Commit graph

10756 commits

Author SHA1 Message Date
Tom Cosgrove
1dbfc8ad3c
Merge pull request #8790 from paul-elliott-arm/fix_ctr_drbg_comment
Fix confusing comment in ctr drbg thread test
2024-02-08 11:11:50 +00:00
Manuel Pégourié-Gonnard
b7307630bb
Merge pull request #8703 from valeriosetti/issue7765-guards-in-asn1
Conversion function between raw and DER ECDSA signatures (guards in ASN1)
2024-02-08 08:45:30 +00:00
Manuel Pégourié-Gonnard
7bf1e98f44
Merge pull request #8740 from valeriosetti/issue8647
Move RSA basic key parsing/writing to rsa.c
2024-02-08 08:35:42 +00:00
Valerio Setti
1910390b4a psa_util: improve leading zeros check in convert_der_to_raw_single_int()
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-02-07 16:16:58 +01:00
Paul Elliott
bda577bb0b Fix confusing comment in ctr drbg thread test
Make it clearer where the magic number chosen for entropy_len actually
comes from, and why we chose this value.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2024-02-07 15:13:46 +00:00
Valerio Setti
ef07fa0fc3 test_suite_psa_crypto_util: add more test for raw->der
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-02-07 15:16:45 +01:00
Ryan Everett
a8082c43d5 Add MBEDTLS_CIPHER_C dependencies to new pkparse tests
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
2024-02-07 13:31:19 +00:00
Matthias Schulz
0767fdadbf Enhance GCM throughput using larger precalculated tables. Also refactored the code for shorter tables and moved the check for available accelerators to the context initialization code.
Signed-off-by: Matthias Schulz <mschulz@hilscher.com>
2024-02-07 13:17:50 +01:00
Paul Elliott
292b1dc1e1
Merge pull request #8789 from paul-elliott-arm/fix_tsan_gcc
Stop platform test failures with GCC and TSAN
2024-02-07 11:32:39 +00:00
Manuel Pégourié-Gonnard
1d7bc1ecdf
Merge pull request #8717 from valeriosetti/issue8030
PSA FFDH: feature macros for parameters
2024-02-07 10:06:03 +00:00
Ronald Cron
b3d42fddae tests: write early data: Add HRR scenario
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-02-07 08:06:46 +01:00
Ronald Cron
05600e26f4 tests: write early data: Add "server rejects" scenario
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-02-07 08:06:46 +01:00
Ronald Cron
8fe2b01b52 tests: write early data: Add "not sent" scenario
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-02-07 08:06:46 +01:00
Ronald Cron
2fbbba9c51 tests: ssl: Add write early data unit test
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-02-07 08:06:46 +01:00
Xiaokang Qian
30bb7ce9a2 Add test case for early data writing
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-02-07 08:06:46 +01:00
Ronald Cron
54a3829453 ssl_client2: Simplify early_data option
No need to define specific early data,
the idea is rather to just send the
usual request data as early data
instead of standard application data.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-02-07 08:06:46 +01:00
Paul Elliott
e053cb2f12 Stop platform test failures with GCC and TSAN
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2024-02-06 18:10:43 +00:00
Gilles Peskine
f45589b492
Merge pull request #8198 from silabs-Kusumit/kdf_incorrect_initial_capacity
KDF incorrect initial capacity
2024-02-06 17:29:43 +00:00
Gilles Peskine
137e0c1a02
Merge pull request #8761 from valeriosetti/issue4681
Re-introduce enum-like checks from CHECK_PARAMS
2024-02-06 17:29:38 +00:00
Gilles Peskine
fb7001f15b
Merge pull request #8738 from gilles-peskine-arm/pk_import_into_psa-use_usage
Implement mbedtls_pk_get_psa_attributes
2024-02-06 17:28:54 +00:00
Valerio Setti
6269f3baf4 Revert "psa_util: allow larger raw buffers in mbedtls_ecdsa_raw_to_der()"
This reverts commit d4fc5d9d1c.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-02-06 16:55:18 +01:00
