Commit graph

21425 commits

Author SHA1 Message Date
Ronald Cron
50969e3af5 ssl-opt.sh: TLS 1.3 opaque key: Add test with unsuitable sig alg
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-09-20 15:57:57 +02:00
Tom Cosgrove
4782823ec3 Ensure we explicitly document the modulus for fixed-width arithmetic
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2022-09-20 13:51:50 +01:00
Tom Cosgrove
b0b77e1b13 Document and test aliasing of the bignums given to mbedtls_mpi_core_mla()
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2022-09-20 13:33:40 +01:00
David Horstmann
b5d884815c Use GitHub C syntax highlighting on test files
Add a .gitattributes file that tells GitHub to highlight all .function
files as if they were .c files. This aids in reviewing changes to tests.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
2022-09-20 13:31:23 +01:00
Ronald Cron
277cdcbcde ssl-opt.sh: tls13 opaque key: Enable client authentication
Enable client authentication in TLS 1.3 opaque
key tests to use the opaque key on client side.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-09-20 14:30:13 +02:00
Ronald Cron
e3196d270c ssl-opt.sh: tls13 opaque key: Do not force version on client side
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-09-20 14:30:13 +02:00
Ronald Cron
6ec2123bf3 ssl-opt.sh: Align prefix of TLS 1.3 opaque key tests
Align prefix of TLS 1.3 opaque key tests
with the prefix of the othe TLS 1.3 tests.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-09-20 14:30:13 +02:00
Ronald Cron
067a1e735e tls13: Try reasonable sig alg for CertificateVerify signature
Instead of fully validating beforehand
signature algorithms with regards to the
private key, do minimum validation and then
just try to compute the signature. If it
fails try another reasonable algorithm if any.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-09-20 14:30:13 +02:00
Ronald Cron
38391bf9b6 tls13: Do not impose minimum hash size for RSA PSS signatures
When providing proof of possession of
an RSA private key, allow the usage for RSA
PSS signatures of a hash with a security
level lower that the security level of the
RSA private key.

We did not allow this in the first place to
align with the ECDSA case. But as it is not
mandated by the TLS 1.3 specification (in
contrary to ECDSA), let's allow it.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-09-20 14:29:41 +02:00
Ronald Cron
67ea2543ed tls13: server: Add sig alg checks when selecting best certificate
When selecting the server certificate based on
the signature algorithms supported by the client,
check the signature algorithms as close as possible
to the way they are checked to compute the
signature for the server to prove it possesses
the private key associated to the certificate.

That way we minimize the odds of selecting a
certificate for which the server will not be
able to compute the signature to prove it
possesses the private key associated to the
certificate.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-09-20 14:26:32 +02:00
Tom Cosgrove
ea45c1d2d4 Document and test aliasing of output for mbedtls_mpi_core_montmul()
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2022-09-20 13:17:51 +01:00
Werner Lewis
05feee1841 Restore vbuf value after modification
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
2022-09-20 12:05:58 +01:00
Werner Lewis
ccae25b4bf Add explicit mbedtls_ecp_tls_read_group_id call
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
2022-09-20 10:00:07 +01:00
Werner Lewis
7403d93f8a Add leading zeros to group metadata
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
2022-09-20 09:41:05 +01:00
Werner Lewis
57807308d5 Fix typo in MBEDTLS_ECP_DP_BP512R1
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
2022-09-20 09:16:11 +01:00
Tom Cosgrove
f2b3818a69 Test when all three inputs to mbedtls_mpi_core_sub() are aliased
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2022-09-20 09:08:31 +01:00
Manuel Pégourié-Gonnard
b4e28aa2f7 Fix two typos
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-09-19 11:55:00 +02:00
Manuel Pégourié-Gonnard
1367f40d38 Fix memory corruption in an SSL test function
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-09-19 11:00:23 +02:00
Manuel Pégourié-Gonnard
3c16abebd4 Fix dependencies of KEY_EXCHANGE_ECJPAKE
The EC J-PAKE module the ability to "fall back" to PSA when MD is not
present a few PRs ago, but the dependency of this key exchange on
SHA-256 wasn't updated at the time.

(Note: the crypto primitive doesn't depend on SHA-256, only its use in
the TLS key exchange does.)

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-09-19 10:47:05 +02:00
Manuel Pégourié-Gonnard
73f9233a73 Use full config for testing driver-only hashes
Stating from the default config means a few things are implicitly
excluded; starting from the full config makes it all fully explicit.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-09-19 10:47:05 +02:00
Manuel Pégourié-Gonnard
79e1467799 Fix include path for programs
Same problem as #6101, same fix (the second commit of #6111).

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-09-19 09:27:53 +02:00
Jerry Yu
7a51305478 Add multi-session tickets test
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-09-19 14:26:07 +08:00
Jerry Yu
d4e7500a07 Enable multi session tickets on Server
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-09-19 14:24:03 +08:00
Jerry Yu
1ad7ace6b7 Add conf new session tickets
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-09-19 14:22:21 +08:00
Ronald Cron
be0224aef3
Merge pull request #6167 from yuhaoth/pr/finalize-tls13-session-tickets 2022-09-18 21:18:13 +02:00
Gilles Peskine
ef843f2b0c MBEDTLS_PLATFORM_VSNPRINTF_ALT requires MBEDTLS_PLATFORM_C
mbedtls_vsnprintf replacement works like mbedtls_snprintf replacement, so
copy the requirements for MBEDTLS_PLATFORM_VSNPRINTF_ALT.

(MBEDTLS_PLATFORM_xxx_MACRO shouldn't require MBEDTLS_PLATFORM_C, but that's
a separate preexisting problem which I do not try address at this time.)

