Xiaokang Qian
1d8e86ce00
Get hash_alg by mbedtls_psa_translate_md
...
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2023-02-08 05:47:47 +00:00
Xiaokang Qian
ea28a78384
Revert new field and check ciphersuite match when resume by exist info_id
...
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2023-02-08 05:47:47 +00:00
Xiaokang Qian
4224244883
Improve coding styles and add comments
...
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2023-02-08 05:47:47 +00:00
Xiaokang Qian
33ff868dca
Fix various errors
...
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2023-02-08 05:47:47 +00:00
Xiaokang Qian
43a83f247c
Move the place where call set_outbound_transform to switch handshake key
...
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2023-02-08 05:47:47 +00:00
Xiaokang Qian
907461319a
Fix compile error and warnings
...
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2023-02-08 05:47:47 +00:00
Xiaokang Qian
f10f474981
Check server selected cipher suite indicating a Hash associated with the PSK
...
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2023-02-08 05:47:47 +00:00
Xiaokang Qian
592021aceb
Add CCS after client hello in case of early data and comp mode
...
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2023-02-08 05:47:47 +00:00
Xiaokang Qian
303f82c5b9
Skip generating early secrets in some cases
...
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2023-02-08 05:47:47 +00:00
Xiaokang Qian
b46275c7ec
Add TLS1_3 guard to finalize_write_client_hello() to fix compile issue
...
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2023-02-08 05:47:43 +00:00
Xiaokang Qian
2a674937dd
Pend a illeagal allert when selected_identity isn't 0
...
Handshake should abort will illeagal parameter allert when
receiving early data extentions but the selected_identity
parsed from pre-share key isn't equal to 0.
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2023-02-08 05:46:48 +00:00
Xiaokang Qian
5b410075cf
Remove useless comments about handshake messages for TLS13
...
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2023-02-08 05:46:48 +00:00
Xiaokang Qian
126929f825
Move early keys generation into mbedtls_ssl_tls13_finalize_write_client_hello
...
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2023-02-08 05:46:45 +00:00
Xiaokang Qian
19d4416a45
Refine code to remove finalize_write_end_of_early_data()
...
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2023-02-08 05:44:00 +00:00
Xiaokang Qian
7094f66879
Remove useless duplicted mbedtls_ssl_tls13_ticket_get_psk
...
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2023-02-08 05:44:00 +00:00
Xiaokang Qian
854db28bb7
Set hs_psk,ciphercuit_info and kex mode when writing pre-share key
...
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2023-02-08 05:44:00 +00:00
Xiaokang Qian
57a138d5c3
Update message log for end of early data test cases
...
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2023-02-08 05:44:00 +00:00
Xiaokang Qian
742578ca2c
Remove end_of_early_data_coordinate() to align with exist style
...
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2023-02-08 05:44:00 +00:00
Xiaokang Qian
bc75bc0c3a
Switch to MBEDTLS_SSL_END_OF_EARLY_DATA as needed
...
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2023-02-08 05:44:00 +00:00
Xiaokang Qian
c81a15a019
Change the comment format of end_of_early_data
...
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2023-02-08 05:44:00 +00:00
Xiaokang Qian
7ed30e59af
Fix the issue that gnutls server doesn't support packet
...
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2023-02-08 05:44:00 +00:00
Xiaokang Qian
8804e6d0ac
Put kex_exchange_mode in the guard of TLS13
...
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2023-02-08 05:43:59 +00:00
Xiaokang Qian
94dd1dd6fa
Update test case to indicate parsing of end of early data
...
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2023-02-08 05:43:59 +00:00
Xiaokang Qian
da8402dde6
Switch outbound back to handshake key after end_of_early_data
...
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2023-02-08 05:43:59 +00:00
Xiaokang Qian
bf09376bda
Remove useless prepare_write_end_of_early_data
...
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2023-02-08 05:43:59 +00:00
Xiaokang Qian
df6f52e2b2
Generate early key and switch outbound key to it after write client hello
...
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2023-02-08 05:43:59 +00:00
Xiaokang Qian
d05ac5dfce
Add extern apis mbedtls_ticket_get_psk.
...
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2023-02-08 05:43:59 +00:00
Xiaokang Qian
32af4fbbdb
Set ciphersuite info and kex mode in set_session in re-connection
...
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2023-02-08 05:43:59 +00:00
Xiaokang Qian
34aab55aa7
Add prepare function to switch transform to early keys
...
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2023-02-08 05:43:58 +00:00
Xiaokang Qian
125afcb060
Add end-of-early-data write
...
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2023-02-08 05:43:58 +00:00
Pengyu Lv
acbeb7fa30
code_style.py: Add helpers to print warning and skipped files
...
