Commit graph

4254 commits

Author SHA1 Message Date
Tom Cosgrove
0cc78658c3 Add unit tests for the new function mbedtls_mpi_core_add_if() in bignum_new.c
The test cases use the following MPI values.

The .data file only includes those (a, b) values where a <= b, and gives the
sum unconditionally; the test code exercises a >= b and cond == 0 using these
values. The .data file gives two values for the carry out, which are for when
sizeof(mbedtls_mpi_uint) == 4 or 8.

    0 1 3 f fe ff 100 ff00 fffe ffff 10000
    fffffffe ffffffff 100000000 1f7f7f7f7f7f7f
    8000000000000000 fefefefefefefefe fffffffffffffffe ffffffffffffffff
    10000000000000000 1234567890abcdef0
    fffffffffffffffffefefefefefefefe fffffffffffffffffffffffffffffffe
    ffffffffffffffffffffffffffffffff 100000000000000000000000000000000
    1234567890abcdef01234567890abcdef0
    fffffffffffffffffffffffffffffffffffffffffffffffffefefefefefefefe
    fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffe
    ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff
    10000000000000000000000000000000000000000000000000000000000000000
    1234567890abcdef01234567890abcdef01234567890abcdef01234567890abcdef0
    4df72d07b4b71c8dacb6cffa954f8d88254b6277099308baf003fab73227f34029643b5a263f66e0d3c3fa297ef71755efd53b8fb6cb812c6bbf7bcf179298bd9947c4c8b14324140a2c0f5fad7958a69050a987a6096e9f055fb38edf0c5889eca4a0cfa99b45fbdeee4c696b328ddceae4723945901ec025076b12b

The lines in the .data file were generated by the following script

```
    #!/usr/bin/env perl
    #
    # mpi-test-core-add-if.pl - generate MPI tests in Perl for mbedtls_mpi_core_add_if()
    #
    use strict;
    use warnings;
    use Math::BigInt;
    use sort 'stable';

    my @add_mpis = qw(
        0 1 3 f fe ff 100 ff00 fffe ffff 10000
        fffffffe ffffffff 100000000 1f7f7f7f7f7f7f
        8000000000000000 fefefefefefefefe fffffffffffffffe ffffffffffffffff
        10000000000000000 1234567890abcdef0
        fffffffffffffffffefefefefefefefe fffffffffffffffffffffffffffffffe ffffffffffffffffffffffffffffffff
        100000000000000000000000000000000 1234567890abcdef01234567890abcdef0
        fffffffffffffffffffffffffffffffffffffffffffffffffefefefefefefefe
        fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffe
        ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff
        10000000000000000000000000000000000000000000000000000000000000000
        1234567890abcdef01234567890abcdef01234567890abcdef01234567890abcdef0
        4df72d07b4b71c8dacb6cffa954f8d88254b6277099308baf003fab73227f34029643b5a263f66e0d3c3fa297ef71755efd53b8fb6cb812c6bbf7bcf179298bd9947c4c8b14324140a2c0f5fad7958a69050a987a6096e9f055fb38edf0c5889eca4a0cfa99b45fbdeee4c696b328ddceae4723945901ec025076b12b
    );

    generate_tests();

    sub generate_tests {
        generate_mbedtls_mpi_core_add_if();
    }

    sub generate_mbedtls_mpi_core_add_if {

        my $sub_name = (caller(0))[3];      # e.g. main::generate_mbedtls_mpi_add_mpi
        my ($ignore, $test_name) = split("main::generate_", $sub_name);

        my @cases = ();

        for my $ah (@add_mpis) {
            for my $bh (@add_mpis) {

                my $a = Math::BigInt->from_hex($ah);
                my $b = Math::BigInt->from_hex($bh);
                next if $a > $b;                # don't need to repeat test cases

                # $b is the larger (or equal) of the two numbers. That's the number of limbs
                # we'll be using.
                my $bound4 = bound_mpi4($b);
                my $bound8 = bound_mpi8($b);

                my $r = $a + $b;
                my ($r4, $carry4) = ($r->copy(), 0);
                my ($r8, $carry8) = ($r->copy(), 0);

                ($carry4, $r4) = $r4->bdiv($bound4);
                ($carry8, $r8) = $r8->bdiv($bound8);

                my $rh4 = $r4->to_hex();
                my $rh8 = $r8->to_hex();

                my $desc = "$test_name #NUMBER: 0x$ah + 0x$bh = (0x$rh4, carry $carry4)/(0x$rh8, carry $carry8)EXPLAIN";
                my $case = output($test_name, str($ah), str($bh), str($rh4), $carry4, str($rh8), $carry8);

                push(@cases, [$case, $desc]);
            }
        }

        output_cases(" (for when sizeof(mbedtls_mpi_uint) == 4/8)", @cases);
    }

    sub output_cases {

        my ($explain, @cases) = @_;

        my $count = 1;
        for my $c (@cases) {

            my ($case, $desc, $dep) = @$c;
            $desc =~ s/NUMBER/$count/; $count++;
            if (defined($explain) && $desc =~ /EXPLAIN/) {
                $desc =~ s/EXPLAIN/$explain/;
                $explain = "";
            }

            my $depends = "";
            $depends = "depends_on:$dep\n" if defined($dep) && length($dep);

            print <<EOF;

    $desc
    $depends$case
    EOF
        }
    }

    # The first number (a power of 2) that won't fit in the number of MPIs
    # needed for the given number
    sub bound_mpi4 {
        my $one = Math::BigInt->new(1);     # blsft modifies caller
        return $one->blsft(bits_mpi4($_[0]));
    }

    sub bound_mpi8 {
        my $one = Math::BigInt->new(1);     # blsft modifies caller
        return $one->blsft(bits_mpi8($_[0]));
    }

    # How many bits (a multiple of 32) needed to store the specified number
    # when using 4-byte MPIs
    sub bits_mpi4 {
        return 32 * mpi4s($_[0]);
    }

    # How many bits (a multiple of 64) needed to store the specified number
    # when using 8-byte MPIs
    sub bits_mpi8 {
        return 64 * mpi8s($_[0]);
    }

    # How many 4-byte MPIs needed to store the specified number
    sub mpi4s {
        my ($n) = @_;
        my $h = $n->to_hex();
        return int((length($h) + 7) / 8);
    }

    # How many 8-byte MPIs needed to store the specified number
    sub mpi8s {
        my ($n) = @_;
        my $h = $n->to_hex();
        return int((length($h) + 15) / 16);
    }

    sub output {
        return join(":", @_);
    }

    sub str {
        return '"' . $_[0] . '"';
    }
```

Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2022-08-23 16:26:52 +01:00
Andrzej Kurek
32bd063773 test_suite_ssl: Add minimal handshake requirements
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-08-23 05:42:44 -04:00
Andrzej Kurek
299b1d6c93 Remove unnecessary psa/crypto.h include
This is now included in `legacy_or_psa.h`.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-08-23 05:42:33 -04:00
Andrzej Kurek
cccb044804 Style & formatting fixes
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-08-23 05:26:02 -04:00
Janos Follath
645ff5b8ff
Merge pull request #6095 from gabor-mezei-arm/6016_add_new_modulus_and_residue_structures
Add the new modulus and the residue structures with low level I/O operations
2022-08-23 09:02:43 +01:00
Andrzej Kurek
21b6870301 test_suite_ssl: remove unnecessary usage of mbedtls_md_get_size
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-08-22 17:46:50 -04:00
Andrzej Kurek
8c95ac4500 Add missing dependencies / alternatives
A number of places lacked the necessary dependencies on one of
the used features: MD, key exchange with certificate, 
entropy, or ETM.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-08-22 17:46:50 -04:00
Andrzej Kurek
7bb8bab457 Update SHA and MD5 dependencies in the SSL tests
The same elements are now also used when MBEDTLS_USE_PSA_CRYPTO
is defined and respective SHA / MD5 defines are missing.
A new set of macros added in #6065 is used to reflect these dependencies.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-08-22 17:46:50 -04:00
Andrzej Kurek
635c2c2be5 test_suite_ssl: replace CTR_DRBG with a fake rng source
This way there are less dependencies in the SSL test suite.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-08-22 17:46:50 -04:00
Gilles Peskine
e5018c97f9
Merge pull request #6195 from superna9999/6149-driver-only-hashes-ec-j-pake
Driver-only hashes: EC J-PAKE
2022-08-22 17:28:15 +02:00
Gilles Peskine
194556034d
Merge pull request #6169 from tom-cosgrove-arm/fix-incorrect-use-of-mbedtls_ecp_group_id
Fix incorrect use of mbedtls_ecp_group_id in test_suite_ssl.function
2022-08-22 17:26:18 +02:00
Janos Follath
6b8e0c2884 Bignum: make tests more readable
Signed-off-by: Janos Follath <janos.follath@arm.com>
2022-08-22 09:54:25 +01:00
Janos Follath
494a6d22bd Bignum tests: use TEST_EQUAL
TEST_EQUAL(), has the benefit of outputting the values that don't match,
which can make debugging simpler.

