Commit graph

23213 commits

Author SHA1 Message Date
Dave Rodgman
9ee8ebfb36
Merge pull request #6952 from daverodgman/getting-started
Update the getting-started doc
2023-01-24 10:25:57 +00:00
Przemek Stekiel
86d1946164 Fix error codes returned on failures
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-01-24 11:20:10 +01:00
Przemek Stekiel
160968586b Add negative test cases and use DER format for CSRs
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-01-24 10:57:19 +01:00
Przemek Stekiel
3f948c96e2 Fix typo in test dependencies
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-01-24 10:57:19 +01:00
Przemek Stekiel
cf6ff0fb43 Move common functions for crt/csr parsing to x509.c
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-01-24 10:57:19 +01:00
Przemek Stekiel
db128f518c Allow empty ns_cert_type, key_usage while parsing certificates
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-01-24 10:57:19 +01:00
Przemek Stekiel
21c37288e5 Adapt function names
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-01-24 10:57:19 +01:00
Przemek Stekiel
685d472db3 Adapt expected output of existing tests
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-01-24 10:57:19 +01:00
Przemek Stekiel
46a4a4987e Add tests to very parsing of CSR v3 extensions
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-01-24 10:57:19 +01:00
Przemek Stekiel
e7fbbb3fbd Generate csr files to test v3 extensions
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-01-24 10:57:19 +01:00
Przemek Stekiel
cbaf3167dd mbedtls_x509_csr_info: Add parsing code for v3 csr extensions
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-01-24 10:57:19 +01:00
Jens Alfke
2d9e359275 Parsing v3 extensions from a CSR
A parsed CSR struct (`mbedtls_x509_csr`) now includes some of the
X.509v3 extensions included in the CSR -- the key usage, Netscape
cert-type, and Subject Alternative Names.

Author: Jens Alfke <jens@couchbase.com>

Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-01-24 10:56:55 +01:00
Manuel Pégourié-Gonnard
4455fd2449
Merge pull request #6531 from AndrzejKurek/depends-py-kex-fixes
Depends.py - add exclusive domain tests to key exchange testing
2023-01-24 09:32:05 +01:00
Gabor Mezei
a24fd06451
Update documentation
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2023-01-23 19:10:26 +01:00
Gabor Mezei
9073f7dd3b
Remove unneeded check
The fix_quasi_reduction function changed to static so checking the
invalid arguments are not needed anymore.

Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2023-01-23 19:05:37 +01:00
Gabor Mezei
e81a2b85c9
Change the fix_quasi_reduction function to static
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2023-01-23 18:58:20 +01:00
Gabor Mezei
aaa1d2a276
Move the quasi reduction fixing function to bignum_mod_raw
Rename the function to 'fix_quasi_reduction' to better suite its functionality.
Also changed the name prefix to suite for the new module.

Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2023-01-23 18:55:57 +01:00
Tom Cosgrove
37dabd540b Fix doxygen return parameter spelling
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2023-01-23 16:57:26 +00:00
Dave Rodgman
17292f7823 Minor fixes
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-01-23 12:32:51 +00:00
Dave Rodgman
99ff0a7c50 Fix some additional over-long lines
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-01-23 12:31:01 +00:00
Manuel Pégourié-Gonnard
d84902f4ef Add issue numbers to TODO comments
In the python script I didn't use the word TODO because pylint doesn't
like that, but morally it's the same.

I removed the comment about "do we need a subset of compat.sh?" because
it turns out that `ssl-opt.sh` is already exercising all the key
exchanges:

    % sed -n 's/.*force_ciphersuite=TLS-\([^ ]*\)-WITH.*/\1/p' tests/ssl-opt.sh | sort -u
    DHE-PSK
    DHE-RSA
    ECDH-ECDSA
    ECDHE-ECDSA
    ECDHE-PSK
    ECDHE-RSA
    ECJPAKE
    PSK
    RSA
    RSA-PSK

(the only omission is ECDH-RSA which is not of interest here and does
not actually differ from ECDH-ECDSA). So, we don't need a subset of
compat.sh because we're already getting enough testing from ssl-opt.sh
(not to mention test_suite_ssl).

