yuzu-mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-mirror/mbedtls.git synced 2025-12-06 07:12:32 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity
21056 commits 89 branches 205 tags 114 MiB
Commit graph

7077 commits

Author SHA1 Message Date
Ronald Cron 067a1e735e tls13: Try reasonable sig alg for CertificateVerify signature 
Instead of fully validating beforehand
signature algorithms with regards to the
private key, do minimum validation and then
just try to compute the signature. If it
fails try another reasonable algorithm if any.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-09-20 14:30:13 +02:00
Ronald Cron 67ea2543ed tls13: server: Add sig alg checks when selecting best certificate 
When selecting the server certificate based on
the signature algorithms supported by the client,
check the signature algorithms as close as possible
to the way they are checked to compute the
signature for the server to prove it possesses
the private key associated to the certificate.

That way we minimize the odds of selecting a
certificate for which the server will not be
able to compute the signature to prove it
possesses the private key associated to the
certificate.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-09-20 14:26:32 +02:00
Przemek Stekiel c454aba203 ssl-opt.sh: add tests for key_opaque_algs option 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-09-15 14:22:29 +02:00
Manuel Pégourié-Gonnard 409a620dea
Merge pull request #6255 from mprse/md_tls13 
Driver-only hashes: TLS 1.3
 2022-09-15 10:37:46 +02:00
Manuel Pégourié-Gonnard 18dff1f226
Merge pull request #5871 from superna9999/4153-psa-expose-ec-j-pake 
Expose ECJPAKE through the PSA Crypto API
 2022-09-15 09:25:55 +02:00
Ronald Cron 62e24ba186
Merge pull request #6260 from yuhaoth/pr/add-multiple-pre-config-psks 
TLS 1.3:Add multiple pre-configured psk test for server
 2022-09-15 08:58:40 +02:00
Ronald Cron 208257b39f
Merge pull request #6259 from yuhaoth/pr/add-psk_ephemeral-possible-group-tests 
TLS 1.3: PSK: Add possible group tests for psk with ECDHE
 2022-09-14 14:21:46 +02:00
Jerry Yu 673b0f9ad3 Randomize order of psks 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-09-14 18:02:26 +08:00
Manuel Pégourié-Gonnard b2407f2b91
Merge pull request #6261 from mprse/hash_size_macro 
Create MBEDTLS_MAX_HASH_SIZE in hash_info.h
 2022-09-14 10:00:06 +02:00
Przemek Stekiel dcec7ac3e8 test_psa_crypto_config_accel_hash_use_psa: enable tls.1.3 at the end and adapt comment 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-09-13 18:08:54 +02:00
Przemek Stekiel a4af13a46c test_psa_crypto_config_accel_hash_use_psa: enable TLS 1.3 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-09-13 18:08:54 +02:00
Dave Rodgman 8cc46aa22c
Merge pull request #6275 from daverodgman/fixcopyright 
Correct copyright and license in crypto_spe.h
 2022-09-13 11:23:52 +01:00
Dave Rodgman 53a18f23ac Correct copyright and license in crypto_spe.h 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2022-09-12 17:57:32 +01:00
Andrzej Kurek d681746a51 Split some ssl-opt.sh test cases into two 
There's a slightly different behaviour without MBEDTLS_SSL_ASYNC_PRIVATE
that has to be handled.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-09-12 05:37:46 -04:00
Andrzej Kurek 07e3570f8c Add an ssl-opt.sh run to all.sh for the accel_hash_use_psa config 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-09-12 05:37:46 -04:00
Andrzej Kurek 934e9cd47f Switch to the new version of hash algorithm checking in ssl-opt.sh 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-09-12 05:34:23 -04:00
Andrzej Kurek 9c061a2d19 Add a posibility to check for the availability of hash algs to ssl-opt 
The new function now dispatches a check for either an MBEDTLS
or PSA define to check for SHA_XXX.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-09-12 05:34:23 -04:00
Manuel Pégourié-Gonnard f6a6a2d815
Merge pull request #6216 from AndrzejKurek/tls-tests-no-md-compat 
TLS without MD - compat.sh addition to all.sh hash acceleration tests
 2022-09-12 10:23:49 +02:00
Przemek Stekiel 40afdd2791 Make use of MBEDTLS_MAX_HASH_SIZE macro 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-09-06 14:18:45 +02:00
Neil Armstrong 2a73f21878 Fixup expected status handling in ecjpake_setup() and add more coverage for psa_pake_set_password_key() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-09-06 11:34:54 +02:00
Jerry Yu 58af2335d9 Add possible group tests for psk with ECDHE 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-09-06 14:49:39 +08:00
Jerry Yu 079472b4c9 Add multiple pre-configured psk test for server 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-09-06 11:44:18 +08:00