Scope:
- Recently added new test functions
- Checks making sure the test case/data is consistent is out of scope
- Only checks where printing the values is likely to be helpful

Signed-off-by: Janos Follath <janos.follath@arm.com>
2022-08-22 09:40:01 +01:00
Przemek Stekiel
07c0f12302 test_suite_pem.data: change MBEDTLS_CMAC_C->MBEDTLS_CIPHER_MODE_CBC dependency
MBEDTLS_CMAC_C dependency is ivalid.

"PEM read (unknown encryption algorithm)" needs MBEDTLS_CIPHER_MODE_CBC dependency as
otherwise this test is failing in test_when_no_ciphersuites_have_mac configuration
because mbedtls_pem_read_buffer() returns a different error (MBEDTLS_ERR_PEM_FEATURE_UNAVAILABLE).

Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-08-20 14:24:04 +02:00
Janos Follath
deb8030e9f Improve mbedtls_mpi_core_lt_ct() unit tests
- Improve test descriptions
- Add more test cases with return value of 1
- Remove the mbedtls prefix from the test function

Signed-off-by: Janos Follath <janos.follath@arm.com>
2022-08-19 13:32:17 +01:00
Neil Armstrong
01a7d310d5 Make ecjpake test suite depend on MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-08-19 14:03:02 +02:00
Tom Cosgrove
a327b52427 Fix incorrect use of mbedtls_ecp_group_id in test_suite_ssl.function
MBEDTLS_SSL_IANA_TLS_GROUP_SECP192R1 and friends are not members of the mbedtls_ecp_group_id enum

Found by clang's -Wassign-enum

Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2022-08-19 10:50:26 +01:00
Neil Armstrong
0d76341eac Remove md_info by md_type in ecjpake context, use mbedtls_hash_info_get_size() to get hash length
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-08-19 11:49:22 +02:00
Przemek Stekiel
bc0509a36b test_suite_pem, test_suite_pkparse: Adjust dependecies
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-08-19 10:15:56 +02:00
Przemek Stekiel
76b753bbb7 Change the dependencies in pem.c to xxx_BASED_ON_USE_PSA and related files
This is done to be able to bild test_psa_crypto_config_accel_hash component where MD5 is only available accelerated (PSA_WANT_ALG_MD5 is enabled and MBEDTLS_MD5_C is disabled) but MBEDTLS_USE_PSA_CRYPTO is disabled.
So the build should not attempt to enable pem_pbkdf1.

Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-08-19 10:15:56 +02:00
Przemek Stekiel
81799fd9d8 pem.c, test_suite_pem: fix dependency MBEDTLS_HAS_ALG_MD5_VIA_MD_OR_PSA->MBEDTLS_HAS_ALG_MD5_VIA_LOWLEVEL_OR_PSA
*** Comparing before-default -> after-default ***
   x509parse: total 723; skipped  26 ->  26
   x509write: total  41; skipped   8 ->   8
         pem: total  13; skipped   0 ->   0
         oid: total  28; skipped   0 ->   0

*** Comparing before-full -> after-full ***
   x509parse: total 723; skipped  25 ->  25
   x509write: total  41; skipped   0 ->   0
         pem: total  13; skipped   0 ->   0
         oid: total  28; skipped   0 ->   0

*** Comparing reference -> drivers ***
   x509parse: total 723; skipped  89 ->  89
   x509write: total  41; skipped   3 ->   3
         pem: total  13; skipped   0 ->   0
         oid: total  28; skipped   0 ->   0

Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-08-19 10:15:56 +02:00
Przemek Stekiel
2c70a0d9e0 test_suite_oid: Replace MBEDTLS_MD5_C and MBEDTLS_SHAxxx_C with the corresponding MBEDTLS_HAS_ALG_xxx_VIA_LOWLEVEL_OR_PSA
*** Comparing before-default -> after-default ***
   x509parse: total 723; skipped  26 ->  26
   x509write: total  41; skipped   8 ->   8
         pem: total  13; skipped   0 ->   0
         oid: total  28; skipped   0 ->   0

*** Comparing before-full -> after-full ***
   x509parse: total 723; skipped  25 ->  25
   x509write: total  41; skipped   0 ->   0
         pem: total  13; skipped   0 ->   0
         oid: total  28; skipped   0 ->   0

*** Comparing reference -> drivers ***
   x509parse: total 723; skipped  89 ->  89
   x509write: total  41; skipped   3 ->   3
         pem: total  13; skipped   0 ->   0
         oid: total  28; skipped   0 ->   0

Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-08-19 10:15:56 +02:00
Przemek Stekiel
050819c19e test_suite_x509write: Move MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA dependency for x509_crt_check to .function file
mbedtls_x509write_crt_set_subject_key_identifier() requires MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA

Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-08-19 10:15:56 +02:00
Przemek Stekiel
41b742f84d test_suite_pem: Adapt dependencies for MD
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-08-19 10:15:56 +02:00
Przemek Stekiel
f8087e5ffd x509_crt_check: remove MBEDTLS_SHA1_C dependency from .function file (already handed in .data file)
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-08-19 10:15:56 +02:00
Przemek Stekiel
d34f8c36b8 x509 tests: adjust dependencies
*** Comparing before-default -> after-default ***
   x509parse: total 723; skipped  26 ->  26
   x509write: total  41; skipped   8 ->   8

*** Comparing before-full -> after-full ***
   x509parse: total 723; skipped  25 ->  25
   x509write: total  41; skipped   0 ->   0

Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-08-19 10:15:56 +02:00
Jerry Yu
e28d9745a1 fix coding style issues
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-08-18 15:44:03 +08:00
Jerry Yu
5b7c7caee6 fix wrong condition issues
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-08-18 11:28:41 +08:00
Dave Rodgman
96a4be990f
Merge pull request #6177 from AndrzejKurek/ecdsa-no-md
Adjust hash dependencies in `test_suite_ecdsa`
2022-08-16 09:55:02 +01:00
Dave Rodgman
a7448bf19d
Merge pull request #6141 from mpg/driver-hashes-rsa-v21
Driver hashes rsa v21
2022-08-16 09:52:39 +01:00
Werner Lewis
e54046c9c2 Add test for ECP group metadata
Test cases added to check curve parameters and information for each
curve supported. Expected parameters are taken from references: SEC 2
for NIST, RFC 5639 for Brainpool, and RFC 7748 for curve25519/curve448.

Signed-off-by: Werner Lewis <werner.lewis@arm.com>
2022-08-15 14:28:20 +01:00
Janos Follath
816206439a Bignum: Improve style
- Instead of macros, use direct calculations for array sizes
- Move variable declarations closer to first use

Signed-off-by: Janos Follath <janos.follath@arm.com>
2022-08-15 11:35:46 +01:00
Gabor Mezei
7f0817884e
Unify mpi mod raw read/write test with the other tests
Use 32 bit limbs instead of 64 bit.

Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-08-12 18:00:33 +02:00
Gabor Mezei
89e31460db
Typo
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-08-12 15:36:56 +02:00
Janos Follath
6318468183 Improve bignum documentation
Signed-off-by: Janos Follath <janos.follath@arm.com>
2022-08-11 17:42:59 +01:00
Andrzej Kurek
1af61cb75b Introduce a new macro for hash size in ecdsa tests
Previously these tests depended on the definition from
inside the MD module, which in turn could be 32 or 64
bytes depending on whether MBEDTLS_SHA512_C was
defined. This is unnecessary, so a constant is itnroduced
instead.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-08-11 09:19:42 -04:00
Janos Follath
9dfb5621ff Test little endian core I/O with odd limbs
Signed-off-by: Janos Follath <janos.follath@arm.com>
2022-08-11 12:15:55 +01:00
Janos Follath
1cb3b976c3 Test big endian core I/O with odd limbs
Signed-off-by: Janos Follath <janos.follath@arm.com>
2022-08-11 12:06:14 +01:00
Manuel Pégourié-Gonnard
7d5271608b Fix undeclared dependencies on SHA-1
Previously the whole .function file had a global dependency on
MBEDTLS_SHA1_C. This hasn't been correct for a long time:
- on principle, dependency declarations in .function files are for
compile-time dependencies;
- in practice, a number of test cases do not depend on SHA-1, as they only
use SHA-256 or SHA-512 - those cases should not be skipped in builds
without SHA-1;
- this was "taken advantage of" to skip dependency declarations for
test cases that only depended on SHA-1.

