ARMmbed/mbedtls
1
0
Fork 0
mirror of https://github.com/ARMmbed/mbedtls.git synced 2025-06-12 17:42:35 +08:00
Code Issues Releases Wiki Activity
31,057 Commits 172 Branches 268 Tags
Commit Graph

31057 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Ronald Cron
d64fcee58c tests: ssl: Fix dependencies of SRV TLS 1.3 session serialization tests 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-04-02 12:25:56 +02:00
Valerio Setti
390f276822 pk: fix unused variable in copy_from_psa() 
key_bits is unused when neither MBEDTLS_RSA_C or MBEDTLS_PK_HAVE_ECC_KEYS
are defined.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-04-02 11:31:33 +02:00
Valerio Setti
7126ba52e0 test_suite_pk: add python script to generate predefined keys 
This commit adds "generate_test_keys.py" script to generate
predefined keys used in test_suite_pk. Keys are generated with
"programs/pkey/gen_key" tool and converted to C array using
the python script.

tests/src/test_keys.h is automatically generated using the
above mentioned script.

test_suite_pk is updated in order to use the new format.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-04-02 10:11:34 +02:00
Paul Elliott
30978ec650
Merge pull request #8874 from stevenwdv/development 
Fix compilation on macOS without apple-clang
 2024-03-29 13:59:36 +00:00
Valerio Setti
28c41ad2e9 test_suite_pk: simplify pk_psa_genkey() 
Instead of using PK module to import/export the key in a PSA friendly
format:

- for RSA keys we use the DER input data directly;
- for EC keys we extract the private key manually.

This helps avoiding dependencies from PK_WRITE and PK_PARSE.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-03-29 12:47:33 +01:00
Valerio Setti
d8896d650f test_suite_pk: simplify pk_genkey() 
Add pk_info parameter in order to ease the requirements on the provided
PK context. Now it can simply be initialized, but not setup.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-03-29 09:50:20 +01:00
Valerio Setti
fdef82c9de test_suite_pk: fix key_id initialization value 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-03-28 16:10:34 +01:00
Valerio Setti
56708133ea test_suite_pk: use look-up table instead of file for the predefined keys 
This helps dropping dependency on FS_IO.
This commit also removes DER files that were previusly added and which
are not more needed/used.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-03-28 16:10:13 +01:00
minosgalanakis
e146940714
Merge pull request #1216 from Mbed-TLS/mbedtls-3.6.0_mergeback 
Mbedtls 3.6.0 mergeback
 2024-03-28 14:31:03 +00:00
Minos Galanakis
9860056006 Revert "Autogenerated files for 3.6.0" 
This reverts commit e8a6833b2878f1c08b8f96fe35e2812367e32ef3.

Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2024-03-27 17:36:15 +00:00
Valerio Setti
5b94a02535 test_suite_pk: remove PSA_WANT_KEY_TYPE_[ECC/RSA]_KEY_PAIR_GENERATE dependencies 
EC and RSA keys are now loaded from a file so there is no need
to generate them at runtime.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-03-27 12:37:41 +01:00
Valerio Setti
d44f99a8a5 test_suite_pk: modify pk_psa_genkey() in order to use predefined keys 
Use predefined keys instead of generating them at runtime as already
done for pk_genkey().

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-03-27 12:37:40 +01:00
Valerio Setti
c43a7a522e test_suite_pk: use a single helper function to generate PSA keys 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-03-27 12:36:15 +01:00
Valerio Setti
414daf1d07 test_suite_pk: modify pk_genkey() in order to use predefined keys 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-03-27 12:36:14 +01:00
Valerio Setti
561e29e5da test-data: add predefined RSA and EC keys 
Automatically generated with the following bash script:

```
LIST="secp521r1 brainpoolP512r1 secp384r1 brainpoolP384r1 secp256r1 secp256k1
    brainpoolP256r1 secp224r1 secp224k1 secp192r1 secp192k1 x25519 x448"

for item in $LIST; do
    ./programs/pkey/gen_key type=ec ec_curve=$item filename="tests/data_files/ec_$item.der" format=der
done

LIST="1024 1026 1028 1030 2048 4096"

for item in $LIST; do
    ./programs/pkey/gen_key type=rsa rsa_keysize=$item filename="tests/data_files/rsa_$item.der" format=der
done
```

