lib/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-07-23 15:01:00 +03:00
Code Activity
19,235 Commits 173 Branches 272 Tags
021b1785ef528880c20bc2cb2828c77afccd31fc
Commit Graph

6374 Commits

Author SHA1 Message Date
Neil Armstrong
ee9686b446 Fix style issue in hash_setup() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-02-25 15:47:34 +01:00
Neil Armstrong
e858996413 Use PSA version of mbedtls_ct_hmac() in mbedtls_ssl_decrypt_buf() 
Due to mbedtls_ct_hmac() implementation the decryption MAC key
must be exportable.

Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-02-25 15:17:50 +01:00
Neil Armstrong
2968d306e4 Implement mbedtls_ct_hmac() using PSA hash API 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-02-25 15:16:50 +01:00
Neil Armstrong
cf8841a076 Remove non-PSA MAC keys in mbedtls_ssl_transform when MBEDTLS_USE_PSA_CRYPTO is defined 
Also remove last usage of non-PSA MAC keys in ssl_decrypt_non_etm_cbc() SSL test.

Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-02-25 15:16:49 +01:00
Neil Armstrong
4f091290bd Remove Obsolete SSLs tests with truncated MAC tags & NULL/CBC cipher 
These tests are related to an obsolete feature removed from the library.

Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-02-25 15:16:49 +01:00
Neil Armstrong
f4cc062935 Setup MAC PSA keys in build_transforms() to pass ssl_crypt_record() with PSA crypto 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-02-25 15:16:49 +01:00
Neil Armstrong
46a1760922 Allow USE_PSA_CRYPTO for handshake TLS tests 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-02-25 15:16:49 +01:00
Jerry Yu
2ff6ba1df0 Remove rsa_pss_rsae_sha256 support. 
Sign rsa is not thread safe. Remove it from current code.
And a thread-safe version should be re-introduce in future.

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-02-23 10:38:25 +08:00
Gilles Peskine
9216536415 Add storage format checks to the interface checker 
Expand abi_check.py to look for backward incompatibilities not only in
the interface exposed to application code (and to some extent driver
code), but also to the interface exposed via the storage format, which
is relevant when upgrading Mbed TLS on a device with a PSA keystore.

Strictly speaking, the storage format checks look for regressions in
the automatically generated storage format test data. Incompatible
changes that are not covered by the generated tests will also not be
covered by the interface checker.

A known defect in this commit is that the --brief output is not brief
for storage format checks.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-02-22 14:54:03 +01:00
Przemyslaw Stekiel
aeaa4f0651 Code optimization 
- fix codding style
- fix comments and descriptions
- add helper function for montgomery curve
- move N-2 calculation outside the loop
- fix access to <data> bytes: *data[x] -> (*data)[x]

Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-02-22 13:35:27 +01:00
Przemyslaw Stekiel
f6c2c87492 Fix ECC derivation tests 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-02-22 13:35:27 +01:00
Przemyslaw Stekiel
7b6e61a132 Add test vectors for ECC key excercise 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-02-22 13:35:26 +01:00
Przemyslaw Stekiel
50fcc535e5 Add Weierstrass curve/bits consistancy check + negative test vectors 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-02-22 13:35:26 +01:00
Przemyslaw Stekiel
02cf12ff92 Enable tests for Montgomery curves 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-02-22 13:35:26 +01:00
Przemyslaw Stekiel
8590f3b5ff Enable related test vectors 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-02-22 13:35:26 +01:00
Przemyslaw Stekiel
696b120650 Add tests for ECC key derivation 
Test code and test vectors are taken from PR #5218

Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-02-22 13:35:26 +01:00
Przemyslaw Stekiel
ab80c0cd6c test_psa_compliance.py: checkout fix-pr-5139 tag 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-02-22 13:35:26 +01:00
Neil Armstrong
66a479f8fb Add Cipher Decrypt Fail multi-part case 
Make `PSA symetric decrypt: CCM*-no-tag, input too short (15 bytes)`
depend on MBEDTLS_CCM_C otherwise the multi-part test fails on
the missing CCM* instead on the input length validity for CCM*.

Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-02-22 10:56:18 +01:00
Neil Armstrong
d8dba4e0aa Add Cipher Encrypt Fail multi-part case 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-02-22 10:56:18 +01:00
Neil Armstrong
3ee335dbe3 Add Cipher Encrypt multi-part case 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-02-22 10:56:18 +01:00
Neil Armstrong
752d811015 Add AEAD Key Policy check multi-part cases 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-02-22 10:56:18 +01:00
Neil Armstrong
78aeaf8ad7 Add Cipher Key Policy check one-shot cases 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-02-22 10:56:18 +01:00
Neil Armstrong
3af9b97a29 Add Multipart Message authentication Compute & Verify cases 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-02-22 10:56:18 +01:00
Neil Armstrong
ca30a00aad Add Multipart Hash Compute & Compare tests 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-02-22 10:56:18 +01:00
Neil Armstrong
55a1be1f48 Add Multipart Hash Compare fail tests 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-02-22 10:56:18 +01:00
Neil Armstrong
161ec5c368 Add Multipart Hash Compute fail tests 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-02-22 10:56:18 +01:00
Neil Armstrong
edb20865c7 Add One-Shot Hash setup test 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-02-22 10:56:18 +01:00
Jerry Yu
ccb005e35f fix missing feedback address 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-02-22 17:38:34 +08:00
Przemyslaw Stekiel
d9fa99917e Extend test coverage for transparent driver decryption. 
Encryption is not deterministic and can not be verified by a know-answer test.
Encryption is already verified via encrypt-decrypt test.

Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-02-22 09:36:35 +01:00
Jerry Yu
819f29730a fix various issues in ssl-opt 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-02-22 10:17:58 +08:00
Jerry Yu
2124d05e06 Add sha384 and sha512 case 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-02-22 10:17:58 +08:00
Jerry Yu
d66409ae92 Add non support sig alg check and test 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-02-22 10:17:58 +08:00
Jerry Yu
562a0fddf0 Add client version check 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-02-22 10:17:58 +08:00
Jerry Yu
6c3d821ff1 update ssl-opt test cases 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-02-22 10:17:58 +08:00
Jerry Yu
46b53b9920 remove duplicate test 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-02-22 10:17:58 +08:00
Jerry Yu
4bfa22aeb3 remove useless config option 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-02-22 10:17:58 +08:00
Jerry Yu
42ea733fdc remove RSA not found test 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-02-22 10:17:58 +08:00
Jerry Yu
7db5b8f68c add rsa_pss_rsae_sha256 write support 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-02-22 10:17:58 +08:00
Jerry Yu
37987ddd0f Add test cases 
Add test cases for different sig algs.
Known issue is rsa_pss_rsae_sha256 fail

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-02-22 10:17:58 +08:00
Jerry Yu
ca133a34c5 Change state machine 
Skip CertificateVerfiy if empty certificate or no
CertificateRequest received.

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-02-22 10:17:58 +08:00
Jerry Yu
22abd06cd0 Add rsa key check 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-02-22 10:17:58 +08:00
Jerry Yu
aa6214a571 add empty client certificate tests 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-02-22 10:17:58 +08:00
Jerry Yu
c19884f487 change expect exit value 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-02-22 10:17:58 +08:00
Jerry Yu
25e0ddcf47 Add client certificate file 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-02-22 10:17:58 +08:00
Jerry Yu
200b47b8f5 Add more tests for CertificateRequest 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-02-22 10:17:58 +08:00
Jerry Yu
960bc28bcc Add tests for no middlebox mode 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-02-22 10:17:57 +08:00
Ronald Cron
4579a972bf Merge pull request #5426 from gilles-peskine-arm/ssl-get-version-3.1 
Add accessors to mbedtls_ssl_context: user data, version
ABI-API-checking fails which was expected as this PR adds a new field in mbedtls_ssl_context and mbedtls_ssl_config.
 2022-02-21 17:03:24 +01:00
Manuel Pégourié-Gonnard
e3a2dd787e Merge pull request #5521 from AndrzejKurek/rsa-pss-use-psa 
Make RSA-PSS verification use PSA with MBEDTLS_USE_PSA_CRYPTO
 2022-02-21 16:58:57 +01:00
Gabor Mezei
4fded1359a Use PSA_INIT() 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2022-02-21 15:47:24 +01:00
Gabor Mezei
c5efb8e58b Use PSA error code 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2022-02-21 15:46:38 +01:00