The previous commit removed the global dependency on SHA1_C; as a result
the test cases that actually depend on SHA-1 were not skipped in builds
without SHA-1. This commit fixes that by adding dependency declarations
where they belong: in the .data file.

All cases compute hashes using MD is available, or PSA otherwise; so
MD_OR_PSA is appropriate here.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-08-11 12:50:06 +02:00
Manuel Pégourié-Gonnard
e741c61d54 Adjust dependencies in test_suite_pkcs1_v21
sed -i -f md_or_psa_hash.sed \
        tests/suites/test_suite_pkcs1_v21.data
        tests/suites/test_suite_pk.data

with md_or_psa_hash.sed containing:

    s/MBEDTLS_MD5_C/MBEDTLS_HAS_ALG_MD5_VIA_MD_OR_PSA/g
    s/MBEDTLS_RIPEMD160_C/MBEDTLS_HAS_ALG_RIPEMD160_VIA_MD_OR_PSA/g
    s/MBEDTLS_SHA1_C/MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA/g
    s/MBEDTLS_SHA224_C/MBEDTLS_HAS_ALG_SHA_224_VIA_MD_OR_PSA/g
    s/MBEDTLS_SHA256_C/MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA/g
    s/MBEDTLS_SHA384_C/MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA/g
    s/MBEDTLS_SHA512_C/MBEDTLS_HAS_ALG_SHA_512_VIA_MD_OR_PSA/g

(The only lines in pk.data that still had old-style dependencies where
the ones about PKCS1_V21.)

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-08-11 12:50:06 +02:00
Janos Follath
d0895708e2 Bignum: move internal constants to headers
Now that the check_names script allows it, we can do so.

Signed-off-by: Janos Follath <janos.follath@arm.com>
2022-08-10 13:32:16 +01:00
Werner Lewis
3b09739c1b Add test case for mbedtls_ecp_set_zero
Tests function with various ECP point conditions, covering freshly
initialized, zeroed, non-zero, and freed points.

Signed-off-by: Werner Lewis <werner.lewis@arm.com>
2022-08-08 17:22:55 +01:00
Janos Follath
1694969a0a Bignum: Add tests for modulus setup and free
Signed-off-by: Janos Follath <janos.follath@arm.com>
2022-08-08 13:37:20 +01:00
Neil Armstrong
a97f1ac5f9 Initialize mbedtls_x509write_csr struct before USE_PSA_INIT(), mbedtls_x509write_csr_free() will crash if uninitialized
When USE_PSA_INIT() failed because lack of seedfile, mbedtls_x509write_csr_free()
crashed when called on an unitialized mbedtls_x509write_csr struct.

This moves mbedtls_x509write_csr_init before calling USE_PSA_INIT(),
which could probably fail, and uses the same flow in x509_csr_check()
and x509_csr_check_opaque().

Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-08-08 13:54:47 +02:00
Andrzej Kurek
9f42c0683c Adjust hash dependencies in test_suite_ecdsa
Only deterministic tests require SHA256 now.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-08-08 07:31:48 -04:00
Gabor Mezei
a200f6f855 Add macro definitions to the tests
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-08-05 17:10:51 +01:00
Gabor Mezei
23a1ce90ec Add tests for mbedtls_mpi_mod_raw read/write functions
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-08-05 17:10:47 +01:00
Janos Follath
23bdeca64d Add core constant time comparison
Unfortunately reusing the new function from the signed constant time
comparison is not trivial.

One option would be to do temporary conditional swaps which would prevent
qualifying input to const. Another way would be to add an additional
flag for the sign and make it an integral part of the computation, which
would defeat the purpose of having an unsigned core comparison.

