Commit graph

21459 commits

Author SHA1 Message Date
Manuel Pégourié-Gonnard
b4e28aa2f7 Fix two typos
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-09-19 11:55:00 +02:00
Manuel Pégourié-Gonnard
1367f40d38 Fix memory corruption in an SSL test function
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-09-19 11:00:23 +02:00
Manuel Pégourié-Gonnard
3c16abebd4 Fix dependencies of KEY_EXCHANGE_ECJPAKE
The EC J-PAKE module the ability to "fall back" to PSA when MD is not
present a few PRs ago, but the dependency of this key exchange on
SHA-256 wasn't updated at the time.

(Note: the crypto primitive doesn't depend on SHA-256, only its use in
the TLS key exchange does.)

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-09-19 10:47:05 +02:00
Manuel Pégourié-Gonnard
73f9233a73 Use full config for testing driver-only hashes
Stating from the default config means a few things are implicitly
excluded; starting from the full config makes it all fully explicit.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-09-19 10:47:05 +02:00
Manuel Pégourié-Gonnard
79e1467799 Fix include path for programs
Same problem as #6101, same fix (the second commit of #6111).

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-09-19 09:27:53 +02:00
Jerry Yu
7a51305478 Add multi-session tickets test
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-09-19 14:26:07 +08:00
Jerry Yu
d4e7500a07 Enable multi session tickets on Server
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-09-19 14:24:03 +08:00
Jerry Yu
1ad7ace6b7 Add conf new session tickets
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-09-19 14:22:21 +08:00
Ronald Cron
be0224aef3
Merge pull request #6167 from yuhaoth/pr/finalize-tls13-session-tickets 2022-09-18 21:18:13 +02:00
Gilles Peskine
ef843f2b0c MBEDTLS_PLATFORM_VSNPRINTF_ALT requires MBEDTLS_PLATFORM_C
mbedtls_vsnprintf replacement works like mbedtls_snprintf replacement, so
copy the requirements for MBEDTLS_PLATFORM_VSNPRINTF_ALT.

(MBEDTLS_PLATFORM_xxx_MACRO shouldn't require MBEDTLS_PLATFORM_C, but that's
a separate preexisting problem which I do not try address at this time.)

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-09-18 14:05:23 +02:00
Gilles Peskine
1716f06ee3
Merge pull request #6093 from wernerlewis/bignum_test_script
Add bignum test case generation script
2022-09-17 10:37:26 +02:00
Andrzej Kurek
7763829c5c Add missing ifdef when calculating operation capacity
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-09-16 12:24:52 -04:00
Werner Lewis
c2fb540c67 Use a script specific description in CLI help
Previous changes used the docstring of the test_generation module,
which does not inform a user about the script.

Signed-off-by: Werner Lewis <werner.lewis@arm.com>
2022-09-16 17:03:54 +01:00
Andrzej Kurek
3c4c514302 Remove PSA_ALG_IS_TLS12_ECJPAKE_TO_PMS
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-09-16 07:24:14 -04:00
Andrzej Kurek
1fafb1f778 Documentation clarifications for ECJPAKE-to-PMS
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-09-16 07:19:49 -04:00
Manuel Pégourié-Gonnard
1be45825ab Remove useless guard around include
Including a header is harmless, so we can include do it unconditionally.

The condition was wrong, should have been USE_PSA || PROTO_TLS1_3. If we
just fixed to condition, then we would need to make sure things like:

