Shaun Case
8b0ecbccf4
Redo of PR#5345. Fixed spelling and typographical errors found by CodeSpell.
...
Signed-off-by: Shaun Case <warmsocks@gmail.com>
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2022-05-11 21:25:51 +01:00
Dave Rodgman
faef649dec
Fix Ubuntu compile error in udp_proxy.c
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2022-05-11 19:55:45 +01:00
josesimoes
23419560c9
Remove prompt to exit in all programs
...
Signed-off-by: José Simões <jose.simoes@eclo.solutions>
2022-05-06 17:11:22 +01:00
Przemek Stekiel
cb20d202d2
Further code optimization
...
- key_opaque_set_alg_usage(): set alg/usage in loop
- key_opaque_set_alg_usage(): add key paramteter to set default alg/usage if it is not specified by command line parameters
- unify default alg/usage for client and server
- optimize opaque code on client and server side
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-05-06 09:34:30 +02:00
Przemek Stekiel
296bfba924
ssl_server2: add key_opaque_algs2 usage info
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-05-05 11:08:34 +02:00
Przemek Stekiel
1d25e076f3
ssl_client2: fix default key opaque algs
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-05-05 11:05:10 +02:00
Przemek Stekiel
488efa05b6
Fix compiler warnings: initialize local variables: psa_alg, psa_alg2, psa_usage
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-05-05 10:17:01 +02:00
Przemek Stekiel
134eb8b6e2
Fix style
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-05-05 10:17:01 +02:00
Przemek Stekiel
092128324f
ssl_client2/ss_server2: optimize code for opaque key
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-05-05 10:17:01 +02:00
Przemek Stekiel
76a41f5a52
ssl_test_lib: fix compilation flags for default config
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-05-05 10:17:01 +02:00
Przemek Stekiel
e5e9ba920f
ssl_server2: refactor opaque code
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-05-05 10:17:01 +02:00
Przemek Stekiel
89132a6ab0
Fix call to mbedtls_pk_wrap_as_opaque(): use usage variable instead PSA_KEY_USAGE_SIGN_HASH
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-05-05 10:17:01 +02:00
Przemek Stekiel
b58c47a666
ssl_server2: use key opaque algs given from command line
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-05-05 10:17:01 +02:00
Przemek Stekiel
344c561292
ssl_server2: Add support for key_opaque_algs2 command line paramtere
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-05-05 10:17:01 +02:00
Przemek Stekiel
a17b5c6ba2
ssl_client: use key opaque algs given from command line
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-05-05 10:17:01 +02:00
Przemek Stekiel
01396a16da
ssl_test_lib: add function translate given opaque algoritms to psa
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-05-05 10:17:01 +02:00
Przemek Stekiel
77fc9ab1ba
Fix typos and code style
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-05-05 10:17:01 +02:00
Przemek Stekiel
4ca0d72c3b
ssl server: add key_opaque_algs command line option
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-05-05 10:17:01 +02:00
Przemek Stekiel
f1822febc4
ssl client: add key_opaque_algs command line option
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-05-05 10:17:01 +02:00
Przemek Stekiel
85d692d1c4
ssl client/server: add parsing function for key_opaque_algs command line option
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-05-05 10:17:01 +02:00
Manuel Pégourié-Gonnard
068a13d909
Merge pull request #5771 from superna9999/5761-rsa-decrypt-rework-pk-wrap-as-opaque
...
RSA decrypt 0: Rework `mbedtls_pk_wrap_as_opaque()`
2022-05-02 09:06:49 +02:00
Manuel Pégourié-Gonnard
67397fa4fd
Merge pull request #5704 from mprse/mixed_psk_2cx
...
Mixed PSK 2a, 2b, 2c: enable client/server support opaque RSA-PSK, ECDHE-PSK, DHE-PSK
2022-04-29 10:47:16 +02:00
Neil Armstrong
94e371af91
Update mbedtls_pk_wrap_as_opaque() usage in SSL client2 & server2
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-04-28 13:27:59 +02:00
Gilles Peskine
72b99edf31
Merge pull request #5381 from mpg/benchmark-ecc-heap
...
