Przemek Stekiel
f309d6b7fb
Fix peer user mismatch after rebase
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-03-12 16:59:28 +01:00
Przemek Stekiel
8b429ba414
Add change log entry (EC j-pake driver dispatch)
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-03-12 16:59:28 +01:00
Przemek Stekiel
18cd6c908c
Use local macros for j-pake slient/server strings
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-03-12 16:59:28 +01:00
Przemek Stekiel
aa1834254e
Fix code style
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-03-12 16:59:28 +01:00
Przemek Stekiel
09104b8712
rework psa_pake_set_role to be consistent with requirements and adapt tests
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-03-12 16:59:28 +01:00
Przemek Stekiel
f15d335f5b
ecjpake_setup: clean up handling of errors
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-03-12 16:59:28 +01:00
Przemek Stekiel
d7f6ad7bc8
Minor fixes (comments, cleanup)
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-03-12 16:59:28 +01:00
Przemek Stekiel
9cc1786e46
Add chenage log entry for j-pake user/peer partial fix
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-03-12 16:59:20 +01:00
Dave Rodgman
8e528ece74
Disable test under MBEDTLS_MEMORY_BUFFER_ALLOC_C
...
This test allocates too much memory to work when the alternative
memory allocator is used.
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-03-12 13:30:56 +00:00
Dave Rodgman
45bed94406
Add parse failure test when MBEDTLS_RSA_C not set
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-03-12 10:01:02 +00:00
Dave Rodgman
651fb529f9
Make pkcs7_parse test not depend on MBEDTLS_RSA_C
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-03-12 10:00:44 +00:00
Dave Rodgman
4fa8590b62
Fix test dependency
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-03-12 09:34:08 +00:00
Dave Rodgman
25b2dfa6da
Fix comment typo
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-03-12 08:50:58 +00:00
Dave Rodgman
957cc36be9
Improve wording; use PKCS #7 not PKCS7
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-03-12 08:50:58 +00:00
Dave Rodgman
3fe2abf306
Apply suggestions from code review
...
Co-authored-by: Tom Cosgrove <tom.cosgrove@arm.com>
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-03-12 08:50:58 +00:00
Dave Rodgman
d12b592bc1
Changelog
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-03-12 08:50:58 +00:00
Dave Rodgman
7c33b0cac6
Remove pre-production warnings
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-03-12 08:50:58 +00:00
Dave Rodgman
3ef7a6af12
Merge pull request #7269 from daverodgman/pkcs7-no-datetime
2023-03-11 12:57:54 +00:00
Dave Rodgman
f8565b3c2b
Add more PKCS #7 tests with expired cert
...
Add test which uses an expired cert but is otherwise OK, which
passes if and only if MBEDTLS_HAVE_TIME_DATE is not set.
Add similar test which verifies against a different data file,
which must fail regardless of MBEDTLS_HAVE_TIME_DATE.
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-03-11 10:26:39 +00:00
Dave Rodgman
2e8442565a
Add PKCS #7 test files using expired cert
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-03-11 10:24:30 +00:00
Dave Rodgman
cc77fe8e52
Fix PKCS #7 tests when MBEDTLS_HAVE_TIME_DATE unset
...
Ensure that verification of an expired cert still fails, but
update the test to handle the different error code.
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-03-11 09:46:13 +00:00
Dave Rodgman
9c9601bac5
Merge pull request #7247 from daverodgman/zero-signers
2023-03-10 18:44:11 +00:00
Dave Rodgman
d51b1c5666
Remove duplicate test macros
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-03-10 17:44:08 +00:00
Manuel Pégourié-Gonnard
2301a80a73
Merge pull request #7245 from mpg/driver-only-ecdsa-wrapup
...
Driver-only ecdsa wrapup
2023-03-10 17:23:29 +01:00
Przemek Stekiel
55ceff6d2f
Code optimization and style fixes
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-03-10 14:36:16 +01:00
Dave Rodgman
ca43e0d0ac
Fix test file extension
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-03-10 13:06:01 +00:00
Dave Rodgman
f2f2dbcfd7
Add test case for PKCS7 file with zero signers
...
The test file was created by manually modifying
tests/data_files/pkcs7_data_without_cert_signed.der, using
ASN.1 JavaScript decoder https://lapo.it/asn1js/
Changes made:
The SignerInfos set was truncated to zero length.
All the parent sequences, sets, etc were then adjusted
for their new reduced length.
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-03-10 12:52:00 +00:00
Manuel Pégourié-Gonnard
c2495f78e6
Add a ChangeLog entry for driver-only ECDSA
...
