10e5cdbbbf
Merge pull request #5454 from gstrauss/cert_cb-user_data
...
server certificate selection callback
2022-03-10 11:51:42 +01:00
9c656ec718
Fix unused function warning
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com >
2022-02-26 19:56:12 +01:00
36872dbd0b
Provide means to reset handshake cert list
...
Extend mbedtls_ssl_set_hs_own_cert() to reset handshake cert list
if cert provided is null. Previously, mbedtls_ssl_set_hs_own_cert()
only provided a way to append to the handshake certificate list,
without providing a way to replace the handshake certificate list.
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com >
2022-02-25 19:55:48 -05:00
e858996413
Use PSA version of mbedtls_ct_hmac() in mbedtls_ssl_decrypt_buf()
...
Due to mbedtls_ct_hmac() implementation the decryption MAC key
must be exportable.
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com >
2022-02-25 15:17:50 +01:00
2968d306e4
Implement mbedtls_ct_hmac() using PSA hash API
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com >
2022-02-25 15:16:50 +01:00
cf8841a076
Remove non-PSA MAC keys in mbedtls_ssl_transform when MBEDTLS_USE_PSA_CRYPTO is defined
...
Also remove last usage of non-PSA MAC keys in ssl_decrypt_non_etm_cbc() SSL test.
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com >
2022-02-25 15:16:49 +01:00
4f091290bd
Remove Obsolete SSLs tests with truncated MAC tags & NULL/CBC cipher
...
These tests are related to an obsolete feature removed from the library.
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com >
2022-02-25 15:16:49 +01:00
f4cc062935
Setup MAC PSA keys in build_transforms() to pass ssl_crypt_record() with PSA crypto
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com >
2022-02-25 15:16:49 +01:00
46a1760922
Allow USE_PSA_CRYPTO for handshake TLS tests
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com >
2022-02-25 15:16:49 +01:00
4fded1359a
Use PSA_INIT()
...
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com >
2022-02-21 15:47:24 +01:00
5d7d201b87
Update test
...
Testing the hash length in this context is not applicable because there is no way
to specify it when calling mbedtls_psa_hkdf_extract.
Change to test invalid `alg` parameter.
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com >
2022-02-21 15:46:33 +01:00
ebc9368173
typo
...
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com >
2022-02-21 15:44:51 +01:00
298a2d6109
Use ASSERT_ALLOC
...
Change the calloc functions to ASSERT_ALLOC to check the
return value of calloc as well.
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com >
2022-02-21 15:43:52 +01:00
62bf024025
Make the mbedtls_psa_hkdf_extract function more PSA compatible
...
Change the return value to `psa_status_t`.
Add `prk_size` and `prk_len` parameters.
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com >
2022-02-21 15:42:57 +01:00
73cb6f54de
Add tests for mbedtls_psa_hkdf_extrct
...
The tests are based on the the test of mbedtls_hkdf_extract.
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com >
2022-02-21 15:41:42 +01:00
49d7ddf7f3
Serializing a context does not save the user data
...
The user data is typically a pointer to a data structure or a handle which
may no longer be valid after the session is restored. If the user data needs
to be preserved, let the application do it. This way, it is a conscious
decision for the application to save/restore either the pointer/handle
itself or the object it refers to.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com >
2022-02-21 15:14:01 +01:00
80dae04f24
Make user_data fields private
...
Add accessor functions.
Add unit tests for the accessor functions.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com >
2022-02-21 15:14:01 +01:00
1255b0de98
Positive unit testing for SSL context version functions
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com >
2022-02-21 15:14:01 +01:00
436b72690d
Merge pull request #5362 from yuhaoth/pr/enable-tls13-only-build
...
TLS1.3:Enable tls13 only build
2022-02-21 11:22:37 +00:00
baa4934e7b
Add check tests
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2022-02-21 09:06:00 +08:00
53d23e2c95
Guards tls_prf functions with TLS1_2
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2022-02-21 09:06:00 +08:00
cbe5ba500a
Add tests for mbedtls_psa_hkdf_expand
...
Add test cases which test psa_import_key and psa_mac_sign_setup
function call if they return error.
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com >
2022-02-17 17:01:49 +01:00
8e3602569b
Typo
...
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com >
2022-02-17 11:50:02 +01:00
d917081b8b
Typo
...
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com >
2022-02-15 16:25:27 +01:00
7381242748
Use PSA_INIT()
...
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com >
2022-02-15 16:24:58 +01:00
b35759ded8
Add tests for mbedtls_psa_hkdf_expand
...
