Commit graph

19058 commits

Author SHA1 Message Date
Gilles Peskine
1f13e984ad
Merge pull request #5529 from superna9999/5514-translate-psa-errs-to-mbedtls
Rename, move and refine PSA to mbedtls PK errors mappings
2022-03-03 13:30:29 +01:00
Gilles Peskine
644b3f6072 Unify module documentation with --help text
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-03-03 10:23:09 +01:00
Gilles Peskine
93c2a42166 Don't require ABI tools if not checking the ABI
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-03-03 10:22:36 +01:00
Gilles Peskine
d929dbbb25
Merge pull request #5368 from mfil/feature/additional_md_getters
Add function to get message digest info from context
2022-03-02 16:44:26 +01:00
Gilles Peskine
5459a15863
Merge pull request #5365 from Tachi107/msvc-utf-8
build(msvc): always assume source files are in UTF-8
2022-03-02 16:42:33 +01:00
Gilles Peskine
e8c8300190
Merge pull request #5581 from superna9999/pk-move-rename-rsa-ec-key-sizes
Move max sizes of RSA & EC DER keys into public header
2022-03-02 16:41:53 +01:00
Przemek Stekiel
38df86cc6c Simplyfy asymmetric_decrypt() test function
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-03-02 09:11:04 +01:00
Przemek Stekiel
e894c5c4a5 Fix code style (indentation) in ssl_tls13_generate_and_write_ecdh_key_exchange()
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-03-02 08:45:56 +01:00
Gilles Peskine
a9b4c436ee
Merge pull request #5588 from gilles-peskine-arm/mypy-on-jenkins
Make mypy unconditional
2022-03-01 20:48:42 +01:00
Gilles Peskine
e356f075f5
Merge pull request #5512 from gilles-peskine-arm/psa-driver-interface-tweaks-202201
PSA driver description spec: minor tweaks to the JSON format
2022-03-01 20:46:14 +01:00
Gilles Peskine
92e08fba4c
Merge pull request #5475 from miudr/fix_issue_5140
Fix AEAD multipart incorrect offset in test_suite_psa_crypto.function
2022-03-01 20:45:54 +01:00
Dave Rodgman
2cf0d4f072
Merge pull request #5584 from gilles-peskine-arm/cmake-Wunused-function
Build tests with -Wunused-function with cmake
2022-03-01 19:17:16 +00:00
Paul Elliott
06898650f9
Merge pull request #5471 from yuhaoth/pr/add-tls13-client-certificate-verify
TLS1.3: Add write client Certificate and CertificateVerify
2022-03-01 18:42:00 +00:00
Przemek Stekiel
4400be408b Adapt test cases for invalid bits with and without ECC keys enabled
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-03-01 17:02:46 +01:00
Przemek Stekiel
15565eeb59 Move publick key check out of MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-03-01 17:01:39 +01:00
Neil Armstrong
19915c2c00 Rename error translation functions and move them to library/pk_wrap.*
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-03-01 15:21:02 +01:00
Przemek Stekiel
a81aed2dae Clean up init values of psa crypto status and fix switch default case
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-03-01 15:13:30 +01:00
Przemek Stekiel
f110dc05be Clenup conditional compilation flags.
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-03-01 14:48:05 +01:00
Przemek Stekiel
dcab6ccb3b Return PSA_ERROR_INVALID_ARGUMENT for a public key, and PSA_ERROR_NOT_SUPPORTED for a type that is not handled.
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-03-01 14:29:49 +01:00
Neil Armstrong
0f49f83625 Use now shared ECP_PUB_DER_MAX_BYTES define in pk_wrap.c
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-03-01 10:05:33 +01:00
Neil Armstrong
e9ecd27890 Rename max sizes of RSA & EC DER keys defines
Rename to match the required pattern of defines:
'^(MBEDTLS|PSA)_[0-9A-Z_]*[0-9A-Z]$'

Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-03-01 10:03:21 +01:00
Neil Armstrong
e0326a6acc Move max sizes of RSA & EC DER keys into private pkwrite.h
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-03-01 09:58:58 +01:00
Gilles Peskine
5831b4fd77
Merge pull request #5372 from AndrzejKurek/doxygen-fixes-compact-doxyfile
Remove default values and comments from mbedtls.doxyfile
2022-02-28 23:49:15 +01:00
Neil Armstrong
4766f99fe5 Add multi-part mac sign/verify test
The test is based on the AEAD multi-part test, re-using the
design on aead_multipart_internal_func() to test differnet
sequence of psa_mac_update() for MAC update or verify.

Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-02-28 18:37:30 +01:00
Gilles Peskine
f48bd4bccb
Merge pull request #5371 from AndrzejKurek/doxygen-duplicate-parameter-docs
doxygen: merge multiple descriptions of the same return codes
2022-02-28 17:09:45 +01:00
Gilles Peskine
0037fcd6c7
Merge pull request #4910 from gilles-peskine-arm/check_config-chachapoly-development
Add check_config checks for AEAD
2022-02-28 17:07:48 +01:00
Gilles Peskine
254efe5f0c Make mypy unconditional
Running mypy was optional for a transition period when it wasn't installed
on the CI. Now that it is, make it mandatory, to avoid silently skipping an
expected check if mypy doesn't work for some reason.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-02-28 16:06:36 +01:00
Neil Armstrong
60234f87a6 Revert "Introduce new mac_key_policy_multi() variant of mac_key_policy() testing multiple updates occurences"
This reverts commit 3ccd08b343.

Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-02-28 15:21:38 +01:00
Gilles Peskine
9c656ec718 Fix unused function warning
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-02-26 19:56:12 +01:00
Gilles Peskine
d5438a5678 Enable -Wunused-function in cmake builds for tests
This has been the case when building with make since
d3d8a64dfa. Be consistent.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-02-26 19:54:41 +01:00
Glenn Strauss
0ebf24a668 Adjust comment describing mbedtls_ssl_conf_sni()
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
2022-02-25 19:55:53 -05:00
Glenn Strauss
48a37f01b3 Add cert_cb use to programs/ssl/ssl_server2.c
(for use by some tests/)

Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
2022-02-25 19:55:53 -05:00
Glenn Strauss
6989407261 Add accessor to retrieve SNI during handshake
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
2022-02-25 19:55:53 -05:00
Glenn Strauss
36872dbd0b Provide means to reset handshake cert list
Extend mbedtls_ssl_set_hs_own_cert() to reset handshake cert list
if cert provided is null.  Previously, mbedtls_ssl_set_hs_own_cert()
only provided a way to append to the handshake certificate list,
without providing a way to replace the handshake certificate list.

Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
2022-02-25 19:55:48 -05:00
Glenn Strauss
2ed95279c0 Add server certificate selection callback
https://github.com/ARMmbed/mbedtls/issues/5430

Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
2022-02-25 17:31:49 -05:00
Steven Cooreman
4b94f10b93 Add changelog entry for zeroizing key buffers before freeing
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2022-02-25 16:53:11 +01:00
Neil Armstrong
3ccd08b343 Introduce new mac_key_policy_multi() variant of mac_key_policy() testing multiple updates occurences
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-02-25 16:15:08 +01:00
Neil Armstrong
ee9686b446 Fix style issue in hash_setup()
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-02-25 15:47:34 +01:00
Gilles Peskine
9a34b60a99
Merge pull request #5576 from AndrzejKurek/raw-key-agreement-destroy-missing
Add missing key destruction calls in ssl_write_client_key_exchange
2022-02-25 13:34:08 +01:00
Steven Cooreman
cd5be32191 Erase secrets in allocated memory before freeing said memory
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2022-02-25 11:14:59 +01:00
Andrzej Kurek
a0237f86d3 Add missing key destruction calls in ssl_write_client_key_exchange
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-02-25 04:36:40 -05:00
Tom Cosgrove
7e7aba8c9d Rename mbedtls_a64_crypto_sha256_check_support() to mbedtls_a64_crypto_sha256_determine_support()
The Mbed TLS coding standard specifies that "check" functions must return 0
for success (i.e. feature present), while "has" functions should return 1 for
true. Since we were using "check" to do the actual check, and "has" to get the
cached value, having inverted values here would be confusing.  Therefore,
rename "check" to "determine", as that's what those functions are doing.

Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2022-02-24 08:33:11 +00:00
Andrea Pappacoda
9202909d07
build(msvc): always assume source files are in UTF-8
Fixes https://github.com/ARMmbed/mbedtls/issues/4205

Signed-off-by: Andrea Pappacoda <andrea@pappacoda.it>
2022-02-23 23:13:09 +01:00
Jerry Yu
71f36f1d2e change alert message type
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-02-23 17:34:29 +08:00
Jerry Yu
0b7b101b3b fix warnings
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-02-23 12:26:48 +08:00
Jerry Yu
2ff6ba1df0 Remove rsa_pss_rsae_sha256 support.
Sign rsa is not thread safe. Remove it from current code.
And a thread-safe version should be re-introduce in future.

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-02-23 10:38:25 +08:00
Gilles Peskine
790f7428d2 Storage format test regressions are now checked mechanically
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-02-22 19:16:42 +01:00
Gilles Peskine
ca586a53e8 Look at manually written read tests as well
The storage format comparison has a dual purpose: detect format changes that
lead to a loss of backward compatibility, and detect loss of test coverage.
For loss of backward compatibility, the read tests are the relevant ones.
For loss of test coverage, all generated test cases are potentially
relevant, but this script currently focuses on storage format (where a loss
of test coverage may be a symptom of a loss of backward compatibility).

Therefore, storage format test comparison now looks at manually written
storage format tests, but only if they're read tests.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-02-22 19:12:47 +01:00
Przemyslaw Stekiel
91ebfc0402 Adapt compilation flags for ECC key derivation
Use conditional compilation flags for building ECC key derivation code consistent with flags used for mbedtls_ecc_group_of_psa().

Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2022-02-22 15:50:30 +01:00
Neil Armstrong
3f9cef4547 Remove actual and use new PSA to mbedtls PK errors mapping functions
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-02-22 15:44:39 +01:00