Commit graph

10753 commits

Author SHA1 Message Date
Jaeden Amero
2c8d949833 Merge remote-tracking branch 'origin/pr/2480' into development
* origin/pr/2480: (22 commits)
  Use check_output instead of Popen
  Start unused variable with underscore
  Correct documentation
  Check that the report directory is a directory
  Use namespaces instead of full classes
  Fix pylint issues
  Don't put abi dumps in subfolders
  Add verbose switch to silence all output except the final report
  Fetch the remote crypto branch, rather than cloning it
  Prefix internal functions with underscore
  Add RepoVersion class to make handling of many arguments easier
  Reduce indentation levels
  Improve documentation
  Use optional arguments for setting repositories
  Only build the library
  Add ability to compare submodules from different repositories
  Add handling for cases when not all .so files are present
  Extend functionality to allow setting crypto submodule version
  Simplify logic for checking if report folder can be removed
  Add option for a brief report of problems only
  ...
2019-04-24 11:18:57 +01:00
Jaeden Amero
3956a847e6 Merge remote-tracking branch 'origin/pr/2092' into development
* origin/pr/2092:
  Add more missing parentheses around macro parameters
  Add further missing brackets around macro parameters
  Adapt ChangeLog
  Improve macro hygiene
2019-04-24 11:17:21 +01:00
Jaeden Amero
c69af209f8
Merge pull request #92 from gilles-peskine-arm/psa-api-beta2-merge-development
Merge development into API spec branch
2019-04-18 14:38:34 +01:00
Darryl Green
1ae4886c82 Document the scripts behaviour further 2019-04-18 13:09:25 +01:00
Jaeden Amero
d874a1fd14 Remove zlib
The library no longer uses zlib, so we can remove the option to build
with zlib.
2019-04-18 10:32:56 +01:00
Jaeden Amero
d832f187f7 Remove pkcs11-helper option
In preparation for removing X.509 and PKCS11 from Mbed Crypto, remove
pkcs11-helper. It won't be relevant after X.509 and PKCS11 are removed.
2019-04-18 10:32:56 +01:00
Darryl Green
b2ee0b8782 Use check_output instead of Popen 2019-04-18 09:24:38 +01:00
Gilles Peskine
a780f24cb4 Merge remote-tracking branch 'upstream-crypto/development' into psa-api-beta2-merge-development 2019-04-18 09:48:38 +02:00
Gilles Peskine
2b522db26d fixup! Key derivation by small input steps: proof-of-concept
Simplify the logic inside a few case statements. This removes
unreachable break statements.
2019-04-18 09:42:21 +02:00
Gilles Peskine
22c51517fb Use unsigned int for bitfields
uintN_t is not a standard type for a bitfield, as armcc points out.
2019-04-18 09:42:21 +02:00
Gilles Peskine
ab4b201497 fixup! Key derivation by small input steps: proof-of-concept
Fix logic error that clang helpfully points out
2019-04-18 09:42:21 +02:00
Gilles Peskine
c88644dd24 Remove "TODO" comments
One was obsolete. Reword the other two to avoid the magic word that
our CI rejects.
2019-04-18 09:42:21 +02:00
Gilles Peskine
882e57ecba psa_constant_names: support key agreement algorithms 2019-04-18 09:42:21 +02:00
Gilles Peskine
a52460c3ed Algorithm encoding: move two bits from derivation to agreement
This gives a little more room to encode key agreement algorithms,
while keeping enough space for key derivation algorithms.

This doesn't affect any of the already-defined algorithms.
2019-04-18 09:42:21 +02:00
Gilles Peskine
f8a9d942a5 Test multipart key agreement with ECDH+HKDF
Basic coverage with one algorithm only and a restricted choice of
output lengths.
2019-04-18 09:42:21 +02:00
Gilles Peskine
f0cba73b99 New test function for raw agreement
Change test cases with test data for raw agreement to this new test
function.
2019-04-18 09:42:21 +02:00
Gilles Peskine
f8831c27f3 Remove obsolete test case "ECDH-only public key"
Since the format change for EC public key import from
SubjectPublicKeyInfo to the ECPoint content, it is no longer possible
to import a key with metadata marking it as ECDH-only. This test was
converted systematically but now no longer has any purpose since the
public key is now like any other public key.
2019-04-18 09:42:21 +02:00
Gilles Peskine
77f40d83c1 Quick fix of key agreement setup tests for the new derivation API
Allow either the key derivation step or the key agreement step to
fail.

