Commit graph

20952 commits

Author SHA1 Message Date
Andrzej Kurek
180b6b9608 Enable TLS 1.2 tests without MD and with USE_PSA in all.sh
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-08-22 17:46:50 -04:00
Andrzej Kurek
7e16ce3a72 Clarify TLS 1.2 dependencies with and without PSA crypto
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-08-22 17:46:50 -04:00
Andrzej Kurek
8c95ac4500 Add missing dependencies / alternatives
A number of places lacked the necessary dependencies on one of
the used features: MD, key exchange with certificate, 
entropy, or ETM.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-08-22 17:46:50 -04:00
Andrzej Kurek
7bb8bab457 Update SHA and MD5 dependencies in the SSL tests
The same elements are now also used when MBEDTLS_USE_PSA_CRYPTO
is defined and respective SHA / MD5 defines are missing.
A new set of macros added in #6065 is used to reflect these dependencies.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-08-22 17:46:50 -04:00
Andrzej Kurek
25f271557b Update SHA and MD5 dependencies in the SSL module
The same elements are now also used when MBEDTLS_USE_PSA_CRYPTO
is defined and respective SHA / MD5 defines are missing.
A new set of macros added in #6065 is used to reflect these dependencies.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-08-22 17:46:50 -04:00
Andrzej Kurek
635c2c2be5 test_suite_ssl: replace CTR_DRBG with a fake rng source
This way there are less dependencies in the SSL test suite.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-08-22 17:46:50 -04:00
Andrzej Kurek
0ce592169e Use hash_info_get_size in ssl_tls12_client
This way the code does not rely on the MBEDTLS_MD_C define
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-08-22 17:46:50 -04:00
Andrzej Kurek
a242e83b21 Rename the sha384 checksum context to reflect its purpose
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-08-22 17:02:04 -04:00
Dave Rodgman
0ce93933e8
Merge pull request #6219 from KloolK/development
Fix minor typos
2022-08-22 21:47:21 +01:00
Gilles Peskine
e5018c97f9
Merge pull request #6195 from superna9999/6149-driver-only-hashes-ec-j-pake
Driver-only hashes: EC J-PAKE
2022-08-22 17:28:15 +02:00
Gilles Peskine
194556034d
Merge pull request #6169 from tom-cosgrove-arm/fix-incorrect-use-of-mbedtls_ecp_group_id
Fix incorrect use of mbedtls_ecp_group_id in test_suite_ssl.function
2022-08-22 17:26:18 +02:00
Gilles Peskine
20ebaac85e
Merge pull request #6211 from tom-cosgrove-arm/explicit-warning-re-ct-conditions-not-0-or-1
Be explicit about constant time bignum functions that must take a 0 or 1 condition value
2022-08-22 17:24:04 +02:00
Gilles Peskine
03f1c39ac7
Merge pull request #6171 from mprse/md_x509_test
Driver-only hashes: X.509
2022-08-22 17:18:47 +02:00
Jan Bruckner
9ff6f8cdbd Fix minor typos
Signed-off-by: Jan Bruckner <jan@janbruckner.de>
2022-08-22 16:05:58 +02:00
Janos Follath
2e328c8591 Remove confusing const qualifier
Since a is not a pointer, it is passed by value and declaring it const
doesn’t make any sense and on the first read can make me miss the fact
that a is not a pointer.

Signed-off-by: Janos Follath <janos.follath@arm.com>
2022-08-22 11:19:10 +01:00
Janos Follath
c459641ad1 Bignum: add missing limb qualifiers
Signed-off-by: Janos Follath <janos.follath@arm.com>
2022-08-22 10:04:52 +01:00
Janos Follath
6b8e0c2884 Bignum: make tests more readable
Signed-off-by: Janos Follath <janos.follath@arm.com>
2022-08-22 09:54:25 +01:00
Janos Follath
494a6d22bd Bignum tests: use TEST_EQUAL
TEST_EQUAL(), has the benefit of outputting the values that don't match,
which can make debugging simpler.