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-03-27 12:33:30 +01:00
Ronald Cron
ceae4f85ea ssl-opt.sh: Add tests where tickets are ignored 
Add tests where we explicitely check that
tickets are ignored on client side when
the support is not enabled.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-27 09:37:37 +01:00
Ronald Cron
7df18bc210 tls13: cli: Ignore tickets if not supported 
If a TLS 1.3 client receives a ticket and
the feature is not enabled, ignore it.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-27 09:37:37 +01:00
Norbert Fabritius
4f1c9278cc ssl-opt.sh: Add missing MBEDTLS_SSL_SESSION_TICKETS dependencies 
Signed-off-by: Norbert Fabritius <norbert.fabritius@esrlabs.com>
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-27 09:37:37 +01:00
Norbert Fabritius
d30e91150e all.sh: Add component testing default minus session tickets 
Signed-off-by: Norbert Fabritius <norbert.fabritius@esrlabs.com>
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-27 09:37:37 +01:00
Ronald Cron
161e14faf6 tests: ssl: Fix dependencies of TLS 1.3 session serialization tests 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-27 09:37:37 +01:00
Ronald Cron
8d15e0114b tests: ssl: Add hostname checks in session serialization tests 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-27 09:37:31 +01:00
Ronald Cron
ad0ee1a7c4 tests: ssl: Remove redundant test 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-27 09:18:04 +01:00
Ronald Cron
18b92a1aec tests: ssl: Fix session field guards 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-27 09:07:50 +01:00
Norbert Fabritius
d36913a58f Constify parameter of ssl_tls13_session_load 
Signed-off-by: Norbert Fabritius <norbert.fabritius@esrlabs.com>
 2024-03-27 08:22:53 +01:00
Norbert Fabritius
8ceeff95e9 Enable ssl_tls13_get_ciphersuite_hash_alg only if macro is active 
Signed-off-by: Norbert Fabritius <norbert.fabritius@esrlabs.com>
 2024-03-27 08:22:53 +01:00
Norbert Fabritius
d60aef0f1b Unconditionally define session variable 
Signed-off-by: Norbert Fabritius <norbert.fabritius@esrlabs.com>
 2024-03-27 08:22:53 +01:00
Ronald Cron
1f045f3a0c tls13: srv: Fix guards of _is_psk_(ephemeral_)available 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-27 08:22:53 +01:00
Norbert Fabritius
96eed725e1 Guard ticket specific TLS 1.3 function with macro 
Guard ssl_tls13_write_new_session_ticket_coordinate with
MBEDTLS_SSL_SESSION_TICKETS macro.

