lib/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-08-07 06:42:56 +03:00
Code Activity
19,235 Commits 174 Branches 272 Tags
021b1785ef528880c20bc2cb2828c77afccd31fc
Commit Graph

19235 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Manuel Pégourié-Gonnard
0950359220 Improve "abstraction layers" section 
- fix inaccuracy about PSA hash implementation
- add note about context-less operations
- provide summary

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-01-18 09:13:14 +01:00
Manuel Pégourié-Gonnard
a6c601c079 Explain compile-time incompatibilities 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-01-18 09:13:14 +01:00
Manuel Pégourié-Gonnard
7497991356 Expand discussion of goals 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-01-18 09:13:14 +01:00
Manuel Pégourié-Gonnard
e459be2ed1 Complete discussion of RSASSA-PSS 
Update to latest draft of PSA Crypto 1.1.0: back to strict verification
by default, but ANY_SALT introduced.

Commands used to observe default values of saltlen:

    openssl genpkey -algorithm rsa-pss -out o.key
    openssl req -x509 -new -key o.key -subj "/CN=CA" -sha256 -out o.crt

    certtool --generate-privkey --key-type rsa-pss --outfile g.key
    certtool --generate-self-signed --load-privkey g.key --outfile g.crt

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-01-18 09:13:14 +01:00
Manuel Pégourié-Gonnard
f5ee4b3da4 Add data about RSA-PSS test files 
Data gathered with:

    for c in server9*.crt; do echo $c; openssl x509 -noout -text -in $c |
        grep '^    Signature Algorithm: rsassaPss' -A3 | sed '1d'; done
    for c in crl-rsa-pss-*; do echo $c; openssl crl -noout -text -in $c |
        grep '^    Signature Algorithm: rsassaPss' -A3 | sed '1d'; done
    for c in server9.req.*; do echo $c; openssl req -noout -text -in $c |
        grep '^    Signature Algorithm: rsassaPss' -A3 | sed '1d'; done

Unfortunately there is no record of how these files have been generated.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-01-18 09:13:14 +01:00
Manuel Pégourié-Gonnard
b902164cf0 Add temporary list of tasks for G1 and G2 
Work in progress, some tasks have very explicit definitions and details
on how to execute, others much less so; some may need splitting.

These documents are temporary anyway, to give a rough idea of the work
remaining to reach those goals (both of which we started, but only for
some use case so far). Ultimately the result will be actionable and
estimated tasks on github.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-01-18 09:13:14 +01:00
Manuel Pégourié-Gonnard
d9edd56bf8 Document PSA limitations that could be problems 
(WIP: the study of RSA-PSS is incomplete.)

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-01-18 09:13:14 +01:00
Manuel Pégourié-Gonnard
b89fd95146 Document the general strategy for PSA migration 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-01-18 09:13:14 +01:00
Manuel Pégourié-Gonnard
1b52d09494 Document test strategy for USE_PSA_CRYPTO 
Note: removed `mbedtls_x509write_crt_set_subject_key()` from the list of
things that should be tested, as it's taking public key rather than a
keypair.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-01-18 09:13:14 +01:00
Manuel Pégourié-Gonnard
0d0a104b2d Add study for TLS/X.509 dependencies on crypto 
This is an updated version of the study that was done a few years ago.

