mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-01-31 00:32:50 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
29,927 Commits 170 Branches 263 Tags
Commit Graph

29927 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Valerio Setti
ab7ddbc812 test_suite_pk: when ANY_HASH is used then pick any available MD alg in the build 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-03-11 11:34:58 +01:00
Valerio Setti
3433f832fb test_suite_pk: improve PSA alg selection in pk_copy_from_psa_success() 
Use the same hashing algorithm as md_for_test.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-03-11 11:34:58 +01:00
Valerio Setti
039bbbac33 test_suite_pk: destroy original xkey after pk_copy_from_psa() in pk_copy_from_psa_success() 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-03-11 11:34:58 +01:00
Valerio Setti
4114a54403 test_suite_pk: add description for psa_pub_key_from_priv() 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-03-11 11:34:58 +01:00
Valerio Setti
42a58a5249 test_suite_pk: minor fixes for test failures 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-03-11 11:34:58 +01:00
Valerio Setti
e700d8086e rsa: rsa_rsassa_pss_sign() to check MD alg both in parameters and RSA context 
This helps fixing a disparity between the legacy and the USE_PSA
case for rsa_sign_wrap() in pk_wrap.c.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-03-11 11:34:58 +01:00
Valerio Setti
f22eff99a6 test_suite_pk: add new test case for an algorithm only avaible in driver 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-03-11 11:34:58 +01:00
Valerio Setti
a657ae388a pk: pk_copy_from_psa() performs the conversion even if the algorithm doesn't match 
This commit also:
- fixes existing tests and add new ones
- updates documentation.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-03-11 11:34:58 +01:00
Valerio Setti
1015985d8a test_suite_pk: add more test cases for pk_copy_from_psa_success() 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-03-11 11:34:58 +01:00
Valerio Setti
d2ccc2f468 test_suite_pk: various minor fixes 
- removed redundant info from data file (i.e. informations that
  can be extrapolated somehow)
- removed unecessary parameters in functions
- added some extra check on the generated PK contexts
- etc...

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-03-11 11:34:58 +01:00
Valerio Setti
8fb0fe8e12 pk: fixed documentation of mbedtls_pk_copy_from_psa() 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-03-11 11:34:58 +01:00
Valerio Setti
2f08f4cdb8 add changelog 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-03-11 11:34:58 +01:00
Valerio Setti
61a47a46ea test_suite_pk: extend testing in pk_copy_from_psa() 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-03-11 11:34:58 +01:00
Valerio Setti
aeeefef64e pk_wrap: use correct PSA alg in rsa_encrypt_wrap() when USE_PSA 
This bugfix was due in PR #8826, but we didn't catch that.
This commit also add proper testing in test_suite_pk that was not implemented
in #8826.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-03-11 11:34:58 +01:00
Valerio Setti
88e2dac6d6 test_suite_pk: rename PK context variables 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-03-11 11:34:58 +01:00
Valerio Setti
e8fe3e76c4 test_suite_pk: add key pair check in pk_copy_from_psa_success() 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-03-11 11:34:58 +01:00
Valerio Setti
5ac511b45a pk: let psa_export_key() check if the key is exportable or not 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-03-11 11:34:58 +01:00
Valerio Setti
3a815cbd2f all.sh: keep RSA_C enabled in component_full_no_pkparse_pkwrite() 
This is possible because after #8740 RSA_C no longer depends on
PK to parse and write private/public keys.

