yuzu-emu/mbedtls
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
18146 commits 1 branch 0 tags 94 MiB
Commit graph

18146 commits

This branch
This branch
All branches
Author SHA1 Message Date
Ronald Cron
a55c5a1152 ssl-opt.sh: TLS 1.3: Add middlebox compatibility tests with GnuTLS 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2021-12-09 13:40:22 +01:00
Ronald Cron
7c0185fa5f ssl-opt.sh: TLS 1.3: Add some missing test dependencies 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2021-12-09 13:40:22 +01:00
Ronald Cron
49ad6197ca Add injection of dummy's ChangeCipherSpec for middlebox compatibility 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2021-12-09 13:40:22 +01:00
Ronald Cron
fdb0e3f381 ssl-opt.sh: TLS 1.3: Run tests with middlebox compatibility enabled 
Run tests with middlebox compatibility enabled but tests
dedicated to middlebox compatibility disabled.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2021-12-09 13:40:22 +01:00
Ronald Cron
7e38cba993 Add incoming ChangeCipherSpec filtering in TLS 1.3 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2021-12-09 13:40:22 +01:00
Ronald Cron
ab65c52944 Add MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE config option 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2021-12-09 13:40:22 +01:00
Manuel Pégourié-Gonnard
c38c1f2411
Merge pull request #5268 from gilles-peskine-arm/struct_reordering_3.0 
Reorder structure fields to maximize usage of immediate offset access
 2021-12-09 12:54:09 +01:00
Manuel Pégourié-Gonnard
d7d740eb6e
Merge pull request #5236 from gabor-mezei-arm/4926_base64_move_constant-time_functions 
Move base64 constant-time functions to the new module
 2021-12-09 12:40:18 +01:00
Manuel Pégourié-Gonnard
b873577fc3
Merge pull request #5240 from duckpowermb/development 
[session] fix a session copy bug
 2021-12-09 09:23:23 +01:00
Gilles Peskine
cfe74a37b9 mbedtls_ssl_handshake_params: move ecrs_ctx back further 
"mbedtls_ssl_handshake_params: reorder fields to save code size" moved this
filed earlier along with byte-sized fields that should be in the 128-element
access window on Arm Thumb. This took away precious room in the 128-byte
window. Move it back further out.

Results (same architecture, config-suite-b.h + MBEDTLS_ECDH_LEGACY_CONTEXT +
MBEDTLS_ECP_RESTARTABLE):
library/ssl_cli.o: 2860 -> 2816 (diff: 44)
library/ssl_msg.o: 3080 -> 3076 (diff: 4)
library/ssl_srv.o: 3340 -> 3300 (diff: 40)
library/ssl_tls.o: 6546 -> 6478 (diff: 68)

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-12-08 18:38:51 +01:00
Gilles Peskine
b3ec69dba5 mbedtls_ssl_config: better document former bit-fields 
Ensure that the documentation of fields affected by
"mbedtls_ssl_config: Replace bit-fields by separate bytes"
conveys information that may have been lost by removing the exact size of
the type. Extend the preexisting pattern "do this?" for formerly 1-bit
boolean fields. Indicate the possible values for non-boolean fields.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-12-08 18:32:12 +01:00
Gilles Peskine
41139a2541 mbedtls_ssl_handshake_params: move group_list earlier to save code size 
Placing group_list earlier seems to help significantly, not just as a matter
of placing it in the 128-element (512-byte) access window.

Results (arm-none-eabi-gcc 7.3.1, build_arm_none_eabi_gcc_m0plus build):
library/ssl_cli.o: 19559 -> 19551 (diff: 8)
library/ssl_msg.o: 24690 -> 24674 (diff: 16)
library/ssl_srv.o: 20418 -> 20406 (diff: 12)
library/ssl_tls.o: 20555 -> 20519 (diff: 36)
library/ssl_tls13_client.o: 7244 -> 7240 (diff: 4)
library/ssl_tls13_generic.o: 4693 -> 4697 (diff: -4)

Results (same architecture, config-suite-b.h + MBEDTLS_ECDH_LEGACY_CONTEXT +
MBEDTLS_ECP_RESTARTABLE):
library/ssl_cli.o: 2864 -> 2860 (diff: 4)
library/ssl_tls.o: 6566 -> 6546 (diff: 20)

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-12-08 18:26:55 +01:00
Ronald Cron
1865585eab
Merge pull request #5212 from yuhaoth/pr/add-tls13-compat-testcases 
TLS1.3 MVP:Add tls13 compat, not supported version , certificaterequest and HRR tests
 2021-12-08 14:56:39 +01:00
Gilles Peskine
392113434a
Merge pull request #5263 from ronald-cron-arm/psa-test-driver_3.x 
Forward port to 3.x: Introduce PSA test driver library to test PSA configuration
 2021-12-07 12:52:20 +01:00
Gilles Peskine
45b91c93f1
Merge pull request #5269 from daverodgman/fix-builds-with-only-mbedtls_bignum_c-defined-development 
Fix builds when config.h only defines MBEDTLS_BIGNUM_C
 2021-12-07 12:38:06 +01:00
Dave Rodgman
d7c091060f
Merge pull request #5242 from paul-elliott-arm/explain_TLS13_decision 
TLS1.3: Edit docs to explain not changing curve order.
 2021-12-07 11:01:04 +00:00
Ronald Cron
27d47713c9 tests: psa: Remove MD2, MD4 and ARC4 related code 
MD2, MD4 and ARC4 are not supported anymore in
3.x.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2021-12-07 09:54:36 +01:00
Gilles Peskine
aa1e9857a5 Add changelog entry for build error fixes 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-12-06 20:58:47 +01:00
Dave Rodgman
351c71b7f2 Fix builds when config.h only defines MBEDTLS_BIGNUM_C 
Fixes #4929

Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2021-12-06 17:50:53 +00:00
Jerry Yu
52a6e7ea00 Replace tls1_3 with tls13 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2021-12-06 18:42:47 +08:00
Jerry Yu
2c315a8591 remove unused function 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2021-12-06 18:22:51 +08:00
Jerry Yu
c502dff71c fix TLS1.3 name issue 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2021-12-06 18:22:51 +08:00
Jerry Yu
7918efe99a Refactor to avoid duplicate add_* 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2021-12-06 18:20:43 +08:00
Jerry Yu
882c30da17 Merge CAFILE and Certificate 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2021-12-06 18:20:43 +08:00
Jerry Yu
b4ac8f3c04 fix various issues 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2021-12-06 18:20:43 +08:00
Jerry Yu
dda036d8e0 rename ecdsa_secp*sha* to ecdsa_secp* 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2021-12-06 18:20:43 +08:00
Jerry Yu
7f5e5adfa3 fix pylint fail 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2021-12-06 18:20:43 +08:00
Jerry Yu
55ee769b51 Fix out-of-source build fail 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2021-12-06 18:20:43 +08:00
Jerry Yu
f17a60f147 Add opt-testcases into check list 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2021-12-06 18:20:43 +08:00
Jerry Yu
cdcb683568 Update generate scripts and tls13 test cases 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2021-12-06 18:20:43 +08:00
Jerry Yu
31018adb81 Add tls13 compat tests with bash scripts 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2021-12-06 18:20:43 +08:00
Jerry Yu
c4aa1520a2 tls13_compat_tests:Add generate all option 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2021-12-06 18:20:43 +08:00
Jerry Yu
d64e20de7f fix wrong typo 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2021-12-06 18:20:43 +08:00
Jerry Yu
26fa7dcc4a Remove rsa_pss_rsae_sha256 test from ssl-opt.sh 
It has been covered by tls13 compat tests

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2021-12-06 18:20:43 +08:00
Jerry Yu
29deed4ddb Add rsa_pss_rsae_sha256 into tls13 compat tests 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2021-12-06 18:16:30 +08:00
Jerry Yu
305bfc3dfd Add tls13 compat tests 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2021-12-06 18:16:30 +08:00
Jerry Yu
0f99af8c19 Add keys for tls13 compat tests 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2021-12-06 18:16:30 +08:00
Jerry Yu
8c5559d700 Add HelloRetryRequst tests 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2021-12-06 18:16:30 +08:00
Jerry Yu
936dffd77e Add certificate request check 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2021-12-06 18:16:30 +08:00
Jerry Yu
6eaa41c15e Fix overflow error 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2021-12-06 18:16:30 +08:00
Jerry Yu
8f9d7dbfd0 Add unsupported version check 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2021-12-06 18:16:29 +08:00
Ronald Cron
8c8cea25c7
Merge pull request #5166 from xffbai/code-align 
Align the TLS 1.3 code with coding rules
 2021-12-06 10:54:00 +01:00
Ronald Cron
f467d6306c psa: Fix obsolete code guard 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2021-12-06 07:50:27 +01:00
Ronald Cron
fd25ddbf58 psa: Fix and improve comments 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2021-12-06 07:50:27 +01:00
Ronald Cron
3a8714d5d4 all.sh: psa: Add cipher acceleration test component 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2021-12-06 07:50:27 +01:00
Ronald Cron
b231245ea8 all.sh: psa: Add hash acceleration test component 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2021-12-06 07:50:27 +01:00
Ronald Cron
c9586dbbcf tests: psa: Add dependencies on built-in hash 
Add dependencies on built-in hash of signature/
signature verification and asymmetric
encryption/decryption tests. The dependency is
not added for tests based on SHA-256 as SHA-256
is always present when PSA is involved (necessary
to the PSA core) and that way most of PSA signature
/verification tests are still run when PSA hash
operations are accelerated.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2021-12-06 07:50:27 +01:00
Ronald Cron
4c0ec7651b tests: psa: Refine choice of default hash algorithm for signature 
As PSA signatures rely on built-in hash implementations
(cannot take an advantage of an accelerator for the
time being), chose an available built-in hash for
tests exercising a signature key.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2021-12-06 07:50:27 +01:00
Ronald Cron
403c15cb51 all.sh: psa: Add ECDSA and RSA signature acceleration component 
Add ECDSA and RSA signature acceleration testing
with signature capabilitites removed from the
Mbed TLS library.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2021-12-06 07:50:27 +01:00
Ronald Cron
d4c2c9bf94 psa: Fix some dependencies in config_psa.h 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2021-12-06 07:50:27 +01:00