Commit graph

24003 commits

Author SHA1 Message Date
Gilles Peskine
928593f732
Merge pull request #7041 from gilles-peskine-arm/pk_ext-pss_options-public
Make the fields of mbedtls_pk_rsassa_pss_options public
2023-02-10 15:08:06 +01:00
Gilles Peskine
3196ceb2fb
Merge pull request #7052 from yanrayw/7008-compatsh-disable-VERIFY-for-PSK
compat.sh: remove VERIFY and duplicate test cases for PSK
2023-02-10 15:07:27 +01:00
Gilles Peskine
b009559c8f
Merge pull request #7049 from KloolK/typos
Fix typos
2023-02-10 15:07:07 +01:00
Gilles Peskine
b8531c4b0b
Merge pull request #6882 from AndrzejKurek/x509_san_parsing_testing-dev
X.509: Fix bug in SAN parsing and enhance negative testing
2023-02-10 15:05:32 +01:00
Gilles Peskine
91af0f9c0e Minor clarifications
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-02-10 14:31:36 +01:00
Gilles Peskine
ff674d4c6f Typos
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-02-10 14:31:17 +01:00
Dave Rodgman
f691268ee9 Add missing initialisers
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-02-10 12:56:10 +00:00
Demi Marie Obenour
35598adb78 pkcs7: Check that hash algs are in digestAlgorithms
Since only a single hash algorithm is currenlty supported, this avoids
having to perform hashing more than once.

Signed-off-by: Demi Marie Obenour <demiobenour@gmail.com>
2023-02-10 12:56:10 +00:00
Demi Marie Obenour
6cfc469296 pkcs7: reject signatures with internal data
A CMS signature can have internal data, but mbedTLS does not support
verifying such signatures.  Reject them during parsing.

Signed-off-by: Demi Marie Obenour <demiobenour@gmail.com>
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-02-10 12:56:10 +00:00
Demi Marie Obenour
e373a254c4 pkcs7: do not store content type OIDs
They will always be constant.

Signed-off-by: Demi Marie Obenour <demiobenour@gmail.com>
2023-02-10 12:56:10 +00:00
Demi Marie Obenour
55d9df25ef Simple cleanup
No change in behavior.

Signed-off-by: Demi Marie Obenour <demiobenour@gmail.com>
2023-02-10 12:56:10 +00:00
Demi Marie Obenour
4ec8355795 Check for junk after SignedData
There must not be any.

Signed-off-by: Demi Marie Obenour <demiobenour@gmail.com>
2023-02-10 12:56:10 +00:00
Demi Marie Obenour
aaf3c0028d pkcs7: do not store content type OID
Since only one content type (signed data) is supported, storing the
content type just wastes memory.

Signed-off-by: Demi Marie Obenour <demiobenour@gmail.com>
2023-02-10 12:56:10 +00:00
Demi Marie Obenour
512818b1d2 pkcs7: check that content lengths fill whole buffer
Otherwise invalid data could be accepted.

Signed-off-by: Demi Marie Obenour <demiobenour@gmail.com>
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-02-10 12:56:10 +00:00
Dave Rodgman
a22749e749
Merge pull request #6816 from nick-child-ibm/pkcs7_coverage
Pkcs7 coverage
2023-02-10 12:55:29 +00:00
Tom Cosgrove
b96c309395 Don't use lstrlenW() on Windows
The lstrlenW() function isn't available to UWP apps, and isn't necessary, since
when given -1, WideCharToMultiByte() will process the terminating null character
itself (and the length returned by the function includes this character).

Resolves #2994

Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2023-02-10 12:52:13 +00:00
Ronald Cron
834e65d47f
Merge pull request #6499 from xkqian/tls13_write_end_of_early_data
Tls13 write end of early data
2023-02-10 11:08:22 +01:00
Manuel Pégourié-Gonnard
cf1c16af6e
Merge pull request #6925 from gilles-peskine-arm/coding-style-doc
Switch to the new coding style: documentation
2023-02-10 10:05:27 +01:00
Pengyu Lv
b10cf0dd39 adjust help message
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-02-10 11:06:36 +08:00
Pengyu Lv
a4e1eece3d print skipped file names to stdout
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-02-10 10:55:29 +08:00
Dave Rodgman
78c6f40736
Fix code-style
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-02-09 09:21:14 +00:00
Manuel Pégourié-Gonnard
2189fda914 Use TEST_EQUAL in one more place in test_suite_md
The only remaining occurrences of TEST_ASSERT are now pointer comparison,
to NULL or to a reference md_info. That is, the output of the following
command is empty:

    grep TEST_ASSERT tests/suites/test_suite_md.function |
        egrep -v '= NULL|== md_info|md_info =='

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-02-09 09:18:22 +01:00
Manuel Pégourié-Gonnard
a9a1b21ca9 Use ASSERT_COMPARE in test_suite_md
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-02-09 09:15:50 +01:00
Dave Rodgman
4f70b3cdb4
Fix pylint warning
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-02-08 16:40:40 +00:00
Nick Child
14f255f332 pkcs7: Remove unnecessary dependencies
stdio, stdlib and string header files are not
used. Remove them.