Improve benchmarking of ECC heap usage
2022-04-22 16:43:11 +02:00
Przemek Stekiel
cb322eac6b
Enable support for psa opaque DHE-PSK key exchange on the server side
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-04-22 14:54:33 +02:00
Przemek Stekiel
b293aaa61b
Enable support for psa opaque DHE-PSK key exchange on the client side
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-04-22 14:54:33 +02:00
Przemek Stekiel
14d11b0877
Enable support for psa opaque ECDHE-PSK key exchange on the server side
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-04-22 14:53:55 +02:00
Przemek Stekiel
19b80f8151
Enable support for psa opaque ECDHE-PSK key exchange on the client side
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-04-22 14:52:28 +02:00
Przemek Stekiel
aeb710fec5
Enable support for psa opaque RSA-PSK key exchange on the server side
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-04-22 14:52:28 +02:00
Przemek Stekiel
fc72e428ed
ssl_client2: Enable support for TLS 1.2 RSA-PSK opaque ciphersuite
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-04-22 14:52:27 +02:00
Ronald Cron
38b8aa4f63
Merge pull request #5539 from xkqian/add_client_hello_to_server
...
Add client hello into server side
2022-04-22 10:26:00 +02:00
Manuel Pégourié-Gonnard
21f82c7510
Merge pull request #5709 from superna9999/5625-pk-opaque-rsa-tls12
...
RSA sign 3b: TLS 1.2 integration testing
2022-04-22 10:05:43 +02:00
Gilles Peskine
afbfed9397
Merge pull request #5582 from gilles-peskine-arm/ssl-opt-auto-psk
...
Run ssl-opt.sh in more reduced configurations
2022-04-21 12:03:53 +02:00
XiaokangQian
318dc763a6
Fix test failure issue and update code styles
...
Change-Id: I0b08da1b083abdb19dc383e6f4b210f66659c109
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-04-20 09:43:51 +00:00
Paul Elliott
a2da9c7e45
Merge pull request #5631 from gstrauss/enum-tls-vers
...
Unify internal/external TLS protocol version enums
2022-04-19 17:05:26 +01:00
Glenn Strauss
e3af4cb72a
mbedtls_ssl_(read|write)_version using tls_version
...
remove use of MBEDTLS_SSL_MINOR_VERSION_*
remove use of MBEDTLS_SSL_MAJOR_VERSION_*
(only remaining use is in tests/suites/test_suite_ssl.data)
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
2022-04-14 15:40:14 -04:00
Glenn Strauss
60bfe60d0f
mbedtls_ssl_ciphersuite_t min_tls_version,max_tls_version
...
Store the TLS version in tls_version instead of major, minor version num
Note: existing application use which accesses the struct member
(using MBEDTLS_PRIVATE) is not compatible, as the struct is now smaller.
Reduce size of mbedtls_ssl_ciphersuite_t
members are defined using integral types instead of enums in
order to pack structure and reduce memory usage by internal
ciphersuite_definitions[]
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
2022-04-14 15:40:12 -04:00
Neil Armstrong
f0b1271a42
Support RSA Opaque PK keys in ssl_server2
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-04-13 10:49:25 +02:00
Thomas Daubney
88fed8e700
Rewrite ecdh_curve25519 program
...
Rewrite the example ECDH x25519 program using the
high-level ECDH API.
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
2022-04-12 14:37:16 +01:00
Dave Rodgman
ed35887fc8
Merge pull request #2104 from hanno-arm/iotssl-2071
...
Check that integer types don't use padding bits in selftest
2022-04-11 17:26:08 +01:00
Dave Rodgman
8f5a29ae40
Improve fix for printf specifier
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2022-04-11 12:59:45 +01:00
Dave Rodgman
eaba723139
Fix printf specifier
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2022-04-11 10:07:38 +01:00
Dave Rodgman
e2e7e9400b
Fail for types not of size 2, 4 or 8
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2022-04-08 12:46:30 +01:00
Hanno Becker
baae59cd49
Improve documentation of absence-of-padding check
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2022-04-08 12:46:29 +01:00
Hanno Becker
0d7dd3cd43
Check that size_t and ptrdiff_t don't have padding
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2022-04-08 12:46:26 +01:00
Hanno Becker
4ab3850605
Check that integer types don't use padding bits in selftest
...
This commit modifies programs/test/selftest to include a check that
none of the standard integer types (unsigned) [short, int, long, long]
uses padding bits, which we currently don't support.
