Ronald Cron
50969e3af5
ssl-opt.sh: TLS 1.3 opaque key: Add test with unsuitable sig alg
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-09-20 15:57:57 +02:00
Ronald Cron
277cdcbcde
ssl-opt.sh: tls13 opaque key: Enable client authentication
...
Enable client authentication in TLS 1.3 opaque
key tests to use the opaque key on client side.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-09-20 14:30:13 +02:00
Ronald Cron
e3196d270c
ssl-opt.sh: tls13 opaque key: Do not force version on client side
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-09-20 14:30:13 +02:00
Ronald Cron
6ec2123bf3
ssl-opt.sh: Align prefix of TLS 1.3 opaque key tests
...
Align prefix of TLS 1.3 opaque key tests
with the prefix of the othe TLS 1.3 tests.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-09-20 14:30:13 +02:00
Ronald Cron
067a1e735e
tls13: Try reasonable sig alg for CertificateVerify signature
...
Instead of fully validating beforehand
signature algorithms with regards to the
private key, do minimum validation and then
just try to compute the signature. If it
fails try another reasonable algorithm if any.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-09-20 14:30:13 +02:00
Ronald Cron
67ea2543ed
tls13: server: Add sig alg checks when selecting best certificate
...
When selecting the server certificate based on
the signature algorithms supported by the client,
check the signature algorithms as close as possible
to the way they are checked to compute the
signature for the server to prove it possesses
the private key associated to the certificate.
That way we minimize the odds of selecting a
certificate for which the server will not be
able to compute the signature to prove it
possesses the private key associated to the
certificate.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-09-20 14:26:32 +02:00
Przemek Stekiel
c454aba203
ssl-opt.sh: add tests for key_opaque_algs option
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-09-15 14:22:29 +02:00
Manuel Pégourié-Gonnard
409a620dea
Merge pull request #6255 from mprse/md_tls13
...
Driver-only hashes: TLS 1.3
2022-09-15 10:37:46 +02:00
Manuel Pégourié-Gonnard
18dff1f226
Merge pull request #5871 from superna9999/4153-psa-expose-ec-j-pake
...
Expose ECJPAKE through the PSA Crypto API
2022-09-15 09:25:55 +02:00
Ronald Cron
62e24ba186
Merge pull request #6260 from yuhaoth/pr/add-multiple-pre-config-psks
...
TLS 1.3:Add multiple pre-configured psk test for server
2022-09-15 08:58:40 +02:00
Ronald Cron
208257b39f
Merge pull request #6259 from yuhaoth/pr/add-psk_ephemeral-possible-group-tests
...
TLS 1.3: PSK: Add possible group tests for psk with ECDHE
2022-09-14 14:21:46 +02:00
Jerry Yu
673b0f9ad3
Randomize order of psks
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-09-14 18:02:26 +08:00
Manuel Pégourié-Gonnard
b2407f2b91
Merge pull request #6261 from mprse/hash_size_macro
...
Create MBEDTLS_MAX_HASH_SIZE in hash_info.h
2022-09-14 10:00:06 +02:00
Przemek Stekiel
dcec7ac3e8
test_psa_crypto_config_accel_hash_use_psa: enable tls.1.3 at the end and adapt comment
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-09-13 18:08:54 +02:00
Przemek Stekiel
a4af13a46c
test_psa_crypto_config_accel_hash_use_psa: enable TLS 1.3
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-09-13 18:08:54 +02:00
Dave Rodgman
8cc46aa22c
Merge pull request #6275 from daverodgman/fixcopyright
...
Correct copyright and license in crypto_spe.h
2022-09-13 11:23:52 +01:00
Dave Rodgman
53a18f23ac
Correct copyright and license in crypto_spe.h
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2022-09-12 17:57:32 +01:00
Andrzej Kurek
d681746a51
Split some ssl-opt.sh test cases into two
...
There's a slightly different behaviour without MBEDTLS_SSL_ASYNC_PRIVATE
that has to be handled.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-09-12 05:37:46 -04:00
Andrzej Kurek
07e3570f8c
Add an ssl-opt.sh run to all.sh for the accel_hash_use_psa config
...
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-09-12 05:37:46 -04:00
Andrzej Kurek
934e9cd47f
Switch to the new version of hash algorithm checking in ssl-opt.sh
...
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-09-12 05:34:23 -04:00
Andrzej Kurek
9c061a2d19
Add a posibility to check for the availability of hash algs to ssl-opt
...
The new function now dispatches a check for either an MBEDTLS
or PSA define to check for SHA_XXX.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-09-12 05:34:23 -04:00
Manuel Pégourié-Gonnard
f6a6a2d815
Merge pull request #6216 from AndrzejKurek/tls-tests-no-md-compat
...
