Paul Elliott
d925ee0a6e
Set ChangeLog version and release date
...
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-07-01 17:58:07 +01:00
Paul Elliott
bece7374ce
Bump Library Version Number
...
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-07-01 17:52:07 +01:00
Paul Elliott
671233280e
Build aggregated ChangeLog
...
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-07-01 17:37:55 +01:00
Paul Elliott
4128c2032e
Merge remote-tracking branch 'restricted/development_2.x-restricted' into mbedtls-2.27.0rc0-pr
2021-07-01 17:26:38 +01:00
Dave Rodgman
ba940cc695
Merge pull request #4182 from gabor-mezei-arm/3258_implement_one-shot_MAC_and_cipher
...
[Backport 2.x] Implement one-shot cipher
2021-06-30 17:04:11 +01:00
Dave Rodgman
af9b4841fb
Merge pull request #4605 from gabor-mezei-arm/3267_sign_verify_key_policies
...
[Backport 2.x] Key policy extension for PSA_KEY_USAGE_SIGN/VERIFY_HASH
2021-06-30 14:51:03 +01:00
gabor-mezei-arm
e4be8a3bea
Remove obsolete comment
...
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-06-30 10:34:28 +02:00
gabor-mezei-arm
05dac4a20b
Give a better name for struct member
...
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-06-30 10:31:18 +02:00
Dave Rodgman
0a4046e9ca
Merge pull request #4736 from daverodgman/alert_bugfixes_2.x
...
Backport 2.x: Fix alert raised for invalid fragment length
2021-06-30 09:02:49 +01:00
Dave Rodgman
7ed75e21c9
Correct required config flag in ECJPAKE tests
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2021-06-29 21:15:58 +01:00
gabor-mezei-arm
252304594b
Fix minor issues
...
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-06-29 19:06:30 +02:00
gabor-mezei-arm
a3669ac7e7
Restoring the multi-part cipher_verify_output() testing
...
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-06-29 18:58:42 +02:00
Gilles Peskine
bdba86f4d5
Merge pull request #4718 from nick-child-ibm/hash_len_devel
...
Backport 2.x: pk.c: Ensure min hash_len in pk_hashlen_helper
2021-06-29 18:16:51 +02:00
gabor-mezei-arm
3ea27325c9
Fix pylint issue
...
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-06-29 17:21:21 +02:00
gabor-mezei-arm
809634d5d9
Check the return status of the functions first
...
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-06-29 16:49:51 +02:00
gabor-mezei-arm
42373bdde7
Add buffer overflow check
...
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-06-29 16:49:51 +02:00
gabor-mezei-arm
6f8d43df20
Remove invalid buffer overflow check
...
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-06-29 16:39:49 +02:00
Dave Rodgman
0dfb7dbe15
TLS UNSUPPORTED_EXTENSION error code changes
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2021-06-29 15:21:44 +01:00
Dave Rodgman
de8c91bbae
Improve Changelog for TLS alert codes
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2021-06-29 14:43:09 +01:00
gabor-mezei-arm
ea840dea61
Return iterator instead of list
...
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-06-29 15:42:57 +02:00
gabor-mezei-arm
912eca3847
Rename function
...
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-06-29 15:39:56 +02:00
Nick Child
8930e14f3a
test_suite_pk.function: Do not use MD_MAX_SIZE
...
In order to for tests to pass from the previous commit (which it mandatory for all pk verify/sign
functions to be given a hash_len that is exactly equal to the message digest length of md_alg) the
hash_len that is supplied to the fucntion cannot be MBEDTLS_MD_MAX_SIZE. This would result in all tests failing. Since the md alg for all of these funtions are SHA256, we can use mbedtls functions to get
the required length of a SHA256 digest (32 bytes). Then that number can be used for allocating the
hash buffer.
Signed-off-by: Nick Child <nick.child@ibm.com>
2021-06-29 09:31:06 -04:00
Nick Child
b6d5693be2
pk.c: Ensure hash_len equals hash in pk_hashlen_helper
...
The function `pk_hashlen_helper` exists to ensure a valid hash_len is
used in pk_verify and pk_sign functions. This function has been
used to adjust to the corrsponding hash_len if the user passes in 0
for the hash_len argument based on the md algorithm given. If the user
does not pass in 0 as the hash_len, then it is not adjusted. This is
problematic if the user gives a hash_len and hash buffer that is less than the
associated length of the md algorithm. This error would go unchecked
and eventually lead to buffer overread when given to specific pk_sign/verify
functions, since they both ignore the hash_len argument if md_alg is not MBEDTLS_MD_NONE.
