yuzu-emu/mbedtls
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
23905 commits 1 branch 0 tags 94 MiB
Commit graph

23905 commits

This branch
This branch
All branches
Author SHA1 Message Date
Valerio Setti
d0fffc56c3 analyze_outcomes: add coverage test for ecjpake 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-03-13 16:08:03 +01:00
Valerio Setti
60976169f6 libtestdriver: add EC support when only ECJPAKE is accelarated 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-03-13 16:07:30 +01:00
Valerio Setti
a9c9deccb9 ecjpake: add tests for driver coverage analysis 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-03-13 16:05:49 +01:00
Dave Rodgman
2ba9794adc
Merge pull request #7224 from gilles-peskine-arm/readme-pip 
Improve python and pip instructions
 2023-03-13 13:02:57 +00:00
Dave Rodgman
6c9cea8feb
Merge pull request #7260 from daverodgman/test-macro-cleanup 
Remove duplicate test macros
 2023-03-13 11:34:38 +00:00
Dave Rodgman
756b028511
Merge pull request #7171 from daverodgman/pr5527 
Fix undefined behavior in ssl_read if buf parameter is NULL
 2023-03-13 10:46:29 +00:00
Dave Rodgman
3ef7a6af12
Merge pull request #7269 from daverodgman/pkcs7-no-datetime 2023-03-11 12:57:54 +00:00
Dave Rodgman
f8565b3c2b Add more PKCS #7 tests with expired cert 
Add test which uses an expired cert but is otherwise OK, which
passes if and only if MBEDTLS_HAVE_TIME_DATE is not set.

Add similar test which verifies against a different data file,
which must fail regardless of MBEDTLS_HAVE_TIME_DATE.

Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-03-11 10:26:39 +00:00
Dave Rodgman
2e8442565a Add PKCS #7 test files using expired cert 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-03-11 10:24:30 +00:00
Dave Rodgman
cc77fe8e52 Fix PKCS #7 tests when MBEDTLS_HAVE_TIME_DATE unset 
Ensure that verification of an expired cert still fails, but
update the test to handle the different error code.

Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-03-11 09:46:13 +00:00
Dave Rodgman
9c9601bac5
Merge pull request #7247 from daverodgman/zero-signers 2023-03-10 18:44:11 +00:00
Dave Rodgman
d51b1c5666 Remove duplicate test macros 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-03-10 17:44:08 +00:00
Manuel Pégourié-Gonnard
2301a80a73
Merge pull request #7245 from mpg/driver-only-ecdsa-wrapup 
Driver-only ecdsa wrapup
 2023-03-10 17:23:29 +01:00
Dave Rodgman
ca43e0d0ac Fix test file extension 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-03-10 13:06:01 +00:00
Dave Rodgman
f2f2dbcfd7 Add test case for PKCS7 file with zero signers 
The test file was created by manually modifying
tests/data_files/pkcs7_data_without_cert_signed.der, using
ASN.1 JavaScript decoder  https://lapo.it/asn1js/

Changes made:
The SignerInfos set was truncated to zero length.
All the parent sequences, sets, etc were then adjusted
for their new reduced length.

Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-03-10 12:52:00 +00:00
Manuel Pégourié-Gonnard
c2495f78e6 Add a ChangeLog entry for driver-only ECDSA 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-03-10 12:37:16 +01:00
Manuel Pégourié-Gonnard
439dbc5c60 Fix dependency for TLS 1.3 as well 
Turns out TLS 1.3 is using the PK layer for signature generation &
verification, and the PK layer is influenced by USE_PSA_CRYPTO.

Also update docs/use-psa-crypto.md accordingly.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-03-10 12:37:15 +01:00
Manuel Pégourié-Gonnard
45bcb6aac8 Fix dependencies of 1.2 ECDSA key exchanges 
Having ECDSA in PSA doesn't help if we're not using PSA from TLS 1.2...

Also, move the definition of PSA_HAVE_FULL_ECDSA outside the
MBEDTLS_PSA_CRYPTO_CONFIG guards so that it is available in all cases.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-03-10 12:37:15 +01:00
Dave Rodgman
ac447837d3
Merge pull request #7206 from xkqian/test_memory_management_in_pkcs7 
Test memory management in pkcs7
 2023-03-10 11:29:50 +00:00
Gilles Peskine
a4c6a3c355
Merge pull request #7237 from davidhorstmann-arm/move-getting-started-guide 
Move docs/getting_started.md to docs repo
 2023-03-09 23:31:25 +01:00
Gilles Peskine
4da92832b0
Merge pull request #7117 from valeriosetti/issue6862 
driver-only ECDSA: enable ECDSA-based TLS 1.2 key exchanges
 2023-03-09 20:49:44 +01:00
Gilles Peskine
a25203c5f9
Merge pull request #7208 from paul-elliott-arm/interruptible_sign_hash_new_verify_tests 
Interruptible_{sign|verify}_hash: Add public key verification tests
 2023-03-09 20:48:13 +01:00
Dave Rodgman
bf4016e5d5
Merge pull request #6567 from mprse/ecjpake-driver-dispatch 2023-03-09 19:23:05 +00:00
Dave Rodgman
8657e3280a Add corrupt PKCS #7 test files 
Generated by running "make <filename>" and commiting the result.

Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-03-09 15:59:15 +00:00
Przemek Stekiel
b8eaf635ba Remove MBEDTLS_SHA256_C from PSA_WANT_ALG_JPAKE config and adapt test dependencies 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-03-09 12:14:26 +01:00
David Horstmann
369930dec2 Move docs/getting_started.md to docs repo 
Delete docs/getting_started.md as it has been moved to the dedicated
documentation repo.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2023-03-09 09:52:13 +00:00
Janos Follath
9e1d889766
Merge pull request #7231 from tom-cosgrove-arm/update-changelog-230308 
Update ChangeLog to make "fix" explicit
 2023-03-09 08:47:49 +00:00
Dave Rodgman
5e5aa4a4e6
Merge pull request #7218 from tom-cosgrove-arm/fix-typos-230307 
Fix typos in development prior to release
 2023-03-08 17:19:59 +00:00
Dave Rodgman
51b62ef23d
Merge pull request #7228 from tom-cosgrove-arm/fix-alignment.h-on-32-bit-systems 
Fix mbedtls_bswap64() on 32-bit systems
 2023-03-08 17:19:29 +00:00
Manuel Pégourié-Gonnard
913d9bb921
Merge pull request #7162 from valeriosetti/issue7055 
Legacy MBEDTLS_PK_PARSE_C and MBEDTLS_PK_WRITE_C dependencies in test_suite_psa_crypto
 2023-03-08 17:07:19 +01:00
Valerio Setti
1470ce3eba fix typos 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-03-08 16:50:12 +01:00
Valerio Setti
2f081473b6 test: fix disparities in test_suite_ssl 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-03-08 16:47:28 +01:00
Valerio Setti
75fba32cb3 ssl: use new macros for ECDSA capabilities 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-03-08 16:47:28 +01:00
Valerio Setti
30c4618970 Add new PSA_HAS_FULL_ECDSA macro for easily signal that PSA has full ECDSA support 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-03-08 16:47:28 +01:00
Valerio Setti
f84b7d5c21 test: enable ECDSA based key exchanges in driver coverage tests 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-03-08 16:47:28 +01:00
Tom Cosgrove
b3c6a1e04a Update ChangeLog to make "fix" explicit 
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
 2023-03-08 15:47:00 +00:00
Manuel Pégourié-Gonnard
289e5baa83
Merge pull request #7082 from valeriosetti/issue6861 
driver-only ECDSA: add ssl-opt.sh testing with testing parity
 2023-03-08 16:45:38 +01:00
Tom Cosgrove
bbe166e721 Fix mbedtls_bswap64() on 32-bit systems 
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
 2023-03-08 13:23:24 +00:00
Tom Cosgrove
c15a2b949d Update the text about gcc5 support for Armv8 CE 
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
 2023-03-08 12:55:48 +00:00
Valerio Setti
733de595e3 psa_crypto_rsa: remove PK_WRITE_C in psa_rsa_export_key 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-03-08 11:03:09 +01:00
Valerio Setti
c0e7da55c5 test: removing remaning dependencies of PK_WRITE/PK_PARSE from test_suite_psa_crypto suites 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-03-08 11:03:09 +01:00
Valerio Setti
73a218513b psa_crypto_rsa: add comment/explanation for residual PK_WRITE_C guard 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-03-08 11:03:09 +01:00
Valerio Setti
f9bc5b75f1 test: remove dependencies on PK_WRITE and PK_PARSE from test_suite_psa_crypto suites 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-03-08 11:03:09 +01:00
Valerio Setti
ccfad9ae0e ssl-opt: remove remaining redundant dependencies 
There were some dependencies that are now automatically satisfied by the
detect_required_features() function.

After this check there should be no redundant requirement for:
- requires_pk_alg "ECDSA"
- requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_ECDSA_CERT
- requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-03-08 10:25:05 +01:00
Valerio Setti
3b2c02821e ssl-opt: return to previous debug level in test 
This was a leftover from some debug activity that unfortunately ended up
in previous commits.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-03-08 10:22:29 +01:00
Przemek Stekiel
691e91adac Further pake code optimizations 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-03-08 09:54:00 +01:00
Gilles Peskine
429e90153c Improve pip instructions 
Our build scripts invoke `python3` in preference to `python`, so make the
default instruction use `python3`. On many systems (macOS, some Linux),
`python` invokes Python 2 which our scripts do not support.

Suggest --user by default. It's usually the right thing outside of venvs.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-03-07 20:40:04 +01:00
Gilles Peskine
ed7b5978cd
Merge pull request #6172 from gilles-peskine-arm/doc-tls13-psa_crypto_init 
Document the need to call psa_crypto_init for TLS 1.3
 2023-03-07 20:13:53 +01:00
Gilles Peskine
a2fc399f57
Merge pull request #6829 from AndrzejKurek/unify-psa-errors 
Unify PSA to Mbed TLS error translation
 2023-03-07 19:55:44 +01:00
Gilles Peskine
12e3c8e019
Merge pull request #7168 from mpg/use-md 
Use MD (not low-level hash interface) in X.509 and TLS
 2023-03-07 19:55:12 +01:00