Commit graph

21442 commits

Author SHA1 Message Date
Jerry Yu
03b8f9d299 Adjust guards for dummy_tickets
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-10-08 14:56:38 +08:00
Jerry Yu
a99cbfa2d3 fix various issues
- rename function and variable
- change signature of `ssl_tls13_has_configured_psk`
- remove unnecessary statements
- remove unnecessary local variables
- wrong variable initial value
- improve output message

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-10-08 14:35:47 +08:00
Jerry Yu
40afab61a8 Add ciphersuite check in set_session
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-10-08 14:35:43 +08:00
Jerry Yu
21f9095fa8 Revert "move ciphersuite validation to set_session"
This reverts commit 19ae6f62c7.

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-10-08 14:35:34 +08:00
Jerry Yu
379b91a393 add ticket age check
Remove ticket if it is expired.

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-10-08 10:21:15 +08:00
Janos Follath
96d4770bde
Merge pull request #6393 from KloolK/development
Fix typo
2022-10-07 08:43:43 +01:00
Jerry Yu
4a698341c9 Re-org selected_identity parser
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-10-07 10:11:05 +08:00
Jerry Yu
6183cc7470 Re-org binders writer
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-10-07 10:11:05 +08:00
Jerry Yu
f75364bee1 Re-organize identities writer
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-10-07 10:11:05 +08:00
Jerry Yu
8b41e893a2 fix various issues
- Re-order code and comments
  - move comment above `write_identities`
  - move `write_binder` above `write_identities`.
- Add has_{psk,identity} into {ticket,psk}_get_{psk,identity}
- rename `*_session_tickets_*` to `_ticket_`

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-10-07 10:11:05 +08:00
Jerry Yu
19ae6f62c7 move ciphersuite validation to set_session
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-10-07 10:11:05 +08:00
Jerry Yu
25ab654781 Add dummy ticket support
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-10-07 10:11:05 +08:00
Jerry Yu
b300e3c5be add selected_identity parser
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-10-07 10:11:05 +08:00
Jerry Yu
1a0a0f4416 Add binders writer
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-10-07 10:11:05 +08:00
Jerry Yu
f7c125917c Add identites writer
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-10-07 10:11:05 +08:00
Jerry Yu
0c6105bc9e empty pre_shared_key functions
To easy review

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-10-07 10:11:05 +08:00
Jerry Yu
8897c07075 Add server only guards for psk callback
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-10-07 10:11:05 +08:00
Jan Bruckner
b33f6e5ee2 Fix typo
Signed-off-by: Jan Bruckner <jan@janbruckner.de>
2022-10-06 11:23:49 +02:00
Gilles Peskine
99a82dce74 Readability improvement
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-10-05 11:20:56 +02:00
Gilles Peskine
80ca44f33c
Merge pull request #6325 from gabor-mezei-arm/6308_missing_initialization_in_test
Add initialization for structures in test
2022-10-05 11:09:35 +02:00
Przemek Stekiel
e32cd44490 Add changelog entry: tls 1.2 builds with single encryption type
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-10-05 09:46:35 +02:00
Gilles Peskine
c217f48251 Replace the output file atomically
When writing the new .data file, first write the new content, then replace
the target. This way, there isn't a temporary state in which the file is
partially written. This temporary state can be misleading if the build is
interrupted. It's annoying if you're watching changes to the output and the
changes appear as emptying the file following by the new version appearing.
Now interrupted builds don't leave a file that appears to be up to date but
isn't, and when watching the output, there's a single transition to the new
version.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-10-04 15:10:00 +02:00
Gilles Peskine
22514eb99b Fix typo in documentation
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-10-04 15:09:53 +02:00
Przemek Stekiel
0957e7bfc5 Rmove MBEDTLS_NIST_KW_C dependency from MBEDTLS_SSL_TICKET_C
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-10-03 11:39:02 +02:00
Przemek Stekiel
6a5cc74cc4 Fix typos and comments
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-10-03 09:04:16 +02:00
Przemek Stekiel
460192ee19 Fix and sync configuration file and configuration verifiation
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-10-03 08:55:29 +02:00
Gilles Peskine
5bbdfce44c Streamline mbedtls_mpi_core_lt_ct unit test
Use mbedtls_test_read_mpi_core() to read the test data. Among other
benefits, X and Y are now allocated to their exact size, so analyzers (Asan,
Valgrind, Coverity, ...) have a chance of complaining if the tested function
overflows the buffer.