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2022-04-08 12:45:05 +01:00
Gilles Peskine
e756f642cd
Seed the PRNG even if time() isn't available
...
time() is only needed to seed the PRNG non-deterministically. If it isn't
available, do seed it, but pick a static seed.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-04-08 04:46:41 -04:00
Gilles Peskine
99a732bf0c
Fix off-by-one in buffer_size usage
...
The added null byte was accounted for twice, once by taking
opt.buffer_size+1 when allocating the buffer and once by taking opt.buffer-1
when filling the buffer. Make opt.buffer_size the size that is actually
read, it's less confusing that way.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-06 23:34:36 +02:00
Gilles Peskine
8bb96d96cd
Fix buffer size calculation
...
Make sure that buf always has enough room for what it will contain. Before,
this was not the case if the buffer was smaller than the default response,
leading to memory corruption in ssl_server2.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-06 23:31:05 +02:00
Dave Rodgman
017a19997a
Update references to old Github organisation
...
Replace references to ARMmbed organisation with the new
org, Mbed-TLS, following project migration.
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2022-03-31 14:43:16 +01:00
Jerry Yu
79c004148d
Add PSA && TLS1_3 check_config
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-03-22 15:13:34 +08:00
Jerry Yu
3a58b462b6
add pss_rsae_sha{384,512}
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-03-22 15:13:34 +08:00
Dave Rodgman
2cecd8aaad
Merge pull request #3624 from daxtens/timeless
...
RFC: Fix builds with MBEDTLS_HAVE_TIME disabled and test
2022-03-15 16:43:19 +00:00
Manuel Pégourié-Gonnard
10e5cdbbbf
Merge pull request #5454 from gstrauss/cert_cb-user_data
...
server certificate selection callback
2022-03-10 11:51:42 +01:00
Manuel Pégourié-Gonnard
d815114f93
Merge pull request #5524 from mprse/tls_ecdh_2c
...
TLS ECDH 2c: ECHDE in TLS 1.3 (client-side)
2022-03-08 11:43:45 +01:00
Andrzej Kurek
541318ad70
Refactor ssl_context_info time printing
...
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-03-04 05:07:45 -05:00
Andrzej Kurek
554b820747
Guard cache_timeout in ssl_server2 with MBEDTLS_HAVE_TIME
...
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-03-04 05:07:45 -05:00
Andrzej Kurek
6056e7af4f
Fix benchmark and udp_proxy dependency on MBEDTLS_HAVE_TIME
...
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-03-04 05:07:45 -05:00
Andrzej Kurek
06a00afeec
Fix requirement mismatch in fuzz/common.c
...
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-03-04 05:07:45 -05:00
David Horstmann
ca53459bed
programs/fuzz: Remove superfluous MBEDTLS_HAVE_TIME
...
MBEDTLS_HAVE_TIME_ALT implies MBEDTLS_HAVE_TIME, so an extra
check for MBEDTLS_HAVE_TIME is not needed.
Signed-off-by: David Horstmann <david.horstmann@arm.com>
2022-03-04 05:07:45 -05:00
David Horstmann
4e0cc40d0f
programs/fuzz: Use build_info.h in common.h
...
Remove direct inclusion of mbedtls_config.h and replace with
build_info.h, as is the convention in Mbed TLS 3.0.
Signed-off-by: David Horstmann <david.horstmann@arm.com>
2022-03-04 05:07:45 -05:00
David Horstmann
5b9cb9e8ca
programs/test: fix build without MBEDTLS_HAVE_TIME
...
Allow programs/test/udp_proxy.c to build when MBEDTLS_HAVE_TIME is
not defined. In this case, do not attempt to seed the pseudo-random
number generator used to sometimes produce corrupt packets and other
erroneous data.
Signed-off-by: David Horstmann <david.horstmann@arm.com>
2022-03-04 05:07:45 -05:00
Raoul Strackx
9ed9bc9377
programs/ssl: Fix compile errors when MBEDTLS_HAVE_TIME is not defined
...
Signed-off-by: Raoul Strackx <raoul.strackx@fortanix.com>
[dja: add some more fixes, tweak title]
Signed-off-by: Daniel Axtens <dja@axtens.net>
2022-03-04 05:07:45 -05:00
Daniel Axtens
f071024bf8
Do not include time.h without MBEDTLS_HAVE_TIME
...