This commit, adds a conditional to `pk_hashlen_helper` so that an
error is thrown if the user specifies a hash_length (not 0) and it is
not equal to the expected for the associated message digest algorithm.
This aligns better with the api documentation where it states "If
hash_len is 0, then the length associated with md_alg is used instead,
or an error returned if it is invalid"
Signed-off-by: Nick Child <nick.child@ibm.com>
Signed-off-by: Nayna Jain <nayna@linux.ibm.com>
2021-06-29 09:31:06 -04:00
gabor-mezei-arm
e4b7499f74
Refactor handlibg of the key usage flags
...
Move implicit usage flags handling to the StorageKey class.
Create a subclass for test case data.
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-06-29 15:29:24 +02:00
gabor-mezei-arm
61739e3fd3
Fix changelog entry
...
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-06-29 11:22:34 +02:00
gabor-mezei-arm
5071a2e30e
Use regexp pattern instaed of string
...
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-06-29 11:19:41 +02:00
gabor-mezei-arm
7e0d724d40
Keep the imported classes sorted
...
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-06-29 11:17:14 +02:00
gabor-mezei-arm
7b302089b1
Update key policy testing test cases
...
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-06-29 11:08:47 +02:00
gabor-mezei-arm
5eca4f2bb5
Rename test cases
...
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-06-29 11:07:34 +02:00
gabor-mezei-arm
659af9e2f3
Remove unneeded test case parameter
...
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-06-29 11:06:16 +02:00
Dave Rodgman
dd5f624f32
Fix TLS alert codes
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2021-06-29 09:45:08 +01:00
gabor-mezei-arm
7a163603ea
Add changelog entry
...
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-06-28 21:36:58 +02:00
gabor-mezei-arm
805c735a8b
Move key type validation to crypto_knowledge
...
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-06-28 21:36:58 +02:00
gabor-mezei-arm
5ea30377d3
Refactor key generation
...
Remove the key builder and use iterator instead of lists.
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-06-28 21:36:58 +02:00
gabor-mezei-arm
acfcc18697
Rename variables and funcions
...
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-06-28 19:39:31 +02:00
gabor-mezei-arm
e84d321317
Use string in dict instead of Expr object
...
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-06-28 16:54:11 +02:00
gabor-mezei-arm
4781263704
Remove unnecessary test cases
...
It is enough only one test case for a key type, algorithm pair when
testing the implicit usage flags.
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-06-28 16:41:36 +02:00
gabor-mezei-arm
927742ec71
Add better name for variables
...
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-06-28 16:41:35 +02:00
gabor-mezei-arm
705c452fd0
Simplify code
...
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-06-28 16:41:35 +02:00
gabor-mezei-arm
6c18541a5e
Fix comment
...
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-06-28 16:41:31 +02:00
gabor-mezei-arm
79df41dfca
Remove unneeded test case parameter
...
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-06-28 15:37:36 +02:00
gabor-mezei-arm
58e510f201
Simplify test function
...
Use the updated usage flags as expected.
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-06-28 15:37:36 +02:00
gabor-mezei-arm
ff03fd6213
Rename function to conform to the library
...
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-06-28 15:37:36 +02:00
gabor-mezei-arm
7907be3f32
Give better name for test cases
...
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-06-28 15:37:36 +02:00
gabor-mezei-arm
7d2ec9a223
Fix generated file modification
...
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-06-28 15:28:36 +02:00
gabor-mezei-arm
bce8527698
Fix test case duplication
...
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-06-28 15:28:36 +02:00
gabor-mezei-arm
b92d61b7e6
Fix pylint issues
...
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-06-28 15:28:36 +02:00
gabor-mezei-arm
de25402300
Fix tests
...
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-06-28 15:28:36 +02:00
gabor-mezei-arm
044fefcdfb
Add test case generation for usage extensions when loading keys
...
Add test cases validating that if a stored key only had the hash policy,
then after loading it psa_get_key_attributes reports that it also has the
message policy, and the key can be used with message functions.
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-06-28 15:28:36 +02:00
gabor-mezei-arm
15c1f03f78
Add key usage policy extension support for key generation
...
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-06-28 15:28:34 +02:00