Commit graph

1154 commits

Author SHA1 Message Date
Jerry Yu
cebffc3446 change time unit of ticket to milliseconds
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-11-21 09:58:18 +08:00
Manuel Pégourié-Gonnard
752dd39a69
Merge pull request #8508 from valeriosetti/issue6323
[G3] Driver-only cipher+aead: TLS: ssl-opt.sh
2023-11-14 11:39:06 +00:00
Valerio Setti
38e75fb1a7 ssl_server2: remove usage of mbedtls_cipher_info_from_string()
This removes the dependency from cipher module and legacy key/modes
symbols which are used in cipher_wrap.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-11-10 08:27:39 +01:00
Yanray Wang
0751761b49 max_early_data_size: rename configuration function
Rename mbedtls_ssl_tls13_conf_max_early_data_size as
mbedtls_ssl_conf_max_early_data_size since in the future
this may not be specific to TLS 1.3.

Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-11-07 11:49:34 +08:00
Yanray Wang
d5ed36ff24 early data: rename configuration function
Rename mbedtls_ssl_tls13_conf_early_data as
mbedtls_ssl_conf_early_data since in the future this may not be
specific to TLS 1.3.

Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-11-07 11:49:24 +08:00
Gilles Peskine
8b6b41f6cd
Merge pull request #8434 from valeriosetti/issue8407
[G2] Make TLS work without Cipher
2023-11-04 15:05:00 +00:00
Dave Rodgman
16799db69a update headers
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-11-02 19:47:20 +00:00
Valerio Setti
74d48c89fa ssl_server2: small improvement of code readability
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-11-02 16:43:55 +01:00
Paul Elliott
afc6a992c5
Merge pull request #8381 from gilles-peskine-arm/20231017-misc-cleanup
Cleanups in test code
2023-10-30 18:08:01 +00:00
Valerio Setti
dc55470341 ssl_context_info: add guards for CIPHER_C
mbedtls_cipher_info_from_type() is only available when CIPHER_C is
defined. So when it is not we just print the cipher type decimal
value on the output instead of the cipher's name.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-10-30 11:36:32 +01:00
Valerio Setti
bdf04e840a ssl_server2: support ticket_aead only when CIPHER_C is defined
Cipher parsing requires mbedtls_cipher_info_from_string() which
depends on CIPHER_C.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-10-30 11:36:32 +01:00
Gilles Peskine
5d055f8206
Merge pull request #7844 from mpg/ssl-progs-usage
Fix usage & error reporting in SSL programs
2023-10-26 08:19:25 +00:00
Gilles Peskine
a0e810de4b Convey that it's ok for mbedtls_ssl_session_save to fail
mbedtls_ssl_session_save() always outputs the output length, even on error.
Here, we're only calling it to get the needed output length, so it's ok to
ignore the return value. Convey this to linters.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-10-17 16:04:27 +02:00
Thomas Daubney
540324cd21 Correct styling of Mbed TLS in documentation
Several bits of documentation were incorrectly styling Mbed TLS
as MbedTLS.

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
2023-10-06 17:07:24 +01:00
Paul Elliott
fd3360ebf4 Remove unneeded setting of ret from ssl programs
Remove coverity warnings on unused values.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2023-09-15 17:41:25 +01:00
Gilles Peskine
e820c0abc8 Update spelling "mbed TLS" to "Mbed TLS"
The official spelling of the trade mark changed from all-lowercase "mbed"
to normal proper noun capitalization "Mbed" a few years ago. We've been
using the new spelling in new text but still have the old spelling in a
lot of text. This commit updates most occurrences of "mbed TLS":

```
sed -i -e 's/mbed TLS/Mbed TLS/g' $(git ls-files ':!ChangeLog' ':!tests/data_files/**' ':!tests/suites/*.data' ':!programs/x509/*' ':!configs/tfm*')
```

Justification for the omissions:

* `ChangeLog`: historical text.
* `test/data_files/**`, `tests/suites/*.data`, `programs/x509/*`: many
  occurrences are significant names in certificates and such. Changing
  the spelling would invalidate many signatures and tests.
* `configs/tfm*`: this is an imported file. We'll follow the upstream
  updates.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-09-12 19:18:17 +02:00
Gilles Peskine
f745e5b8de Merge remote-tracking branch 'development' into HEAD 2023-08-23 20:35:32 +02:00
Gowtham Suresh Kumar
186731b22a Fix warnings from clang-16
Running clang-16 on mbedtls reports warnings of type "-Wstrict-prototypes".
This patch fixes these warnings by adding void to functions with no
arguments. The generate_test_code.py is modified to insert void into test
functions with no arguments in *.function files.

Signed-off-by: Gowtham Suresh Kumar <gowtham.sureshkumar@arm.com>
2023-07-26 17:11:51 +01:00
Manuel Pégourié-Gonnard
828b3acd6b
Merge pull request #7848 from valeriosetti/issue7749
driver-only ECC: EPCf.TLS testing
2023-07-18 10:33:21 +02:00
Dave Rodgman
91d9daf2b3
Merge pull request #7925 from hasheddan/dtls-server-order
Fix order of steps in DTLS server example program
2023-07-17 09:41:43 +01:00
Daniel Mangum
af2f7a6fcb Fix order of steps in DTLS server example program
Fixes the numbered order of steps in the DTLS server example program.

