

3690 commits

Author SHA1 Message Date
Neil Armstrong
e858996413 Use PSA version of mbedtls_ct_hmac() in mbedtls_ssl_decrypt_buf()
Due to mbedtls_ct_hmac() implementation the decryption MAC key
must be exportable.

Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-02-25 15:17:50 +01:00
Neil Armstrong
2968d306e4 Implement mbedtls_ct_hmac() using PSA hash API
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-02-25 15:16:50 +01:00
Neil Armstrong
cf8841a076 Remove non-PSA MAC keys in mbedtls_ssl_transform when MBEDTLS_USE_PSA_CRYPTO is defined
Also remove last usage of non-PSA MAC keys in ssl_decrypt_non_etm_cbc() SSL test.

Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-02-25 15:16:49 +01:00
Neil Armstrong
4f091290bd Remove Obsolete SSLs tests with truncated MAC tags & NULL/CBC cipher
These tests are related to an obsolete feature removed from the library.

Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-02-25 15:16:49 +01:00
Neil Armstrong
f4cc062935 Setup MAC PSA keys in build_transforms() to pass ssl_crypt_record() with PSA crypto
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-02-25 15:16:49 +01:00
Neil Armstrong
46a1760922 Allow USE_PSA_CRYPTO for handshake TLS tests
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-02-25 15:16:49 +01:00
Ronald Cron
4579a972bf
Merge pull request #5426 from gilles-peskine-arm/ssl-get-version-3.1
Add accessors to mbedtls_ssl_context: user data, version
ABI-API-checking fails which was expected as this PR adds a new field in mbedtls_ssl_context and mbedtls_ssl_config.
2022-02-21 17:03:24 +01:00
Manuel Pégourié-Gonnard
e3a2dd787e
Merge pull request #5521 from AndrzejKurek/rsa-pss-use-psa
Make RSA-PSS verification use PSA with MBEDTLS_USE_PSA_CRYPTO
2022-02-21 16:58:57 +01:00
Gilles Peskine
49d7ddf7f3 Serializing a context does not save the user data
The user data is typically a pointer to a data structure or a handle which
may no longer be valid after the session is restored. If the user data needs
to be preserved, let the application do it. This way, it is a conscious
decision for the application to save/restore either the pointer/handle
itself or the object it refers to.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-02-21 15:14:01 +01:00
Gilles Peskine
80dae04f24 Make user_data fields private
Add accessor functions.

Add unit tests for the accessor functions.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-02-21 15:14:01 +01:00
Gilles Peskine
1255b0de98 Positive unit testing for SSL context version functions
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-02-21 15:14:01 +01:00
Paul Elliott
436b72690d
Merge pull request #5362 from yuhaoth/pr/enable-tls13-only-build
TLS1.3:Enable tls13 only build
2022-02-21 11:22:37 +00:00
Manuel Pégourié-Gonnard
9b545c04f7
Merge pull request #5520 from gabor-mezei-arm/5402_implement_hkdf_expand_based_on_psa_hmac
HKDF 1b: Implement Expand in TLS 1.3 based on PSA HMAC
2022-02-21 09:30:31 +01:00
Jerry Yu
baa4934e7b Add check tests
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-02-21 09:06:00 +08:00
Jerry Yu
53d23e2c95 Guards tls_prf functions with TLS1_2
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-02-21 09:06:00 +08:00
Gabor Mezei
cbe5ba500a
Add tests for mbedtls_psa_hkdf_expand
Add test cases which test psa_import_key and psa_mac_sign_setup
function call if they return error.

Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-02-17 17:01:49 +01:00
Gabor Mezei
8e3602569b
Typo
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-02-17 11:50:02 +01:00
Manuel Pégourié-Gonnard
4fa604cc3b
Merge pull request #5511 from SiliconLabs/feature/PSEC-3195-PSA-test-suites-NOT-using-UID-0
feat: Update test_suite_psa_its to NOT use UID=0
2022-02-17 11:49:33 +01:00
Andrzej Kurek
32048a6d92 pk_verify_ext: introduce more tests for signature length mismatches
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-02-16 06:17:00 -05:00
Gabor Mezei
d917081b8b
Typo
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-02-15 16:25:27 +01:00
Gabor Mezei
7381242748
Use PSA_INIT()
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-02-15 16:24:58 +01:00
Andrzej Kurek
8666df6f18 Add signature length mismatch handling when using PSA in pk_verify_ext
Introduce a regression test for that too.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-02-15 08:23:02 -05:00
Andrzej Kurek
853ad7bfcf Use macros in tests for PSA init/deinit routines
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-02-15 07:13:03 -05:00
Gilles Peskine
bebeae9428
Merge pull request #5504 from gstrauss/mbedtls_pem_get_der
Add accessor to get der from mbedtls_pem_context
2022-02-10 23:56:57 +01:00
Gabor Mezei
b35759ded8
Add tests for mbedtls_psa_hkdf_expand
The tests are based on the test of mbedtls_hkdf_expand.

Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-02-10 10:57:24 +01:00
Andrzej Kurek
7db1b78fff Make RSA-PSS verification use PSA with MBEDTLS_USE_PSA_CRYPTO
Duplicate a test case but with a different expected error
due to error translation to and from PSA.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-02-09 14:13:44 -05:00
Gabor Mezei
748ab4ae77
Use ASSERT_ALLOC
Change the calloc functions to ASSERT_ALLOC to check the
return value of calloc as well.

Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-02-09 16:31:48 +01:00
Manuel Pégourié-Gonnard
1df23b903f Check the result of PEM decoding
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-02-08 14:53:50 -05:00
Manuel Pégourié-Gonnard
33ab075f45 Add success case for pem_read testing
Currently all cases were negative, so the block that exercised
mbedtls_pem_get_der() would never be reached.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-02-08 14:53:50 -05:00
Glenn Strauss
72bd4e4d6a Add accessor to get buf from mbedtls_pem_context
Co-authored-by: Gilles Peskine <gilles.peskine@arm.com>
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
2022-02-08 14:53:46 -05:00
pespacek
443c78eb83 BUGFIX: PSA test vectors use UID 1 instead of 0.
Test vector to test rejection of uid = 0 was added.

Signed-off-by: pespacek <peter.spacek@silabs.com>
2022-02-08 15:19:26 +01:00
pespacek
d62e906b1c TEST: added psa_its_set expected failure test
Signed-off-by: pespacek <peter.spacek@silabs.com>
2022-02-08 15:19:26 +01:00
Manuel Pégourié-Gonnard
45c5768a74
Merge pull request #5434 from mprse/tls_use_psa
TLS Cipher: use PSA crypto
2022-02-08 10:27:25 +01:00
Ronald Cron
6a0b1ef27e
Merge pull request #5282 from AndrzejKurek/import-opaque-driver-wrappers
Add tests for an opaque import in the driver wrappers
2022-02-07 11:14:43 +01:00
Andrzej Kurek
ba4cadef14 Test drivers: rename import call source to driver location
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-02-03 10:27:01 -05:00
Andrzej Kurek
333e0fac1d Formatting and documentation fixes
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-02-03 09:42:47 -05:00
Przemyslaw Stekiel
5648d577a4 Optimize psa_cipher_encrypt_helper()
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2022-02-03 14:55:24 +01:00
Przemyslaw Stekiel
8c010eb467 Fix comments, code style, remove debug code
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2022-02-03 14:55:24 +01:00
Przemyslaw Stekiel
d66387f8fa Init psa status to PSA_ERROR_CORRUPTION_DETECTED
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2022-02-03 09:16:41 +01:00
Przemyslaw Stekiel
f4facef9ba Adapt ssl_decrypt_non_etm_cbc() test for psa crypto and remove redundant test cases
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2022-02-03 09:16:41 +01:00
Manuel Pégourié-Gonnard
1ab2d6966c
Merge pull request #5385 from AndrzejKurek/use-psa-crypto-reduced-configs
Resolve problems with reduced configs using USE_PSA_CRYPTO
2022-02-02 10:20:26 +01:00
Przemyslaw Stekiel
77aec8d181 Rename ssl_psa_status_to_mbedtls->psa_ssl_status_to_mbedtls
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2022-01-31 20:22:53 +01:00
Przemyslaw Stekiel
89dad93a78 Rename psa_status_to_mbedtls->ssl_psa_status_to_mbedtls and add conversion for PSA_ERROR_INVALID_SIGNATURE
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2022-01-31 15:39:24 +01:00
Przemyslaw Stekiel
4a36dd3da6 ssl test ssl_decrypt_non_etm_cbc(): add missing ret check
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2022-01-31 15:38:29 +01:00
Przemyslaw Stekiel
f4ca3f0e52 ssl test build_transforms(): in psa mode distinguish encrypt/decrypt keys
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2022-01-31 15:38:29 +01:00
Przemyslaw Stekiel
f57b45660d Rename tls_mbedtls_cipher_to_psa() to be consistent with function naming convention.
New function name:  mbedtls_ssl_cipher_to_psa().

Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2022-01-31 15:38:29 +01:00
Przemyslaw Stekiel
f4b3f087ae test_suite_ssl.data: remove redundant test cases(short tag + GCM)
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2022-01-31 15:38:29 +01:00
Przemyslaw Stekiel
5b2de0c35c test_suite_ssl.data: remove redundant test cases
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2022-01-31 15:38:29 +01:00
Przemyslaw Stekiel
93cf4eea67 Adapt test_suite_ssl for psa crypto
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2022-01-31 15:38:29 +01:00
Gilles Peskine
c6753a6c90
Merge pull request #5363 from AndrzejKurek/clarify-testing-set-nonce-set-lengths
PSA AEAD: extend testing of set_nonce + set_lengths
2022-01-25 17:02:26 +01:00