Commit graph

29501 commits

Author SHA1 Message Date
Valerio Setti
fc590dd361 changelog: fix typo
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-02-02 13:46:02 +01:00
Gilles Peskine
d078386287 Smoke tests for mbedtls_pk_get_psa_attributes after parsing
We'll test more fully by adding a call to mbedtls_pk_import_into_psa() once
that function is implemented.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-02-02 13:22:23 +01:00
Gilles Peskine
cb3b4cae0a Fix handling of ECC public keys under MBEDTLS_PK_USE_PSA_EC_DATA
The test code to construct test keys and the implementation had matching
errors: both assumed that there was a PSA public key object. Fix this.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-02-02 13:22:23 +01:00
Valerio Setti
c9dd8611f8 test_suite_psa_crypto_util: add missing new line at the end of file
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-02-02 12:34:06 +01:00
Valerio Setti
684d78fcfa test_suite_rsa: improve key parsing tests for extra data
2 scenarios are taken into account:
- syntactically valid extra data inside the SEQUENCE
- extra data outside the SEQUENCE
A single integer is used as extra data in both cases.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-02-02 12:30:16 +01:00
Valerio Setti
c701cb2835 test_suite_rsa: improve rsa_key_write_incremental()
Output buffer is tested from being 1 single byte up to twice
what it is strictly required to contain the output data.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-02-02 11:10:04 +01:00
Valerio Setti
5922cb9309 pkparse: keep legacy PK error codes when RSA key parsing fails
This helps in reverting the changes to test_suite_x509parse.data
when the RSA key parsing fails.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-02-02 09:21:25 +01:00
Gilles Peskine
591e83d139 Add missing implied usage
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-02-01 21:33:44 +01:00
Gilles Peskine
a1a7b08057 Fix typo in dependency
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-02-01 21:32:29 +01:00
Gilles Peskine
793920c1ff mbedtls_pk_get_psa_attributes: opaque: require specified usage
In the MBEDTLS_PK_OPAQUE, have mbedtls_pk_get_psa_attributes() require the
specified usage to be enabled for the specified key. Otherwise the following
call to mbedtls_pk_import_into_psa() is unlikely to result in a key with a
useful policy, so the call to mbedtls_pk_get_psa_attributes() was probably
an error.

Adjust the existing test cases accordingly and add a few negative test
cases.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-02-01 21:31:27 +01:00
Gilles Peskine
e820975244 Fix comment
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-02-01 21:00:33 +01:00
Gilles Peskine
e45d51f7b5 Clearer variable names
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-02-01 20:53:11 +01:00
Gilles Peskine
e2a77f21ea Use PSA_INIT with test that requires PSA
USE_PSA_INIT is for test code that doesn't use PSA functions when
USE_PSA_CRYPTO is disabled.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-02-01 20:53:04 +01:00
Gilles Peskine
2e54854d16 Copypasta
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-02-01 20:53:04 +01:00
Gilles Peskine
0aad5f8f34 Copypasta
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-02-01 20:53:04 +01:00
Gilles Peskine
ae2668be97 Don't use mbedtls_pk_ec in our own code
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-02-01 20:53:04 +01:00
Gilles Peskine
7e353ba37a Create auxiliary function for repeated code
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-02-01 20:46:19 +01:00
Gilles Peskine
19411635a5 Test enrollment algorithm for the non-OPAQUE case
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-02-01 20:42:28 +01:00
Gilles Peskine
e208b25b79 Minor documentation improvements
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-02-01 20:42:21 +01:00
Ronald Cron
38dbab9f8d tests: ssl: Adjust early data test
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-02-01 20:10:41 +01:00
Ronald Cron
78a38f607c tls13: srv: Do not use early_data_status
Due to the scope reduction for
mbedtls_ssl_read_early_data(), on
server as early data state variable
we now only need a flag in the
handshake context indicating if
the server has accepted early data
or not.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-02-01 20:10:35 +01:00
Ronald Cron
3b9034544e Revert "tls13: Introduce early_data_state SSL context field"
This reverts commit 0883b8b625.
Due to the scope reduction of mbedtls_ssl_read_early_data()
it is not necessary anymore to refine the usage
of early_data_status/state rather the opposite.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-02-01 20:03:57 +01:00
Ronald Cron
164537c4a6 tls13: early data: Improve, add comments
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-02-01 19:52:30 +01:00
Valerio Setti
56cfe2fab6 test_suite_rsa: improve rsa_parse_write_pkcs1_key() and rsa_key_write_incremental()
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-02-01 17:53:26 +01:00
Valerio Setti
5fe9f6699b rsa_internal: update documentation for parse/write functions
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-02-01 17:35:56 +01:00
Valerio Setti
201e643509 rsa: simplify mbedtls_rsa_parse_pubkey() input parameters
In this way mbedtls_rsa_parse_pubkey() and mbedtls_rsa_parse_key()
input parameter list is the same.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-02-01 17:19:37 +01:00
Valerio Setti
135ebde273 rsa: rename parse/write functions in order to follow the standard format
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-02-01 17:00:29 +01:00
Valerio Setti
44ff9506dd rsa: set parse/write functions out of !RSA_ALT guard
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-02-01 16:58:36 +01:00
Ronald Cron
ed7d4bfda5 tls13: srv: Simplify mbedtls_ssl_read_early_data() API
Do not progress the handshake in the API, just
read early data if some has been detected by
a previous call to mbedtls_ssl_handshake(),
mbedtls_ssl_handshake_step(),
mbedtls_ssl_read() or mbedtls_ssl_write().

