Commit graph

22090 commits

Author SHA1 Message Date
Minos Galanakis
ae4fb671b4 mbedtls_mpi_core_get_mont_R2_unsafe: Removed NULL input checking
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
2022-10-25 15:12:38 +01:00
Minos Galanakis
e1913a8da8 test_suite_bignum: Updated test cases for mbedtls_mpi_core_get_mont_R2_unsafe
This patch adds tests for 192 and 2048 bits inputs.

Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
2022-10-25 15:12:31 +01:00
Minos Galanakis
b9243ef231 test_suite_bignum: Fixed whitespace issues
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
2022-10-25 15:12:23 +01:00
Minos Galanakis
b85506e250 bignum_core.h: Comment update for mbedtls_mpi_core_get_mont_R2_unsafe
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
2022-10-25 15:12:23 +01:00
Minos Galanakis
4f43f61c6a Renamed mbedtls_mpi_get_montgomery_constant_unsafe to mpi_core_get_mont_R2_unsafe
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
2022-10-25 15:12:23 +01:00
Minos Galanakis
1a1b175554 test_suite_bignum: Added tests for mpi_get_montgomery_constant_unsafe()
This patch adds the test for the method calculating the RR. The input/expected
data are generated manually using the following Python3 snippet:

~~~~~
import math

title="mpi_get_montgomery_constant_unsafe"
tt = title + " #{}"

in_data = [ "0f", ... ]

def limb_no(number, bil=64):
    return int(math.ceil(int.bit_length(number)/(bil * 1.0)))

def calc_rr(number, bil=64 ):
    return '{:x}'.format(pow(pow(2, limb_no(number, bil) * bil), 2, number))

def calc_rr_str(number, prefix=""):
    rr64 = calc_rr(number)
    rr32 = calc_rr(number, bil=32)
    return '{}:"{:x}":"{}":"{}"'.format(prefix,number, rr32, rr64)

print("\n\n".join(["{}\n{}".format(tt.format(in_data.index(v)+1), calc_rr_str(int(v,base=16), title)) for v in in_data]))
~~~~~

Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
2022-10-25 15:12:01 +01:00
Hanno Becker
ec440f2397 bignum_mod_raw: Ported mbedtls_mpi_get_montgomery_constant_unsafe from prototype
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
2022-10-25 15:08:08 +01:00
Gilles Peskine
383b0bbea0
Merge pull request #6461 from tom-cosgrove-arm/fix-mbedtls_mpi_mod_modulus_init-calls-in-tests
mbedtls_mpi_mod_modulus_init() must be called before any 'goto exit' in tests
2022-10-25 13:40:17 +02:00
David Horstmann
3a334c2edc Minor improvements to ssl_tls12_server.c
Signed-off-by: David Horstmann <david.horstmann@arm.com>
2022-10-25 10:53:44 +01:00
David Horstmann
7aee0ec0ba Minor improvements in ssl_client.c
Signed-off-by: David Horstmann <david.horstmann@arm.com>
2022-10-25 10:38:25 +01:00
David Horstmann
6e11687ba5 Minor improvements to ecp.c changes
Signed-off-by: David Horstmann <david.horstmann@arm.com>
2022-10-25 10:32:08 +01:00
David Horstmann
9b0eb90131 Rename ARIA_SELF_TEST_IF_FAIL
Change to ARIA_SELF_TEST_ASSERT

Signed-off-by: David Horstmann <david.horstmann@arm.com>
2022-10-25 10:23:34 +01:00
David Horstmann
059848ff23 Minor changes to asn1write.c
Signed-off-by: David Horstmann <david.horstmann@arm.com>
2022-10-25 10:16:45 +01:00
Xiaokang Qian
65fc0de894 Improve the prerequisites for early data
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2022-10-25 09:08:57 +00:00
Gilles Peskine
e5a715e8c0
Merge pull request #6449 from gilles-peskine-arm/bignum-core-shift_r
Bignum core: shift_r
2022-10-25 10:40:39 +02:00
Gilles Peskine
af8ea3f738
Merge pull request #6468 from gilles-peskine-arm/bignum-test-suite-names
Rename test_suite_bignum for consistency
2022-10-25 10:40:29 +02:00
Xiaokang Qian
d69d06fffa Improve format issue
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2022-10-25 06:51:25 +00:00
Xiaokang Qian
95a0730f17 Change prerequisites of MBEDTLS_SSL_EARLY_DATA and add related check
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2022-10-25 05:34:48 +00:00
Xiaokang Qian
72de95dcf5 Move function mbedtls_ssl_tls13_conf_early_data to ssl_tls.c
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2022-10-25 05:34:25 +00:00
Xiaokang Qian
600804b0e7 Remove useless early data related macros for the time being
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2022-10-25 03:00:18 +00:00
Xiaokang Qian
54413b10c2 Add early data support preparatory work
Add MBEDTLS_SSL_EARLY_DATA configuration option
Define early_data_enabled field in mbedtls_ssl_config
Add function mbedtls_ssl_conf_early_data

Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2022-10-25 03:00:18 +00:00
Andrzej Kurek
2c7993c456 depends.py: add a config option to unset MBEDTLS_USE_PSA
This lets us perform any test without MBEDTLS_USE_PSA
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-10-24 15:56:10 -04:00
Andrzej Kurek
409248a73a mbedtls_ssl_get_handshake_transcript is unusable without hashes
Mark unused variables when compiling without
SHA256 and SHA384. In future a proper dependency
will be added to TLS 1.2 to enforce either of these hashes
to be on.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-10-24 15:56:10 -04:00
Andrzej Kurek
57d1063db9 Fix tls_prf generic dependencies
One version was already surrounded by the USE_PSA define,
so the VIA_XX_OR_XX macros were removed;
Second version is when USE_PSA is undefined, so MBEDTLS_
macros can be used. 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-10-24 15:56:10 -04:00
Andrzej Kurek
468c50656e Fix key exchange dependencies for ssl_parse_server_ecdh_params
Resulting from particular configs in which this code is used.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-10-24 15:55:18 -04:00
Ronald Cron
2012361ae6
Merge pull request #6448 from ronald-cron-arm/tls13-kex-build-options
TLS 1.3 Introduce and use key exchange mode config options
2022-10-24 15:21:37 +02:00
David Horstmann
3f44e5b11a Refactor macro-spanning if in ssl_server2.c
Signed-off-by: David Horstmann <david.horstmann@arm.com>
2022-10-24 13:12:19 +01:00
David Horstmann
f160ef1dd1 Refactor macro-spanning if in ssl_client2.c
Signed-off-by: David Horstmann <david.horstmann@arm.com>
2022-10-24 13:11:38 +01:00
Manuel Pégourié-Gonnard
72ef7c0390
Merge pull request #6463 from AndrzejKurek/fix-crypo-typo
Fix a typo and dependencies in test_suite_cipher.[aes|gcm|ccm]
2022-10-24 11:06:22 +02:00
Manuel Pégourié-Gonnard
4c89542086
Merge pull request #6465 from mpg/pr-template-changelog
Make ChangeLog more visible in PR template
2022-10-24 10:46:31 +02:00
Yanray Wang
7f9ddb584a
Merge branch 'Mbed-TLS:development' into ssl_client2-add-build-version 2022-10-24 12:19:39 +08:00
Ronald Cron
454eb9172d ssl-opt.sh: Fix list of TLS 1.2 key exchanges with cert
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-10-22 14:42:04 +02:00
Ronald Cron
10bf956334 tls13: Fix documentation
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-10-22 14:42:04 +02:00
Ronald Cron
083da8eb53 tls13: client: Improve coding style
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-10-22 14:42:04 +02:00
Ronald Cron
70ed41754d ssl-opt.sh: Simplify TLS 1.3 dependencies
Simplify TLS 1.3 dependencies taking into
account that
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
implies that MBEDTLS_SSL_PROTO_TLS1_3 is
defined.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-10-22 14:42:04 +02:00
Ronald Cron
5de538c9dd ssl-opt.sh: Remove requires_key_exchange_with_cert_in_tls12_enabled
Remove requires_key_exchange_with_cert_in_tls12_enabled
and use `requires_any_configs_enabled` directly instead.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-10-22 14:42:04 +02:00
Ronald Cron
a2900bcd1e tls13: keys: Simplify code guard
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-10-22 14:42:04 +02:00
Ronald Cron
9810b6d0b7 Fix kex config options documentation in tls13-support.md
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-10-22 14:42:04 +02:00
Ronald Cron
c3f43b663e all.sh: Add components testing TLS 1.3 kex partial enablement
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-10-22 14:42:04 +02:00
Ronald Cron
571f1ff6dc Make sure TLS 1.2 kex macros are undefined in builds without TLS 1.2
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-10-22 14:42:04 +02:00
Ronald Cron
8328113cad ssl-opt.sh: Fix some test checks for ephemeral only kex build
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-10-22 14:42:04 +02:00
Ronald Cron
766c0cdb1f tls13: Add missing kex guards
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-10-22 14:42:04 +02:00
Ronald Cron
82be0d4b4d tls13: Do not use MBEDTLS_KEY_EXCHANGE_SOME_ECDHE_ENABLED
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-10-22 14:42:04 +02:00
Ronald Cron
de08cf3543 tls13: Do not use MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
Use MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
instead.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-10-22 14:42:04 +02:00
Ronald Cron
59625848e6 ssl-opt.sh: TLS 1.3 kex: Use MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_*ENABLED
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-10-22 14:42:04 +02:00
Ronald Cron
73fe8df922 Introduce and use MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED
Introduce and use
MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED to
guard TLS code (both 1.2 and 1.3) specific
to handshakes involving PSKs.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-10-22 14:42:04 +02:00
Ronald Cron
e68ab4f55e Introduce and use MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED
Introduce and use
MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED to
guard TLS code (both TLS 1.2 and 1.3) specific
to handshakes involving certificates.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-10-22 14:42:04 +02:00
Ronald Cron
41a443a68d tls13: Use MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK.*ENABLED
Use MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED
instead of MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED to guard
code specific to one of the TLS 1.3 key exchange mode with
PSK.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-10-22 14:42:04 +02:00
Ronald Cron
928cbd34e7 tls13: Use MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Use MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
instead of MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED to guard
code specific to the TLS 1.3 ephemeral key exchange mode.

Use it also for the dependencies of TLS 1.3 only tests
relying on ephemeral key exchange mode, but for
tests in tls13-kex-modes.sh where the change is done
later using all
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_.*ENABLED macros.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-10-22 14:42:04 +02:00
Ronald Cron
d8d2ea5674 Add TLS 1.3 key exchange mode config options
Add TLS 1.3 specific configuration options
to enable/disable the support for TLS 1.3
key exchange modes.

These configurations are introduced to
move away from the aforementioned
enablement/disablement based on
MBEDTLS_KEY_EXCHANGE_xxx_ENABLED options
that relate to group of TLS 1.2
ciphersuites.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-10-22 14:41:57 +02:00