MBEDTLS_HAVE_TIME is documented as: "System has time.h and time()."
If that is not defined, do not attempt to include time.h.
A particular problem is platform-time.h, which should only be included if
MBEDTLS_HAVE_TIME is defined, which makes everything messier. Maybe it
should be refactored to have the check inside the header.
Signed-off-by: Daniel Axtens <dja@axtens.net>
2022-03-04 05:07:45 -05:00
Przemek Stekiel
3f076dfb6d
Fix comments for conditional compilation
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-03-04 09:36:46 +01:00
Glenn Strauss
48a37f01b3
Add cert_cb use to programs/ssl/ssl_server2.c
...
(for use by some tests/)
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
2022-02-25 19:55:53 -05:00
Gilles Peskine
fd222da2e9
Fix the build when MBEDTLS_PLATFORM_C is unset
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-02-25 15:26:40 +01:00
Manuel Pégourié-Gonnard
6d2479516c
Merge pull request #5533 from paul-elliott-arm/fix_fuzz_privkey_null_ctx
...
Fix null context when using dummy_rand with mbedtls_pk_parse_key()
2022-02-16 09:55:01 +01:00
Paul Elliott
5d7e61fb61
Fix uninitialised return value.
...
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2022-02-15 16:05:17 +00:00
Manuel Pégourié-Gonnard
a1b506996d
Merge pull request #5526 from paul-elliott-arm/fix_fuzzer_null_ref
...
Ensure ctr_drbg is initialised every time in fuzz_server
2022-02-15 10:31:03 +01:00
Paul Elliott
a1dc3e5a60
Add safety to dummy_random in case of NULL context
...
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2022-02-14 18:26:21 +00:00
Przemyslaw Stekiel
169f115bf0
ssl_client2: init psa crypto for TLS 1.3 build
...
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2022-02-14 17:15:04 +01:00
Paul Elliott
bb0168144e
Ensure valid context is used in fuzz_dtlsserver
...
A valid ctr_drbg context is now a prerequisite for using dummy_random()
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2022-02-14 15:57:11 +00:00
Paul Elliott
51a7679a8e
Ensure context is passed in to dummy_rand
...
In fuzz_privkey, we switched over to using dummy_rand(), which uses
ctr_drbg internally, and thus requires an initialised ctr_drbg_context
to be passed in via p_rng when calling mbedtls_pk_parse_key().
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2022-02-11 19:10:14 +00:00
Paul Elliott
00738bf65e
Ensure ctr_drbg is initialised every time
...
ctr_drbg is a local variable and thus needs initialisation every time
LLVMFuzzerTestOneInput() is called, the rest of the variables inside the
if(initialised) block are all static.
Add extra validation to attempt to catch this issue in future.
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2022-02-10 18:38:53 +00:00
Glenn Strauss
a941b62985
Create public macros for ssl_ticket key,name sizes
...
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
2022-02-09 15:28:28 -05:00
Glenn Strauss
e328245618
Add test case use of mbedtls_ssl_ticket_rotate
...
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
2022-02-09 14:33:16 -05:00
Manuel Pégourié-Gonnard
9193f7d836
Merge pull request #5436 from mpg/prog-hmac-cipher-psa
...
PSA: example programs for HMAC and AEAD vs legacy
2022-02-09 10:53:49 +01:00
Manuel Pégourié-Gonnard
ae1bae8412
Give a magic constant a name
...
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-02-08 11:36:28 +01:00
Manuel Pégourié-Gonnard
c82504e22c
Clean up output from cipher_aead_demo
...
Used to print "cipher:" when it was the cipher part of a program that
had both cipher and PSA. Now it doesn't really make sense. Align the
output to match the PSA version of this program.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-02-08 11:31:36 +01:00
Manuel Pégourié-Gonnard
5e6c884315
Improve info() function in cipher_aead_demo
...
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-02-08 11:29:59 +01:00
Manuel Pégourié-Gonnard
64754e1b8d
Wrap long lines
...
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-02-08 11:21:14 +01:00
Manuel Pégourié-Gonnard
340808ca67
Add comments on error codes
...
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-02-08 11:15:26 +01:00
Manuel Pégourié-Gonnard
48bae0295c
Avoid hardcoding a size
...
