Gilles Peskine
25fdebf0c6
Add missing configs from test-ref-configs.pl
...
Two sample configuration file were not being tested:
config-no-entropy.h and config-psa-crypto.h. Add them.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-11-09 15:17:07 +01:00
Gilles Peskine
7a78a1f47c
Sort entries to make it easier to eyeball the list
...
No semantic change.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-11-09 15:17:07 +01:00
Gilles Peskine
b64e0fe5e3
Fix conditions for including string.h in error.c
...
<string.h> is actually needed when MBEDTLS_ERROR_C is enabled and not
when only MBEDTLS_ERROR_STRERROR_DUMMY is enabled.
Fix #3866 .
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-11-09 15:17:07 +01:00
Gilles Peskine
bce4dc028f
Include config_psa.h from psa/crypto.h
...
When the new PSA crypto configuration mechanism MBEDTLS_PSA_CRYPTO_CONFIG
is disabled, legacy configurations must keep working, even if they don't
include the new header file mbedtls/config_psa.h. Code that uses or
implements PSA crypto interfaces needs some of the symbols defined by the
new header file. Therefore, include the new header file via PSA crypto
headers, which are included everywhere mbedtls/config_psa.h is needed.
Include it early, in psa/crypto_platform.h, just after including
mbedtls/config.h, so that its symbols are available wherever the symbols
from mbedtls/config.h is available.
This fixes the unit tests with configs/config-psa-crypto.h: some unit
tests were failing, revealing that library features controlled with
the new symbols were no longer getting built.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-11-09 15:17:07 +01:00
Gilles Peskine
f4a6a05e9d
ssl_context_info: fix config requirements
...
Revealed by attempting to build in configs/config-no-entropy.h.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-11-09 15:17:07 +01:00
Ronald Cron
d2ed4815da
Split persistence and key id validation
...
With key usage based on key identifiers and not
key handles (openless APIs), volatile keys will
also have a key identifier. Thus, isolate key
identifier validation from key persistence
validation to clarify that key identifiers
are not specific to persistent keys.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-11-09 15:14:38 +01:00
Gilles Peskine
e3994d7269
Merge pull request #3836 from bensze01/ecb_iv_fix
...
Do not set iv size for ECB mode ciphers
2020-11-06 18:00:50 +01:00
Bence Szépkúti
a8e40ddfc9
Do not set IV size for ECB mode ciphers
...
ECB mode ciphers do not use IVs
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2020-11-06 09:40:21 +01:00
Janos Follath
46f35849b1
Merge pull request #3845 from d3zd3z/fix3801
...
cmake: Avoid using target_properties for old cmake
2020-11-05 11:56:45 +00:00
Gilles Peskine
6b87993142
Merge pull request #3609 from gilles-peskine-arm/aes-zeroize-less
...
Remove a useless zeroization
2020-11-04 23:43:35 +01:00
Gilles Peskine
7b5e6b9dcc
Typos and clarifications
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-11-04 18:30:01 +01:00
Ronald Cron
efcf52d521
Merge pull request #3614 from gilles-peskine-arm/ssl-opt-gnutls-printf-development
...
Fix printf escape errors in shell scripts
2020-11-04 17:55:42 +01:00
David Brown
381c1078fc
cmake: Avoid using target_properties for old cmake
...
CMake versions less than 3.0 do not support the `target_sources`
command. In order to be able to support v2.8.12.2 of cmake, directly
set the SOURCES property instead of using the target_sources command.
A future patch could reverse this, if the project decides to forgo
support for cmake versions less than 3.0.
Fixes #3801
Signed-off-by: David Brown <david.brown@linaro.org>
2020-11-03 15:38:38 -07:00
Gilles Peskine
db6e33e12a
Merge pull request #3826 from frestr/test/chachapoly_vector
...
PSA Crypto: Add zero-length input test vectors for ChaChaPoly
2020-11-03 23:17:00 +01:00
Gilles Peskine
a455e71588
Merge pull request #3780 from stevew817/feature/validate_key_in_driver
...