The script `syms` was used to list symbols form libmbedtls.a /
libmbedx509.a that are defined externally. It was run with config.py
full minus MBEDTLS_USE_PSA_CRYPTO minus
MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-01-18 09:13:00 +01:00
Gabor Mezei
29ec0c42f1 Remove unneeded changelog entry 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2022-01-17 15:21:02 +01:00
Manuel Pégourié-Gonnard
a15503fcdd Merge pull request #5344 from AndrzejKurek/psa-aead-more-generate-nonce-combinations 
PSA AEAD: test more combinations of generate_nonce and set_lengths
 2022-01-17 13:12:04 +01:00
Manuel Pégourié-Gonnard
763641a3f5 Rm use of non-standard __func__ in example programs 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-01-17 11:58:54 +01:00
Manuel Pégourié-Gonnard
9efbf53f0e Declare incompatibility in new programs 
Existing example programs in this directory are already incompatible
with that option, so this is probably acceptable here too.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-01-17 11:57:44 +01:00
Ronald Cron
188ed19456 Merge pull request #5351 from yuhaoth/pr/remove-duplicate-supported_group_ext 
Remove duplicate function for writing supported_groups extension
 2022-01-17 09:13:14 +01:00
Andrzej Kurek
b9fbc11e2c Dynamically allocate iv in dec_empty_buf tests 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-01-14 16:31:54 +01:00
Andrzej Kurek
f2d4e275a8 Add a changelog entry for the ChaCha20 default behavior change 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-01-14 16:31:54 +01:00
Andrzej Kurek
8be8e4a524 Add a missing test case to ChaCha20 tests - decrypt empty buffer 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-01-14 16:31:54 +01:00
Andrzej Kurek
63439eda62 Return an error for IV lengths other than 12 with ChaCha20+Poly1305 
The implementation was silently overwriting the IV length to 12
even though the caller passed a different value.
Change the behavior to signal that a different length is not supported.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-01-14 16:31:54 +01:00
Andrzej Kurek
33ca6af8a3 Return an error for IV lengths other than 12 with ChaCha20 
The implementation was silently overwriting the IV length to 12
even though the caller passed a different value.
Change the behavior to signal that a different length is not supported.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-01-14 16:31:54 +01:00
Manuel Pégourié-Gonnard
ecffd96910 Silence compiler warning in example program 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-01-14 13:23:54 +01:00
Manuel Pégourié-Gonnard
398d45985b Add example program psa/aead_cipher_psa 
This is meant to highlight similarities and differences in the APIs.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-01-14 12:48:13 +01:00
Manuel Pégourié-Gonnard
73839e02a7 Merge pull request #5353 from gstrauss/mbedtls_ssl_config_defaults-repeat 
Reset dhm_P and dhm_G if config call repeated; avoid memory leak
 2022-01-14 10:41:06 +01:00
Gilles Peskine
6bfe4e263b Merge pull request #5272 from bensze01/psa_aead_setup_error 
PSA: Return the same error in multipart and single shot AEAD operations
 2022-01-13 21:16:20 +01:00
Bence Szépkúti
aa3a6e4ea7 Fix brace placement 
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
 2022-01-13 16:26:03 +01:00
Bence Szépkúti
39fb9d170b Rename helper function to psa_aead_check_algorithm 
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
 2022-01-13 14:33:45 +01:00
Jerry Yu
d491ea4f18 fix comment issue 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-01-13 16:15:25 +08:00
Glenn Strauss
8f52690956 Add accessors for ciphersuite info 
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
 2022-01-13 00:05:48 -05:00
Gilles Peskine
dfc5c7117e Merge pull request #5420 from yanesca/update_mailing_list_links 
Update mailing list links
 2022-01-12 16:46:52 +01:00
Gabor Mezei
bc5b6b9602 Add changelog entry 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2022-01-12 16:46:28 +01:00
Gabor Mezei
6e5aae63f8 Add tests for ticket_aead option 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2022-01-12 16:29:58 +01:00
Gabor Mezei
d4bea1efd5 Add ticket_aead option for ssl_server2 
The ticket_aead option allows to specify the session ticket protection.

Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2022-01-12 16:21:15 +01:00
Janos Follath
88addc4883 Update mailing list links 
The mailing list software has been updated and the links have changed.

Signed-off-by: Janos Follath <janos.follath@arm.com>
 2022-01-12 13:09:17 +00:00
Jerry Yu
b925f21806 fix comment issues 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-01-12 11:17:02 +08:00
Jerry Yu
f0fede56a6 minor performance improvement 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-01-12 10:57:47 +08:00
Jerry Yu
1510cea0f3 fix coding style issues 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-01-12 10:56:49 +08:00
Jerry Yu
3ad14ac9e9 Add named group IANA value check 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-01-11 17:13:16 +08:00
Jerry Yu
f46b016058 skip some extensions if ephemeral not enabled 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-01-11 16:28:00 +08:00
Jerry Yu
63282b4321 Refactor write supported group 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-01-11 15:43:53 +08:00
Hanno Becker
bae3023576 Make more use of helper function for init/free of MPI array 
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2022-01-11 05:06:54 +00:00
Jerry Yu
7f029d8a94 fix coding style issues 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-01-11 11:08:53 +08:00
Przemyslaw Stekiel
2ce7c9c5dc test_driver_rsa.c: fix include file name 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-01-10 12:55:06 +01:00
Przemyslaw Stekiel
2d18c7e9bf Move driver asymetric encrypt/decript declarations to asym.h 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-01-10 12:55:06 +01:00
Przemyslaw Stekiel
0c8e0d0c30 driver tests: fix duplicated test names 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-01-10 12:55:06 +01:00
Przemyslaw Stekiel
0a875ef2d7 Add driver PSA_ALG_RSA_OAEP tests for asymmetric encrypt/decrypt 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-01-10 12:55:06 +01:00
Przemyslaw Stekiel
eed991bf4e Add driver dispatch tests for RSA message verify 
Tested algs:
PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256)
PSA_ALG_RSA_PSS(PSA_ALG_SHA_256)
PSA_ALG_RSA_PSS_ANY_SALT(PSA_ALG_SHA_256)

Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-01-10 12:55:06 +01:00
Przemyslaw Stekiel
66ed8d680f Add driver dispatch tests for RSA message sign 
Tested algs:
PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256)

Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-01-10 12:55:06 +01:00
Przemyslaw Stekiel
d06e927325 Add driver dispatch tests for RSA hash verify 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-01-10 12:55:06 +01:00
Przemyslaw Stekiel
9b52a15872 Add driver dispatch tests for RSA hash sign 
Tested key types:
PSA_ALG_RSA_PKCS1V15_SIGN_RAW
PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256)

Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-01-10 12:55:06 +01:00
Przemyslaw Stekiel
de13365cf6 test_suite_psa_crypto_driver_wrappers.function: trim trailing whitespace 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-01-10 12:55:06 +01:00