Valerio Setti
785116a5be
test: pake: modify opaque key verification before destruction
...
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2022-12-12 11:59:25 +01:00
Valerio Setti
31e99bb0c7
test: pake: fix: destroy key only in opaque case
...
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2022-12-09 14:35:10 +01:00
Valerio Setti
016f682796
tls: pake: small code refactoring for password setting functions
...
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2022-12-09 14:17:50 +01:00
Valerio Setti
9d313dfeeb
test: pake: minor enhancement for opaque keys
...
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2022-12-09 11:38:59 +01:00
Valerio Setti
eb3f788b03
tls: pake: do not destroy password key in TLS
...
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2022-12-08 18:42:58 +01:00
Valerio Setti
2a3ffb4203
test: pake: add test for opaque password key
...
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2022-12-08 16:27:46 +01:00
Valerio Setti
ae7fe7ee53
tls: pake: avoid useless psa_pake_abort in setting opaque password
...
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2022-12-07 17:36:59 +01:00
Valerio Setti
70d1fa538a
tls: pake: fix missing return values check
...
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2022-12-07 16:20:27 +01:00
Valerio Setti
f11e05a413
test: psa: minor improvements to test
...
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2022-12-07 16:02:45 +01:00
Valerio Setti
d5fa0bfb85
test: pake: check psa key validity before destroying it
...
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2022-12-07 16:02:42 +01:00
Valerio Setti
c689ed8633
tls: pake: minor adjustments
...
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2022-12-07 14:40:38 +01:00
Valerio Setti
ba22c9c1ff
test: pake: remove useless check in ssl_ecjpake_set_password()
...
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2022-12-06 11:42:33 +01:00
Valerio Setti
2e1e43fb82
test: pake: fix error in ssl_ecjpake_set_password()
...
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2022-12-06 11:41:57 +01:00
Valerio Setti
70e029006d
test: pake: fix mixed testing in test_tls1_2_ecjpake_compatibility
...
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2022-12-02 16:21:56 +01:00
Valerio Setti
d6feb20869
test: pake: allow opaque password only when USE_PSA is enabled
...
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2022-12-02 14:28:49 +01:00
Valerio Setti
e7518ba28e
test: pake: reshaping the ssl_ecjpake_set_password()
...
Removed the "error injection" strategy. Now the functions checks
for all the errors in a row.
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2022-12-02 12:09:43 +01:00
Valerio Setti
757f359474
tls: pake: do not destroy key on errors while setting opaque password
...
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2022-12-02 11:07:11 +01:00
Valerio Setti
e98db0b866
tls: pake: fix description for mbedtls_ssl_set_hs_ecjpake_password_opaque
...
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2022-12-01 16:52:57 +01:00
Valerio Setti
b287ddff7e
test: psa_pake: add more tests for opaque password setting
...
Added mixed cases:
- server using opaque password, while client not
- client using opaque password, while server not
Added a test with mismatched passwords in case both server and
client are using opaque passwords (the same test was already
present for the non-opaque case)
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2022-12-01 16:18:12 +01:00
Valerio Setti
dc40bbc2d7
test: pake: remove redundant test for opaque passwords
...
This is already covered by other already existing cases such as
"component_test_full_cmake_gcc_asan" which build with
"config.py full" and run all "ssl-opt.sh" test cases.
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2022-12-01 15:25:49 +01:00
Valerio Setti
4452e98ec1
test: pake: add tests for set password functions
...
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2022-12-01 15:08:35 +01:00
Valerio Setti
0944329036
tls: pake: add check for empty passwords in mbedtls_ssl_set_hs_ecjpake_password()
...
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2022-12-01 15:06:09 +01:00
Valerio Setti
a6b69dabc5
test: psa_pake: add a separate test for opaque password
...
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2022-11-30 16:44:49 +01:00
Valerio Setti
661b9bca75
test: psa_pake: add specific log message for the opaque password
...
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2022-11-29 17:28:17 +01:00
Valerio Setti
77e8315f5b
fix formatting and typos
...
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2022-11-29 17:28:04 +01:00
Valerio Setti
d572a82df9
tls: psa_pake: add test for opaque password
...
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2022-11-29 11:30:56 +01:00
Valerio Setti
a9a97dca63
psa_pake: add support for opaque password
...
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2022-11-28 18:26:16 +01:00
Ronald Cron
13256ba65c
Merge pull request #6667 from gilles-peskine-arm/lib-crypto-modules-202211
...
Move SSL modules out of libmbedcrypto
2022-11-28 08:51:49 +01:00
Gilles Peskine
89e31adbee
Move mps modules to the correct library
...
This is a private interface only, so it's an ABI change but not an API change.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-11-26 14:18:45 +01:00
Gilles Peskine
898db6b8e5
Move ssl_debug_helpers_generated to the correct library
...
