lib/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-12-20 05:22:01 +03:00
Code Activity
22,965 Commits 176 Branches 276 Tags
7a75d222749d08d10699a9bb9c4f97a99557b8cc
Commit Graph

22965 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Tom Cosgrove
5c0e8104bc Prefer 'fixed-size' to 'known-size' in doc comments 
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
 2022-09-15 15:46:10 +01:00
Tom Cosgrove
c71ca0cb3c Remove some unnecessary whitespace (two spaces after commas) 
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
 2022-09-15 15:38:17 +01:00
Tom Cosgrove
dbc156172c Don't bother to test b + a after testing a + b if a == b 
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
 2022-09-15 15:36:23 +01:00
Tom Cosgrove
17f1fdca0f Update comments in mpi_core_add_if() test 
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
 2022-09-15 15:23:56 +01:00
Tom Cosgrove
b7438d1f62 Update name of mbedtls_mpi_montg_init() 
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
 2022-09-15 15:05:59 +01:00
Tom Cosgrove
2701deaa4b Use mbedtls_ct_mpi_uint_mask() rather than rolling our own 
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
 2022-09-15 15:00:07 +01:00
Tom Cosgrove
818d992cc7 Note that T must not overlap other parameters of mbedtls_mpi_core_montmul() 
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
 2022-09-15 14:58:10 +01:00
Tom Cosgrove
359feb0d2f Better wording for the reason why we use an input MPI for a scalar value 
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
 2022-09-15 14:52:34 +01:00
Tom Cosgrove
e2159f2083 Use the MAX() macro 
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
 2022-09-15 14:40:10 +01:00
Tom Cosgrove
be7209db1f Remove unnecessary casts 
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
 2022-09-15 14:32:38 +01:00
Tom Cosgrove
50c477bd6b Use S and sum (rather than X/expected) in mpi_core_add_if() 
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
 2022-09-15 14:28:30 +01:00
Tom Cosgrove
1feb5ac1b7 Switch to using TEST_LE_S() and TEST_LE_U() in tests 
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
 2022-09-15 14:22:35 +01:00
Tom Cosgrove
2b177926ad Use ASSERT_ALLOC() in tests 
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
 2022-09-15 14:07:18 +01:00
Przemek Stekiel
c454aba203 ssl-opt.sh: add tests for key_opaque_algs option 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-09-15 14:22:29 +02:00
Przemek Stekiel
632939df4b ssl_client2: print pk key name when provided using key_opaque_algs 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-09-15 14:16:11 +02:00
Przemek Stekiel
dca224628b ssl_tls13_select_sig_alg_to_psa_alg: optimize code 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-09-15 14:16:11 +02:00
Przemek Stekiel
f937e669bd Guard new code with MBEDTLS_USE_PSA_CRYPTO 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-09-15 14:16:11 +02:00
Przemek Stekiel
3c326f9697 Add function to convert sig_alg to psa alg and use it 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-09-15 14:16:11 +02:00
Przemek Stekiel
b40f2e81ec TLS 1.3: Take into account key policy while picking a signature algorithm 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-09-15 14:10:19 +02:00
Dave Rodgman
f184625223 Clarify legal requirements for contributions 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2022-09-15 11:52:44 +01:00
Manuel Pégourié-Gonnard
c42c7e660e Update documentation in legacy_or_psa.h 
- Some things that were indicated as in the near future are now done.
- Clarify when these macros are needed and when they're not.
- Prepare to make the header public.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-09-15 11:28:24 +02:00
Manuel Pégourié-Gonnard
1dc37258de Style: wrap a long line 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-09-15 11:10:26 +02:00
Manuel Pégourié-Gonnard
409a620dea Merge pull request #6255 from mprse/md_tls13 
Driver-only hashes: TLS 1.3
 2022-09-15 10:37:46 +02:00
Jerry Yu
0a55cc647c Remove unnecessary var and improve comment 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-09-15 16:15:06 +08:00
Werner Lewis
07c830c164 Fix setting for default test suite directory 
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
 2022-09-15 09:02:07 +01:00
Manuel Pégourié-Gonnard
18dff1f226 Merge pull request #5871 from superna9999/4153-psa-expose-ec-j-pake 
Expose ECJPAKE through the PSA Crypto API
 2022-09-15 09:25:55 +02:00
Ronald Cron
62e24ba186 Merge pull request #6260 from yuhaoth/pr/add-multiple-pre-config-psks 
TLS 1.3:Add multiple pre-configured psk test for server
 2022-09-15 08:58:40 +02:00
Nick Child
8ce1b1afc8 pkcs7: Correct various syntatical mistakes 
Resond to feedback from the following comments:
 - use correct spacing [1-7]
 - remove unnecessary parenthesis [8]
 - fixup comments [9-11]
 - remove unnecessary init work [12]
 - use var instead of type for sizeof [13]
[1] https://github.com/Mbed-TLS/mbedtls/pull/3431#discussion_r953655691
[2] https://github.com/Mbed-TLS/mbedtls/pull/3431#discussion_r953661514
[3] https://github.com/Mbed-TLS/mbedtls/pull/3431#discussion_r953689929
[4] https://github.com/Mbed-TLS/mbedtls/pull/3431#discussion_r953696384
[5] https://github.com/Mbed-TLS/mbedtls/pull/3431#discussion_r953697558
[6] https://github.com/Mbed-TLS/mbedtls/pull/3431#discussion_r953697793
[7] https://github.com/Mbed-TLS/mbedtls/pull/3431#discussion_r953697951
[8] https://github.com/Mbed-TLS/mbedtls/pull/3431#discussion_r953699102
[9] https://github.com/Mbed-TLS/mbedtls/pull/3431#discussion_r971223775
[10] https://github.com/Mbed-TLS/mbedtls/pull/3431#discussion_r967133905
[11] https://github.com/Mbed-TLS/mbedtls/pull/3431#discussion_r967135932
[12] https://github.com/Mbed-TLS/mbedtls/pull/3431#discussion_r967151430
[13] https://github.com/Mbed-TLS/mbedtls/pull/3431#discussion_r967154159
Signed-off-by: Nick Child <nick.child@ibm.com>
 2022-09-14 15:13:52 -05:00
Nick Child
34d5e931cf pkcs7: Use better return code for unimplemented specifications 
In response to feedback [1] [2], use MBEDTLS_ERR_PKCS7_FEATURE_UNAVAILABLE
instead of MBEDTLS_ERR_PKCS7_INVALID_FORMAT for errors due to the
pkcs7 implemntation being incomplete.

