Test PSA MAC with key size = block size #10345
Open
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
- git rm --cached framework - rm -rf .git/modules/framework - rm -rf framework/.git* Signed-off-by: Minos Galanakis <[email protected]>
Signed-off-by: Minos Galanakis <[email protected]>
Signed-off-by: Minos Galanakis <[email protected]>
Signed-off-by: Minos Galanakis <[email protected]>
- git submodule add https://github.com/Mbed-TLS/mbedtls-framework framework - git submodule init - pushd framework && git checkout cab0c5 && popd - git add framework Signed-off-by: Minos Galanakis <[email protected]>
Mbedtls 3.6.3rc0 pr
This reverts commit 22098d4. Signed-off-by: Minos Galanakis <[email protected]>
Mbedtls 3.6.3 mergeback
Signed-off-by: Ronald Cron <[email protected]>
Signed-off-by: Ronald Cron <[email protected]>
Correctly credit Daniel Stenberg for reporting the problem with mbedtls_ssl_set_hostname(). Signed-off-by: David Horstmann <[email protected]>
…d-files-3.6 [Backport 3.6] Adapt test_keys.h and test_cert.h generation The PR is based on mbedtls-3.6, no PR in the merging queue for mbedtls-3.6, thus merging directly without going through the merge queue.
…-credit-3.6 [3.6] Add missing credit for `set_hostname` issue
Somehow the uses of the function were missed when renaming. Signed-off-by: David Horstmann <[email protected]>
Signed-off-by: David Horstmann <[email protected]>
Signed-off-by: David Horstmann <[email protected]>
Signed-off-by: David Horstmann <[email protected]>
Point out that the input length must be the same as the cipher's block size. Signed-off-by: David Horstmann <[email protected]>
Call a single function for all handshake state changes, for easier tracing. Signed-off-by: Gilles Peskine <[email protected]>
Signed-off-by: Gilles Peskine <[email protected]>
A single call to move_handshake_to_state() can't do a full handshake. Signed-off-by: Gilles Peskine <[email protected]>
Create tests that coalesce the handshake messages in the first flight from the server. This lets us test the behavior of the library when a handshake record contains multiple handshake messages. Only non-protected (non-encrypted, non-authenticated) handshake messages are supported. The test code works for all protocol versions, but it is only effective in TLS 1.2. In TLS 1.3, there is only a single non-encrypted handshake record, so we can't test records containing more than one handshake message without a lot more work. Signed-off-by: Gilles Peskine <[email protected]>
Signed-off-by: Gilles Peskine <[email protected]>
Signed-off-by: Gilles Peskine <[email protected]>
The enum is promoted to `int`, so `%d` is a correct format, but `gcc -Wformat` complains. Signed-off-by: Gilles Peskine <[email protected]>
Signed-off-by: Gilles Peskine <[email protected]>
Signed-off-by: Gilles Peskine <[email protected]>
Signed-off-by: Gilles Peskine <[email protected]>
Simulate the server closing the connection after a partial handshake message. These test cases don't send a close_notify alert. The test cases "insert alert record" exercise what happens if the server sends an alert. Signed-off-by: Gilles Peskine <[email protected]>
…r-coverity-202505-3.6 Backport 3.6: Fix SSL exporter tests
Signed-off-by: Gilles Peskine <[email protected]>
In some cases, we were calling `mbedtls_test_ssl_endpoint_free()` on an uninitialized `mbedtls_test_ssl_endpoint` object if the test case failed early, e.g. due to `psa_crypto_init()` failing. This was largely harmless, but could have caused weird test results in case of failure, and was flagged by Coverity. Use a more systematic style for initializing the stack object as soon as it's declared. Signed-off-by: Gilles Peskine <[email protected]>
Signed-off-by: Minos Galanakis <[email protected]>
Signed-off-by: Minos Galanakis <[email protected]>
Signed-off-by: Minos Galanakis <[email protected]>
Mbedtls 3.6.4rc0
…ror-3.6 [3.6] Turn Wunterminated-string-initialization back into an error
This reverts commit 59e8b3a. Signed-off-by: Minos Galanakis <[email protected]>
Mbedtls 3.6.4 merge-back pr
…y-3.6 3.6 only: Test a build with entropy only from NV seed
The release date is yet to be determined, to allow time for 4.x to stabilise. Signed-off-by: David Horstmann <[email protected]>
…lts-timeline-3.6 [Backport 3.6] Update note about the first 4.x LTS
The version was unspecified because of our use of Python 3.5 on the CI, whichi has since been eliminated. Signed-off-by: Bence Szépkúti <[email protected]>
Recent versions of cryptography require a Rust toolchain to install on FreeBSD, which we do not have set up yet. Signed-off-by: Bence Szépkúti <[email protected]>
The dependencies declared in ci.requirements.txt are only used in scripts that we run on the Linux CI. Signed-off-by: Bence Szépkúti <[email protected]>
[Backport 3.6] Clean up ci.requirements.txt
Add a custom target that depends on crypto generated files, and make both the static and shared crypto libraries depend on it. This ensures that when both libraries are built, the files are not generated concurrently by the static and shared library targets. Do the same for the TLS libraries. Signed-off-by: Ronald Cron <[email protected]>
Signed-off-by: Ronald Cron <[email protected]>
…generated-files Backport 3.6: cmake: library: Fix potential concurrent file generation
Test HMAC with `key_size = block_size` (maximum length for which the key
isn't hashed) and with `key_size = block_size + 1` (minimum length for which
the key is hashed).
```
#!/usr/bin/env python3
import re
from Crypto.Hash import *
msg = b'Sample message'
for digestmod in [
MD5, RIPEMD160, SHA1,
SHA224, SHA256, SHA384, SHA512,
SHA3_224, SHA3_256, SHA3_384, SHA3_512,
]:
block_size = digestmod.block_size
alg = re.sub(r'.*\.', r'', digestmod.__name__)
alg = re.sub(r'^SHA(?=[0-9]+$)', r'SHA_', alg)
print_alg = alg.replace('_', '-')
for key_length, key_length_text in [
(block_size, 'block size'),
(block_size + 1, '1 + block size'),
]:
key = bytes(range(64, 64 + key_length))
result = HMAC.new(key, msg, digestmod=digestmod).digest()
print(f'''\
PSA MAC sign: HMAC-{print_alg}, {key_length}-byte key ({key_length_text})
depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_{alg}:PSA_WANT_KEY_TYPE_HMAC
mac_sign:PSA_KEY_TYPE_HMAC:"{bytes.hex(key)}":PSA_ALG_HMAC(PSA_ALG_{alg}):"{bytes.hex(msg)}":"{bytes.hex(result)}"
''')
```
Signed-off-by: Gilles Peskine <[email protected]>
gilles-peskine-arm
added
needs-review
gilles-peskine-arm
added
needs-reviewer
This was referenced Aug 5, 2025
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Test PSA MAC with key size = block size (the maximum key size where the key is used directly without hashing). We didn't have a test for this. Also test key size = (block size + 1) so that we have both sides of the boundary.
I believe this resolves #10342.
PR checklist