Tom Cosgrove
2b177926ad
Use ASSERT_ALLOC() in tests
...
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2022-09-15 14:07:18 +01:00
Przemek Stekiel
c454aba203
ssl-opt.sh: add tests for key_opaque_algs option
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-09-15 14:22:29 +02:00
Przemek Stekiel
632939df4b
ssl_client2: print pk key name when provided using key_opaque_algs
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-09-15 14:16:11 +02:00
Przemek Stekiel
dca224628b
ssl_tls13_select_sig_alg_to_psa_alg: optimize code
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-09-15 14:16:11 +02:00
Przemek Stekiel
f937e669bd
Guard new code with MBEDTLS_USE_PSA_CRYPTO
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-09-15 14:16:11 +02:00
Przemek Stekiel
3c326f9697
Add function to convert sig_alg to psa alg and use it
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-09-15 14:16:11 +02:00
Przemek Stekiel
b40f2e81ec
TLS 1.3: Take into account key policy while picking a signature algorithm
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-09-15 14:10:19 +02:00
Dave Rodgman
f184625223
Clarify legal requirements for contributions
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2022-09-15 11:52:44 +01:00
Manuel Pégourié-Gonnard
c42c7e660e
Update documentation in legacy_or_psa.h
...
- Some things that were indicated as in the near future are now done.
- Clarify when these macros are needed and when they're not.
- Prepare to make the header public.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-09-15 11:28:24 +02:00
Manuel Pégourié-Gonnard
1dc37258de
Style: wrap a long line
...
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-09-15 11:10:26 +02:00
Manuel Pégourié-Gonnard
409a620dea
Merge pull request #6255 from mprse/md_tls13
...
Driver-only hashes: TLS 1.3
2022-09-15 10:37:46 +02:00
Jerry Yu
0a55cc647c
Remove unnecessary var and improve comment
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-09-15 16:15:06 +08:00
Werner Lewis
07c830c164
Fix setting for default test suite directory
...
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
2022-09-15 09:02:07 +01:00
Manuel Pégourié-Gonnard
18dff1f226
Merge pull request #5871 from superna9999/4153-psa-expose-ec-j-pake
...
Expose ECJPAKE through the PSA Crypto API
2022-09-15 09:25:55 +02:00
Ronald Cron
62e24ba186
Merge pull request #6260 from yuhaoth/pr/add-multiple-pre-config-psks
...
TLS 1.3:Add multiple pre-configured psk test for server
2022-09-15 08:58:40 +02:00
Andrzej Kurek
4ba0e45f8e
all.sh: don't build with ECJPAKE_TO_PMS if SHA256 is not available
...
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-09-14 14:58:49 -04:00
Andrzej Kurek
d60907b85d
Define ECJPAKE_TO_PMS in config_psa only if SHA_256 is available
...
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-09-14 14:57:51 -04:00
Werner Lewis
52ae326ebb
Update references to file targets in docstrings
...
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
2022-09-14 16:52:45 +01:00
Werner Lewis
ac446c8a04
Add combination_pairs helper function
...
Wrapper function for itertools.combinations_with_replacement, with
explicit cast due to imprecise typing with older versions of mypy.
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
2022-09-14 16:52:45 +01:00
Werner Lewis
b6e809133d
Use typing.cast instead of unqualified cast
...
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
2022-09-14 16:52:45 +01:00
Werner Lewis
00d02423a5
Remove argparser default for directory
...
This reverts commit f156c43702
. Adds a
comment to explain reasoning for current implementation.
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
2022-09-14 16:52:42 +01:00
Werner Lewis
858cffde1e
Add toggle for test case count in descriptions
...
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
2022-09-14 16:52:25 +01:00
Werner Lewis
34d6d3e4e5
Update comments/docstrings in TestGenerator
...
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
2022-09-14 16:52:18 +01:00
Jerry Yu
f7dad3cfbe
fix various issues
...
- Naming
- format
- Reduce negative tolerance window
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-09-14 22:31:39 +08:00
Przemyslaw Stekiel
67ffab5600
ssl.h: use PSA hash buffer size when PSA is used
...
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2022-09-14 14:51:14 +02:00
Andrzej Kurek
18f8e8d62c
Document the input size restriction for EC J-PAKE to PMS
...
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-09-14 08:44:34 -04:00
Andrzej Kurek
d8705bc7b7
Add tests for the newly created ad-hoc EC J-PAKE KDF
...
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-09-14 08:39:41 -04:00
Andrzej Kurek
08d34b8693
Add an EC J-PAKE KDF to transform K -> SHA256(K.X) for TLS 1.2
...
