Commit graph

6669 commits

Author SHA1 Message Date
Neil Armstrong
5b87ebb601 Prepare pk_psa_sign() test to accept RSA parameters
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-04-07 14:51:47 +02:00
Neil Armstrong
0cd78ddd71 Update test for Opaque PK key
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-04-07 14:51:47 +02:00
Manuel Pégourié-Gonnard
1b05aff3ad
Merge pull request #5624 from superna9999/5312-tls-server-ecdh
TLS ECDH 3b: server-side static ECDH (1.2)
2022-04-07 11:46:25 +02:00
Gilles Peskine
d2d90af7d9 Make mbedtls_ssl_get_bytes_avail tests more independent
Don't depend on the default sizes in the test programs: pass explicit
request and buffer sizes.

Don't depend on MAX_CONTENT_LEN (other than it not being extremely small:
this commit assumes that it will never be less than 101).

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-06 23:39:06 +02:00
Gilles Peskine
c8d242f625 set_maybe_calc_verify: $1 is intended to be auth_mode
Document that this is what it is. Don't allow made-up numerical values.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-06 22:23:45 +02:00
Andrzej Kurek
cb33bc5d0b Change the bit to flip to guarantee failure
For weistrass curves the pair is encoded as 0x04 || x || y.
Flipping one of the bits in the first byte should be a sure failure.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-04-06 11:26:39 -04:00
Andrzej Kurek
39d88d4918 Change the number of expected free key slots
TLS code now uses PSA to generate an ECDH private key.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-04-06 11:26:39 -04:00
Andrzej Kurek
41b7e66e61 Tests: add missing requirements for the raw key agreement test
SECP384R1 is needed for the default loaded
certificate.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-04-06 11:26:39 -04:00
Andrzej Kurek
cc28e9a252 Tests: add missing group termination
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-04-06 11:26:39 -04:00
Andrzej Kurek
65ded569e0 Update raw key agreement test dependencies
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-04-06 11:26:39 -04:00
Andrzej Kurek
b3427823bd Test failing raw_key_agreement in ssl mock tests
Force a bitflip in server key to make the raw key
agreement fail, and then verify that no key slots
are left open at the end. Use a Weierstrass curve
to have a high chance of failure upon encountering
such bitflip.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-04-06 11:24:17 -04:00
Andrzej Kurek
74394a5c39 Add a group_list argument to mocked ssl tests
This will be used to force a group list in certain tests
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-04-06 11:23:34 -04:00
Thomas Daubney
d868d0f7a0 Removes trailing whitespace
Travis found and complained about a trailing whitespace.
This commit removes the error.

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
2022-04-06 15:29:27 +01:00
Thomas Daubney
28428f45c7 Corrects mistake from encrypt setup test
This commit alters an ASSERT_COMPARE statement
at the end of the aead_encrypt_setup test. This is to
correct a mistake introduced by the preceding PR.

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
2022-04-06 14:54:46 +01:00
Thomas Daubney
dbb9754541 Adds changes from first review round
This commit adds the required changes that arose from
the first round of reviewing. The total_input_data argument
has been removed and so the .data file needed to be edited
also.

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
2022-04-06 14:42:10 +01:00
Thomas Daubney
b3e452d5ab Adds insufficient memory test case
Adds test data for the test case where the insufficient
memory error is forced on the driver status.

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
2022-04-06 14:00:49 +01:00
Thomas Daubney
e15bc38e40 Adds fallback test case
Commit adds test data for the case where the
algorithm is not supported by the driver but
the fallback option is available in the library.

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
2022-04-06 14:00:49 +01:00
Thomas Daubney
063c2cd298 Adds positive test case
Commit adds test data for positive test of decrypt
setup test case

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
2022-04-06 14:00:42 +01:00
Thomas Daubney
03c4ba03c1 Adds test for decrypt setup driver dispatch
Commit adds a test for checking driver dispatch
for the M-AEAD decrypt setup function.

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
2022-04-06 13:58:30 +01:00
Gilles Peskine
1438e1620a Add requirements of "Default"
The log checks require a specific hash and a specific curve.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-05 22:00:32 +02:00
Gilles Peskine
59601d76ad Documentation improvements
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-05 22:00:17 +02:00
Ronald Cron
cccbe0eb88
Merge pull request #5516 from tom-daubney-arm/M-AEAD_dispatch_tests
M-AEAD driver dispatch tests
2022-04-05 16:35:37 +02:00
Gilles Peskine
ebfee6e315 check-generated-files.sh -u: don't update file timestamps
When running check-generated-files in update mode, all generated files were
regenerated. As a consequence,
```
tests/scripts/check-generated-files.sh -u && make
```
always caused most of the code to be rebuilt. Now, if a file hasn't changed,
preserve its original modification time (and other metadata), so the command
above doesn't rebuild anything that has actually not changed.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-05 15:29:38 +02:00
Gilles Peskine
b24ed5261e Use a plausible input size with asymmetric verification
Otherwise the error status can be PSA_ERROR_INVALID_SIGNATURE instead of the
expected PSA_ERROR_NOT_SUPPORTED in some configurations. For example, the
RSA verification code currently checks the signature size first whenever
PSA_KEY_TYPE_RSA_PUBLIC_KEY is enabled, and only gets into
algorithm-specific code if this passes, so it returns INVALID_SIGNATURE even
if the specific algorithm is not supported.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-05 15:03:39 +02:00
Gilles Peskine
e6300959df Test attempts to use a public key for a private-key operation
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-05 15:02:44 +02:00
Gilles Peskine
a401386f82 A key agreement algorithm can contain a key derivation
PSA_ALG_KEY_AGREEMENT(..., kdf) is a valid key derivation algorithm
when kdf is one.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-05 14:57:10 +02:00
Gilles Peskine
d79e3b92fa In NOT_SUPPORTED test case descriptions, show what is not supported
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-05 14:56:58 +02:00
Gilles Peskine
ae3a1008b7 Add a few manual test cases
They're redundant with the automatically generated test cases, but it's
useful to have them when debugging issues with the test code.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-05 14:56:52 +02:00
Gilles Peskine
1c7c5969ea
Merge pull request #5683 from paul-elliott-arm/fix_pk_test
Prevent free of uninitialised MPI  variables
2022-04-04 17:51:49 +02:00
Gilles Peskine
c82f62e3a5
Merge pull request #4907 from gilles-peskine-arm/config-baremetal-size-3.0
Disable debugging features in the primary code size measurement job
2022-04-04 16:12:58 +02:00
Thomas Daubney
f38c8c6459 Adds test data for insufficient memory case
This commit adds tests data for the encrypt setup function
to cover the case where there is insufficent memory when
trying to undertake the operation.

