Commit graph

20054 commits

Author SHA1 Message Date
Neil Armstrong
8395d7a37d Change guard of mbedtls_ssl_cipher_to_psa() with USE_PSA_CRYPTO || SSL_PROTO_TLS1_3
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-05-18 13:24:34 +02:00
Neil Armstrong
0fa8ce3498 TLS 1.3 only have AEAD ciphers, drop the PSA_ALG_IS_AEAD() check in mbedtls_ssl_tls13_get_cipher_key_info()
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-05-18 13:19:29 +02:00
Neil Armstrong
b818e16b29 Move out common PSA code from mbedtls_ssl_tls13_generate_handshake_keys/mbedtls_ssl_tls13_generate_application_keys
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-05-18 13:19:29 +02:00
Neil Armstrong
e3b0b8ab67 Remove non-PSA code in mbedtls_ssl_tls13_generate_handshake_keys/mbedtls_ssl_tls13_generate_application_keys
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-05-18 13:19:29 +02:00
Neil Armstrong
93617245c3 Code style fixes
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-05-18 13:19:29 +02:00
Neil Armstrong
689557ca12 Make CIPHER_C guard code as alternate of USE_PSA_CRYPTO in mbedtls_ssl_ciphersuite_get_cipher_key_bitlen()
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-05-18 13:19:29 +02:00
Neil Armstrong
4f4f271850 In mbedtls_ssl_tls13_generate_handshake_keys() and mbedtls_ssl_tls13_generate_application_keys(), avoid calling mbedtls_cipher_info_from_type()
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-05-18 13:19:29 +02:00
Neil Armstrong
a8093f5c48 In mbedtls_ssl_tls13_populate_transform() make sure mbedtls_cipher_info_from_type() is only called when USE_PSA is disabled
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-05-18 13:19:29 +02:00
Neil Armstrong
801abb69a5 Provide a PSA definition of mbedtls_ssl_ciphersuite_get_cipher_key_bitlen() when MBEDTLS_USE_PSA_CRYPTO is defined
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-05-18 13:19:29 +02:00
Manuel Pégourié-Gonnard
6ab65e28cf
Merge pull request #5842 from mprse/decrypt_tests
RSA decrypt 2: TLS 1.2 integration testing
2022-05-18 12:58:50 +02:00
Jerry Yu
bb2d47d956 Remove not used state
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-05-18 16:57:45 +08:00
Jerry Yu
e8c1fca67c move trafic set to generic
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-05-18 16:57:45 +08:00
Jerry Yu
d6e253ded9 fix various issues
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-05-18 16:57:45 +08:00
Jerry Yu
36becb1b81 update hrr tests
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-05-18 09:58:48 +08:00
Jerry Yu
a7abc5eaa8 fix ci test fails
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-05-18 09:58:48 +08:00
Jerry Yu
155493d4f5 fix openssl test fail.
different version openssl client return
different output. remove string check
to workaround it

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-05-18 09:58:48 +08:00
Jerry Yu
6622049bcc test:add state check
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-05-18 09:58:48 +08:00
Jerry Yu
4d8567fa9e fix various issues
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-05-18 09:58:48 +08:00
Jerry Yu
03ed50ba6a Add handshake wrapup
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-05-18 09:58:48 +08:00
Jerry Yu
ff2269889d Add client finished
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-05-18 09:58:48 +08:00
Jerry Yu
27bdc7c6b6 Implement write server finish
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-05-18 09:58:48 +08:00
Jerry Yu
69dd8d4091 tls13:finished:add dummy frame work
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-05-18 09:58:48 +08:00
Gilles Peskine
42ed963c72 Update PSA compliance test branch
Update to a branch with a fix for the test case
"expected error for psa_raw_key_agreement - Small buffer size"
since we just fixed the corresponding bug.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-05-17 17:23:09 +02:00
Ronald Cron
9edf51d8cd
Merge pull request #5785 from gabor-mezei-arm/5460_unify_parsing_sig_alg_ext
Unify parsing of the signature algorithms extension in TLS 1.2 and TLS 1.3
CI ABI API check job failure is expected as the PR do some changes in ssl_misc.h.
@RcColes if you eventually want to request some changes, they can be done in a follow-up PR.
2022-05-17 17:01:55 +02:00
Paul Elliott
a478441517
Merge pull request #5748 from yuhaoth/pr/add-tls13-write-certificate-and-verify
TLS1.3:Add Certificate and CertificateVerify message on Server Side
2022-05-17 15:47:36 +01:00
Paul Elliott
114203814a Better check for NULL pointer
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2022-05-17 15:01:20 +01:00
Neil Armstrong
bbb8b75f20 Fixup comment of mbedtls_pk_can_do_ext()
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-05-17 14:58:27 +02:00
Neil Armstrong
8eb0afb726 Remove duplicate pk_can_do_ext test
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-05-17 14:58:11 +02:00
Neil Armstrong
408f6a60a3 Add usage parameter to mbedtls_pk_can_do_ext()
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-05-17 14:23:20 +02:00
Neil Armstrong
434d4eb74f Remove invalid comments in pk_can_do_ext()
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-05-17 11:58:22 +02:00
Neil Armstrong
dab56ba2bd Fix typo in mbedtls_pk_can_do_ext() code documentation
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-05-17 11:56:55 +02:00
Neil Armstrong
cec133a242 Fix typo in mbedtls_pk_can_do_ext() documentation
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-05-17 11:56:01 +02:00
Gilles Peskine
3e56130fb9 psa_raw_key_agreement: return BUFFER_TOO_SMALL when warranted
psa_raw_key_agreement() returned PSA_ERROR_INVALID_ARGUMENT instead of
PSA_ERROR_BUFFER_TOO_SMALL when the output buffer was too small for ECDH,
the only algorithm that is currently implemented. Make it return the correct
error code.