    #define MBEDTLS_TLS1_3_MD_MAX_SIZE         PSA_HASH_MAX_SIZE

are also guarded, which is useless (extra defines are harmless) and
annoying, so just remove the condition altogether.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-09-16 13:18:36 +02:00
Andrzej Kurek
2be1689504 Add capacity testing to EC J-PAKE to PMS tests
Let the caller restrict the capacity but limit it to 32 bytes.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-09-16 07:14:04 -04:00
Andrzej Kurek
b093650033 Add proper capacity calculation for EC J-PAKE to PMS KDF
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-09-16 07:13:00 -04:00
Andrzej Kurek
d37850404a Add derivation step testing to EC J-PAKE to PMS tests
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-09-16 06:45:44 -04:00
Andrzej Kurek
702776f7cc Restrict the EC J-PAKE to PMS input type to secret
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-09-16 06:22:44 -04:00
Jerry Yu
ad4d2bb3e1 Exclude pre_shared_key for HRR
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-09-16 18:16:49 +08:00
Manuel Pégourié-Gonnard
138387fc8c Fix some typos, improve wording & formatting
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-09-16 12:03:52 +02:00
Manuel Pégourié-Gonnard
d18c24b166 EC J-PAKE is now implemented in PSA
Quite unrelated to the other commits in this branch, but I happened to
spot it, so I fixed it.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-09-16 12:03:52 +02:00
Manuel Pégourié-Gonnard
c998e43eb4 Add ChangeLog entry about driver-only hashes.
(The first entry will need editing if support for ENTROPY_C is sorted out
before the next release.)

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-09-16 12:03:52 +02:00
Manuel Pégourié-Gonnard
72687b76ca Clarify dependencies in mbedtls_config.h
- One module was missing the warning on psa_crypto_init().
- For modules that are affected by USE_PSA_CRYPTO, it makes more sense
to mention that in the warning.
- Attempt to improve the description of the TLS 1.3 situation.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-09-16 12:03:52 +02:00
Manuel Pégourié-Gonnard
f17f85ef0c Simplify definition of TLS 1.3 MD max size.
Actually this macro is never used in parts that depend on USE_PSA, so
it's always using PSA.

Currently the macro seems a bit redundant, but:
- since it's public we can't remove it;
- and there are plans in the future to make it more precise (actually
the largest hash that matters for TLS 1.3 is SHA-384 now).

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-09-16 12:03:52 +02:00
Manuel Pégourié-Gonnard
e896705c1a Take advantage of legacy_or_psa.h being public
Opportunities for using the macros were spotted using:

    git grep -E -n -A2 'MBEDTLS_(MD|SHA)[0-9]+_C' | egrep 'PSA_WANT_ALG_(MD|SHA)'

then manually filtering the results.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-09-16 12:03:52 +02:00
Manuel Pégourié-Gonnard
07018f97d2 Make legacy_or_psa.h public.
As a public header, it should no longer include common.h, just use
build_info.h which is what we actually need anyway.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-09-16 12:02:48 +02:00
Jerry Yu
6ee726e1ab Replace md translation function
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-09-16 16:32:27 +08:00
Manuel Pégourié-Gonnard
1c341c8bc9
Merge pull request #6284 from daverodgman/contributing
Clarify legal requirements for contributions
2022-09-16 09:01:56 +02:00
Jerry Yu
a5df584d87 fix build fail for test_psa_crypto_config_accel_hash_use_psa
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-09-16 11:28:54 +08:00
Gilles Peskine
a844b4b370 No need to use MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED in tests
Initializing return status variables to CORRUPTION_DETECTED is a second line
of defense in library code in case there's a code path where we forget to
assign to the variable. This isn't useful in test code. In any case, here,
we might as well define the variable at the point of use.

This fixes a build error in configurations with MBEDTLS_ERROR_C and
MBEDTLS_PSA_CRYPTO_C both disabled, because then mbedtls/error.h isn't
included so MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED isn't defined.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-09-15 21:05:04 +02:00
Gilles Peskine
d6355caa8f Include platform.h unconditionally: fixes undefined mbedtls_setbuf
Now that mbedtls/platform.h is included unconditionally, there are no more
configurations where mbedtls_setbuf was accidentally left out of the manual
definitions when MBEDTLS_PLATFORM_C is disabled. Fixes #6118, #6196.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-09-15 20:34:50 +02:00
Gilles Peskine
04e4c19ee3 Document the base state of platform abstraction
It's `#define mbedtls_xxx xxx` unless some option to override `mbedtls_xxx`
is enabled.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-09-15 20:34:50 +02:00
Gilles Peskine
ed1c7f4cd7 Include platform.h unconditionally: gcm
gcm.c had a slightly different pattern for the conditional inclusion of
platform.h which didn't fit the general replacement. Simplify it manually.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-09-15 20:34:50 +02:00
Gilles Peskine
e9b55929dc Remove useless platform macro redefinitions: automatic part
Some source files had code to set mbedtls_xxx aliases when
MBEDTLS_PLATFORM_C is not defined. These aliases are defined unconditionally
by mbedtls/platform.h, so these macro definitions were redundant. Remove
them.

