Jaeden Amero
c42dd60f1f
Merge remote-tracking branch 'origin/pr/1949' into development
2019-01-30 14:46:35 +00:00
Jaeden Amero
dac9f45e5a
Merge remote-tracking branch 'origin/pr/1551' into development
2019-01-30 13:24:55 +00:00
Jaeden Amero
e6e2686cf8
Merge remote-tracking branch 'origin/pr/2055' into development
...
Resolve conflicts in ctr_drbg.c where zeroization had been added upon
exit.
2019-01-30 13:23:03 +00:00
Jaeden Amero
ad88be05b6
Add ChangeLog entry for #2371
2019-01-30 13:19:01 +00:00
Jaeden Amero
730ecdf3b1
Merge remote-tracking branch 'origin/pr/2371' into development
2019-01-30 13:15:40 +00:00
Andrzej Kurek
92dd4d0307
ssl-opt.sh: add a test for "calc PSA finished" log to the PSA tests
2019-01-30 04:10:19 -05:00
Andrzej Kurek
683d77e836
ssl_opt: check client and server output for PSA calc verify in PSA tests
...
Increase debug level to 2 in PSA tests and check for "PSA calc verify"
to ensure that the PSA code is being run.
2019-01-30 03:50:42 -05:00
Andrzej Kurek
2ad229725c
ssl_tls: add psa_hash_abort when reseting checksum
2019-01-30 03:32:12 -05:00
Andrzej Kurek
972fba51ed
ssl_tls: rename sha_512_psa to sha_384_psa
2019-01-30 03:29:12 -05:00
Darryl Green
ec07950e53
Exclude ECDH and FFDH key agreement algorithms for now
2019-01-29 16:08:46 +00:00
Gilles Peskine
95ab71a19a
test_psa_constant_names: make tmp files easier to recognize
2019-01-29 16:08:46 +00:00
Gilles Peskine
17542086ab
Recognize kdf_alg as KDF algorithm parameter name
2019-01-29 16:08:46 +00:00
Gilles Peskine
6d194bd92b
Read constant names from crypto_extra.h as well as crypto_values.h
...
test_psa_constant_names.py was originally written before the split of
crypto.h into crypto_values.h and more, so it now needs to read
crypto_values.h as well.
In both generate_psa_constants.py and test_psa_constant_names.py, read
crypto_extra.h as well. We don't currently define any value there, but
it's plausible that we will one day.
2019-01-29 16:08:46 +00:00
Gilles Peskine
6a78573088
CMake: psa_constant_names and test_psa_constant_names
...
Build and install psa_constant_names.
Make sure that test_psa_constant_names passes in an out-of-tree build.
2019-01-29 16:08:46 +00:00
Gilles Peskine
f31dbb7bf1
CMake: build and install key_ladder_demo
2019-01-29 16:08:46 +00:00
Gilles Peskine
738f017c12
Fix the build of key_ladder_demo under Clang
...
Clang -Wall -Wincompatible-pointer-types-discards-qualifiers said:
thou shalt not put a string literal in a non-const char*.
2019-01-29 16:08:46 +00:00
Gilles Peskine
451e24c1d8
Fix out-of-tree builds that use the PSA crypto API headers
2019-01-29 16:08:46 +00:00
Gilles Peskine
265a171c52
Error out if a value is out of range
...
psa_status_t is currently a signed type where only non-negative values
are used, which makes things a bit awkward. For now, non-negative
values trigger an error. This code will need to be revised if we
switch to using negative values as error codes.
2019-01-29 16:08:46 +00:00
Gilles Peskine
182c2e9836
psa_constant_names: fix display for truncated unknown MAC/AEAD algorithm
2019-01-29 16:08:46 +00:00
Gilles Peskine
c68ce9637a
Exclude full-length-algorithm macros from testing
...
Calls to PSA_ALG_AEAD_WITH_DEFAULT_TAG_LENGTH and
PSA_ALG_FULL_LENGTH_MAC are not in canonical form, so exclude them
from the list of constructor macros to test.
2019-01-29 16:08:46 +00:00
Gilles Peskine
434899fccd
Test truncated MAC and AEAD algorithms
...
For MAC and AEAD algorithms, test the algorithm truncated to certain
lengths (1 and 63 bytes).
2019-01-29 16:08:46 +00:00
Gilles Peskine
f96ed6615c
Fix bug in distribute_arguments for multi-argument macros
2019-01-29 16:08:46 +00:00
Gilles Peskine
cf9c18e696
Add option to keep the temporary C files
...
Useful for debugging and for reviewing what test cases are generated.
2019-01-29 16:08:45 +00:00
Gilles Peskine
a0a315c815
Add location information to input processing exceptions
...
If parsing fails, report the input file name and line number.
If distribute_arguments fails, report for what name.
2019-01-29 16:08:45 +00:00
Gilles Peskine
377c6832a2
Test psa_constant_names in all.sh
2019-01-29 16:08:44 +00:00
Gilles Peskine
2482702d15
Test program for psa_constant_names
...