Add validate_key hooks and tests
2020-11-02 11:37:42 +01:00
Steven Cooreman
40120f6b76
Address review comments
...
* zero key buffer on failure
* readability improvements
* psa_finish_key_creation adjustment after removing import_key_into_slot
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2020-10-30 10:20:01 +01:00
Gilles Peskine
52f32c913e
Merge pull request #3787 from bensze01/iv_nonce_size
...
PSA: Add support macros for IV/nonce sizes
2020-10-30 09:45:11 +01:00
Gilles Peskine
2da4292dc1
Merge pull request #3790 from peter-toft-greve/development
...
Add fix for cmake control of CMAKE_BUILD_TYPE only if mbedtls is the root project
2020-10-30 09:44:29 +01:00
Gilles Peskine
868906cd06
Merge pull request #3235 from jeannotlapin/pr1813
...
Add Dtls Srtp support (RFC5764)
2020-10-29 22:21:56 +01:00
Steven Cooreman
162ec8758f
Detecting bit size is no longer required
...
Storage format has been changed to always store the key's bit size
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2020-10-29 12:04:31 +01:00
Steven Cooreman
c4813a6e80
Rename 'keygen' to 'key management'
...
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2020-10-29 12:04:31 +01:00
Bence Szépkúti
423d3e7fcf
Update support macros for IV/nonce sizes
...
This commit defines the following new macros added to the PSA Crypto API
between versions 1.0 beta 3 and 1.0.0 final:
PSA_AEAD_NONCE_LENGTH
PSA_AEAD_NONCE_MAX_SIZE
PSA_CIPHER_IV_LENGTH
PSA_CIPHER_IV_MAX_SIZE
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2020-10-29 11:07:39 +01:00
Johan Pascal
5fbe9e7ac0
remove useless parentheses
...
Signed-off-by: Johan Pascal <johan.pascal@belledonne-communications.com>
2020-10-29 10:50:54 +01:00
Johan Pascal
c3ccd98a91
Check transport in the extension parser/writer
...
Signed-off-by: Johan Pascal <johan.pascal@belledonne-communications.com>
2020-10-29 01:14:50 +01:00
Johan Pascal
5ef72d214f
Style and typos
...
Signed-off-by: Johan Pascal <johan.pascal@belledonne-communications.com>
2020-10-29 01:14:50 +01:00
Johan Pascal
2258a4f481
Do not return a structure, use a return parameter
...
Signed-off-by: Johan Pascal <johan.pascal@belledonne-communications.com>
2020-10-29 01:14:50 +01:00
Johan Pascal
0dbcd1d3f0
Make API safer
...
Signed-off-by: Johan Pascal <johan.pascal@belledonne-communications.com>
2020-10-29 01:14:50 +01:00
Johan Pascal
275874bc47
Fix previous commit
...
Signed-off-by: Johan Pascal <johan.pascal@belledonne-communications.com>
2020-10-29 01:14:50 +01:00
Johan Pascal
20c7db3a67
API modified so server side can get mki value
...
+ client side discards self mki if server does not support it
Signed-off-by: Johan Pascal <johan.pascal@belledonne-communications.com>
2020-10-29 01:14:50 +01:00
Johan Pascal
adbd9449ec
More minor fix
...
Signed-off-by: Johan Pascal <johan.pascal@belledonne-communications.com>
2020-10-29 01:14:50 +01:00
Johan Pascal
76fdf1d60e
Minor fix and improvements
...
Signed-off-by: Johan Pascal <johan.pascal@belledonne-communications.com>
2020-10-29 01:14:50 +01:00
Johan Pascal
104031547f
style
...
Signed-off-by: Johan Pascal <johan.pascal@belledonne-communications.com>
2020-10-29 01:14:50 +01:00
Johan Pascal
9bc50b0122
Test check the key material exported match
...