These tests should be split into three groups: key derivation setup
tests with an algorithm that includes a key agreement step, and
multipart key agreement failure tests, and raw key agreement failure
tests.
2019-04-18 09:42:21 +02:00
Gilles Peskine
04ee2d2295 Update key agreement policy tests for the new derivation API
Separate test functions for raw key agreement and key agreement with
KDF.
2019-04-18 09:42:21 +02:00
Gilles Peskine
2e46e9cf21 Add exercise_key for raw key agreement 2019-04-18 09:42:21 +02:00
Gilles Peskine
0216fe16b7 Implement psa_key_agreement_raw_shared_secret
Refactor: split psa_key_agreement_raw_internal out of
psa_key_agreement_internal, and call it from
psa_key_agreement_raw_shared_secret as well.
2019-04-18 09:42:21 +02:00
Jaeden Amero
117b8a4516 all.sh: Require i686-w64-mingw32-gcc version >= 6
Require mingw gcc version 6 or greater in order to ensure
BCryptGenRandom() is available.
2019-04-17 15:23:17 +01:00
Jaeden Amero
521dbc67da Merge remote-tracking branch 'tls/development' into development
Merge Mbed TLS at f790a6cbee into Mbed Crypto.

Resolve conflicts by performing the following:
    - Reject changes to README.md
    - Don't add crypto as a submodule
    - Remove test/ssl_cert_test from programs/Makefile
    - Add cipher.nist_kw test to tests/CMakeLists.txt
    - Reject removal of crypto-specific all.sh tests
    - Reject update to SSL-specific portion of component_test_valgrind
      in all.sh
    - Reject addition of ssl-opt.sh testing to component_test_m32_o1 in
      all.sh

* tls/development: (87 commits)
  Call mbedtls_cipher_free() to reset a cipher context
  Don't call mbedtls_cipher_setkey twice
  Update crypto submodule
  Minor fixes in get certificate policies oid test
  Add certificate policy oid x509 extension
  cpp_dummy_build: Add missing header psa_util.h
  Clarify comment mangled by an earlier refactoring
  Add an "out-of-box" component
  Run ssl-opt.sh on 32-bit runtime
  Don't use debug level 1 for informational messages
  Skip uncritical unsupported extensions
  Give credit to OSS-Fuzz for #2404
  all.sh: remove component_test_new_ecdh_context
  Remove crypto-only related components from all.sh
  Remove ssl_cert_test sample app
  Make CRT callback tests more robust
  Rename constant in client2.c
  Document and test flags in x509_verify
  Fix style issues and a typo
  Fix a rebase error
  ...
2019-04-17 12:12:24 +01:00
Jaeden Amero
f790a6cbee Merge remote-tracking branch 'origin/pr/2536' into development
* origin/pr/2536:
  Update crypto submodule
  Minor fixes in get certificate policies oid test
  Add certificate policy oid x509 extension
2019-04-17 10:52:54 +01:00
Jaeden Amero
5c7915b0ed Merge remote-tracking branch 'origin/pr/2582' into development
* origin/pr/2582:
  Call mbedtls_cipher_free() to reset a cipher context
  Don't call mbedtls_cipher_setkey twice
2019-04-17 10:46:45 +01:00
Jaeden Amero
ceb1370662 Merge remote-tracking branch 'origin/pr/2580' into development
* origin/pr/2580:
  cpp_dummy_build: Add missing header psa_util.h
2019-04-16 15:11:32 +01:00
Jaeden Amero
c41a3285de Merge remote-tracking branch 'origin/pr/2559' into development
* origin/pr/2559:
  Clarify comment mangled by an earlier refactoring
  Add an "out-of-box" component
  Run ssl-opt.sh on 32-bit runtime
2019-04-16 15:09:42 +01:00
Jaeden Amero
7a1c4eb826 Merge remote-tracking branch 'origin/pr/2567' into development
* origin/pr/2567:
  Don't use debug level 1 for informational messages
2019-04-16 15:08:39 +01:00
Jaeden Amero
d4d20adea9 Merge remote-tracking branch 'origin/pr/2555' into development
* origin/pr/2555:
  Give credit to OSS-Fuzz for #2404
2019-04-16 15:07:44 +01:00
Jaeden Amero
ef42847dee Merge remote-tracking branch 'origin/pr/2552' into development
* origin/pr/2552:
  Remove ssl_cert_test sample app
2019-04-16 15:06:45 +01:00
Gilles Peskine
424840e033 Call mbedtls_cipher_free() to reset a cipher context
mbedtls_cipher_reset() only restarts the operation, it doesn't
dissociate the key from the context.
2019-04-16 16:06:34 +02:00
Jaeden Amero
fe7106755e Merge remote-tracking branch 'origin/pr/2539' into development
Resolve conflicts by performing the following:
  - Ensure calls to mbedtls_x509_crt_verify_* are made with callbacks

