Werner Lewis
383461c92f
Separate CMake targets for bignum and PSA
...
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
2022-08-24 15:07:55 +01:00
Tom Cosgrove
20c1137350
Fix coding style
...
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
Co-authored-by: Dave Rodgman <dave.rodgman@arm.com>
2022-08-24 15:06:13 +01:00
Dave Rodgman
5a28142410
Merge pull request #6189 from Kxuan/fix-ctr_drbg-uninit
...
ctr_drbg: fix free uninitialized aes context
2022-08-24 14:58:44 +01:00
Jerry Yu
2185c0f2e9
add force ciphersuite tls-aes-256-gcm-sha384 test
...
PSK hash alg of server is sha256. If client send only
tls-aes-256-gcm-384, there is no valid ciphersuite
available, handshake should be abort.
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-08-23 22:01:58 +08:00
Jerry Yu
f35ba384ff
Add select ciphersuite entry function
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-08-23 22:01:58 +08:00
Jerry Yu
dd1bef788e
Add ciphersuite_info check
...
return null if no valid ciphersuite info
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-08-23 17:57:02 +08:00
Jerry Yu
29d9faa468
fix various issues.
...
- comments issues
- code format style issues
- naming improvement.
- error return improvements
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-08-23 17:53:43 +08:00
Andrzej Kurek
32bd063773
test_suite_ssl: Add minimal handshake requirements
...
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-08-23 05:42:44 -04:00
Andrzej Kurek
299b1d6c93
Remove unnecessary psa/crypto.h
include
...
This is now included in `legacy_or_psa.h`.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-08-23 05:42:33 -04:00
Andrzej Kurek
cccb044804
Style & formatting fixes
...
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-08-23 05:26:02 -04:00
Janos Follath
645ff5b8ff
Merge pull request #6095 from gabor-mezei-arm/6016_add_new_modulus_and_residue_structures
...
Add the new modulus and the residue structures with low level I/O operations
2022-08-23 09:02:43 +01:00
Jerry Yu
66f35f2402
fix wrong requires setting
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-08-23 15:33:37 +08:00
Andrzej Kurek
e02da81086
Update TLS1.2 dependencies description in mbedtls_config.h
...
It is possible to use it without MBEDTLS_SHAXXX defines and USE_PSA_CRYPTO
instead.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-08-22 17:46:50 -04:00
Andrzej Kurek
21b6870301
test_suite_ssl: remove unnecessary usage of mbedtls_md_get_size
...
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-08-22 17:46:50 -04:00
Andrzej Kurek
180b6b9608
Enable TLS 1.2 tests without MD and with USE_PSA in all.sh
...
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-08-22 17:46:50 -04:00
Andrzej Kurek
7e16ce3a72
Clarify TLS 1.2 dependencies with and without PSA crypto
...
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-08-22 17:46:50 -04:00
Andrzej Kurek
8c95ac4500
Add missing dependencies / alternatives
...
A number of places lacked the necessary dependencies on one of
the used features: MD, key exchange with certificate,
entropy, or ETM.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-08-22 17:46:50 -04:00
Andrzej Kurek
7bb8bab457
Update SHA and MD5 dependencies in the SSL tests
...
The same elements are now also used when MBEDTLS_USE_PSA_CRYPTO
is defined and respective SHA / MD5 defines are missing.
A new set of macros added in #6065 is used to reflect these dependencies.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-08-22 17:46:50 -04:00
Andrzej Kurek
25f271557b
Update SHA and MD5 dependencies in the SSL module
...
The same elements are now also used when MBEDTLS_USE_PSA_CRYPTO
is defined and respective SHA / MD5 defines are missing.
A new set of macros added in #6065 is used to reflect these dependencies.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-08-22 17:46:50 -04:00
Andrzej Kurek
635c2c2be5
test_suite_ssl: replace CTR_DRBG with a fake rng source
...
This way there are less dependencies in the SSL test suite.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-08-22 17:46:50 -04:00
Andrzej Kurek
0ce592169e
Use hash_info_get_size in ssl_tls12_client
...
This way the code does not rely on the MBEDTLS_MD_C define
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-08-22 17:46:50 -04:00
Andrzej Kurek
a242e83b21
Rename the sha384 checksum context to reflect its purpose
...
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-08-22 17:02:04 -04:00
Dave Rodgman
0ce93933e8
Merge pull request #6219 from KloolK/development
...
Fix minor typos
2022-08-22 21:47:21 +01:00
Gilles Peskine
e5018c97f9
Merge pull request #6195 from superna9999/6149-driver-only-hashes-ec-j-pake
...
Driver-only hashes: EC J-PAKE
2022-08-22 17:28:15 +02:00
Gilles Peskine
194556034d
Merge pull request #6169 from tom-cosgrove-arm/fix-incorrect-use-of-mbedtls_ecp_group_id
...
Fix incorrect use of mbedtls_ecp_group_id in test_suite_ssl.function
2022-08-22 17:26:18 +02:00
Gilles Peskine
20ebaac85e
Merge pull request #6211 from tom-cosgrove-arm/explicit-warning-re-ct-conditions-not-0-or-1
...
