Jerry Yu
03b8f9d299
Adjust guards for dummy_tickets
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-10-08 14:56:38 +08:00
Jerry Yu
a99cbfa2d3
fix various issues
...
- rename function and variable
- change signature of `ssl_tls13_has_configured_psk`
- remove unnecessary statements
- remove unnecessary local variables
- wrong variable initial value
- improve output message
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-10-08 14:35:47 +08:00
Jerry Yu
40afab61a8
Add ciphersuite check in set_session
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-10-08 14:35:43 +08:00
Jerry Yu
21f9095fa8
Revert "move ciphersuite validation to set_session"
...
This reverts commit 19ae6f62c7
.
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-10-08 14:35:34 +08:00
Jerry Yu
379b91a393
add ticket age check
...
Remove ticket if it is expired.
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-10-08 10:21:15 +08:00
Janos Follath
96d4770bde
Merge pull request #6393 from KloolK/development
...
Fix typo
2022-10-07 08:43:43 +01:00
Jerry Yu
4a698341c9
Re-org selected_identity parser
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-10-07 10:11:05 +08:00
Jerry Yu
6183cc7470
Re-org binders writer
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-10-07 10:11:05 +08:00
Jerry Yu
f75364bee1
Re-organize identities writer
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-10-07 10:11:05 +08:00
Jerry Yu
8b41e893a2
fix various issues
...
- Re-order code and comments
- move comment above `write_identities`
- move `write_binder` above `write_identities`.
- Add has_{psk,identity} into {ticket,psk}_get_{psk,identity}
- rename `*_session_tickets_*` to `_ticket_`
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-10-07 10:11:05 +08:00
Jerry Yu
19ae6f62c7
move ciphersuite validation to set_session
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-10-07 10:11:05 +08:00
Jerry Yu
25ab654781
Add dummy ticket support
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-10-07 10:11:05 +08:00
Jerry Yu
b300e3c5be
add selected_identity parser
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-10-07 10:11:05 +08:00
Jerry Yu
1a0a0f4416
Add binders writer
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-10-07 10:11:05 +08:00
Jerry Yu
f7c125917c
Add identites writer
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-10-07 10:11:05 +08:00
Jerry Yu
0c6105bc9e
empty pre_shared_key functions
...
To easy review
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-10-07 10:11:05 +08:00
Jerry Yu
8897c07075
Add server only guards for psk callback
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-10-07 10:11:05 +08:00
Jan Bruckner
b33f6e5ee2
Fix typo
...
Signed-off-by: Jan Bruckner <jan@janbruckner.de>
2022-10-06 11:23:49 +02:00
Gilles Peskine
99a82dce74
Readability improvement
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-10-05 11:20:56 +02:00
Gilles Peskine
80ca44f33c
Merge pull request #6325 from gabor-mezei-arm/6308_missing_initialization_in_test
...
Add initialization for structures in test
2022-10-05 11:09:35 +02:00
Przemek Stekiel
e32cd44490
Add changelog entry: tls 1.2 builds with single encryption type
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-10-05 09:46:35 +02:00
Gilles Peskine
c217f48251
Replace the output file atomically
...
When writing the new .data file, first write the new content, then replace
the target. This way, there isn't a temporary state in which the file is
partially written. This temporary state can be misleading if the build is
interrupted. It's annoying if you're watching changes to the output and the
changes appear as emptying the file following by the new version appearing.
Now interrupted builds don't leave a file that appears to be up to date but
isn't, and when watching the output, there's a single transition to the new
version.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-10-04 15:10:00 +02:00
Gilles Peskine
22514eb99b
Fix typo in documentation
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-10-04 15:09:53 +02:00
Przemek Stekiel
0957e7bfc5
Rmove MBEDTLS_NIST_KW_C dependency from MBEDTLS_SSL_TICKET_C
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-10-03 11:39:02 +02:00
Przemek Stekiel
6a5cc74cc4
Fix typos and comments
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-10-03 09:04:16 +02:00
Przemek Stekiel
460192ee19
Fix and sync configuration file and configuration verifiation
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-10-03 08:55:29 +02:00
Gilles Peskine
5bbdfce44c
Streamline mbedtls_mpi_core_lt_ct unit test
...
Use mbedtls_test_read_mpi_core() to read the test data. Among other
benefits, X and Y are now allocated to their exact size, so analyzers (Asan,
Valgrind, Coverity, ...) have a chance of complaining if the tested function
overflows the buffer.