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
2022-04-04 14:21:18 +01:00
Thomas Daubney
30583c3e92 Adds test data for fallback test
Commit adds test data needed to test the case where driver
does not support selected algorithm but the library does.

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
2022-04-04 14:21:18 +01:00
Thomas Daubney
5e896d914a Adds test data for encrypt setup test case
This commit adds a positive test case for the
encrypt setup function test.

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
2022-04-04 14:21:18 +01:00
Thomas Daubney
d610191ad6 Adds driver dispatch test for M-AEAD encryption setup
This commit adds a test called aead_encrypt_setup()
which tests that the relevant drivers get called the correct
amount of times when running the multipart AEAD encrypt
setup API.

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
2022-04-04 14:21:10 +01:00
Manuel Pégourié-Gonnard
de68e39ddf
Merge pull request #5568 from superna9999/5159-pk-rsa-verification
PK: RSA verification
2022-04-04 11:23:33 +02:00
Andrzej Kurek
8db7c0e9ac Fix an off-by-one error in ssl-opt.sh
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-04-01 08:55:40 -04:00
Ronald Cron
0e980e8e84
Merge pull request #5640 from ronald-cron-arm/version-negotiation-2
TLS 1.2/1.3 version negotiation - 2
2022-04-01 12:29:06 +02:00
Manuel Pégourié-Gonnard
33a9d61885
Merge pull request #5638 from paul-elliott-arm/ssl_cid_accessors
Accessors to own CID within mbedtls_ssl_context
2022-04-01 11:36:00 +02:00
Manuel Pégourié-Gonnard
6a25159c69
Merge pull request #5648 from gabor-mezei-arm/5403_hkdf_use_internal_psa_implementations
HKDF 2: use internal implementations in TLS 1.3
2022-04-01 11:15:29 +02:00
Paul Elliott
02758a51df Add tls CID tests
Add tests to test tls coneection id functionality, including the new
'own cid' accessor.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2022-03-31 19:21:41 +01:00
Ronald Cron
cbd7bfd30e ssl-opt.sh: Force TLS 1.2 on server for TLS 1.2 specific tests
Force TLS 1.2 on OpenSSL/GnuTLS server
for TLS 1.2 specific tests.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-31 18:25:27 +02:00
Ronald Cron
634d865d80 ssl-opt.sh: Fix "no TLS 1.3 server support" test check
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-31 18:25:27 +02:00
Paul Elliott
ff59a34606 Prevent free of uninitialised variables
In an error case it was possible for mbedtls_mpi variables to be free'd
uninitialised.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2022-03-31 17:14:13 +01:00
Dave Rodgman
017a19997a Update references to old Github organisation
Replace references to ARMmbed organisation with the new
org, Mbed-TLS, following project migration.

Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2022-03-31 14:43:16 +01:00
Neil Armstrong
b7b549aa71 Force server-side TLS1.2 for ECDH- Opaque PK key test
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-03-31 15:24:18 +02:00
Neil Armstrong
023bf8d7c2 Add ECDH- Opaque PK key test
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-03-31 15:24:17 +02:00
Ronald Cron
a980adf4ce
Merge pull request #5637 from ronald-cron-arm/version-negotiation-1
TLS 1.2/1.3 version negotiation - 1
2022-03-31 11:47:16 +02:00
Ronald Cron
37bdaab64f tls: Simplify the logic of the config version check and test it
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-31 09:26:58 +02:00
Neil Armstrong
56d51274d8 Initialize PSA crypto in test_suite_pk for RSA verify tests
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-03-30 16:39:07 +02:00
Manuel Pégourié-Gonnard
3304f253d7
Merge pull request #5653 from paul-elliott-arm/handshake_over
Add mbedtls_ssl_is_handshake_over()
2022-03-30 12:16:40 +02:00
Ronald Cron
3cec8e8864 tests: Init PSA crypto if TLS 1.3 is enabled
Initialize PSA crypto in tests if TLS 1.3 is
enabled as done when MBEDTLS_USE_PSA_CRYPTO
is enabled.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-29 18:58:31 +02:00
Ronald Cron
a1b8f6e914 ssl-opt.sh: Do not force TLS 1.3 on client
For TLS 1.3 tests, do not force TLS 1.3
version on client to play the negotiation
game whenever possible.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-29 18:58:31 +02:00
Ronald Cron
f3b425bbde ssl-opt.sh: Force TLS 1.2 on server
To maximize the number of tests where MbedTLS
client proposes both TLS 1.2 and TLS 1.3 to
the server, force the TLS 1.2 version on the
server side rather than on the client side
in TLS 1.2 specific tests.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-29 18:58:31 +02:00
Ronald Cron
f660655b84 TLS: Allow hybrid TLS 1.2/1.3 in default configurations
This implies that when both TLS 1.2 and TLS 1.3
are included in the build all the TLS 1.2 tests
using the default configuration now go through
a version negotiation on the client side.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-29 18:58:31 +02:00
Ronald Cron
e1d3f06399 Allow hybrid TLS 1.3 + TLS 1.2 configuration
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-29 18:58:31 +02:00
Ronald Cron
7320e6436b ssl_tls12_client.c: Switch to generic Client Hello state handler
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-29 18:58:31 +02:00
Ronald Cron
27c85e743f ssl_tls.c: Unify TLS 1.2 and TLS 1.3 SSL state logs
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-29 18:58:31 +02:00
Paul Elliott
571f1187b6
Merge pull request #5642 from mprse/ecp_export
Add ECP keypair export function
2022-03-29 17:19:04 +01:00
Dave Rodgman
1c41501949
Merge pull request #5632 from tom-cosgrove-arm/seclib-667-sha512-acceleration-mbedtls-internal
SECLIB-667: Accelerate SHA-512 with A64 crypto extensions
2022-03-29 15:34:12 +01:00
Ronald Cron
086ee0be0e ssl_tls.c: Reject TLS 1.3 version configuration for server
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-29 14:42:17 +02:00
Ronald Cron
de1adee51a Rename ssl_cli/srv.c
Rename ssl_cli.c and ssl_srv.c to reflect the fact
that they are TLS 1.2 specific now. Align there new
names with the TLS 1.3 ones.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-29 14:39:49 +02:00
Ronald Cron
63d97ad0bb
Merge pull request #5559 from yuhaoth/pr/add-rsae-sha384-sha512
Add rsae sha384 sha512
2022-03-29 14:01:51 +02:00
Manuel Pégourié-Gonnard
39f2f73e69
Merge pull request #5630 from ronald-cron-arm/restore-full-compat-testing
Restore full TLS compatibility testing
2022-03-28 18:31:17 +02:00
Ronald Cron
e44d8e7eea
Merge pull request #5369 from xkqian/add_2nd_client_hello
Add 2nd client hello
2022-03-28 12:18:41 +02:00
XiaokangQian
5c252620c5 Move MAC-ALL to self._ciphs in ssl-opt.sh
Change-Id: I60d29560f8937a0001ab4a30086bac255fc4b1eb
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-03-28 08:53:45 +00:00
Przemek Stekiel
6a478ef054 mbedtls_ecp_group_cmp: change names of parameters to more suitable
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-03-28 07:25:12 +02:00
XiaokangQian
2e17fb8c93 Change code base on comments
Add all of the group pairs for hrr cases
Re-order some parameters

Change-Id: Id7e131d1ed4279bbd586613800df7bd87dfa4c54
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-03-28 03:30:05 +00:00
Gabor Mezei
ed6d6589b3
Use hash algoritm for parameter instead of HMAC
To be compatible with the other functions `mbedtls_psa_hkdf_extract` and
`mbedtls_psa_hkdf_expand` use hash algorithm for parameter.

Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-03-26 17:28:06 +01:00
Gabor Mezei
07732f7015
Translate from mbedtls_md_type_t to psa_algorithm_t
Do the translation as early as possible from mbedtls_md_type_t to psa_algorithm_t.

Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-03-26 17:04:19 +01:00
Gabor Mezei
5d9a1fe9e9
PSA code depends on MBEDTLS_SSL_PROTO_TLS1_3
With TLS 1.3 support MBEDTLS_PSA_CRYPTO_C is enabled so PSA support
is always enabled.

Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-03-26 15:47:15 +01:00
Ronald Cron
618955d381 compat.sh: Fix check for OpenSSL support
If OpenSSL does not support a mode (tls12 or
dtls12 or tls13) just skip the tests involving
OpenSSL.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-25 16:50:18 +01:00
Ronald Cron
2c74ff629d compat.sh: Restore full TLS compatibility testing
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-25 16:50:18 +01:00
XiaokangQian
a1931448f0 Update hrr test cases generation code without change class
Change-Id: I38f620213bf5349d33ecad080538294633f85566
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-03-25 11:58:22 +00:00
XiaokangQian
eff93f947d Rebase code to latest and solve conflicts
Change-Id: Id89af63e5d63347f6365c87b2aed419cc31fe0d4
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-03-25 10:47:55 +00:00
XiaokangQian
8031ba7fbf Update code base on comments
Change run title
Remove dedicate ciphersuite and sig alg
Update test cases

Change-Id: Ic0e9adf56062e744f7bafbc6bb562baeaafd89f0
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-03-25 09:27:53 +00:00
Manuel Pégourié-Gonnard
cefa904759
Merge pull request #5622 from paul-elliott-arm/timing_delay_accessor
Accessor for mbedtls_timing_delay_context final delay
2022-03-25 09:14:41 +01:00
XiaokangQian
83f818811e Update test cases in tls13-compat.sh
Change-Id: I5e080b3343492dd80ede1305f95d4b5b98cd44a3
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-03-25 08:12:35 +00:00
XiaokangQian
68a87e4606 Remove the option r in generate_tls13_compat_tests.py
Integrate two options into one
Use one dedicate cipher suite TLS_AES_256_GCM_SHA384
Use on dedicate signature algorithm ecdsa_secp384r1_sha384

Change-Id: Icbe39b985e1942edc4b1e37ce3352eed4f316ab7
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-03-25 08:09:29 +00:00
XiaokangQian
20438976f9 Change comments and styles base on review
Change-Id: Idde76114aba0a47b61355677dd33ea9de7deee9d
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-03-25 08:09:29 +00:00
XiaokangQian
af56fd3b9d Disable some reported warnings in pylint
Change-Id: Ia01e4a425f8b8d83be53d02885cf8ae4cbb20c98
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-03-25 08:08:01 +00:00
XiaokangQian
b9cd73f640 Fix errors from pylint
Change-Id: I6cbbf8a0b0acedf651fada6ab54fa03dc4ad9cf5
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-03-25 08:06:57 +00:00
XiaokangQian
7069cbc8d5 generate all tls13 hrr test cases for compatible mode
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-03-25 08:06:08 +00:00
Paul Elliott
42d5e51a98 Make test function name more accurate
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2022-03-24 19:41:28 +00:00
Paul Elliott
27b0d94e25 Use mbedtls_ssl_is_handshake_over()
Switch over to using the new function both internally and in tests.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2022-03-24 14:43:52 +00:00
Jerry Yu
72d81e56b6 Add cert_sig_algs into offered list
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-03-24 22:13:57 +08:00
Jerry Yu
7de79850c9 Add cert_sig_algs for compat generate script
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-03-24 20:09:00 +08:00
Tom Cosgrove
226aca195f Fix running of all.sh on macOS
Was getting 'dd: unknown operand status'

Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2022-03-23 21:40:56 +00:00
Tom Cosgrove
87fbfb5d82 SECLIB-667: Accelerate SHA-512 with A64 crypto extensions
Provide an additional pair of #defines, MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT
and MBEDTLS_SHA512_USE_A64_CRYPTO_ONLY. At most one of them may be
specified. If used, it is necessary to compile with -march=armv8.2-a+sha3.

The MBEDTLS_SHA512_PROCESS_ALT and MBEDTLS_SHA512_ALT mechanisms
continue to work, and are mutually exclusive with SHA512_USE_A64_CRYPTO.

There should be minimal code size impact if no A64_CRYPTO option is set.

The SHA-512 implementation was originally written by Simon Tatham for PuTTY,
under the MIT licence; dual-licensed as Apache 2 with his kind permission.

Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2022-03-23 21:40:53 +00:00
Jerry Yu
f8aa9a44aa fix various issues
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-03-23 20:54:38 +08:00
Jerry Yu
5fb7d176f3 Replace rsakey to 2048bits for test
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-03-23 11:16:53 +08:00
Jerry Yu
cef3f33012 Guard rsa sig algs with rsa_c and pkcs1_v{15,21}
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-03-22 23:16:42 +08:00
Jerry Yu
701656fb29 fix redefine error
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-03-22 21:52:05 +08:00
Jerry Yu
e2c882518c Add pk_sign_ext unit tests
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-03-22 21:24:19 +08:00
Jerry Yu
5512ad9df8 fix genkey fail
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-03-22 15:14:53 +08:00
Jerry Yu
92339d25b4 Add more unit test for pk_sign_ext
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-03-22 15:14:53 +08:00
Jerry Yu
b3bfe9f5d2 Add verify for pk_sign_ext test
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-03-22 15:14:53 +08:00
Jerry Yu
5a0afc8a12 fix test fail for pk_sign_ext
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-03-22 15:13:35 +08:00
Jerry Yu
20f9f819bb Remove use_psa_crypto in test scripts
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-03-22 15:13:35 +08:00
Jerry Yu
1f45b67474 Add unit tests
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-03-22 15:13:34 +08:00
Jerry Yu
79c004148d Add PSA && TLS1_3 check_config
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-03-22 15:13:34 +08:00
Jerry Yu
3a58b462b6 add pss_rsae_sha{384,512}
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-03-22 15:13:34 +08:00
Jerry Yu
919130c035 Add rsa_pss_rsae_sha256 support
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-03-22 15:13:33 +08:00
Gabor Mezei
1e64f7a643
Use MBEDTLS_USE_PSA_CRYPTO macro guard for testing instead of MBEDTLS_PSA_CRYPTO_C
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-03-21 17:00:54 +01:00
Gabor Mezei
892c4aa295
Update hkdf test cases to handle PSA code
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-03-21 17:00:54 +01:00
Paul Elliott
21bbb7a888 Add simple test to ensure accessor is working
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2022-03-21 15:28:05 +00:00
Paul Elliott
b9af2db4cf Add accessor for timing final delay
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2022-03-21 15:26:19 +00:00
Manuel Pégourié-Gonnard
f4042f076b
Merge pull request #5573 from superna9999/5176-5177-5178-5179-tsl-record-hmac
TLS record HMAC
2022-03-21 11:36:44 +01:00
Manuel Pégourié-Gonnard
706f6bae27
Merge pull request #5518 from superna9999/5274-ecdsa-signing
PK: ECDSA signing
2022-03-21 09:57:57 +01:00
Manuel Pégourié-Gonnard
472044f21e
Merge pull request #5525 from superna9999/5161-pk-rsa-encryption
PK: RSA encryption
2022-03-21 09:57:38 +01:00
Przemek Stekiel
a677b5f6c7 Fix minor issues
- parameter name in function description
- test_suite_ecp.data: add new line at the end of file

Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-03-21 09:49:40 +01:00
Neil Armstrong
c23d2e3ef1 Wrap unused declaration in #if/#endif when USE_PSA is set in x509_csr_check()
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-03-18 15:31:59 +01:00
Przemek Stekiel
4b30feb32e Add test for ECP export
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-03-18 13:58:26 +01:00
Neil Armstrong
0ab7a232b5 Add non-PSA and PSA variant of test_XXXX_constant_flow all.sh tests
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-03-18 11:10:09 +01:00
Neil Armstrong
8f92bf3a26 Only make PSA HMAC key exportable when NULL or CBC & not EtM in build_transforms()
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-03-18 11:10:09 +01:00
Manuel Pégourié-Gonnard
8d4bc5eeb9
Merge pull request #5481 from gabor-mezei-arm/5401_implement_hkdf_extract_based_on_psa_hmac
HKDF 1a: Implement Extract in TLS 1.3 based on PSA HMAC
2022-03-17 11:55:48 +01:00
Manuel Pégourié-Gonnard
15c0e39fff
Merge pull request #5519 from superna9999/5150-pk-rsa-decryption
PK: RSA decryption
2022-03-17 11:02:13 +01:00
Manuel Pégourié-Gonnard
7c92fe966a
Merge pull request #5614 from gabor-mezei-arm/5203_tls_cipher_tickets_use_psa_for_protection
TLS Cipher 2a: tickets: use PSA for protection
2022-03-17 09:50:09 +01:00
Gabor Mezei
88f3b2e502
Update old style test function parameter handling
Use data_t type for hex string parameters.

Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-03-16 16:53:23 +01:00
Gilles Peskine
cba28a7d40 Systematically generate test cases for operation setup failure
The test suite test_suite_psa_crypto_op_fail now runs a large number
of automatically generated test cases which attempt to perform a
one-shot operation or to set up a multi-part operation with invalid
parameters. The following cases are fully covered (based on the
enumeration of valid algorithms and key types):
* An algorithm is not supported.
* The key type is not compatible with the algorithm (for operations
  that use a key).
* The algorithm is not compatible for the operation.

Some test functions allow the library to return PSA_ERROR_NOT_SUPPORTED
where the test code generator expects PSA_ERROR_INVALID_ARGUMENT or vice
versa. This may be refined in the future.

Some corner cases with algorithms combining a key agreement with a key
derivation are not handled properly. This will be fixed in follow-up
commits.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-03-16 13:54:25 +01:00
Gilles Peskine
8b4a38176a Generate test cases for hash operation failure
Test that hash operation functions fail when given a hash algorithm
that is not supported or an algorithm that is not a hash.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-03-16 13:54:25 +01:00
Gilles Peskine
c7e1ea074a New test suite for systematically generated operation failure tests
The new test suite psa_crypto_op_fail is intended for systematically
generated test cases that ensure that cryptographic operations with
invalid parameters fail as expected. I intend invalid parameters to
cover things like an invalid algorithm, an algorithm that is
incompatible with the operation, a key type that is incompatible with
the algorithm, etc.

This commit just creates the infrastructure. Subsequent commits will
add data generation and test code.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-03-16 13:54:25 +01:00
Gilles Peskine
08622b6dc7 Declare PSA_WANT_ALG_CCM_STAR_NO_TAG and use it in tests
CCM*-no-tag is currently available whenever CCM is, so declare
PSA_WANT_ALG_CCM_STAR_NO_TAG whenever PSA_WANT_ALG_CCM is declared and vice
versa.

Fix dependencies of test cases that use PSA_ALG_CCM_STAR_NO_TAG: some were
using PSA_WANT_ALG_CCM and some had altogether wrong dependencies.

This commit does not touch library code. There is still no provision for
providing CCM support without CCM*-no-tag or vice versa.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-03-16 13:54:25 +01:00
Gilles Peskine
26f9054d8f Declare modules used by generate_psa_tests.py as dependencies
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-03-15 18:32:10 +01:00
Gilles Peskine
f761427fb9 Simplify key_for_usage_flags
Generate "with implication" and "without implication" usage test cases
separately.

The set of generated test cases is unchanged. The order, and the description
of "with implication" test cases, changes.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-03-15 18:32:10 +01:00
Dave Rodgman
2cecd8aaad
Merge pull request #3624 from daxtens/timeless
RFC: Fix builds with MBEDTLS_HAVE_TIME disabled and test
2022-03-15 16:43:19 +00:00
Gilles Peskine
6f160cab59 Skip some DTLS reordering tests in PSK-only builds
Some DTLS reordering tests rely on certificate authentication messages. It
is probably possible to adapt them to rely on different messages, but for
now, skip them in PSK-only builds.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-03-14 20:32:20 +01:00
Gilles Peskine
309ca65846 calc_verify is only called in some configurations
If MBEDTLS_SSL_EXTENDED_MASTER_SECRET is disabled or the feature is disabled
at runtime, and if client authentication is not used, then calc_verify is not
called, so don't require the corresponding debug trace.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-03-14 20:32:20 +01:00
Gilles Peskine
4c3f24046a Fix unused function warning
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-03-14 19:49:18 +01:00
Gilles Peskine
aa162b5bea Remove negative check for a message that no longer exists
The message was removed in 6be9cf542f without
a replacement. A failure would cause the test case to fail anyway, so this
negative check is not really useful.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-03-14 19:49:18 +01:00
Gilles Peskine
a266541072 test-ref-configs: clarify configuration-related traces
When doing builds with PSA enabled or with debug traces enabled, convey this
in $MBEDTLS_TEST_CONFIGURATION and in the terminal logs.