Scope:
- Recently added new test functions
- Checks making sure the test case/data is consistent is out of scope
- Only checks where printing the values is likely to be helpful

Signed-off-by: Janos Follath <janos.follath@arm.com>
2022-08-22 09:40:01 +01:00
Janos Follath
af3f39c01c Fix typos
Co-authored-by: Tom Cosgrove <81633263+tom-cosgrove-arm@users.noreply.github.com>
Co-authored-by: Werner Lewis <Werner.Lewis@arm.com>

Signed-off-by: Janos Follath <janos.follath@arm.com>
2022-08-22 09:08:04 +01:00
Jerry Yu
5725f1cf3a Align ciphersuite with overwrite.
Selected ciphersuite MUST be same with ciphsersuite of PSK.
Overwrite the old ciphersuite with the one of PSK.

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-08-21 17:50:27 +08:00
Jerry Yu
01e42d2d4c fix issues in export handshake psk
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-08-21 13:00:07 +08:00
Jerry Yu
9f7f646b11 Revert "remove psk key when ephemeral selected"
This reverts commit 5c28e7aa0e.

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-08-21 12:59:17 +08:00
Jerry Yu
e9d4fc09a3 fix binder value security issue
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-08-21 12:59:17 +08:00
Jerry Yu
24b8c813c4 fix comments and wrong initial value issues
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-08-21 12:55:45 +08:00
Jerry Yu
5d01c05d93 fix various issues
- wrong typo in comments
- replace psk null check with key_exchange_mode check
- set psk NULL when error return in export hs psk

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-08-21 12:55:01 +08:00
Jerry Yu
6cf6b47b5c fix format and comment issues
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-08-21 12:54:53 +08:00
Jerry Yu
b25d10f153 Add mismatch key tests
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-08-21 12:53:53 +08:00
Jerry Yu
2b7a51ba8f Add psk_or_ephemeral mode and tests
psk_or_ephemeral exists in theory. This change is for
improving test coverage.

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-08-21 12:51:53 +08:00
Jerry Yu
63c78b869f add all mode tests
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-08-21 12:50:38 +08:00
Jerry Yu
3b70b3cce9 add epemeral_all tests
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-08-21 12:49:41 +08:00
Jerry Yu
badd46f040 add psk_all tests
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-08-21 12:48:01 +08:00
Jerry Yu
fa8c306258 add ephemeral tests
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-08-21 12:46:07 +08:00
Jerry Yu
9b83fa1149 add psk_ephemeral tests
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-08-21 12:44:16 +08:00
Jerry Yu
6a9bebaefd Add psk mode tests
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-08-21 12:42:19 +08:00
Przemek Stekiel
07c0f12302 test_suite_pem.data: change MBEDTLS_CMAC_C->MBEDTLS_CIPHER_MODE_CBC dependency
MBEDTLS_CMAC_C dependency is ivalid.

"PEM read (unknown encryption algorithm)" needs MBEDTLS_CIPHER_MODE_CBC dependency as
otherwise this test is failing in test_when_no_ciphersuites_have_mac configuration
because mbedtls_pem_read_buffer() returns a different error (MBEDTLS_ERR_PEM_FEATURE_UNAVAILABLE).

Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-08-20 14:24:04 +02:00
Dave Rodgman
beb4fc0723
Merge pull request #6185 from leorosen/tls12_server_null_on_missing_key
ssl_tls12_server: fix potential NULL-dereferencing if local certifica…
2022-08-19 20:22:59 +01:00
Leonid Rozenboim
19e5973566 mbedtls_ssl_check_curve prevent potential NULL pointer dereferencing
Avoid the shorthand practice of the form 'x = func(foo)->bar' which
exposes the code to NULL pointer de-referencing when the 'func()'
returns a NULL pointer.

The first chunk is for when the curve group code is not recognized by
the library, and is cleanly rejected if offered.

The second chunk addresses the unlikely case of an internal error:
if 'mbedtls_pk_can_do()' returns TRUE, it should rule out
'mbedtls_pk_ec()' returning a NULL, unless there is a regression.

