The SSL test programs can now use the PSA RNG, and the PSA RNG can use
an external RNG. The build conditions hadn't been updated and didn't
cover the case when MBEDTLS_TEST_USE_PSA_CRYPTO_RNG is enabled but
MBEDTLS_USE_PSA_CRYPTO is disabled. Fix this.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Move the call to destroy the PSK to before freeing the SSL session
data and calling rng_free(), which deinitializes the PSA subsystem.
This particular ordering was chosen to make the ssl_client2 more
similar to ssl_server2. This fixes the client failing on the
psa_destroy_key() call in `ssl-opt.sh -f 'opaque psk on client'`.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
The SSL test programs can now use mbedtls_psa_get_random() rather than
entropy+DRBG as a random generator. This happens if
the configuration option MBEDTLS_USE_PSA_CRYPTO is enabled, or if
MBEDTLS_TEST_USE_PSA_CRYPTO_RNG is set at build time.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
This brings them in line with PSA Crypto API 1.0.0
PSA_ALG_AEAD_WITH_DEFAULT_TAG_LENGTH -> PSA_ALG_AEAD_WITH_DEFAULT_LENGTH_TAG
PSA_ALG_AEAD_WITH_TAG_LENGTH -> PSA_ALG_AEAD_WITH_SHORTENED_TAG
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
With MBEDTLS_USE_PSA_CRYPTO, some of the randomness for the TLS
connection is generated inside the PSA crypto subsystem, which has no
reproducible mode. Whether there is a nonzero amount of randomness
coming from inside the PSA subsystem rather than from the random
generator set by mbedtls_ssl_conf_rng() depends on the choice of
cipher suite and other connection parameters as well as the level of
support for MBEDTLS_USE_PSA_CRYPTO. Rather than give unreliable
results, conservatively abort with a clear error message.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Move the declaration of the functions needed to use the test
implementation of mbedtls_psa_external_get_random() to a new header
file. Before, they were declared in
tests/include/test/psa_crypto_helpers.h, but this header file can't be
included in sample programs because it also includes headers from the
library directory which is not on the include path for sample
programs.
This fixes the build of the sample programs when
MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG and MBEDTLS_USE_PSA_CRYPTO are
enabled.
Move the implementation of the functions to a separate .c file as
well. This isn't strictly necessary, but makes the structure of the
source code easier to understand.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Currently, MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG is tested with a dummy
insecure implementation of mbedtls_psa_external_get_random. This
function needs to be explicitly enabled at runtime. This needs to
happen when the PSA external RNG is used, which currently is the case
in SSL test programs only when MBEDTLS_USE_PSA_CRYPTO is enabled.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Support HMAC_DRBG in ssl_client2 and ssl_server2, in addition to
CTR_DRBG. CTR_DRBG is still used if present, but it's now possible to
run the SSL test programs with CTR_DRBG disabled.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
In ssl_client2 and ssl_server2, to generate random data, go through a
level of indirection provided by ssl_test_lib. This way the programs
don't depend on a particular choice of RNG implementation, and only
ssl_test_lib.{h,c} explicitly reference CTR_DRBG.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
This commit is deliberately arranged to minimize code changes.
Subsequent commits will clean up the resulting code.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
In preparation for unifying the common RNG-related code of ssl_client2
and ssl_server2, make it possible to copy-paste that code out of these
programs' main() functions:
* Replaces reads of the non-unifiable structure opt by reads of a
separate variable.
* Replace references to the local variable rng by a pointer.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Group the random generation context (entropy and DRBG) into a struct.
This is in preparation for unifying the common RNG-related code of
ssl_client2 and ssl_server2, then generalizing that code to support
methods other than entropy+CTR_DRBG.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Declaring query_config() belongs with the query_config program, not in
ssl_test_lib.h, so move the declaration to a new header file
query_config.h.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Move from ssl_*2.c to ssl_test_lib.c:
* Functions that have exactly identical definitions in the two
programs, and that don't reference the global variable opt which
has a different type in the client and in the server. Also declare
these functions in ssl_test_lib.h.
Move from ssl_*2.c to ssl_test_common_source.c:
* Functions that have exactly identical definitions in the two
programs, but access fields of the global variable opt which
has a different structure type in the client and in the server.
* The array ssl_sig_hashes_for_test, because its type is incomplete.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Adjust whitespace and comments in code of ssl_client2.c and
ssl_server2.c that was almost identical to make these chunks exactly
identical.
Make the common functions non-static.
This is in preparation for moving the common code to ssl_test_lib.c.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Move from ssl_*2.c to ssl_test_lib.h:
* Include directives for headers included by both programs.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Move from ssl_*2.c to ssl_test_lib.h:
* The inclusion of the config header file (identical).
* The fallback definitions of platform functions (almost identical:
server2 also had snprintf and the order and whitespace was slightly
different).
* The compilation guards checking that required options are
enabled (tweaked to make them common, with MBEDTLS_SSL_{CLI,SRV}_C
separated out).
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Create a new source file for code that is shared between ssl_client2.c
and ssl_server2.c, but cannot be compiled separately and instead needs
to be #include'd in each program that uses it.
This is for code that references macros or types that are defined
differently in the two programs.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Create a new source file for code that is shared between ssl_client2.c
and ssl_server2.c. This commit only creates the file; subsequent
commits will populate it.
Add it to the official build systems (make, cmake, VS).
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
*/Makefile is ignored (because it's created by cmake in in-tree builds).
But fuzz/Makefile is checked into git, so don't ignore it.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Build query_config.o then link it, instead of building query_config.c
in each of the four programs that use it.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
mbedtls_ssl_conf_dtls_srtp_protection_profiles stores the pointer to the
profiles in the configuration.
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
This algorithm replaces the pre-existing stream cipher algorithms.
The underlying stream cipher is determined by the key type.
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
The driver interfaces described in crypto_accel_driver.h and
crypto_entropy_driver.h are no longer being worked on. We do not
intend to finish the design of these interfaces or to implement them
in Mbed TLS. They have been superseded by the unified driver
interface (docs/proposed/psa-driver-interface.md), which is being
actively worked on both to finalize the specification and to implement
it in Mbed TLS.
The partially implemented dynamic secure element interface is staying
for now.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
GCC 11 generated the warnings because the parameter `ret_buf`
was declared as `const char[10]`, but some of the arguments
provided in `run_test_snprintf` are shorter literals, like "".
Now the type of `ret_buf` is `const char *`.
Both implementations of `test_snprintf` were fixed.
Signed-off-by: Rodrigo Dias Correa <rodrigo@correas.us>