Commit graph

24657 commits

Author SHA1 Message Date
Valerio Setti
6f66664ed6 remove PSA_HAVE_FULL_ECDSA symbol
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-04-11 10:54:22 +02:00
Valerio Setti
48859cc7d8 remove PSA_HAVE_FULL_ECDH symbol
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-04-11 10:50:47 +02:00
Dave Rodgman
22d9ff6d3c
Merge pull request #7353 from xkqian/tls13_fix_code_style
Improve code styles for tls13 related files
2023-04-11 09:18:22 +01:00
Gilles Peskine
5634f87d68
Merge pull request #7418 from xkqian/big_number_ecc_update_comment
Update SEC1 link in ecp.c
2023-04-11 09:34:07 +02:00
Gilles Peskine
7c1c7ce90e
Merge pull request #7401 from AndrzejKurek/md-guards-missing
Add missing md.h includes
2023-04-11 09:32:17 +02:00
Gilles Peskine
02c52a08cd
Merge pull request #7287 from yanrayw/7285-followup-of-PR6500
6500 follow-up: enhancements to the new ssl_helpers test module
2023-04-11 09:31:37 +02:00
Gilles Peskine
c9e8a65d06
Merge pull request #7298 from lpy4105/issue/6840/add-cache-entry-removal-api
ssl_cache: misc improvements
2023-04-11 09:30:40 +02:00
Valerio Setti
7816c24f2d test: fix guards position in test_suite_pk
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-04-11 09:16:24 +02:00
Valerio Setti
b3f20da313 test: fix error handling in the new pk_genkey_ec() function
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-04-11 09:16:24 +02:00
Valerio Setti
12a063abb7 test: use proper macros for PSA init/done
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-04-11 09:16:24 +02:00
Valerio Setti
0b304421d8 ecp: revert changes to ECP module and related tests/programs
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-04-11 09:16:24 +02:00
Valerio Setti
37194b97f8 gen_key: limit EC key generation to when USE_PSA is disabled
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-04-11 09:16:24 +02:00
Valerio Setti
b6891b13f6 pk: add alternate function for keypair generation using PSA
Instead of using the legacy mbedtls_ecp_gen_keypair() which makes
use of ECP's math, when USE_PSA_CRYPTO is enabled then the new
function pk_genkey_ec() is used in test_suite_pk.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-04-11 09:16:24 +02:00
Manuel Pégourié-Gonnard
b16a50eeab
Merge pull request #7392 from valeriosetti/issue7388
PK: use PSA to complete public key when USE_PSA is enabled
2023-04-11 09:09:06 +02:00
Jerry Yu
c9c3e62b3e workaround the assert fail with tollerance
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-04-11 14:08:23 +08:00
Jerry Yu
fce8577f73 try to reproduce random assert fail
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-04-11 14:07:38 +08:00
Pengyu Lv
723ac268e7 ssh_cache: Add back description of other errors for cache getter
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-04-11 09:19:08 +08:00
Xiaokang Qian
49f39c1e91 Fix the wrong debug _message function to _ret
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2023-04-10 08:29:17 +00:00
Xiaokang Qian
09c3cccf97 Update the todo comment of record size limits
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2023-04-10 08:29:17 +00:00
Xiaokang Qian
8bce0e6f5e Update group ext debug message in ssl_tls13_server.c
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2023-04-10 08:29:17 +00:00
Xiaokang Qian
91bb3f0665 Wrap lines in library/ssl_tls13_client.c
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2023-04-10 08:29:17 +00:00
Xiaokang Qian
9f1747bb1f Wrap lines which exceed 80 chars in ssl_tls13_server.c
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2023-04-10 08:29:14 +00:00
Xiaokang Qian
958b6ffe98 Wrap lines which exceed 80 chars in ssl_tls13_client.c
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2023-04-10 08:27:52 +00:00
Xiaokang Qian
7343738695 Wrap lines which exceed 80 chars in ssl_tls13_generic.c
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2023-04-10 08:27:51 +00:00
Xiaokang Qian
123cde824c Improve code styles(line numbers) for tls13_key.c
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2023-04-10 08:27:51 +00:00
Xiaokang Qian
669c7c35f0 Update SEC1 link in ecp.c
Old link doesn't work any more, update it to one
new link to refer version 2

Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2023-04-10 07:36:35 +00:00
Pengyu Lv
e3746d7ce6 ssl_cache: Error renaming and document improvement
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-04-10 14:40:03 +08:00
Valerio Setti
520c0384e7 pkparse: fix return value
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-04-07 11:38:09 +02:00
Valerio Setti
1df94f841b pk: fix return codes' precedence and code style
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-04-07 11:04:32 +02:00
Manuel Pégourié-Gonnard
f740767c00
Merge pull request #7391 from valeriosetti/issue7387
PK: don't use mbedtls_ecp_check_pub_priv() when USE_PSA is enabled
2023-04-07 10:17:18 +02:00
Andrzej Kurek
0af32483f3 Change the format of md.h include comments
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2023-04-07 03:10:28 -04:00
Valerio Setti
9d65f0ef12 pk_wrap: simplify prototype of eckey_check_pair_psa()
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-04-07 08:53:17 +02:00
Valerio Setti
aad6306212 pkparse: fix guards position
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-04-07 08:45:34 +02:00
Valerio Setti
3fddf250dc test: use proper macros for PSA init/done
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-04-07 08:45:34 +02:00
Valerio Setti
4bf73ad83f pkparse: use proper sizing for buffer
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-04-07 08:45:34 +02:00
Valerio Setti
34f6755b34 pkparse: add new function for deriving public key from private using PSA
Instead of using the legacy mbedtls_ecp_mul() function which makes use of
ECP's math, this commit adds a new function named pk_derive_public_key()
which implements the same behavior using PSA functions.
The flow is simple:
- import the private key into PSA
- export its public part

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-04-07 08:45:34 +02:00
Valerio Setti
f286664069 pk_wrap: minor code optimizations
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-04-07 08:37:46 +02:00
Minos Galanakis
0a325b6767 ecp.py: Set test-dependencies as attributes.
This patch enables declaring dependencie as test-class
members. ECP curve functions have been updated
to use the new capability.

Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
2023-04-06 16:33:10 +01:00
Minos Galanakis
92278dc407 test_suite_ecp: Updated dependency macros for ecp_raw_generic.
This patch introduces a new local hash define of
`MBEDTLS_ECP_DP_SECP_GENERIC_ENABLED` to replace the
removed curve specific macros, introduced in upstream.

Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
2023-04-06 16:27:44 +01:00
Minos Galanakis
1358648f77 test_suite_ecp: Introduced ecp_mod_p_generic_raw
This patch replaces similiarly structured test functions
for:

* MBEDTLS_ECP_DP_SECP192R1
* MBEDTLS_ECP_DP_SECP224R1
* MBEDTLS_ECP_DP_SECP256R1
* MBEDTLS_ECP_DP_SECP384R1
* MBEDTLS_ECP_DP_BP512R1R1

with a more generic version, which adjusts the parameters, based on the `curve_id` field,
provided by the testing data.

The python test framework has been updated to provide that extra field.

Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
2023-04-06 16:27:12 +01:00
Dave Rodgman
0b3de6fcec
Merge pull request #7288 from ronald-cron-arm/tls13-server-version-negotiation
TLS: TLS 1.2 / 1.3 version negotiation on server side
2023-04-06 16:26:19 +01:00
Janos Follath
3615be65f8
Merge pull request #7342 from gabor-mezei-arm/6679_prevent_mpi_mod_write_from_corrupting_the_input
Prevent mpi_mod_write from corrupting the input
2023-04-06 15:56:28 +01:00
Janos Follath
44c6694be7
Merge pull request #7351 from gabor-mezei-arm/7109_ecp_fast_reduction_testing
Test unlikely cases of ECC modular reduction
2023-04-06 15:55:19 +01:00
Andrzej Kurek
0e03f4c119 Remove unnecessary include
This is a PSA-based program and psa/crypto.h
is already included.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2023-04-06 07:55:25 -04:00
Ronald Cron
8c1ce223eb tests: ssl: Restore !MBEDTLS_SSL_PROTO_TLS1_3 dependency
Restore the dependency on !MBEDTLS_SSL_PROTO_TLS1_3
of the DTLS fragmentation tests. That way the test
is not run on Windows 2013 (as in development) where
there is an issue with MBEDTLS_PRINTF_SIZET when
running those tests. I will address this issue in a
separate PR.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2023-04-06 13:20:40 +02:00
Ronald Cron
dad02b2bec tls13: srv: Fix comment
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2023-04-06 10:32:05 +02:00
Ronald Cron
fe01ec2d57 tls12: srv: Use sizeof() instead of constant
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2023-04-06 10:32:05 +02:00
Ronald Cron
c564938180 Add downgrade protection mechanism
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2023-04-06 10:32:05 +02:00
Ronald Cron
e45afd760d Use specific pointer to loop over proposed cipher suites
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2023-04-06 10:32:01 +02:00
Ronald Cron
1a353ea4b8 ssl-opt.sh: Improve description of server negotiation tests
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2023-04-06 10:26:18 +02:00