mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-03-24 19:43:32 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
29,384 Commits 172 Branches 267 Tags
Commit Graph

10560 Commits

Author SHA1 Message Date
Manuel Pégourié-Gonnard
7bf1e98f44
Merge pull request #8740 from valeriosetti/issue8647 
Move RSA basic key parsing/writing to rsa.c
 2024-02-08 08:35:42 +00:00
Paul Elliott
292b1dc1e1
Merge pull request #8789 from paul-elliott-arm/fix_tsan_gcc 
Stop platform test failures with GCC and TSAN
 2024-02-07 11:32:39 +00:00
Manuel Pégourié-Gonnard
1d7bc1ecdf
Merge pull request #8717 from valeriosetti/issue8030 
PSA FFDH: feature macros for parameters
 2024-02-07 10:06:03 +00:00
Paul Elliott
e053cb2f12 Stop platform test failures with GCC and TSAN 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2024-02-06 18:10:43 +00:00
Gilles Peskine
f45589b492
Merge pull request #8198 from silabs-Kusumit/kdf_incorrect_initial_capacity 
KDF incorrect initial capacity
 2024-02-06 17:29:43 +00:00
Gilles Peskine
137e0c1a02
Merge pull request #8761 from valeriosetti/issue4681 
Re-introduce enum-like checks from CHECK_PARAMS
 2024-02-06 17:29:38 +00:00
Gilles Peskine
fb7001f15b
Merge pull request #8738 from gilles-peskine-arm/pk_import_into_psa-use_usage 
Implement mbedtls_pk_get_psa_attributes
 2024-02-06 17:28:54 +00:00
Manuel Pégourié-Gonnard
5c9cc0b30f
Merge pull request #8727 from ronald-cron-arm/tls13-ignore-early-data-when-rejected 
TLS 1.3: SRV: Ignore early data when rejected
 2024-02-06 13:16:03 +00:00
Ronald Cron
d0a772740e tests: early data: Complete the handshake 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-02-06 11:15:48 +01:00
Gilles Peskine
735ac3ec05 Fix builds with secp224k1 as the only curve 
Normally, if an elliptic curve is enabled in the legacy API then it's also
enabled in the PSA API. In particular, if the legacy API has at least one
curve then that curve also works with PSA. There is an exception with
secp224k1 which PSA does not support. In a build with secp224k1 as the only
legacy curve, MBEDTLS_PK_HAVE_ECC_KEYS is enabled (because you can use the
curve through PK) but PSA does not support any elliptic curve, so we can't
run PK-PSA bridge tests.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-02-06 11:11:32 +01:00
Gilles Peskine
8a85673a39 Merge remote-tracking branch 'development' into pk_import_into_psa-use_usage 2024-02-06 10:14:17 +01:00
Valerio Setti
fe329cea3f rsa: handle buffer length similarly in private and public key parsing 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-02-06 08:00:18 +01:00
Ronald Cron
33327dab85 tests: early data: Switch to mnemonics for test scenarios 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-02-05 18:27:04 +01:00
Manuel Pégourié-Gonnard
32c28cebb4
Merge pull request #8715 from valeriosetti/issue7964 
Remove all internal functions from public headers
 2024-02-05 15:09:15 +00:00
Janos Follath
747bedb0b0
Merge pull request #8733 from ivq/gcm_ad_len_check 
Add back restriction on AD length of GCM
 2024-02-05 13:33:58 +00:00
Valerio Setti
45c33ed41e test_suite_rsa: fix data for "extra integer outside the SEQUENCE" 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-02-05 09:04:10 +01:00
Dave Rodgman
12285c5c7c Add calls to BLOCK_CIPHER_PSA_INIT / BLOCK_CIPHER_PSA_DONE 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2024-02-02 17:52:41 +00:00
Ronald Cron
ae2d81c314 tests: tls13: Run early data test only in TLS 1.3 only config 
Temporary workaround to not run the early data test
in Windows-2013 where there is an issue with
mbedtls_vsnprintf().

