The previous key was not correct so it could not be imported into PSA
for validation inside the PK module.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
In some cases, we were calling `mbedtls_test_ssl_endpoint_free()` on an
uninitialized `mbedtls_test_ssl_endpoint` object if the test case failed
early, e.g. due to `psa_crypto_init()` failing. This was largely harmless,
but could have caused weird test results in case of failure, and was flagged
by Coverity.
Use a more systematic style for initializing the stack object as soon as
it's declared.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
PK restartable operations are now implemented using PSA interruptible
ones, so mbedtls_ecp_set_max_ops() can be removed in favor of
psa_interruptible_set_max_ops().
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
The SW implementation is guarded with the `MBEDTLS_PSA_BUILTIN_ALG_SHA3`
macros and not enabled when driver accelaration is set. So disabling
the `PSA_WANT` macros is not needed.
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
For each function in `x509_oid.c`, determine where it is used and only
include it in the build if it is needed by the X.509 code. Define the
corresponding internal tables only when they are consumed by a function.
This makes Mbed TLS completely independent of the compilation option
`MBEDTLS_OID_C`. This option remains present only in sample configs for
crypto, where it must stay until TF-PSA-Crypto no longer relies on this
option.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Some code that parses or writes X.509 needs to know OID values. We provide a
convenient list. Don't remove this list from the public interface of the
library.
For user convenience, expose these values in the same header as before and
with the same name as before: `MBEDTLS_OID_xxx` in `<mbedtls/oid.h>`.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Replace the non-X.509-named error code `MBEDTLS_ERR_OID_NOT_FOUND` with
`MBEDTLS_ERR_X509_UNKNOWN_OID`, which already exists and is currently not
used for anything.
Public functions in X.509 propagate this error code, so it needs to have a
public name.
Remove the definition of `MBEDTLS_ERR_OID_NOT_FOUND` in `x509_oid.h`, then
```
git grep -l MBEDTLS_ERR_OID_NOT_FOUND | xargs perl -i -pe 's/\bMBEDTLS_ERR_OID_NOT_FOUND\b/MBEDTLS_ERR_X509_UNKNOWN_OID/g'
```
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
With the removal of MBEDTLS_SHA3_C the test cases with disabled SHA3
dependency are never executed. Adding a temporary `all.sh` component
which disabling the `PSA_WANT_ALG_SHA3_*` macros to cover
these test cases.
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
Split `mbedtls_test_ssl_endpoint_init()` into two separate stages:
constructing the SSL configuration, and setting up an SSL session context
with that configuration.
No behavior change.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
This will allow splitting the configuration and setup stages of
`mbedtls_test_ssl_endpoint_init()`, while still checking that the value is
carried over from the configuration to the session context.
No behavior change.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
In `mbedtls_test_ssl_endpoint_init()`, don't change the SSL configuration
object (`mbedtls_ssl_config`) after setting up an SSL context by calling
`mbedtls_ssl_setup()`. This works in practice, but is officially forbidden.
No intended behavior change. The test code calls the library slightly
differently, but this shouldn't make any difference in practice. If it does
make a difference, it fixes a bug in the test code.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
There was a discrepancy between how `mbedtls_test_ssl_endpoint_init()` and
`mbedtls_test_ssl_perform_handshake()` handled client authentication:
`mbedtls_test_ssl_endpoint_init()` defaulted to
`MBEDTLS_SSL_VERIFY_REQUIRED` on both sides, whereas
`mbedtls_test_ssl_perform_handshake()` obeyed `options->srv_auth_mode` which
defaulted to no verification of the client certificate.
Make this more uniform. Now `mbedtls_test_ssl_endpoint_init()` obeys
`options->srv_auth_mode` on servers (still forcing verification on clients,
which is the library default anyway). Also, `options->srv_auth_mode` is now
enabled by default. Thus:
* Tests that call `mbedtls_test_ssl_perform_handshake()` now perform client
certificate verification, unless they disable it explicitly.
* Tests that call `mbedtls_test_ssl_endpoint_init()` on a server are
unchanged. (They would change if they were setting
`options->srv_auth_mode` explicitly, which previously was ignored, but
no test function did this.)
This means that a few test functions now perform client certificate
verification whereas they previously don't. This is harmless except in
`handshake_ciphersuite_select`, where one test case
`Handshake, select ECDH-RSA-WITH-AES-256-CBC-SHA384, opaque` fails with
client authentication because the test code doesn't deal with the weirdness
of static ECDH correctly with respect to client authentication. So keep
the previous behavior in `handshake_ciphersuite_select`, by explicitly
turning off client authentication.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Applying SSL configuration settings recorded in the
`mbedtls_test_handshake_test_options` structure to an
`mbedtls_test_ssl_endpoint` object was split between
`mbedtls_test_ssl_endpoint_init()` and `mbedtls_test_ssl_perform_handshake()`.
This was surprising, and made it harder to use
`mbedtls_test_ssl_endpoint_init()` for custom behavior. It also meant some
code duplication in `mbedtls_test_ssl_perform_handshake()`.
Move most configuration setup from `mbedtls_test_ssl_perform_handshake()` to
`mbedtls_test_ssl_endpoint_init()`. This changes the behavior in two ways:
* `mbedtls_test_ssl_endpoint_init()` now takes some options into account
that it previously ignored. This is ok because we don't set these options
in any of the existing tests.
* When calling `mbedtls_test_ssl_perform_handshake()`, some SSL configuration
settings are now set (calls to `mbedtls_ssl_conf_xxx()`) before the call
to `mbedtls_ssl_setup()` instead of after. This should be ok since it is
forbidden to change the configuration after `mbedtls_ssl_setup()`,
although the previous test code was getting away with it. This commit does
not move all configuration before `mbedtls_ssl_setup()`, that would be out
of scope of the current series of patches.
Thus there are some internal behavior changes, but they should not affect
any relevant aspect of the tests' behavior.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Split mbedtls_test_ssl_perform_connection() out of
mbedtls_test_ssl_perform_handshake().
No behavior change.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Stop calling mbedtls_test_set_step() in
mbedtls_test_ssl_perform_handshake(). This leaves the caller free to use the
test step as they wish.
No behavior change.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
This will facilitate future refactoring that breaks out code into auxiliary
functions.
No behavior change.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
