ARMmbed/mbedtls
1
0
Fork 0
mirror of https://github.com/ARMmbed/mbedtls.git synced 2025-05-24 15:42:47 +08:00
Code Issues Releases Wiki Activity
23,079 Commits 172 Branches 268 Tags
Commit Graph

8019 Commits

Author SHA1 Message Date
Nick Child
34d5e931cf pkcs7: Use better return code for unimplemented specifications 
In response to feedback [1] [2], use MBEDTLS_ERR_PKCS7_FEATURE_UNAVAILABLE
instead of MBEDTLS_ERR_PKCS7_INVALID_FORMAT for errors due to the
pkcs7 implemntation being incomplete.

[1] https://github.com/Mbed-TLS/mbedtls/pull/3431#discussion_r953649079
[2] https://github.com/Mbed-TLS/mbedtls/pull/3431#discussion_r953658276

Signed-off-by: Nick Child <nick.child@ibm.com>
 2022-09-14 14:44:03 -05:00
Andrzej Kurek
4ba0e45f8e all.sh: don't build with ECJPAKE_TO_PMS if SHA256 is not available 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-09-14 14:58:49 -04:00
Nick Child
8a94de40c7 test/pkcs7: Reduce number of test functions 
In response to feedback[1], we can reuse much of the functions in
similar test cases by specifying some additional parameters.

Specifically, test cases which probe the functionality of
`mbedtls_pkcs7_parse_der` have all been merged into one test function.
Additionally, all test cases which examine the
`mbedtls_pkcs7_signed_data_verify` and `mbedtls_pkcs7_signed_hash_verify`
functions have been merged into two test functions (one for single and one
for multiple signers).

[1] https://github.com/Mbed-TLS/mbedtls/pull/3431#discussion_r953686780
Signed-off-by: Nick Child <nick.child@ibm.com>
 2022-09-14 11:27:29 -05:00
Werner Lewis
52ae326ebb Update references to file targets in docstrings 
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
 2022-09-14 16:52:45 +01:00
Werner Lewis
ac446c8a04 Add combination_pairs helper function 
Wrapper function for itertools.combinations_with_replacement, with
explicit cast due to imprecise typing with older versions of mypy.

Signed-off-by: Werner Lewis <werner.lewis@arm.com>
 2022-09-14 16:52:45 +01:00
Werner Lewis
b6e809133d Use typing.cast instead of unqualified cast 
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
 2022-09-14 16:52:45 +01:00
Andrzej Kurek
d8705bc7b7 Add tests for the newly created ad-hoc EC J-PAKE KDF 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-09-14 08:39:41 -04:00
Ronald Cron
208257b39f
Merge pull request #6259 from yuhaoth/pr/add-psk_ephemeral-possible-group-tests 
TLS 1.3: PSK: Add possible group tests for psk with ECDHE
 2022-09-14 14:21:46 +02:00
Jerry Yu
673b0f9ad3 Randomize order of psks 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-09-14 18:02:26 +08:00
Manuel Pégourié-Gonnard
b2407f2b91
Merge pull request #6261 from mprse/hash_size_macro 
Create MBEDTLS_MAX_HASH_SIZE in hash_info.h
 2022-09-14 10:00:06 +02:00
Przemek Stekiel
dcec7ac3e8 test_psa_crypto_config_accel_hash_use_psa: enable tls.1.3 at the end and adapt comment 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-09-13 18:08:54 +02:00
Przemek Stekiel
a4af13a46c test_psa_crypto_config_accel_hash_use_psa: enable TLS 1.3 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-09-13 18:08:54 +02:00
Dave Rodgman
8cc46aa22c
Merge pull request #6275 from daverodgman/fixcopyright 
Correct copyright and license in crypto_spe.h
 2022-09-13 11:23:52 +01:00
Jerry Yu
a02841bb8a revert changes on PSK tests 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-09-13 11:07:27 +08:00
Dave Rodgman
53a18f23ac Correct copyright and license in crypto_spe.h 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2022-09-12 17:57:32 +01:00
Werner Lewis
3dc45198e6 Replace L/R inputs with A/B 
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
 2022-09-12 17:35:27 +01:00
Werner Lewis
1fade8adb6 Move symbol definition out of __init__ 
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
 2022-09-12 17:34:15 +01:00
Andrzej Kurek
d681746a51 Split some ssl-opt.sh test cases into two 
There's a slightly different behaviour without MBEDTLS_SSL_ASYNC_PRIVATE
that has to be handled.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-09-12 05:37:46 -04:00
Andrzej Kurek
07e3570f8c Add an ssl-opt.sh run to all.sh for the accel_hash_use_psa config 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-09-12 05:37:46 -04:00
Andrzej Kurek
934e9cd47f Switch to the new version of hash algorithm checking in ssl-opt.sh 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-09-12 05:34:23 -04:00
Andrzej Kurek
9c061a2d19 Add a posibility to check for the availability of hash algs to ssl-opt 
The new function now dispatches a check for either an MBEDTLS
or PSA define to check for SHA_XXX.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-09-12 05:34:23 -04:00
Manuel Pégourié-Gonnard
f6a6a2d815
Merge pull request #6216 from AndrzejKurek/tls-tests-no-md-compat 
TLS without MD - compat.sh addition to all.sh hash acceleration tests
 2022-09-12 10:23:49 +02:00
Hannes Tschofenig
fd6cca4448 CID update to RFC 9146 
The DTLS 1.2 CID specification has been published as RFC 9146. This PR updates the implementation to match the RFC content.

