Commit graph

20725 commits

Author SHA1 Message Date
Jerry Yu
0a430c8aaf Rename resumption_key and the hardcode len
`resumption_key` is better name.

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-07-20 11:07:29 +08:00
Jerry Yu
b14413804a Remove ticket_flags
It should be added later.

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-07-20 11:07:29 +08:00
Jerry Yu
08aed4def9 fix comments and time_t type issues
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-07-20 11:07:29 +08:00
Jerry Yu
a0446a0344 Add check_return flag
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-07-20 11:07:29 +08:00
Jerry Yu
4e6c42a533 fix various issues
- wrong typo
- unnecessary comments/debug code
- wrong location

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-07-20 11:07:29 +08:00
Jerry Yu
cb3b1396f3 move resume psk ticket computation to end
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-07-20 11:07:29 +08:00
Jerry Yu
af2c0c8dd6 fix various comment/format issues
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-07-20 11:07:29 +08:00
Jerry Yu
a357cf4d4c Rename new_session_ticket state
Both client and server side use
`MBEDTLS_SSL_NEW_SESSION_TICKET` now

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-07-20 11:07:29 +08:00
Jerry Yu
29ab32d0e5 Add client side tests
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-07-20 11:07:29 +08:00
Jerry Yu
2b4f02d7fb Add new_session_ticket err handler
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-07-20 11:07:29 +08:00
Jerry Yu
f8a4994ec7 Add tls13 new session ticket parser
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-07-20 11:07:29 +08:00
Jerry Yu
c62ae5f539 Add new session ticket message check
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-07-20 11:07:29 +08:00
Jerry Yu
a270f67340 Add tls13 session fields
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-07-20 11:07:29 +08:00
Jerry Yu
0038c5ff1c Add ticket nonce setting
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-07-20 11:07:29 +08:00
Neil Armstrong
5ea65173fb Rm useless use of MD in ECDSA test functions
We had a message in the data file, and were computing its hash in the
test function. It is more efficient (and simpler when it comes to
dependencies) to directly have the message hash in the data file.

It was probably this way because some test vectors provide the message
for the sake of all-in-one implementation that hash-and-sign at once.
But our API gets a hash as the input and signs it. In unit tests, this
should be reflected in the signature of the test function, which should
take a hash as input.

The changes to the .data file were done using the following python
script:

import hashlib

suite = 'ecdsa'

functions = {
        'ecdsa_det_test_vectors': (3, 4),
        'ecdsa_write_restart': (3, 4),
}

def hash_ctx(s):
    if s == 'MBEDTLS_MD_MD5':
        return hashlib.md5()
    if s == 'MBEDTLS_MD_SHA1':
        return hashlib.sha1()
    if s == 'MBEDTLS_MD_SHA224':
        return hashlib.sha224()
    if s == 'MBEDTLS_MD_SHA256':
        return hashlib.sha256()
    if s == 'MBEDTLS_MD_SHA384':
        return hashlib.sha384()
    if s == 'MBEDTLS_MD_SHA512':
        return hashlib.sha512()

def fix(l):
    parts = l.rstrip().split(":")

    fun = parts[0]
    if fun not in functions:
        return l

    (alg_idx, msg_idx) = functions[fun]

    alg_str = parts[alg_idx]
    if alg_str == "MBEDTLS_MD_NONE":
        return l
    h = hash_ctx(alg_str)

    msg_str = parts[msg_idx][1:-1]
    h.update(msg_str.encode('ascii'))
    msg_hash = h.hexdigest()
    msg_hash_str = '"' + msg_hash.upper() + '"'

    parts[msg_idx] = msg_hash_str
    return ":".join(parts) + '\n'

filename = 'tests/suites/test_suite_' + suite + '.data'
with open(filename) as f:
    lines = f.readlines()

lines = [fix(l) for l in lines]

with open(filename, 'w') as f:
    f.writelines(lines)

Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-07-19 21:03:29 +02:00
Paul Elliott
582f72bf3b Fix linking of generated files in cmake
If generation of files is turned off, and a file is missing, when
building in tree with cmake, you can end up with the generated file
being turned into a symlink to itself. This will also break any future
attempt at building with make. Fix this by testing if the file exists
prior to attempting to link it.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2022-07-19 17:23:30 +01:00
Tom Cosgrove
d99f24c792 Add a ChangeLog entry
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2022-07-19 08:55:48 +01:00
Manuel Pégourié-Gonnard
d82a9edc63 Rm now-duplicate helper function
Again, the guards are slightly different, let's see in the CI if this
causes any trouble.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-07-18 21:28:38 +02:00
Manuel Pégourié-Gonnard
130fa4d376 Rm local helper now that a global one is available
There is a small difference: the global function only works for hashes
that are included in the build, while the old one worked for all hashes
regardless of whether they were enabled or not.

