Commit graph

24155 commits

Author SHA1 Message Date
Przemek Stekiel
f309d6b7fb Fix peer user mismatch after rebase
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-03-12 16:59:28 +01:00
Przemek Stekiel
8b429ba414 Add change log entry (EC j-pake driver dispatch)
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-03-12 16:59:28 +01:00
Przemek Stekiel
18cd6c908c Use local macros for j-pake slient/server strings
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-03-12 16:59:28 +01:00
Przemek Stekiel
aa1834254e Fix code style
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-03-12 16:59:28 +01:00
Przemek Stekiel
09104b8712 rework psa_pake_set_role to be consistent with requirements and adapt tests
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-03-12 16:59:28 +01:00
Przemek Stekiel
f15d335f5b ecjpake_setup: clean up handling of errors
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-03-12 16:59:28 +01:00
Przemek Stekiel
d7f6ad7bc8 Minor fixes (comments, cleanup)
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-03-12 16:59:28 +01:00
Przemek Stekiel
9cc1786e46 Add chenage log entry for j-pake user/peer partial fix
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-03-12 16:59:20 +01:00
Dave Rodgman
8e528ece74 Disable test under MBEDTLS_MEMORY_BUFFER_ALLOC_C
This test allocates too much memory to work when the alternative
memory allocator is used.

Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-03-12 13:30:56 +00:00
Dave Rodgman
45bed94406 Add parse failure test when MBEDTLS_RSA_C not set
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-03-12 10:01:02 +00:00
Dave Rodgman
651fb529f9 Make pkcs7_parse test not depend on MBEDTLS_RSA_C
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-03-12 10:00:44 +00:00
Dave Rodgman
4fa8590b62 Fix test dependency
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-03-12 09:34:08 +00:00
Dave Rodgman
25b2dfa6da Fix comment typo
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-03-12 08:50:58 +00:00
Dave Rodgman
957cc36be9 Improve wording; use PKCS #7 not PKCS7
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-03-12 08:50:58 +00:00
Dave Rodgman
3fe2abf306 Apply suggestions from code review
Co-authored-by: Tom Cosgrove <tom.cosgrove@arm.com>
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-03-12 08:50:58 +00:00
Dave Rodgman
d12b592bc1 Changelog
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-03-12 08:50:58 +00:00
Dave Rodgman
7c33b0cac6 Remove pre-production warnings
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-03-12 08:50:58 +00:00
Dave Rodgman
3ef7a6af12
Merge pull request #7269 from daverodgman/pkcs7-no-datetime 2023-03-11 12:57:54 +00:00
Dave Rodgman
f8565b3c2b Add more PKCS #7 tests with expired cert
Add test which uses an expired cert but is otherwise OK, which
passes if and only if MBEDTLS_HAVE_TIME_DATE is not set.

Add similar test which verifies against a different data file,
which must fail regardless of MBEDTLS_HAVE_TIME_DATE.

Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-03-11 10:26:39 +00:00
Dave Rodgman
2e8442565a Add PKCS #7 test files using expired cert
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-03-11 10:24:30 +00:00
Dave Rodgman
cc77fe8e52 Fix PKCS #7 tests when MBEDTLS_HAVE_TIME_DATE unset
Ensure that verification of an expired cert still fails, but
update the test to handle the different error code.

Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-03-11 09:46:13 +00:00
Dave Rodgman
9c9601bac5
Merge pull request #7247 from daverodgman/zero-signers 2023-03-10 18:44:11 +00:00
Dave Rodgman
d51b1c5666 Remove duplicate test macros
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-03-10 17:44:08 +00:00
Manuel Pégourié-Gonnard
2301a80a73
Merge pull request #7245 from mpg/driver-only-ecdsa-wrapup
Driver-only ecdsa wrapup
2023-03-10 17:23:29 +01:00
Przemek Stekiel
55ceff6d2f Code optimization and style fixes
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-03-10 14:36:16 +01:00
Dave Rodgman
ca43e0d0ac Fix test file extension
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-03-10 13:06:01 +00:00
Dave Rodgman
f2f2dbcfd7 Add test case for PKCS7 file with zero signers
The test file was created by manually modifying
tests/data_files/pkcs7_data_without_cert_signed.der, using
ASN.1 JavaScript decoder  https://lapo.it/asn1js/

Changes made:
The SignerInfos set was truncated to zero length.
All the parent sequences, sets, etc were then adjusted
for their new reduced length.

Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-03-10 12:52:00 +00:00
Manuel Pégourié-Gonnard
c2495f78e6 Add a ChangeLog entry for driver-only ECDSA
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-03-10 12:37:16 +01:00
Manuel Pégourié-Gonnard
439dbc5c60 Fix dependency for TLS 1.3 as well
Turns out TLS 1.3 is using the PK layer for signature generation &
verification, and the PK layer is influenced by USE_PSA_CRYPTO.

Also update docs/use-psa-crypto.md accordingly.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-03-10 12:37:15 +01:00
Manuel Pégourié-Gonnard
45bcb6aac8 Fix dependencies of 1.2 ECDSA key exchanges
Having ECDSA in PSA doesn't help if we're not using PSA from TLS 1.2...

Also, move the definition of PSA_HAVE_FULL_ECDSA outside the
MBEDTLS_PSA_CRYPTO_CONFIG guards so that it is available in all cases.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-03-10 12:37:15 +01:00
Dave Rodgman
ac447837d3
Merge pull request #7206 from xkqian/test_memory_management_in_pkcs7
Test memory management in pkcs7
2023-03-10 11:29:50 +00:00
Przemek Stekiel
e9254a0e55 Adapt driver dispatch documentation for user/peer getters
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>

Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-03-10 09:18:03 +01:00
Przemek Stekiel
4cd20313fe Use user/peer instead role in jpake TLS code
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-03-10 09:18:03 +01:00
Przemek Stekiel
f3ae020c37 Use user/peer instead role in jpake driver-wrapper tests
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-03-10 09:18:03 +01:00
Przemek Stekiel
af94c13b2c Add tests for user/peer input getters
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-03-10 09:18:03 +01:00
Przemek Stekiel
1e7a927118 Add input getters for jpake user and peer
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-03-10 09:18:03 +01:00
Przemek Stekiel
0c946e9aa9 Addapt jpake tests and add cases for set_user, set_peer
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-03-10 09:18:03 +01:00
Przemek Stekiel
26c909d587 Enable support for user/peer for JPAKE
This is only partial support. Only 'client' and 'server' values are accepted for peer and user.
Remove support for role.

Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-03-10 09:18:02 +01:00
Gilles Peskine
a4c6a3c355
Merge pull request #7237 from davidhorstmann-arm/move-getting-started-guide
Move docs/getting_started.md to docs repo
2023-03-09 23:31:25 +01:00
Gilles Peskine
4da92832b0
Merge pull request #7117 from valeriosetti/issue6862
driver-only ECDSA: enable ECDSA-based TLS 1.2 key exchanges
2023-03-09 20:49:44 +01:00
Gilles Peskine
a25203c5f9
Merge pull request #7208 from paul-elliott-arm/interruptible_sign_hash_new_verify_tests
Interruptible_{sign|verify}_hash: Add public key verification tests
2023-03-09 20:48:13 +01:00
Dave Rodgman
bf4016e5d5
Merge pull request #6567 from mprse/ecjpake-driver-dispatch 2023-03-09 19:23:05 +00:00
Tom Cosgrove
94e841290d Don't check prerequisites for MBEDTLS_AESCE_C if we won't use it
Fixes #7234

Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2023-03-09 17:17:42 +00:00
Dave Rodgman
8657e3280a Add corrupt PKCS #7 test files
Generated by running "make <filename>" and commiting the result.

Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-03-09 15:59:15 +00:00
valerio
2bf85e349d ssl-opt: enable test for accelerated ECDH + USE_PSA
Signed-off-by: valerio <valerio.setti@nordicsemi.no>
2023-03-09 16:39:07 +01:00
valerio
f27472b128 ssl-opt: enable test and fix failures for reference ECDH + USE_PSA"
Signed-off-by: valerio <valerio.setti@nordicsemi.no>
2023-03-09 16:20:38 +01:00
Przemek Stekiel
89e268dfb9 Add change log entry (SubjectAltName extension in CSR)
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-03-09 14:04:17 +01:00
Przemek Stekiel
42510a91c4 Use for loop instead while loop
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-03-09 14:04:17 +01:00
Przemek Stekiel
68ca81c8fe Change separator for SAN names to ';'
When ';' is used as a separator san names must be provided in quotation marks:
./cert_req filename=../../tests/data_files/server8.key subject_name=dannybackx.hopto.org san="URI:http://pki.example.com/;IP:127.1.1.0;DNS:example.com"

Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-03-09 14:04:11 +01:00
Gabor Mezei
fffd6d9ded
Fix maximum cannonical value
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2023-03-09 13:43:15 +01:00