Commit graph

16030 commits

Author SHA1 Message Date
Ronald Cron
c44a1d522a
Merge pull request #4507 from Venafi/userid-oid
Add OID for User ID
2021-05-28 10:43:41 +02:00
Hanno Becker
196739b478 Change wording in documentation of PSK configuration
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-05-28 05:33:14 +01:00
Ronald Cron
7146cb9488
Merge pull request #4559 from gilles-peskine-arm/psa-storage-format-test-algorithms-3.0
PSA storage format test: algorithms
2021-05-27 17:33:57 +02:00
Christoph Reiter
95273f4b07 Expose flag for critical extensions
Enables creating X.509 CSRs with critical extensions.

Signed-off-by: Christoph Reiter <christoph.reiter@infineon.com>
2021-05-27 14:27:43 +02:00
Ronald Cron
142c205ffc
Merge pull request #4513 from Patater/psa-without-genprime-fix
psa: Support RSA signature without MBEDTLS_GENPRIME
2021-05-27 14:19:24 +02:00
Manuel Pégourié-Gonnard
e9cac0e277 Fix inconsistent documentation of cipher_setup()
- the \internal note said that calling cipher_init() first would be made
mandatory later, but the documention of the ctx parameter already said
the context had to be initialized...
- the documentation was using the word initialize for two different
meanings (calling setup() vs calling init()), making the documentation
of the ctx parameter quite confusing (you must initialize before you can
initialize...)

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2021-05-27 12:59:11 +02:00
Manuel Pégourié-Gonnard
f3bacd72d2
Merge pull request #4476 from TRodziewicz/Remove__SSL_DTLS_BADMAC_LIMIT_option
Remove _SSL_DTLS_BADMAC_LIMIT option
2021-05-27 09:41:34 +02:00
TRodziewicz
a86c312d92 Addition of the migration guide entry.
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
2021-05-26 15:29:36 +02:00
TRodziewicz
5c251c6a5e Add the ChangeLog file
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
2021-05-26 13:36:40 +02:00
TRodziewicz
46cccb8f39 _SSL_DTLS_BADMAC_LIMIT config.h option removed
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
2021-05-26 13:36:21 +02:00
Manuel Pégourié-Gonnard
c87a07de90 Fix the "rm (D)TLS 1.0 1.1" ChangeLog entry
- Removing MBEDTLS_SSL_RECORD_CHECKING has nothing to do with TLS 1.0,
TLS 1.1 and DTLS 1.0. It has been included here as a consequence of an
unfortunate typo in the description of 4286. Actually, this macro was
removed independently and we already have a ChangeLog entry about it:
ChangeLog.d/issue4361.txt

- While at it, remove the word "deprecated": these macros and functions
had not been documented as deprecated in any version of the library
before being removed.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2021-05-26 10:38:59 +02:00
Gilles Peskine
b7abba28e3
Merge pull request #4515 from tom-daubney-arm/remove_rsa_mode_params_2
Remove rsa mode params part 2
2021-05-25 20:36:33 +02:00
Gilles Peskine
8a5304d446
Merge pull request #4553 from gilles-peskine-arm/aria_alt-3.0
Fix ARIA_ALT header and self-test and CAMELLIA_ALT self-test
2021-05-25 20:32:40 +02:00
Gilles Peskine
2157e86389 Document include_intermediate in PSAMacroEnumerator
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-05-25 20:12:00 +02:00
Gilles Peskine
45f1cd7834 key_storage_read: pass exercise as a flag rather than a boolean
This will allow adding other flags in the future.

No intended behavior change.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-05-25 20:12:00 +02:00
Gilles Peskine
0225d3a0ce Add missing test suites to CMakeLists.txt
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-05-25 20:11:48 +02:00
Gilles Peskine
ae4c460df6 Do support multiple files generated from the same script
The call to `tests/scripts/generate_psa_tests.py` added by the commit
"generate_psa_tests.py: allow generating each file independently"
assumed that the `check` function supports multiple file names, but in
fact it does not do so. When `generate_psa_tests.py` started generating
more than one file, `check-generated-files.sh` did not detect changes to
files other than the first one listed by `generate_psa_tests.py --list`.

Fix this: change `check` to support either a single directory (with
detection of added/removed files) or a list of files (which is assumed
to be static).

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-05-25 20:11:48 +02:00
Gilles Peskine
20f55f6726 Abbreviate algorithms in test descriptions
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-05-25 19:40:35 +02:00
Gilles Peskine
38ebfec0f1 Remove duplicates from enumerated test inputs
When generating expressions to construct test case data, there can be
duplicate values, for example if a value of the form C(A) is present
as such in test_suite_psa_crypto_metadata.data and also constructed by
enumerating the argument A for the constructor C. Eliminate such
duplicates in generate_expressions.

This commit removes many test cases that were exact duplicates (and
were near-duplicates differing only in whitespace before the
whitespace normalization).