The reason for the wrong error code is that ecdh.c returns
MBEDTLS_ERR_ECP_BAD_INPUT_DATA, presumably for similarith with dhm.c. It
might make sense to change ecdh.c to use MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL,
but dhm.c doesn't have an existing BUFFER_TOO_SMALL error. To minimize the
impact of the fix, handle this in the PSA layer.

Fixes #5735.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-05-16 19:37:54 +02:00
Gilles Peskine
7be11a790d Use TEST_LE_U in some places where it applies
Systematically replace "TEST_ASSERT( $x <= $y )" by "TEST_LE_U( $x, $y )" in
test_suite_psa_crypto. In this file, all occurrences of this pattern are
size_t so unsigned.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-05-16 19:37:53 +02:00
Gilles Peskine
d1465429a2 New test helper macros TEST_LE_U, TEST_LE_S
Test assertions for integer comparisons that display the compared values on
failure. Similar to TEST_EQUAL.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-05-16 19:33:11 +02:00
Gilles Peskine
3ff25443c8 Separate the validation of the size macros and of the function
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-05-16 19:33:11 +02:00
Gilles Peskine
d4a258a08f Improve PSA_RAW_KEY_AGREEMENT_OUTPUT_SIZE validation
We want to check:
1. actual output <= PSA_RAW_KEY_AGREEMENT_OUTPUT_SIZE (the output fits
   if the caller uses the key-specific buffer size macro)
2. actual output <= PSA_RAW_KEY_AGREEMENT_OUTPUT_MAX_SIZE (the output fits
   if the caller uses the generic buffer size macro)
3. PSA_RAW_KEY_AGREEMENT_OUTPUT_SIZE <= PSA_RAW_KEY_AGREEMENT_OUTPUT_MAX_SIZE
   (consistency in the calculation)

We were only testing (1) and (2). Test (3) as well. (1) and (3) together
imply (2) so there's no need to test (2).

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-05-16 19:33:11 +02:00
Gilles Peskine
992bee8b6e Test psa_raw_key_agreement with a larger/smaller buffer
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-05-16 19:33:11 +02:00
Dave Rodgman
2a045325f9
Merge pull request #5766 from leorosen/fix-var-init
Add missing local variable initialization
2022-05-16 14:47:00 +01:00
Przemek Stekiel
8da6da3da2 ssl-opt.sh: add test of RSA Opaque keys with TLS 1.2 server for decryption
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-05-16 14:37:50 +02:00
Gilles Peskine
9b7e29663f
Merge pull request #4211 from ccawley2011/mingw
Fix compilation with MinGW32
2022-05-16 12:30:37 +02:00
Gilles Peskine
f46019165f
Merge pull request #5840 from bensze01/python_3.10_support
Add minimum requirements for Python 3.10 support
2022-05-16 12:29:36 +02:00
Leonid Rozenboim
a3008e7e2e Add missing local variable initialization
These issues were flagged by Coverity as instances where a local
variable may be used prior to being initialized. Please note that
none of these changes fixes any particular bug, this is just an attempt
to add more robustness.

Signed-off-by: Leonid Rozenboim <leonid.rozenboim@oracle.com>
2022-05-13 18:08:11 +01:00
Paul Elliott
dd428d3650 Fix incorrect error message
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2022-05-13 17:43:16 +01:00
Gabor Mezei
696956da24
Typo
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-05-13 17:02:19 +02:00
Gabor Mezei
0a4298bbe9
Remove unnecessary duble conversion
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-05-13 17:02:18 +02:00
Bence Szépkúti
44f138d539 Add minimum requirements for Python 3.10 support
This is needed for min_requirements.py, since it installs the oldest
possible version of all the requirements.

Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2022-05-13 16:52:28 +02:00
Jerry Yu
b89125b81a Add test without server certificate
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-05-13 15:50:04 +08:00
Dave Rodgman
d87e46f3de
Merge pull request #3641 from okhowang/c99
Pass c99 to compiler
2022-05-12 14:01:10 +01:00
Jerry Yu
23d1a256ec fix hrr handler undefine fail
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-05-12 20:11:16 +08:00