Commit graph

19683 commits

Author SHA1 Message Date
Hanno Becker
8813c03cb0 Add ChangeLog entry
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2022-04-08 12:16:55 +01:00
Hanno Becker
5e18f74abb Make alert sending function re-entrant
Fixes #1916

Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2022-04-08 12:16:43 +01:00
Jacob Schloss
d8a573b9d9 Fix spelling of 'features' in comment
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2022-04-08 10:23:14 +01:00
Gilles Peskine
e756f642cd Seed the PRNG even if time() isn't available
time() is only needed to seed the PRNG non-deterministically. If it isn't
available, do seed it, but pick a static seed.

Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-04-08 04:46:41 -04:00
Andrzej Kurek
5735369f4a Remove the dependency on MBEDTLS_HAVE_TIME from MBEDTLS_TIMING_C
The timing module might include time.h on its own when on 
a suitable platform, even if MBEDTLS_HAVE_TIME is disabled. 


Co-authored-by: Tom Cosgrove <tom.cosgrove@arm.com>
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-04-08 04:41:42 -04:00
Glenn Strauss
236e17ec26 Introduce mbedtls_ssl_hs_cb_t typedef
Inline func for mbedtls_ssl_conf_cert_cb()

Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
2022-04-07 14:18:30 -04:00
Thomas Daubney
7435d2d08e Renames encrypt setup tests
Similar to the previous commit, this commit removes
the word 'multi-part' from the encrypt setup tests.

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
2022-04-07 15:21:47 +01:00
Gilles Peskine
a91b68564c
Merge pull request #5429 from yuhaoth/pr/fix-parallel-build-fail-of-cmake_out_source
fix parallel build fail of cmake out source
2022-04-07 16:21:43 +02:00
Gilles Peskine
8e5e8d73db
Merge pull request #5686 from AndrzejKurek/off-by-one-ssl-opt
Fix an off-by-one error in ssl-opt.sh
2022-04-07 16:20:55 +02:00
Thomas Daubney
5defdfcc8a Renames decrypt setup tests
The word multi-part is implied and has hence been
removed.

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
2022-04-07 15:17:32 +01:00
Thomas Daubney
6f57be93ec Removes unecessary statement
After other changes had taken place the call to
PSA_ASSERT( psa_get_key_attributes( key, &attributes ) )
was no longer needed.

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
2022-04-07 15:10:34 +01:00
Thomas Daubney
d9c69b7655 Changes PSA initialisation
Commit adds in call to PSA_INIT()

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
2022-04-07 14:57:10 +01:00
Przemek Stekiel
e3ee221893 Free other secret in tls12_prf context
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-04-07 15:41:56 +02:00
Przemek Stekiel
23650286ac Add psa_tls12_prf_set_other_key() function to store other secret input
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-04-07 15:41:46 +02:00
Przemek Stekiel
c4b814a9c2 psa_tls12_prf_key_derivation_state_t: add optional step to set other key
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-04-07 15:01:50 +02:00
Przemek Stekiel
f4e8f01964 psa_tls12_prf_key_derivation_t: add other_secret and other_secret_length fields to handle mixed PSK
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-04-07 15:01:50 +02:00
Przemek Stekiel
37c81c4f05 Extend PSA_ALG_TLS12_PSK_TO_MS alg (add #PSA_KEY_DERIVATION_INPUT_OTHER_SECRET input)
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-04-07 15:01:50 +02:00
Neil Armstrong
c1152e4a0f Handle and return translated PSA errors in mbedtls_pk_wrap_as_opaque()
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-04-07 15:01:24 +02:00
Neil Armstrong
7e1b4a45fa Use PSA_BITS_TO_BYTES instead of open-coded calculation in mbedtls_pk_wrap_as_opaque()
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-04-07 15:01:24 +02:00
Neil Armstrong
b354742371 Update documentation of mbedtls_pk_setup_opaque()
The function now accepts a RSA key pair in addition to an ECC
key pair.

Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-04-07 15:01:24 +02:00
Neil Armstrong
295aeb17e6 Add support for RSA Opaque PK key in mbedtls_pk_write_pubkey_der()
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-04-07 15:01:24 +02:00
Neil Armstrong
b980c9b48c Add support for RSA in pk_opaque_sign_wrap()
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-04-07 15:01:24 +02:00
Neil Armstrong
ca5b55f0d1 Add support for RSA in mbedtls_pk_wrap_as_opaque()
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-04-07 15:01:24 +02:00
Neil Armstrong
67fc036976 Add support for RSA wrap in pk_psa_sign() test
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-04-07 14:51:47 +02:00
Neil Armstrong
5b87ebb601 Prepare pk_psa_sign() test to accept RSA parameters
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-04-07 14:51:47 +02:00
Neil Armstrong
0cd78ddd71 Update test for Opaque PK key
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-04-07 14:51:47 +02:00
Neil Armstrong
eabbf9d907 Add support for RSA PK Opaque key
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-04-07 14:51:47 +02:00
Andrzej Kurek
714b6603e4 Remove dummy timing implementation
Having such implementation might cause issues for those that
expect to have a working implementation.
Having a compile-time error is better in such case.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-04-07 07:44:04 -04:00
Manuel Pégourié-Gonnard
1b05aff3ad
Merge pull request #5624 from superna9999/5312-tls-server-ecdh
TLS ECDH 3b: server-side static ECDH (1.2)
2022-04-07 11:46:25 +02:00
Gilles Peskine
d2d90af7d9 Make mbedtls_ssl_get_bytes_avail tests more independent
Don't depend on the default sizes in the test programs: pass explicit
request and buffer sizes.

