AuroraMiddleware/mbedtls
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
19,339 Commits 1 Branch 0 Tags 61 MiB
83e60eef4d
Commit Graph

19339 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Andrzej Kurek
83e60eef4d tests: fix bitflip comment 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-04-14 08:51:41 -04:00
Andrzej Kurek
57f58b0e65 Prefer TEST_EQUAL over TEST_ASSERT in test suites 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-04-08 16:51:03 -04:00
Gilles Peskine
b4f874d1da raw_key_agreement_fail: Add a nominal run 
Ensure that the nominal run works properly, so that it's apparent that the
injected failure is responsible for the failure of the handshake.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-04-08 16:50:38 -04:00
Gilles Peskine
6cbc9986fb Remove redundant empty slot count check 
USE_PSA_DONE() already checks that there are no used key slots.

The call to TEST_ASSERT() wouldn't have worked properly on failure anyway,
since it would jump back to the exit label.

Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-04-08 16:47:19 -04:00
Andrzej Kurek
28f883eba5 Remove RSA & DTLS dependency in raw key agreement test 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-04-08 16:46:57 -04:00
Andrzej Kurek
cb33bc5d0b Change the bit to flip to guarantee failure 
For weistrass curves the pair is encoded as 0x04 || x || y.
Flipping one of the bits in the first byte should be a sure failure.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-04-06 11:26:39 -04:00
Andrzej Kurek
39d88d4918 Change the number of expected free key slots 
TLS code now uses PSA to generate an ECDH private key.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-04-06 11:26:39 -04:00
Andrzej Kurek
41b7e66e61 Tests: add missing requirements for the raw key agreement test 
SECP384R1 is needed for the default loaded
certificate.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-04-06 11:26:39 -04:00
Andrzej Kurek
cc28e9a252 Tests: add missing group termination 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-04-06 11:26:39 -04:00
Andrzej Kurek
65ded569e0 Update raw key agreement test dependencies 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-04-06 11:26:39 -04:00
Andrzej Kurek
b3427823bd Test failing raw_key_agreement in ssl mock tests 
Force a bitflip in server key to make the raw key
agreement fail, and then verify that no key slots
are left open at the end. Use a Weierstrass curve
to have a high chance of failure upon encountering
such bitflip.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-04-06 11:24:17 -04:00
Andrzej Kurek
74394a5c39 Add a group_list argument to mocked ssl tests 
This will be used to force a group list in certain tests
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-04-06 11:23:34 -04:00
Gilles Peskine
1c7c5969ea
Merge pull request #5683 from paul-elliott-arm/fix_pk_test 
Prevent free of uninitialised MPI  variables
 2022-04-04 17:51:49 +02:00
Gilles Peskine
c82f62e3a5
Merge pull request #4907 from gilles-peskine-arm/config-baremetal-size-3.0 
Disable debugging features in the primary code size measurement job
 2022-04-04 16:12:58 +02:00
Manuel Pégourié-Gonnard
de68e39ddf
Merge pull request #5568 from superna9999/5159-pk-rsa-verification 
PK: RSA verification
 2022-04-04 11:23:33 +02:00
Ronald Cron
0e980e8e84
Merge pull request #5640 from ronald-cron-arm/version-negotiation-2 
TLS 1.2/1.3 version negotiation - 2
 2022-04-01 12:29:06 +02:00
Manuel Pégourié-Gonnard
33a9d61885
Merge pull request #5638 from paul-elliott-arm/ssl_cid_accessors 
Accessors to own CID within mbedtls_ssl_context
 2022-04-01 11:36:00 +02:00
Manuel Pégourié-Gonnard
6a25159c69
Merge pull request #5648 from gabor-mezei-arm/5403_hkdf_use_internal_psa_implementations 
HKDF 2: use internal implementations in TLS 1.3
 2022-04-01 11:15:29 +02:00
Dave Rodgman
d7bdedc9f6
Merge pull request #5681 from daverodgman/migration 
Update references to old Github organisation
 2022-04-01 09:51:29 +01:00
Manuel Pégourié-Gonnard
451114fe42
Merge pull request #5647 from superna9999/5179-follow-up-tls-record-hmac-no-mdinfo 
Remove md_info in ssl_tls12_populate_transform() when USE_PSA_CRYPTO is defined
 2022-04-01 10:04:56 +02:00
Paul Elliott
02758a51df Add tls CID tests 
Add tests to test tls coneection id functionality, including the new
'own cid' accessor.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2022-03-31 19:21:41 +01:00
Paul Elliott
0113cf1022 Add accessor for own cid to ssl context 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2022-03-31 19:21:41 +01:00
Ronald Cron
cbd7bfd30e ssl-opt.sh: Force TLS 1.2 on server for TLS 1.2 specific tests 
Force TLS 1.2 on OpenSSL/GnuTLS server
for TLS 1.2 specific tests.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-03-31 18:25:27 +02:00
Ronald Cron
634d865d80 ssl-opt.sh: Fix "no TLS 1.3 server support" test check 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-03-31 18:25:27 +02:00
Ronald Cron
11218dda96 ssl_client.c: Fix unused parameter 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-03-31 18:25:27 +02:00
Ronald Cron
bdb4f58cea Add and update documentation of some minor version fields 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-03-31 18:24:59 +02:00
Paul Elliott
ff59a34606 Prevent free of uninitialised variables 
In an error case it was possible for mbedtls_mpi variables to be free'd
uninitialised.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2022-03-31 17:14:13 +01:00
Ronald Cron
82c785fac3 Make handshake::min_minor_ver client only 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-03-31 15:44:41 +02:00
Dave Rodgman
017a19997a Update references to old Github organisation 
Replace references to ARMmbed organisation with the new
org, Mbed-TLS, following project migration.

Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2022-03-31 14:43:16 +01:00
Ronald Cron
6476726ce4 Fix comments 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-03-31 14:13:57 +02:00
Ronald Cron
a980adf4ce
Merge pull request #5637 from ronald-cron-arm/version-negotiation-1 
TLS 1.2/1.3 version negotiation - 1
 2022-03-31 11:47:16 +02:00
Ronald Cron
ba120bb228 ssl_tls13_client.c: Fix ciphersuite final validation 
As we may offer ciphersuites not compatible with
TLS 1.3 in the ClientHello check that the selected
one is compatible with TLS 1.3.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-03-31 09:35:33 +02:00
Ronald Cron
8fdad9e534 ssl_tls12_client.c: Remove duplicate of ciphersuite validation 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-03-31 09:35:33 +02:00
Ronald Cron
757a2abfe2 ssl_client.c: Extend and export ciphersuite validation function 
Extend and export ciphersuite validation function
to be able to use it in TLS 1.2/3 specific code.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-03-31 09:35:33 +02:00
Ronald Cron
f735cf1f0f ssl_tls.c: Fix ciphersuite selection regarding protocol version 
Use the actual minimum and maximum of the minor
version to be negotiated to filter ciphersuites
to propose rather than the ones from the
configuration.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-03-31 09:35:33 +02:00
Ronald Cron
9847338429 ssl_tls13_client.c: Add check in supported_versions parsing 
Add check in ServerHello supported_versions parsing
that the length of the extension data is exactly
two.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-03-31 09:33:41 +02:00
Ronald Cron
1fa4f6863b ssl_tls.c: Return in error if default config fails 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-03-31 09:27:35 +02:00
Ronald Cron
a77fc2756e ssl_tls13_client.c: versions ext writing : Fix available space check 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-03-31 09:27:35 +02:00
Ronald Cron
37bdaab64f tls: Simplify the logic of the config version check and test it 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-03-31 09:26:58 +02:00
Ronald Cron
3cffc5ccb1 tls: Remove unnecessary checks of MBEDTLS_CIPHERSUITE_NODTLS 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-03-30 21:59:44 +02:00
Ronald Cron
150d579d7a ssl_client.c: Improve coding style 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-03-30 21:58:50 +02:00
Neil Armstrong
e451295179 Remove md_info in ssl_tls12_populate_transform() when USE_PSA_CRYPTO is defined 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-03-30 16:41:12 +02:00
Neil Armstrong
253e9e7e6d Use mbedtls_rsa_info directly in rsa_verify_wrap() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-03-30 16:39:07 +02:00
Neil Armstrong
ea54dbe7c2 Fix comment typo in rsa_verify_wrap() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-03-30 16:39:07 +02:00
Neil Armstrong
19e6bc4c9f Use new PSA to mbedtls PK error mapping functions in rsa_verify_wrap() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-03-30 16:39:07 +02:00
Neil Armstrong
8a44bb47ac Handle INVALID_SIGNATURE instead of INVALID_PADDING in rsa_verify_wrap() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-03-30 16:39:07 +02:00
Neil Armstrong
82cf804e34 Fix 80 characters indentation in rsa_verify_wrap() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-03-30 16:39:07 +02:00
Neil Armstrong
6baea78072 Use now shared RSA_PUB_DER_MAX_BYTES define in pk_wrap.c 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-03-30 16:39:07 +02:00
Neil Armstrong
a33280af6c Check psa_destroy_key() return in rsa_verify_wrap() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-03-30 16:39:07 +02:00
Neil Armstrong
059a80c212 Map INVALID_PADDING from PSA to MbedTLS error in rsa_verify_wrap() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-03-30 16:39:07 +02:00