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-02-08 11:14:58 +01:00
Manuel Pégourié-Gonnard
cf99beb8fe
Improve naming consistency
...
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-02-08 10:54:26 +01:00
Manuel Pégourié-Gonnard
6f20595b6e
Merge pull request #5462 from gilles-peskine-arm/ssl-test-pkey-message-clarity
...
Clarify key types message from ssl_client2 and ssl_server2
2022-02-03 11:33:03 +01:00
Manuel Pégourié-Gonnard
1ab2d6966c
Merge pull request #5385 from AndrzejKurek/use-psa-crypto-reduced-configs
...
Resolve problems with reduced configs using USE_PSA_CRYPTO
2022-02-02 10:20:26 +01:00
Manuel Pégourié-Gonnard
f6ea19c66c
Work around bug in PSA_MAC_LENGTH()
...
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-02-01 13:08:21 +01:00
Manuel Pégourié-Gonnard
12ec5719e7
Fix bug in md_hmac_demo
...
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-02-01 09:47:46 +01:00
Manuel Pégourié-Gonnard
29088a4146
Avoid duplicate program names
...
Visual Studio and CMake didn't like having targets with the same name,
albeit in different directories.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-02-01 09:38:26 +01:00
Manuel Pégourié-Gonnard
6fdc9e8df1
Move aead_non_psa out of the psa/ directory
...
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-02-01 09:29:13 +01:00
Gilles Peskine
cc50f1be43
Fix copypasta
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-01-31 22:53:30 +01:00
Manuel Pégourié-Gonnard
69bb3f5332
Move hmac_non_psa out of psa/ directory
...
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-01-31 13:09:47 +01:00
Manuel Pégourié-Gonnard
248b385f1b
Add comments to AEAD (non-PSA) examples
...
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-01-31 12:56:39 +01:00
Manuel Pégourié-Gonnard
6349794648
Demonstrate better practices in HMAC examples
...
- avoid hardcoded sizes when there's a macro for that
- avoid mutable global variables
- zeroize potentially-sensitive local buffer on exit
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-01-31 12:30:02 +01:00
Manuel Pégourié-Gonnard
f392a02c50
Add comments to the HMAC (non-)PSA examples
...
Also clean up / align the structure on existing examples.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-01-31 12:06:07 +01:00
Manuel Pégourié-Gonnard
fd1d13c8bd
Avoid requiring too much C99 support
...
MSVC 2013, still supported and used in our CI, did not support that.
aead_psa.c(78): error C2099: initializer is not a constant
aead_psa.c(168): error C2057: expected constant expression
aead_psa.c(168): error C2466: cannot allocate an array of constant size 0
aead_psa.c(168): error C2133: 'out' : unknown size
aead_psa.c(169): warning C4034: sizeof returns 0
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-01-28 12:52:35 +01:00
Manuel Pégourié-Gonnard
7d5ef1731b
Split aead_cipher_psa
...
Same as previous commit
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-01-28 12:49:37 +01:00
Manuel Pégourié-Gonnard
edf6e83cbc
Split hmac_md_psa.c
...
Having two programs might make comparison easier, and will make it
easier to people to use just the PSA one as an example.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-01-27 12:36:39 +01:00
Manuel Pégourié-Gonnard
1a45c713f0
Fix cleanup code
...
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-01-27 12:22:28 +01:00
Manuel Pégourié-Gonnard
3aae30c224
Use PSA macros for buffer sizes
...
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-01-27 12:11:49 +01:00
Manuel Pégourié-Gonnard
beef9c231c
Use better names for dummy data
...
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-01-27 12:11:49 +01:00
Manuel Pégourié-Gonnard
428a97ed47
Improve option names
...
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-01-27 11:36:03 +01:00
Manuel Pégourié-Gonnard
0e725c33d4
Improve introductory comments.
...
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-01-27 11:35:05 +01:00
Gilles Peskine
05bf89da34
Clarify key types message from ssl_client2 and ssl_server2
...
If no key is loaded in a slot, say "none", not "invalid PK".
When listing two key types, use punctuation that's visibly a sequence
separator (",").