- include interop with openssl client
Signed-off-by: Johan Pascal <johan.pascal@belledonne-communications.com>
2020-10-29 01:14:50 +01:00
Johan Pascal
39cfd3b96e
interop test: openssl generate the DTLS-SRTP keys
...
Missing a command in the test script to compare with peer's output
Signed-off-by: Johan Pascal <johan.pascal@belledonne-communications.com>
2020-10-29 01:14:50 +01:00
Johan Pascal
d387aa0586
style + missing cast
...
Signed-off-by: Johan Pascal <johan.pascal@belledonne-communications.com>
2020-10-29 01:14:50 +01:00
Johan Pascal
842d671316
Update include/mbedtls/config.h
...
Co-authored-by: Hanno Becker <hanno.becker@arm.com>
Signed-off-by: Johan Pascal <johan.pascal@belledonne-communications.com>
2020-10-29 01:14:49 +01:00
Johan Pascal
77696eedac
Add bound check in the client ssl_write_use_srtp_ext
...
Signed-off-by: Johan Pascal <johan.pascal@belledonne-communications.com>
2020-10-29 01:14:49 +01:00
Johan Pascal
aae4d22b16
Improve code readability
...
+micro optimization
+style
Signed-off-by: Johan Pascal <johan.pascal@belledonne-communications.com>
2020-10-29 01:14:49 +01:00
Johan Pascal
e79c1e8121
style
...
Signed-off-by: Johan Pascal <johan.pascal@belledonne-communications.com>
2020-10-29 01:14:49 +01:00
Johan Pascal
a455cd9a47
mbedtls_ssl_get_srtp_profile_as_string declared and defined in ssl.h
...
Signed-off-by: Johan Pascal <johan.pascal@belledonne-communications.com>
2020-10-29 01:14:49 +01:00
Johan Pascal
f6417ecf60
mki length feats in a uint16_t
...
Signed-off-by: Johan Pascal <johan.pascal@belledonne-communications.com>
2020-10-29 01:14:49 +01:00
Johan Pascal
253d0263a6
set protection profile API gets a MBEDTLS_TLS_SRTP_UNSET terminated list
...
Signed-off-by: Johan Pascal <johan.pascal@belledonne-communications.com>
2020-10-29 01:14:49 +01:00
Johan Pascal
43f9490a52
SRTP profiles definition use macros only
...
Signed-off-by: Johan Pascal <johan.pascal@belledonne-communications.com>
2020-10-29 01:14:49 +01:00
Johan Pascal
4f099264b5
use_srtp extension shall not interfere in the handshake settings
...
Signed-off-by: Johan Pascal <johan.pascal@belledonne-communications.com>
2020-10-29 01:14:49 +01:00
Johan Pascal
d576fdb1d6
Style + fix bound check in write_use_srt_ext
...
Signed-off-by: Johan Pascal <johan.pascal@belledonne-communications.com>
2020-10-29 01:14:49 +01:00
Johan Pascal
9bc97ca19d
SRTP-DTLS protection profile configuration list not copied into ssl_config
...
+ improve test
+ minor style fix
Signed-off-by: Johan Pascal <johan.pascal@belledonne-communications.com>
2020-10-29 01:14:49 +01:00
Johan Pascal
8f70fba988
Check the server hello output buffer size when writing the use_srtp ext
...
Signed-off-by: Johan Pascal <johan.pascal@belledonne-communications.com>
2020-10-29 01:14:49 +01:00
Johan Pascal
042d456832
Improve client Hello use_srtp parsing
...
Signed-off-by: Johan Pascal <johan.pascal@belledonne-communications.com>
2020-10-29 01:14:49 +01:00
Johan Pascal
a89ca8679f
The client shall not enforce the use of client certificate with use_srtp extension
...
This is server's task to request it if needed
Signed-off-by: Johan Pascal <johan.pascal@belledonne-communications.com>
2020-10-29 01:14:49 +01:00
Johan Pascal
8526957cd5
Minor style modifications
...
Signed-off-by: Johan Pascal <johan.pascal@belledonne-communications.com>
2020-10-29 01:14:49 +01:00