Commit graph

23905 commits

Author SHA1 Message Date
Jan Bruckner
a0589e75a0 Changes from review
Signed-off-by: Jan Bruckner <jan@janbruckner.de>
2023-03-15 11:04:45 +01:00
Jan Bruckner
151f64283f Add parsing for Record Size Limit extension in TLS 1.3
Fixes #7007

Signed-off-by: Jan Bruckner <jan@janbruckner.de>
2023-03-14 08:41:25 +01:00
Jan Bruckner
5a3629b613 Fix debug print of encrypted extensions
Perform debug print of encrypted extensions buffer only after the buffer length was checked successfully

Signed-off-by: Jan Bruckner <jan@janbruckner.de>
2023-03-14 08:41:25 +01:00
Dave Rodgman
2ba9794adc
Merge pull request #7224 from gilles-peskine-arm/readme-pip
Improve python and pip instructions
2023-03-13 13:02:57 +00:00
Dave Rodgman
6c9cea8feb
Merge pull request #7260 from daverodgman/test-macro-cleanup
Remove duplicate test macros
2023-03-13 11:34:38 +00:00
Dave Rodgman
756b028511
Merge pull request #7171 from daverodgman/pr5527
Fix undefined behavior in ssl_read if buf parameter is NULL
2023-03-13 10:46:29 +00:00
Dave Rodgman
3ef7a6af12
Merge pull request #7269 from daverodgman/pkcs7-no-datetime 2023-03-11 12:57:54 +00:00
Dave Rodgman
f8565b3c2b Add more PKCS #7 tests with expired cert
Add test which uses an expired cert but is otherwise OK, which
passes if and only if MBEDTLS_HAVE_TIME_DATE is not set.

Add similar test which verifies against a different data file,
which must fail regardless of MBEDTLS_HAVE_TIME_DATE.

Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-03-11 10:26:39 +00:00
Dave Rodgman
2e8442565a Add PKCS #7 test files using expired cert
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-03-11 10:24:30 +00:00
Dave Rodgman
cc77fe8e52 Fix PKCS #7 tests when MBEDTLS_HAVE_TIME_DATE unset
Ensure that verification of an expired cert still fails, but
update the test to handle the different error code.

Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-03-11 09:46:13 +00:00
Dave Rodgman
9c9601bac5
Merge pull request #7247 from daverodgman/zero-signers 2023-03-10 18:44:11 +00:00
Dave Rodgman
d51b1c5666 Remove duplicate test macros
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-03-10 17:44:08 +00:00
Manuel Pégourié-Gonnard
2301a80a73
Merge pull request #7245 from mpg/driver-only-ecdsa-wrapup
Driver-only ecdsa wrapup
2023-03-10 17:23:29 +01:00
Dave Rodgman
ca43e0d0ac Fix test file extension
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-03-10 13:06:01 +00:00
Dave Rodgman
f2f2dbcfd7 Add test case for PKCS7 file with zero signers
The test file was created by manually modifying
tests/data_files/pkcs7_data_without_cert_signed.der, using
ASN.1 JavaScript decoder  https://lapo.it/asn1js/

Changes made:
The SignerInfos set was truncated to zero length.
All the parent sequences, sets, etc were then adjusted
for their new reduced length.

Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-03-10 12:52:00 +00:00
Manuel Pégourié-Gonnard
c2495f78e6 Add a ChangeLog entry for driver-only ECDSA
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-03-10 12:37:16 +01:00
Manuel Pégourié-Gonnard
439dbc5c60 Fix dependency for TLS 1.3 as well
Turns out TLS 1.3 is using the PK layer for signature generation &
verification, and the PK layer is influenced by USE_PSA_CRYPTO.

Also update docs/use-psa-crypto.md accordingly.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-03-10 12:37:15 +01:00
Manuel Pégourié-Gonnard
45bcb6aac8 Fix dependencies of 1.2 ECDSA key exchanges
Having ECDSA in PSA doesn't help if we're not using PSA from TLS 1.2...

Also, move the definition of PSA_HAVE_FULL_ECDSA outside the
MBEDTLS_PSA_CRYPTO_CONFIG guards so that it is available in all cases.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-03-10 12:37:15 +01:00
Dave Rodgman
ac447837d3
Merge pull request #7206 from xkqian/test_memory_management_in_pkcs7
Test memory management in pkcs7
2023-03-10 11:29:50 +00:00
Gilles Peskine
a4c6a3c355
Merge pull request #7237 from davidhorstmann-arm/move-getting-started-guide
Move docs/getting_started.md to docs repo
2023-03-09 23:31:25 +01:00
Gilles Peskine
4da92832b0
Merge pull request #7117 from valeriosetti/issue6862
driver-only ECDSA: enable ECDSA-based TLS 1.2 key exchanges
2023-03-09 20:49:44 +01:00
Gilles Peskine
a25203c5f9
Merge pull request #7208 from paul-elliott-arm/interruptible_sign_hash_new_verify_tests
Interruptible_{sign|verify}_hash: Add public key verification tests
2023-03-09 20:48:13 +01:00
Dave Rodgman
bf4016e5d5
Merge pull request #6567 from mprse/ecjpake-driver-dispatch 2023-03-09 19:23:05 +00:00
Dave Rodgman
8657e3280a Add corrupt PKCS #7 test files
Generated by running "make <filename>" and commiting the result.

Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-03-09 15:59:15 +00:00
Przemek Stekiel
b8eaf635ba Remove MBEDTLS_SHA256_C from PSA_WANT_ALG_JPAKE config and adapt test dependencies
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-03-09 12:14:26 +01:00
David Horstmann
369930dec2 Move docs/getting_started.md to docs repo
Delete docs/getting_started.md as it has been moved to the dedicated
documentation repo.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
2023-03-09 09:52:13 +00:00
Janos Follath
9e1d889766
Merge pull request #7231 from tom-cosgrove-arm/update-changelog-230308
Update ChangeLog to make "fix" explicit
2023-03-09 08:47:49 +00:00
Dave Rodgman
5e5aa4a4e6
Merge pull request #7218 from tom-cosgrove-arm/fix-typos-230307
Fix typos in development prior to release
2023-03-08 17:19:59 +00:00
Dave Rodgman
51b62ef23d
Merge pull request #7228 from tom-cosgrove-arm/fix-alignment.h-on-32-bit-systems
Fix mbedtls_bswap64() on 32-bit systems
2023-03-08 17:19:29 +00:00
Manuel Pégourié-Gonnard
913d9bb921
Merge pull request #7162 from valeriosetti/issue7055
Legacy MBEDTLS_PK_PARSE_C and MBEDTLS_PK_WRITE_C dependencies in test_suite_psa_crypto
2023-03-08 17:07:19 +01:00
Valerio Setti
1470ce3eba fix typos
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-03-08 16:50:12 +01:00
Valerio Setti
2f081473b6 test: fix disparities in test_suite_ssl
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-03-08 16:47:28 +01:00
Valerio Setti
75fba32cb3 ssl: use new macros for ECDSA capabilities
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-03-08 16:47:28 +01:00
Valerio Setti
30c4618970 Add new PSA_HAS_FULL_ECDSA macro for easily signal that PSA has full ECDSA support
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-03-08 16:47:28 +01:00
Valerio Setti
f84b7d5c21 test: enable ECDSA based key exchanges in driver coverage tests
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-03-08 16:47:28 +01:00
Tom Cosgrove
b3c6a1e04a Update ChangeLog to make "fix" explicit
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2023-03-08 15:47:00 +00:00
Manuel Pégourié-Gonnard
289e5baa83
Merge pull request #7082 from valeriosetti/issue6861
driver-only ECDSA: add ssl-opt.sh testing with testing parity
2023-03-08 16:45:38 +01:00
Tom Cosgrove
bbe166e721 Fix mbedtls_bswap64() on 32-bit systems
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2023-03-08 13:23:24 +00:00
Tom Cosgrove
c15a2b949d Update the text about gcc5 support for Armv8 CE
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2023-03-08 12:55:48 +00:00
Valerio Setti
733de595e3 psa_crypto_rsa: remove PK_WRITE_C in psa_rsa_export_key
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-03-08 11:03:09 +01:00
Valerio Setti
c0e7da55c5 test: removing remaning dependencies of PK_WRITE/PK_PARSE from test_suite_psa_crypto suites
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-03-08 11:03:09 +01:00
Valerio Setti
73a218513b psa_crypto_rsa: add comment/explanation for residual PK_WRITE_C guard
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-03-08 11:03:09 +01:00
Valerio Setti
f9bc5b75f1 test: remove dependencies on PK_WRITE and PK_PARSE from test_suite_psa_crypto suites
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-03-08 11:03:09 +01:00
Valerio Setti
ccfad9ae0e ssl-opt: remove remaining redundant dependencies
There were some dependencies that are now automatically satisfied by the
detect_required_features() function.

After this check there should be no redundant requirement for:
- requires_pk_alg "ECDSA"
- requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_ECDSA_CERT
- requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-03-08 10:25:05 +01:00
Valerio Setti
3b2c02821e ssl-opt: return to previous debug level in test
This was a leftover from some debug activity that unfortunately ended up
in previous commits.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-03-08 10:22:29 +01:00
Przemek Stekiel
691e91adac Further pake code optimizations
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-03-08 09:54:00 +01:00
Gilles Peskine
429e90153c Improve pip instructions
Our build scripts invoke `python3` in preference to `python`, so make the
default instruction use `python3`. On many systems (macOS, some Linux),
`python` invokes Python 2 which our scripts do not support.

Suggest --user by default. It's usually the right thing outside of venvs.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-03-07 20:40:04 +01:00
Gilles Peskine
ed7b5978cd
Merge pull request #6172 from gilles-peskine-arm/doc-tls13-psa_crypto_init
Document the need to call psa_crypto_init for TLS 1.3
2023-03-07 20:13:53 +01:00
Gilles Peskine
a2fc399f57
Merge pull request #6829 from AndrzejKurek/unify-psa-errors
Unify PSA to Mbed TLS error translation
2023-03-07 19:55:44 +01:00
Gilles Peskine
12e3c8e019
Merge pull request #7168 from mpg/use-md
Use MD (not low-level hash interface) in X.509 and TLS
2023-03-07 19:55:12 +01:00