Valerio Setti
5922cb9309
pkparse: keep legacy PK error codes when RSA key parsing fails
...
This helps in reverting the changes to test_suite_x509parse.data
when the RSA key parsing fails.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-02-02 09:21:25 +01:00
Gilles Peskine
591e83d139
Add missing implied usage
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-02-01 21:33:44 +01:00
Gilles Peskine
a1a7b08057
Fix typo in dependency
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-02-01 21:32:29 +01:00
Gilles Peskine
793920c1ff
mbedtls_pk_get_psa_attributes: opaque: require specified usage
...
In the MBEDTLS_PK_OPAQUE, have mbedtls_pk_get_psa_attributes() require the
specified usage to be enabled for the specified key. Otherwise the following
call to mbedtls_pk_import_into_psa() is unlikely to result in a key with a
useful policy, so the call to mbedtls_pk_get_psa_attributes() was probably
an error.
Adjust the existing test cases accordingly and add a few negative test
cases.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-02-01 21:31:27 +01:00
Gilles Peskine
e820975244
Fix comment
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-02-01 21:00:33 +01:00
Gilles Peskine
e45d51f7b5
Clearer variable names
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-02-01 20:53:11 +01:00
Gilles Peskine
e2a77f21ea
Use PSA_INIT with test that requires PSA
...
USE_PSA_INIT is for test code that doesn't use PSA functions when
USE_PSA_CRYPTO is disabled.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-02-01 20:53:04 +01:00
Gilles Peskine
2e54854d16
Copypasta
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-02-01 20:53:04 +01:00
Gilles Peskine
0aad5f8f34
Copypasta
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-02-01 20:53:04 +01:00
Gilles Peskine
ae2668be97
Don't use mbedtls_pk_ec in our own code
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-02-01 20:53:04 +01:00
Gilles Peskine
7e353ba37a
Create auxiliary function for repeated code
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-02-01 20:46:19 +01:00
Gilles Peskine
19411635a5
Test enrollment algorithm for the non-OPAQUE case
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-02-01 20:42:28 +01:00
Gilles Peskine
e208b25b79
Minor documentation improvements
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-02-01 20:42:21 +01:00
Ronald Cron
38dbab9f8d
tests: ssl: Adjust early data test
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-02-01 20:10:41 +01:00
Ronald Cron
78a38f607c
tls13: srv: Do not use early_data_status
...
Due to the scope reduction for
mbedtls_ssl_read_early_data(), on
server as early data state variable
we now only need a flag in the
handshake context indicating if
the server has accepted early data
or not.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-02-01 20:10:35 +01:00
Ronald Cron
3b9034544e
Revert "tls13: Introduce early_data_state SSL context field"
...
This reverts commit 0883b8b625
.
Due to the scope reduction of mbedtls_ssl_read_early_data()
it is not necessary anymore to refine the usage
of early_data_status/state rather the opposite.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-02-01 20:03:57 +01:00
Ronald Cron
164537c4a6
tls13: early data: Improve, add comments
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-02-01 19:52:30 +01:00
Valerio Setti
56cfe2fab6
test_suite_rsa: improve rsa_parse_write_pkcs1_key() and rsa_key_write_incremental()
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-02-01 17:53:26 +01:00
Valerio Setti
5fe9f6699b
rsa_internal: update documentation for parse/write functions
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-02-01 17:35:56 +01:00
Valerio Setti
201e643509
rsa: simplify mbedtls_rsa_parse_pubkey() input parameters
...
In this way mbedtls_rsa_parse_pubkey() and mbedtls_rsa_parse_key()
input parameter list is the same.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-02-01 17:19:37 +01:00
Valerio Setti
135ebde273
rsa: rename parse/write functions in order to follow the standard format
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-02-01 17:00:29 +01:00
Valerio Setti
44ff9506dd
rsa: set parse/write functions out of !RSA_ALT guard
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-02-01 16:58:36 +01:00
Ronald Cron
ed7d4bfda5
tls13: srv: Simplify mbedtls_ssl_read_early_data() API
...
Do not progress the handshake in the API, just
read early data if some has been detected by
a previous call to mbedtls_ssl_handshake(),
mbedtls_ssl_handshake_step(),
mbedtls_ssl_read() or mbedtls_ssl_write().
