Jerry Yu
9b421456b0
Revert change in dtls1.2
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-11-19 20:12:35 +08:00
Jerry Yu
668070d5f4
Remove unnecessary replace
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-11-19 20:12:35 +08:00
Jerry Yu
a8d3c5048f
Rename new session ticket name for TLS 1.3
...
NewSessionTicket is different with TLS 1.2.
It should not share same state.
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-11-19 20:12:35 +08:00
Jerry Yu
cfda4bbeac
Replace handshake over in flight transmit
...
Fix deadloop in DTLS resumption test.
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-11-19 20:12:35 +08:00
Jerry Yu
c5826eaba2
Add debug message
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-11-19 20:12:35 +08:00
Jerry Yu
1fb3299ad7
Replace internal usage of is_handshake_over.
...
NEW_SESSION_TICKETS* are processed in handshake_step.
Change the stop condition from `mbedtls_ssl_is_handshake_over`
to directly check.
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-11-19 20:12:34 +08:00
Jerry Yu
5ed73ff6de
Add NEW_SESSION_TICKET* into handshake over states
...
All state list after HANDSHAKE_OVER as is_handshakeover
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-11-19 20:12:34 +08:00
Jerry Yu
6848a61922
Revert "Replace internal usage of mbedtls_ssl_is_handshake_over"
...
This reverts commit 1d3ed2975e7ef0d84050a3aece02eec1f890dec3.
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-11-19 20:12:34 +08:00
Jerry Yu
e219c11b4e
Replace internal usage of mbedtls_ssl_is_handshake_over
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-11-19 20:12:34 +08:00
Jerry Yu
0b61217c36
set new_session_ticket_* to handshake_over
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-11-19 20:12:34 +08:00
Jerry Yu
6969eee5d2
Remove Terminated
message on 22.04
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-11-19 20:12:34 +08:00
Ronald Cron
821d862159
Merge pull request #6624 from xkqian/tls13_disable_early_data_test
...
Skip early data basic check temp
2022-11-18 14:54:22 +01:00
Valerio Setti
61ea17d30a
tls: psa_pake: fix return values in parse functions
...
Ensure they all belong to the MBEDTLS_ERR_SSL_* group
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2022-11-18 12:11:00 +01:00
Xiaokang Qian
4e83173bb7
Skip early data basic check temp
...
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2022-11-18 10:57:46 +00:00
Manuel Pégourié-Gonnard
ba7c006222
Merge pull request #6466 from mprse/driver-only-hash-ci
...
Driver-only hashes: test coverage in the CI
2022-11-18 09:31:13 +01:00
Valerio Setti
aca21b717c
tls: psa_pake: enforce not empty passwords
...
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2022-11-17 18:20:50 +01:00
Valerio Setti
819de86895
tls: removed extra white spaces and other minor fix
...
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2022-11-17 18:05:19 +01:00
Valerio Setti
6b3dab03b5
tls: psa_pake: use a single function for round one and two in key exchange read/write
...
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2022-11-17 17:14:54 +01:00
Valerio Setti
9bed8ec5d8
tls: psa_pake: make round two reading function symmatric to the writing one
...
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2022-11-17 16:36:19 +01:00
Valerio Setti
30ebe11f86
tls: psa_pake: add a check on read size on both rounds
...
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2022-11-17 16:35:02 +01:00
Valerio Setti
a988364767
tls: psa_pake: fix missing new round one parsing function on tls12 server
...
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2022-11-17 16:35:02 +01:00
Valerio Setti
a08b1a40a0
tls: psa_pake: move move key exchange read/write functions to ssl_tls.c
...
Inlined functions might cause the compiled code to have different sizes
depending on the usage and this not acceptable in some cases.
Therefore read/write functions used in the initial key exchange are
moved to a standard C file.
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2022-11-17 16:34:59 +01:00
Paul Elliott
f6e342cae2
Add test for single signature alg with openssl
...
Test supplied by Gilles Peskine. Also rename previous test to fit to
naming pattern.
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2022-11-17 14:58:14 +00:00
Paul Elliott
3b4cedaa71
Add SSL_SRV requirement to test
...
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2022-11-17 14:58:14 +00:00
Andrzej Kurek
ec71b0937f
Introduce a test for single signature algorithm correctness
...
The value of the first sent signature algorithm is overwritten.
This test forces only a single algorithm to be sent and then
validates that the client received such algorithm.
04 03 is the expected value for SECP256R1_SHA256.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-11-17 14:58:14 +00:00
Paul Elliott
96a0fd951f
Fix signature algorithms list entry getting overwritten by length.
...