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-09-18 14:05:23 +02:00
Gilles Peskine
1716f06ee3
Merge pull request #6093 from wernerlewis/bignum_test_script
Add bignum test case generation script
2022-09-17 10:37:26 +02:00
Andrzej Kurek
7763829c5c Add missing ifdef when calculating operation capacity
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-09-16 12:24:52 -04:00
Werner Lewis
c2fb540c67 Use a script specific description in CLI help
Previous changes used the docstring of the test_generation module,
which does not inform a user about the script.

Signed-off-by: Werner Lewis <werner.lewis@arm.com>
2022-09-16 17:03:54 +01:00
Andrzej Kurek
3c4c514302 Remove PSA_ALG_IS_TLS12_ECJPAKE_TO_PMS
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-09-16 07:24:14 -04:00
Andrzej Kurek
1fafb1f778 Documentation clarifications for ECJPAKE-to-PMS
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-09-16 07:19:49 -04:00
Manuel Pégourié-Gonnard
1be45825ab Remove useless guard around include
Including a header is harmless, so we can include do it unconditionally.

The condition was wrong, should have been USE_PSA || PROTO_TLS1_3. If we
just fixed to condition, then we would need to make sure things like:

    #define MBEDTLS_TLS1_3_MD_MAX_SIZE         PSA_HASH_MAX_SIZE

are also guarded, which is useless (extra defines are harmless) and
annoying, so just remove the condition altogether.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-09-16 13:18:36 +02:00
Andrzej Kurek
2be1689504 Add capacity testing to EC J-PAKE to PMS tests
Let the caller restrict the capacity but limit it to 32 bytes.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-09-16 07:14:04 -04:00
Andrzej Kurek
b093650033 Add proper capacity calculation for EC J-PAKE to PMS KDF
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-09-16 07:13:00 -04:00
Andrzej Kurek
d37850404a Add derivation step testing to EC J-PAKE to PMS tests
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-09-16 06:45:44 -04:00
Andrzej Kurek
702776f7cc Restrict the EC J-PAKE to PMS input type to secret
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-09-16 06:22:44 -04:00
Jerry Yu
ad4d2bb3e1 Exclude pre_shared_key for HRR
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-09-16 18:16:49 +08:00
Manuel Pégourié-Gonnard
138387fc8c Fix some typos, improve wording & formatting
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-09-16 12:03:52 +02:00
Manuel Pégourié-Gonnard
d18c24b166 EC J-PAKE is now implemented in PSA
Quite unrelated to the other commits in this branch, but I happened to
spot it, so I fixed it.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-09-16 12:03:52 +02:00
Manuel Pégourié-Gonnard
c998e43eb4 Add ChangeLog entry about driver-only hashes.
(The first entry will need editing if support for ENTROPY_C is sorted out
before the next release.)

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-09-16 12:03:52 +02:00
Manuel Pégourié-Gonnard
72687b76ca Clarify dependencies in mbedtls_config.h
- One module was missing the warning on psa_crypto_init().
- For modules that are affected by USE_PSA_CRYPTO, it makes more sense
to mention that in the warning.
- Attempt to improve the description of the TLS 1.3 situation.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-09-16 12:03:52 +02:00
Manuel Pégourié-Gonnard
f17f85ef0c Simplify definition of TLS 1.3 MD max size.
Actually this macro is never used in parts that depend on USE_PSA, so
it's always using PSA.

Currently the macro seems a bit redundant, but:
- since it's public we can't remove it;
- and there are plans in the future to make it more precise (actually
the largest hash that matters for TLS 1.3 is SHA-384 now).

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-09-16 12:03:52 +02:00
Manuel Pégourié-Gonnard
e896705c1a Take advantage of legacy_or_psa.h being public
Opportunities for using the macros were spotted using:

    git grep -E -n -A2 'MBEDTLS_(MD|SHA)[0-9]+_C' | egrep 'PSA_WANT_ALG_(MD|SHA)'

then manually filtering the results.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-09-16 12:03:52 +02:00
Manuel Pégourié-Gonnard
07018f97d2 Make legacy_or_psa.h public.
As a public header, it should no longer include common.h, just use
build_info.h which is what we actually need anyway.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-09-16 12:02:48 +02:00
Jerry Yu
6ee726e1ab Replace md translation function
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-09-16 16:32:27 +08:00
Manuel Pégourié-Gonnard
1c341c8bc9
Merge pull request #6284 from daverodgman/contributing
Clarify legal requirements for contributions
2022-09-16 09:01:56 +02:00
Jerry Yu
a5df584d87 fix build fail for test_psa_crypto_config_accel_hash_use_psa
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-09-16 11:28:54 +08:00
Gilles Peskine
a844b4b370 No need to use MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED in tests
Initializing return status variables to CORRUPTION_DETECTED is a second line
of defense in library code in case there's a code path where we forget to
assign to the variable. This isn't useful in test code. In any case, here,
we might as well define the variable at the point of use.

This fixes a build error in configurations with MBEDTLS_ERROR_C and
MBEDTLS_PSA_CRYPTO_C both disabled, because then mbedtls/error.h isn't
included so MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED isn't defined.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-09-15 21:05:04 +02:00
Gilles Peskine
d6355caa8f Include platform.h unconditionally: fixes undefined mbedtls_setbuf
Now that mbedtls/platform.h is included unconditionally, there are no more
configurations where mbedtls_setbuf was accidentally left out of the manual
definitions when MBEDTLS_PLATFORM_C is disabled. Fixes #6118, #6196.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-09-15 20:34:50 +02:00
Gilles Peskine
04e4c19ee3 Document the base state of platform abstraction
It's `#define mbedtls_xxx xxx` unless some option to override `mbedtls_xxx`
is enabled.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-09-15 20:34:50 +02:00