This commit used the following code:
```
perl -i -0777 -pe 's~#if !defined\(MBEDTLS_PLATFORM_C\)\n(#define (mbedtls|MBEDTLS)_.*\n|#include <(stdarg|stddef|stdio|stdlib|string|time)\.h>\n)*#endif.*\n~~mg' $(git grep -l -F '#if !defined(MBEDTLS_PLATFORM_C)')
```

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-09-15 20:34:15 +02:00
Gilles Peskine
a7aa80c058 Include platform.h unconditionally: second automatic part
Some source files included platform.h in a nested conditional. The previous
commit "Include platform.h unconditionally: automatic part" only removed
the outer conditional. This commit removes the inner conditional.

This commit once again replaces most occurrences of conditional inclusion of
platform.h, using the following code:

```
perl -i -0777 -pe 's!#if.*\n#include "mbedtls/platform.h"\n(#else.*\n(#define (mbedtls|MBEDTLS)_.*\n|#include <(stdarg|stddef|stdio|stdlib|string|time)\.h>\n)*)?#endif.*!#include "mbedtls/platform.h"!mg' $(git grep -l '#include "mbedtls/platform.h"')
```

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-09-15 20:34:10 +02:00
Gilles Peskine
945b23c46f Include platform.h unconditionally: automatic part
We used to include platform.h only when MBEDTLS_PLATFORM_C was enabled, and
to define ad hoc replacements for mbedtls_xxx functions on a case-by-case
basis when MBEDTLS_PLATFORM_C was disabled. The only reason for this
complication was to allow building individual source modules without copying
platform.h. This is not something we support or recommend anymore, so get
rid of the complication: include platform.h unconditionally.

There should be no change in behavior since just including the header should
not change the behavior of a program.

This commit replaces most occurrences of conditional inclusion of
platform.h, using the following code:

```
perl -i -0777 -pe 's!#if.*\n#include "mbedtls/platform.h"\n(#else.*\n(#define (mbedtls|MBEDTLS)_.*\n|#include <(stdarg|stddef|stdio|stdlib|string|time)\.h>\n)*)?#endif.*!#include "mbedtls/platform.h"!mg' $(git grep -l '#include "mbedtls/platform.h"')
```

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-09-15 20:33:07 +02:00
Tom Cosgrove
3bd7bc3add Use X rather than A for accumulator-style input (and output!) params, and rename others accordingly
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2022-09-15 15:55:07 +01:00
Tom Cosgrove
5c0e8104bc Prefer 'fixed-size' to 'known-size' in doc comments
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2022-09-15 15:46:10 +01:00
Tom Cosgrove
c71ca0cb3c Remove some unnecessary whitespace (two spaces after commas)
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2022-09-15 15:38:17 +01:00
Tom Cosgrove
dbc156172c Don't bother to test b + a after testing a + b if a == b
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2022-09-15 15:36:23 +01:00
Tom Cosgrove
17f1fdca0f Update comments in mpi_core_add_if() test
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2022-09-15 15:23:56 +01:00
Tom Cosgrove
b7438d1f62 Update name of mbedtls_mpi_montg_init()
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2022-09-15 15:05:59 +01:00
Tom Cosgrove
2701deaa4b Use mbedtls_ct_mpi_uint_mask() rather than rolling our own
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2022-09-15 15:00:07 +01:00
Tom Cosgrove
818d992cc7 Note that T must not overlap other parameters of mbedtls_mpi_core_montmul()
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2022-09-15 14:58:10 +01:00
Tom Cosgrove
359feb0d2f Better wording for the reason why we use an input MPI for a scalar value
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2022-09-15 14:52:34 +01:00
Tom Cosgrove
e2159f2083 Use the MAX() macro
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2022-09-15 14:40:10 +01:00
Tom Cosgrove
be7209db1f Remove unnecessary casts
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2022-09-15 14:32:38 +01:00
Tom Cosgrove
50c477bd6b Use S and sum (rather than X/expected) in mpi_core_add_if()
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2022-09-15 14:28:30 +01:00