mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-02-14 18:40:50 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
30,624 Commits 170 Branches 263 Tags
Commit Graph

11137 Commits

Author SHA1 Message Date
Ryan Everett
7763550884 Add key_destroyable parameter to exercise_mac_key 
If the key has been destroyed (and the new parameter is 1) then we test that
psa_mac_abort succeeds in this scenario.

Signed-off-by: Ryan Everett <ryan.everett@arm.com>
 2024-03-12 17:01:09 +00:00
Ryan Everett
f08a93fbe5 Add key_destroyable parameter to check_key_attributes_sanity 
This function is currently only used in the exercise_key smoke test.

Signed-off-by: Ryan Everett <ryan.everett@arm.com>
 2024-03-12 17:01:09 +00:00
Ryan Everett
0a271fde76 Add key_destroyable parameter to mbedtls_test_psa_exercise_key 
This will allow us to use this smoke test to ensure that key slot content reads are
only performed when we are registered to read a full slot. We will destroy the key
on another thread while the key is being exercised, and fail the test if an unexpected
error code is hit. Future commits will incrementally implement this new parameter.

All current usages of this function have this parameter set to 0, in which case
the new behaviour must be the same as the old behaviour

Signed-off-by: Ryan Everett <ryan.everett@arm.com>
 2024-03-12 17:01:09 +00:00
Ronald Cron
840de7ff2f tls13: cli: Rename STATUS_NOT_SENT to STATUS_NOT_INDICATED 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-12 17:48:18 +01:00
Ronald Cron
3641df2980 tls13: cli: Rename STATE_SENT to STATE_IND_SENT 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-12 17:48:18 +01:00
Ronald Cron
3c5a68339b tls13: cli: Rename STATE_NOT_SENT to STATE_NO_IND_SENT 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-12 17:48:18 +01:00
Ronald Cron
0c80dc1ed5 tls13: cli: Rename STATUS_NOT_SENT to STATUS_NO_IND_SENT 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-12 17:48:18 +01:00
Ronald Cron
05d7cfbd9c tls13: cli: Rename STATE_UNKNOWN to STATE_IDLE 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-12 17:48:18 +01:00
Ronald Cron
d2884662c1 tls13: cli: Split early data user status and internal state 
Do not use the return values of
mbedtls_ssl_get_early_data_status()
(MBEDTLS_SSL_EARLY_DATA_STATUS_ macros)
for the state of the negotiation and
transfer of early data during the
handshake.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-12 17:48:15 +01:00
Ronald Cron
10797e3da1 ssl-opt.sh: Add O->m server version selection tests 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-12 17:16:05 +01:00
Ronald Cron
114c5f0321 ssl-opt.sh: Expand MbedTLS only version negotiation tests 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-12 16:46:37 +01:00
Ronald Cron
dcfd00c128 ssl-opt.sh: Change MbedTLS only version negotiation tests 
Change description and dependencies before to
expand MbedTLS only version negotiation tests.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-12 16:46:37 +01:00
Ronald Cron
fe18d8db76 ssl-opt.sh: Group MbedTLS only version negotiation tests 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-12 16:46:37 +01:00
Ronald Cron
a1e7b6a66a ssl-opt.sh: Group cli ver nego tests against GnuTLS and OpenSSL 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-12 16:46:37 +01:00
Ronald Cron
dfad493e8b ssl-opt.sh: Expand G->m server version selection tests 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-12 16:46:35 +01:00
Ronald Cron
98bdcc4f29 ssl-opt.sh: Change G->m server version selection tests 
Change description and dependencies before
to expand G->m server version selection tests.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-12 16:45:27 +01:00
Ronald Cron
cd1370e8d8 ssl-opt.sh: Group G->m server version selection checks 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-12 16:44:37 +01:00
David Horstmann
93fa4e1b87 Merge branch 'development' into buffer-sharing-merge 2024-03-12 15:05:06 +00:00
Gilles Peskine
d6a710a397 Fix copypasta 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-03-12 15:06:47 +01:00
Gilles Peskine
0dc79a754d Fix and test pk_copy_from_psa with an unsupported algorithm 
Fix mbedtls_pk_copy_from_psa() and mbedtls_pk_copy_public_from_psa() to
still work when the algorithm in the key policy is not an RSA
algorithm (typically PSA_ALG_NONE). Add a dedicated test case and adjust the
test code. Fixes the test case "Copy from PSA: non-exportable -> public, RSA"
when MBEDTLS_PKCS1_V15 is disabled.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-03-12 15:06:47 +01:00
Gilles Peskine
17d5b6bda2 Test mbedtls_pk_copy_public_from_psa on non-exportable keys 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-03-12 15:06:47 +01:00
Gilles Peskine
bf69f2e682 New function mbedtls_pk_copy_public_from_psa 
Document and implement mbedtls_pk_copy_public_from_psa() to export the
public key of a PSA key into PK.

Unit-test it alongside mbedtls_pk_copy_from_psa().