Fix bug whereby the supported signature algorithm list sent by the
server in the certificate request would not leave enough space for the
length to be written, and thus the first element would get overwritten,
leaving two random bytes in the last entry.
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2022-11-17 14:58:14 +00:00
Przemek Stekiel
369ae0afc3
Zeroize pake password buffer before free
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-11-17 14:14:31 +01:00
Przemek Stekiel
152ae07682
Change password ec j-pake operation fields to more suitable
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-11-17 13:24:36 +01:00
Ronald Cron
d12922a69a
Merge pull request #6486 from xkqian/tls13_add_early_data_indication
...
The merge job of the internal CI ran successfully. This is good to go.
2022-11-17 12:48:50 +01:00
Przemek Stekiel
85c54ea361
Allow providing space sepatated tasks
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-11-17 11:50:23 +01:00
Xiaokang Qian
e9622ac4ba
Remove the fore_tls13 option case from client side
...
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2022-11-17 09:23:32 +00:00
Tom Cosgrove
8c0eb9744c
Must call mbedtls_mpi_mod_modulus_init() before anything else in tests
...
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2022-11-17 08:48:12 +00:00
Przemek Stekiel
542d932352
Fix handling of default value for task argument
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-11-17 09:43:34 +01:00
Przemyslaw Stekiel
1def5becc2
Add psa_get_and_lock_key_slot_with_policy to header file
...
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2022-11-16 16:28:04 +01:00
Przemek Stekiel
7c7954842b
Adapt ec-jpake_setup test
...
Now when operation holds pointer to dynamically allocated buffer for password key we can't do copy of the operation object in test instead we need to re-initialize operation object after error.
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-11-16 16:27:55 +01:00
Tom Cosgrove
0f0b548519
Limit ChangeLog entry to 80 characters
...
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2022-11-16 14:23:51 +00:00
Janos Follath
045158cac3
Merge pull request #6607 from gilles-peskine-arm/negative-zero-from-add-development
...
Fix negative zero from bignum add/subtract
2022-11-16 14:06:16 +00:00
Przemek Stekiel
6419ab5299
Reduce number of skipped suites (after making configs more similar)
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-11-16 14:56:49 +01:00
Przemek Stekiel
52d8e96ff6
Disable PSA_WANT_ALG_STREAM_CIPHER, PSA_WANT_ALG_ECB_NO_PADDING also in reference config
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-11-16 14:56:26 +01:00
Valerio Setti
6f1b5741ae
tls12: psa_pake: simplify EC info parsing in server's 2nd round
...
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2022-11-16 14:50:13 +01:00
Valerio Setti
4a9caaa0c9
tls12: psa_pake: check elliptic curve's TLS ID on handshake
...
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2022-11-16 14:50:10 +01:00
Valerio Setti
fbbc1f3812
tls12: psa_pake: use proper defines for the output size of each step in ECJPAKE
...
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2022-11-16 14:49:52 +01:00
Valerio Setti
02c25b5f83
tls12: psa_pake: use common code for parsing/writing round one and round two data
...
Share a common parsing code for both server and client for parsing
round one and two.
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2022-11-16 13:56:12 +01:00
Przemek Stekiel
f3be7ccade
Keep drivers enabled also in reference build
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-11-16 12:53:20 +01:00
Xiaokang Qian
e7bab00825
Update enabled guards for early data cases
...
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2022-11-16 10:06:50 +00:00
Xiaokang Qian
0cc4320e16
Add EARLY_DATA guard to the early data extension in session ticket
...
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2022-11-16 08:43:50 +00:00
Xiaokang Qian
51c5a8b561
Update ticket flag macros
...
Define the ALLOW_PSK_RESUMPTION and ALLOW_PSK_EPHEMERAL_RESUMPTION
to the key exchange mode EXCHANGE_MODE_PSK and
EXCHANGE_MODE_PSK_EPHEMERAL to facilate later check.
Since they are 1( 1u<<0 ) and 4( 1u<<2 ), so define
ALLOW_EARLY_DATA to 8( 1u<<3 ).
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2022-11-16 08:32:51 +00:00
Xiaokang Qian
f3cefb4f4c
Move early data test cases to tls13-misc.sh
...
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2022-11-16 03:23:46 +00:00
Xiaokang Qian
2dbfedae4a
Update early data test cases with latest code message
...
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2022-11-16 02:01:49 +00:00
Gilles Peskine
298f781948
Use .datax for make test
, not .data
...
Looking for the .data file doesn't work in out-of-tree builds. Use the
.datax file instead. `make clean` removes all .datax files, so this resolves
the issue of executables not present on the current branch being left behind
after a branch change followed by a `make clean`.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-11-15 23:54:26 +01:00