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-01-25 17:50:25 +01:00
Jerry Yu
11f0a9c2c4
fix deprecated-declarations error
...
replace sig_hashes with sig_alg
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-01-25 12:46:17 +08:00
Manuel Pégourié-Gonnard
fcca7cfa97
Merge pull request #5428 from gstrauss/mbedtls_ssl_ciphersuite
...
Add accessors for ciphersuite info
2022-01-24 11:13:31 +01:00
Manuel Pégourié-Gonnard
ff743a7f38
Merge pull request #5425 from gabor-mezei-arm/5181_tls_cipher_extend_testing_of_tickets
...
TLS Cipher 1a: extend testing of tickets
2022-01-24 10:25:29 +01:00
Glenn Strauss
6eef56392a
Add tests for accessors for ciphersuite info
...
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
2022-01-23 08:37:02 -05:00
Andrzej Kurek
7a58d5283b
Add missing dependencies on MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED
...
Fix dependencies across test ssl programs.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-01-19 12:34:02 -05:00
Manuel Pégourié-Gonnard
aab5258b7a
Avoid using %zu, not supported everywhere yet.
...
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-01-19 10:28:32 +01:00
Manuel Pégourié-Gonnard
24e82ded79
Fix type of temporary variable
...
Both functions use int. Using size_t results is a warning from MSVC.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-01-18 09:29:41 +01:00
Manuel Pégourié-Gonnard
763641a3f5
Rm use of non-standard __func__ in example programs
...
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-01-17 11:58:54 +01:00
Manuel Pégourié-Gonnard
9efbf53f0e
Declare incompatibility in new programs
...
Existing example programs in this directory are already incompatible
with that option, so this is probably acceptable here too.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-01-17 11:57:44 +01:00
Manuel Pégourié-Gonnard
ecffd96910
Silence compiler warning in example program
...
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-01-14 13:23:54 +01:00
Manuel Pégourié-Gonnard
398d45985b
Add example program psa/aead_cipher_psa
...
This is meant to highlight similarities and differences in the APIs.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-01-14 12:48:13 +01:00
Gabor Mezei
d4bea1efd5
Add ticket_aead option for ssl_server2
...
The ticket_aead option allows to specify the session ticket protection.
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-01-12 16:21:15 +01:00
Manuel Pégourié-Gonnard
667b556dbc
Add example program psa/hmac_md_psa
...
This is meant to highlight similarities and differences in the
multi-part HMAC APIs.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-01-07 12:20:54 +01:00
Manuel Pégourié-Gonnard
bf5b46c1ee
Fix alignment in benchmark output
...
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-01-05 10:34:17 +01:00
Manuel Pégourié-Gonnard
6ced002a69
Count allocs without side-effects
...
At the end of the benchmark program, heap stats are printed, and these
stats will be wrong if we reset counters in the middle.
Also remove the function to reset counters, in order to encourage other
programs to behave correctly as well.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-01-05 10:08:59 +01:00
Manuel Pégourié-Gonnard
cd4ad0c67a
No need to call a function to avoid a warning.
...
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-01-05 09:54:37 +01:00
Manuel Pégourié-Gonnard
68322c4594
Remove old useless function from benchmark
...
This no longer makes sense since pre-computed multiples of the base
point are now static. The function was not doing anything since `grp.T`
was set to `NULL` when exiting `ecp_mul_comb()` anyway.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-01-04 11:14:42 +01:00
Manuel Pégourié-Gonnard
c4055446c4
Use alloc counters in memory benchmarking
...
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-01-04 10:24:01 +01:00
Manuel Pégourié-Gonnard
a93aa580dc
Fix build failure in benchmark in reduced configs
...
The "proper" fix would be to define the function only when it's needed,
but the condition for that would be tedious to write (enumeration of all
symmetric crypto modules) and since this is a utility program, not the
core library, I think it's OK to keep unused functions.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-01-04 09:47:54 +01:00
Andrzej Kurek
03e01461ad
Make KEY_ID_ENCODES_OWNER compatible with USE_PSA_CRYPTO
...
Fix library references, tests and programs.
Testing is performed in the already present all.sh test.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-01-03 12:53:24 +01:00
paul-elliott-arm
f434994d83
Merge pull request #5303 from yuhaoth/pr/add_list_config_function
...
Add list config function
2021-12-10 18:30:06 +00:00
Ronald Cron
2331fdb280
Merge pull request #5293 from ronald-cron-arm/tls13-mvp-misc
...
