Commit graph

22388 commits

Author SHA1 Message Date
Jerry Yu
9b421456b0 Revert change in dtls1.2
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-11-19 20:12:35 +08:00
Jerry Yu
668070d5f4 Remove unnecessary replace
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-11-19 20:12:35 +08:00
Jerry Yu
a8d3c5048f Rename new session ticket name for TLS 1.3
NewSessionTicket is different with TLS 1.2.
It should not share same state.

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-11-19 20:12:35 +08:00
Jerry Yu
cfda4bbeac Replace handshake over in flight transmit
Fix deadloop in DTLS resumption test.

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-11-19 20:12:35 +08:00
Jerry Yu
c5826eaba2 Add debug message
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-11-19 20:12:35 +08:00
Jerry Yu
1fb3299ad7 Replace internal usage of is_handshake_over.
NEW_SESSION_TICKETS* are processed in handshake_step.
Change the stop condition from `mbedtls_ssl_is_handshake_over`
to directly check.

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-11-19 20:12:34 +08:00
Jerry Yu
5ed73ff6de Add NEW_SESSION_TICKET* into handshake over states
All state list after HANDSHAKE_OVER as is_handshakeover

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-11-19 20:12:34 +08:00
Jerry Yu
6848a61922 Revert "Replace internal usage of mbedtls_ssl_is_handshake_over"
This reverts commit 1d3ed2975e7ef0d84050a3aece02eec1f890dec3.

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-11-19 20:12:34 +08:00
Jerry Yu
e219c11b4e Replace internal usage of mbedtls_ssl_is_handshake_over
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-11-19 20:12:34 +08:00
Jerry Yu
0b61217c36 set new_session_ticket_* to handshake_over
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-11-19 20:12:34 +08:00
Jerry Yu
6969eee5d2 Remove Terminated message on 22.04
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-11-19 20:12:34 +08:00
Ronald Cron
821d862159
Merge pull request #6624 from xkqian/tls13_disable_early_data_test
Skip early data basic check temp
2022-11-18 14:54:22 +01:00
Valerio Setti
61ea17d30a tls: psa_pake: fix return values in parse functions
Ensure they all belong to the MBEDTLS_ERR_SSL_* group

Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2022-11-18 12:11:00 +01:00
Xiaokang Qian
4e83173bb7 Skip early data basic check temp
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2022-11-18 10:57:46 +00:00
Manuel Pégourié-Gonnard
ba7c006222
Merge pull request #6466 from mprse/driver-only-hash-ci
Driver-only hashes: test coverage in the CI
2022-11-18 09:31:13 +01:00
Valerio Setti
aca21b717c tls: psa_pake: enforce not empty passwords
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2022-11-17 18:20:50 +01:00
Valerio Setti
819de86895 tls: removed extra white spaces and other minor fix
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2022-11-17 18:05:19 +01:00
Valerio Setti
6b3dab03b5 tls: psa_pake: use a single function for round one and two in key exchange read/write
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2022-11-17 17:14:54 +01:00
Valerio Setti
9bed8ec5d8 tls: psa_pake: make round two reading function symmatric to the writing one
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2022-11-17 16:36:19 +01:00
Valerio Setti
30ebe11f86 tls: psa_pake: add a check on read size on both rounds
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2022-11-17 16:35:02 +01:00
Valerio Setti
a988364767 tls: psa_pake: fix missing new round one parsing function on tls12 server
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2022-11-17 16:35:02 +01:00
Valerio Setti
a08b1a40a0 tls: psa_pake: move move key exchange read/write functions to ssl_tls.c
Inlined functions might cause the compiled code to have different sizes
depending on the usage and this not acceptable in some cases.
Therefore read/write functions used in the initial key exchange are
moved to a standard C file.

Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2022-11-17 16:34:59 +01:00
Paul Elliott
f6e342cae2 Add test for single signature alg with openssl
Test supplied by Gilles Peskine. Also rename previous test to fit to
naming pattern.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2022-11-17 14:58:14 +00:00
Paul Elliott
3b4cedaa71 Add SSL_SRV requirement to test
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2022-11-17 14:58:14 +00:00
Andrzej Kurek
ec71b0937f Introduce a test for single signature algorithm correctness
The value of the first sent signature algorithm is overwritten.
This test forces only a single algorithm to be sent and then
validates that the client received such algorithm.
04 03 is the expected value for SECP256R1_SHA256.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-11-17 14:58:14 +00:00
Paul Elliott
96a0fd951f Fix signature algorithms list entry getting overwritten by length.
Fix bug whereby the supported signature algorithm list sent by the
server in the certificate request would not leave enough space for the
length to be written, and thus the first element would get overwritten,
leaving two random bytes in the last entry.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2022-11-17 14:58:14 +00:00
Przemek Stekiel
369ae0afc3 Zeroize pake password buffer before free
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-11-17 14:14:31 +01:00
Przemek Stekiel
152ae07682 Change password ec j-pake operation fields to more suitable
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-11-17 13:24:36 +01:00
Ronald Cron
d12922a69a
Merge pull request #6486 from xkqian/tls13_add_early_data_indication
The merge job of the internal CI ran successfully. This is good to go.
2022-11-17 12:48:50 +01:00
Przemek Stekiel
85c54ea361 Allow providing space sepatated tasks
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-11-17 11:50:23 +01:00
Xiaokang Qian
e9622ac4ba Remove the fore_tls13 option case from client side
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2022-11-17 09:23:32 +00:00
Tom Cosgrove
8c0eb9744c Must call mbedtls_mpi_mod_modulus_init() before anything else in tests
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2022-11-17 08:48:12 +00:00
Przemek Stekiel
542d932352 Fix handling of default value for task argument
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-11-17 09:43:34 +01:00
Przemyslaw Stekiel
1def5becc2 Add psa_get_and_lock_key_slot_with_policy to header file
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2022-11-16 16:28:04 +01:00
Przemek Stekiel
7c7954842b Adapt ec-jpake_setup test
Now when operation holds pointer to dynamically allocated buffer for password key we can't do copy of the operation object in test instead we need to re-initialize operation object after error.

Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-11-16 16:27:55 +01:00
Tom Cosgrove
0f0b548519 Limit ChangeLog entry to 80 characters
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2022-11-16 14:23:51 +00:00
Janos Follath
045158cac3
Merge pull request #6607 from gilles-peskine-arm/negative-zero-from-add-development
Fix negative zero from bignum add/subtract
2022-11-16 14:06:16 +00:00
Przemek Stekiel
6419ab5299 Reduce number of skipped suites (after making configs more similar)
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-11-16 14:56:49 +01:00
Przemek Stekiel
52d8e96ff6 Disable PSA_WANT_ALG_STREAM_CIPHER, PSA_WANT_ALG_ECB_NO_PADDING also in reference config
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>

Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-11-16 14:56:26 +01:00
Valerio Setti
6f1b5741ae tls12: psa_pake: simplify EC info parsing in server's 2nd round
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2022-11-16 14:50:13 +01:00
Valerio Setti
4a9caaa0c9 tls12: psa_pake: check elliptic curve's TLS ID on handshake
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2022-11-16 14:50:10 +01:00
Valerio Setti
fbbc1f3812 tls12: psa_pake: use proper defines for the output size of each step in ECJPAKE
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2022-11-16 14:49:52 +01:00
Valerio Setti
02c25b5f83 tls12: psa_pake: use common code for parsing/writing round one and round two data
Share a common parsing code for both server and client for parsing
round one and two.

Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2022-11-16 13:56:12 +01:00
Przemek Stekiel
f3be7ccade Keep drivers enabled also in reference build
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-11-16 12:53:20 +01:00
Xiaokang Qian
e7bab00825 Update enabled guards for early data cases
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2022-11-16 10:06:50 +00:00
Xiaokang Qian
0cc4320e16 Add EARLY_DATA guard to the early data extension in session ticket
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2022-11-16 08:43:50 +00:00
Xiaokang Qian
51c5a8b561 Update ticket flag macros
Define the ALLOW_PSK_RESUMPTION and ALLOW_PSK_EPHEMERAL_RESUMPTION
to the key exchange mode EXCHANGE_MODE_PSK and
EXCHANGE_MODE_PSK_EPHEMERAL to facilate later check.
Since they are 1( 1u<<0 ) and 4( 1u<<2 ), so define
ALLOW_EARLY_DATA to 8( 1u<<3 ).

Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2022-11-16 08:32:51 +00:00
Xiaokang Qian
f3cefb4f4c Move early data test cases to tls13-misc.sh
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2022-11-16 03:23:46 +00:00
Xiaokang Qian
2dbfedae4a Update early data test cases with latest code message
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2022-11-16 02:01:49 +00:00
Gilles Peskine
298f781948 Use .datax for make test, not .data
Looking for the .data file doesn't work in out-of-tree builds. Use the
.datax file instead. `make clean` removes all .datax files, so this resolves
the issue of executables not present on the current branch being left behind
after a branch change followed by a `make clean`.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-11-15 23:54:26 +01:00