* origin/pr/2539:
  Make CRT callback tests more robust
  Rename constant in client2.c
  Fix typo
  Add test for configuration specific CRT callback
  Fix doxygen documentation of mbedtls_ssl_set_verify()
  Add test exercising context-specific CRT callback to ssl-opt.sh
  Add cmd to use context-specific CRT callback in ssl_client2
  Implement context-specific verification callbacks
  Add context-specific CRT verification callbacks
  Improve documentation of mbedtls_ssl_conf_verify()
2019-04-16 15:05:18 +01:00
Jaeden Amero
ff34d43720 Merge remote-tracking branch 'origin/pr/2532' into development
* origin/pr/2532: (29 commits)
  Document and test flags in x509_verify
  Fix style issues and a typo
  Fix name to function call
  Address comments for x509 tests
  Address review comments regarding ssl_client2 and ssl tests
  Remove mbedtls_ from the static function name
  Change docs according to review comments
  Change the verify function naming
  Fix ssl_client2 and ssl_server2 if !PLATFORM_C
  Correct placement of usage macro in ssl_client2
  Update version_features.c
  Remove trailing whitespace in test_suite_x509parse.function
  Update query_config.c
  Add ssl-opt.sh tests for trusted CA callbacks
  Only run X.509 CRT verification tests with CA callback tests if !CRL
  Minor fixes to CA callback tests
  Declare CA callback type even if feature is disabled
  Implement X.509 CRT verification using CA callback
  Add prototype for CRT verification with static and dynamic CA list
  Make use of CA callback if present when verifying peer CRT chain
  ...
2019-04-16 14:42:11 +01:00
Jaeden Amero
24c71d3a5c Merge remote-tracking branch 'origin/pr/2502' into development
* origin/pr/2502:
  all.sh: remove component_test_new_ecdh_context
  Remove crypto-only related components from all.sh
2019-04-16 14:41:20 +01:00
Jaeden Amero
137c5b7297 Merge remote-tracking branch 'origin/pr/2477' into development
* origin/pr/2477:
  Fix typo in data_file generator code
2019-04-16 14:38:58 +01:00
Jaeden Amero
bc195a99c7 Merge remote-tracking branch 'origin/pr/2474' into development
* origin/pr/2474:
  Fix the proxy seed in Travis runs
2019-04-16 14:37:15 +01:00
Gilles Peskine
139ec3b913 Don't call mbedtls_cipher_setkey twice
The documentation doesn't explicitly say whether it's allowed or not.
This currently works with the default software implementation, but
only by accident. It isn't guaranteed to work with new ciphers or with
alternative implementations of individual ciphers, and it doesn't work
with the PSA wrappers. So don't do it.
2019-04-16 15:25:20 +02:00
Ron Eldor
3b4f9eac44 Update crypto submodule
Update crypto submodule to latest commit
2019-04-16 13:31:27 +03:00
Ron Eldor
685a398a6b Minor fixes in get certificate policies oid test
1. Remove irrelevant  dependency on `MBEDTLS_ASN1_WRITE_C`.
2. Remove whitespace between `*` and parameter.
2019-04-16 13:26:54 +03:00
Ron Eldor
e82341646a Add certificate policy oid x509 extension
Add the `MBEDTLS_OID_X509_EXT_CERTIFICATE_POLICIES` to the list
of supported x509 extensions, in `mbedtls_oid_get_x509_ext_type()`.
2019-04-16 13:26:54 +03:00
Jaeden Amero
e6d5a501ba Merge remote-tracking branch 'origin/pr/2558' into development
* origin/pr/2558:
  Skip uncritical unsupported extensions
2019-04-15 13:13:26 +01:00
Jaeden Amero
125a1e980e
Merge pull request #90 from dgreen-arm/fix-its-file-on-windows
Use Windows-specific renaming function
2019-04-15 10:23:19 +01:00
Peter Kolbus
2ae29ba444 cpp_dummy_build: Add missing header psa_util.h
Add missing header to fix #2579.

Change-Id: I038166b826534bac853be34a0281384e26675187
2019-04-14 15:55:20 -05:00
Andrzej Kurek
021dc3f226 generate_visualc_files.pl: add mbedtls source shadowing by crypto
Running the generation script with "include_crypto" input parameter set to 1
makes the mbedtls sources being overshadowed by crypto sources. 
In case of any duplicate sources, crypto ones take precedence.
2019-04-12 10:51:27 -04:00
Andrzej Kurek
463f049ef0 generate_errors.pl: refactor and simplify the code 2019-04-12 10:35:01 -04:00
Darryl Green
f025d5395e Start unused variable with underscore 2019-04-12 15:18:02 +01:00
Darryl Green
f67e349863 Correct documentation 2019-04-12 15:17:02 +01:00
Andrzej Kurek
e90205f9e6 generate_errors.pl: typo fix 2019-04-12 09:49:30 -04:00
Andrzej Kurek
9b11af42e2 revert changes to generate_features.pl and generate_query_config.pl
These script should depend solely on the external, mbedtls config
2019-04-12 09:43:04 -04:00
Gilles Peskine
f9ee633d33 Fix confusion between HMAC algorithm and the corresponding hash 2019-04-11 21:22:52 +02:00