mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-02-09 12:40:57 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
23,342 Commits 171 Branches 263 Tags
Commit Graph

346 Commits

Author SHA1 Message Date
Neil Armstrong
cf8841a076 Remove non-PSA MAC keys in mbedtls_ssl_transform when MBEDTLS_USE_PSA_CRYPTO is defined 
Also remove last usage of non-PSA MAC keys in ssl_decrypt_non_etm_cbc() SSL test.

Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-02-25 15:16:49 +01:00
Neil Armstrong
4f091290bd Remove Obsolete SSLs tests with truncated MAC tags & NULL/CBC cipher 
These tests are related to an obsolete feature removed from the library.

Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-02-25 15:16:49 +01:00
Neil Armstrong
f4cc062935 Setup MAC PSA keys in build_transforms() to pass ssl_crypt_record() with PSA crypto 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-02-25 15:16:49 +01:00
Neil Armstrong
46a1760922 Allow USE_PSA_CRYPTO for handshake TLS tests 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-02-25 15:16:49 +01:00
Gabor Mezei
4fded1359a
Use PSA_INIT() 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2022-02-21 15:47:24 +01:00
Gabor Mezei
5d7d201b87
Update test 
Testing the hash length in this context is not applicable because there is no way
to specify it when calling mbedtls_psa_hkdf_extract.
Change to test invalid `alg` parameter.

Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2022-02-21 15:46:33 +01:00
Gabor Mezei
ebc9368173
typo 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2022-02-21 15:44:51 +01:00
Gabor Mezei
298a2d6109
Use ASSERT_ALLOC 
Change the calloc functions to ASSERT_ALLOC to check the
return value of calloc as well.

Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2022-02-21 15:43:52 +01:00
Gabor Mezei
62bf024025
Make the mbedtls_psa_hkdf_extract function more PSA compatible 
Change the return value to `psa_status_t`.
Add `prk_size` and `prk_len` parameters.

Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2022-02-21 15:42:57 +01:00
Gabor Mezei
73cb6f54de
Add tests for mbedtls_psa_hkdf_extrct 
The tests are based on the the test of mbedtls_hkdf_extract.

Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2022-02-21 15:41:42 +01:00
Gilles Peskine
49d7ddf7f3 Serializing a context does not save the user data 
The user data is typically a pointer to a data structure or a handle which
may no longer be valid after the session is restored. If the user data needs
to be preserved, let the application do it. This way, it is a conscious
decision for the application to save/restore either the pointer/handle
itself or the object it refers to.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-02-21 15:14:01 +01:00
Gilles Peskine
80dae04f24 Make user_data fields private 
Add accessor functions.

Add unit tests for the accessor functions.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-02-21 15:14:01 +01:00
Gilles Peskine
1255b0de98 Positive unit testing for SSL context version functions 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-02-21 15:14:01 +01:00
Paul Elliott
436b72690d
Merge pull request #5362 from yuhaoth/pr/enable-tls13-only-build 
TLS1.3:Enable tls13 only build
 2022-02-21 11:22:37 +00:00
Jerry Yu
baa4934e7b Add check tests 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-02-21 09:06:00 +08:00
Jerry Yu
53d23e2c95 Guards tls_prf functions with TLS1_2 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-02-21 09:06:00 +08:00
Gabor Mezei
cbe5ba500a
Add tests for mbedtls_psa_hkdf_expand 
Add test cases which test psa_import_key and psa_mac_sign_setup
function call if they return error.

Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2022-02-17 17:01:49 +01:00
Gabor Mezei
8e3602569b
Typo 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2022-02-17 11:50:02 +01:00
Gabor Mezei
d917081b8b
Typo 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2022-02-15 16:25:27 +01:00
Gabor Mezei
7381242748
Use PSA_INIT() 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2022-02-15 16:24:58 +01:00
Gabor Mezei
b35759ded8
Add tests for mbedtls_psa_hkdf_expand 
The tests are based on the test of mbedtls_hkdf_expand.

Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2022-02-10 10:57:24 +01:00
Przemyslaw Stekiel
5648d577a4 Optimize psa_cipher_encrypt_helper() 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-02-03 14:55:24 +01:00
Przemyslaw Stekiel
8c010eb467 Fix comments, code style, remove debug code 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-02-03 14:55:24 +01:00
Przemyslaw Stekiel
d66387f8fa Init psa status to PSA_ERROR_CORRUPTION_DETECTED 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-02-03 09:16:41 +01:00
Przemyslaw Stekiel
f4facef9ba Adapt ssl_decrypt_non_etm_cbc() test for psa crypto and remove redundant test cases 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-02-03 09:16:41 +01:00
Przemyslaw Stekiel
77aec8d181 Rename ssl_psa_status_to_mbedtls->psa_ssl_status_to_mbedtls 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-01-31 20:22:53 +01:00
Przemyslaw Stekiel
89dad93a78 Rename psa_status_to_mbedtls->ssl_psa_status_to_mbedtls and add conversion for PSA_ERROR_INVALID_SIGNATURE 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-01-31 15:39:24 +01:00
Przemyslaw Stekiel
4a36dd3da6 ssl test ssl_decrypt_non_etm_cbc(): add missing ret check 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-01-31 15:38:29 +01:00
Przemyslaw Stekiel
f4ca3f0e52 ssl test build_transforms(): in psa mode distinguish encrypt/decrypt keys 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-01-31 15:38:29 +01:00
Przemyslaw Stekiel
f57b45660d Rename tls_mbedtls_cipher_to_psa() to be consistent with function naming convention. 
New function name:  mbedtls_ssl_cipher_to_psa().

Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-01-31 15:38:29 +01:00
Przemyslaw Stekiel
93cf4eea67 Adapt test_suite_ssl for psa crypto 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-01-31 15:38:29 +01:00
Andrzej Kurek
03e01461ad Make KEY_ID_ENCODES_OWNER compatible with USE_PSA_CRYPTO 
Fix library references, tests and programs.
Testing is performed in the already present all.sh test.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-01-03 12:53:24 +01:00
Ronald Cron
6f135e1148 Rename MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL to MBEDTLS_SSL_PROTO_TLS1_3 
As we have now a minimal viable implementation of TLS 1.3,
let's remove EXPERIMENTAL from the config option enabling
it.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2021-12-10 13:47:55 +01:00
Paul Elliott
46a6c20d0c Add checked returns to tests without them. 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2021-12-09 18:16:13 +00:00
Xiaofei Bai
d25fab6f79 Update based on comments 
Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com>
 2021-12-02 06:36:27 +00:00
Xiaofei Bai
746f9481ea Fix 1_3/13 usages in macros and function names 
Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com>
 2021-11-26 08:08:36 +00:00
Gilles Peskine
161d661d90
Merge pull request #5222 from paul-elliott-arm/fix_test_suite_ssl 
Fix test_suite_ssl compilation errors with GCC11
 2021-11-25 22:02:43 +01:00
Paul Elliott
21c8fe5c6e Fix compilation errors. 
Under gcc11(+) both message and received would cause errors for
potentially being used uninitialised. We fixed many of these issues in
another PR, but this one is only seen under certain configs.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2021-11-24 17:19:51 +00:00
Gabor Mezei
be7b21da22
Merge branch 'development' into 3649_move_constant_time_functions_into_separate_module 2021-11-24 10:44:13 +01:00
Brett Warren
7f813d5d88 add group api tests 
Signed-off-by: Brett Warren <brett.warren@arm.com>
 2021-10-29 14:07:46 +01:00
Gabor Mezei
22c9a6fccc
Rename internal header constant_time.h to constant_time_internal.h 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2021-10-20 12:15:20 +02:00
Gabor Mezei
90437e3762
Rename constant-time functions to have mbedtls_ct prefix 
Rename functions to better suite with the module name.

Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2021-10-20 11:59:27 +02:00
gabor-mezei-arm
9c1203fd67
Delete ssl_invasive.h due to duplicated function declarations 
All function declaration provided by ssl_invasive.h is needed only for
testing purposes and all of them are provided by constant_time.h as well.

Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
 2021-09-28 16:28:44 +02:00
gabor-mezei-arm
9fa43ce238
Rename function to have suitable name 
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
 2021-09-28 16:14:47 +02:00
Dave Rodgman
2aec149e13
Merge pull request #4248 from hanno-arm/tls13_populate_transform 
Fix and test compliance of TLS 1.3 record protection
 2021-08-11 16:41:51 +01:00
Gilles Peskine
8bb9b80d18
Merge pull request #4806 from hanno-arm/ssl_session_serialization_version 
Store TLS version in SSL session structure
 2021-08-02 12:45:55 +02:00
Hanno Becker
1f91878281 Specify padding granularity in TLS 1.3 record protection KATs 
Still check that encryption and decryption are inverse to each other
if the granularity does not match the one used in the KAT.

Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2021-08-02 04:54:03 +01:00
Hanno Becker
41537452f4 Add comment regarding the wire-version used in TLS 1.3 records 
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2021-08-02 04:54:03 +01:00
Hanno Becker
80e760e006 Fix memory leak in TLS 1.3 record protection unit test 
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2021-08-02 04:54:02 +01:00
Hanno Becker
a77d005d39 Add known answer tests for TLS 1.3 record protection 
This commit adds four known answer tests for TLS 1.3 record protection
from the following sources:

- RFC 8448 "Example Handshake Traces for TLS 1.3"
- tls13.ulfheim.net "The New Illustrated TLS Connection"

It extends the test coverage of the existing record protection tests
in the following ways:

- The existing record protection tests hand-craft record transform
  structures; the new tests use the function

     mbedtls_ssl_tls13_populate_transform()

  from library source to create an TLS 1.3 transform from raw
  key material and connection information.
- The existing record protection tests only check that encryption
  and decryption are inverse to each other; as such, they don't
  catch non-compliant implementations of encryption and decryption
  which happen to be inverse to each other. By adding a known answer
  test for TLS 1.3 record protection, can gain confidence that our
  implementation is indeed standards-compliant.

Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2021-08-02 04:53:58 +01:00