Signed-off-by: Daniel Mangum <georgedanielmangum@gmail.com>
2023-07-14 12:00:33 -04:00
Valerio Setti
dda0019e2e ssl_test_lib: fix rebase error
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-07-10 10:22:51 +02:00
Valerio Setti
5bdebb2004 ssl_test_lib: fix variable naming for curve group
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-07-10 09:13:57 +02:00
Valerio Setti
fb6356f003 ssl_test_lib: simplify function which prints supported curves
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-07-10 09:13:57 +02:00
Valerio Setti
deb676442d ssl_test_lib: manage FFDH keys the same way as ECC ones
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-07-10 09:13:57 +02:00
Valerio Setti
acd32c005f programs: add helper functions for supported EC curves
- get full list, or
- get TLS ID from name

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-07-10 09:13:57 +02:00
Przemek Stekiel
68e7544de8 parse_groups: curve -> group adaptations
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-07-06 12:16:44 +02:00
Przemek Stekiel
45255e4c71 Adapt names (curves -> groups)
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-07-05 09:26:26 +02:00
Manuel Pégourié-Gonnard
39a0a76fcc SSL programs: improve command-line error reporting
Every now and then, I see of these programs failing with a super-long
usage message that gives no clue as to what went wrong. (Recently it
happened with a test case in ssl-opt.sh with a fairly long command line
that was entirely correct, except some options were not valid in this
config - the test should have been skipped but wasn't due to some other
bug. It took me longer to figure out than it should have, and could have
if the program had simply reported which param was not recognized.)

Also, have an explicit "help" command, separate "help_ciphersuites", and
have default usage message that's not multiple screens long.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-06-27 09:28:24 +02:00
Manuel Pégourié-Gonnard
3eea9a461c SSL programs: allow invoking without arguments
All options have reasonable default so the programs don't need arguments
to do something useful.

It is widely accepted for programs that can work without arguments need
not insist on the user passing arguments, see 'ls', 'wc', 'sort', 'more'
and any number of POSIX utilities that all work without arguments.

It is also the historical behaviour of those programs, and something
relied one by at least a few team members.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-06-26 11:29:35 +02:00
Manuel Pégourié-Gonnard
0b74434e2a SSL programs: group options processing in 1 place
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-06-26 11:28:00 +02:00
Przemek Stekiel
7d42c0d0e5 Code cleanup #2
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-06-13 12:30:40 +02:00
Przemek Stekiel
75a5a9c205 Code cleanup
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-06-13 09:57:23 +02:00
Przemek Stekiel
ff9fcbcace ssl_client2, ssl_server2: code optimization + guards adaptation
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-06-06 12:53:40 +02:00
Przemek Stekiel
da4fba64b8 Further code optimizations
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-06-06 12:31:09 +02:00
Przemek Stekiel
316c19ef93 Adapt guards, dependencies + optimizations
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>

Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-06-06 12:31:09 +02:00
Przemek Stekiel
e7db09bede Move FFDH helper functions and macros to more suitable locations
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-06-06 12:31:08 +02:00
Przemek Stekiel
6d7da5ee1e Add FFDH support in client2, server2 applications
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-06-06 12:31:08 +02:00
Gilles Peskine
97edeb4fb8
Merge pull request #6866 from mprse/extract-key-ids
Extracting SubjectKeyId and AuthorityKeyId in case of x509 V3 extensions v.2
2023-05-08 20:38:29 +02:00
Gilles Peskine
53a9ac576d
Merge pull request #7443 from mprse/psa_init_in_programs
Init PSA in ssl and x509 programs
2023-04-28 12:49:11 +02:00
Przemek Stekiel
94cf710edc Revert increase of MEMORY_HEAP_SIZE in ssl_client2
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-04-24 16:35:40 +02:00
Przemek Stekiel
758aef60c5 Add guards for mbedtls_psa_crypto_free()
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-04-24 08:10:01 +02:00
Przemek Stekiel
a8c560a799 Free psa crypto at the end of programs when initialized
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-04-19 10:15:26 +02:00
Przemek Stekiel
e296868b25 Remove print from mini_client
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-04-17 11:11:01 +02:00
Przemek Stekiel
a0a1c1eab5 Move psa_crypto_init() after other init calls
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-04-17 11:10:05 +02:00
Przemek Stekiel
89c636e6cf Init PSA in ssl and x509 programs
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-04-16 22:41:52 +02:00
Valerio Setti
d49cbc1493 test: fix remaining failures in test due to the ECP_LIGHT symbol
Changes in test_suite_psa_crypto are to enforce the dependency
on ECP_C which is mandatory for some key's derivation.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-04-11 11:33:50 +02:00
Gilles Peskine
c9e8a65d06
Merge pull request #7298 from lpy4105/issue/6840/add-cache-entry-removal-api
ssl_cache: misc improvements
2023-04-11 09:30:40 +02:00
toth92g
27f9e7815c Adding openssl configuration file and command to Makefile to be able to reproduce the certificate for testing Authority and Subject Key Id fields
Increasing heap memory size of SSL_Client2 and SSL_Server2, because the original value is not enough to handle some certificates. The AuthorityKeyId and SubjectKeyId are also parsed now increasing the size of some certificates

Signed-off-by: toth92g <toth92g@gmail.com>
2023-04-04 17:48:27 +02:00
Manuel Pégourié-Gonnard
23fc437037 SSL: fix test failures
1. Change USE_PSA_CRYPTO_INIT/DONE to MD_OR_USE.

2. Add missing occurrences - some of these were already necessary in
principle (in one form or another) but where missing and this was not
detected so far as `psa_hash` doesn't complain in case of a missing
init, but now MD makes it visible.

3. Add missing include in ssl_test_lib.h.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-03-21 16:29:31 +01:00