mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-03-05 16:13:36 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
30,021 Commits 172 Branches 263 Tags
Commit Graph

10882 Commits

Author SHA1 Message Date
Valerio Setti
13beaa2e60 psa_crypto_stubs: extend stub functions for the CRYPTO_CLIENT tests 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-03-13 09:52:36 +01:00
Valerio Setti
63097759f8 all.sh: modify/add test components for CRYPTO_CLIENT 
The already existing component_test_psa_crypto_client() is renamed
as component_test_default_psa_crypto_client_without_crypto_provider()
while component_build_full_psa_crypto_client_without_crypto_provider()
was added.

- Both of them check that the missing symbols at link time (if any)
  belong to the psa_xxx() family.
- The former builds with default config + CRYPTO_CLIENT - CRYPTO_C and
  then runs test suites.
- The latter only perform the builds using the full config and then
  it checks that PK-PSA bridge functions are present.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-03-13 09:52:36 +01:00
Manuel Pégourié-Gonnard
3b20bda352
Merge pull request #8899 from gilles-peskine-arm/pk_copy_public_from_psa 
New function mbedtls_pk_copy_public_from_psa
 2024-03-13 06:56:17 +00:00
Gilles Peskine
68f46414cb
Merge pull request #8894 from daverodgman/quietbuild2 
Follow-up non-verbose logs
 2024-03-13 00:50:42 +00:00
Gilles Peskine
d6a710a397 Fix copypasta 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-03-12 15:06:47 +01:00
Gilles Peskine
0dc79a754d Fix and test pk_copy_from_psa with an unsupported algorithm 
Fix mbedtls_pk_copy_from_psa() and mbedtls_pk_copy_public_from_psa() to
still work when the algorithm in the key policy is not an RSA
algorithm (typically PSA_ALG_NONE). Add a dedicated test case and adjust the
test code. Fixes the test case "Copy from PSA: non-exportable -> public, RSA"
when MBEDTLS_PKCS1_V15 is disabled.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-03-12 15:06:47 +01:00
Gilles Peskine
17d5b6bda2 Test mbedtls_pk_copy_public_from_psa on non-exportable keys 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-03-12 15:06:47 +01:00
Gilles Peskine
bf69f2e682 New function mbedtls_pk_copy_public_from_psa 
Document and implement mbedtls_pk_copy_public_from_psa() to export the
public key of a PSA key into PK.

Unit-test it alongside mbedtls_pk_copy_from_psa().

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-03-12 15:06:45 +01:00
Manuel Pégourié-Gonnard
d7e7f48323
Merge pull request #8774 from valeriosetti/issue8709 
Implement mbedtls_pk_copy_from_psa
 2024-03-12 13:45:27 +00:00
Dave Rodgman
235799bc23 Simplify locating original tool 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2024-03-12 13:33:09 +00:00
Dave Rodgman
294a3c2ccb Remove unnecessary use of export 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2024-03-12 13:32:36 +00:00
Ronald Cron
ec4ed8eae4
Merge pull request #8857 from ronald-cron-arm/tls13-cli-max-early-data-size 
TLS 1.3: Enforce max_early_data_size on client
 2024-03-12 13:31:20 +00:00
Dave Rodgman
a7f3c4e1d0
Merge pull request #8822 from daverodgman/sha3-perf 
SHA-3 performance & code size
 2024-03-12 13:14:40 +00:00
Valerio Setti
6fbde6e242 test_suite_pk: revert erroneous missing initialization of PSA key IDs 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-03-12 11:00:39 +01:00
Valerio Setti
8b3c6fffa7 test_suite_pk: add comment for pk_copy_from_psa_builtin_fail 
Explain why this kind of test is possible for RSA keys, while
it is not possible for EC ones.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-03-12 06:05:03 +01:00
Janos Follath
43edc75e31
Merge pull request #8882 from Ryan-Everett-arm/threading-key-tests 
Test multi-threaded key generation
 2024-03-11 15:07:48 +00:00
Dave Rodgman
9cc01ccbf8
Merge pull request #8831 from yanesca/switch_to_new_exp 
Use mpi_core_exp_mod in bignum
 2024-03-11 13:40:46 +00:00
Valerio Setti
e095a67bb2 pk: improve mbedtls_pk_copy_from_psa() 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-03-11 11:34:58 +01:00
Valerio Setti
6f5f9f5ce8 test_suite_pk: fix some comments 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-03-11 11:34:58 +01:00
Valerio Setti
ab7ddbc812 test_suite_pk: when ANY_HASH is used then pick any available MD alg in the build 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-03-11 11:34:58 +01:00
Valerio Setti
3433f832fb test_suite_pk: improve PSA alg selection in pk_copy_from_psa_success() 
Use the same hashing algorithm as md_for_test.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-03-11 11:34:58 +01:00
Valerio Setti
039bbbac33 test_suite_pk: destroy original xkey after pk_copy_from_psa() in pk_copy_from_psa_success() 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-03-11 11:34:58 +01:00
Valerio Setti
4114a54403 test_suite_pk: add description for psa_pub_key_from_priv() 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-03-11 11:34:58 +01:00
Valerio Setti
42a58a5249 test_suite_pk: minor fixes for test failures 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-03-11 11:34:58 +01:00
Valerio Setti
e700d8086e rsa: rsa_rsassa_pss_sign() to check MD alg both in parameters and RSA context 
This helps fixing a disparity between the legacy and the USE_PSA
case for rsa_sign_wrap() in pk_wrap.c.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-03-11 11:34:58 +01:00
Valerio Setti
f22eff99a6 test_suite_pk: add new test case for an algorithm only avaible in driver 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-03-11 11:34:58 +01:00
Valerio Setti
a657ae388a pk: pk_copy_from_psa() performs the conversion even if the algorithm doesn't match 
This commit also:
- fixes existing tests and add new ones
- updates documentation.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-03-11 11:34:58 +01:00
Valerio Setti
1015985d8a test_suite_pk: add more test cases for pk_copy_from_psa_success() 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-03-11 11:34:58 +01:00
Valerio Setti
d2ccc2f468 test_suite_pk: various minor fixes 
- removed redundant info from data file (i.e. informations that
  can be extrapolated somehow)
- removed unecessary parameters in functions
- added some extra check on the generated PK contexts
- etc...