Remove TEST_CF_PUBLIC calls which are no longer necessary.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-09-30 18:53:04 +02:00
Gilles Peskine
3aae4e815e New function mbedtls_test_read_mpi_core
Allocate and read an MPI from a binary test argument.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-09-30 18:51:41 +02:00
Gilles Peskine
571576fc5c Move the definition of data_t to a header file
This way it can be used in helper functions.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-09-30 18:51:41 +02:00
Gilles Peskine
bdc7b8bb6a Allow test assertions on constant-flow scalar data
When testing a function that is supposed to be constant-flow, we declare the
inputs as constant-flow secrets with TEST_CF_SECRET. The result of such a
function is itself a constant-flow secret, so it can't be tested with
comparison operators.

In TEST_EQUAL, TEST_LE_U and TEST_LE_S, declare the values to be compared as
public. This way, test code doesn't need to explicitly declare results as
public if they're only used by one of these macros.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-09-30 18:51:41 +02:00
Gilles Peskine
97483b0fd4 Remove incorrect comment
This comment (which used to be attached to the implementation, and should
not have been moved to the header file) is incorrect: the library function
mbedtls_mpi_read_string preserves leading zeros as desired, but does not
create a zero-limb object for an empty string.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-09-30 18:51:41 +02:00
Gilles Peskine
845de0898e
Merge pull request #6083 from tom-cosgrove-arm/issue-6015-montgomery-multiplication
Montgomery multiplication from bignum prototype
2022-09-30 10:35:21 +02:00
Tom Cosgrove
6da3a3b15f Fix doc regarding aliasing of modulus input to mbedtls_mpi_core_montmul()
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2022-09-29 17:20:18 +01:00
Tom Cosgrove
4386ead662 Correct the aliasing requirements in doc for mbedtls_mpi_core_montmul(), and test them
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2022-09-29 14:40:21 +01:00
Przemek Stekiel
48a6a666a0 Add ssl-opt tls 1.2 tests for single cipher builds
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-09-29 15:29:33 +02:00
Przemek Stekiel
ce5b68c7a3 Revert "Fix guards for mbedtls_ssl_ticket_write() and mbedtls_ssl_ticket_parse() functions"
This reverts commit a82290b727.

Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-09-29 15:29:18 +02:00
Przemek Stekiel
8d4b241028 Remove redundant indirect dependencies after optimizing setup for one cipher components
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-09-29 10:13:40 +02:00
Przemek Stekiel
a891a091a3 test_suite_cmac.data: fix bug: use cipher type instead cipher id
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-09-29 09:53:20 +02:00
Przemek Stekiel
68db0d2f67 Optimize one cipher only components and adapt nemes
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-09-29 08:32:25 +02:00
Ronald Cron
77c691f099
Merge pull request #6194 from xkqian/tls13_add_psk_client_cases
TLS 1.3: Add PSK client cases
2022-09-28 17:08:06 +02:00
Przemek Stekiel
0cc3466c9e Change testing strategy to default + one cypher only (psa/no psa)
In full config TLS 1.2 is disabled.

Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-09-28 12:06:57 +02:00
Przemek Stekiel
b0de1c040b Add components to build and test default/full config with legacy-ccm cipher only
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-09-28 11:15:16 +02:00
Przemek Stekiel
9550c05757 Add component to build and test full config with stream cipher only
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-09-28 09:51:55 +02:00
Xiaokang Qian
a70bd9108a Fix the description of psk client cases
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2022-09-28 07:50:13 +00:00
Manuel Pégourié-Gonnard
e3358e14b2
Merge pull request #6051 from mprse/permissions_2b_v2
Permissions 2b: TLS 1.3 sigalg selection
2022-09-28 09:50:04 +02:00
Manuel Pégourié-Gonnard
f3f9e450b6
Merge pull request #6115 from AndrzejKurek/ecjpake-kdf-tls-1-2
Ad-hoc KDF for EC J-PAKE in TLS 1.2
2022-09-28 09:47:32 +02:00
Przemek Stekiel
e31ba83675 Use basic symbols instead MBEDTLS_CIPHER_MODE_AEAD in check config
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-09-28 09:44:58 +02:00
Przemek Stekiel
d582a01073 Make MBEDTLS_SSL_CONTEXT_SERIALIZATION dependent on AEAD
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-09-28 07:59:01 +02:00
Xiaokang Qian
ca343ae280 Improve message logs and test cases description in psk
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2022-09-28 02:07:54 +00:00
Ronald Cron
cba39a386f Add change log
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-09-27 19:10:39 +02:00