Signed-off-by: Norbert Fabritius <norbert.fabritius@esrlabs.com>
 2024-03-27 08:22:53 +01:00
minosgalanakis
2ca6c285a0
Merge pull request #1215 from Mbed-TLS/mbedtls-3.6.0rc1-pr 
Mbedtls 3.6.0rc1
mbedtls-3.6.0 v3.6.0 		2024-03-26 14:58:02 +00:00
Minos Galanakis
078f823843 Merge pull request #8990 from tom-cosgrove-arm:record-size-limit-support-is-now-released 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2024-03-26 12:32:00 +00:00
Minos Galanakis
a11b9d69dd Merge pull request #8989 from tom-cosgrove-arm:fix-typo-in-psa_key_production_parameters_t-doc 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2024-03-26 12:31:38 +00:00
Tom Cosgrove
f02c6ef86d Fix typo in psa_key_production_parameters_t doc: 65535 should be 65537 
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
 2024-03-26 12:25:07 +00:00
Tom Cosgrove
1b3b1743f5 Record size limit support is released, so remove warning about only for testing 
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
 2024-03-26 12:23:49 +00:00
Valerio Setti
ec2cfb042c test_suite_pk: test check_pair() also with opaque RSA keys 
check_pair() is not supported by opaque RSA keys, but we want
to be sure that calling this functions fails nicely instead
for crashing.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-03-25 14:46:45 +01:00
Valerio Setti
f9f63edbe4 pk: fix typos in description of mbedtls_pk_setup_opaque() 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-03-25 09:38:05 +01:00
minosgalanakis
7424296082
Merge pull request #1213 from Mbed-TLS/mbedtls-3.6.0rc0-pr 
Mbedtls 3.6.0 Release Candidate
 2024-03-22 22:50:33 +00:00
Minos Galanakis
e8a6833b28 Autogenerated files for 3.6.0 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2024-03-22 16:00:55 +00:00
Minos Galanakis
8d94aec75c Fix some Changelog typos 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2024-03-22 16:00:55 +00:00
Valerio Setti
ac81e23c33 pk: add check_pair info to mbedtls_pk_setup_opaque() documentation 
This also updates use-psa-crypto.md accordingly.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-03-22 14:36:41 +01:00
Valerio Setti
f0d4c9a7e2 test_suite_pk: add failing check for sign_ext() in pk_psa_wrap_sign_ext() 
If the wrapped key has a PKCS1 v1.5 signature algorithm, then try
to call sign_ext() to perform PSA RSS. Of course this will fail
because it's not supported by the wrapped key.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-03-22 14:36:41 +01:00
Valerio Setti
afa6d51442 pk: simplify mbedtls_pk_sign_ext() 
In case of opaque keys skip the check of the supported primary/enrollment
algorithms. Just try to perfom the signature and if the wrapped key
does not support RSA PSS the operation will fail automatically.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-03-22 14:36:38 +01:00
Minos Galanakis
4492dbd286 Version Bump for 3.6.0 
./scripts/bump_version.sh --version 3.6.0 --so-crypto 16 --so-x509 7  --so-tls 21

Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2024-03-22 11:46:25 +00:00
Minos Galanakis
2c1daef183 Assemble Changelog 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2024-03-22 11:46:25 +00:00
Minos Galanakis
96948e9a7b Merge pull request #8980 from adeaarm/fix_jinja_template 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2024-03-22 11:44:46 +00:00
Antonio de Angelis
700632eca2 Fix #ifdef guard in driver wrapper template 
The #ifdef guard in the get_builtin_key() should be
PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT to allow for
multiple drivers to be plugged into the wrapper.

Signed-off-by: Antonio de Angelis <antonio.deangelis@arm.com>
 2024-03-22 11:43:19 +00:00
Manuel Pégourié-Gonnard
611f899c0c
Merge pull request #8957 from valeriosetti/issue8836 
Unify consistency tests for mbedtls_pk_import_into_psa and mbedtls_pk_copy_from_psa
 2024-03-22 08:57:45 +00:00
Manuel Pégourié-Gonnard
e2925efa42
Merge pull request #8967 from ronald-cron-arm/improve-version-selection-tests-titles 
ssl-opt.sh: Improve version selection test titles
 2024-03-22 08:52:39 +00:00
Valerio Setti
42a3954cd3 pk: fix description of mbedtls_pk_setup_opaque for sign_ext() 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-03-21 16:55:24 +01:00
Valerio Setti
fc6b22c95c pk: fix indentation in description of mbedtls_pk_setup_opaque() 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-03-21 16:55:24 +01:00
Valerio Setti
80cd479fe0 pk: fix description of mbedtls_pk_setup_opaque() 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-03-21 16:55:24 +01:00