TLS without MD - compat.sh addition to all.sh hash acceleration tests
2022-09-12 10:23:49 +02:00
Przemek Stekiel
40afdd2791
Make use of MBEDTLS_MAX_HASH_SIZE macro
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-09-06 14:18:45 +02:00
Neil Armstrong
2a73f21878
Fixup expected status handling in ecjpake_setup() and add more coverage for psa_pake_set_password_key()
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-09-06 11:34:54 +02:00
Jerry Yu
58af2335d9
Add possible group tests for psk with ECDHE
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-09-06 14:49:39 +08:00
Jerry Yu
079472b4c9
Add multiple pre-configured psk test for server
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-09-06 11:44:18 +08:00
Neil Armstrong
78c4e8e9cb
Make ecjpake_do_round() return void and use TEST_ASSERT with a descriptive text instead of returning a value
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-09-05 18:08:13 +02:00
Neil Armstrong
51009d7297
Add comment in ecjpake_do_round() explaining input errors can be detected any time in the input sequence
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-09-05 17:59:54 +02:00
Andrzej Kurek
5e0654a324
Add a compat.sh run to psa_crypto_config_accel_hash_use_psa
...
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-09-04 09:31:17 -04:00
Andrzej Kurek
c502210291
Adjust pkparse test dependencies
...
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-09-02 15:33:20 -04:00
Andrzej Kurek
7a32072038
Setup / deinitialize PSA in pk tests only if no MD is used
...
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-09-02 04:07:15 -04:00
Andrzej Kurek
26909f348f
Add PSA initialization and teardown to tests using pkcs5
...
If PSA is defined and there is no MD - an initialization
is required.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-09-02 04:05:37 -04:00
Andrzej Kurek
a57267c758
Add a possibility to call PSA_INIT without MBEDTLS_PSA_CRYPTO_C
...
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-09-02 04:05:37 -04:00
Andrzej Kurek
37a17e890c
Enable PKCS5 in no-md builds in all.sh
...
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-09-02 04:05:33 -04:00
Andrzej Kurek
ed98e95c81
Adjust pkcs5 test dependencies
...
Hashing via PSA is now supported
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-09-02 04:03:25 -04:00
Andrzej Kurek
dd36c76f09
Provide a version of pkcs5_pbkdf2_hmac without MD usage
...
Use the new implementation locally
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-09-02 04:03:25 -04:00
Manuel Pégourié-Gonnard
97fc247d6a
Merge pull request #6232 from AndrzejKurek/pkcs12-no-md
...
Remove MD dependency from pkcs12 module
2022-09-02 09:43:13 +02:00
Andrzej Kurek
7bd12c5d5e
Remove MD dependency from pkcs12 module
...
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-09-01 08:57:41 -04:00
Manuel Pégourié-Gonnard
0777ec1625
Merge pull request #6109 from superna9999/6100-crash-in-test-suite-x509write
...
Crash in test suite x509write config full no seedfile
2022-09-01 11:18:30 +02:00
Ronald Cron
e00d6d6b55
Merge pull request #6135 from yuhaoth/pr/tls13-finalize-external-psk-negotiation
...
TLS 1.3: SRV: Finalize external PSK negotiation
2022-08-31 17:21:57 +02:00
Jerry Yu
6688669124
replace psk&dhe with psk_or_ephemeral
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-08-31 17:08:34 +08:00
Neil Armstrong
e5fdf20a79
Make ecjpake_rounds test depends on PSA_WANT_ALG_TLS12_PSK_TO_MS
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-08-31 10:49:18 +02:00
Neil Armstrong
eae1dfcc46
Change to more efficient error injection in ecjpake_do_round()
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-08-31 10:49:18 +02:00
Neil Armstrong
db5b960a7e
Permit any psa_pake_input() step to fail when error injected in input
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-08-31 10:49:18 +02:00
Neil Armstrong
75673abef5
Only build ecjpake_do_round() is PSA_WANT_ALG_JPAKE is defined
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-08-31 10:49:18 +02:00
Neil Armstrong
8c2e8a6cda
Add ecjpake_rounds_inject tests to exercise error injection
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-08-31 10:49:18 +02:00
Neil Armstrong
f983caf6c4
Move JPAKE rounds into a common function, add reordering and error injection
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-08-31 10:49:18 +02:00
Neil Armstrong
1e855601ca
Fix psa_pake_get_implicit_key() state & add corresponding tests in ecjpake_rounds()
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-08-31 10:49:18 +02:00
Neil Armstrong
a557cb8c8b
Fixing XXX_ALG_ECJPAKE to XXX_ALG_JPAKE to match specification
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-08-31 10:49:18 +02:00
Neil Armstrong
a24278a74a
Add invalid hash ecjpake_setup() test case
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-08-31 10:49:18 +02:00