This fixes a bug that the outcome file did not distinguish entries from
test cases run in a reference configuration with or without PSA.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-03-14 19:49:18 +01:00
Gilles Peskine
d7df877183 Simplify the logic to select configurations
User-visible changes:
* With no argument, configurations are now tested in a deterministic order.
* When given arguments, configurations are now tested in the order given.
* When given arguments, if the same configuration is passed multiple times,
  it will now be tested multiple times.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-03-14 19:49:18 +01:00
Dave Rodgman
868d38f50f
Merge pull request #5547 from tom-cosgrove-arm/seclib-667-sha256-acceleration-mbedtls-internal
SECLIB-667: Accelerate SHA-256 with A64 crypto extensions
2022-03-14 12:57:37 +00:00
Manuel Pégourié-Gonnard
c11bffe989
Merge pull request #5139 from mprse/key_der_ecc
PSA: implement key derivation for ECC keys
2022-03-14 09:17:13 +01:00
Gilles Peskine
afb482897b
Merge pull request #5292 from mprse/asym_encrypt
Driver dispatch for PSA asymmetric encryption + RSA tests
2022-03-10 20:07:38 +01:00
Gilles Peskine
fc47641e36 Add RFC 7539 test vector for ChaCha20
The PSA Crypto API uses 0 as the initial counter value, but the test vector
in RFC 7539 uses 1. So the unit tests here include an extra leading block.
The expected data for this leading block was calculated with Cryptodome.

    #!/usr/bin/env python3
    import re
    from Cryptodome.Cipher import ChaCha20

    key = bytes.fromhex('000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f')
    nonce = bytes.fromhex('000000000000004a00000000')
    encrypt = lambda pt: ChaCha20.new(key=key, nonce=nonce).encrypt(pt)
    # Cryptodome uses counter=0, like PSA Crypto. Prepend a 64-byte input block #0
    # so that the plaintext from RFC 7539 starts exactly at block #1.
    header = b'The RFC 7539 test vector uses counter=1, but PSA uses counter=0.'
    assert(len(header) == 64)
    sunscreen = b"Ladies and Gentlemen of the class of '99: If I could offer you only one tip for the future, sunscreen would be it."
    plaintext = header + sunscreen
    zeros = b'\x00' * len(plaintext)
    keystream = encrypt(zeros)
    ciphertext = encrypt(plaintext)

    print('RFC 7539 §2.4.2')
    print('Keystream:')
    print(re.sub(r'(..)', r'\1:', keystream[64:].hex()))
    print('Ciphertext Subscreen:')
    print(re.sub(r'(..)', r'\1 ', ciphertext[64:].hex()))
    print('')

    print(f"""\
    PSA symmetric decrypt: ChaCha20, RFC7539 keystream
    depends_on:PSA_WANT_ALG_STREAM_CIPHER:PSA_WANT_KEY_TYPE_CHACHA20
    # Keystream from RFC 7539 §2.4.2, with an extra 64-byte output block prepended
    # because the test vector starts at counter=1 but our API starts at counter=0.
    cipher_decrypt:PSA_ALG_STREAM_CIPHER:PSA_KEY_TYPE_CHACHA20:"{key.hex()}":"{nonce.hex()}":"{zeros.hex()}":"{keystream.hex()}"

    PSA symmetric decrypt: ChaCha20, RFC7539 sunscreen
    depends_on:PSA_WANT_ALG_STREAM_CIPHER:PSA_WANT_KEY_TYPE_CHACHA20
    # Test vector from RFC 7539 §2.4.2, with an extra 64-byte block prepended
    # because the test vector starts at counter=1 but our API starts at counter=0.
    cipher_decrypt:PSA_ALG_STREAM_CIPHER:PSA_KEY_TYPE_CHACHA20:"{key.hex()}":"{nonce.hex()}":"{ciphertext.hex()}":"{plaintext.hex()}"
    """)

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-03-10 18:57:09 +01:00
Gabor Mezei
49c8eb3a5a
Enable chachcapoly cipher for SSL tickets
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-03-10 17:09:59 +01:00
Gabor Mezei
2fa1c311cd
Remove test dependency
The SSL ticket rotation test case is enabled when PSA is used.

Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-03-10 17:09:59 +01:00
Manuel Pégourié-Gonnard
10e5cdbbbf
Merge pull request #5454 from gstrauss/cert_cb-user_data
server certificate selection callback
2022-03-10 11:51:42 +01:00
Dave Rodgman
73e91e13a6
Merge pull request #2229 from RonEld/fix_test_md_api_violation
Fix test md api violation
2022-03-10 09:21:47 +00:00
Paul Elliott
17f452aec4
Merge pull request #5448 from lhuang04/tls13_alpn
Port ALPN support for tls13 client from tls13-prototype
2022-03-08 17:53:38 +00:00
Przemek Stekiel
c85f0912c4 psa_crypto.c, test_suite_psa_crypto.function: fix style
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-03-08 11:37:54 +01:00
Przemek Stekiel
f8614a0ec2 asymmetric_encryption.h: trim trailing spaces
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-03-08 10:48:35 +01:00
Przemek Stekiel
b6bdebde5e asymmetric_encrypt: handle forced output
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-03-08 10:32:18 +01:00
Przemek Stekiel
d5e5c8b58d asymmetric_encrypt: add remining test driver cases
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-03-08 10:31:07 +01:00
Jerry Yu
3b86d1b3c6 fix comments grammar issues
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-03-08 14:07:39 +08:00
Jerry Yu
80bc860aab add depends to avoid file not found
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-03-08 14:07:39 +08:00
Jerry Yu
89e7654fc9 fix parallel build fail of test_cmake_out_source
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-03-08 14:07:39 +08:00
Gilles Peskine
c9c967c812 Fix RSA sanity checks for asymmetric_encrypt
* Remove expected_output_data: since asymmetric encryption is randomized,
  it can't be useful.
* The decryption check needs the private exponent, not the public exponent.
* Use PSA macro for the expected ciphertext buffer size.
* Move RSA sanity checks to their own function for clarity.
* For RSAES-PKCS1-v1_5, check that the result of the private key operation
  has the form 0x00 0x02 ... 0x00 M where M is the plaintext.
* For OAEP, check that the result of the private key operation starts with
  0x00. The rest is the result of masking which it would be possible to
  check here, but not worth the trouble of implementing.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-03-07 21:18:37 +01:00
Gilles Peskine
44311f5c98
Merge pull request #5571 from superna9999/5162-pk-rsa-signing
PK: RSA signing
2022-03-07 17:09:14 +01:00
Gilles Peskine
6bf5c8cb1d
Merge pull request #5506 from superna9999/4964-extend-psa-one-shot-multipart
Extend PSA operation setup tests to always cover both one-shot and multipart
2022-03-07 17:04:37 +01:00
Gilles Peskine
fdfc10b250
Merge pull request #4408 from gilles-peskine-arm/storage-format-check-mononicity
Check storage format tests for regressions
2022-03-07 17:02:34 +01:00
Przemek Stekiel
72373f3819 WIP: Add asymmetric_encrypt test case
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-03-07 16:48:18 +01:00
Przemek Stekiel
7a58208809 Change names rsa->asymmetric_encryption
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-03-07 10:49:04 +01:00
Neil Armstrong
fd4c259a7b Use PSA_INIT() in mac_multipart_internal_func()
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-03-07 10:11:11 +01:00
Ron Eldor
0df1ecd5fd Fix test_suite_md API violation
Add a call to `mbedtls_md_starts()` in the `mbedtls_md_process()`
test, as it violates the API usage. Fixes #2227.

Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2022-03-04 16:48:17 +00:00
Przemek Stekiel
f25b16cadd test_psa_compliance: update tag to fix-pr-5139-3
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-03-04 14:25:09 +01:00
Andrzej Kurek
469fa95cbc Add the timing test dependency on MBEDTLS_HAVE_TIME
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-03-04 05:07:45 -05:00
David Horstmann
61faf665e6 Use $PWD instead of $(pwd) for consistency
Change the new baremetal all.sh tests to use $PWD rather than
calling pwd again directly.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
2022-03-04 05:07:45 -05:00
Daniel Axtens
814c8133c8 tests: add baremetal full config build
To be able to test utility programs for an absence of time.h, we need a
baremetal config that is not crypto only. Add one.

Signed-off-by: Daniel Axtens <dja@axtens.net>
2022-03-04 05:07:45 -05:00
Daniel Axtens
446af202f6 tests: prevent inclusion of time.h in baremetal compiles
baremetal compiles should not include time.h, as MBEDTLS_HAVE_TIME is
undefined. To test this, provide an overriding include directory that
has a time.h which throws a meaningful error if included.

Signed-off-by: Daniel Axtens <dja@axtens.net>
2022-03-04 05:07:45 -05:00
Daniel Axtens
09e34b78ee Add header guard around malloc(0) returning NULL implementation
Make it safe to import the config multiple times without having
multiple definition errors.

(This prevents errors in the fuzzers in a later patch.)

Signed-off-by: Daniel Axtens <dja@axtens.net>
2022-03-04 05:07:45 -05:00
Neil Armstrong
502da11df1 Initialize PSA crypto in test_suite_pk pk_rsa_decrypt_test_vec() when USE_PSA_CRYPTO is enabled
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-03-03 16:52:47 +01:00
Neil Armstrong
5b32038ff0 Alternative CSR checks in x509_csr_check when USE_PSA_CRYPTO
The X509write x509_csr_check reference file depends on
mbedtls_test_rnd_pseudo_rand being used to match the pre-generated data.
This calls x509_crt_verifycsr() like in x509_csr_check_opaque() when
MBEDTLS_USE_PSA_CRYPTO is defined.

Notably using PSA_ALG_DETERMINISTIC_ECDSA() in ecdsa_sign_wrap() makes
this test run without these changes.

Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-03-03 16:44:06 +01:00
Neil Armstrong
5f8328b2f6 Initialize PSA crypto in test_suite_x509write for RSA signing tests
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-03-03 16:39:39 +01:00
Neil Armstrong
c921bfdf30 Fix 80 characters indentation in pk_rsa_encrypt_decrypt_test()
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-03-03 16:33:39 +01:00
Neil Armstrong
7f1055223d Remove pk_rsa_encrypt_test_vec() test in favor to pk_rsa_encrypt_decrypt_test()
Not checking the encrypt result with PSA makes the test useless.

Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-03-03 16:33:39 +01:00
Neil Armstrong
dac2f23a82 Stop checking against reference vector in pk_rsa_encrypt_test_vec when USE_PSA_CRYPTO
The pk_rsa_encrypt_test_vec() reference vector is calculated while using
mbedtls_test_rnd_pseudo_rand rng source, but since the RNG souce can't
be controlled when USE_PSA_CRYPTO is enabled we can't get the same
result.

The pk_rsa_encrypt_test_vec() fails when switching to mbedtls_test_rnd_std_rand
as rng source.

Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-03-03 16:33:39 +01:00
Neil Armstrong
e0df42cbb7 Introduce pk_rsa_encrypt_decrypt_test
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-03-03 16:33:39 +01:00
Neil Armstrong
445d2192d5 Initialize PSA crypto in test_suite_pk pk_rsa_encrypt_test_vec() & pk_rsa_alt() when USE_PSA_CRYPTO is enabled
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-03-03 16:33:39 +01:00
Neil Armstrong
fe6da1c35c Fix style issues in mac_sign_verify_multi()
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-03-03 16:29:14 +01:00
Gilles Peskine
052deb941f
Merge pull request #5554 from tom-daubney-arm/fix_uninitialised_buffers_in_tests
Fix uninitialised buffers in tests - Coverity issue
2022-03-03 13:30:58 +01:00
Gilles Peskine
d929dbbb25
Merge pull request #5368 from mfil/feature/additional_md_getters
Add function to get message digest info from context
2022-03-02 16:44:26 +01:00
Przemek Stekiel
38df86cc6c Simplyfy asymmetric_decrypt() test function
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-03-02 09:11:04 +01:00
Gilles Peskine
a9b4c436ee
Merge pull request #5588 from gilles-peskine-arm/mypy-on-jenkins
Make mypy unconditional
2022-03-01 20:48:42 +01:00
Gilles Peskine
92e08fba4c
Merge pull request #5475 from miudr/fix_issue_5140
Fix AEAD multipart incorrect offset in test_suite_psa_crypto.function
2022-03-01 20:45:54 +01:00
Dave Rodgman
2cf0d4f072
Merge pull request #5584 from gilles-peskine-arm/cmake-Wunused-function
Build tests with -Wunused-function with cmake
2022-03-01 19:17:16 +00:00
Przemek Stekiel
4400be408b Adapt test cases for invalid bits with and without ECC keys enabled
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-03-01 17:02:46 +01:00
Przemek Stekiel
dcab6ccb3b Return PSA_ERROR_INVALID_ARGUMENT for a public key, and PSA_ERROR_NOT_SUPPORTED for a type that is not handled.
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-03-01 14:29:49 +01:00
Neil Armstrong
4766f99fe5 Add multi-part mac sign/verify test
The test is based on the AEAD multi-part test, re-using the
design on aead_multipart_internal_func() to test differnet
sequence of psa_mac_update() for MAC update or verify.

Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-02-28 18:37:30 +01:00
Gilles Peskine
254efe5f0c Make mypy unconditional
Running mypy was optional for a transition period when it wasn't installed
on the CI. Now that it is, make it mandatory, to avoid silently skipping an
expected check if mypy doesn't work for some reason.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-02-28 16:06:36 +01:00
Neil Armstrong
60234f87a6 Revert "Introduce new mac_key_policy_multi() variant of mac_key_policy() testing multiple updates occurences"
This reverts commit 3ccd08b343.

Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-02-28 15:21:38 +01:00
Gilles Peskine
9c656ec718 Fix unused function warning
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-02-26 19:56:12 +01:00
Gilles Peskine
d5438a5678 Enable -Wunused-function in cmake builds for tests
This has been the case when building with make since
d3d8a64dfa. Be consistent.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-02-26 19:54:41 +01:00
Glenn Strauss
6989407261 Add accessor to retrieve SNI during handshake
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
2022-02-25 19:55:53 -05:00
Glenn Strauss
36872dbd0b Provide means to reset handshake cert list
Extend mbedtls_ssl_set_hs_own_cert() to reset handshake cert list
if cert provided is null.  Previously, mbedtls_ssl_set_hs_own_cert()
only provided a way to append to the handshake certificate list,
without providing a way to replace the handshake certificate list.

Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
2022-02-25 19:55:48 -05:00
Gilles Peskine
588d7a7538 Add a missing requires_max_content_len
Slightly reduce the amount of data so that the test passes with 512.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-02-25 21:23:25 +01:00
Gilles Peskine
c6d197b68a ssl-opt needs debug messages
Many test cases in ssl-opt.sh need error messages (MBEDTLS_ERROR_C) or SSL
traces (MBEDTLS_DEBUG_C). Some sample configurations don't include these
options. When running ssl-opt.sh on those configurations, enable the
required options. They must be listed in the config*.h file, commented out.

Run ssl-opt in the following configurations with debug options:
ccm-psk-tls1_2, ccm-psk-dtls1_2, suite-b.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-02-25 21:22:25 +01:00
Gilles Peskine
6e86e54abb Adapt tests for PSK in PSK-only builds
In a PSK-only build:
* Skip tests that rely on a specific non-PSK cipher suite.
* Skip tests that exercise a certificate authentication feature.
* Pass a pre-shared key in tests that don't mind the key exchange type.

This commit only considers PSK-only builds vs builds with certificates. It
does not aim to do something useful for builds with an asymmetric key
exchange and a pre-shared key for authentication.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-02-25 21:06:21 +01:00
Gilles Peskine
2fe796f1b7 Add some missing dependencies: EXTENDED_MASTER_SECRET, CACHE
This commit is not necessarily complete, but it's a step forward.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-02-25 21:06:21 +01:00
Gilles Peskine
3561526249 Only run "Default" tests if the expected ciphersuite is enabled
These tests ensure that a certain cipher suite is in use, so they fail in
builds that lack one of the corresponding algorithms.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-02-25 21:06:21 +01:00
Gilles Peskine
a165b5ced6 Automatically skip tests for some absent features: tickets, ALPN
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-02-25 21:06:21 +01:00
Gilles Peskine
82a4ab2486 ssl-opt: automatically skip DTLS tests in builds without DTLS
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-02-25 21:06:21 +01:00
Gilles Peskine
168f17c233 New sample/test configuration: small DTLS 1.2
1. Copy config-ccm-psk-tls1_2.h
2. Add DTLS support
3. Add some TLS and DTLS features that are useful in low-bandwidth,
   low-reliability networks
4. Reduce the SSL buffer to a very small size

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-02-25 21:06:11 +01:00
Neil Armstrong
3ccd08b343 Introduce new mac_key_policy_multi() variant of mac_key_policy() testing multiple updates occurences
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-02-25 16:15:08 +01:00
Neil Armstrong
ee9686b446 Fix style issue in hash_setup()
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-02-25 15:47:34 +01:00
Neil Armstrong
e858996413 Use PSA version of mbedtls_ct_hmac() in mbedtls_ssl_decrypt_buf()
Due to mbedtls_ct_hmac() implementation the decryption MAC key
must be exportable.

Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-02-25 15:17:50 +01:00
Neil Armstrong
2968d306e4 Implement mbedtls_ct_hmac() using PSA hash API
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-02-25 15:16:50 +01:00
Neil Armstrong
cf8841a076 Remove non-PSA MAC keys in mbedtls_ssl_transform when MBEDTLS_USE_PSA_CRYPTO is defined
Also remove last usage of non-PSA MAC keys in ssl_decrypt_non_etm_cbc() SSL test.

Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-02-25 15:16:49 +01:00
Neil Armstrong
4f091290bd Remove Obsolete SSLs tests with truncated MAC tags & NULL/CBC cipher
These tests are related to an obsolete feature removed from the library.

Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-02-25 15:16:49 +01:00
Neil Armstrong
f4cc062935 Setup MAC PSA keys in build_transforms() to pass ssl_crypt_record() with PSA crypto
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-02-25 15:16:49 +01:00
Neil Armstrong
46a1760922 Allow USE_PSA_CRYPTO for handshake TLS tests
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-02-25 15:16:49 +01:00
Jerry Yu
2ff6ba1df0 Remove rsa_pss_rsae_sha256 support.
Sign rsa is not thread safe. Remove it from current code.
And a thread-safe version should be re-introduce in future.

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-02-23 10:38:25 +08:00
Gilles Peskine
9216536415 Add storage format checks to the interface checker
Expand abi_check.py to look for backward incompatibilities not only in
the interface exposed to application code (and to some extent driver
code), but also to the interface exposed via the storage format, which
is relevant when upgrading Mbed TLS on a device with a PSA keystore.

Strictly speaking, the storage format checks look for regressions in
the automatically generated storage format test data. Incompatible
changes that are not covered by the generated tests will also not be
covered by the interface checker.

