mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-02-21 06:40:50 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
30,747 Commits 172 Branches 263 Tags
Commit Graph

6409 Commits

Author SHA1 Message Date
Gilles Peskine
d6a710a397 Fix copypasta 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-03-12 15:06:47 +01:00
Gilles Peskine
0dc79a754d Fix and test pk_copy_from_psa with an unsupported algorithm 
Fix mbedtls_pk_copy_from_psa() and mbedtls_pk_copy_public_from_psa() to
still work when the algorithm in the key policy is not an RSA
algorithm (typically PSA_ALG_NONE). Add a dedicated test case and adjust the
test code. Fixes the test case "Copy from PSA: non-exportable -> public, RSA"
when MBEDTLS_PKCS1_V15 is disabled.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-03-12 15:06:47 +01:00
Gilles Peskine
17d5b6bda2 Test mbedtls_pk_copy_public_from_psa on non-exportable keys 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-03-12 15:06:47 +01:00
Gilles Peskine
bf69f2e682 New function mbedtls_pk_copy_public_from_psa 
Document and implement mbedtls_pk_copy_public_from_psa() to export the
public key of a PSA key into PK.

Unit-test it alongside mbedtls_pk_copy_from_psa().

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-03-12 15:06:45 +01:00
Manuel Pégourié-Gonnard
d7e7f48323
Merge pull request #8774 from valeriosetti/issue8709 
Implement mbedtls_pk_copy_from_psa
 2024-03-12 13:45:27 +00:00
Ronald Cron
ec4ed8eae4
Merge pull request #8857 from ronald-cron-arm/tls13-cli-max-early-data-size 
TLS 1.3: Enforce max_early_data_size on client
 2024-03-12 13:31:20 +00:00
Valerio Setti
6fbde6e242 test_suite_pk: revert erroneous missing initialization of PSA key IDs 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-03-12 11:00:39 +01:00
Valerio Setti
8b3c6fffa7 test_suite_pk: add comment for pk_copy_from_psa_builtin_fail 
Explain why this kind of test is possible for RSA keys, while
it is not possible for EC ones.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-03-12 06:05:03 +01:00
David Horstmann
63dfb45e5e
Merge pull request #1181 from tom-daubney-arm/key_agreement_buffer_protection 
Implement safe buffer copying in key agreement
 2024-03-11 15:10:49 +00:00
Janos Follath
43edc75e31
Merge pull request #8882 from Ryan-Everett-arm/threading-key-tests 
Test multi-threaded key generation
 2024-03-11 15:07:48 +00:00
Dave Rodgman
9cc01ccbf8
Merge pull request #8831 from yanesca/switch_to_new_exp 
Use mpi_core_exp_mod in bignum
 2024-03-11 13:40:46 +00:00
Valerio Setti
e095a67bb2 pk: improve mbedtls_pk_copy_from_psa() 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-03-11 11:34:58 +01:00
Valerio Setti
6f5f9f5ce8 test_suite_pk: fix some comments 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-03-11 11:34:58 +01:00
Valerio Setti
ab7ddbc812 test_suite_pk: when ANY_HASH is used then pick any available MD alg in the build 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-03-11 11:34:58 +01:00
Valerio Setti
3433f832fb test_suite_pk: improve PSA alg selection in pk_copy_from_psa_success() 
Use the same hashing algorithm as md_for_test.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-03-11 11:34:58 +01:00
Valerio Setti
039bbbac33 test_suite_pk: destroy original xkey after pk_copy_from_psa() in pk_copy_from_psa_success() 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-03-11 11:34:58 +01:00
Valerio Setti
4114a54403 test_suite_pk: add description for psa_pub_key_from_priv() 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-03-11 11:34:58 +01:00
Valerio Setti
42a58a5249 test_suite_pk: minor fixes for test failures 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-03-11 11:34:58 +01:00
Valerio Setti
e700d8086e rsa: rsa_rsassa_pss_sign() to check MD alg both in parameters and RSA context 
This helps fixing a disparity between the legacy and the USE_PSA
case for rsa_sign_wrap() in pk_wrap.c.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-03-11 11:34:58 +01:00
Valerio Setti
f22eff99a6 test_suite_pk: add new test case for an algorithm only avaible in driver 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-03-11 11:34:58 +01:00
Valerio Setti
a657ae388a pk: pk_copy_from_psa() performs the conversion even if the algorithm doesn't match 
This commit also:
- fixes existing tests and add new ones
- updates documentation.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-03-11 11:34:58 +01:00
Valerio Setti
1015985d8a test_suite_pk: add more test cases for pk_copy_from_psa_success() 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-03-11 11:34:58 +01:00
Valerio Setti
d2ccc2f468 test_suite_pk: various minor fixes 
- removed redundant info from data file (i.e. informations that
  can be extrapolated somehow)
- removed unecessary parameters in functions
- added some extra check on the generated PK contexts
- etc...

