lib/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-12-20 05:22:01 +03:00
Code Activity
22,965 Commits 176 Branches 276 Tags
7a75d222749d08d10699a9bb9c4f97a99557b8cc
Commit Graph

22965 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Jerry Yu
58af2335d9 Add possible group tests for psk with ECDHE 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-09-06 14:49:39 +08:00
Jerry Yu
079472b4c9 Add multiple pre-configured psk test for server 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-09-06 11:44:18 +08:00
Jerry Yu
fd310ebf2d fix coding style issues 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-09-06 09:16:35 +08:00
Neil Armstrong
bcd5bd933e Add a comment expliciting usage of internal PAKE step/state/sequence enums 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-09-05 18:34:12 +02:00
Neil Armstrong
78c4e8e9cb Make ecjpake_do_round() return void and use TEST_ASSERT with a descriptive text instead of returning a value 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-09-05 18:08:13 +02:00
Neil Armstrong
51009d7297 Add comment in ecjpake_do_round() explaining input errors can be detected any time in the input sequence 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-09-05 17:59:54 +02:00
Neil Armstrong
5bbdb70131 Fix style in psa_pake_input() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-09-05 17:54:15 +02:00
Manuel Pégourié-Gonnard
52f83dc471 Merge pull request #6244 from AndrzejKurek/pkcs5-no-md 
Driver-only hashes: PKCS5
 2022-09-05 11:01:31 +02:00
Andrzej Kurek
5e0654a324 Add a compat.sh run to psa_crypto_config_accel_hash_use_psa 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-09-04 09:31:17 -04:00
Andrzej Kurek
c502210291 Adjust pkparse test dependencies 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-09-02 15:33:20 -04:00
Werner Lewis
855e45c817 Use simpler int to hex string conversion 
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
 2022-09-02 17:26:19 +01:00
Tom Cosgrove
67c9247ed9 Move the T++ in mbedtls_mpi_core_montmul() to within the loop body 
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
 2022-09-02 13:28:59 +01:00
Werner Lewis
56013081c7 Remove unused imports 
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
 2022-09-02 12:57:37 +01:00
Werner Lewis
a4668a6b6c Rework TestGenerator to add file targets 
BaseTarget-derived targets are now added to TestGenerator.targets in
initialization. This reduces repeated code in generate_xxx_tests.py
scripts which use this framework.

Signed-off-by: Werner Lewis <werner.lewis@arm.com>
 2022-09-02 11:56:34 +01:00
Tom Cosgrove
1135b20064 Add mbedtls_mpi_core_add_if() tests for when inputs are aliased 
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
 2022-09-02 11:46:18 +01:00
Tom Cosgrove
42dfac6ae8 Rename variables and update comments in mpi_core_mla test 
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
 2022-09-02 11:27:39 +01:00
Tom Cosgrove
a043aeb95c Rename variables and update comments in mpi_core_sub test 
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
 2022-09-02 11:27:39 +01:00
Tom Cosgrove
eceb4ccfc3 Rename variables and update comments in mpi_core_add_if test 
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
 2022-09-02 11:27:31 +01:00
Tom Cosgrove
1b2947a614 Remove mbedtls_ prefix from bignum test cases 
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
 2022-09-02 10:24:55 +01:00
Andrzej Kurek
216baca131 pkcs5: improve error handling 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-09-02 04:15:34 -04:00
Andrzej Kurek
e3d544c58f Minor PKCS5 improvements 
Add consts, more elegant size calculation and 
variable initialization.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-09-02 04:07:15 -04:00
Andrzej Kurek
7a32072038 Setup / deinitialize PSA in pk tests only if no MD is used 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-09-02 04:07:15 -04:00
Andrzej Kurek
3d0dfb99c9 Change the pkcs5_pbkdf2_hmac deprecation approach 
The shared part has now been extracted and will
be used regardless of the deprecation define.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-09-02 04:07:15 -04:00
Andrzej Kurek
f000471c66 Add missing MD dependency for pkcs5_pbkdf2_hmac 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-09-02 04:07:15 -04:00
Andrzej Kurek
11265d78bb Remove PKCS5 from the ref config in the migration script 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-09-02 04:06:54 -04:00
Andrzej Kurek
26909f348f Add PSA initialization and teardown to tests using pkcs5 
If PSA is defined and there is no MD - an initialization
is required.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-09-02 04:05:37 -04:00
Andrzej Kurek
a57267c758 Add a possibility to call PSA_INIT without MBEDTLS_PSA_CRYPTO_C 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-09-02 04:05:37 -04:00
Andrzej Kurek
37a17e890c Enable PKCS5 in no-md builds in all.sh 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-09-02 04:05:33 -04:00
Andrzej Kurek
345a92b321 Adjust PKCS5 dependencies in check_config 
It's possible to build PKCS5 with PSA instead of MD
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-09-02 04:03:25 -04:00
Andrzej Kurek
65bf73ed6a Enable HMAC in config_psa.h regardless of MD availability 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-09-02 04:03:25 -04:00
Andrzej Kurek
ed98e95c81 Adjust pkcs5 test dependencies 
Hashing via PSA is now supported 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-09-02 04:03:25 -04:00
Andrzej Kurek
890e78ae66 Deprecate mbedtls_pkcs5_pbkdf2_hmac 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-09-02 04:03:25 -04:00
Andrzej Kurek
dd36c76f09 Provide a version of pkcs5_pbkdf2_hmac without MD usage 
Use the new implementation locally
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-09-02 04:03:25 -04:00
Manuel Pégourié-Gonnard
97fc247d6a Merge pull request #6232 from AndrzejKurek/pkcs12-no-md 
Remove MD dependency from pkcs12 module
 2022-09-02 09:43:13 +02:00
Nick Child
62b2d7e7d4 pkcs7: Support verification of hash with multiple signers 
Make `mbedtls_pkcs7_signed_hash_verify` loop over all signatures in the
PKCS7 structure and return success if any of them verify successfully.