Signed-off-by: Nick Child <nick.child@ibm.com>
2023-02-08 15:38:48 +00:00
Nick Child
c7c94df715 pkcs7/test: Format generate test script
Adhere to syntax and format recommendations
from check-python-files.py

Signed-off-by: Nick Child <nick.child@ibm.com>
2023-02-08 15:38:48 +00:00
Valerio Setti
00a6c6fcbe test: fix for using proper sign/verify macros
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-02-08 13:52:31 +01:00
Valerio Setti
40df83509b all.sh: fix comment for test_psa_crypto_config_accel_ecdsa_use_psa
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-02-08 13:52:31 +01:00
Valerio Setti
ce0caa3384 oid: fix comment in #endif
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-02-08 13:52:31 +01:00
Valerio Setti
fcc6933a53 test: fix disparities in x509parse and x509write suites
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-02-08 13:52:31 +01:00
Valerio Setti
b9dc2513c1 test: add SHA1 to the supported algs in accelerated ECDSA
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-02-08 13:52:31 +01:00
Valerio Setti
f972ce8d69 oid: replace ECDSA_C with new macros for ECDSA capabilities
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-02-08 13:52:31 +01:00
Valerio Setti
c8801b7ef1 test: x509: remove disparities in driver only testing for ECDSA
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-02-08 13:52:31 +01:00
Valerio Setti
80d0798ae8 pk_wrap: use new macros for ECDSA capabilities
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-02-08 13:49:17 +01:00
Valerio Setti
683a432a7f fix code style
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-02-08 13:39:10 +01:00
Valerio Setti
a1e3e3a28f test: pk: keep PK_WRITE_C only in RSA tests
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-02-08 13:39:10 +01:00
Valerio Setti
5c032b5e1b pk_wrap: fix comment in ecdsa_verify_wrap
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-02-08 13:39:10 +01:00
Valerio Setti
b761b15f06 fix code style
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-02-08 13:39:10 +01:00
Valerio Setti
d0b83e1fc7 build_info: fix PK's requirements for RSA_C
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-02-08 13:39:10 +01:00
Valerio Setti
1337a4f334 pk_wrap: use specific lengths for EC's private key and key-pair
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-02-08 13:39:10 +01:00
Valerio Setti
5bc52248ef pk_wrap: fix for DETERMINISTIC_ECDSA case in ecdsa_sign_wrap()
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-02-08 13:39:10 +01:00
Gilles Peskine
be9e2a1634 The pk_psa_sign test function needs pk_write
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-02-08 13:39:10 +01:00
Gilles Peskine
8a6022e948 Clean up header inclusions in pk_wrap.c
To better reflect what the code relies on, limit the headers that are
included when MBEDTLS_USE_PSA_CRYPTO is disabled. Also stop including
"pkwrite.h" when it is no longer needed.

Include "mbedlts/platform_util.h" unconditionally. It was only included for
RSA ALT but was also used for MBEDTLS_USE_PSA_CRYPTO (the code worked
because other headers include "mbedtls/platform_util.h").

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-02-08 13:39:10 +01:00
Gilles Peskine
bbccdd485c pk no longer needs pk_write for ECDSA with MBEDTLS_USE_PSA_CRYPTO
The dependency is still useful for RSA, for which PSA encodes keys with an
ASN.1 structure.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-02-08 13:39:10 +01:00
Gilles Peskine
13caa94746 Don't use pk_write in ecdsa_sign_wrap with USE_PSA_CRYPTO
Under MBEDTLS_USE_PSA_CRYPTO, ecdsa_sign_wrap() was calling
mbedtls_pk_write_key_der() to write a private key in SEC1 format, only to
then extract the part that represents the private value which is what
psa_import_key() actually wants. Instead, call an mpi function to directly
get the private key in the desired format.

This slightly reduces the code size and stack usage, and removes a
dependency on pk_write.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-02-08 13:39:10 +01:00
Gilles Peskine
b4a87b07f8 Don't use pk_write in ecdsa_verify_wrap with USE_PSA_CRYPTO
Under MBEDTLS_USE_PSA_CRYPTO, ecdsa_verify_wrap() was calling
mbedtls_pk_write_pubkey() to write a public key in the form of a
subjectPublicKey, only to then extract the part that represents the EC
point which psa_import_key() actually wants. Instead, call an ecp
function to directly get the public key in the desired format (just the
point).

This slightly reduces the code size and stack usage, and removes a
dependency on pk_write.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-02-08 13:39:10 +01:00
Manuel Pégourié-Gonnard
9cb1aa21c4
Merge pull request #6970 from valeriosetti/issue6857
driver-only ECDSA: get testing parity in PK
2023-02-08 13:33:15 +01:00
Gilles Peskine
199ee456b1 Summarize how to improve MBEDTLS_PSA_CRYPTO_CLIENT
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-02-08 12:35:19 +01:00
Gilles Peskine
58e935fc6b add a missing
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-02-08 12:07:12 +01:00
Xiaokang Qian
0de0d863b6 Rebase code to restore reco-delay and fix some style issues
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2023-02-08 07:41:42 +00:00