A known defect in this commit is that the --brief output is not brief
for storage format checks.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-02-22 14:54:03 +01:00
Przemyslaw Stekiel
aeaa4f0651 Code optimization
- fix codding style
- fix comments and descriptions
- add helper function for montgomery curve
- move N-2 calculation outside the loop
- fix access to <data> bytes: *data[x] -> (*data)[x]

Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2022-02-22 13:35:27 +01:00
Przemyslaw Stekiel
f6c2c87492 Fix ECC derivation tests
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2022-02-22 13:35:27 +01:00
Przemyslaw Stekiel
7b6e61a132 Add test vectors for ECC key excercise
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2022-02-22 13:35:26 +01:00
Przemyslaw Stekiel
50fcc535e5 Add Weierstrass curve/bits consistancy check + negative test vectors
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2022-02-22 13:35:26 +01:00
Przemyslaw Stekiel
02cf12ff92 Enable tests for Montgomery curves
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2022-02-22 13:35:26 +01:00
Przemyslaw Stekiel
8590f3b5ff Enable related test vectors
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2022-02-22 13:35:26 +01:00
Przemyslaw Stekiel
696b120650 Add tests for ECC key derivation
Test code and test vectors are taken from PR #5218

Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2022-02-22 13:35:26 +01:00
Przemyslaw Stekiel
ab80c0cd6c test_psa_compliance.py: checkout fix-pr-5139 tag
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2022-02-22 13:35:26 +01:00
Neil Armstrong
66a479f8fb Add Cipher Decrypt Fail multi-part case
Make `PSA symetric decrypt: CCM*-no-tag, input too short (15 bytes)`
depend on MBEDTLS_CCM_C otherwise the multi-part test fails on
the missing CCM* instead on the input length validity for CCM*.

Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-02-22 10:56:18 +01:00
Neil Armstrong
d8dba4e0aa Add Cipher Encrypt Fail multi-part case
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-02-22 10:56:18 +01:00
Neil Armstrong
3ee335dbe3 Add Cipher Encrypt multi-part case
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-02-22 10:56:18 +01:00
Neil Armstrong
752d811015 Add AEAD Key Policy check multi-part cases
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-02-22 10:56:18 +01:00
Neil Armstrong
78aeaf8ad7 Add Cipher Key Policy check one-shot cases
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-02-22 10:56:18 +01:00
Neil Armstrong
3af9b97a29 Add Multipart Message authentication Compute & Verify cases
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-02-22 10:56:18 +01:00
Neil Armstrong
ca30a00aad Add Multipart Hash Compute & Compare tests
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-02-22 10:56:18 +01:00
Neil Armstrong
55a1be1f48 Add Multipart Hash Compare fail tests
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-02-22 10:56:18 +01:00
Neil Armstrong
161ec5c368 Add Multipart Hash Compute fail tests
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-02-22 10:56:18 +01:00
Neil Armstrong
edb20865c7 Add One-Shot Hash setup test
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-02-22 10:56:18 +01:00
Jerry Yu
ccb005e35f fix missing feedback address
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-02-22 17:38:34 +08:00
Przemyslaw Stekiel
d9fa99917e Extend test coverage for transparent driver decryption.
Encryption is not deterministic and can not be verified by a know-answer test.
Encryption is already verified via encrypt-decrypt test.

Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2022-02-22 09:36:35 +01:00
Jerry Yu
819f29730a fix various issues in ssl-opt
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-02-22 10:17:58 +08:00
Jerry Yu
2124d05e06 Add sha384 and sha512 case
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-02-22 10:17:58 +08:00
Jerry Yu
d66409ae92 Add non support sig alg check and test
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-02-22 10:17:58 +08:00
Jerry Yu
562a0fddf0 Add client version check
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-02-22 10:17:58 +08:00
Jerry Yu
6c3d821ff1 update ssl-opt test cases
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-02-22 10:17:58 +08:00
Jerry Yu
46b53b9920 remove duplicate test
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-02-22 10:17:58 +08:00
Jerry Yu
4bfa22aeb3 remove useless config option
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-02-22 10:17:58 +08:00
Jerry Yu
42ea733fdc remove RSA not found test
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-02-22 10:17:58 +08:00
Jerry Yu
7db5b8f68c add rsa_pss_rsae_sha256 write support
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-02-22 10:17:58 +08:00
Jerry Yu
37987ddd0f Add test cases
Add test cases for different sig algs.
Known issue is rsa_pss_rsae_sha256 fail

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-02-22 10:17:58 +08:00
Jerry Yu
ca133a34c5 Change state machine
Skip CertificateVerfiy if empty certificate or no
CertificateRequest received.

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-02-22 10:17:58 +08:00
Jerry Yu
22abd06cd0 Add rsa key check
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-02-22 10:17:58 +08:00
Jerry Yu
aa6214a571 add empty client certificate tests
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-02-22 10:17:58 +08:00
Jerry Yu
c19884f487 change expect exit value
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-02-22 10:17:58 +08:00
Jerry Yu
25e0ddcf47 Add client certificate file
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-02-22 10:17:58 +08:00
Jerry Yu
200b47b8f5 Add more tests for CertificateRequest
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-02-22 10:17:58 +08:00
Jerry Yu
960bc28bcc Add tests for no middlebox mode
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-02-22 10:17:57 +08:00
Ronald Cron
4579a972bf
Merge pull request #5426 from gilles-peskine-arm/ssl-get-version-3.1
Add accessors to mbedtls_ssl_context: user data, version
ABI-API-checking fails which was expected as this PR adds a new field in mbedtls_ssl_context and mbedtls_ssl_config.
2022-02-21 17:03:24 +01:00
Manuel Pégourié-Gonnard
e3a2dd787e
Merge pull request #5521 from AndrzejKurek/rsa-pss-use-psa
Make RSA-PSS verification use PSA with MBEDTLS_USE_PSA_CRYPTO
2022-02-21 16:58:57 +01:00
Gabor Mezei
4fded1359a
Use PSA_INIT()
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-02-21 15:47:24 +01:00
Gabor Mezei
c5efb8e58b
Use PSA error code
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-02-21 15:46:38 +01:00
Gabor Mezei
5d7d201b87
Update test
Testing the hash length in this context is not applicable because there is no way
to specify it when calling mbedtls_psa_hkdf_extract.
Change to test invalid `alg` parameter.

Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-02-21 15:46:33 +01:00
Gabor Mezei
ebc9368173
typo
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-02-21 15:44:51 +01:00
Gabor Mezei
298a2d6109
Use ASSERT_ALLOC
Change the calloc functions to ASSERT_ALLOC to check the
return value of calloc as well.

Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-02-21 15:43:52 +01:00
Gabor Mezei
62bf024025
Make the mbedtls_psa_hkdf_extract function more PSA compatible
Change the return value to `psa_status_t`.
Add `prk_size` and `prk_len` parameters.

Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-02-21 15:42:57 +01:00
Gabor Mezei
73cb6f54de
Add tests for mbedtls_psa_hkdf_extrct
The tests are based on the the test of mbedtls_hkdf_extract.

Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-02-21 15:41:42 +01:00
Gilles Peskine
860429f8af Add version number debug check to the GnuTLS interop test as well
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-02-21 15:14:02 +01:00