Signed-off-by: Hannes Tschofenig <hannes.tschofenig@arm.com>
 2022-09-07 17:15:05 +02:00
Przemek Stekiel
40afdd2791 Make use of MBEDTLS_MAX_HASH_SIZE macro 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-09-06 14:18:45 +02:00
Neil Armstrong
2a73f21878 Fixup expected status handling in ecjpake_setup() and add more coverage for psa_pake_set_password_key() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-09-06 11:34:54 +02:00
Jerry Yu
58af2335d9 Add possible group tests for psk with ECDHE 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-09-06 14:49:39 +08:00
Jerry Yu
079472b4c9 Add multiple pre-configured psk test for server 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-09-06 11:44:18 +08:00
Neil Armstrong
78c4e8e9cb Make ecjpake_do_round() return void and use TEST_ASSERT with a descriptive text instead of returning a value 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-09-05 18:08:13 +02:00
Neil Armstrong
51009d7297 Add comment in ecjpake_do_round() explaining input errors can be detected any time in the input sequence 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-09-05 17:59:54 +02:00
Andrzej Kurek
5e0654a324 Add a compat.sh run to psa_crypto_config_accel_hash_use_psa 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-09-04 09:31:17 -04:00
Andrzej Kurek
c502210291 Adjust pkparse test dependencies 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-09-02 15:33:20 -04:00
Werner Lewis
855e45c817 Use simpler int to hex string conversion 
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
 2022-09-02 17:26:19 +01:00
Werner Lewis
56013081c7 Remove unused imports 
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
 2022-09-02 12:57:37 +01:00
Werner Lewis
a4668a6b6c Rework TestGenerator to add file targets 
BaseTarget-derived targets are now added to TestGenerator.targets in
initialization. This reduces repeated code in generate_xxx_tests.py
scripts which use this framework.

Signed-off-by: Werner Lewis <werner.lewis@arm.com>
 2022-09-02 11:56:34 +01:00
Tom Cosgrove
1135b20064 Add mbedtls_mpi_core_add_if() tests for when inputs are aliased 
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
 2022-09-02 11:46:18 +01:00
Tom Cosgrove
42dfac6ae8 Rename variables and update comments in mpi_core_mla test 
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
 2022-09-02 11:27:39 +01:00
Tom Cosgrove
a043aeb95c Rename variables and update comments in mpi_core_sub test 
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
 2022-09-02 11:27:39 +01:00
Tom Cosgrove
eceb4ccfc3 Rename variables and update comments in mpi_core_add_if test 
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
 2022-09-02 11:27:31 +01:00
Tom Cosgrove
1b2947a614 Remove mbedtls_ prefix from bignum test cases 
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
 2022-09-02 10:24:55 +01:00
Andrzej Kurek
7a32072038 Setup / deinitialize PSA in pk tests only if no MD is used 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-09-02 04:07:15 -04:00
Andrzej Kurek
26909f348f Add PSA initialization and teardown to tests using pkcs5 
If PSA is defined and there is no MD - an initialization
is required.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-09-02 04:05:37 -04:00
Andrzej Kurek
a57267c758 Add a possibility to call PSA_INIT without MBEDTLS_PSA_CRYPTO_C 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-09-02 04:05:37 -04:00
Andrzej Kurek
37a17e890c Enable PKCS5 in no-md builds in all.sh 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-09-02 04:05:33 -04:00
Andrzej Kurek
ed98e95c81 Adjust pkcs5 test dependencies 
Hashing via PSA is now supported 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-09-02 04:03:25 -04:00
Andrzej Kurek
dd36c76f09 Provide a version of pkcs5_pbkdf2_hmac without MD usage 
Use the new implementation locally
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-09-02 04:03:25 -04:00
Manuel Pégourié-Gonnard
97fc247d6a
Merge pull request #6232 from AndrzejKurek/pkcs12-no-md 
Remove MD dependency from pkcs12 module
 2022-09-02 09:43:13 +02:00
Nick Child
62b2d7e7d4 pkcs7: Support verification of hash with multiple signers 
Make `mbedtls_pkcs7_signed_hash_verify` loop over all signatures in the
PKCS7 structure and return success if any of them verify successfully.

Signed-off-by: Nick Child <nick.child@ibm.com>
 2022-09-01 19:45:41 -05:00
Daniel Axtens
3538479faa pkcs7: support multiple signers 
Rather than only parsing/verifying one SignerInfo in the SignerInfos
field of the PKCS7 stucture, allow the ability to parse and verify more
than one signature. Verification will return success if any of the signatures
produce a match.

Signed-off-by: Daniel Axtens <dja@axtens.net>
Signed-off-by: Nick Child <nick.child@ibm.com>
 2022-09-01 19:45:41 -05:00
Nick Child
8a10f66692 test/pkcs7: Add init for PSA tests 
Initialize the PSA subsystem in the test functions.

Signed-off-by: Nick Child <nick.child@ibm.com>
 2022-09-01 19:45:41 -05:00
Nick Child
45525d3768 pkcs7: Fix dependencies for pkcs7 tests 
Fixes include removing PEM dependency for greater
coverage when PEM config is not set and defining
test dependencies at the appropriate level.

Signed-off-by: Nick Child <nick.child@ibm.com>
 2022-09-01 19:45:41 -05:00