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-02-02 17:31:20 +01:00
Jerry Yu
f57d14bed4 Ignore early data app msg before 2nd client hello 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-02-02 17:31:20 +01:00
Ronald Cron
2995d35ac3 tls13: srv: Deprotect and discard early data records 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-02-02 17:31:20 +01:00
Jerry Yu
064dd2b870 Adjust check order 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2024-02-02 17:31:20 +01:00
Valerio Setti
f15e13ead7 test_suite_x509parse: remove useless include of rsa.h 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-02-02 16:44:22 +01:00
Gilles Peskine
d078386287 Smoke tests for mbedtls_pk_get_psa_attributes after parsing 
We'll test more fully by adding a call to mbedtls_pk_import_into_psa() once
that function is implemented.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-02-02 13:22:23 +01:00
Gilles Peskine
cb3b4cae0a Fix handling of ECC public keys under MBEDTLS_PK_USE_PSA_EC_DATA 
The test code to construct test keys and the implementation had matching
errors: both assumed that there was a PSA public key object. Fix this.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-02-02 13:22:23 +01:00
Valerio Setti
684d78fcfa test_suite_rsa: improve key parsing tests for extra data 
2 scenarios are taken into account:
- syntactically valid extra data inside the SEQUENCE
- extra data outside the SEQUENCE
A single integer is used as extra data in both cases.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-02-02 12:30:16 +01:00
Valerio Setti
c701cb2835 test_suite_rsa: improve rsa_key_write_incremental() 
Output buffer is tested from being 1 single byte up to twice
what it is strictly required to contain the output data.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-02-02 11:10:04 +01:00
Valerio Setti
5922cb9309 pkparse: keep legacy PK error codes when RSA key parsing fails 
This helps in reverting the changes to test_suite_x509parse.data
when the RSA key parsing fails.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-02-02 09:21:25 +01:00
Gilles Peskine
591e83d139 Add missing implied usage 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-02-01 21:33:44 +01:00
Gilles Peskine
a1a7b08057 Fix typo in dependency 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-02-01 21:32:29 +01:00
Gilles Peskine
793920c1ff mbedtls_pk_get_psa_attributes: opaque: require specified usage 
In the MBEDTLS_PK_OPAQUE, have mbedtls_pk_get_psa_attributes() require the
specified usage to be enabled for the specified key. Otherwise the following
call to mbedtls_pk_import_into_psa() is unlikely to result in a key with a
useful policy, so the call to mbedtls_pk_get_psa_attributes() was probably
an error.

Adjust the existing test cases accordingly and add a few negative test
cases.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-02-01 21:31:27 +01:00
Gilles Peskine
e45d51f7b5 Clearer variable names 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-02-01 20:53:11 +01:00
Gilles Peskine
e2a77f21ea Use PSA_INIT with test that requires PSA 
USE_PSA_INIT is for test code that doesn't use PSA functions when
USE_PSA_CRYPTO is disabled.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-02-01 20:53:04 +01:00
Gilles Peskine
2e54854d16 Copypasta 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-02-01 20:53:04 +01:00
Gilles Peskine
ae2668be97 Don't use mbedtls_pk_ec in our own code 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-02-01 20:53:04 +01:00
Gilles Peskine
7e353ba37a Create auxiliary function for repeated code 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-02-01 20:46:19 +01:00
Gilles Peskine
19411635a5 Test enrollment algorithm for the non-OPAQUE case 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-02-01 20:42:28 +01:00
Ronald Cron
38dbab9f8d tests: ssl: Adjust early data test 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-02-01 20:10:41 +01:00
Ronald Cron
78a38f607c tls13: srv: Do not use early_data_status 
Due to the scope reduction for
mbedtls_ssl_read_early_data(), on
server as early data state variable
we now only need a flag in the
handshake context indicating if
the server has accepted early data
or not.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-02-01 20:10:35 +01:00
Valerio Setti
56cfe2fab6 test_suite_rsa: improve rsa_parse_write_pkcs1_key() and rsa_key_write_incremental() 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-02-01 17:53:26 +01:00
Valerio Setti
201e643509 rsa: simplify mbedtls_rsa_parse_pubkey() input parameters 
In this way mbedtls_rsa_parse_pubkey() and mbedtls_rsa_parse_key()
input parameter list is the same.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-02-01 17:19:37 +01:00
Valerio Setti
135ebde273 rsa: rename parse/write functions in order to follow the standard format 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-02-01 17:00:29 +01:00
Jerry Yu
579bd4d46b Update early data test 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-02-01 16:40:47 +01:00
Jerry Yu
192e0f9b1d ssl_server2: Add read early data support 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-02-01 16:40:47 +01:00
Dave Rodgman
ba8e9addd9 Fix test dependencies 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2024-02-01 13:54:46 +00:00
Ronald Cron
11cc41265b
Merge pull request #8711 from ronald-cron-arm/tls13-ticket-and-early-data-unit-test 
Add TLS 1.3 ticket and early data unit tests
 2024-02-01 13:15:55 +00:00
Dave Rodgman
6823247376 Fix compile warning in tests 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2024-01-31 15:59:06 +00:00
Ronald Cron
eb84534ee3 Use TEST_EQUAL instead of TEST_ASSERT where possible 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-01-31 15:23:38 +01:00
Ronald Cron
5de9c6f295 Fix and add comments in ticket and early data test function 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-01-31 15:23:33 +01:00
Ronald Cron
095a3a5a29 Fix PSA init and done macros in TLS unit tests 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-01-31 15:02:09 +01:00
Ronald Cron
faf026c67c Explain purpose of test specific write/parse ticket functions 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-01-31 14:32:11 +01:00