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-02-08 09:59:40 +08:00
Pengyu Lv
8c6325cc8e
code_style.py: Apply exclusions to the file list
...
This commit rename `--files` options to `--subset` and
it means to check a subset of the files known to git.
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-02-08 09:59:27 +08:00
Nick Child
3dafc6c3b3
pkcs7: Drop support for signature in contentInfo of signed data
...
The contentInfo field of PKCS7 Signed Data structures can
optionally contain the content of the signature. Per RFC 2315
it can also contain any of the PKCS7 data types. Add test and
comments making it clear that the current implementation
only supports the DATA content type and the data must be empty.
Return codes should be clear whether content was invalid or
unsupported.
Identification and fix provided by:
- Demi Marie Obenour <demiobenour@gmail.com>
- Dave Rodgman <dave.rodgman@arm.com>
Signed-off-by: Nick Child <nick.child@ibm.com>
2023-02-07 20:04:52 +00:00
Gilles Peskine
fad34a4f10
Support all legacy algorithms in PSA
...
This is not strictly mandatory, but it helps.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-02-07 20:37:56 +01:00
Valerio Setti
5b16e9eabc
pk_wrap: keep ECDSA_C for ECP_RESTARTABLE contexts
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-02-07 16:21:36 +01:00
Andrzej Kurek
7dcdc132d5
Change SHA256_C to HAS_ALG_SHA256_VIA[..] in x509 tests
...
This way these tests won't be skipped in a configuration with a driver.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2023-02-07 05:24:34 -05:00
Hanno Becker
dae916b05f
X.509: Add length consistency checks to x509_get_other_name()
...
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2023-02-07 05:24:32 -05:00
Hanno Becker
2a15a0c868
X.509: Remove red'n bounds checks and zeroiz'n in OtherName parsing
...
- ASN.1 parsing functions check that length don't exceed buffer bounds,
so checks `p + len > end` are redundant.
- If `p + len == end`, this is erroneous because we expect further fields,
which is automatically caught by the next ASN.1 parsing call.
Hence, the two branches handling `p + len >= end` in x509_get_other_name()
can be removed.
Further, zeroization of the `other_name` structure isn't necessary
because it's not confidential (and it's also not performed on other
error conditions in this function).
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2023-02-07 05:15:27 -05:00
Hanno Becker
5d82c3b99c
X.509: Improve negative testing for SubjectAltName parsing
...
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2023-02-07 05:10:29 -05:00
Hanno Becker
dc0e8b92f8
Add a ChangeLog entry
...
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2023-02-07 05:10:29 -05:00
Hanno Becker
db305ff42e
X.509: Improve negative testing for SubjectAltName parsing
...
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2023-02-07 05:10:29 -05:00
Hanno Becker
ae8f8c435c
Fix X.509 SAN parsing
...
Fixes #2838 . See the issue description for more information.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2023-02-07 05:10:27 -05:00
Gilles Peskine
a0c806aac1
Merge pull request #7003 from lpy4105/issue/do-not-run-x86-tests-on-arm64
...
all.sh: test_m32_xx is not supported on arm64 host
2023-02-07 10:26:10 +01:00
Gilles Peskine
4c77601832
Merge pull request #6975 from davidhorstmann-arm/c-build-helper-improvements
...
Minor improvements to `c_build_helper.py`
2023-02-07 10:25:59 +01:00
Yanray Wang
3f9961bfca
compat.sh: remove G_CLIENT_PRIO as it's not used
...
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-02-07 16:36:51 +08:00
Yanray Wang
a89c4d51f7
compat.sh: display "no" even if $VERIFY=YES for PSK test cases
...
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-02-07 16:36:51 +08:00
Yanray Wang
5d646e705d
compat.sh: do not filter PSK ciphersuites for GnuTLS if $VERIFY=YES
...
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-02-07 16:36:51 +08:00
Yanray Wang
c66a46f734
compat.sh: remove check_openssl_server_bug
...
As there is no $VERIFY for PSK test cases,
check_openssl_server_bug is not functional in compat.sh.
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-02-07 16:36:51 +08:00
Yanray Wang
35c0eadf0f
compat.sh: avoid running duplicate test cases for PSK
...
With the introduction of PSK_TESTS,
- Either `compat.sh -V NO` or `compat.sh -V YES` runs the PSK tests
- `compat.sh` or `compat.sh -V "NO YES"` runs PSK tests only once
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-02-07 16:36:51 +08:00
Yanray Wang
dae7057e1f
compat.sh: ignore $VERIFY in PSK TYPE
...
There is no need to provide CA file in PSK. Thus VERIFY is
meaningless for PSK. This change omits the arguments passed to
the client and server for $VERIFY=YES.
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-02-07 16:36:20 +08:00