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-02-01 16:45:07 +01:00
Ronald Cron
44d70a5f23 tls13: early data: Improve documentation
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-02-01 16:45:07 +01:00
Ronald Cron
2c4308958d ssl.h: Fix comments
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-02-01 16:45:07 +01:00
Ronald Cron
0883b8b625 tls13: Introduce early_data_state SSL context field
Introduce early_data_state SSL context field to
distinguish better this internal state from
the status values defined for the
mbedtls_ssl_get_early_data_status() API.
Distinguish also between the client and
server states. Note that the client state
are going to be documented and reworked
as part of the implementation of
mbedtls_ssl_write_early_data().

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-02-01 16:45:04 +01:00
Ronald Cron
7d21cded3f ssl.h: Simplify guard
MBEDTLS_SSL_EARLY_DATA implies
MBEDTLS_SSL_PROTO_TLS1_3 thus
MBEDTLS_SSL_PROTO_TLS1_3 && MBEDTLS_SSL_EARLY_DATA
is equivalent to MBEDTLS_SSL_EARLY_DATA.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-02-01 16:40:48 +01:00
Ronald Cron
7b6ee9482e tls13: srv: Reject early data in case of HRR
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-02-01 16:40:47 +01:00
Jerry Yu
579bd4d46b Update early data test
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-02-01 16:40:47 +01:00
Jerry Yu
192e0f9b1d ssl_server2: Add read early data support
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-02-01 16:40:47 +01:00
Jerry Yu
d9ca354dbd tls13: srv: Add mbedtls_ssl_read_early_data() API
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-02-01 16:40:47 +01:00
Ronald Cron
3a04562ace Update mbedtls_ssl_read_early_data() definition
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-02-01 16:40:47 +01:00
Jerry Yu
032985c351 Add MBEDTLS_ERR_SSL_RECEIVED_EARLY_DATA error code
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-02-01 16:40:47 +01:00
Jerry Yu
6a5904db45 tls13: srv: Move early data size check placeholder
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-02-01 16:40:47 +01:00
Jerry Yu
739a1d4246 tls: Add internal function ssl_read_application_data()
The function will be used by
mbedtls_ssl_read_early_data() as well.

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-02-01 16:40:47 +01:00
Ronald Cron
5d0ae9021f tls13: srv: Refine early data status
The main purpose is to know from the status
if early data can be received of not and
why.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-02-01 16:40:47 +01:00
Ronald Cron
149b0e7ca2 ssl.h: Fix comment
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-02-01 16:40:47 +01:00
Valerio Setti
52ed54b949 psa_crypto_rsa: remove unnecessary casting
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-02-01 16:29:01 +01:00
Valerio Setti
9e520f7ea9 changelog: improve descriptions
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-02-01 15:50:44 +01:00
Valerio Setti
3ecb395fb9 test_suite_psa_crypto_util: fix tests for 0-length and one 0x00 byte for r and s
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-02-01 15:26:24 +01:00
Valerio Setti
2d73baf171 psa_util: convert_der_to_raw_single_int: ensure the input DER integers have valid length
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-02-01 15:25:17 +01:00
Dave Rodgman
ba8e9addd9 Fix test dependencies
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2024-02-01 13:54:46 +00:00
Paul Elliott
0b2835d1fd Fix accidental copy paste mistake
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2024-02-01 13:27:04 +00:00
Ronald Cron
11cc41265b
Merge pull request #8711 from ronald-cron-arm/tls13-ticket-and-early-data-unit-test
Add TLS 1.3 ticket and early data unit tests
2024-02-01 13:15:55 +00:00