We'll see in the CI is this causes any issues.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-07-18 21:28:38 +02:00
Manuel Pégourié-Gonnard
abac037a7b Migrate from old inline to new actual function.
This is mostly:

    sed -i 's/mbedtls_psa_translate_md/mbedtls_hash_info_psa_from_md/' \
    library/*.c tests/suites/*.function

This should be good for code size as the old inline function was used
from 10 translation units inside the library, so we have 10 copies at
least.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-07-18 21:28:38 +02:00
Manuel Pégourié-Gonnard
4772884133 New internal module for managing hash information
Using static inline functions is bad for code size; the function from
md_internal.h was already used from 3 different C files, so already was
copied at least 3 times in the library, and this would only get worse
over time.

Use actual functions, and also share the actual data between them.

Provide a consistent set of operations. Conversion to/from
human-readable string was omitted for now but could be added later if
needed.

In the future, this can be used to replace other similar (inline)
functions that are currently scattered, including (but perhaps not
limited to):
- mbedtls_psa_translate_md() from psa_util.h
- mbedtls_md_info_from_psa() (indirectly) from psa_crypto_hash.h
- get_md_alg_from_psa() from psa_crypto_rsa.c

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-07-18 21:28:38 +02:00
Peter Korsgaard
c0546e351f bn_mul.h: fix x86 PIC inline ASM compilation with GCC < 5
Fixes #1910

With ebx added to the MULADDC_STOP clobber list to fix #1550, the inline
assembly fails to build with GCC < 5 in PIC mode with the following error:

include/mbedtls/bn_mul.h:46:13: error: PIC register clobbered by ‘ebx’ in ‘asm’

This is because older GCC versions treated the x86 ebx register (which is
used for the GOT) as a fixed reserved register when building as PIC.

This is fixed by an improved register allocator in GCC 5+.  From the release
notes:

Register allocation improvements: Reuse of the PIC hard register, instead of
using a fixed register, was implemented on x86/x86-64 targets.  This
improves generated PIC code performance as more hard registers can be used.

https://www.gnu.org/software/gcc/gcc-5/changes.html

As a workaround, detect this situation and disable the inline assembly,
similar to the MULADDC_CANNOT_USE_R7 logic.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2022-07-18 17:31:13 +01:00
Manuel Pégourié-Gonnard
1f7f7172dc Document existing dependency of MD_C
Trying to compile MD_C without any of the hash modules would result in a
bunch of unused parameter warning (hence errors in -Werror builds).

We could silence those warnings by casting the parameters to void, but
still, compiling the module in such a configuration would mean all of
its functions are useless (always returning an error).

Seems better to just document the dependency.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-07-18 12:49:20 +02:00
Manuel Pégourié-Gonnard
8c7b81cdf9 Fix a bunch of typos
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-07-18 12:49:20 +02:00
Manuel Pégourié-Gonnard
1c402a4217 Remove macro that's no longer used
It was only used in test_suite_pk which was fixed to no longer compute
hashes in a temporary buffer.

Also, it's not entirely clear is this macro was really a good idea:
perhaps it's better for each user to have an explicit #if
defined(MBEDTSL_USE_PSA_CRYPTO) and use either MBEDTLS_MD_MAX_SIZE or
PSA_HASH_MAX_SIZE in each branch of that #if.

So, removing it for the time being.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-07-18 12:49:19 +02:00
Ronald Cron
d5b1eb51db
Merge pull request #6078 from yuhaoth/pr/add-tls13-paser-psk-kex-mode-ext
TLS 1.3: PSK: Add parser of psk kex mode ext on server side
2022-07-18 11:34:24 +02:00
Manuel Pégourié-Gonnard
4608c48b0c Rm useless use of MD in PK test functions
Same rationale as previous "Rm useless use of MD" commits.

