Paul Elliott
e053cb2f12
Stop platform test failures with GCC and TSAN
...
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2024-02-06 18:10:43 +00:00
Gilles Peskine
8bdd8cdc4f
Merge pull request #8729 from adeaarm/crypto_struct_client_view
...
Add a client view of the multipart contexts
2024-02-06 17:29:55 +00:00
Gilles Peskine
f45589b492
Merge pull request #8198 from silabs-Kusumit/kdf_incorrect_initial_capacity
...
KDF incorrect initial capacity
2024-02-06 17:29:43 +00:00
Gilles Peskine
137e0c1a02
Merge pull request #8761 from valeriosetti/issue4681
...
Re-introduce enum-like checks from CHECK_PARAMS
2024-02-06 17:29:38 +00:00
Gilles Peskine
fb7001f15b
Merge pull request #8738 from gilles-peskine-arm/pk_import_into_psa-use_usage
...
Implement mbedtls_pk_get_psa_attributes
2024-02-06 17:28:54 +00:00
Ryan Everett
a76a0011ab
Remove mutex calls in psa_wipe_all_key_slots
...
Code size and code style improvement, these calls aren't needed.
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
2024-02-06 16:45:54 +00:00
Valerio Setti
1810fd9ac8
add changelog
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-02-06 17:03:32 +01:00
Valerio Setti
bb76f80218
pk_wrap: use proper raw buffer length in ecdsa_sign_psa()
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-02-06 16:57:23 +01:00
Valerio Setti
cf81f69977
psa_util: smarter raw length check in mbedtls_ecdsa_raw_to_der()
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-02-06 16:57:12 +01:00
Dave Rodgman
91d5fde944
Merge pull request #8745 from adeaarm/trail_key_id_field
...
Put the id field at the end of the psa_key_attributes_s structure
2024-02-06 15:55:56 +00:00
Valerio Setti
6269f3baf4
Revert "psa_util: allow larger raw buffers in mbedtls_ecdsa_raw_to_der()"
...
This reverts commit d4fc5d9d1c
.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-02-06 16:55:18 +01:00
Ronald Cron
2261ab298f
tests: early data status: Add HRR scenario
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-02-06 16:43:33 +01:00
Ronald Cron
d6dba675b8
tests: early data status: Add "server rejects" scenario
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-02-06 16:43:33 +01:00
Ronald Cron
265273e8b3
tests: early data status: Add "not sent" scenario
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-02-06 16:43:33 +01:00
Ronald Cron
5c208d7daf
tests: ssl: Add scenario param to early data status testing function
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-02-06 16:43:33 +01:00
Ronald Cron
a7f94e49a8
tests: ssl: Add early data status unit test
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-02-06 16:43:33 +01:00
Ronald Cron
90e223364c
tls13: cli: Refine early data status
...
The main purpose of the change is to
know from the status, at any point in
the handshake, if early data can be
sent or not and why.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-02-06 16:43:33 +01:00
Ronald Cron
fe59ff794d
tls13: Send dummy CCS only once
...
Fix cases where the client was sending
two CCS, no harm but better to send only one.
Prevent to send even more CCS when early data
are involved without having to add conditional
state transitions.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-02-06 16:43:33 +01:00
Ronald Cron
bfcdc069ef
tests: ssl: Use get TLS 1.3 ticket helper for early data test
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-02-06 16:43:33 +01:00
Ronald Cron
1f6e4e4a49
tests: ssl: Add helper function to get a TLS 1.3 ticket
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-02-06 16:43:33 +01:00
Ronald Cron
ced99be007
tests: ssl: Add early data handshake option
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-02-06 16:43:33 +01:00
Ronald Cron
b4ad3e750b
tests: ssl: First reset to all zeroes options in init
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-02-06 16:43:33 +01:00
Ronald Cron
fb53647b0b
tests: ssl: Move group list to options
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-02-06 16:43:33 +01:00
Valerio Setti
2b6a7b37f4
suite_psa_crypto_util: use 521 bits data and bit-size instead of 528
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-02-06 16:21:44 +01:00
Paul Elliott
79e2e5d2d0
Add comment to set/increment step functions
...
These functions are thread safe, but using them from within multiple
threads at the same time may not have the intended effect, given order
cannot be guaranteed. Also, standardise header comment formatting.