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-03-12 15:06:45 +01:00
Manuel Pégourié-Gonnard
d7e7f48323
Merge pull request #8774 from valeriosetti/issue8709 
Implement mbedtls_pk_copy_from_psa
 2024-03-12 13:45:27 +00:00
Dave Rodgman
235799bc23 Simplify locating original tool 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2024-03-12 13:33:09 +00:00
Dave Rodgman
294a3c2ccb Remove unnecessary use of export 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2024-03-12 13:32:36 +00:00
Ronald Cron
ec4ed8eae4
Merge pull request #8857 from ronald-cron-arm/tls13-cli-max-early-data-size 
TLS 1.3: Enforce max_early_data_size on client
 2024-03-12 13:31:20 +00:00
Dave Rodgman
a7f3c4e1d0
Merge pull request #8822 from daverodgman/sha3-perf 
SHA-3 performance & code size
 2024-03-12 13:14:40 +00:00
Valerio Setti
6fbde6e242 test_suite_pk: revert erroneous missing initialization of PSA key IDs 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-03-12 11:00:39 +01:00
Valerio Setti
8b3c6fffa7 test_suite_pk: add comment for pk_copy_from_psa_builtin_fail 
Explain why this kind of test is possible for RSA keys, while
it is not possible for EC ones.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-03-12 06:05:03 +01:00
David Horstmann
5ba3f5f7a5 Flip logic of generate_psa_wrappers.py 
Change from a long list of PSA functions to a list of excluded
false-positives.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2024-03-11 15:57:43 +00:00
David Horstmann
5d64c6acca Generate memory poisoning in wrappers 
Generate memory poisoning code in test wrappers for:
* psa_sign_hash_start()
* psa_sign_hash_complete()
* psa_verify_hash_start()

Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2024-03-11 15:56:13 +00:00
David Horstmann
63dfb45e5e
Merge pull request #1181 from tom-daubney-arm/key_agreement_buffer_protection 
Implement safe buffer copying in key agreement
 2024-03-11 15:10:49 +00:00
Janos Follath
43edc75e31
Merge pull request #8882 from Ryan-Everett-arm/threading-key-tests 
Test multi-threaded key generation
 2024-03-11 15:07:48 +00:00
Dave Rodgman
9cc01ccbf8
Merge pull request #8831 from yanesca/switch_to_new_exp 
Use mpi_core_exp_mod in bignum
 2024-03-11 13:40:46 +00:00
Valerio Setti
e095a67bb2 pk: improve mbedtls_pk_copy_from_psa() 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-03-11 11:34:58 +01:00
Valerio Setti
6f5f9f5ce8 test_suite_pk: fix some comments 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-03-11 11:34:58 +01:00
Valerio Setti
ab7ddbc812 test_suite_pk: when ANY_HASH is used then pick any available MD alg in the build 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-03-11 11:34:58 +01:00
Valerio Setti
3433f832fb test_suite_pk: improve PSA alg selection in pk_copy_from_psa_success() 
Use the same hashing algorithm as md_for_test.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-03-11 11:34:58 +01:00
Valerio Setti
039bbbac33 test_suite_pk: destroy original xkey after pk_copy_from_psa() in pk_copy_from_psa_success() 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-03-11 11:34:58 +01:00
Valerio Setti
4114a54403 test_suite_pk: add description for psa_pub_key_from_priv() 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-03-11 11:34:58 +01:00
Valerio Setti
42a58a5249 test_suite_pk: minor fixes for test failures 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-03-11 11:34:58 +01:00
Valerio Setti
e700d8086e rsa: rsa_rsassa_pss_sign() to check MD alg both in parameters and RSA context 
This helps fixing a disparity between the legacy and the USE_PSA
case for rsa_sign_wrap() in pk_wrap.c.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-03-11 11:34:58 +01:00
Valerio Setti
f22eff99a6 test_suite_pk: add new test case for an algorithm only avaible in driver 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-03-11 11:34:58 +01:00
Valerio Setti
a657ae388a pk: pk_copy_from_psa() performs the conversion even if the algorithm doesn't match 
This commit also:
- fixes existing tests and add new ones
- updates documentation.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-03-11 11:34:58 +01:00
Valerio Setti
1015985d8a test_suite_pk: add more test cases for pk_copy_from_psa_success() 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-03-11 11:34:58 +01:00
Valerio Setti
d2ccc2f468 test_suite_pk: various minor fixes 
- removed redundant info from data file (i.e. informations that
  can be extrapolated somehow)
- removed unecessary parameters in functions
- added some extra check on the generated PK contexts
- etc...

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-03-11 11:34:58 +01:00
Valerio Setti
61a47a46ea test_suite_pk: extend testing in pk_copy_from_psa() 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-03-11 11:34:58 +01:00
Valerio Setti
aeeefef64e pk_wrap: use correct PSA alg in rsa_encrypt_wrap() when USE_PSA 
This bugfix was due in PR #8826, but we didn't catch that.
This commit also add proper testing in test_suite_pk that was not implemented
in #8826.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-03-11 11:34:58 +01:00
Valerio Setti
88e2dac6d6 test_suite_pk: rename PK context variables 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-03-11 11:34:58 +01:00
Valerio Setti
e8fe3e76c4 test_suite_pk: add key pair check in pk_copy_from_psa_success() 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-03-11 11:34:58 +01:00