TLS uses it to derive the session secret. The algorithm takes a serialized
point in an uncompressed form, extracts the X coordinate and computes
SHA256 of it. It is only expected to work with P-256.
Fixes #5978 .
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-09-14 08:39:26 -04:00
Ronald Cron
208257b39f
Merge pull request #6259 from yuhaoth/pr/add-psk_ephemeral-possible-group-tests
...
TLS 1.3: PSK: Add possible group tests for psk with ECDHE
2022-09-14 14:21:46 +02:00
Przemyslaw Stekiel
ab9b9d4669
ssl_tls13_keys.h: use PSA max hash size
...
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2022-09-14 13:51:07 +02:00
Przemyslaw Stekiel
da6452578f
ssl_tls13_generic.c: fix hash buffer sizes (use PSA_HASH_MAX_SIZE)
...
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2022-09-14 12:50:51 +02:00
Neil Armstrong
6a12a7704d
Fix typo in comment
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-09-14 12:17:42 +02:00
Jerry Yu
673b0f9ad3
Randomize order of psks
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-09-14 18:02:26 +08:00
Przemyslaw Stekiel
034492bd56
ssl.h: Fix hash guards
...
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2022-09-14 11:09:20 +02:00
Przemyslaw Stekiel
004c2181f0
ssl_misc.h: hash guards adaptations
...
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2022-09-14 11:00:57 +02:00
Manuel Pégourié-Gonnard
b2407f2b91
Merge pull request #6261 from mprse/hash_size_macro
...
Create MBEDTLS_MAX_HASH_SIZE in hash_info.h
2022-09-14 10:00:06 +02:00
Jerry Yu
acff823846
Add negative tolerance window
...
If `now == session->start` or the timer of
client is faster than server, client age might
be bigger than server.
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-09-14 14:50:44 +08:00
Jerry Yu
95db17ed5f
fix various issues
...
- improve obfuscated ticket age generator
- improve psk getter
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-09-14 10:37:58 +08:00
Przemek Stekiel
ce0aa58fd9
check_config.h: make TLS1.3 requirements verification more readable
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-09-13 18:08:54 +02:00
Przemek Stekiel
0852ef8b96
mbedtls_ssl_reset_transcript_for_hrr: remove redundant 'else' statement
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-09-13 18:08:54 +02:00
Przemek Stekiel
8a2f2b0bd6
check_config.h: fix TLS 1.3 requirements (add HKDF_EXTRACT/EXPAND) and comments
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-09-13 18:08:54 +02:00
Przemek Stekiel
dcec7ac3e8
test_psa_crypto_config_accel_hash_use_psa: enable tls.1.3 at the end and adapt comment
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-09-13 18:08:54 +02:00
Przemek Stekiel
9408b70513
check_config.h: revert HKDF requirements
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-09-13 18:08:54 +02:00
Przemek Stekiel
9dfbf3a006
ssl_tls13_generic.c: optimize code to save memory
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-09-13 18:08:54 +02:00
Przemek Stekiel
153b442cc3
mbedtls_ssl_tls13_sig_alg_is_supported: adapt guards
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-09-13 18:08:54 +02:00
Przemek Stekiel
a06787a629
build_info.h: include config_psa.h also when MBEDTLS_PSA_CRYPTO_C
...
This is done to have PSA_WANT_xxx symbols available in check_config.h when MBEDTLS_PSA_CRYPTO_C.
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-09-13 18:08:54 +02:00
Przemek Stekiel
a4af13a46c
test_psa_crypto_config_accel_hash_use_psa: enable TLS 1.3
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-09-13 18:08:54 +02:00
Przemek Stekiel
cf9d972a9a
Fix config for MBEDTLS_SSL_PROTO_TLS1_3
...
Remove MBEDTLS_HKDF_C as it is not needed since #5838
Reasoning: we need SHA-256 or SHA-384 via PSA because they're used by HKDF which is now always done via PSA. If in addition to that USE_PSA is enabled, then everything is done via PSA so that's enough. Otherwise, we need the software implementation of SHA-256 or SHA-384, plus MD_C because we're using a VIA_MD_OR_PSA_BASED_ON_USE_PSA as discussed above.
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-09-13 18:08:54 +02:00
Przemek Stekiel
a9a8816107
ssl.h: adapt guards for MBEDTLS_SSL_TLS1_3_TICKET_RESUMPTION_KEY_LEN
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-09-13 18:08:54 +02:00
Przemek Stekiel
47e3cb1875
ssl_tls13_generic.c: adapt guards for MBEDTLS_SHAxxx_C
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-09-13 18:08:54 +02:00