Here the first two test functions were already not depending on MD_C,
but the new version is much simpler, as it avoids having two versions of
the code depending on the value of USE_PSA.

Changes to the data file generated with the following Python script:

import hashlib

suite = 'pk'
functions = {
        'pk_rsa_verify_test_vec': (2, 1, True),
        'pk_rsa_verify_ext_test_vec': (2, 1, True),
        'pk_sign_verify_restart': (6, 7, False),
}

def hash_ctx(s):
    if s == 'MBEDTLS_MD_MD5':
        return hashlib.md5()
    if s == 'MBEDTLS_MD_SHA1':
        return hashlib.sha1()
    if s == 'MBEDTLS_MD_SHA224':
        return hashlib.sha224()
    if s == 'MBEDTLS_MD_SHA256':
        return hashlib.sha256()
    if s == 'MBEDTLS_MD_SHA384':
        return hashlib.sha384()
    if s == 'MBEDTLS_MD_SHA512':
        return hashlib.sha512()
    if s == 'MBEDTLS_MD_RIPEMD160':
        return hashlib.new("ripemd160")

def fix(l):
    parts = l.rstrip().split(":")

    fun = parts[0]
    if fun not in functions:
        return l

    (alg_idx, msg_idx, is_hex) = functions[fun]

    alg_str = parts[alg_idx]
    if alg_str == "MBEDTLS_MD_NONE" or alg_str == "255":
        return l
    h = hash_ctx(alg_str)

    msg_str = parts[msg_idx][1:-1]
    msg = bytes.fromhex(msg_str) if is_hex else bytes(msg_str, 'ascii')
    h.update(msg)
    msg_hash = h.hexdigest()
    msg_hash_str = '"' + msg_hash + '"'

    parts[msg_idx] = msg_hash_str
    return ":".join(parts) + '\n'

filename = 'tests/suites/test_suite_' + suite + '.data'
with open(filename) as f:
    lines = f.readlines()

lines = [fix(l) for l in lines]

with open(filename, 'w') as f:
    f.writelines(lines)

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-07-18 10:55:56 +02:00
Manuel Pégourié-Gonnard
5ef4e8d9b9 Don't depend on strong entropy for RSA tests
Tests are not here to demonstrate best practice, but to test a specific
part of the code. Using an RNG provided by the test framework also makes
the test code more focused on what we actually mean to test.

This brings the number of tests skipped in test_suite_rsa in
test_psa_crypto_config_accel_hash_use_psa down to 0 (from 50).

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-07-16 08:57:19 +02:00
Manuel Pégourié-Gonnard
1d1174a5c3 Rm spurious declared dependency in test_suite_rsa
Probably the result of copy-pasting: the test functions actually don't
use those modules at all.

This brings the number of tests skipped in test_suite_rsa in
test_psa_crypto_config_accel_hash_use_psa down to 50 (from 61).

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-07-16 08:41:34 +02:00
Manuel Pégourié-Gonnard
236c4e22f7 Adjust test dependencies after last commit
This brings the number of tests skipped in test_suite_rsa in
test_psa_crypto_config_accel_hash_use_psa down to 61 (from 117).

The changes to the test data file were generated with:

    sed -i -f or_psa_hash.sed tests/suites/test_suite_rsa.data

with or_psa_hash.sed containing:

    s/MBEDTLS_MD5_C/MBEDTLS_OR_PSA_WANT_ALG_MD5/g
    s/MBEDTLS_RIPEMD160_C/MBEDTLS_OR_PSA_WANT_ALG_RIPEMD160/g
    s/MBEDTLS_SHA1_C/MBEDTLS_OR_PSA_WANT_ALG_SHA_1/g
    s/MBEDTLS_SHA224_C/MBEDTLS_OR_PSA_WANT_ALG_SHA_224/g
    s/MBEDTLS_SHA256_C/MBEDTLS_OR_PSA_WANT_ALG_SHA_256/g
    s/MBEDTLS_SHA384_C/MBEDTLS_OR_PSA_WANT_ALG_SHA_384/g
    s/MBEDTLS_SHA512_C/MBEDTLS_OR_PSA_WANT_ALG_SHA_512/g

Here the MBEDTLS_OR_PSA_xxx macros are the right choice as we just need
data about the hashes to be available.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-07-16 08:38:35 +02:00
Manuel Pégourié-Gonnard
a4aa12f0a1 Rm useless use of MD in RSA test functions
Same rationale as two commits ago.

