Commit graph

643 commits

Author SHA1 Message Date
Gilles Peskine
97edeb4fb8
Merge pull request #6866 from mprse/extract-key-ids
Extracting SubjectKeyId and AuthorityKeyId in case of x509 V3 extensions v.2
2023-05-08 20:38:29 +02:00
Valerio Setti
d49cbc1493 test: fix remaining failures in test due to the ECP_LIGHT symbol
Changes in test_suite_psa_crypto are to enforce the dependency
on ECP_C which is mandatory for some key's derivation.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-04-11 11:33:50 +02:00
Gilles Peskine
c9e8a65d06
Merge pull request #7298 from lpy4105/issue/6840/add-cache-entry-removal-api
ssl_cache: misc improvements
2023-04-11 09:30:40 +02:00
toth92g
27f9e7815c Adding openssl configuration file and command to Makefile to be able to reproduce the certificate for testing Authority and Subject Key Id fields
Increasing heap memory size of SSL_Client2 and SSL_Server2, because the original value is not enough to handle some certificates. The AuthorityKeyId and SubjectKeyId are also parsed now increasing the size of some certificates

Signed-off-by: toth92g <toth92g@gmail.com>
2023-04-04 17:48:27 +02:00
Manuel Pégourié-Gonnard
bef824d394 SSL: use MD_CAN macros
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-03-21 16:29:31 +01:00
Pengyu Lv
b1895899f1 ssl_cache: Improve some comments
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-03-16 14:33:28 +08:00
Gilles Peskine
2a44ac245f
Merge pull request #7217 from lpy4105/issue/6840/add-cache-entry-removal-api
ssl_cache: Add cache entry removal api
2023-03-15 15:38:06 +01:00
Pengyu Lv
f30488f5cd Move the usage string of cache_remove to USAGE_CACHE
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-03-15 09:53:45 +08:00
Pengyu Lv
753d02ffd4 ssl_server2: Add options to support cache removal
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-03-13 09:28:17 +08:00
Valerio Setti
5ba1d5eb2c programs: use proper macro for ECDSA capabilities in ssl_sever2
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-02-23 08:15:17 +01:00
Dave Rodgman
f31c9e441b
Merge pull request #7019 from tom-cosgrove-arm/dont-use-cast-assignment-in-ssl_server2.c
Don't use cast-assignment in ssl_server.c
2023-02-06 12:13:08 +00:00
Tom Cosgrove
de85725507 Don't use cast-assignment in ssl_server.c
Would have used mbedtls_put_unaligned_uint32(), but alignment.h is in library/.

Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2023-02-03 16:38:05 +00:00
Aditya Deshpande
644a5c0b2b Fix bugs in example programs: change argc == 0 to argc < 2
Signed-off-by: Aditya Deshpande <aditya.deshpande@arm.com>
2023-01-30 16:48:13 +00:00
Pengyu Lv
302feb3955 add cases to test session resumption with different ticket_flags
This commit add test cases to test if the check of kex change mode
in SessionTicket works well.

Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-01-13 11:05:56 +08:00
Gilles Peskine
449bd8303e Switch to the new code style
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-01-11 14:50:10 +01:00
Manuel Pégourié-Gonnard
c98624af3c
Merge pull request #6680 from valeriosetti/issue6599
Allow isolation of EC J-PAKE password when used in TLS
2022-12-14 11:04:33 +01:00
Valerio Setti
d75c5c4405 test: pake: fail in case the opaque key is destroyed unexpectedly
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2022-12-13 11:51:32 +01:00
Valerio Setti
785116a5be test: pake: modify opaque key verification before destruction
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2022-12-12 11:59:25 +01:00
Valerio Setti
eb3f788b03 tls: pake: do not destroy password key in TLS
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2022-12-08 18:42:58 +01:00
Valerio Setti
d5fa0bfb85 test: pake: check psa key validity before destroying it
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2022-12-07 16:02:42 +01:00
Ronald Cron
fbba0e9d75
Merge pull request #6537 from yuhaoth/pr/tls13-refactor-early-data-configuration-interface
TLS 1.3: Refactor early data configuration interface.
2022-12-07 09:42:12 +01:00
Jerry Yu
d146a37d56 Change the definition of max_early_data_size argument.
`conf_max_early_data_size` does not reuse as en/disable. When
call it, we should call `conf_early_data()` also.

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-12-06 14:56:54 +08:00
Jerry Yu
2c93fc1544 Revert "Add reco_debug_level to reduce debug output"
This reverts commit a6934776c9.