The tests are based on the test of mbedtls_hkdf_expand.
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com >
2022-02-10 10:57:24 +01:00
5648d577a4
Optimize psa_cipher_encrypt_helper()
...
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com >
2022-02-03 14:55:24 +01:00
8c010eb467
Fix comments, code style, remove debug code
...
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com >
2022-02-03 14:55:24 +01:00
d66387f8fa
Init psa status to PSA_ERROR_CORRUPTION_DETECTED
...
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com >
2022-02-03 09:16:41 +01:00
f4facef9ba
Adapt ssl_decrypt_non_etm_cbc() test for psa crypto and remove redundant test cases
...
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com >
2022-02-03 09:16:41 +01:00
77aec8d181
Rename ssl_psa_status_to_mbedtls->psa_ssl_status_to_mbedtls
...
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com >
2022-01-31 20:22:53 +01:00
89dad93a78
Rename psa_status_to_mbedtls->ssl_psa_status_to_mbedtls and add conversion for PSA_ERROR_INVALID_SIGNATURE
...
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com >
2022-01-31 15:39:24 +01:00
4a36dd3da6
ssl test ssl_decrypt_non_etm_cbc(): add missing ret check
...
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com >
2022-01-31 15:38:29 +01:00
f4ca3f0e52
ssl test build_transforms(): in psa mode distinguish encrypt/decrypt keys
...
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com >
2022-01-31 15:38:29 +01:00
f57b45660d
Rename tls_mbedtls_cipher_to_psa() to be consistent with function naming convention.
...
New function name: mbedtls_ssl_cipher_to_psa().
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com >
2022-01-31 15:38:29 +01:00
93cf4eea67
Adapt test_suite_ssl for psa crypto
...
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com >
2022-01-31 15:38:29 +01:00
03e01461ad
Make KEY_ID_ENCODES_OWNER compatible with USE_PSA_CRYPTO
...
Fix library references, tests and programs.
Testing is performed in the already present all.sh test.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com >
2022-01-03 12:53:24 +01:00
6f135e1148
Rename MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL to MBEDTLS_SSL_PROTO_TLS1_3
...
As we have now a minimal viable implementation of TLS 1.3,
let's remove EXPERIMENTAL from the config option enabling
it.
Signed-off-by: Ronald Cron <ronald.cron@arm.com >
2021-12-10 13:47:55 +01:00
46a6c20d0c
Add checked returns to tests without them.
...
Signed-off-by: Paul Elliott <paul.elliott@arm.com >
2021-12-09 18:16:13 +00:00
d25fab6f79
Update based on comments
...
Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com >
2021-12-02 06:36:27 +00:00
746f9481ea
Fix 1_3/13 usages in macros and function names
...
Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com >
2021-11-26 08:08:36 +00:00
161d661d90
Merge pull request #5222 from paul-elliott-arm/fix_test_suite_ssl
...
Fix test_suite_ssl compilation errors with GCC11
2021-11-25 22:02:43 +01:00
21c8fe5c6e
Fix compilation errors.
...
Under gcc11(+) both message and received would cause errors for
potentially being used uninitialised. We fixed many of these issues in
another PR, but this one is only seen under certain configs.
Signed-off-by: Paul Elliott <paul.elliott@arm.com >
2021-11-24 17:19:51 +00:00
be7b21da22
Merge branch 'development' into 3649_move_constant_time_functions_into_separate_module
2021-11-24 10:44:13 +01:00
7f813d5d88
add group api tests
...
Signed-off-by: Brett Warren <brett.warren@arm.com >
2021-10-29 14:07:46 +01:00
22c9a6fccc
Rename internal header constant_time.h to constant_time_internal.h
...
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com >
2021-10-20 12:15:20 +02:00
90437e3762
Rename constant-time functions to have mbedtls_ct prefix
...
Rename functions to better suite with the module name.
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com >
2021-10-20 11:59:27 +02:00
9c1203fd67
Delete ssl_invasive.h due to duplicated function declarations
...
All function declaration provided by ssl_invasive.h is needed only for
testing purposes and all of them are provided by constant_time.h as well.
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com >
2021-09-28 16:28:44 +02:00
9fa43ce238
Rename function to have suitable name
...
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com >
2021-09-28 16:14:47 +02:00
2aec149e13
Merge pull request #4248 from hanno-arm/tls13_populate_transform
...
Fix and test compliance of TLS 1.3 record protection
2021-08-11 16:41:51 +01:00