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-05-25 19:40:27 +02:00
Gilles Peskine
cccd1ac373 Normalize whitespace in test arguments
Avoid ending up with test cases that only differ in whitespace in an
argument.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-05-25 19:40:17 +02:00
Gilles Peskine
c5d086f6ae Don't generate non-existent dependency symbols
Filter our algorithm constructors that don't have a dependency symbol
of their own.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-05-25 19:40:08 +02:00
Gilles Peskine
1231eb5891 Define dependency symbols for hashless signature algorithms
Define the dependency symbols PSA_WANT_ALG_ECDSA_ANY and
PSA_WANT_ALG_RSA_PKCS1V15_SIGN_RAW as de facto synonyms of
PSA_WANT_ALG_ECDSA and PSA_WANT_ALG_RSA_PKCS1V15_SIGN respectively: if
either one is requested, the other is set.
This makes it easier to systematically determine the dependencies of
an algorithm.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-05-25 19:39:53 +02:00
Gilles Peskine
537d5fa48a Expand psa_generate_tests to support constructor arguments
In macro_collector.py, base InputsForTest on PSAMacroEnumerator rather
than PSAMacroCollector. It didn't make much sense to use
PSAMacroCollector anymore since InputsForTest didn't use anything
other than the constructor.

psa_generate_tests now generates arguments for more macros.
In particular, it now collects macro arguments from
test_suite_psa_crypto_metadata. Algorithms with parameters are now
supported.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-05-25 19:39:53 +02:00
Gilles Peskine
3c9d423fe7 Speed up the generation of storage format test cases
First build a list of all keys, then construct all the corresponding
test cases. This allows all required information to be obtained in
one go, which is a significant performance gain as the information
includes numerical values obtained by compiling a C program.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-05-25 19:39:02 +02:00
Gilles Peskine
4d0b089d2a Fix KeyType with parameters passed in the name argument
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-05-25 19:39:02 +02:00
Gilles Peskine
3d404b8a10 Use InputsForTest in generate_psa_tests
In generate_psa_tests, use InputsForTest rather than PSAMacroCollector
to gather values. This way, the enumeration of values to test includes
values used in metadata tests in addition to constructors parsed from
header files. This allows greater coverage of values built from
constructors with arguments. This doesn't make a difference yet, but
it will once algorithm constructors with arguments are supported in
generate_psa_tests.

Make the injection of numerical values optional. They are useful for
test_psa_constant_names, so keep them there. Don't use them for
not-supported tests: they might make sense, but the current code
wouldn't work since it doesn't know how to make up fake key material
or what dependencies to generate. Don't use them for storage tests:
they only make sense for supported values.

Don't inject 'PSA_SUCCESS': that's superfluous.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-05-25 19:39:02 +02:00
Gilles Peskine
b4edff9cd8 Move InputsForTest to macro_collector.py
This is useful to generate PSA tests for more than constant names.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-05-25 19:39:02 +02:00
Gilles Peskine
95649ed779 Add type annotations
Prepare to move InputsForTest to macro_collector.py.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-05-25 19:39:02 +02:00
Gilles Peskine
c893a570a8 Fix copypasta in documentation
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-05-25 19:39:02 +02:00
Thomas Daubney
731b952b69 Additional corrections to ChangeLog
Commit makes further corrections to the
wording in the ChangeLog entry.

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
2021-05-25 16:26:24 +01:00
Dave Rodgman
86d1d7487a
Merge pull request #4495 from TRodziewicz/remove_support_for_(D)TLS_1.0_and_1.1
Remove support for (d)tls 1.0 and 1.1
2021-05-25 15:59:34 +01:00
Thomas Daubney
6f966112c7 Corrections to ChangeLog and Migration guide
Corrections to address wording of ChangeLog
and Migration guide.

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
2021-05-25 15:00:19 +01:00
Gilles Peskine
0e1f05d34b Changelog entry for the ARIA_ALT and CAMELLIA_ALT fixes
Fix ARMmbed/mbed-os#14694

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-05-25 15:33:14 +02:00
Gilles Peskine
c537aa83f4 CAMELLIA: add missing context init/free
This fixes the self-test with alternative implementations.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-05-25 09:23:10 +02:00
Gilles Peskine
be89fea1a7 ARIA: add missing context init/free
This fixes the self-test with alternative implementations.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-05-25 09:23:10 +02:00
Gilles Peskine
59392b0075 Fix misplaced extern "C" affecting MBEDTLS_ARIA_ALT
Reported via Mbed OS:
https://github.com/ARMmbed/mbed-os/issues/14694

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-05-25 09:23:10 +02:00
Thomas Daubney
3ca92b182c Re-wording of Migration guide entry
Commit re-words the migration guide
entry as requested in review.

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
2021-05-24 14:11:39 +01:00
TRodziewicz
9d1ce40898 Additional corrections
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
2021-05-24 14:07:17 +02:00
TRodziewicz
4ca18aae38 Corrections after the code review
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
2021-05-24 13:38:00 +02:00
TRodziewicz
d807060e0a Addition of migration guide and corrections to the ChangeLog file
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
2021-05-24 12:50:51 +02:00
TRodziewicz
97e41723fa Remove the _SSL_FALLBACK_ tests
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
2021-05-24 12:50:42 +02:00
TRodziewicz
6370dbeb1d Remove the _SSL_FALLBACK_ parts
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
2021-05-24 12:49:59 +02:00
TRodziewicz
2d8800e227 Small corrections in the comments
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
2021-05-24 12:49:24 +02:00
TRodziewicz
b5850c5216 Correction of too restrictive ssl cli minor check
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
2021-05-24 12:49:15 +02:00
TRodziewicz
ef73f01927 Removing strayed dtls1 after doing tests
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
2021-05-24 12:49:04 +02:00
TRodziewicz
55bd84bebc Correction to the ssl client/server usage comment.
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
2021-05-24 12:48:40 +02:00
TRodziewicz
28126050f2 Removal of constants and functions and a new ChangeLog file
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
2021-05-24 12:48:12 +02:00
TRodziewicz
0f82ec6740 Remove the TLS 1.0 and 1.1 support
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
2021-05-24 12:45:20 +02:00
Thomas Daubney
2fbbe1d2fe Corrections to ChangeLog and Migration guide
This commit fixes typos and re-words
the migration guide. It also adds
the issue number to the ChangeLog.

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
2021-05-24 10:53:57 +01:00
Hanno Becker
c49d15fded Use 'version-specific' instead of 'implementation-defined' in API
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-05-23 05:41:21 +01:00