Test psa_constant_names on many inputs. For each input, find out the
numerical value by compiling and running a C program, pass the
numerical value to psa_constant_names and compare the output with the
original input.
Gather inputs by parsing psa/crypto.h and
test_suite_psa_crypto_metadata.data. For macros that take an argument,
list some possible arguments using the parsed data.
2019-01-29 16:07:45 +00:00
Gilles Peskine
567840e335
Support multiple values on the command line
2019-01-29 16:07:45 +00:00
Andrzej Kurek
eb342241a5
ssl_tls: use PSA to compute running handshake hash for TLS 1.2
2019-01-29 09:14:33 -05:00
Hanno Becker
62efb9c3ba
Update crypto submodule to merge commit of sibling PR
2019-01-29 10:14:20 +00:00
Jaeden Amero
472c20b4f2
Merge pull request #28 from hanno-arm/ec_pubkey_fmt_adapt_ecdsa_verify_wrap
...
Adapt ECDSA wrapper to new EC public key format
2019-01-29 10:01:50 +00:00
Hanno Becker
ccf574e030
Fix outdated comment in ecdsa_verify_wrap()
2019-01-29 08:26:15 +00:00
Hanno Becker
d288494c3a
Fix outdated comment in ecdsa_verify_wrap()
2019-01-29 08:21:24 +00:00
Andrzej Kurek
2d4faa6afa
ssl_tls: remove redundant status check
2019-01-29 03:14:15 -05:00
Gilles Peskine
6b156df1ba
Don't consider RIPEMD160 a PSA_ALG_ANY_HASH candidate
...
Some parts of the library don't support it, such as RSA PKCS#1v1.5
signature.
2019-01-28 15:43:19 +01:00
Gilles Peskine
8c1247fec9
Add psa_copy_key tests with policy constraints
...
Test a few cases. The logic to combine the constraint is similar to
the logic to combine the source and target, so it's ok to have less
parameter domain coverage for constraints.
2019-01-28 14:55:16 +01:00
Gilles Peskine
57ab721d8a
Test psa_copy_key
...
Split the testing into tests that exercise policies in
test_suite_psa_crypto and tests that exercise slot content (slot
states, key material) in test_suite_psa_crypto_slot_management.
Test various cases of source and target policies with and without
wildcards. Missing: testing of the policy constraint on psa_copy_key
itself.
Test several key types (raw data, AES, RSA). Test with the
source or target being persistent.
Add failure tests (incompatible policies, source slot empty, target
slot occupied).
2019-01-28 14:55:06 +01:00
Jaeden Amero
fa6f146bba
Merge pull request #30 from orenc17/its_update
...
Use new ITS uid type
2019-01-28 13:41:58 +00:00
Gilles Peskine
122d002912
Fix memory leak in psa_copy_key
2019-01-28 14:41:11 +01:00
Gilles Peskine
f603c718c9
New function psa_copy_key
...
Copy a key from one slot to another.
Implemented and smoke-tested.
2019-01-28 14:41:11 +01:00
Jaeden Amero
43bafcca94
Merge pull request #15 from gilles-peskine-arm/psa-signature_policy_wildcard
...
Support wildcard hash in signature policies
2019-01-28 13:31:14 +00:00
Andrzej Kurek
2f76075b78
ssl_tls: adjust to the new key policy initialization and key allocation
2019-01-28 08:08:15 -05:00
Oren Cohen
231bf5b693
Use new ITS uid type
...
ITS switched from using uint32_t to psa_its_uid_t (uint64_t)
2019-01-28 14:51:50 +02:00
Andrzej Kurek
ac5dc3423a
Fix key allocation for tls_prf_generic
2019-01-28 07:49:56 -05:00
Andrzej Kurek
3317126819
ssl_tls: add missing return brackets
2019-01-28 07:49:56 -05:00
Andrzej Kurek
70737ca827
ssl_tls: add key destruction upon generator failure
2019-01-28 07:49:56 -05:00
Andrzej Kurek
c929a82a6b
Implement tls_prf_generic using the PSA API
2019-01-28 07:49:56 -05:00
Gilles Peskine
763fb9a150
Improve the description of PSA_ALG_ANY_HASH
...
Make it clearer what PSA_ALG_ANY_HASH can and cannot be used for.
2019-01-28 13:29:01 +01:00
Jaeden Amero
7b9575c654
Merge remote-tracking branch 'origin/pr/2376' into development-psa
...
Resolve conflict in updating crypto submodule by manually pointing the
submodule to 2169a5e54d
("PSA: Adapt pk.c, pk_wrap.c, cipher.c to new
key policy init API").
2019-01-28 12:28:49 +00:00
Jaeden Amero
d46548c833
Merge pull request #23 from orenc17/its_update
...
Update usage of PSA ITS to comply with v1.0
2019-01-28 12:06:26 +00:00
Andrzej Kurek
5615dabeef
ssl_tls: remove line breaks from a debug message
2019-01-28 07:04:19 -05:00