Going with two separate function for now and the signed version can be
retired/compiled out with the legacy API eventually.

The new function in theory could be placed into either
`library/constant_time.c` or `library/bignum_new.c`. Going with the
first as the other functions in the second are not constant time yet and
this distinction seems more valuable for new (as opposed to belonging to
the `_core` functions.

Signed-off-by: Janos Follath <janos.follath@arm.com>
2022-08-05 17:08:52 +01:00
Janos Follath
91dc67d31c Allow (NULL, 0) as a representation of 0
- We don't check for NULL pointers this deep in the library
- Accessing a NULL pointer when the limb number is 0 as a mistake is the
  very similar to any other out of bounds access
- We could potentially mandate at least 1 limb representation for 0 but
  we either would need to enforce it or the implementation would be less
  robust.
- Allowing zero limb representation - (NULL, 0) in particular - for zero
  is present in the legacy interface, if we disallow it, the
  compatibility code will need to deal with this (more code size and
  opportunities for mistakes)

In summary, interpreting (NULL, 0) as the number zero in the core
interface is the least of the two evils.

Signed-off-by: Janos Follath <janos.follath@arm.com>
2022-08-05 17:08:52 +01:00
Janos Follath
6ff3536de5 Add tests for little endian core I/O
Signed-off-by: Janos Follath <janos.follath@arm.com>
2022-08-05 17:08:49 +01:00
Janos Follath
f1d617deb8 Add tests for big endian core I/O
The test case where there were extra limbs in the MPI failed and this
commit contains the corresponding fix as well. (We used to use the
minimum required limbs instead of the actual limbs present.)

Signed-off-by: Janos Follath <janos.follath@arm.com>
2022-08-05 17:06:31 +01:00
Gilles Peskine
b4983d4556
Merge pull request #6164 from mprse/md_ssl_test
Avoid use of MD in SSL test suite
2022-08-05 11:02:44 +02:00
Gilles Peskine
f860f3742b
Merge pull request #6070 from wernerlewis/bignum_test_radix
Remove radix argument from bignum test functions
2022-08-05 11:01:07 +02:00
Gilles Peskine
57d4c11c44
Merge pull request #6165 from mprse/md_x509_test
Avoid use of MD in X.509 write test suite
2022-08-04 10:11:03 +02:00
Gilles Peskine
07e7fe516b
Merge pull request #6088 from tuvshinzayaArm/validation_remove_change_curve
Validation remove and change in files related to curve in library
2022-08-03 13:05:16 +02:00
Werner Lewis
dc47fe71df Use upper case for bignum string comparison
Test data which is compared as a hex string now uses upper case to
match output of mbedtls_mpi_write_string() output. This removes usage
of strcasecmp().

Signed-off-by: Werner Lewis <werner.lewis@arm.com>
2022-08-01 15:17:45 +01:00
Werner Lewis
3ccc116c35 Apply test data changes for conflicting cases
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
2022-08-01 15:17:45 +01:00
Werner Lewis
a453c14a12 Remove radix arguments from tests added in 3.2
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
2022-08-01 15:07:14 +01:00
Werner Lewis
efda01fb8c Fix formatting in bignum test functions
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
2022-08-01 15:07:14 +01:00
Werner Lewis
f65a327111 Remove remaining bignum radix args
Functions which are not covered by script, changes made to use radix
16.

Signed-off-by: Werner Lewis <werner.lewis@arm.com>
2022-08-01 15:07:14 +01:00
Werner Lewis
9802d36168 Remove radix arg from bignum tests
Cases where radix was explictly declared are removed in most cases,
replaced using script. bignum arguments are represented as hexadecimal
strings. This reduces clutter in test data and makes bit patterns
clearer.

Signed-off-by: Werner Lewis <werner.lewis@arm.com>
2022-08-01 15:07:14 +01:00
Werner Lewis
19b4cd893c Remove radix arg from mbedtls_test_read_mpi
All uses have radix argument removed, using script.