Ronald Cron
2261ab298f tests: early data status: Add HRR scenario
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-02-06 16:43:33 +01:00
Ronald Cron
d6dba675b8 tests: early data status: Add "server rejects" scenario
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-02-06 16:43:33 +01:00
Ronald Cron
265273e8b3 tests: early data status: Add "not sent" scenario
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-02-06 16:43:33 +01:00
Ronald Cron
5c208d7daf tests: ssl: Add scenario param to early data status testing function
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-02-06 16:43:33 +01:00
Ronald Cron
a7f94e49a8 tests: ssl: Add early data status unit test
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-02-06 16:43:33 +01:00
Ronald Cron
bfcdc069ef tests: ssl: Use get TLS 1.3 ticket helper for early data test
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-02-06 16:43:33 +01:00
Ronald Cron
1f6e4e4a49 tests: ssl: Add helper function to get a TLS 1.3 ticket
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-02-06 16:43:33 +01:00
Ronald Cron
ced99be007 tests: ssl: Add early data handshake option
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-02-06 16:43:33 +01:00
Ronald Cron
b4ad3e750b tests: ssl: First reset to all zeroes options in init
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-02-06 16:43:33 +01:00
Ronald Cron
fb53647b0b tests: ssl: Move group list to options
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-02-06 16:43:33 +01:00
Valerio Setti
2b6a7b37f4 suite_psa_crypto_util: use 521 bits data and bit-size instead of 528
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-02-06 16:21:44 +01:00
Paul Elliott
79e2e5d2d0 Add comment to set/increment step functions
These functions are thread safe, but using them from within multiple
threads at the same time may not have the intended effect, given order
cannot be guaranteed. Also, standardise header comment formatting.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2024-02-06 15:10:03 +00:00
Valerio Setti
94c5806a64 suite_psa_crypto_util: make ecdsa_raw_to_der_incremental() more readable
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-02-06 15:49:06 +01:00
Manuel Pégourié-Gonnard
5c9cc0b30f
Merge pull request #8727 from ronald-cron-arm/tls13-ignore-early-data-when-rejected
TLS 1.3: SRV: Ignore early data when rejected
2024-02-06 13:16:03 +00:00
Paul Elliott
f20728ee49 Fix missed case for removing accessor
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2024-02-06 12:49:45 +00:00
Ronald Cron
d0a772740e tests: early data: Complete the handshake
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-02-06 11:15:48 +01:00
Gilles Peskine
735ac3ec05 Fix builds with secp224k1 as the only curve
Normally, if an elliptic curve is enabled in the legacy API then it's also
enabled in the PSA API. In particular, if the legacy API has at least one
curve then that curve also works with PSA. There is an exception with
secp224k1 which PSA does not support. In a build with secp224k1 as the only
legacy curve, MBEDTLS_PK_HAVE_ECC_KEYS is enabled (because you can use the
curve through PK) but PSA does not support any elliptic curve, so we can't
run PK-PSA bridge tests.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-02-06 11:11:32 +01:00
Gilles Peskine
8a85673a39 Merge remote-tracking branch 'development' into pk_import_into_psa-use_usage 2024-02-06 10:14:17 +01:00
Valerio Setti
d4fc5d9d1c psa_util: allow larger raw buffers in mbedtls_ecdsa_raw_to_der()
The only real contraint on the raw buffer is that it is large
enough to contain 2 coordinates. Larger buffers are therefore
allowed and the extra data will simply be ignored.

