30591 Commits

Author SHA1 Message Date
Minos Galanakis
4492dbd286 Version Bump for 3.6.0
./scripts/bump_version.sh --version 3.6.0 --so-crypto 16 --so-x509 7  --so-tls 21

Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
2024-03-22 11:46:25 +00:00
Minos Galanakis
2c1daef183 Assemble Changelog
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
2024-03-22 11:46:25 +00:00
Minos Galanakis
96948e9a7b Merge pull request #8980 from adeaarm/fix_jinja_template
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
2024-03-22 11:44:46 +00:00
Antonio de Angelis
700632eca2 Fix #ifdef guard in driver wrapper template
The #ifdef guard in the get_builtin_key() should be
PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT to allow for
multiple drivers to be plugged into the wrapper.

Signed-off-by: Antonio de Angelis <antonio.deangelis@arm.com>
2024-03-22 11:43:19 +00:00
Minos Galanakis
d9d6435bc5 Merge branch 'development-restricted' into mbedtls-3.6.0rc0-pr
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
2024-03-21 15:44:11 +00:00
minosgalanakis
5a9020f5d4
Merge pull request #8941 from daverodgman/branches-3.6lts
Update BRANCHES for 3.6
2024-03-21 13:56:34 +00:00
Manuel Pégourié-Gonnard
32a96d656b
Merge pull request #8951 from valeriosetti/issue8938
mbedtls_pk_setup_opaque always uses PKCS#1v1.5 for RSA keys
2024-03-21 09:08:34 +00:00
Valerio Setti
2833050bb6 test_suite_pk: fix guards in pk_psa_sign()
If the public key is exported with mbedtls_pk_write_pubkey_der()
it should be re-imported with mbedtls_pk_parse_public_key().
Alternative options (when PK_WRITE is not defined), i.e.
mbedtls_ecp_point_write_binary() and mbedtls_rsa_write_pubkey(),
export the key in a different format which cannot be parsed by
pk_parse module so mbedtls_ecp_point_read_binary() and
mbedtls_rsa_parse_pubkey() should be used respectively in this
case.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-03-21 05:24:12 +01:00
minosgalanakis
e331dde17d
Merge pull request #1208 from Mbed-TLS/origin/dev/minosgalanakis/development-restricted-merge-19032024
Merge development on restricted 10/03/2024
2024-03-20 18:56:15 +00:00
Valerio Setti
ea01efa589 add changelog
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-03-20 17:19:08 +01:00
Valerio Setti
144c27b0f3 pkwrite: add new internal symbol for the max supported public key DER length
This is also used in pk_psa_sign() to properly size buffers holding
the public key.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-03-20 17:10:35 +01:00
Valerio Setti
027796c0cc test_suite_pk: uniformly generate RSA and EC keys in pk_psa_sign()
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-03-20 16:55:35 +01:00
Valerio Setti
6fb2586dfd test_suite_pk: fix guards in pk_psa_sign()
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-03-20 16:55:14 +01:00
Valerio Setti
1b533ab205 test_suite_pk: test also RSA OAEP in pk_wrap_rsa_decrypt_test_vec()
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-03-20 15:43:33 +01:00
Valerio Setti
d45836a1c3 pk_wrap: fix algorithm selection in rsa_opaque_decrypt()
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-03-20 15:42:55 +01:00
Valerio Setti
480dfc7ad7 test_suite_pk: fix guards in pk_psa_sign()
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-03-20 12:24:29 +01:00
Minos Galanakis
b70f0fd9a9 Merge branch 'development' into 'development-restricted'
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
2024-03-19 22:24:40 +00:00
Valerio Setti
f71c060cb2 test_suite_pk: properly size buffers for public keys in pk_psa_sign()
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-03-19 19:35:37 +01:00
Valerio Setti
aa9cc49879 test_suite_pk: test also RSA keys with PKCS1 v2.1 padding mode in pk_psa_sign()
Previously only only PKCS1 v1.5 was tested.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-03-19 19:03:55 +01:00
Gilles Peskine
4fc5b71cbb
Merge pull request #1207 from ronald-cron-arm/binder-overread
tls13: srv: Fix potential stack buffer overread
2024-03-19 17:01:23 +01:00
Valerio Setti
4f3262de2d pk_wrap: fix algorithm selection in rsa_opaque_sign_wrap()
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-03-19 15:55:32 +01:00
Valerio Setti
d971b7834b test_suite_pk: fix RSA issue in pk_psa_sign() when !PK_[PARSE|WRITE]_C are defined
This bug was not found until now because:
- !PK_[WRITE|PARSE]_C is only tested in component_full_no_pkparse_pkwrite()
- the test only case concerning RSA key had MBEDTLS_PK_WRITE_C as dependency
  so it was not executed in that component.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-03-19 15:55:32 +01:00
Valerio Setti
c262561424 test_suite_pk: rename some variables in pk_psa_sign()
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-03-19 15:55:32 +01:00
Valerio Setti
d38480b0e0 test_suite_pk: reshape pk_psa_sign()
The behavior of the functions is kept intact. Changes concern:
- generate the initial PK context using PSA parameters only; this
  allows to remove 1 input parameter for the test function.
- add/fix comments.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-03-19 15:55:32 +01:00
Ronald Cron
a5c5c58107 tls13: srv: Fix potential stack buffer overread
Fix potential stack buffer overread when
checking PSK binders.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-03-19 14:46:21 +01:00
Gilles Peskine
b2b9068264
Merge pull request #8942 from valeriosetti/fix-null-dereference
[Bugfix] Fix null dereference in `mbedtls_pk_verify_ext()`
2024-03-19 10:47:29 +00:00
Manuel Pégourié-Gonnard
af14b89824
Merge pull request #8932 from ronald-cron-arm/enable-tls13-by-default
Enable TLS 1.3 by default
2024-03-19 09:51:49 +00:00
Valerio Setti
da47518554 test_suite_pk: always test verify_ext with opaque keys in pk_psa_wrap_sign_ext()
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-03-19 09:54:46 +01:00
David Horstmann
720c72b6ba
Merge pull request #1202 from davidhorstmann-arm/update-buffer-sharing-design-doc
Rewrite PSA shared memory design document
2024-03-18 17:49:59 +00:00
Valerio Setti
8ad5be0e5d add changelog
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-03-18 17:22:52 +01:00
David Horstmann
3147034457 Mention MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS
Explain this option and the way it relates to the copying macros.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
2024-03-18 15:59:03 +00:00
David Horstmann
0ea8071bda Remove 'Question' line around testing
This question has been resolved, as we know that we can test
transparently.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
2024-03-18 15:51:03 +00:00
Paul Elliott
92152dc746
Merge pull request #8940 from paul-elliott-arm/add_fixes_to_threading_changelog
Add issues fixed to threading MVP changelog entry
2024-03-18 15:30:11 +00:00
Dave Rodgman
0da8c514c3 Replace reference to master
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2024-03-18 15:25:53 +00:00
Valerio Setti
07500fd874 pk: check PK context type in mbedtls_pk_verify_ext() before trying RSA PSS
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-03-18 16:22:33 +01:00
Valerio Setti
d59caf4e51 test_suite_pk: extend pk_psa_wrap_sign_ext()
Try to perform verify_ext() using the opaque context when the
key type is MBEDTLS_PK_RSASSA_PSS. This currently leads to a
crash while running the test suite and this will be fixed by
the next commit.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-03-18 16:20:14 +01:00
David Horstmann
4d01066311 Mention metatest.c
Add a note that validation of validation was implemented in metatest.c
and explain briefly what that program is for.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
2024-03-18 15:02:08 +00:00
David Horstmann
872ee6ece0 Mention MBEDTLS_TEST_MEMORY_CAN_POISON
The configuration of memory poisoning is now performed via
compile-time detection setting MBEDTLS_MEMORY_CAN_POISON. Update
the design to take account of this.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
2024-03-18 15:00:08 +00:00
David Horstmann
12b35bf3c2 Discuss test wrappers and updating them
Signed-off-by: David Horstmann <david.horstmann@arm.com>
2024-03-18 14:48:52 +00:00
Dave Rodgman
1fdf9d0a21 Update BRANCHES
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2024-03-18 14:37:24 +00:00
Dave Rodgman
374704255d
Merge pull request #8939 from daverodgman/codestyle-autogen
Codestyle autogen fix
2024-03-18 14:26:59 +00:00
David Horstmann
5ea99af0f2 Add discussion of copying conveience macros
Namely LOCAL_INPUT_DECLARE() and friends