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-03-10 12:37:16 +01:00
Manuel Pégourié-Gonnard
439dbc5c60
Fix dependency for TLS 1.3 as well
...
Turns out TLS 1.3 is using the PK layer for signature generation &
verification, and the PK layer is influenced by USE_PSA_CRYPTO.
Also update docs/use-psa-crypto.md accordingly.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-03-10 12:37:15 +01:00
Manuel Pégourié-Gonnard
45bcb6aac8
Fix dependencies of 1.2 ECDSA key exchanges
...
Having ECDSA in PSA doesn't help if we're not using PSA from TLS 1.2...
Also, move the definition of PSA_HAVE_FULL_ECDSA outside the
MBEDTLS_PSA_CRYPTO_CONFIG guards so that it is available in all cases.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-03-10 12:37:15 +01:00
Dave Rodgman
ac447837d3
Merge pull request #7206 from xkqian/test_memory_management_in_pkcs7
...
Test memory management in pkcs7
2023-03-10 11:29:50 +00:00
Przemek Stekiel
e9254a0e55
Adapt driver dispatch documentation for user/peer getters
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-03-10 09:18:03 +01:00
Przemek Stekiel
4cd20313fe
Use user/peer instead role in jpake TLS code
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-03-10 09:18:03 +01:00
Przemek Stekiel
f3ae020c37
Use user/peer instead role in jpake driver-wrapper tests
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-03-10 09:18:03 +01:00
Przemek Stekiel
af94c13b2c
Add tests for user/peer input getters
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-03-10 09:18:03 +01:00
Przemek Stekiel
1e7a927118
Add input getters for jpake user and peer
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-03-10 09:18:03 +01:00
Przemek Stekiel
0c946e9aa9
Addapt jpake tests and add cases for set_user, set_peer
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-03-10 09:18:03 +01:00
Przemek Stekiel
26c909d587
Enable support for user/peer for JPAKE
...
This is only partial support. Only 'client' and 'server' values are accepted for peer and user.
Remove support for role.
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-03-10 09:18:02 +01:00
Gilles Peskine
a4c6a3c355
Merge pull request #7237 from davidhorstmann-arm/move-getting-started-guide
...
Move docs/getting_started.md to docs repo
2023-03-09 23:31:25 +01:00
Gilles Peskine
4da92832b0
Merge pull request #7117 from valeriosetti/issue6862
...
driver-only ECDSA: enable ECDSA-based TLS 1.2 key exchanges
2023-03-09 20:49:44 +01:00
Gilles Peskine
a25203c5f9
Merge pull request #7208 from paul-elliott-arm/interruptible_sign_hash_new_verify_tests
...
Interruptible_{sign|verify}_hash: Add public key verification tests
2023-03-09 20:48:13 +01:00
Dave Rodgman
bf4016e5d5
Merge pull request #6567 from mprse/ecjpake-driver-dispatch
2023-03-09 19:23:05 +00:00
Tom Cosgrove
94e841290d
Don't check prerequisites for MBEDTLS_AESCE_C if we won't use it
...
Fixes #7234
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2023-03-09 17:17:42 +00:00
Dave Rodgman
8657e3280a
Add corrupt PKCS #7 test files
...
Generated by running "make <filename>" and commiting the result.
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-03-09 15:59:15 +00:00
valerio
2bf85e349d
ssl-opt: enable test for accelerated ECDH + USE_PSA
...
Signed-off-by: valerio <valerio.setti@nordicsemi.no>
2023-03-09 16:39:07 +01:00
valerio
f27472b128
ssl-opt: enable test and fix failures for reference ECDH + USE_PSA"
...
Signed-off-by: valerio <valerio.setti@nordicsemi.no>
2023-03-09 16:20:38 +01:00
Przemek Stekiel
89e268dfb9
Add change log entry (SubjectAltName extension in CSR)
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-03-09 14:04:17 +01:00
Przemek Stekiel
42510a91c4
Use for loop instead while loop
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-03-09 14:04:17 +01:00
Przemek Stekiel
68ca81c8fe
Change separator for SAN names to ';'
...
When ';' is used as a separator san names must be provided in quotation marks:
./cert_req filename=../../tests/data_files/server8.key subject_name=dannybackx.hopto.org san="URI:http://pki.example.com/;IP:127.1.1.0;DNS:example.com "
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-03-09 14:04:11 +01:00
Gabor Mezei
fffd6d9ded
Fix maximum cannonical value
...
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2023-03-09 13:43:15 +01:00