Note = trying to impose a strict sizing on the raw buffer causes
       several failures in test suites. This suggests that it is
       quite common to use larger buffer to store raw signatures.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-02-06 08:42:42 +01:00
Valerio Setti
fe329cea3f rsa: handle buffer length similarly in private and public key parsing
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-02-06 08:00:18 +01:00
Ronald Cron
33327dab85 tests: early data: Switch to mnemonics for test scenarios
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-02-05 18:27:04 +01:00
Valerio Setti
0e60e93c12 test_suite_psa_crypto_util: improve ecdsa_der_to_raw()
Check that the parsing always fails if the input is truncated.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-02-05 17:59:42 +01:00
Ryan Everett
1d5fa22f9d Fix pkcs5 aes test data
Remove the keyLength parameter from the AES-256 tests.
Add MBEDTLS_CIPHER_PADDING_PKCS7 to the dependencies.

Signed-off-by: Ryan Everett <ryan.everett@arm.com>
2024-02-05 16:45:38 +00:00
Ryan Everett
9ae32704b6 Add missing dependencies for pkparse tests
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
2024-02-05 16:44:16 +00:00
Valerio Setti
1792bb44a0 test_suite_psa_crypto_util: add more test cases
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-02-05 17:34:49 +01:00
Valerio Setti
110126110d test_suite_psa_util: use more generic symbols for test case dependencies
Use PSA_VENDOR_ECC_MAX_CURVE_BITS instead of a specific curve since
what we care about is only bit-size not the curve itself.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-02-05 16:24:18 +01:00
Valerio Setti
091bdc416d psa_util: enhance checks on leading zeros in convert_der_to_raw_single_int()
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-02-05 16:18:04 +01:00
Manuel Pégourié-Gonnard
32c28cebb4
Merge pull request #8715 from valeriosetti/issue7964
Remove all internal functions from public headers
2024-02-05 15:09:15 +00:00
Valerio Setti
bec1d842ac psa_util: convert_der_to_raw_single_int() accepts also all zero integers
These values are not mathematically valid as signature, but as
for what it concerns with ECDSA conversion functions, 0 values
in DER format should be translated to 0 values in raw format.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-02-05 15:50:02 +01:00
Valerio Setti
8334d00772 psa_util: improve check of raw_len in mbedtls_ecdsa_raw_to_der()
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-02-05 15:35:26 +01:00
Janos Follath
747bedb0b0
Merge pull request #8733 from ivq/gcm_ad_len_check
Add back restriction on AD length of GCM
2024-02-05 13:33:58 +00:00
Valerio Setti
954ef4bbd5 psa_util: improve convert_raw_to_der_single_int()
Allow the function to support DER buffers than what it is nominally
required by the provided coordinates. In other words let's ignore
padding zeros in the raw number.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-02-05 12:06:46 +01:00
Valerio Setti
315e4afc0a psa_util: change parameters order in ECDSA conversion functions
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-02-05 10:09:15 +01:00
Valerio Setti
45c33ed41e test_suite_rsa: fix data for "extra integer outside the SEQUENCE"
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-02-05 09:04:10 +01:00
Paul Elliott
098e2d82cd Revert accidental formatting change
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2024-02-02 17:59:26 +00:00
Paul Elliott
ac61cee2fd Restore mutex lock for mbedtls_test_set_step()
This function is called externally from several tests, so still requires
a mutex lock. Add an internal function to reset the step, for use in
functions where the mutex is already held.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2024-02-02 17:53:38 +00:00
Dave Rodgman
12285c5c7c Add calls to BLOCK_CIPHER_PSA_INIT / BLOCK_CIPHER_PSA_DONE
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2024-02-02 17:52:41 +00:00
Ronald Cron
ae2d81c314 tests: tls13: Run early data test only in TLS 1.3 only config
Temporary workaround to not run the early data test
in Windows-2013 where there is an issue with
mbedtls_vsnprintf().

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-02-02 17:31:20 +01:00
Jerry Yu
f57d14bed4 Ignore early data app msg before 2nd client hello
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-02-02 17:31:20 +01:00
Ronald Cron
2995d35ac3 tls13: srv: Deprotect and discard early data records
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-02-02 17:31:20 +01:00
Jerry Yu
064dd2b870 Adjust check order
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2024-02-02 17:31:20 +01:00
Valerio Setti
f15e13ead7 test_suite_x509parse: remove useless include of rsa.h
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-02-02 16:44:22 +01:00
Gilles Peskine
d078386287 Smoke tests for mbedtls_pk_get_psa_attributes after parsing
We'll test more fully by adding a call to mbedtls_pk_import_into_psa() once
that function is implemented.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-02-02 13:22:23 +01:00
Gilles Peskine
cb3b4cae0a Fix handling of ECC public keys under MBEDTLS_PK_USE_PSA_EC_DATA
The test code to construct test keys and the implementation had matching
errors: both assumed that there was a PSA public key object. Fix this.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-02-02 13:22:23 +01:00
Valerio Setti
c9dd8611f8 test_suite_psa_crypto_util: add missing new line at the end of file
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-02-02 12:34:06 +01:00
Valerio Setti
684d78fcfa test_suite_rsa: improve key parsing tests for extra data
2 scenarios are taken into account:
- syntactically valid extra data inside the SEQUENCE
- extra data outside the SEQUENCE
A single integer is used as extra data in both cases.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-02-02 12:30:16 +01:00
Valerio Setti
c701cb2835 test_suite_rsa: improve rsa_key_write_incremental()
Output buffer is tested from being 1 single byte up to twice
what it is strictly required to contain the output data.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-02-02 11:10:04 +01:00
Valerio Setti
5922cb9309 pkparse: keep legacy PK error codes when RSA key parsing fails
This helps in reverting the changes to test_suite_x509parse.data
when the RSA key parsing fails.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-02-02 09:21:25 +01:00
Gilles Peskine
591e83d139 Add missing implied usage
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-02-01 21:33:44 +01:00
Gilles Peskine
a1a7b08057 Fix typo in dependency
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-02-01 21:32:29 +01:00
Gilles Peskine
793920c1ff mbedtls_pk_get_psa_attributes: opaque: require specified usage
In the MBEDTLS_PK_OPAQUE, have mbedtls_pk_get_psa_attributes() require the
specified usage to be enabled for the specified key. Otherwise the following
call to mbedtls_pk_import_into_psa() is unlikely to result in a key with a
useful policy, so the call to mbedtls_pk_get_psa_attributes() was probably
an error.