Signed-off-by: Nick Child <nick.child@ibm.com>
 2022-09-01 19:45:41 -05:00
Daniel Axtens
3538479faa pkcs7: support multiple signers 
Rather than only parsing/verifying one SignerInfo in the SignerInfos
field of the PKCS7 stucture, allow the ability to parse and verify more
than one signature. Verification will return success if any of the signatures
produce a match.

Signed-off-by: Daniel Axtens <dja@axtens.net>
Signed-off-by: Nick Child <nick.child@ibm.com>
 2022-09-01 19:45:41 -05:00
Nick Child
8a10f66692 test/pkcs7: Add init for PSA tests 
Initialize the PSA subsystem in the test functions.

Signed-off-by: Nick Child <nick.child@ibm.com>
 2022-09-01 19:45:41 -05:00
Nick Child
5d881c36ea pkcs7: Change copyright 
Signed-off-by: Nick Child <nick.child@ibm.com>
 2022-09-01 19:45:41 -05:00
Nick Child
45525d3768 pkcs7: Fix dependencies for pkcs7 tests 
Fixes include removing PEM dependency for greater
coverage when PEM config is not set and defining
test dependencies at the appropriate level.

Signed-off-by: Nick Child <nick.child@ibm.com>
 2022-09-01 19:45:41 -05:00
Nick Child
6427b34dec pkcs7.c: Use pkcs7_get_version for signerInfo 
The function pkcs7_get_version can be used again
when parsing the version of the signerInfo. Both
require that the version be equal to 1. The
pkcs7_get_version function will return error
if the found value is not the expected version
as opposed to mbedtls_asn1_get_int which does not.

Signed-off-by: Nick Child <nick.child@ibm.com>
 2022-09-01 19:45:41 -05:00
Nick Child
6671841d91 pkcs7.c: Do not ignore return value of mbedlts_md 
CI was failing due to the return value of mbedtls_md being ignored.
If this function does fail, return early and propogate the md error.

Signed-off-by: Nick Child <nick.child@ibm.com>
 2022-09-01 19:45:41 -05:00
Manuel Pégourié-Gonnard
600bd30427 Avoid unwanted eol conversion of test data 
Also, text files don't need to be generated by the Makefile.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-09-01 19:45:41 -05:00
Nick Child
390e61a47a pkcs7.h: Make pkcs7 fields private 
All fields in the mbedtls_pkcs7 struct have been made private with MBEDTLS_PRIVATE.

Signed-off-by: Nick Child <nick.child@ibm.com>
 2022-09-01 19:45:41 -05:00
Nick Child
c448c94fe3 pkcs7: pkcs7_get_content_info_type should reset *p on error 
The function `pkcs7_asn1_get_tag` should return an update pointer only
on success. Currently, the pointer is being updated on a failure case.
This commit resets *p to start if the first call to
mbedtls_asn1_get_tag fails.

Signed-off-by: Daniel Axtens <dja@axtens.net>
Signed-off-by: Nick Child <nick.child@ibm.com>
 2022-09-01 19:45:41 -05:00
Nayna Jain
136c6aa467 mbedtls: add pkcs7 test data 
This commit adds the static test data generated by
commands from Makefile.

Signed-off-by: Nayna Jain <nayna@linux.ibm.com>
 2022-09-01 19:45:41 -05:00
Nayna Jain
106a0afc5a pkcs7: provide fuzz harness 
This allows for pkcs7 fuzz testing with OSS-Fuzz.

Signed-off-by: Daniel Axtens <dja@axtens.net>
Signed-off-by: Nayna Jain <nayna@linux.ibm.com>
 2022-09-01 19:45:41 -05:00
Daniel Axtens
aa91d4ef0b pkcs7: build under CMake 
The patch updates CMakeLists.txt to include pkcs7.

Signed-off-by: Daniel Axtens <dja@axtens.net>
 2022-09-01 19:45:41 -05:00
Nayna Jain
ca07f06024 mbedtls: add pkcs7 in generate_errors.pl 
This patch updates the generate_errors.pl to handle
PKCS7 code as well.

Signed-off-by: Nayna Jain <nayna@linux.ibm.com>
 2022-09-01 19:45:41 -05:00
Nayna Jain
673a226698 pkcs7: add support for signed data 
OpenSSL provides APIs to generate only the signted data
format PKCS7 i.e. without content type OID. This patch
adds support to parse the data correctly even if formatted
only as signed data

Signed-off-by: Nayna Jain <nayna@linux.ibm.com>
 2022-09-01 19:45:41 -05:00
Nayna Jain
c9deb184b0 mbedtls: add support for pkcs7 
PKCS7 signing format is used by OpenPOWER Key Management, which is
using mbedtls as its crypto library.

This patch adds the limited support of pkcs7 parser and verification
to the mbedtls. The limitations are:

* Only signed data is supported.
* CRLs are not currently handled.
* Single signer is supported.

Signed-off-by: Daniel Axtens <dja@axtens.net>
Signed-off-by: Eric Richter <erichte@linux.ibm.com>
Signed-off-by: Nayna Jain <nayna@linux.ibm.com>
 2022-09-01 19:45:33 -05:00