Changes to the data file generated with the following script:

import hashlib

suite = 'rsa'
functions = {
        'mbedtls_rsa_pkcs1_sign': (3, 1),
        'mbedtls_rsa_pkcs1_verify': (3, 1),
}

def hash_ctx(s):
    if s == 'MBEDTLS_MD_MD5':
        return hashlib.md5()
    if s == 'MBEDTLS_MD_SHA1':
        return hashlib.sha1()
    if s == 'MBEDTLS_MD_SHA224':
        return hashlib.sha224()
    if s == 'MBEDTLS_MD_SHA256':
        return hashlib.sha256()
    if s == 'MBEDTLS_MD_SHA384':
        return hashlib.sha384()
    if s == 'MBEDTLS_MD_SHA512':
        return hashlib.sha512()
    if s == 'MBEDTLS_MD_RIPEMD160':
        return hashlib.new("ripemd160")

def fix(l):
    parts = l.rstrip().split(":")

    fun = parts[0]
    if fun not in functions:
        return l

    (alg_idx, msg_idx) = functions[fun]

    alg_str = parts[alg_idx]
    if alg_str == "MBEDTLS_MD_NONE" or alg_str == "255":
        return l
    h = hash_ctx(alg_str)

    msg_str = parts[msg_idx]
    msg_hex = msg_str[1:-1]
    msg = bytes.fromhex(msg_hex)
    h.update(msg)
    msg_hash = h.hexdigest()
    msg_hash_str = '"' + msg_hash + '"'

    parts[msg_idx] = msg_hash_str
    return ":".join(parts) + '\n'

filename = 'tests/suites/test_suite_' + suite + '.data'
with open(filename) as f:
    lines = f.readlines()

lines = [fix(l) for l in lines]

with open(filename, 'w') as f:
    f.writelines(lines)

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-07-16 08:20:26 +02:00
Manuel Pégourié-Gonnard
5ce9959185 Adjust test dependencies after last commit
This brings the number of tests skipped in test_suite_pkcs1_v15 in
test_psa_crypto_config_accel_hash_use_psa to 0.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-07-16 08:07:51 +02:00
Manuel Pégourié-Gonnard
a9e1d9953e Rm useless use of MD in PKCS#1v1.5 test functions
We had a message in the data file, and were computing its hash in the
test function. It is more efficient (and simpler when it comes to
dependencies) to directly have the message hash in the data file.

It was probably this way because some test vectors provide the message
for the sake of all-in-one implementation that hash-and-sign at once.
But our API gets a hash as the input and signs it. In unit tests, this
should be reflected in the signature of the test function, which should
take a hash as input.

The changes to the .data file were done using the following python
script:

import hashlib

suite = 'pkcs1_v15'

functions = {
        'pkcs1_rsassa_v15_sign': (10, 12),
        'pkcs1_rsassa_v15_verify': (6, 8),
}

def hash_ctx(s):
    if s == 'MBEDTLS_MD_MD5':
        return hashlib.md5()
    if s == 'MBEDTLS_MD_SHA1':
        return hashlib.sha1()
    if s == 'MBEDTLS_MD_SHA224':
        return hashlib.sha224()
    if s == 'MBEDTLS_MD_SHA256':
        return hashlib.sha256()
    if s == 'MBEDTLS_MD_SHA384':
        return hashlib.sha384()
    if s == 'MBEDTLS_MD_SHA512':
        return hashlib.sha512()

def fix(l):
    parts = l.rstrip().split(":")

    fun = parts[0]
    if fun not in functions:
        return l

    (alg_idx, msg_idx) = functions[fun]

    alg_str = parts[alg_idx]
    if alg_str == "MBEDTLS_MD_NONE":
        return l
    h = hash_ctx(alg_str)

    msg_str = parts[msg_idx]
    msg_hex = msg_str[1:-1]
    msg = bytes.fromhex(msg_hex)
    h.update(msg)
    msg_hash = h.hexdigest()
    msg_hash_str = '"' + msg_hash + '"'

    parts[msg_idx] = msg_hash_str
    return ":".join(parts) + '\n'

filename = 'tests/suites/test_suite_' + suite + '.data'
with open(filename) as f:
    lines = f.readlines()

lines = [fix(l) for l in lines]

with open(filename, 'w') as f:
    f.writelines(lines)