Don't depend on MAX_CONTENT_LEN (other than it not being extremely small:
this commit assumes that it will never be less than 101).

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-06 23:39:06 +02:00
Gilles Peskine
99a732bf0c Fix off-by-one in buffer_size usage
The added null byte was accounted for twice, once by taking
opt.buffer_size+1 when allocating the buffer and once by taking opt.buffer-1
when filling the buffer. Make opt.buffer_size the size that is actually
read, it's less confusing that way.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-06 23:34:36 +02:00
Gilles Peskine
8bb96d96cd Fix buffer size calculation
Make sure that buf always has enough room for what it will contain. Before,
this was not the case if the buffer was smaller than the default response,
leading to memory corruption in ssl_server2.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-06 23:31:05 +02:00
Gilles Peskine
c8d242f625 set_maybe_calc_verify: $1 is intended to be auth_mode
Document that this is what it is. Don't allow made-up numerical values.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-06 22:23:45 +02:00
Andrzej Kurek
cb33bc5d0b Change the bit to flip to guarantee failure
For weistrass curves the pair is encoded as 0x04 || x || y.
Flipping one of the bits in the first byte should be a sure failure.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-04-06 11:26:39 -04:00
Andrzej Kurek
39d88d4918 Change the number of expected free key slots
TLS code now uses PSA to generate an ECDH private key.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-04-06 11:26:39 -04:00
Andrzej Kurek
41b7e66e61 Tests: add missing requirements for the raw key agreement test
SECP384R1 is needed for the default loaded
certificate.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-04-06 11:26:39 -04:00
Andrzej Kurek
cc28e9a252 Tests: add missing group termination
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-04-06 11:26:39 -04:00
Andrzej Kurek
65ded569e0 Update raw key agreement test dependencies
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-04-06 11:26:39 -04:00
Andrzej Kurek
b3427823bd Test failing raw_key_agreement in ssl mock tests
Force a bitflip in server key to make the raw key
agreement fail, and then verify that no key slots
are left open at the end. Use a Weierstrass curve
to have a high chance of failure upon encountering
such bitflip.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-04-06 11:24:17 -04:00
Andrzej Kurek
74394a5c39 Add a group_list argument to mocked ssl tests
This will be used to force a group list in certain tests
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-04-06 11:23:34 -04:00
Thomas Daubney
d868d0f7a0 Removes trailing whitespace
Travis found and complained about a trailing whitespace.
This commit removes the error.

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
2022-04-06 15:29:27 +01:00
Thomas Daubney
28428f45c7 Corrects mistake from encrypt setup test
This commit alters an ASSERT_COMPARE statement
at the end of the aead_encrypt_setup test. This is to
correct a mistake introduced by the preceding PR.

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
2022-04-06 14:54:46 +01:00
Thomas Daubney
dbb9754541 Adds changes from first review round
This commit adds the required changes that arose from
the first round of reviewing. The total_input_data argument
has been removed and so the .data file needed to be edited
also.

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
2022-04-06 14:42:10 +01:00
Thomas Daubney
b3e452d5ab Adds insufficient memory test case
Adds test data for the test case where the insufficient
memory error is forced on the driver status.

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
2022-04-06 14:00:49 +01:00
Thomas Daubney
e15bc38e40 Adds fallback test case
Commit adds test data for the case where the
algorithm is not supported by the driver but
the fallback option is available in the library.

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
2022-04-06 14:00:49 +01:00
Thomas Daubney
063c2cd298 Adds positive test case
Commit adds test data for positive test of decrypt
setup test case

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
2022-04-06 14:00:42 +01:00
Thomas Daubney
03c4ba03c1 Adds test for decrypt setup driver dispatch
Commit adds a test for checking driver dispatch
for the M-AEAD decrypt setup function.

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
2022-04-06 13:58:30 +01:00
Manuel Pégourié-Gonnard
fff641a273
Merge pull request #5695 from mprse/tls_1_3_remove_redundant_check
ssl_tls13_generate_and_write_ecdh_key_exchange(): remove redundant check
2022-04-06 09:27:18 +02:00
Hanno Becker
e141702551 Adjust mpi_montmul() to new signature of mpi_mul_hlp()
A previous commit has changed the signature of mpi_mul_hlp, making the length
of the output explicit. This commit adjusts mpi_montmul() accordingly.

It also fixes a comment on the required size of the temporary value
passed to mpi_montmul() (but does not change the call-sites).

Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2022-04-06 06:59:34 +01:00
Hanno Becker
74a11a31cb Adjust mbedtls_mpi_mul_int() to changed signature of mpi_mul_hlp()
A previous commit has changed the signature of mpi_mul_hlp(), making
the length of the output explicit.

This commit adjusts mbedtls_mpi_mul_int() to this change.

Along the way, we make the code simpler and more secure by not calculating
the minimal limb-size of A. A previous comment indicated that this was
functionally necessary because of the implementation of mpi_mul_hlp() --
if it ever was, it isn't anymore.

Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2022-04-06 06:59:34 +01:00