Adjust the existing test cases accordingly and add a few negative test
cases.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-02-01 21:31:27 +01:00
Gilles Peskine
e45d51f7b5 Clearer variable names
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-02-01 20:53:11 +01:00
Gilles Peskine
e2a77f21ea Use PSA_INIT with test that requires PSA
USE_PSA_INIT is for test code that doesn't use PSA functions when
USE_PSA_CRYPTO is disabled.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-02-01 20:53:04 +01:00
Gilles Peskine
2e54854d16 Copypasta
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-02-01 20:53:04 +01:00
Gilles Peskine
ae2668be97 Don't use mbedtls_pk_ec in our own code
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-02-01 20:53:04 +01:00
Gilles Peskine
7e353ba37a Create auxiliary function for repeated code
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-02-01 20:46:19 +01:00
Gilles Peskine
19411635a5 Test enrollment algorithm for the non-OPAQUE case
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-02-01 20:42:28 +01:00
Ronald Cron
38dbab9f8d tests: ssl: Adjust early data test
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-02-01 20:10:41 +01:00
Ronald Cron
78a38f607c tls13: srv: Do not use early_data_status
Due to the scope reduction for
mbedtls_ssl_read_early_data(), on
server as early data state variable
we now only need a flag in the
handshake context indicating if
the server has accepted early data
or not.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-02-01 20:10:35 +01:00
Valerio Setti
56cfe2fab6 test_suite_rsa: improve rsa_parse_write_pkcs1_key() and rsa_key_write_incremental()
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-02-01 17:53:26 +01:00
Valerio Setti
201e643509 rsa: simplify mbedtls_rsa_parse_pubkey() input parameters
In this way mbedtls_rsa_parse_pubkey() and mbedtls_rsa_parse_key()
input parameter list is the same.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-02-01 17:19:37 +01:00
Valerio Setti
135ebde273 rsa: rename parse/write functions in order to follow the standard format
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-02-01 17:00:29 +01:00
Jerry Yu
579bd4d46b Update early data test
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-02-01 16:40:47 +01:00
Jerry Yu
192e0f9b1d ssl_server2: Add read early data support
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-02-01 16:40:47 +01:00
Valerio Setti
3ecb395fb9 test_suite_psa_crypto_util: fix tests for 0-length and one 0x00 byte for r and s
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-02-01 15:26:24 +01:00
Dave Rodgman
ba8e9addd9 Fix test dependencies
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2024-02-01 13:54:46 +00:00
Paul Elliott
0b2835d1fd Fix accidental copy paste mistake
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2024-02-01 13:27:04 +00:00
Ronald Cron
11cc41265b
Merge pull request #8711 from ronald-cron-arm/tls13-ticket-and-early-data-unit-test
Add TLS 1.3 ticket and early data unit tests
2024-02-01 13:15:55 +00:00
Paul Elliott
ae942ece47 Fix style issues
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2024-02-01 12:44:01 +00:00
Paul Elliott
24e9a32c83 Refactor to help future other implementations
Improve the definition of mbedtls_test_thread_t to assist adding future
threading implementations, when they happen.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2024-02-01 12:26:23 +00:00
Dave Rodgman
6823247376 Fix compile warning in tests
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2024-01-31 15:59:06 +00:00
Paul Elliott
9efc60298f Fix code style issues
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2024-01-31 15:33:23 +00:00
Ronald Cron
eb84534ee3 Use TEST_EQUAL instead of TEST_ASSERT where possible
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-01-31 15:23:38 +01:00
Ronald Cron
5de9c6f295 Fix and add comments in ticket and early data test function
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-01-31 15:23:33 +01:00
Ronald Cron
095a3a5a29 Fix PSA init and done macros in TLS unit tests
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-01-31 15:02:09 +01:00
Ronald Cron
faf026c67c Explain purpose of test specific write/parse ticket functions
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-01-31 14:32:11 +01:00
Valerio Setti
efcc555002 test_suite_psa_crypto_util: add test with 0-length s
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-01-31 11:15:37 +01:00
Valerio Setti
a888645bb8 test_suite_rsa: add test for key write with incremental output size
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-01-31 10:42:00 +01:00
Paul Elliott
fad978b232 Fix race condition with test comparison functions
Make sure we hold the mutex whilst making several changes at the same
time, to prevent race condition on writing connected bits of data.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2024-01-30 18:00:26 +00:00
Valerio Setti
91372f5549 test_suite_rsa: add more test cases for RSA key parsing
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-01-30 17:26:38 +01:00
Valerio Setti
f988f95b9a test_suite_bignum: add test function: mpi_zero_length_buffer_is_null()
The goal is to test all the bignum's functions that accept a buffer
and its length and verify that they do not crash if a NULL pointer
is passed in as buffer and 0 length is specified.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-01-30 16:28:09 +01:00
Valerio Setti
76e4c6352d test_suite_aria: remove NOT_DEFINED dependency from aria_invalid_param()
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-01-30 16:28:06 +01:00
Valerio Setti
252311d41e test_suite_psa_crypto_util: add test with 0-length for r
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-01-30 15:50:28 +01:00
Valerio Setti
98e1931a0a test_suite_psa_crypto_util: alloc/free buffer inside loop in ecdsa_raw_to_der_incremental()
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-01-30 15:46:02 +01:00
Tom Cosgrove
d4c373a597 Refactor all.sh clang version detection code
Prevents a script failure when attempting to run build_aes_armce on a system without clang

Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2024-01-30 13:56:38 +00:00
Tom Cosgrove
9e4eeff6e0 Fix comment about verison of clang required for 'build_aes_armce'
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2024-01-30 13:51:18 +00:00
Gilles Peskine
03aa9bc226 Switch pk_setup_for_type() to return MBEDTLS_ERR_xxx
Use mbedtls return codes rather than a boolean "has test not failed?".

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-01-30 11:18:42 +01:00
Gilles Peskine
3da3c0a000 Always call psa_crypto_init when testing mbedtls_pk_get_psa_attributes
mbedtls_pk_get_psa_attributes() actually works without having initialized
the PSA subsystem, because it doesn't call any non-client PSA API functions.
But the function is only useful in conjunction with the PSA API: it's
meant to be followed by importing a key with the resulting attributes. We
don't advertize it to work without an up-and-running PSA subsystem, and
there's no need to test it without an up-and-running PSA subsystem as we
were (accidentally) doing.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-01-30 10:22:29 +01:00
Gilles Peskine
f8c2cd1489 Update preprocessor guard comment
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-01-30 10:18:36 +01:00
Gilles Peskine
e0c13cffb3 Update some msg descriptions
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-01-30 10:17:49 +01:00
Valerio Setti
307ce2cff5 test_psa_compliance: use the last upstream release of psa-arch-tests
Release: v23.06_API1.5_ADAC_EAC
This fixes all the issues that were previously added as exceptions.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-01-30 09:25:07 +01:00
Valerio Setti
7a795fd951 suite_psa_crypto_util: add more test cases for DER->RAW
- r with MSb set
- Invalid r (only 1 zero byte)

