yuzu-emu/mbedtls
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
22416 commits 1 branch 0 tags 94 MiB
Commit graph

22416 commits

This branch
This branch
All branches
Author SHA1 Message Date
Manuel Pégourié-Gonnard
ef25a99f20
Merge pull request #6533 from valeriosetti/issue5847 
Use PSA EC-JPAKE in TLS (1.2) - Part 2
 2022-11-23 13:27:30 +01:00
Manuel Pégourié-Gonnard
3518fb11d0 Improve ChangeLog entry for driver-only hashes 
- avoid long unstructured paragraph with long messy sentences
- de-emphasize "no longer depends on MD" and emphasize "can work in
some driver-only builds" instead - that's what users are interested in
(building without MD is just the current way to accomplish that, but
that will change in the future)

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-11-23 13:23:28 +01:00
Ronald Cron
1d1d53622f
Merge pull request #6490 from xkqian/tls13_parse_early_data_indication_ee 
The internal CI merge job ran successfully.
 2022-11-23 12:31:25 +01:00
Ronald Cron
cb0e680779
Merge pull request #6476 from yuhaoth/pr/fix-tls13-mbedtls_ssl_is_handshake_over 
TLS 1.3: Fix tls13 mbedtls ssl is handshake over
 2022-11-23 12:12:02 +01:00
Xiaokang Qian
b157e915ad Move the early data status set afeter all of the extensions parse 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2022-11-23 08:12:26 +00:00
Ronald Cron
d8603a7b44
Merge pull request #6638 from ronald-cron-arm/tls13-misc 
TLS 1.3: Adjustments for the coming release
 2022-11-23 09:07:36 +01:00
Xiaokang Qian
e861ba01d4 Remove the duplicate early_data_status check 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2022-11-23 03:21:02 +00:00
Xiaokang Qian
ca09afc60a Remove useless function and parse early data in ee 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2022-11-23 02:16:49 +00:00
Valerio Setti
728b142f40 test: psa_pake: port changes from cd356c3 
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
 2022-11-22 19:47:24 +01:00
Valerio Setti
e0d41de822 test: psa_pake: add missing initialization in ecjpake_setup() 
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
 2022-11-22 18:52:17 +01:00
Valerio Setti
db4736a4ca test: psa_pake: remove empty password test 
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
 2022-11-22 18:52:17 +01:00
Valerio Setti
b9ef1c2f03 test: psa_pake: fix error inject macro in ecjpake_do_round() 
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
 2022-11-22 18:52:17 +01:00
Valerio Setti
b697745d14 test: psa_pake: fix erroneously duplicated tests 
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
 2022-11-22 18:52:17 +01:00
Valerio Setti
40323c5d51 test: psa_pake: improved ecjpake_do_round() test function 
Now it's possible to inject an error in every single step of the
key exchange process.

Signed-off-by: Valerio Setti <vsetti@baylibre.com>
 2022-11-22 18:52:17 +01:00
Valerio Setti
ac3ba95ee4 test: psa_pake: fix data file for ecjpake_setup() 
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
 2022-11-22 18:52:17 +01:00
Valerio Setti
e65a41f278 test: psa_pake: fixes in ecjpake_setup() 
Both changes concern the ERR_INJECT_UNINITIALIZED_ACCESS case:

- removed unnecessary psa_pake_abort()
- added psa_pake_get_implicit_key()

Signed-off-by: Valerio Setti <vsetti@baylibre.com>
 2022-11-22 18:52:17 +01:00
Valerio Setti
e5d7864aa0 test: psa_pake: improved description of macros used in ecjpake_setup() 
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
 2022-11-22 18:52:17 +01:00
Valerio Setti
6d4e75f0c6 psa_crypto_pake: initialize psa_status_t stack variables 
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
 2022-11-22 18:52:17 +01:00
Valerio Setti
7bb65ad22f test: psa_crypto_pake: enhanced ecjpake_setup() 
- external errors are now checked in the specified point. If the
  same error happens in another line, then this is not valid and
  the test fails

- fixed some inconsistency in which injected error codes were not
  taken from the data file. Now all the expected error code are
  read from the data file

- added a couple of defines to shrink the code

Signed-off-by: Valerio Setti <vsetti@baylibre.com>
 2022-11-22 18:52:17 +01:00
Valerio Setti
024b028ce1 test: split psa_pake function/data from the generic test_suite_psa_crypto 
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
 2022-11-22 18:52:17 +01:00
Valerio Setti
1070aed778 test_suite_psa_crypto: do not re-use PAKE's contexts in case of errors 
As for ecjpake_setup(), now the test function can handle:
- "external" errors, through parameters set by the data file
- "internal" ones, through enums which inject ad-hoc failures

Similarly also ecjpake_rounds() can handle both type of errors,
but right now there's no erroneous case in the associated ".data"
file.

In both cases, after an error the current test is terminated.