This is a private interface only, so it's an ABI change but not an API change.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-11-26 14:15:32 +01:00
Janos Follath
590ae5363d
Merge pull request #6656 from tom-cosgrove-arm/bignum_pr_6225-updated
...
Bignum: add mod_raw_add
2022-11-25 17:53:31 +00:00
Dave Rodgman
bf9b23abf8
Merge pull request #6648 from gilles-peskine-arm/psa-ecb-null-0
...
Fix NULL+0 undefined behavior in PSA crypto ECB
2022-11-25 17:07:46 +00:00
Bence Szépkúti
6e85673e8d
Merge pull request #3431 from naynajain/development-pkcs7
...
PKCS7 Parser - RFC 2315
2022-11-25 15:55:46 +01:00
Tom Cosgrove
ddad40b1de
Free the modulus before the data in it in mod_raw_add tests
...
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2022-11-25 14:18:52 +00:00
Janos Follath
505a228b7b
Merge pull request #6606 from gabor-mezei-arm/6222_bignum_low_level_subtraction
...
Bignum: Add low level subtraction
2022-11-25 13:27:23 +00:00
Gilles Peskine
7d23778178
Explain why p + n isn't good enough
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-11-25 13:34:59 +01:00
Gilles Peskine
5a34b36bbd
Remove more now-redundant definitions of inline
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-11-25 13:26:44 +01:00
Dave Rodgman
f1419dbbe8
Merge pull request #6381 from tom-cosgrove-arm/pr2164
...
mbedtls: fix possible false success in mbedtls_cipher_check_tag()
2022-11-25 10:55:10 +00:00
Manuel Pégourié-Gonnard
91f88db019
Merge pull request #6639 from mpg/doc-driver-only-limitation
...
Document another limitation of driver-only hashes
2022-11-25 09:44:35 +01:00
Bence Szépkúti
12269e27b1
Add changelog for PKCS7 parser
...
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2022-11-25 05:51:40 +01:00
Bence Szépkúti
ae79fb2c2e
Merge branch 'development' into pr3431
2022-11-25 03:12:43 +01:00
Gilles Peskine
187db00399
Update the Travis "full" build to use modern Clang
...
Don't use an all.sh component because there isn't one that does what we
want (modern Clang with ASan, and test everything).
* We need to set CC explicitly or tweak PATH, because clang in $PATH on
Travis focal instances is Clang 7 which is too old (we want Clang 10).
* Travis lacks the array of versions of openssl and gnutls that we normally
use for testing, so we need to exclude some tests (or build our
own multiple versions of openssl and gnutls).
The SSL test exclusions are ad hoc and based on what currently works.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-11-24 22:41:55 +01:00
Gilles Peskine
4bdb9fbfa2
Enable all ciphers in OpenSSL >=1.1.0
...
OpenSSL may be configured to support features such as cipher suites or
protocol versions that are disabled by default. Enable them all: we're
testing, we don't care about enabling insecure stuff. This is not needed
with the builds of OpenSSL that we're currently using on the Jenkins CI, but
it's needed with more recent versions such as typically found on developer
machines, and with future CI additions.
The syntax to do that was only introduced in OpenSSL 1.1.0; fortunately we
don't need to do anything special with earlier versions.
With OpenSSL 1.1.1f on Ubuntu 20.04, this allows SHA-1 in certificates,
which is still needed for a few test cases in ssl-opt.sh. Curiously, this is
also needed for the cipher suite TLS-DHE-PSK-WITH-ARIA-128-GCM-SHA256 (and
no other, including other DHE-PSK or ARIA cipher suites).
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-11-24 22:41:55 +01:00
Tom Cosgrove
50fc127a4e
Change order of test arguments for bignum_mod_raw to simplify Python script
...
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2022-11-24 21:29:23 +00:00
Tom Cosgrove
1923009cdb
Add test generation for mbedtls_mpi_mod_raw_add()
...
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2022-11-24 16:22:43 +00:00
Tom Cosgrove
abddad4af8
Add note about aliasing of operands for mbedtls_mpi_mod_raw_add()
...
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2022-11-24 16:22:43 +00:00
Tom Cosgrove
54d87bf5c2
Take limb count from the modulus in mod_raw_add tests
...
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2022-11-24 16:22:38 +00:00
Werner Lewis
e4c0a6c3ba
Change cast to correct type
...
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
2022-11-24 16:18:06 +00:00
Werner Lewis
f907576245
Pass correct arguments in test
...
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
2022-11-24 16:18:06 +00:00
Werner Lewis
1a277d9ad6
Replace comparison with XOR
...
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
2022-11-24 16:18:06 +00:00