Miscellaneous final changes for TLS 1.3 MVP release
2021-12-10 17:46:47 +01:00
Jerry Yu
29ceb564f8
fix help message issues
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-12-10 23:38:57 +08:00
Gilles Peskine
f1c30b2a94
Check return values in more places
...
Selective replacement of
```
^\( *\)\(mbedtls_\(md\|cipher\)_[A-Z_a-z0-9]+\)\((.*)\);
```
by
```
\1if( \2\4 != 0 )
\1{
\1 mbedtls_fprintf( stderr, "\2() returned error\\n" );
\1 goto exit;
\1}
```
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-12-10 14:25:45 +01:00
Ronald Cron
6f135e1148
Rename MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL to MBEDTLS_SSL_PROTO_TLS1_3
...
As we have now a minimal viable implementation of TLS 1.3,
let's remove EXPERIMENTAL from the config option enabling
it.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-12-10 13:47:55 +01:00
Jerry Yu
a15f3cc350
Add list_config into query_comile_time_config
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-12-10 16:31:01 +08:00
Jerry Yu
84e63a73cd
Add list_config generation
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-12-10 16:30:57 +08:00
Gilles Peskine
1dc3c4553d
Merge pull request #5295 from paul-elliott-arm/crypt_and_hash_prog
...
Add checks for return values to md functions in crypt and hash
2021-12-09 23:32:59 +01:00
Paul Elliott
ef9cccaf3c
Fix printf format specifier
...
Also mark function as printf variant so compiler will pickup any future
issues.
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-12-09 17:25:04 +00:00
Paul Elliott
d79d3eb736
Add checks for return values to md functions
...
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-12-09 17:18:10 +00:00
Paul Elliott
3820c150d1
Prevent resource leak
...
If -f was used as an argument twice to the program, then it would leak
the file resource, due to overwriting it on the second pass
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-12-09 12:48:51 +00:00
Dave Rodgman
351c71b7f2
Fix builds when config.h only defines MBEDTLS_BIGNUM_C
...
Fixes #4929
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2021-12-06 17:50:53 +00:00
Xiaofei Bai
d25fab6f79
Update based on comments
...
Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com>
2021-12-02 06:36:27 +00:00
Xiaofei Bai
6dc90da740
Rebased on 74217ee
and add fixes
...
Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com>
2021-11-26 08:12:43 +00:00
Xiaofei Bai
9539501120
Rebase and add fixes
...
Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com>
2021-11-26 08:09:26 +00:00
Xiaofei Bai
746f9481ea
Fix 1_3/13 usages in macros and function names
...
Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com>
2021-11-26 08:08:36 +00:00
Ronald Cron
74217ee03c
Merge pull request #5202 from xkqian/pr/add_rsa_pkcsv15
...
Pr/add rsa pkcsv15
2021-11-26 08:07:11 +01:00
Gilles Peskine
a0e57ef84f
Merge pull request #5131 from gilles-peskine-arm/dlopen-test
...
dlopen test
2021-11-25 22:03:27 +01:00
XiaokangQian
4d2329fd8a
Change code based on reviews
...
Remove support signature PKCS1 v1.5 in CertificateVerify.
Remove useless server states in test script
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2021-11-25 02:21:16 +00:00
XiaokangQian
25476a48b9
Change code based on review
...
Remove useless component in all.sh
Remove use server logs in ssh-opt.sh
Remove useless guards in ssl_client2.c
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2021-11-23 14:01:21 +00:00
XiaokangQian
ff5f6c8bb0
Refine test code and test scripts
...
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2021-11-23 08:49:51 +00:00
XiaokangQian
f977e9af6d
Add componet test and rsa signature options
...
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2021-11-23 07:19:23 +00:00
XiaokangQian
bdf26de384
Fix test failure and remove useless code
...
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2021-11-22 09:52:56 +00:00
XiaokangQian
4b82ca1b70
Refine test code and test scripts
...
Change client test code to support rsa pss signatures
Add test cases for rsa pss signature in ssl-opt.sh
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2021-11-22 05:50:12 +00:00
paul-elliott-arm
61f797adfd
Merge pull request #5111 from mprse/aps_mem_leak
...
ssl_client2, ssl_server2: add check for psa memory leaks
2021-11-17 11:54:44 +00:00