Be explicit about constant time bignum functions that must take a 0 or 1 condition value
2022-08-22 17:24:04 +02:00
Gilles Peskine
03f1c39ac7
Merge pull request #6171 from mprse/md_x509_test
...
Driver-only hashes: X.509
2022-08-22 17:18:47 +02:00
Jan Bruckner
9ff6f8cdbd
Fix minor typos
...
Signed-off-by: Jan Bruckner <jan@janbruckner.de>
2022-08-22 16:05:58 +02:00
Janos Follath
2e328c8591
Remove confusing const qualifier
...
Since a is not a pointer, it is passed by value and declaring it const
doesn’t make any sense and on the first read can make me miss the fact
that a is not a pointer.
Signed-off-by: Janos Follath <janos.follath@arm.com>
2022-08-22 11:19:10 +01:00
Janos Follath
c459641ad1
Bignum: add missing limb qualifiers
...
Signed-off-by: Janos Follath <janos.follath@arm.com>
2022-08-22 10:04:52 +01:00
Janos Follath
6b8e0c2884
Bignum: make tests more readable
...
Signed-off-by: Janos Follath <janos.follath@arm.com>
2022-08-22 09:54:25 +01:00
Janos Follath
494a6d22bd
Bignum tests: use TEST_EQUAL
...
TEST_EQUAL(), has the benefit of outputting the values that don't match,
which can make debugging simpler.
Scope:
- Recently added new test functions
- Checks making sure the test case/data is consistent is out of scope
- Only checks where printing the values is likely to be helpful
Signed-off-by: Janos Follath <janos.follath@arm.com>
2022-08-22 09:40:01 +01:00
Janos Follath
af3f39c01c
Fix typos
...
Co-authored-by: Tom Cosgrove <81633263+tom-cosgrove-arm@users.noreply.github.com>
Co-authored-by: Werner Lewis <Werner.Lewis@arm.com>
Signed-off-by: Janos Follath <janos.follath@arm.com>
2022-08-22 09:08:04 +01:00
Jerry Yu
5725f1cf3a
Align ciphersuite with overwrite.
...
Selected ciphersuite MUST be same with ciphsersuite of PSK.
Overwrite the old ciphersuite with the one of PSK.
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-08-21 17:50:27 +08:00
Jerry Yu
01e42d2d4c
fix issues in export handshake psk
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-08-21 13:00:07 +08:00
Jerry Yu
9f7f646b11
Revert "remove psk key when ephemeral selected"
...
This reverts commit 5c28e7aa0e
.
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-08-21 12:59:17 +08:00
Jerry Yu
e9d4fc09a3
fix binder value security issue
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-08-21 12:59:17 +08:00
Jerry Yu
24b8c813c4
fix comments and wrong initial value issues
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-08-21 12:55:45 +08:00
Jerry Yu
5d01c05d93
fix various issues
...
- wrong typo in comments
- replace psk null check with key_exchange_mode check
- set psk NULL when error return in export hs psk
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-08-21 12:55:01 +08:00
Jerry Yu
6cf6b47b5c
fix format and comment issues
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-08-21 12:54:53 +08:00
Jerry Yu
b25d10f153
Add mismatch key tests
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-08-21 12:53:53 +08:00
Jerry Yu
2b7a51ba8f
Add psk_or_ephemeral mode and tests
...
psk_or_ephemeral exists in theory. This change is for
improving test coverage.
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-08-21 12:51:53 +08:00
Jerry Yu
63c78b869f
add all
mode tests
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-08-21 12:50:38 +08:00
Jerry Yu
3b70b3cce9
add epemeral_all tests
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-08-21 12:49:41 +08:00
Jerry Yu
badd46f040
add psk_all tests
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-08-21 12:48:01 +08:00
Jerry Yu
fa8c306258
add ephemeral tests
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-08-21 12:46:07 +08:00
Jerry Yu
9b83fa1149
add psk_ephemeral tests
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-08-21 12:44:16 +08:00
Jerry Yu
6a9bebaefd
Add psk mode tests
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-08-21 12:42:19 +08:00
Przemek Stekiel
07c0f12302
test_suite_pem.data: change MBEDTLS_CMAC_C->MBEDTLS_CIPHER_MODE_CBC dependency
...
MBEDTLS_CMAC_C dependency is ivalid.
"PEM read (unknown encryption algorithm)" needs MBEDTLS_CIPHER_MODE_CBC dependency as
otherwise this test is failing in test_when_no_ciphersuites_have_mac configuration
because mbedtls_pem_read_buffer() returns a different error (MBEDTLS_ERR_PEM_FEATURE_UNAVAILABLE).
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-08-20 14:24:04 +02:00
Dave Rodgman
beb4fc0723
Merge pull request #6185 from leorosen/tls12_server_null_on_missing_key
...
ssl_tls12_server: fix potential NULL-dereferencing if local certifica…
2022-08-19 20:22:59 +01:00