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-07-16 08:07:02 +02:00
Manuel Pégourié-Gonnard
4c1087f474 Use MBEDTLS_OR_PSA_WANT_xxx in test_suite_rsa
The encrypt/decrypt cases don't depend on actually computing a hash,
just on information about it being available, and this information is
guarded by MBEDTLS_OR_PSA_WANT_xxx.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-07-15 12:08:14 +02:00
Manuel Pégourié-Gonnard
f88b1b5375 Introduce MBEDTLS_OR_PSA_WANT_xxx helper macros
Currently just replacing existing uses, but the real point of having
these conditions as a single macro is that we'll be able to use them in
tests case dependencies, see next commit.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-07-15 12:08:14 +02:00
Jerry Yu
854dd9e23f fix comment issue
Co-authored-by: Xiaokang Qian <53458466+xkqian@users.noreply.github.com>
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-07-15 14:38:38 +08:00
Paul Elliott
0b5f4950cc
Merge pull request #5953 from tuvshinzayaArm/update-document-PSA_ALG_RSA_PSS
Update documentation of PSA_ALG_RSA_PSS
2022-07-14 10:40:21 +01:00
Jerry Yu
c52e3bd93b Improve comment
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-07-14 10:49:47 +08:00
Jerry Yu
299e31f10e fix various issue
- remove unused test case
- add alert message
- improve readabitlity

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-07-13 23:06:36 +08:00
Manuel Pégourié-Gonnard
3637c516a4 Refine dependencies in test_suite_pkcs1_v15
Having the whole .function file depend on SHA-1 was wrong: dependencies
in .function files are for compile-time dependencies all functions in
this file build just fine without SHA-1. It's just some tests cases that
do need SHA-1 at runtime, use dependencies on those specific tests in
the .data file then.

This reduces the number of cases skipped in this test suite in
test_psa_crypto_config_accel_hash_use_psa from 28 (all of them) down to
12 (those that actually use SHA-1 as opposed to no hash).

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-07-13 12:41:36 +02:00
Dave Rodgman
0dca5ef773
Merge pull request #6081 from daverodgman/assemble-cl-case
Fix case of Mbed TLS in assemble_changelog.py
2022-07-12 16:48:20 +01:00
Paul Elliott
72fa1c23ed
Merge pull request #960 from paul-elliott-arm/merge-into-3.2.1
Merge 3.2.1 into development
2022-07-12 16:24:10 +01:00
Paul Elliott
af4b90db3f Revert "Add missing library/psa_crypto_driver_wrappers.c"
This reverts commit c2a9387110

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2022-07-12 11:30:17 +01:00
Paul Elliott
81c69b547a Revert "Revert "Revert "Add generated files for 3.2.0 release"""
This reverts commit 185d24ba0e.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2022-07-12 11:29:34 +01:00
Jerry Yu
fe52e55301 redirect stderr output in ubuntu22.04
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-07-12 09:53:37 +00:00
Jerry Yu
e36397d13b add tests for psk_key_exchange_mode
To confirm, psk_key_exchange_modes were received and
parsed.

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-07-12 09:53:36 +00:00
Jerry Yu
e19e3b9eb8 Add psk_key_exchange_modes parser
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-07-12 09:53:35 +00:00
Paul Elliott
869298bffe Add 3.2.1 Changelog
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2022-07-12 10:51:55 +01:00
Paul Elliott
cd08ba0326 Bump version to 3.2.1
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2022-07-12 10:51:55 +01:00
Dave Rodgman
c2a9387110 Add missing library/psa_crypto_driver_wrappers.c
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2022-07-12 10:51:55 +01:00