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2024-02-06 15:10:03 +00:00
Dave Rodgman
e093281a8b
Pacify check-names
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2024-02-06 15:00:58 +00:00
Valerio Setti
94c5806a64
suite_psa_crypto_util: make ecdsa_raw_to_der_incremental() more readable
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-02-06 15:49:06 +01:00
Dave Rodgman
d09f96b829
Improve docs
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2024-02-06 13:51:58 +00:00
Valerio Setti
eae7fce829
add changelog
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-02-06 14:40:59 +01:00
Dave Rodgman
22b934e6d2
Use struct not union
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2024-02-06 13:16:13 +00:00
Dave Rodgman
f4e8234f93
Improve docs
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2024-02-06 13:16:13 +00:00
Manuel Pégourié-Gonnard
5c9cc0b30f
Merge pull request #8727 from ronald-cron-arm/tls13-ignore-early-data-when-rejected
...
TLS 1.3: SRV: Ignore early data when rejected
2024-02-06 13:16:03 +00:00
Dave Rodgman
ec9936d122
Improve gcc guards
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2024-02-06 13:04:09 +00:00
Paul Elliott
f20728ee49
Fix missed case for removing accessor
...
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2024-02-06 12:49:45 +00:00
Dave Rodgman
b327a1e706
Change unaligned access method for old gcc
...
gcc bug https://gcc.gnu.org/bugzilla/show_bug.cgi?id=94662 shows
that __attribute__ aligned may be ignored.
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2024-02-06 11:32:01 +00:00
Ronald Cron
d0a772740e
tests: early data: Complete the handshake
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-02-06 11:15:48 +01:00
Gilles Peskine
735ac3ec05
Fix builds with secp224k1 as the only curve
...
Normally, if an elliptic curve is enabled in the legacy API then it's also
enabled in the PSA API. In particular, if the legacy API has at least one
curve then that curve also works with PSA. There is an exception with
secp224k1 which PSA does not support. In a build with secp224k1 as the only
legacy curve, MBEDTLS_PK_HAVE_ECC_KEYS is enabled (because you can use the
curve through PK) but PSA does not support any elliptic curve, so we can't
run PK-PSA bridge tests.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-02-06 11:11:32 +01:00
Chien Wong
4e9683e818
Reduce many unnecessary static memory consumption
...
.data section of ssl_client1 becomes 320 bytes smaller on AMD64.
Signed-off-by: Chien Wong <m@xv97.com>
2024-02-06 17:50:44 +08:00
Valerio Setti
c213a2e1e5
adjust_legacy_from_psa: use groups instead of curves for DH
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-02-06 10:49:14 +01:00
Gilles Peskine
8a85673a39
Merge remote-tracking branch 'development' into pk_import_into_psa-use_usage
2024-02-06 10:14:17 +01:00
Valerio Setti
d4fc5d9d1c
psa_util: allow larger raw buffers in mbedtls_ecdsa_raw_to_der()
...
The only real contraint on the raw buffer is that it is large
enough to contain 2 coordinates. Larger buffers are therefore
allowed and the extra data will simply be ignored.
Note = trying to impose a strict sizing on the raw buffer causes
several failures in test suites. This suggests that it is
quite common to use larger buffer to store raw signatures.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-02-06 08:42:42 +01:00
Valerio Setti
fe329cea3f
rsa: handle buffer length similarly in private and public key parsing
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-02-06 08:00:18 +01:00
Ronald Cron
33327dab85
tests: early data: Switch to mnemonics for test scenarios
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-02-05 18:27:04 +01:00
Valerio Setti
0e60e93c12
test_suite_psa_crypto_util: improve ecdsa_der_to_raw()
...
Check that the parsing always fails if the input is truncated.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-02-05 17:59:42 +01:00
Ryan Everett
1d5fa22f9d
Fix pkcs5 aes test data
...
Remove the keyLength parameter from the AES-256 tests.
Add MBEDTLS_CIPHER_PADDING_PKCS7 to the dependencies.
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
2024-02-05 16:45:38 +00:00
Ryan Everett
9ae32704b6
Add missing dependencies for pkparse tests
...
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
2024-02-05 16:44:16 +00:00
Valerio Setti
1792bb44a0
test_suite_psa_crypto_util: add more test cases
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-02-05 17:34:49 +01:00
Ronald Cron
71c6e65d83
tls13: ssl_msg.c: Improve/add comments
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-02-05 16:54:37 +01:00
Ronald Cron
31e2d83eee
tls13: srv: Improve coding
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-02-05 16:45:57 +01:00
Bill Roberts
a4d17b34f3
pkg-config: add initial pkg-config files
...
Add three package config files for mbedtls, mbedcrypto and mbedx509.
Also update various project variables so the generated PC files have the
required data needed without hardcoding it everywhere.
This will help distros package the project following existing
conventsions between a normal and -devel package that includes the
headers and .pc files for pkg-config aware consumers.
Fixes : #228
Signed-off-by: Bill Roberts <bill.roberts@arm.com>
2024-02-05 09:40:47 -06:00