Signed-off-by: Valerio Setti <vsetti@baylibre.com>
 2022-11-22 18:45:03 +01:00
Valerio Setti
fdb77cdae3 psa_crypto_pake: internally call to psa_pake_abort() in case of errors 
In this way, in case of error, it is not possible to continue using
the same psa_pake_operation_t without reinitializing it.
This should make the PSA pake's behavior closer to what expected by
the specification

Signed-off-by: Valerio Setti <vsetti@baylibre.com>
 2022-11-22 18:41:01 +01:00
Tom Cosgrove
d66d5b2fef Add unit tests for mbedtls_mpi_core_sub_int(), MPI A - scalar b 
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
 2022-11-22 15:07:31 +00:00
Valerio Setti
99d88c1ab4 tls: psa_pake: fix missing casting in mbedtls_psa_ecjpake_write_round 
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
 2022-11-22 16:03:43 +01:00
Tom Cosgrove
452c99c173 Use mbedtls_mpi_core_sub_int() in mbedtls_mpi_sub_abs() 
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
 2022-11-22 14:58:15 +00:00
Tom Cosgrove
f7ff4c9a11 Tidy up, remove MPI_CORE(), and apply the naming convention 
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
 2022-11-22 14:58:15 +00:00
Hanno Becker
d9b2348d8f Extract MPI_CORE(sub_int) from the prototype 
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
 2022-11-22 14:58:15 +00:00
Bence Szépkúti
a17d038ee1 Merge branch 'development' into pr3431 2022-11-22 15:54:52 +01:00
Janos Follath
0fc88779ec
Merge pull request #6632 from yanesca/refactor_bignum_test_framework 
Refactor bignum test framework
 2022-11-22 14:53:58 +00:00
Gilles Peskine
a08103aa94
Merge pull request #6611 from gilles-peskine-arm/run-test-suites-out-of-tree 
Fix run-test-suites.pl in out-of-tree builds
 2022-11-22 15:01:13 +01:00
Gilles Peskine
4f19d86e3f
Merge pull request #6608 from mprse/ecjpake_password_fix 
Make a copy of the password key in operation object while setting j-pake password
 2022-11-22 14:52:12 +01:00
Ronald Cron
da13072c5b tls13: Make ..._RECEIVED_NEW_SESSION_TICKET experimental 
We are considering using a callback instead.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-11-22 13:21:13 +01:00
Manuel Pégourié-Gonnard
18a3856a03 Document another limitation of driver-only hashes 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-11-22 11:59:55 +01:00
Valerio Setti
d4a9b1ab8d tls: psa_pake: remove useless defines and fix a comment 
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
 2022-11-22 11:11:10 +01:00
Xiaokang Qian
8bee89994d Add parse function for early data in encrypted extentions 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2022-11-22 09:40:07 +00:00
Przemek Stekiel
0bdec19c93 Further optimizations of pake set_password implementation 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-11-22 09:10:35 +01:00
Ronald Cron
c2e110f445 tls13: Disable MBEDTLS_SSL_EARLY_DATA by default 
Eventually we want it to be enabled by default
when TLS 1.3 is enabled but currently the
feature is on development thus it should not be
enabled by default.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-11-22 09:01:46 +01:00
Jerry Yu
fdd24b8c49 Revert change in flight transmit 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-11-22 14:08:03 +08:00
Gilles Peskine
339406daf9
Merge pull request #6609 from gilles-peskine-arm/mpi_sint-min-ub 
Fix undefined behavior in bignum: NULL+0 and -most-negative-sint
 2022-11-21 19:51:58 +01:00
Gilles Peskine
8b85b4835e
Merge pull request #6617 from tom-cosgrove-arm/call-mbedtls_mpi_mod_modulus_init-first-final-2 
Must call mbedtls_mpi_mod_modulus_init() before anything else in tests
 2022-11-21 19:50:20 +01:00
Przemek Stekiel
f82effa982 Optimize pake test code 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-11-21 15:10:32 +01:00
Przemek Stekiel
ad0f357178 Optimize pake code that sets/use password key 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-11-21 15:04:37 +01:00
Przemek Stekiel
e2d6b5f45b psa_key_slot_get_slot_number: Move documentation to header file 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-11-21 15:03:52 +01:00
Valerio Setti
5151bdf46e tls: psa_pake: add missing braces 
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
 2022-11-21 14:30:02 +01:00
Valerio Setti
79f6b6bb1b tls: psa_pake: fixing mbedtls_psa_ecjpake_write_round() 
It might happen that the psa_pake_output() function returns
elements which are not exactly 32 or 65 bytes as expected, but
1 bytes less.
As a consequence, insted of hardcoding the expected value for
the length in the output buffer, we write the correct one as
obtained from psa_pake_output()

Signed-off-by: Valerio Setti <vsetti@baylibre.com>
 2022-11-21 14:17:03 +01:00
Przemek Stekiel
cd356c3cdb Add ec-jpake test to verify if key can be destroyed after set_password_key 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-11-21 12:25:21 +01:00
Dave Rodgman
9e1836cc16
Merge pull request #6593 from Mbed-TLS/fix_tls12_sent_sigalgs 
Fix TLS1.2 signature algorithms list entry getting overwritten by length.
 2022-11-21 10:09:57 +00:00
Janos Follath
f352c67bc3 Bignum tests: use default dataset in mod_raw 
While at it, flatten class hierarchy as well.

Signed-off-by: Janos Follath <janos.follath@arm.com>
 2022-11-21 08:56:15 +00:00
Janos Follath
f45797652f Bignum tests: set unique combinations off by default 
Normally we need all the combinations, unique combinations make sense
only if the operation is commutative.

No changes to generated tests.

Signed-off-by: Janos Follath <janos.follath@arm.com>
 2022-11-21 08:56:14 +00:00
Janos Follath
76c21bd242 Bignum tests: flatten class hierarchy in _core 
There is no semantic changes to the generated tests, the order of the
test blocks has changed.

Signed-off-by: Janos Follath <janos.follath@arm.com>
 2022-11-21 08:56:14 +00:00