Commit graph

23253 commits

Author SHA1 Message Date
Przemek Stekiel
cbaf3167dd mbedtls_x509_csr_info: Add parsing code for v3 csr extensions
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-01-24 10:57:19 +01:00
Jens Alfke
2d9e359275 Parsing v3 extensions from a CSR
A parsed CSR struct (`mbedtls_x509_csr`) now includes some of the
X.509v3 extensions included in the CSR -- the key usage, Netscape
cert-type, and Subject Alternative Names.

Author: Jens Alfke <jens@couchbase.com>

Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-01-24 10:56:55 +01:00
Manuel Pégourié-Gonnard
4455fd2449
Merge pull request #6531 from AndrzejKurek/depends-py-kex-fixes
Depends.py - add exclusive domain tests to key exchange testing
2023-01-24 09:32:05 +01:00
Gabor Mezei
a24fd06451
Update documentation
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2023-01-23 19:10:26 +01:00
Gabor Mezei
9073f7dd3b
Remove unneeded check
The fix_quasi_reduction function changed to static so checking the
invalid arguments are not needed anymore.

Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2023-01-23 19:05:37 +01:00
Gabor Mezei
e81a2b85c9
Change the fix_quasi_reduction function to static
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2023-01-23 18:58:20 +01:00
Gabor Mezei
aaa1d2a276
Move the quasi reduction fixing function to bignum_mod_raw
Rename the function to 'fix_quasi_reduction' to better suite its functionality.
Also changed the name prefix to suite for the new module.

Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2023-01-23 18:55:57 +01:00
Tom Cosgrove
37dabd540b Fix doxygen return parameter spelling
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2023-01-23 16:57:26 +00:00
Dave Rodgman
17292f7823 Minor fixes
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-01-23 12:32:51 +00:00
Dave Rodgman
99ff0a7c50 Fix some additional over-long lines
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-01-23 12:31:01 +00:00
Manuel Pégourié-Gonnard
d84902f4ef Add issue numbers to TODO comments
In the python script I didn't use the word TODO because pylint doesn't
like that, but morally it's the same.

I removed the comment about "do we need a subset of compat.sh?" because
it turns out that `ssl-opt.sh` is already exercising all the key
exchanges:

    % sed -n 's/.*force_ciphersuite=TLS-\([^ ]*\)-WITH.*/\1/p' tests/ssl-opt.sh | sort -u
    DHE-PSK
    DHE-RSA
    ECDH-ECDSA
    ECDHE-ECDSA
    ECDHE-PSK
    ECDHE-RSA
    ECJPAKE
    PSK
    RSA
    RSA-PSK

(the only omission is ECDH-RSA which is not of interest here and does
not actually differ from ECDH-ECDSA). So, we don't need a subset of
compat.sh because we're already getting enough testing from ssl-opt.sh
(not to mention test_suite_ssl).

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-01-23 13:03:13 +01:00
Manuel Pégourié-Gonnard
bc19a0b0d8 Fix missing SHA-224 in test driver build
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-01-23 12:54:24 +01:00
Manuel Pégourié-Gonnard
5a2e02635a Improve a few comments & documentation
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-01-23 12:51:52 +01:00
Andrzej Kurek
98682b50a4 Remove obsolete comment from depends.py
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2023-01-23 06:16:23 -05:00
Janos Follath
3e0769b598
Merge pull request #6832 from daverodgman/fast-unaligned-ct
Improve efficiency of some constant time functions
2023-01-23 10:55:35 +00:00
Minos Galanakis
8692ec8bc0 pkarse: Added pk_group_id_from_specified() documentation.
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
2023-01-23 10:33:06 +00:00
Dave Rodgman
58c721e894 Add TEST_CF_SECRET to mbedtls_ct_memcpy_if_eq test
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-01-21 11:13:55 +00:00
Dave Rodgman
22b0d1adbf Test memcmp with differences starting after the first byte
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-01-21 10:29:00 +00:00
Dave Rodgman
d4fa9e99a0
Merge pull request #6950 from daverodgman/fix-rsaalt-test-guards 2023-01-20 18:28:38 +00:00
Dave Rodgman
7658b63390 Remove volatile from diff; add explanatory comment
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-01-20 14:04:48 +00:00
Dave Rodgman
fa96026a0e Move definition of asm out of public header
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-01-20 14:04:48 +00:00
Dave Rodgman
95ec58cc12 Remove not-needed stdio include from tests
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-01-20 14:04:48 +00:00
Dave Rodgman
7f376fa6fc Improve documentation
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-01-20 14:04:48 +00:00
Dave Rodgman
b9cd19bc8c Prevent perf regressions in mbedtls_xor
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-01-20 14:04:48 +00:00
Dave Rodgman
051225d07a Address potential perf regression
Ensure platforms that don't have an assembly implementation for
mbedtls_get_unaligned_volatile_uint32() don't experience a performance
regression.

Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-01-20 14:04:48 +00:00
Dave Rodgman
36dfc5a237 Improve efficiency of some constant time functions
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-01-20 14:04:48 +00:00
Dave Rodgman
cb0f2c4491 Tidy-up - move asm #define into build_info.h
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-01-20 14:04:48 +00:00
Dave Rodgman
39188c0a2a Add unit tests for mbedtls_ct_memcmp and mbedtls_ct_memcpy_if_eq
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-01-20 14:04:48 +00:00
Dave Rodgman
1a034dcc20 Add regression test
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-01-20 13:18:05 +00:00
Dave Rodgman
38699e5323 Update the getting-started doc
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-01-20 12:43:53 +00:00
Dave Rodgman
fd09b31011 Add Changelog
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-01-20 11:41:43 +00:00
Dave Rodgman
dc3b1540cd Fix test guards
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-01-20 11:39:00 +00:00
Yanray Wang
60f8eaa3b4 Remove third argument passed to run_client in compat.sh
The argument passed to translate_ciphers.py is calculated from $1 in
run_client instead of passed as third argument.

Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-01-20 13:38:30 +08:00
Andrzej Kurek
723b8779f9 Add missing key exchange requirements to test_suite_ssl
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2023-01-19 18:31:00 -05:00
Andrzej Kurek
a86cef32cf Add missing KEX DHE-RSA requirement for one ssl test
This specific cipher is used to test record splitting.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2023-01-19 18:27:57 -05:00
Andrzej Kurek
9113df8c8f Add missing RSA-type dependencies in test_suite_ssl
These tests are not run in development because of the
overlapping !TLS_1_3 requirement and usage of full config.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2023-01-19 18:26:31 -05:00
Minos Galanakis
c8e381ab1c pkarse: Update pk_group_id_from_specified() clean-up.
This path updates the clean-up logic of to individually
free each of the the group's structure members
rather than invoke `mbedtls_ecp_group_free()`.

Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
2023-01-19 16:15:11 +00:00
Minos Galanakis
e9fa7a74cd ecp_curves: Update pre-processor define guards for ecp_mpi_load().
This patch adjusts the logic, so that the method is included,
when the following components are enabled:

* MBEDTLS_ECP_DP_CURVE448_ENABLED
* MBEDTLS_ECP_DP_CURVE25519_ENABLED
* ECP_LOAD_GROUP

Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
2023-01-19 16:12:07 +00:00
Minos Galanakis
d61dbd4df7 ecp_curves: Update mbedtls_ecp_group_free().
This patch updates the method to not free the `grp->P`
and `grp->N` structure members.

The contents of `P` and `N` are stored in static memory at
`curve448_p/n` and `curve25519p/n` and no longer dynamically
allocated.

Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
2023-01-19 16:11:55 +00:00
Minos Galanakis
146fed9849 ecp_curves: Hardcode Montgomery const for curve448.
This patch adds two embedded constants used by `ecp_use_curve448()`.
The method has been updated to read that into an mpi instead of
calculating it on the fly.

Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
2023-01-19 16:11:50 +00:00
Minos Galanakis
bececeb0b9 ecp_curves: Hardcod Montgomery const for curve25519
This patch adds two embedded constants used by `ecp_use_curve25519()`.
The method has been updated to read that into an mpi instead of
calculating it on the fly.

Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
2023-01-19 11:38:19 +00:00
Gilles Peskine
52a7aeebf3
Merge pull request #6834 from gilles-peskine-arm/code-style-files
code_style.py: Support restyling only the specified files
2023-01-19 12:26:01 +01:00
Gilles Peskine
bb3814c7a8 Reject key agreement chained with PSA_ALG_TLS12_ECJPAKE_TO_PMS
The key derivation algorithm PSA_ALG_TLS12_ECJPAKE_TO_PMS cannot be
used on a shared secret from a key agreement since its input must be
an ECC public key. Reject this properly.

This is tested by test_suite_psa_crypto_op_fail.generated.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-01-19 12:11:23 +01:00
Gilles Peskine
f6c6b64be2 A key agreement cannot be chained with PSA_ALG_TLS12_ECJPAKE_TO_PMS
Test accordingly.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-01-19 12:11:20 +01:00
Gilles Peskine
2566679eb8 Add metadata test case for PSA_ALG_TLS12_ECJPAKE_TO_PMS
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-01-19 12:11:20 +01:00
Gilles Peskine
4db02f2324 Add SECRET input validation test cases for PSA_WANT_ALG_TLS12_ECJPAKE_TO_PMS
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-01-19 12:11:19 +01:00
Gilles Peskine
763ffdd2a6 Add metadata test case for PSA_ALG_CCM_STAR_NO_TAG
The following shell command (requiring GNU grep) looks for algorithms and
key types, as well as IS and GET macros, that lack metadata tests:
```
for x in $(grep -Pho '(?<=^#define )PSA_(ALG|KEY_TYPE)_(?!CATEGORY_|NONE\b|\w+_(BASE|FLAG|MASK|CASE))\w+' include/psa/crypto_values.h include/psa/crypto_extra.h); do grep -qw $x tests/suites/test_suite_psa_crypto_metadata.* || echo $x; done
```

This may have false negatives: it only checks that the constants are
mentioned at least once, not that the tests are written correctly.

This has false positives:
* Types and algorithms that Mbed TLS does not support.
* PSA_ALG_ECDSA_IS_DETERMINISTIC, PSA_ALG_DSA_IS_DETERMINISTIC are peculiar
  auxiliary macros that only apply to very specific algorithms and aren't
  tested like the other IS macros.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-01-19 12:11:19 +01:00
Gilles Peskine
bba2630549 Add ECJPAKE secret input types to psa/crypto_config.h
Add PSA_WANT_KEY_TYPE_PASSWORD and PSA_WANT_KEY_TYPE_PASSWORD_HASH to
psa/crypto_config.h, since the types PSA_KEY_TYPE_PASSWORD and
PSA_KEY_TYPE_PASSWORD_HASH are used by ECJPAKE.

The two key types are always enabled, like PSA_KEY_TYPE_DERIVE.

Add the key types to the metadata test suite as well.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-01-19 12:11:19 +01:00
Gilles Peskine
cafda872f3 Fix documentation
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-01-19 12:11:18 +01:00
Gilles Peskine
72f41562f2 Refactoring: new method Algorithm.is_valid_for_operation
No intended behavior change.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-01-19 12:11:18 +01:00