Signed-off-by: Leonid Rozenboim <leonid.rozenboim@oracle.com>
2022-08-19 11:49:22 -07:00
Janos Follath
deb8030e9f Improve mbedtls_mpi_core_lt_ct() unit tests
- Improve test descriptions
- Add more test cases with return value of 1
- Remove the mbedtls prefix from the test function

Signed-off-by: Janos Follath <janos.follath@arm.com>
2022-08-19 13:32:17 +01:00
Janos Follath
a95f204cd3 Improve documentation
Co-authored-by: Tom Cosgrove <81633263+tom-cosgrove-arm@users.noreply.github.com>
Co-authored-by: Werner Lewis <werner.wmlewis@gmail.com>
Co-authored-by: Minos Galanakis <minos.galanakis@arm.com>

Signed-off-by: Janos Follath <janos.follath@arm.com>
2022-08-19 13:11:22 +01:00
Janos Follath
ca5688e10c Improve coding style
Co-authored-by: Tom Cosgrove <81633263+tom-cosgrove-arm@users.noreply.github.com>
Co-authored-by: Werner Lewis <werner.wmlewis@gmail.com>

Signed-off-by: Janos Follath <janos.follath@arm.com>
2022-08-19 13:11:22 +01:00
Janos Follath
b7a88eca42 Bignum: Apply naming conventions
Numbers:

- A, B for mbedtls_mpi_uint* operands
- a, b for mbedtls_mpi_uint operands
- X or x for result
- HAC references where applicable

Lengths:

- Reserve size or length for length/size in bytes or byte buffers.
- For length of mbedtls_mpi_uint* buffers use limbs
- Length parameters are qualified if possible (eg. input_length or
  a_limbs)

Setup functions:

- The parameters match the corresponding structure member's name
- The structure to set up is a standard lower case name even if in other
  functions different naming conventions would apply

Scope of changes/conventions:

- bignum_core
- bignum_mod
- bignum_mod_raw

Signed-off-by: Janos Follath <janos.follath@arm.com>
2022-08-19 13:11:22 +01:00
Janos Follath
6b8a4ad0d8 Bignum: update const qualifiers
While at it, mark parameters based on their role.

Signed-off-by: Janos Follath <janos.follath@arm.com>
2022-08-19 13:11:22 +01:00
Neil Armstrong
01a7d310d5 Make ecjpake test suite depend on MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-08-19 14:03:02 +02:00
Tom Cosgrove
a327b52427 Fix incorrect use of mbedtls_ecp_group_id in test_suite_ssl.function
MBEDTLS_SSL_IANA_TLS_GROUP_SECP192R1 and friends are not members of the mbedtls_ecp_group_id enum

Found by clang's -Wassign-enum

Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2022-08-19 10:50:26 +01:00
Neil Armstrong
7b044c1bbf Enable ECJPAKE in test_crypto_full_no_md () & test_psa_crypto_config_accel_hash_use_psa () components
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-08-19 11:49:22 +02:00
Neil Armstrong
ecaba1c9b2 Make use of PSA crypto hash if MBEDTLS_MD_C isn't defined
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-08-19 11:49:22 +02:00
Neil Armstrong
0d76341eac Remove md_info by md_type in ecjpake context, use mbedtls_hash_info_get_size() to get hash length
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-08-19 11:49:22 +02:00
Przemek Stekiel
bc3906c58f pem_pbkdf1(): optimize psa version
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-08-19 10:36:57 +02:00
Przemek Stekiel
10836a04a9 config: Fix requirements for MBEDTLS_X509_USE_C and MBEDTLS_X509_CREATE_C
Restore MBEDTLS_PK_PARSE_C as it was removed by mistake.
Fix module name in added warnings.

Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-08-19 10:15:56 +02:00
Przemek Stekiel
bf01c64e9d oid.c: unify dependencies (VIA_MD_OR_PSA->VIA_LOWLEVEL_OR_PSA)
*** Comparing before-default -> after-default ***
   x509parse: total 723; skipped  26 ->  26
   x509write: total  41; skipped   8 ->   8
         pem: total  13; skipped   0 ->   0
         oid: total  28; skipped   0 ->   0

*** Comparing before-full -> after-full ***
   x509parse: total 723; skipped  25 ->  25
   x509write: total  41; skipped   0 ->   0
         pem: total  13; skipped   0 ->   0
         oid: total  28; skipped   0 ->   0

*** Comparing reference -> drivers ***
   x509parse: total 723; skipped  89 ->  89
   x509write: total  41; skipped   3 ->   3
         pem: total  13; skipped   0 ->   0
         oid: total  28; skipped   0 ->   0

Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-08-19 10:15:56 +02:00