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-01-23 13:03:13 +01:00
Manuel Pégourié-Gonnard
bc19a0b0d8 Fix missing SHA-224 in test driver build
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-01-23 12:54:24 +01:00
Manuel Pégourié-Gonnard
5a2e02635a Improve a few comments & documentation
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-01-23 12:51:52 +01:00
Andrzej Kurek
98682b50a4 Remove obsolete comment from depends.py
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2023-01-23 06:16:23 -05:00
Janos Follath
3e0769b598
Merge pull request #6832 from daverodgman/fast-unaligned-ct
Improve efficiency of some constant time functions
2023-01-23 10:55:35 +00:00
Minos Galanakis
8692ec8bc0 pkarse: Added pk_group_id_from_specified() documentation.
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
2023-01-23 10:33:06 +00:00
Dave Rodgman
58c721e894 Add TEST_CF_SECRET to mbedtls_ct_memcpy_if_eq test
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-01-21 11:13:55 +00:00
Dave Rodgman
22b0d1adbf Test memcmp with differences starting after the first byte
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-01-21 10:29:00 +00:00
Dave Rodgman
d4fa9e99a0
Merge pull request #6950 from daverodgman/fix-rsaalt-test-guards 2023-01-20 18:28:38 +00:00
Dave Rodgman
7658b63390 Remove volatile from diff; add explanatory comment
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-01-20 14:04:48 +00:00
Dave Rodgman
fa96026a0e Move definition of asm out of public header
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-01-20 14:04:48 +00:00
Dave Rodgman
95ec58cc12 Remove not-needed stdio include from tests
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-01-20 14:04:48 +00:00
Dave Rodgman
7f376fa6fc Improve documentation
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-01-20 14:04:48 +00:00
Dave Rodgman
b9cd19bc8c Prevent perf regressions in mbedtls_xor
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-01-20 14:04:48 +00:00
Dave Rodgman
051225d07a Address potential perf regression
Ensure platforms that don't have an assembly implementation for
mbedtls_get_unaligned_volatile_uint32() don't experience a performance
regression.

Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-01-20 14:04:48 +00:00
Dave Rodgman
36dfc5a237 Improve efficiency of some constant time functions
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-01-20 14:04:48 +00:00
Dave Rodgman
cb0f2c4491 Tidy-up - move asm #define into build_info.h
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-01-20 14:04:48 +00:00
Dave Rodgman
39188c0a2a Add unit tests for mbedtls_ct_memcmp and mbedtls_ct_memcpy_if_eq
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-01-20 14:04:48 +00:00
Dave Rodgman
1a034dcc20 Add regression test
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-01-20 13:18:05 +00:00
Dave Rodgman
38699e5323 Update the getting-started doc
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-01-20 12:43:53 +00:00
Dave Rodgman
fd09b31011 Add Changelog
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-01-20 11:41:43 +00:00
Dave Rodgman
dc3b1540cd Fix test guards
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-01-20 11:39:00 +00:00
Yanray Wang
60f8eaa3b4 Remove third argument passed to run_client in compat.sh
The argument passed to translate_ciphers.py is calculated from $1 in
run_client instead of passed as third argument.

Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-01-20 13:38:30 +08:00
Andrzej Kurek
723b8779f9 Add missing key exchange requirements to test_suite_ssl
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2023-01-19 18:31:00 -05:00
Andrzej Kurek
a86cef32cf Add missing KEX DHE-RSA requirement for one ssl test
This specific cipher is used to test record splitting.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2023-01-19 18:27:57 -05:00
Andrzej Kurek
9113df8c8f Add missing RSA-type dependencies in test_suite_ssl
These tests are not run in development because of the
overlapping !TLS_1_3 requirement and usage of full config.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2023-01-19 18:26:31 -05:00
Minos Galanakis
c8e381ab1c pkarse: Update pk_group_id_from_specified() clean-up.
This path updates the clean-up logic of to individually
free each of the the group's structure members
rather than invoke `mbedtls_ecp_group_free()`.

Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
2023-01-19 16:15:11 +00:00
Minos Galanakis
e9fa7a74cd ecp_curves: Update pre-processor define guards for ecp_mpi_load().
This patch adjusts the logic, so that the method is included,
when the following components are enabled:

* MBEDTLS_ECP_DP_CURVE448_ENABLED
* MBEDTLS_ECP_DP_CURVE25519_ENABLED
* ECP_LOAD_GROUP

Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
2023-01-19 16:12:07 +00:00
Minos Galanakis
d61dbd4df7 ecp_curves: Update mbedtls_ecp_group_free().
This patch updates the method to not free the `grp->P`
and `grp->N` structure members.

The contents of `P` and `N` are stored in static memory at
`curve448_p/n` and `curve25519p/n` and no longer dynamically
allocated.

Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
2023-01-19 16:11:55 +00:00
Minos Galanakis
146fed9849 ecp_curves: Hardcode Montgomery const for curve448.
This patch adds two embedded constants used by `ecp_use_curve448()`.
The method has been updated to read that into an mpi instead of
calculating it on the fly.

Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
2023-01-19 16:11:50 +00:00