Commit graph

28643 commits

Author SHA1 Message Date
Xiaokang Qian
dd8a7f8acf Revert the early data test case
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2023-12-07 03:58:05 +00:00
Xiaokang Qian
2a8035b495 Add read early data code
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2023-12-07 03:54:40 +00:00
Xiaokang Qian
57db590586 Rework to revert the early_data enabled flag
We have two options for early data.
early_data to indicate early data enable or not.
early_data_file to provide path file to read early data from

Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2023-12-07 03:29:22 +00:00
Pengyu Lv
3cd16c47bd Add analyze_driver_vs_reference_rsa for analyze_outcomes
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-12-07 10:24:29 +08:00
Pengyu Lv
9e976f3649 Conditionally check the attribute of generated RSA key
`psa_get_key_attributes` depends on some built-in
implementation of RSA. Guard the check with coresponding
macros.

Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-12-07 10:22:35 +08:00
Pengyu Lv
f1cacad870 Correctly use asymmetric encrypt/decrypt driver
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-12-07 10:22:35 +08:00
Pengyu Lv
e705f572f9 Add components to test crypto_full w/wo accelerated RSA
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-12-07 10:22:03 +08:00
Gilles Peskine
f3ccfddb45
Merge pull request #8615 from davidhorstmann-arm/fix-cast-potential-overflow
Fix possible integer overflows
2023-12-07 00:42:10 +00:00
Dave Rodgman
779819a4dd
Merge pull request #8613 from bensze01/valgrind-only-in-nightlies
Do not run Valgrind tests in PR jobs
2023-12-06 19:18:24 +00:00
Gilles Peskine
42d78c73b7
Merge pull request #8550 from gabor-mezei-arm/tf_psa_crypto_change_log_support
Modify changelog assembly to work with tf-psa-crypto
2023-12-06 18:25:49 +00:00
Gilles Peskine
57e401b39f
Merge pull request #8521 from valeriosetti/issue8441
[G4] Make CTR-DRBG fall back on PSA when AES not built in
2023-12-06 18:25:44 +00:00
David Horstmann
4749007f64 Fix possible integer overflows before widening
When calculating a result to go into an mbedtls_ms_time_t, make sure
that arithmetic is performed at the final size to prevent overflow.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
2023-12-06 17:22:53 +00:00
Valerio Setti
202bb71dcd ssl_tls12_server: do not export/import opaque keys
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-12-06 17:05:24 +01:00
Bence Szépkúti
0354d04d3c Do not run Valgrind tests in PR jobs
Co-authored-by: Dave Rodgman <dave.rodgman@arm.com>
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2023-12-06 16:14:37 +01:00
Valerio Setti
acd7bafcbb driver-only-build: update AEADs section
Note: this section shouldn't actually be updated in #8357, but
rather in #8358 which is the wrapup related to cipher and AEADs
accelaration. As a consequence we start the AEAD section with
a disclaimer explaining that the information written there will
be updated soon by a follow up PR.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-12-06 15:17:12 +01:00
Manuel Pégourié-Gonnard
d9c69d12ac
Merge pull request #8513 from mschulz-at-hilscher/feature/explicitly-accessing-private-fields-in-benchmark
Explicitly accessing private fields in benchmark
2023-12-06 11:06:32 +00:00
Manuel Pégourié-Gonnard
ad4f0ada37
Merge pull request #8514 from mschulz-at-hilscher/fixes/uninitialized-variable-in-ssl_msg
Fix uninitialized variable warnings in ssl_msg.c
2023-12-06 11:06:03 +00:00
Valerio Setti
1e3fcc5692 config-tfm: fix typo in comment
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-12-06 11:56:08 +01:00
Valerio Setti
69402fd6a2 changelog: fix typos and working
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-12-06 11:32:10 +01:00
Xiaokang Qian
ae952174a7 Enable early data depend on whether the early data file exist
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2023-12-06 10:27:27 +00:00
Jerry Yu
750e06743f remove misbehavior tests and code
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-12-06 18:22:15 +08:00
Jerry Yu
95648b0134 Some minor improvement
- move early data check to `prepare`
- avoid `((void) output_len)
- replace check with `session_ticket_allow`  in 2nd place