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-12-06 11:05:54 +08:00
Jerry Yu
54dfcb7794 fix comments and debug info issues
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-12-05 15:43:09 +08:00
Tom Cosgrove
1797b05602 Fix typos prior to release
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2022-12-04 17:19:59 +00:00
Valerio Setti
d6feb20869 test: pake: allow opaque password only when USE_PSA is enabled
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2022-12-02 14:28:49 +01:00
Jerry Yu
7854a4e019 Add max_early_data_size option for ssl_sever2
- to set max_early_data_set

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-12-01 23:11:48 +08:00
Jerry Yu
a6934776c9 Add reco_debug_level to reduce debug output
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-12-01 23:11:48 +08:00
Valerio Setti
661b9bca75 test: psa_pake: add specific log message for the opaque password
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2022-11-29 17:28:17 +01:00
Valerio Setti
77e8315f5b fix formatting and typos
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2022-11-29 17:28:04 +01:00
Valerio Setti
d572a82df9 tls: psa_pake: add test for opaque password
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2022-11-29 11:30:56 +01:00
Gilles Peskine
fd7aa13671
Merge pull request #6436 from yanrayw/ssl_client2-add-build-version
Add build version to the output of ssl_client2 and ssl_server2
2022-11-10 14:39:38 +01:00
Yanray Wang
eaf46d1291 Add output of build version in ssl_server2
Usage:
- By default, build version is printed out in the beginning of
ssl_server2 application.
- ./ssl_server2 build_version=1 only prints build verison and stop

Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2022-10-28 10:53:50 +08:00
Gilles Peskine
744fd37d23
Merge pull request #6467 from davidhorstmann-arm/fix-unusual-macros-0
Fix unusual macros
2022-10-25 19:55:29 +02:00
David Horstmann
3f44e5b11a Refactor macro-spanning if in ssl_server2.c
Signed-off-by: David Horstmann <david.horstmann@arm.com>
2022-10-24 13:12:19 +01:00
Ronald Cron
73fe8df922 Introduce and use MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED
Introduce and use
MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED to
guard TLS code (both 1.2 and 1.3) specific
to handshakes involving PSKs.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-10-22 14:42:04 +02:00
Ronald Cron
e68ab4f55e Introduce and use MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED
Introduce and use
MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED to
guard TLS code (both TLS 1.2 and 1.3) specific
to handshakes involving certificates.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-10-22 14:42:04 +02:00
Ronald Cron
81378b72e8 programs: ssl: Remove dependency on TLS 1.3 for "sig_algs" option
Signature algorithms can be specified through
the sig_algs option for TLS 1.2 as well.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-10-21 14:40:56 +02:00
Ronald Cron
20a8e63b23 programs: ssl: Fix some mbedtls_ssl_conf_sig_algs() guards
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-10-21 14:36:43 +02:00
Andrzej Kurek
b50754ae86 Switch from x509_CRT_PARSE to KEY_EXCHANGE_WITH_CERT_ENABLED
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-10-19 08:35:09 -04:00
Andrzej Kurek
d0786f5f26 Revert one of the changes to ssl_server2 dependencies
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-10-19 08:35:09 -04:00
Andrzej Kurek
6ee1e20d7f Replace x509_CRT_PARSE_C with KEY_EXCHANGE_WITH_CERT_ENABLED
SSL programs use certificates in an exchange, so it's more natural
to have such dependency instead of just certificate parsing.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-10-19 08:35:09 -04:00
Andrzej Kurek
e38b788b79 Add missing key exchange dependencies
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-10-19 08:35:08 -04:00
Andrzej Kurek
68327748d3 Add missing dependencies
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-10-19 08:35:08 -04:00
Gilles Peskine
8fd3254cfc
Merge pull request #6374 from mprse/enc_types
Test TLS 1.2 builds with each encryption type
2022-10-12 12:45:50 +02:00
Jerry Yu
c79742303d Remove unnecessary empty line and fix format issue
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-10-11 21:22:33 +08:00
Przemek Stekiel
d61a4d3d1a Fix missing guard and double-space
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-10-11 09:40:40 +02:00
Jerry Yu
6916e70521 fix various issues
- adjust guards. Remove duplicate guards and adjust format.
- Return success at function end. Not `ret`
- change input len

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-10-10 21:33:51 +08:00
Przemek Stekiel
68a01a6720 Fix session tickets related build flags in fuzz_server and ssl_server2
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-10-10 13:30:43 +02:00
Jerry Yu
03b8f9d299 Adjust guards for dummy_tickets
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-10-08 14:56:38 +08:00