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-03-11 11:34:58 +01:00
Valerio Setti
61a47a46ea test_suite_pk: extend testing in pk_copy_from_psa() 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-03-11 11:34:58 +01:00
Valerio Setti
aeeefef64e pk_wrap: use correct PSA alg in rsa_encrypt_wrap() when USE_PSA 
This bugfix was due in PR #8826, but we didn't catch that.
This commit also add proper testing in test_suite_pk that was not implemented
in #8826.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-03-11 11:34:58 +01:00
Valerio Setti
88e2dac6d6 test_suite_pk: rename PK context variables 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-03-11 11:34:58 +01:00
Valerio Setti
e8fe3e76c4 test_suite_pk: add key pair check in pk_copy_from_psa_success() 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-03-11 11:34:58 +01:00
Valerio Setti
3a815cbd2f all.sh: keep RSA_C enabled in component_full_no_pkparse_pkwrite() 
This is possible because after #8740 RSA_C no longer depends on
PK to parse and write private/public keys.

This commit also solves related issues that arose after this change
in "pk.c" and "test_suite_pk". In particular now we can use
rsa's module functions for parsing and writing keys without need
to rely on pk_parse and pk_write functions.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-03-11 11:34:53 +01:00
Minos Galanakis
f9a6893b55 Changelog: Added entry for ssl_session accessors. 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2024-03-11 10:09:44 +00:00
Valerio Setti
61532e9a6b test_suite_pk: fix typos 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-03-11 09:48:40 +01:00
Valerio Setti
01ba66d56e pk: replace CRYPTO_CLIENT guards with CRYPTO_C 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-03-11 09:48:40 +01:00
Valerio Setti
452d2d2ccb test_suite_pk: add some initial testing for mbedtls_pk_copy_from_psa() 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-03-11 09:48:40 +01:00
Ronald Cron
61fd13c6a5 Merge remote-tracking branch 'mbedtls/development' into tls13-cli-max-early-data-size 2024-03-10 18:09:47 +01:00
Ronald Cron
7e1f9f290f
Merge pull request #8854 from ronald-cron-arm/tls13-srv-max-early-data-size 
TLS 1.3: Enforce max_early_data_size on server
 2024-03-09 00:16:07 +00:00
Ronald Cron
e1295fabaf tests: ssl: early data: Fix comments 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-08 17:05:27 +01:00
Ronald Cron
52472104a2 tests: suite: early data: Add comments 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-08 14:51:20 +01:00
Ronald Cron
4facb0a9cd tests: ssl: Improve early data test code 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-08 14:51:20 +01:00
Ronald Cron
1a13e2f43e tests: ssl: Improve test code for very small max_early_data_size 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-08 14:51:20 +01:00
Ronald Cron
139a4185b1
Merge pull request #8587 from yanrayw/issue/4911/ssl_setup-check-RNG-configuration 
TLS: check RNG when calling mbedtls_ssl_setup()
 2024-03-08 07:38:39 +00:00
tom-daubney-arm
d4c57c0ad2
Merge branch 'development-restricted' into key_agreement_buffer_protection 
Signed-off-by: tom-daubney-arm <74920390+tom-daubney-arm@users.noreply.github.com>
 2024-03-06 16:47:13 +00:00
Ryan
2066d0451f Add test cases for concurrently_generate_keys 
For every generate_key test there is now a concurrently_generate_keys test.
8 threads per test, and 5 repetitions.

Signed-off-by: Ryan Everett <ryan.everett@arm.com>
 2024-03-06 16:46:00 +00:00
Ryan
3a1b786d5d Add a concurrent key generation test function 
Split into n threads, each thread will repeatedly generate,
exercise and destroy a key.
Then join the threads, and ensure using PSA_DONE that no keys still exist.

Signed-off-by: Ryan Everett <ryan.everett@arm.com>
 2024-03-06 16:45:36 +00:00
Thomas Daubney
a4866945b8 Fix issue with large allocation in tests 
In test_suite_psa_crypto_op_fail.generated.function
the function key_agreement_fail was setting the
public_key_length variable to SIZE_MAX which meant that
a huge allocation was being attempted.

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
 2024-03-06 16:32:25 +00:00
Minos Galanakis
411cb6c30f test_suite_ssl: Added ssl_session_id_accessors_check. 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2024-03-06 13:52:03 +00:00
David Horstmann
a5175634b0
Merge branch 'development-restricted' into copying-pake 
Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2024-03-06 11:18:28 +00:00
Gilles Peskine
71cc260563
Merge pull request #8728 from minosgalanakis/features/add_mbedtls_x509_crt_get_ca_istrue_accesor_6151 
[MBEDTLS_PRIVATE] Add mbedtls_x509_crt_get_ca_istrue() accesor
 2024-03-05 18:04:06 +00:00
Dave Rodgman
3c4166aef3
Merge pull request #8863 from minosgalanakis/feature/add_ecdh_context_5016 
[MBEDTLS_PRIVATE] Add a getter for the ECDH context->grp.id member.
 2024-03-05 16:58:13 +00:00
Minos Galanakis
581e63637a test_suite_x509parse: Added test-case for legacy certificate 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2024-03-05 14:39:23 +00:00
Gilles Peskine
8462146d01
Merge pull request #8867 from gilles-peskine-arm/psa_key_attributes-remove_core 
Merge psa_core_key_attributes_t back into psa_key_attributes_t
 2024-03-05 09:59:24 +00:00
Gilles Peskine
fad79fcdd9 Merge remote-tracking branch 'development' into ecp-write-ext-3.6 
Conflicts:
* library/pk.c: mbedtls_pk_wrap_as_opaque() changed in the feature branch
  and was removed in the target branch.
 2024-03-04 08:52:08 +01:00