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-12-06 18:21:16 +08:00
Jerry Yu
c59c586ac4 change prototype of write_early_data_ext
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-12-06 18:21:15 +08:00
Jerry Yu
163e12f7ff remove assignment for session->max_early_data_size
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-12-06 18:21:09 +08:00
Jerry Yu
ebe1de62f9 fix various issue
- rename connection time variable
- remove unnecessary comments

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-12-06 18:20:25 +08:00
Jerry Yu
9e7f9bc253 Add missing debug message
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-12-06 18:20:22 +08:00
Jerry Yu
db97163ac7 add ticket max_early_data_size check
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-12-06 18:20:13 +08:00
Jerry Yu
5233539d9f share write_early_data_ext function
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-12-06 18:18:50 +08:00
Jerry Yu
0069abc141 improve comments of new session ticket
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-12-06 18:18:46 +08:00
Jerry Yu
1a160703f8 set max_early_data_size of ticket to keep consistent
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-12-06 18:18:43 +08:00
Jerry Yu
f135bac89c Add max_early_data_size check
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-12-06 18:18:39 +08:00
Jerry Yu
930ce4cfac Revert "change max_early_data_size source"
This reverts commit 3d8d6a770f3a0f3045820970bc4a5d6ee7df8e10.

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-12-06 18:18:36 +08:00
Jerry Yu
2f5d93b1c9 Revert "set init value for max_early_data_size in session"
This reverts commit 8b02d75ed1af883e135979d24e38c0847e66fede.

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-12-06 18:18:33 +08:00
Jerry Yu
d450fd25ae change max_early_data_size source
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-12-06 18:18:31 +08:00
Jerry Yu
525990fb62 set init value for max_early_data_size in session
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-12-06 18:18:28 +08:00
Jerry Yu
db6fda71e5 improve early data comments
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-12-06 18:17:51 +08:00
Jerry Yu
10795a0c3b replace ticket permission set
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-12-06 18:17:48 +08:00
Jerry Yu
c2b1bc4fb6 replace early data permission check
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-12-06 18:17:46 +08:00
Jerry Yu
4da7c22cd6 add early data flag check function
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-12-06 18:17:44 +08:00
Jerry Yu
ea96ac3da9 fix various issues
- get ticket_flags with function.
- improve output message and check it.
- improve `ssl_server2` help message

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-12-06 18:17:37 +08:00
Jerry Yu
3db60dfe5e rename nst early data write function
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-12-06 18:16:56 +08:00
Jerry Yu
391c943340 Add tests for ticket early data permission bit
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-12-06 18:16:48 +08:00
Jerry Yu
3c2b21ed0e Enable multi max_early_data_size value for connections
For test purpose, we set different value for each
session

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-12-06 18:14:56 +08:00
Jerry Yu
fceddb310e Add early data permission check
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-12-06 18:14:54 +08:00
Jerry Yu
01da35e2c8 add early data extension of NST
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-12-06 18:14:52 +08:00
Valerio Setti
bced8bc8d7 ssl_tls12_server: export/import PK parsed key in TLS side
Instead of setting both algorithm and enrollement algorithm in the
PK module when parsing the key:

- for Weierstrass keys we only set ECDSA algorithm,
- for Montgomery keys we don't set any algorithm.

Reasons:
- PK module can only do ECDSA and not ECDH
- ECDH is only used in TLS
- Montgomery keys cannot be used to do ECDSA, while Weierstrass ones
  can do both ECDSA and ECDH.

So the idea is that once TLS needs the key to do ECDH (either Weierstrass
and Montgomery), it exports the one parsed from the PK module and then
re-imports it setting proper algorithm and flags. In this way the TLS
module will own the new key so it will be its duty to clear it on
exit.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-12-06 10:40:47 +01:00
Xiaokang Qian
611c717c02 Sync the early_data option with internal parameters in ssl_client2
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2023-12-06 09:24:58 +00:00
Valerio Setti
fbbafa0d2d pkparse: do not set key algorithm for Montgomery keys in pk_ecc_set_key()
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-12-06 10:07:34 +01:00
Xiaokang Qian
f8fe11d14d Remove the generic file read functions and simply the early data read
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2023-12-06 07:40:50 +00:00
Ronald Cron
40f3f1c36f
Merge pull request #7058 from yuhaoth/pr/tls13-early-data-parsing-0-rtt-data
TLS 1.3 EarlyData SRV: Parsing 0-RTT data
2023-12-06 06:47:32 +00:00