[1] https://github.com/Mbed-TLS/mbedtls/pull/3431#discussion_r953649079
[2] https://github.com/Mbed-TLS/mbedtls/pull/3431#discussion_r953658276

Signed-off-by: Nick Child <nick.child@ibm.com>
 2022-09-14 14:44:03 -05:00
Nick Child
7089ce8381 pkcs7: Handle md errors in multisigner pkcs7 verification 
In resonse to feedback [1], if `mbedtls_md_info_from_type` were to
fail then skip the signer and try the next one.

Additionally, use a for loop instead of a while loop when iterating
over signers because it simplifies the use of `continue`.

[1] https://github.com/Mbed-TLS/mbedtls/pull/3431#discussion_r967198650
Signed-off-by: Nick Child <nick.child@ibm.com>
 2022-09-14 14:18:00 -05:00
Andrzej Kurek
4ba0e45f8e all.sh: don't build with ECJPAKE_TO_PMS if SHA256 is not available 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-09-14 14:58:49 -04:00
Andrzej Kurek
d60907b85d Define ECJPAKE_TO_PMS in config_psa only if SHA_256 is available 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-09-14 14:57:51 -04:00
Nick Child
8a94de40c7 test/pkcs7: Reduce number of test functions 
In response to feedback[1], we can reuse much of the functions in
similar test cases by specifying some additional parameters.

Specifically, test cases which probe the functionality of
`mbedtls_pkcs7_parse_der` have all been merged into one test function.
Additionally, all test cases which examine the
`mbedtls_pkcs7_signed_data_verify` and `mbedtls_pkcs7_signed_hash_verify`
functions have been merged into two test functions (one for single and one
for multiple signers).

[1] https://github.com/Mbed-TLS/mbedtls/pull/3431#discussion_r953686780
Signed-off-by: Nick Child <nick.child@ibm.com>
 2022-09-14 11:27:29 -05:00
Werner Lewis
52ae326ebb Update references to file targets in docstrings 
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
 2022-09-14 16:52:45 +01:00
Werner Lewis
ac446c8a04 Add combination_pairs helper function 
Wrapper function for itertools.combinations_with_replacement, with
explicit cast due to imprecise typing with older versions of mypy.

Signed-off-by: Werner Lewis <werner.lewis@arm.com>
 2022-09-14 16:52:45 +01:00
Werner Lewis
b6e809133d Use typing.cast instead of unqualified cast 
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
 2022-09-14 16:52:45 +01:00
Werner Lewis
00d02423a5 Remove argparser default for directory 
This reverts commit f156c43702. Adds a
comment to explain reasoning for current implementation.

Signed-off-by: Werner Lewis <werner.lewis@arm.com>
 2022-09-14 16:52:42 +01:00
Werner Lewis
858cffde1e Add toggle for test case count in descriptions 
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
 2022-09-14 16:52:25 +01:00
Werner Lewis
34d6d3e4e5 Update comments/docstrings in TestGenerator 
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
 2022-09-14 16:52:18 +01:00
Jerry Yu
f7dad3cfbe fix various issues 
- Naming
- format
- Reduce negative tolerance window

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-09-14 22:31:39 +08:00
Przemyslaw Stekiel
67ffab5600 ssl.h: use PSA hash buffer size when PSA is used 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-09-14 14:51:14 +02:00
Andrzej Kurek
18f8e8d62c Document the input size restriction for EC J-PAKE to PMS 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-09-14 08:44:34 -04:00
Andrzej Kurek
d8705bc7b7 Add tests for the newly created ad-hoc EC J-PAKE KDF 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-09-14 08:39:41 -04:00
Andrzej Kurek
08d34b8693 Add an EC J-PAKE KDF to transform K -> SHA256(K.X) for TLS 1.2 
TLS uses it to derive the session secret. The algorithm takes a serialized
point in an uncompressed form, extracts the X coordinate and computes
SHA256 of it. It is only expected to work with P-256.
Fixes #5978.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-09-14 08:39:26 -04:00
Ronald Cron
208257b39f Merge pull request #6259 from yuhaoth/pr/add-psk_ephemeral-possible-group-tests 
TLS 1.3: PSK: Add possible group tests for psk with ECDHE
 2022-09-14 14:21:46 +02:00
Przemyslaw Stekiel
ab9b9d4669 ssl_tls13_keys.h: use PSA max hash size 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-09-14 13:51:07 +02:00
Przemyslaw Stekiel
da6452578f ssl_tls13_generic.c: fix hash buffer sizes (use PSA_HASH_MAX_SIZE) 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-09-14 12:50:51 +02:00
Neil Armstrong
6a12a7704d Fix typo in comment 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-09-14 12:17:42 +02:00
Jerry Yu
673b0f9ad3 Randomize order of psks 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-09-14 18:02:26 +08:00
Przemyslaw Stekiel
034492bd56 ssl.h: Fix hash guards 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-09-14 11:09:20 +02:00