This commit also solves related issues that arose after this change
in "pk.c" and "test_suite_pk". In particular now we can use
rsa's module functions for parsing and writing keys without need
to rely on pk_parse and pk_write functions.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-03-11 11:34:53 +01:00
Valerio Setti
61532e9a6b test_suite_pk: fix typos 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-03-11 09:48:40 +01:00
Valerio Setti
1346075cfd pk_ecc: fix documentation 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-03-11 09:48:40 +01:00
Valerio Setti
01ba66d56e pk: replace CRYPTO_CLIENT guards with CRYPTO_C 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-03-11 09:48:40 +01:00
Valerio Setti
a41654d5b1 all.sh: add test component based on full config without PK_[PARSE|WRITE]_C 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-03-11 09:48:40 +01:00
Valerio Setti
851f190da7 pk: move ECC setters to a separate file 
- These functions are used both in pkparse.c for key parsing
  as well as pk.c for managing copy_from_psa(). As as consequence
  they should belong to pk.c, but that would make that module
  messier, so that's why a new separate module is added.
- Their guard can be changed from PKPARSE_C to PK_C.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-03-11 09:48:40 +01:00
Valerio Setti
452d2d2ccb test_suite_pk: add some initial testing for mbedtls_pk_copy_from_psa() 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-03-11 09:48:40 +01:00
Valerio Setti
070d95e958 pk: add mbedtls_pk_copy_from_psa() 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-03-11 09:47:27 +01:00
Valerio Setti
3bfad3a8dc pkparse: make EC/RSA setup functions internally available 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-03-11 09:37:33 +01:00
Manuel Pégourié-Gonnard
af3e574f5f
Merge pull request #8862 from valeriosetti/issue8825 
Improve support of mbedtls_psa_get_random in client-only builds
 2024-03-10 20:06:27 +00:00
Ronald Cron
7e1f9f290f
Merge pull request #8854 from ronald-cron-arm/tls13-srv-max-early-data-size 
TLS 1.3: Enforce max_early_data_size on server
 2024-03-09 00:16:07 +00:00
Ronald Cron
e1295fabaf tests: ssl: early data: Fix comments 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-08 17:05:27 +01:00
Janos Follath
080a5171e2
Merge pull request #8861 from ronald-cron-arm/tls13-srv-select-kex 
TLS 1.3: SRV: Improve key exchange mode selection
 2024-03-08 14:58:36 +00:00
Janos Follath
a812e0fe14
Merge pull request #8883 from mfischer/fix_shared_secret 
library: psa_crypto: Explicitly initialize shared_secret
 2024-03-08 14:35:20 +00:00
Ronald Cron
52472104a2 tests: suite: early data: Add comments 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-08 14:51:20 +01:00
Ronald Cron
4facb0a9cd tests: ssl: Improve early data test code 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-08 14:51:20 +01:00
Ronald Cron
1a13e2f43e tests: ssl: Improve test code for very small max_early_data_size 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-08 14:51:20 +01:00
Ronald Cron
db944a7863 ssl_msg.c: Fix log position 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-08 14:50:58 +01:00
Ronald Cron
e14770fc42 ssl-opt.sh: Fix early data test option 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-08 08:57:36 +01:00
Ronald Cron
19521ddc36 tls13: srv: Fix/Improve debug logs 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-08 08:43:41 +01:00
Ronald Cron
7cab4f885b tls13: srv: Fix/Improve comments 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-08 08:43:41 +01:00
Ronald Cron
16cc370423 tls13: srv: Fix initialization value 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-08 08:43:41 +01:00
Ronald Cron
f602f7ba50 tls13: srv: Code improvements 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-08 08:43:41 +01:00
Ronald Cron
3811765c0c tls13: srv: Add/Improve comments 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-08 08:43:41 +01:00
Ronald Cron
74a1629231 tls13: srv: Move PSK ciphersuite selection up 
Move PSK ciphersuite selection up to the main
ClientHello parsing function. That way the
ciphersuite selection only happens in this
function.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-08 08:43:41 +01:00
Ronald Cron
3e47eec431 tls13: srv: Simplify resumption detection 
Avoid marking we resume and then
cancelling it.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-08 08:43:41 +01:00
Ronald Cron
e8c162d7ba tls13: srv: Simplify kex availability checks 
Regarding the possibility of selecting a
key exchange mode, the check of the ticket
flags is now separated from the check of
the ClientHello content and server
configuration.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-08 08:43:41 +01:00
Ronald Cron
79cdd4156f tls13: srv: Improve key exchange mode determination 
For PSK based key exchange modes do not check twice
anymore if they can be selected or not. Check it
only when looping over the offered PSKs to select
one.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-08 08:43:41 +01:00
Ronald Cron
1f63fe4d74 tls13: srv: Fix resume flag in case of cancelled PSK 
If we prefer ephemeral key exchange mode over
the pure PSK one, make sure the resume flag is
disabled as eventually we are not going to
resume a session even if we aimed to at some
point.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-08 08:43:41 +01:00
Ronald Cron
cf284565c5 tls13: srv: Determine best key exchange mode for a PSK 
Determine best key exchange for for ticket based and
external PSKs.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-08 08:43:41 +01:00
Ronald Cron
89089cc69b tls13: srv: Factorize ciphersuite selection code 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-08 08:43:41 +01:00
Ronald Cron
f7e9916b3d tls13: srv: Fix MBEDTLS_SSL_SESSION_TICKETS guard position 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-08 08:43:41 +01:00
Ronald Cron
12e72f1664 tls13: srv: Always parse the pre-shared key extension 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-08 08:43:41 +01:00