Neil Armstrong 78c4e8e9cb Make ecjpake_do_round() return void and use TEST_ASSERT with a descriptive text instead of returning a value 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-09-05 18:08:13 +02:00
Neil Armstrong 51009d7297 Add comment in ecjpake_do_round() explaining input errors can be detected any time in the input sequence 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-09-05 17:59:54 +02:00
Andrzej Kurek 5e0654a324 Add a compat.sh run to psa_crypto_config_accel_hash_use_psa 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-09-04 09:31:17 -04:00
Andrzej Kurek c502210291 Adjust pkparse test dependencies 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-09-02 15:33:20 -04:00
Andrzej Kurek 7a32072038 Setup / deinitialize PSA in pk tests only if no MD is used 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-09-02 04:07:15 -04:00
Andrzej Kurek 26909f348f Add PSA initialization and teardown to tests using pkcs5 
If PSA is defined and there is no MD - an initialization
is required.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-09-02 04:05:37 -04:00
Andrzej Kurek a57267c758 Add a possibility to call PSA_INIT without MBEDTLS_PSA_CRYPTO_C 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-09-02 04:05:37 -04:00
Andrzej Kurek 37a17e890c Enable PKCS5 in no-md builds in all.sh 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-09-02 04:05:33 -04:00
Andrzej Kurek ed98e95c81 Adjust pkcs5 test dependencies 
Hashing via PSA is now supported 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-09-02 04:03:25 -04:00
Andrzej Kurek dd36c76f09 Provide a version of pkcs5_pbkdf2_hmac without MD usage 
Use the new implementation locally
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-09-02 04:03:25 -04:00
Manuel Pégourié-Gonnard 97fc247d6a
Merge pull request #6232 from AndrzejKurek/pkcs12-no-md 
Remove MD dependency from pkcs12 module
 2022-09-02 09:43:13 +02:00
Andrzej Kurek 7bd12c5d5e Remove MD dependency from pkcs12 module 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-09-01 08:57:41 -04:00
Manuel Pégourié-Gonnard 0777ec1625
Merge pull request #6109 from superna9999/6100-crash-in-test-suite-x509write 
Crash in test suite x509write config full no seedfile
 2022-09-01 11:18:30 +02:00
Ronald Cron e00d6d6b55
Merge pull request #6135 from yuhaoth/pr/tls13-finalize-external-psk-negotiation 
TLS 1.3: SRV: Finalize external PSK negotiation
 2022-08-31 17:21:57 +02:00
Jerry Yu 6688669124 replace psk&dhe with psk_or_ephemeral 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-08-31 17:08:34 +08:00
Neil Armstrong e5fdf20a79 Make ecjpake_rounds test depends on PSA_WANT_ALG_TLS12_PSK_TO_MS 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-08-31 10:49:18 +02:00
Neil Armstrong eae1dfcc46 Change to more efficient error injection in ecjpake_do_round() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-08-31 10:49:18 +02:00
Neil Armstrong db5b960a7e Permit any psa_pake_input() step to fail when error injected in input 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-08-31 10:49:18 +02:00
Neil Armstrong 75673abef5 Only build ecjpake_do_round() is PSA_WANT_ALG_JPAKE is defined 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-08-31 10:49:18 +02:00
Neil Armstrong 8c2e8a6cda Add ecjpake_rounds_inject tests to exercise error injection 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-08-31 10:49:18 +02:00
Neil Armstrong f983caf6c4 Move JPAKE rounds into a common function, add reordering and error injection 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-08-31 10:49:18 +02:00
Neil Armstrong 1e855601ca Fix psa_pake_get_implicit_key() state & add corresponding tests in ecjpake_rounds() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-08-31 10:49:18 +02:00
Neil Armstrong a557cb8c8b Fixing XXX_ALG_ECJPAKE to XXX_ALG_JPAKE to match specification 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-08-31 10:49:18 +02:00
Neil Armstrong a24278a74a Add invalid hash ecjpake_setup() test case 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-08-31 10:49:18 +02:00
Neil Armstrong 9c8b492052 Add advanced psa_pake_input/psa_pake_output test in ecjpake_setup() test 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-08-31 10:49:18 +02:00
Neil Armstrong 50de0ae0c4 Add check calling psa_pake_setup() on an already initialized operation in ecjpake_setup() test 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-08-31 10:49:18 +02:00
Neil Armstrong 98506ab677 Add checks for INVALID_ARGUMENT for psa_pake_output/psa_pake_input in ecjpake_setup() test 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-08-31 10:49:18 +02:00
Neil Armstrong 645cccd6a8 Add checks for BAD_STATE before calling psa_pake_setup() in ecjpake_setup() test 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-08-31 10:49:18 +02:00