Signed-off-by: David Horstmann <david.horstmann@arm.com>
2024-03-18 14:12:12 +00:00
Paul Elliott
f5f48549e2 Add issues fixed to changelog entry
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2024-03-18 13:52:25 +00:00
David Horstmann
1c3b227065 Abstractify example in design exploration
Since this is just an example, remove specific-sounding references to
mbedtls_psa_core_poison_memory() and replace with more abstract and
generic-sounding memory_poison_hook() and memory_unpoison_hook().

Signed-off-by: David Horstmann <david.horstmann@arm.com>
2024-03-18 13:37:59 +00:00
David Horstmann
3f2dcdd142 Rename mbedtls_psa_core_poison_memory()
The actual functions were called mbedtls_test_memory_poison()
and mbedtls_test_memory_unpoison(). Update the design section to
reflect this.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
2024-03-18 13:32:57 +00:00
David Horstmann
331b2cfb31 Clarify design decision in light of actions
We were successful in adding transparent memory-poisoning testing, so
simplify to the real design decision we made.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
2024-03-18 13:17:25 +00:00
Dave Rodgman
1bd787a3e0 Minor relaxation to auto-gen regex
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2024-03-18 12:32:49 +00:00
Ronald Cron
d2cb7f4268 all.sh: Add TLS 1.2 only component
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-03-18 13:07:00 +01:00
Ronald Cron
46ac0658cf all.sh: Adapt/Fix some components
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-03-18 13:06:59 +01:00
Ronald Cron
a3f385d1a8 all.sh: Disable TLS 1.3 when pre-requisites are not meet
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-03-18 13:06:59 +01:00