Commit graph

26158 commits

Author SHA1 Message Date
Manuel Pégourié-Gonnard
f614bde912
Merge pull request #7656 from mprse/ffdh_tls13_v2_drivers
FFDH 4: driver-only parity testing - with TLS 1.3
2023-07-10 13:08:47 +02:00
Dave Rodgman
e183ecef3d
Merge pull request #7136 from yanrayw/5692-record-compatsh-test-cases
Record the outcome of each test case in compat.sh
2023-07-10 12:08:32 +01:00
Valerio Setti
dda0019e2e ssl_test_lib: fix rebase error
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-07-10 10:22:51 +02:00
Manuel Pégourié-Gonnard
5c41ae867b
Merge pull request #7887 from ronald-cron-arm/fix-hrr-in-psk-kem
tls13: server: Fix spurious HRR
2023-07-10 09:58:13 +02:00
Valerio Setti
5bdebb2004 ssl_test_lib: fix variable naming for curve group
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-07-10 09:13:57 +02:00
Valerio Setti
54e23792c8 tls: replace numeric values with proper TLS IANA symbols
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-07-10 09:13:57 +02:00
Valerio Setti
fb6356f003 ssl_test_lib: simplify function which prints supported curves
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-07-10 09:13:57 +02:00
Valerio Setti
deb676442d ssl_test_lib: manage FFDH keys the same way as ECC ones
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-07-10 09:13:57 +02:00
Valerio Setti
ee3a4d0d38 debug: replace occurence of ECP_LIGHT with PK_HAVE_ECC_KEYS
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-07-10 09:13:57 +02:00
Valerio Setti
6f0441d11e tls: replace occurencies of ECP_LIGHT with PK_HAVE_ECC_KEYS
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-07-10 09:13:57 +02:00
Valerio Setti
acd32c005f programs: add helper functions for supported EC curves
- get full list, or
- get TLS ID from name

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-07-10 09:13:57 +02:00
Valerio Setti
0085c2e486 test: fix message's text
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-07-10 09:10:20 +02:00
Valerio Setti
16b70f2b1a test: enabled ssl-opt testing in no_ecp_at_all components
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-07-10 09:10:20 +02:00
Valerio Setti
49e6907b5b tls: replace ECP_LIGHT occurrencies with PK_HAVE_ECC_KEYS
Up to this point "make test" runs successfully. "ssl-opt" has
not been tested yet.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-07-10 09:10:20 +02:00
Valerio Setti
887f823deb test: re-enable TLS and key exchanges in no_ecp_at_all component
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-07-10 09:10:20 +02:00
Pengyu Lv
5a3f5f450c Add changelog entries
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-07-10 13:25:28 +08:00
Pengyu Lv
5cbb93ef14 Add test for cache timeout getter
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-07-10 13:25:24 +08:00
Pengyu Lv
db6143364a Add test for endpoint getter
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-07-10 11:33:23 +08:00
Pengyu Lv
30e0870937 Add test for hostname getter
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-07-10 11:33:23 +08:00
Pengyu Lv
08daebb410 Make endpoint getter parameter a pointer to const
It would be convenient for users to query the endpoint
type directly from a ssl context:

```
    mbedtls_ssl_conf_get_endpoint(
        mbedtls_ssl_context_get_config(&ssl))
```

Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-07-10 11:33:23 +08:00
Pengyu Lv
accd53ff6a Add getter access to endpoint field in mbedtls_ssl_config
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-07-10 11:33:23 +08:00
Pengyu Lv
918ebf3975 Add getter access to hostname field in mbedtls_ssl_context
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-07-10 11:33:23 +08:00
Pengyu Lv
af724dd112 ssl_cache: Add getter access to timeout field
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-07-10 11:33:23 +08:00
Dave Rodgman
7dbd2bf90c
Merge pull request #7441 from gilles-peskine-arm/mbedtls_x509_crt_parse_path-qemu-bug
More mbedtls_x509_crt_parse_path() tests, and note qemu-user bug when 32-bit code run on 64-bit host
2023-07-07 19:15:31 +01:00
Paul Elliott
2dfe7993af
Merge pull request #6914 from davidhorstmann-arm/cmake-pass-through-config-defines
Pass `MBEDTLS_CONFIG_FILE` defines through cmake
2023-07-07 17:01:57 +01:00
Tom Cosgrove
c5f41bfeb8
Merge pull request #7212 from sergio-nsk/patch-4
Fix error: comparison of integers of different signs: 'SOCKET' and 'int'
2023-07-07 16:45:55 +01:00
Dave Rodgman
602a0919f3
Merge pull request #7464 from yuhaoth/pr/Change-clock-source-to-bootime-for-ms-time
Replace CLOCK_MONOTONIC with CLOCK_BOOTTIME for `mbedtls_ms_time` on linux
2023-07-07 15:42:17 +01:00
Manuel Pégourié-Gonnard
461d59b2f8
Merge pull request #7858 from mprse/ffdh_tls13_v2_f
Make use of FFDH keys in TLS 1.3 - follow-up
2023-07-07 16:19:35 +02:00
Dave Rodgman
8abb3497ad
Merge branch 'development' into mbedtls_x509_crt_parse_path-qemu-bug
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-07-07 15:11:35 +01:00
Ronald Cron
c75ff730cd Add change log
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2023-07-07 15:53:34 +02:00
Ronald Cron
8a74f07c2a tls13: server: Fix spurious HRR
If the server during a TLS 1.3 handshake selects
the PSK key exchange mode, it does not matter
if it did not find in the key share extension
a key share for a group it supports. Such a
key share is used and necessary only in the
case of the ephemeral or PSK ephemeral key
exchange mode. This is a possible scenario in
the case of a server that supports only the PSK
key exchange mode and a client that also
supports a key exchange mode with ephemeral keys.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2023-07-07 15:53:12 +02:00
Gabor Mezei
f05ca737da
Update comment
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2023-07-07 12:59:22 +02:00
Dave Rodgman
c4749b1c66
Merge pull request #7584 from gilles-peskine-arm/fuzz-file-open-fail
Fuzz programs: print an error if loading the reproducer fails
2023-07-07 11:51:59 +01:00
David Horstmann
2d3ba07bf4 Add ChangeLog entry for CMake config defines
Signed-off-by: David Horstmann <david.horstmann@arm.com>
2023-07-07 11:25:40 +01:00
Dave Rodgman
1917ee7cd1
Merge pull request #7867 from gilles-peskine-arm/readme-python3.8
Officially require Python 3.8
2023-07-07 09:58:15 +01:00
Manuel Pégourié-Gonnard
9967f11066
Merge pull request #7810 from valeriosetti/issue7771
Define PSA_WANT_xxx_KEY_PAIR_yyy step 2/ECC
2023-07-07 10:22:47 +02:00
Przemek Stekiel
46b2d2b643 Fix code style
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-07-07 09:34:17 +02:00
Dave Rodgman
aa00e81901
Merge pull request #7492 from gilles-peskine-arm/psa-driver-doc-entry-point
README: add section about drivers
2023-07-06 15:35:18 +01:00
Tomás González
3719f9ec91 tests/test_suite_pem: Augment DES test cases with AES: PEM
A few negative test cases in test_suite_pem.data rely on DES
(“invalid iv”, “malformed”). DES is deprecated.
Construct similar test cases using AES.

Signed-off-by: Tomás González <tomasagustin.gonzalezorlando@arm.com>
2023-07-06 14:21:23 +01:00
Dave Rodgman
2230258530
Merge pull request #7890 from yanrayw/aes_comment_fix 2023-07-06 13:52:33 +01:00
Gilles Peskine
e1d5b07304 Link to the guide for writing a driver
Don't link to the proposed specifications: they aren't good entry points
because they describe what we want to achieve, not what exists today. The
guide links to them, that's enough.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-07-06 13:13:43 +02:00
Manuel Pégourié-Gonnard
a30c5cfc66 Use minimal include in test_suite_random
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-07-06 12:47:29 +02:00
Manuel Pégourié-Gonnard
999ce227fc Make the PSA-mbedtls RNG API public
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-07-06 12:47:28 +02:00
Manuel Pégourié-Gonnard
d55d66f5ec Fix missing includes
Some files relied on psa_util.h to provide the includes they need.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-07-06 12:47:28 +02:00
Manuel Pégourié-Gonnard
abfe640864 Rationalize includes in psa_util
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-07-06 12:47:27 +02:00
Manuel Pégourié-Gonnard
801d5b441d Remove unnecessary (and harmful) include
Besides being unnecessary, it was causing problem when build SSL test
programs, which include this header, then in turn trying to include the
internal header from library, which didn't work.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-07-06 12:47:26 +02:00
Manuel Pégourié-Gonnard
b7e8939198 Move error functions to internal header
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-07-06 12:47:26 +02:00
Manuel Pégourié-Gonnard
a5a8f29d7e Move ECC and FFDH macros to internal header
ECC macros used in the following files:

library/pk.c
library/pk_wrap.c
library/pkparse.c
library/pkwrite.c
library/ssl_misc.h
library/ssl_tls12_client.c

FFDH macro use only in library/ssl_misc.h so could possibly be moved
there, but it seems cleaner to keep it close to the ECC macros are they
are very similar in nature.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-07-06 12:45:54 +02:00
Manuel Pégourié-Gonnard
f9b012f313 Remove unused function from psa_util.h
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-07-06 12:42:33 +02:00
Manuel Pégourié-Gonnard
5c731b0afb Use consistent guards for deprecated feature
Fixes an "unused static function" warning in builds with
DEPRECATED_REMOVED.

While at it, remove an include that's now useless.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-07-06 12:42:33 +02:00