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-01-29 18:08:42 +01:00
Valerio Setti
ee5238fcf4 suite_psa_crypto_util: add more testing for mbedtls_ecdsa_raw_to_der()
A new test function is added, ecdsa_raw_to_der_incremental, that tests
incremental output DER buffer sizes checking that only the correct one
(tested at last) works correctly.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-01-29 17:45:18 +01:00
Valerio Setti
9b9b5a52d9 psa_util: some code improvement to convert_der_to_raw_single_int()
This commit also fixes test_suite_psa_crypto_util.data due to the
change in one of the return values.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-01-29 17:25:19 +01:00
Valerio Setti
41f8f733a1 test_psa_compliance: add exception for tests using wrong RSA pub key format
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-01-29 11:44:40 +01:00
Valerio Setti
89d8a12e9c analyze_outcomes: fix typo
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-01-26 15:04:05 +01:00
Valerio Setti
f8ce457fb6 all.sh: fix comment in check_test_dependencies()
MBEDTLS_ASN1_WRITE_C is no more required for ECDSA conversion
functions.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-01-26 14:55:14 +01:00
Paul Elliott
c4e911889e
Merge pull request #8751 from trofi/gcc-14-calloc-fix
tests: fix `calloc()` argument list (`gcc-14` fix)
2024-01-26 11:02:53 +00:00
Sergei Trofimovich
da2a33de0f tests: fix calloc() argument list (gcc-14 fix)
`gcc-14` added a new `-Wcalloc-transposed-args` warning recently. It
detected minor infelicity in `calloc()` API usage in `mbedtls`:

    In file included from /build/mbedtls/tests/include/test/ssl_helpers.h:19,
                     from /build/mbedtls/tests/src/test_helpers/ssl_helpers.c:11:
    /build/mbedtls/tests/src/test_helpers/ssl_helpers.c: In function 'mbedtls_test_init_handshake_options':
    /build/mbedtls/tests/include/test/macros.h:128:46:
      error: 'calloc' sizes specified with 'sizeof' in the earlier argument
        and not in the later argument [-Werror=calloc-transposed-args]
      128 |             (pointer) = mbedtls_calloc(sizeof(*(pointer)),  \
          |                                              ^

Signed-off-by: Sergei Trofimovich <slyich@gmail.com>
2024-01-25 21:29:56 +00:00
Chien Wong
ef56795fd2
Fix 1 forgotten separate input/output buffer
Signed-off-by: Chien Wong <m@xv97.com>
2024-01-25 19:22:50 +08:00
Chien Wong
92c17c456c
Use separate input/output buffer. Explain why error is expected
Signed-off-by: Chien Wong <m@xv97.com>
2024-01-25 19:11:03 +08:00
Valerio Setti
80edec5f84 all.sh: remove MBEDTLS_PEM_PARSE_C exception from check_test_dependencies()
Since we officially disabled support for importing of PEM formatted keys
into PSA we removed dedicated tests from test_suite_psa_crypto. As a
consequence MBEDTLS_PEM_PARSE_C is no more an exception for
component_check_test_dependencies().

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-01-25 09:33:48 +01:00
Gilles Peskine
77faddf93b Depend on legacy RSA key generation for test code
In principle the RSA tests shouldn't depend on RSA key generation: they just
need to operate on RSA keys. However they do need some method of creating an
RSA key, and we're currently doing random generation. So depend on what the
test code needs.

Depend on the legacy RSA interface, since driver-only RSA isn't currently
supported in the PK module.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-01-24 22:14:32 +01:00
Gilles Peskine
2bd4ddc8e0 Implement pick-a-curve when ECP_LIGHT is disabled
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-01-24 22:10:50 +01:00
Paul Elliott
7fd162ec26 Refactor common PThreads CMake code
Move the flags and find of Threads to root CMakeLists.txt, rather
than duplicate these everywhere. Make explicit linking of library with
PThreads use the same mechanism.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2024-01-24 18:05:53 +00:00
Valerio Setti
6d597f1967 test_suite_rsa: extend rsa_parse_pkcs1_key adding tests for public key
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-01-24 16:42:32 +01:00
Valerio Setti
6def24ce73 test_suite_[pkparse/rsa]: move RSA private key parsing tests
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-01-24 16:42:32 +01:00
Valerio Setti
1533c3f660 test_suite_rsa: improve rsa_parse_write_pkcs1_key() adding more checks
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-01-24 16:42:29 +01:00
Valerio Setti
448377bec7 all.sh: remove MBEDTLS_ASN1_PARSE_C exception from check_test_dependencies()
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-01-24 16:26:35 +01:00
Valerio Setti
688f795cb3 asn1: use the new symbol to guard dependencies of ECDSA conversion functions
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-01-24 16:26:35 +01:00
Valerio Setti
f4d2dc2d77 psa_util: guard ECDSA conversion functions with proper (internal) symbol
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-01-24 16:26:35 +01:00
Valerio Setti
17105df3e7 test_suite_psa_crypto_util: add comments to 512/521 bit size test cases
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-01-24 16:26:35 +01:00
Valerio Setti
31657ed70c test_suite_psa_crypto_util: change curve type for 256bits tests
Tests with 256 bits curve simply depends on any curve of that size,
but they don't really care about which family is enabled.