Signed-off-by: Werner Lewis <werner.lewis@arm.com>
2022-08-01 15:05:24 +01:00
Przemek Stekiel
54a544600f test_suite_x509write: use psa_hash_compute() instead mbedtls_md()
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-08-01 16:03:17 +02:00
Przemek Stekiel
cc59c998d8 test_suite_ssl: make PSA build independent on MD module
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-08-01 14:29:56 +02:00
Manuel Pégourié-Gonnard
1e48445aa0
Merge pull request #6104 from superna9999/6097-remove-useless-md-in-test
Remove useless use of MD in test functions
2022-07-28 11:35:56 +02:00
Dave Rodgman
aba26d0099
Merge pull request #5963 from tom-daubney-arm/remove_ssl_compression_new
Remove use of SSL session compression
2022-07-28 10:28:23 +01:00
Manuel Pégourié-Gonnard
f6b8c3297a
Merge pull request #6065 from mpg/explore2
Driver-only hashes: RSA 1.5 and PK + strategy doc
2022-07-28 10:43:38 +02:00
Tuvshinzaya Erdenekhuu
fb389dde58 Enable invalid param test for ecp
Signed-off-by: Tuvshinzaya Erdenekhuu <tuvshinzaya.erdenekhuu@arm.com>
2022-07-27 15:23:02 +01:00
Tuvshinzaya Erdenekhuu
8df9603e73 Enable invalid param test for ecjpake
Signed-off-by: Tuvshinzaya Erdenekhuu <tuvshinzaya.erdenekhuu@arm.com>
2022-07-27 15:20:22 +01:00
Tuvshinzaya Erdenekhuu
2392419c9d Enable invalid param test in ecdh.c
Signed-off-by: Tuvshinzaya Erdenekhuu <tuvshinzaya.erdenekhuu@arm.com>
2022-07-27 15:19:46 +01:00
Thomas Daubney
20f89a9605 Remove uses of SSL compression
Remove or modify current uses of session compression.

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
2022-07-26 16:13:03 +01:00
Jerry Yu
6ac7c0349a TLS 1.3: Add session test checks
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-07-22 23:09:40 +08:00
Jerry Yu
bc7c1a4260 fix typo/format/name issues
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-07-22 23:09:40 +08:00
Jerry Yu
f092629997 Add save load test for tls13
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-07-22 23:08:43 +08:00
Jerry Yu
a180f99a55 Add load-save tests for tls13
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-07-22 23:08:43 +08:00
Jerry Yu
1ac476cc1e Add save buf size test for tls13
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-07-22 23:08:43 +08:00
Jerry Yu
6e8fec2908 add session serialization load buf
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-07-22 23:08:43 +08:00
Jerry Yu
534ff400d4 Add serialize_version_check for tls13
Add population session also

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-07-22 23:08:43 +08:00
Manuel Pégourié-Gonnard
0aabb6d8b9 Fix dependency in test_suite_pk
When USE_PSA is disabled and ECDSA_DETERMINISTIC is enabled, generating
ECDSA signatures via PK requires use of the hash via the MD layer (in
HMAC-DRBG, used by deterministic ECDSA).

When USE_PSA is enabled, ECDSA signatures via PK go through PSA which
always uses non-deterministic ECDSA, so does not rely on HMAC-DRBG/MD.

The condition used here is slightly too strong, but expressing exactly
the optimal condition seems more effort than it's worth for just 3 test
cases.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-07-22 10:55:06 +02:00
Dave Rodgman
87276a326f
Merge pull request #5952 from tuvshinzayaArm/add-missing-break
Add missing break
2022-07-21 15:25:40 +01:00
Manuel Pégourié-Gonnard
db2c80402a Fix dependencies in test_suite_pk
Using VIA_MD_OR_PSA_BASED_ON_USE_PSA was justified by the fact that
until a few commits ago, the test functions here computed hashes using
either MD or PSA, depending on whether USE_PSA was defined (which itself
was justified by the loose reasoning that "PK is USE_PSA territory").

A few commits ago, test code stopped computing hashes because the hash
values became part of the test data. PK itself does not compute hashes.
As a result, VIA_MD_OR_PSA_BASED_ON_USE_PSA is no longer justified.