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-02-01 16:45:07 +01:00
Ronald Cron
44d70a5f23
tls13: early data: Improve documentation
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-02-01 16:45:07 +01:00
Ronald Cron
2c4308958d
ssl.h: Fix comments
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-02-01 16:45:07 +01:00
Ronald Cron
0883b8b625
tls13: Introduce early_data_state SSL context field
...
Introduce early_data_state SSL context field to
distinguish better this internal state from
the status values defined for the
mbedtls_ssl_get_early_data_status() API.
Distinguish also between the client and
server states. Note that the client state
are going to be documented and reworked
as part of the implementation of
mbedtls_ssl_write_early_data().
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-02-01 16:45:04 +01:00
Ronald Cron
7d21cded3f
ssl.h: Simplify guard
...
MBEDTLS_SSL_EARLY_DATA implies
MBEDTLS_SSL_PROTO_TLS1_3 thus
MBEDTLS_SSL_PROTO_TLS1_3 && MBEDTLS_SSL_EARLY_DATA
is equivalent to MBEDTLS_SSL_EARLY_DATA.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-02-01 16:40:48 +01:00
Ronald Cron
7b6ee9482e
tls13: srv: Reject early data in case of HRR
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-02-01 16:40:47 +01:00
Jerry Yu
579bd4d46b
Update early data test
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-02-01 16:40:47 +01:00
Jerry Yu
192e0f9b1d
ssl_server2: Add read early data support
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-02-01 16:40:47 +01:00
Jerry Yu
d9ca354dbd
tls13: srv: Add mbedtls_ssl_read_early_data() API
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-02-01 16:40:47 +01:00
Ronald Cron
3a04562ace
Update mbedtls_ssl_read_early_data() definition
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-02-01 16:40:47 +01:00
Jerry Yu
032985c351
Add MBEDTLS_ERR_SSL_RECEIVED_EARLY_DATA error code
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-02-01 16:40:47 +01:00
Jerry Yu
6a5904db45
tls13: srv: Move early data size check placeholder
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-02-01 16:40:47 +01:00
Jerry Yu
739a1d4246
tls: Add internal function ssl_read_application_data()
...
The function will be used by
mbedtls_ssl_read_early_data() as well.
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-02-01 16:40:47 +01:00
Ronald Cron
5d0ae9021f
tls13: srv: Refine early data status
...
The main purpose is to know from the status
if early data can be received of not and
why.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-02-01 16:40:47 +01:00
Ronald Cron
149b0e7ca2
ssl.h: Fix comment
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-02-01 16:40:47 +01:00
Valerio Setti
52ed54b949
psa_crypto_rsa: remove unnecessary casting
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-02-01 16:29:01 +01:00
Valerio Setti
9e520f7ea9
changelog: improve descriptions
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-02-01 15:50:44 +01:00
Valerio Setti
3ecb395fb9
test_suite_psa_crypto_util: fix tests for 0-length and one 0x00 byte for r and s
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-02-01 15:26:24 +01:00
Valerio Setti
2d73baf171
psa_util: convert_der_to_raw_single_int: ensure the input DER integers have valid length
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-02-01 15:25:17 +01:00
Dave Rodgman
ba8e9addd9
Fix test dependencies
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2024-02-01 13:54:46 +00:00
Paul Elliott
0b2835d1fd
Fix accidental copy paste mistake
...
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2024-02-01 13:27:04 +00:00
Ronald Cron
11cc41265b
Merge pull request #8711 from ronald-cron-arm/tls13-ticket-and-early-data-unit-test
...
Add TLS 1.3 ticket and early data unit tests
2024-02-01 13:15:55 +00:00
Paul Elliott
ae942ece47
Fix style issues
...
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2024-02-01 12:44:01 +00:00
Paul Elliott
24e9a32c83
Refactor to help future other implementations
...
Improve the definition of mbedtls_test_thread_t to assist adding future
threading implementations, when they happen.
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2024-02-01 12:26:23 +00:00
Paul Elliott
cb88c4945a
Merge pull request #8754 from Redfoxymoon/development
...
fix build for midipix
2024-02-01 10:01:49 +00:00
Dave Rodgman
6823247376
Fix compile warning in tests
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2024-01-31 15:59:06 +00:00
Paul Elliott
9efc60298f
Fix code style issues
...
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2024-01-31 15:33:23 +00:00
Ronald Cron
eb84534ee3
Use TEST_EQUAL instead of TEST_ASSERT where possible
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-01-31 15:23:38 +01:00