Here I replaced PSA_WANT_ECC_SECP_R1_256 with PSA_WANT_ECC_SECP_K1_256
because otherwise there were test disparities in the
"analyze_driver_vs_reference_tfm_config" component of
"analyze_outcomes.py". It looked simpler to change the curve type
in the test suite's data rather than adding proper exceptions
in "analyze_outcomes.py"

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-01-24 16:26:35 +01:00
Valerio Setti
3ccb2b5423 all.sh: add exception for ASN1_PARSE_C in check_test_dependencies
There is no PSA equivalent to ASN1 legacy symbols.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-01-24 16:26:35 +01:00
Valerio Setti
3f0809a99d test_suite_psa_crypto_util: split ECDSA test function in two
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-01-24 16:26:35 +01:00
Valerio Setti
c22e3ce8ef psa_util: remove CRYPTO_C guard from ECDSA conversion functions
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-01-24 16:26:31 +01:00
Valerio Setti
99c0369d31 psa_util: add include asn1write.h in public header
This is mandatory to have support for the error codes defined
in the asn1write.h header file.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-01-24 16:14:37 +01:00
Valerio Setti
bda440f82d test_suite_psa_crypto_util: increase the size of tested integers
- Replace 192 case with 256
- Replace 256 case with 512
- Add 521 case

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-01-24 16:14:37 +01:00
Valerio Setti
aed21640bd test_suite_psa_crypto_util: add test function and data for ECDSA conversion functions
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-01-24 16:14:37 +01:00
Valerio Setti
724a2abf01 test_suite_psa_crypto: fix typo in description
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-01-24 15:57:12 +01:00
Valerio Setti
cd89b0b536 all.sh: disable legacy hash support in test_psa_crypto_config_accel_hmac()
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-01-24 14:24:55 +01:00
Chien Wong
99ff1f505b
Add test cases on GCM AD, input, IV length
Signed-off-by: Chien Wong <m@xv97.com>
2024-01-24 20:52:27 +08:00
Valerio Setti
c6d7f53adc all.sh: update common_test_psa_crypto_config_accel_ecc_some_curves()
Do not disable RSA_C and related modules because now it does not
automatically re-enable PK module.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-01-24 12:36:37 +01:00
Valerio Setti
dccfd3612d rsa: update return values of priv/pub parse/write functions
The goal is to remove usage of PK return values in order to
completely eliminate that dependency.
This commit also updates pkparse and test_suite_x509parse to
align with this change in return values.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-01-24 12:36:34 +01:00
Dave Rodgman
13f2f4e7f1 Merge remote-tracking branch 'restricted/development' into mbedtls-3.5.2rc 2024-01-24 09:49:15 +00:00
Gilles Peskine
64996c3be9 Disable MBEDTLS_PSA_CRYPTO_CLIENT in no-PSA builds
When building without PSA crypto functions, disable
MBEDTLS_PSA_CRYPTO_CLIENT as well as MBEDTLS_PSA_CRYPTO_C. With
just MBEDTLS_PSA_CRYPTO_CLIENT, PSA crypto API functions are supposed to
exist at link time but be provided by a third party.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-01-23 20:25:47 +01:00
Gilles Peskine
00f3085163 Missing dependency for MBEDTLS_PK_ECDSA
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-01-23 20:25:34 +01:00
Gilles Peskine
f3dbc98d96 mbedtls_pk_get_psa_attributes: support MBEDTLS_PK_USE_PSA_EC_DATA
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-01-23 20:09:38 +01:00
Gilles Peskine
758d8c7631 mbedtls_pk_get_psa_attributes: support MBEDTLS_PK_OPAQUE
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-01-23 20:09:38 +01:00