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-03-11 11:34:58 +01:00
Valerio Setti
61a47a46ea test_suite_pk: extend testing in pk_copy_from_psa() 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-03-11 11:34:58 +01:00
Valerio Setti
aeeefef64e pk_wrap: use correct PSA alg in rsa_encrypt_wrap() when USE_PSA 
This bugfix was due in PR #8826, but we didn't catch that.
This commit also add proper testing in test_suite_pk that was not implemented
in #8826.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-03-11 11:34:58 +01:00
Valerio Setti
88e2dac6d6 test_suite_pk: rename PK context variables 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-03-11 11:34:58 +01:00
Valerio Setti
e8fe3e76c4 test_suite_pk: add key pair check in pk_copy_from_psa_success() 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-03-11 11:34:58 +01:00
Valerio Setti
3a815cbd2f all.sh: keep RSA_C enabled in component_full_no_pkparse_pkwrite() 
This is possible because after #8740 RSA_C no longer depends on
PK to parse and write private/public keys.

This commit also solves related issues that arose after this change
in "pk.c" and "test_suite_pk". In particular now we can use
rsa's module functions for parsing and writing keys without need
to rely on pk_parse and pk_write functions.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-03-11 11:34:53 +01:00
Valerio Setti
61532e9a6b test_suite_pk: fix typos 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-03-11 09:48:40 +01:00
Valerio Setti
01ba66d56e pk: replace CRYPTO_CLIENT guards with CRYPTO_C 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-03-11 09:48:40 +01:00
Valerio Setti
a41654d5b1 all.sh: add test component based on full config without PK_[PARSE|WRITE]_C 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-03-11 09:48:40 +01:00
Valerio Setti
452d2d2ccb test_suite_pk: add some initial testing for mbedtls_pk_copy_from_psa() 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-03-11 09:48:40 +01:00
Manuel Pégourié-Gonnard
af3e574f5f
Merge pull request #8862 from valeriosetti/issue8825 
Improve support of mbedtls_psa_get_random in client-only builds
 2024-03-10 20:06:27 +00:00
Ronald Cron
61fd13c6a5 Merge remote-tracking branch 'mbedtls/development' into tls13-cli-max-early-data-size 2024-03-10 18:09:47 +01:00
Ronald Cron
7e1f9f290f
Merge pull request #8854 from ronald-cron-arm/tls13-srv-max-early-data-size 
TLS 1.3: Enforce max_early_data_size on server
 2024-03-09 00:16:07 +00:00
Ronald Cron
e1295fabaf tests: ssl: early data: Fix comments 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-08 17:05:27 +01:00
Janos Follath
080a5171e2
Merge pull request #8861 from ronald-cron-arm/tls13-srv-select-kex 
TLS 1.3: SRV: Improve key exchange mode selection
 2024-03-08 14:58:36 +00:00
Ronald Cron
52472104a2 tests: suite: early data: Add comments 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-08 14:51:20 +01:00
Ronald Cron
4facb0a9cd tests: ssl: Improve early data test code 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-08 14:51:20 +01:00
Ronald Cron
1a13e2f43e tests: ssl: Improve test code for very small max_early_data_size 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-08 14:51:20 +01:00
Ronald Cron
e14770fc42 ssl-opt.sh: Fix early data test option 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-08 08:57:36 +01:00
Ronald Cron
1f63fe4d74 tls13: srv: Fix resume flag in case of cancelled PSK 
If we prefer ephemeral key exchange mode over
the pure PSK one, make sure the resume flag is
disabled as eventually we are not going to
resume a session even if we aimed to at some
point.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-08 08:43:41 +01:00
Ronald Cron
cf284565c5 tls13: srv: Determine best key exchange mode for a PSK 
Determine best key exchange for for ticket based and
external PSKs.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-08 08:43:41 +01:00
Ronald Cron
12e72f1664 tls13: srv: Always parse the pre-shared key extension 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-08 08:43:41 +01:00