Remove TEST_CF_PUBLIC calls which are no longer necessary.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-09-30 18:53:04 +02:00
Gilles Peskine
3aae4e815e
New function mbedtls_test_read_mpi_core
...
Allocate and read an MPI from a binary test argument.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-09-30 18:51:41 +02:00
Gilles Peskine
571576fc5c
Move the definition of data_t to a header file
...
This way it can be used in helper functions.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-09-30 18:51:41 +02:00
Gilles Peskine
bdc7b8bb6a
Allow test assertions on constant-flow scalar data
...
When testing a function that is supposed to be constant-flow, we declare the
inputs as constant-flow secrets with TEST_CF_SECRET. The result of such a
function is itself a constant-flow secret, so it can't be tested with
comparison operators.
In TEST_EQUAL, TEST_LE_U and TEST_LE_S, declare the values to be compared as
public. This way, test code doesn't need to explicitly declare results as
public if they're only used by one of these macros.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-09-30 18:51:41 +02:00
Gilles Peskine
97483b0fd4
Remove incorrect comment
...
This comment (which used to be attached to the implementation, and should
not have been moved to the header file) is incorrect: the library function
mbedtls_mpi_read_string preserves leading zeros as desired, but does not
create a zero-limb object for an empty string.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-09-30 18:51:41 +02:00
Gilles Peskine
845de0898e
Merge pull request #6083 from tom-cosgrove-arm/issue-6015-montgomery-multiplication
...
Montgomery multiplication from bignum prototype
2022-09-30 10:35:21 +02:00
Tom Cosgrove
6da3a3b15f
Fix doc regarding aliasing of modulus input to mbedtls_mpi_core_montmul()
...
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2022-09-29 17:20:18 +01:00
Tom Cosgrove
4386ead662
Correct the aliasing requirements in doc for mbedtls_mpi_core_montmul(), and test them
...
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2022-09-29 14:40:21 +01:00
Przemek Stekiel
48a6a666a0
Add ssl-opt tls 1.2 tests for single cipher builds
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-09-29 15:29:33 +02:00
Przemek Stekiel
ce5b68c7a3
Revert "Fix guards for mbedtls_ssl_ticket_write() and mbedtls_ssl_ticket_parse() functions"
...
This reverts commit a82290b727
.
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-09-29 15:29:18 +02:00
Przemek Stekiel
8d4b241028
Remove redundant indirect dependencies after optimizing setup for one cipher components
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-09-29 10:13:40 +02:00
Przemek Stekiel
a891a091a3
test_suite_cmac.data: fix bug: use cipher type instead cipher id
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-09-29 09:53:20 +02:00
Przemek Stekiel
68db0d2f67
Optimize one cipher only components and adapt nemes
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-09-29 08:32:25 +02:00
Ronald Cron
77c691f099
Merge pull request #6194 from xkqian/tls13_add_psk_client_cases
...
TLS 1.3: Add PSK client cases
2022-09-28 17:08:06 +02:00
Przemek Stekiel
0cc3466c9e
Change testing strategy to default + one cypher only (psa/no psa)
...
In full config TLS 1.2 is disabled.
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-09-28 12:06:57 +02:00
Przemek Stekiel
b0de1c040b
Add components to build and test default/full config with legacy-ccm cipher only
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-09-28 11:15:16 +02:00
Przemek Stekiel
9550c05757
Add component to build and test full config with stream cipher only
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-09-28 09:51:55 +02:00
Xiaokang Qian
a70bd9108a
Fix the description of psk client cases
...
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2022-09-28 07:50:13 +00:00
Manuel Pégourié-Gonnard
e3358e14b2
Merge pull request #6051 from mprse/permissions_2b_v2
...
Permissions 2b: TLS 1.3 sigalg selection
2022-09-28 09:50:04 +02:00
Manuel Pégourié-Gonnard
f3f9e450b6
Merge pull request #6115 from AndrzejKurek/ecjpake-kdf-tls-1-2
...
Ad-hoc KDF for EC J-PAKE in TLS 1.2
2022-09-28 09:47:32 +02:00
Przemek Stekiel
e31ba83675
Use basic symbols instead MBEDTLS_CIPHER_MODE_AEAD in check config
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-09-28 09:44:58 +02:00
Przemek Stekiel
d582a01073
Make MBEDTLS_SSL_CONTEXT_SERIALIZATION dependent on AEAD
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-09-28 07:59:01 +02:00
Xiaokang Qian
ca343ae280
Improve message logs and test cases description in psk
...
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2022-09-28 02:07:54 +00:00
Ronald Cron
cba39a386f
Add change log
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-09-27 19:10:39 +02:00