Commit graph

23317 commits

Author SHA1 Message Date
Dave Rodgman
a476363042 Restore more test guards
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-02-11 18:36:23 +00:00
Dave Rodgman
d26d7445b8 Restore guards on a couple of tests
These tests check for failures, but can only fail where SIZE_MAX
exceeds some limit (UINT_MAX or UINT32_MAX) and do not fail
in this way otherwise - so guards are needed.

Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-02-11 17:22:03 +00:00
Dave Rodgman
54647737f6 Add checks to selftest
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-02-10 16:16:17 +00:00
Dave Rodgman
4a5c9ee7f2 Remove redundant SIZE_MAX guards
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-02-10 16:03:44 +00:00
Dave Rodgman
37296a413a Document SIZE_MAX requirement in README.md
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-02-10 15:39:22 +00:00
Gilles Peskine
928593f732
Merge pull request #7041 from gilles-peskine-arm/pk_ext-pss_options-public
Make the fields of mbedtls_pk_rsassa_pss_options public
2023-02-10 15:08:06 +01:00
Gilles Peskine
3196ceb2fb
Merge pull request #7052 from yanrayw/7008-compatsh-disable-VERIFY-for-PSK
compat.sh: remove VERIFY and duplicate test cases for PSK
2023-02-10 15:07:27 +01:00
Gilles Peskine
b009559c8f
Merge pull request #7049 from KloolK/typos
Fix typos
2023-02-10 15:07:07 +01:00
Gilles Peskine
b8531c4b0b
Merge pull request #6882 from AndrzejKurek/x509_san_parsing_testing-dev
X.509: Fix bug in SAN parsing and enhance negative testing
2023-02-10 15:05:32 +01:00
Dave Rodgman
a22749e749
Merge pull request #6816 from nick-child-ibm/pkcs7_coverage
Pkcs7 coverage
2023-02-10 12:55:29 +00:00
Ronald Cron
834e65d47f
Merge pull request #6499 from xkqian/tls13_write_end_of_early_data
Tls13 write end of early data
2023-02-10 11:08:22 +01:00
Manuel Pégourié-Gonnard
cf1c16af6e
Merge pull request #6925 from gilles-peskine-arm/coding-style-doc
Switch to the new coding style: documentation
2023-02-10 10:05:27 +01:00
Dave Rodgman
78c6f40736
Fix code-style
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-02-09 09:21:14 +00:00
Dave Rodgman
4f70b3cdb4
Fix pylint warning
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-02-08 16:40:40 +00:00
Nick Child
14f255f332 pkcs7: Remove unnecessary dependencies
stdio, stdlib and string header files are not
used. Remove them.

Signed-off-by: Nick Child <nick.child@ibm.com>
2023-02-08 15:38:48 +00:00
Nick Child
c7c94df715 pkcs7/test: Format generate test script
Adhere to syntax and format recommendations
from check-python-files.py

Signed-off-by: Nick Child <nick.child@ibm.com>
2023-02-08 15:38:48 +00:00
Manuel Pégourié-Gonnard
9cb1aa21c4
Merge pull request #6970 from valeriosetti/issue6857
driver-only ECDSA: get testing parity in PK
2023-02-08 13:33:15 +01:00
Xiaokang Qian
0de0d863b6 Rebase code to restore reco-delay and fix some style issues
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2023-02-08 07:41:42 +00:00
Yanray Wang
303829709d compat.sh: simplify code of iterating on VERIFY for PSK tests
Since PSK cipher suites do not allow client certificate verification,
PSK test cases should be executed under VERIFY=NO. SUB_VERIFIES is
used to constrain verification option for PSK tests.

With aforementioned change, the latter check of
$VERIFY=YES && $TYPE!=PSK is redundant so it's removed.

Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-02-08 14:58:35 +08:00
Xiaokang Qian
8dc4ce76c7 Fix various coding style and comment issues
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2023-02-08 05:47:48 +00:00
Xiaokang Qian
6b980011e5 Replace session_negotiate->ciphersuite with handshake->ciphersuite_info->id
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2023-02-08 05:47:48 +00:00
Xiaokang Qian
53c4c27d35 Update the comment of ciphersuite check for early data
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2023-02-08 05:47:48 +00:00
Xiaokang Qian
64bc9bc33d Add comments to describe the early data behavior-encrypt/rejected...
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2023-02-08 05:47:48 +00:00
Xiaokang Qian
e04afdc44f Refine the condition of whether re-generate early keys
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2023-02-08 05:47:48 +00:00
Xiaokang Qian
eb31cbc791 Share the hash check code between ticket and external psk
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2023-02-08 05:47:48 +00:00
Xiaokang Qian
4ef8ba2938 Assign the ciphersuite in finalize_hrr{server_hello}
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2023-02-08 05:47:48 +00:00
Xiaokang Qian
bb883244aa Remove useless comments of outbound switch
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2023-02-08 05:47:48 +00:00
Xiaokang Qian
02f5e14073 Combine the alert check of selected_id and ciphercuite
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2023-02-08 05:47:48 +00:00
Xiaokang Qian
934ce6f6a9 Rename the finalize_client{server}_hello()
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2023-02-08 05:47:48 +00:00
Xiaokang Qian
ac4c625dea Add hash check of ciphersuite for ticket psk
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2023-02-08 05:47:48 +00:00
Xiaokang Qian
6be8290aba Change to CCS after client hello only if we offer early data
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2023-02-08 05:47:48 +00:00
Xiaokang Qian
7179f810f1 Restore the empty lines
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2023-02-08 05:47:48 +00:00
Xiaokang Qian
b58462157e Refine the ciphersuite and select id check for early data
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2023-02-08 05:47:48 +00:00
Xiaokang Qian
44051f6376 Refine the state change after write client hello
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2023-02-08 05:47:48 +00:00
Xiaokang Qian
7892b6caad Refine the comment about generating early secrects in post server hello
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2023-02-08 05:47:48 +00:00
Xiaokang Qian
bd0ab06d50 Skip CCS once we proposed early data even it is rejected
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2023-02-08 05:47:48 +00:00
Xiaokang Qian
f6d8fd3d6b Improve the coding style of new lines
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2023-02-08 05:47:48 +00:00
Xiaokang Qian
79f77528f5 Move state change to finalize client hello
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2023-02-08 05:47:47 +00:00
Xiaokang Qian
3f616c2493 Move selected_identity zero check to post_server_hello
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2023-02-08 05:47:47 +00:00
Xiaokang Qian
1d8e86ce00 Get hash_alg by mbedtls_psa_translate_md
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2023-02-08 05:47:47 +00:00
Xiaokang Qian
ea28a78384 Revert new field and check ciphersuite match when resume by exist info_id
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2023-02-08 05:47:47 +00:00
Xiaokang Qian
4224244883 Improve coding styles and add comments
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2023-02-08 05:47:47 +00:00
Xiaokang Qian
33ff868dca Fix various errors
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2023-02-08 05:47:47 +00:00
Xiaokang Qian
43a83f247c Move the place where call set_outbound_transform to switch handshake key
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2023-02-08 05:47:47 +00:00
Xiaokang Qian
907461319a Fix compile error and warnings
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2023-02-08 05:47:47 +00:00
Xiaokang Qian
f10f474981 Check server selected cipher suite indicating a Hash associated with the PSK
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2023-02-08 05:47:47 +00:00
Xiaokang Qian
592021aceb Add CCS after client hello in case of early data and comp mode
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2023-02-08 05:47:47 +00:00
Xiaokang Qian
303f82c5b9 Skip generating early secrets in some cases
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2023-02-08 05:47:47 +00:00
Xiaokang Qian
b46275c7ec Add TLS1_3 guard to finalize_write_client_hello() to fix compile issue
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2023-02-08 05:47:43 +00:00
Xiaokang Qian
2a674937dd Pend a illeagal allert when selected_identity isn't 0
Handshake should abort will illeagal parameter allert when
receiving early data extentions but the selected_identity
parsed from pre-share key isn't equal to 0.

Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2023-02-08 05:46:48 +00:00