yuzu-mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-mirror/mbedtls.git synced 2026-03-20 20:25:41 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity
20951 commits 89 branches 205 tags 114 MiB
Commit graph

20951 commits

This branch
This branch
All branches
Author SHA1 Message Date
Paul Elliott 4bbe82bdcc Add transparent driver tests for M-AEAD 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2021-05-14 19:03:26 +01:00
Paul Elliott 0023e0a1de Add tests for multipart AEAD 
Just clone of one shot tests for now - all additional data and body data
is passed in in one go.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2021-05-14 19:03:26 +01:00
Paul Elliott fd3ca24e56 Move CCM ouput to update step. 
Move CCM to update all data at update step, as final step can only
output at most a block length, so outputting all data at this step
significantly breaks the tests. Had to add unpleasant workaround for the
validate stage, but this is the only way I can do things without
breaking CCM Alt implementations.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2021-05-14 19:03:26 +01:00
Paul Elliott 72c10082dd Fix logic issues with state checks 
Also fix missing return values.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2021-05-14 19:03:26 +01:00
Paul Elliott c4e1dcf006 Fix incorrect PSA key usage 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2021-05-14 19:03:26 +01:00
Paul Elliott 811d8d462f Fix incorrect enums being used 
Fix memory leak due to aead_abort() using incorrect enums to identify
algorithm used. Fix incorrect return on failure to check tag on
aead_verify()

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2021-05-14 19:03:26 +01:00
Paul Elliott 5653da0201 Fix errors with missing tests 
Return not supported for the time being whilst we don't have the
transparent driver tests done.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2021-05-14 19:03:26 +01:00
Paul Elliott 302ff6bdd6 Implement multipart AEAD PSA interface 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2021-05-14 19:03:26 +01:00
Paul Elliott 6504aa6451 First pass addition of driver wrappers 
Transparent driver test functions not yet implemented.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2021-05-14 19:03:26 +01:00
Paul Elliott adb8b16b16 Add internal implementation of multipart AEAD 
For the time being CCM and GCM are not entirely implemented correctly
due to issues with their underlying implentations, which would be
difficult to fix in 2.x, and thus require all the AD and data to be
passed in in one go.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2021-05-14 19:03:26 +01:00
Paul Elliott 07a30c4c00 Convert oneshot AEAD over to multipart struct 
Multipart AEAD operation struct has to be public as it's allocated by
the caller, so to save duplication of code, switch oneshot AEAD over to
using the multipart operation struct.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2021-05-14 19:03:26 +01:00
Hanno Becker 59b97bbe06 Fixup glitch in ChangeLog entry 
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2021-05-14 17:12:15 +01:00
Hanno Becker 8e184e2deb Add migration guide 
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2021-05-14 17:10:27 +01:00
Hanno Becker a808ec3f0d Add ChangeLog entry 
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2021-05-14 17:10:15 +01:00
Hanno Becker 541af8575e Use -1 instead of 1 as failure return value in internal SSL function 
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2021-05-14 16:49:01 +01:00
Hanno Becker 699d4d7df7 Add migration guide for new SSL ticket API 
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2021-05-14 16:36:44 +01:00
Hanno Becker 548b136e8f Add migration guide for removal of mbedtls_ssl_get_session_pointer() 
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2021-05-14 16:36:44 +01:00
Hanno Becker e810bbc1ac Implement 3.0-semantics for mbedtls_ssl_{get,set}_session() 
mbedtls_ssl_{get,set}_session() exhibited idempotent behaviour
in Mbed TLS 2.x. Multiple calls to those functions are not useful
in TLS 1.2, and the idempotent nature is unsuitable for support of
TLS 1.3 which introduces the availabilty to offer multiple tickets
for resumption, as well as receive multiple tickets.

In preparation for TLS 1.3 support, this commit relaxes the semantics
of `mbedtls_ssl_{get,set}_session()` by allowing implementations to
fail gracefully, and leveraging this freedom by modifying the
existing TLS 1.2 implementation to only accept one call to
`mbedtls_ssl_{get,set}_session()` per context, and non-fatally
failing all subsequent invocations.

For TLS 1.3, it will be leveraged by making multiple calls to
`mbedtls_ssl_get_session()` issue one ticket a time until no more
tickets are available, and by using multiple calls to
`mbedtls_ssl_set_session()` to allow the client to offer multiple
tickets to the server.

Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2021-05-14 16:27:54 +01:00
Hanno Becker 494dc71de8 Remove mbedtls_ssl_get_session_pointer() 
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2021-05-14 15:15:35 +01:00
Hanno Becker fc1f4135c3 Use memset( x, 0, sizeof( x ) ) to clear local structure 
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2021-05-14 14:57:54 +01:00
Hanno Becker 9caed14a21 Fix typo in ssl session cache documentation 
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2021-05-14 14:57:13 +01:00
Hanno Becker 78196e366f Fix search for outdated entries in SSL session cache 
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2021-05-14 14:55:15 +01:00
Hanno Becker c3f4a97b8f Don't infer last element of SSL session cache twice 
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2021-05-14 14:54:24 +01:00
Hanno Becker 466ed6fd08 Improve local variable naming in SSL session cache implementation 
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2021-05-14 14:54:00 +01:00
Hanno Becker 5cf6f7eafe Fix swapping of first and last entry in SSL session cache 
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2021-05-14 14:45:04 +01:00
TRodziewicz 1cf33bf94d Corrections o the migration guide 
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
 2021-05-14 14:35:26 +02:00
TRodziewicz 95f8f22c27 Migration guide added and ChangeLog clarified 
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
 2021-05-14 14:07:51 +02:00
Hanno Becker 006f2cce2e Fix compile-time guard in session cache implementation 
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2021-05-14 04:57:44 +01:00
Hanno Becker 0d05f40222 Clarify that session cache query must return free-able session 
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2021-05-14 04:57:43 +01:00
Hanno Becker b94fdae3c3 Improve code structure for session cache query 
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2021-05-14 04:57:40 +01:00
gabor-mezei-arm 07a35f68ee
Update key type name 
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
 2021-05-13 16:27:46 +02:00
gabor-mezei-arm d5218df572
Enable fallback to software implementation in psa_sign/verify_message driver 
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
 2021-05-13 11:19:01 +02:00
gabor-mezei-arm f048618b43
Unify variable type and rename to be unambiguous 
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
 2021-05-13 11:19:01 +02:00
gabor-mezei-arm 2b8373f856
Update documentation 
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
 2021-05-13 11:19:01 +02:00
gabor-mezei-arm 4bc0edb919
Typo 
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
 2021-05-13 11:19:01 +02:00
gabor-mezei-arm 041887bfc3
Update key usage determination for exercise key tests 
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
 2021-05-13 11:19:01 +02:00
gabor-mezei-arm 4a6fcda031
Typo 
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
 2021-05-13 11:19:01 +02:00
gabor-mezei-arm 256443e64e
Change the driver calling logic for psa_sign/verify_messsage 
The changed logic is to try a sign-message driver (opaque or transparent);
if there isn't one, fallback to builtin sofware and do the hashing,
then try a sign-hash driver. This will enable to the opaque driver
to fallback to software.

Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
 2021-05-13 11:19:00 +02:00
gabor-mezei-arm 6883fd248d
Rename sign/verify builtin functions called by driver wrapper functions 
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
 2021-05-13 11:19:00 +02:00
gabor-mezei-arm 6e2a8daef4
Add new tests for psa_sign/verify_message 
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
 2021-05-13 11:19:00 +02:00
gabor-mezei-arm d785a79477
Fix test 
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
 2021-05-13 11:19:00 +02:00
gabor-mezei-arm e088985496
Fix test names 
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
 2021-05-13 11:19:00 +02:00
gabor-mezei-arm ce8804fd6e
Update tests dependencies 
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
 2021-05-13 11:19:00 +02:00
gabor-mezei-arm 4fabc5666b
Use non-deterministic ecdsa algorithm for verify_hash/message tests 
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
 2021-05-13 11:18:59 +02:00
gabor-mezei-arm 474a35f635
Return error if algorithm is not hash-then-sign for psa_sign_message 
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
 2021-05-13 11:18:59 +02:00
gabor-mezei-arm 8b3e88614c
Use bool variable instead of enum values 
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
 2021-05-13 11:18:59 +02:00
gabor-mezei-arm 12b4f34fff
Fix documentation 
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
 2021-05-13 11:18:59 +02:00
gabor-mezei-arm 6cdf637f88
Use switch-case for error handling 
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
 2021-05-13 11:18:59 +02:00
gabor-mezei-arm 6dcaa3b5a1
Update driver tests for psa_hash/verify_message 
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
 2021-05-13 11:18:59 +02:00
gabor-mezei-arm f9820f92cf
Fix for algorithms other than hash-then-sign 
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
 2021-05-13 11:18:59 +02:00