There are now two kinds of tests:
- those that only rely on hash data (ECDSA, RSA PKCS#1 v1.5) should
depend on VIA_LOWLEVEL_OR_PSA as that is the minimal dependency, hence
the one used for data
- those that were the layer below PK will internally compute a hash (RSA
PKCS#1 v2.1): currently this hash is always computed using MD (on which
MBEDTLS_PKCS1_V21 depends), so legacy dependencies like MBEDTLS_SHA256_C
should be used for now. The previous dependency was morally wrong, it
didn't show in the driver-only tests only because PKCS#1 v2.1 is
disabled in this test for now.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-07-21 13:34:46 +02:00
Manuel Pégourié-Gonnard
73692b7537 Rework macros expressing dependencies
Fix usage with sed:

s/MBEDTLS_OR_PSA_WANT_\([A-Z_0-9]*\)/MBEDTLS_HAS_\1_VIA_LOWLEVEL_OR_PSA/
s/MBEDTLS_USE_PSA_WANT_\([A-Z_0-9]*\)/MBEDTLS_HAS_\1_VIA_MD_OR_PSA_BASED_ON_USE_PSA/

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-07-21 12:11:53 +02:00
Dave Rodgman
7085aa42ee
Merge pull request #5896 from wernerlewis/aes_shallow_copy
Refactor AES context to be shallow-copyable
2022-07-20 15:16:37 +01:00
Neil Armstrong
0270b9f5a4 Rm useless use of MD in PKCS#1v2.1 test functions
We had a message in the data file, and were computing its hash in the
test function. It is more efficient (and simpler when it comes to
dependencies) to directly have the message hash in the data file.

It was probably this way because some test vectors provide the message
for the sake of all-in-one implementation that hash-and-sign at once.
But our API gets a hash as the input and signs it. In unit tests, this
should be reflected in the signature of the test function, which should
take a hash as input.

The changes to the .data file were done using the following python
script:

import hashlib

suite = 'pkcs1_v21'

functions = {
        'pkcs1_rsassa_pss_sign': (6, 8),
        'pkcs1_rsassa_pss_verify': (4, 6),
        'pkcs1_rsassa_pss_verify_ext': (4, 8),
}

def hash_ctx(s):
    if s == 'MBEDTLS_MD_MD5':
        return hashlib.md5()
    if s == 'MBEDTLS_MD_SHA1':
        return hashlib.sha1()
    if s == 'MBEDTLS_MD_SHA224':
        return hashlib.sha224()
    if s == 'MBEDTLS_MD_SHA256':
        return hashlib.sha256()
    if s == 'MBEDTLS_MD_SHA384':
        return hashlib.sha384()
    if s == 'MBEDTLS_MD_SHA512':
        return hashlib.sha512()

def fix(l):
    parts = l.rstrip().split(":")

    fun = parts[0]
    if fun not in functions:
        return l

    (digest_idx, msg_idx) = functions[fun]

    alg_str = parts[digest_idx]
    if alg_str == "MBEDTLS_MD_NONE":
        return l
    h = hash_ctx(alg_str)

    msg_str = parts[msg_idx]
    msg_hex = msg_str[1:-1]
    msg = bytes.fromhex(msg_hex)
    h.update(msg)
    msg_hash = h.hexdigest()
    msg_hash_str = '"' + msg_hash + '"'

    parts[msg_idx] = msg_hash_str
    return ":".join(parts) + '\n'

filename = 'tests/suites/test_suite_' + suite + '.data'
with open(filename) as f:
    lines = f.readlines()

lines = [fix(l) for l in lines]

with open(filename, 'w') as f:
    f.writelines(lines)

Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-07-20 09:34:20 +02:00
Jerry Yu
a357cf4d4c Rename new_session_ticket state
Both client and server side use
`MBEDTLS_SSL_NEW_SESSION_TICKET` now

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-07-20 11:07:29 +08:00
Neil Armstrong
5ea65173fb Rm useless use of MD in ECDSA test functions
We had a message in the data file, and were computing its hash in the
test function. It is more efficient (and simpler when it comes to
dependencies) to directly have the message hash in the data file.

It was probably this way because some test vectors provide the message
for the sake of all-in-one implementation that hash-and-sign at once.
But our API gets a hash as the input and signs it. In unit tests, this
should be reflected in the signature of the test function, which should
take a hash as input.

The changes to the .data file were done using the following python
script:

import hashlib

suite = 'ecdsa'

functions = {
        'ecdsa_det_test_vectors': (3, 4),
        'ecdsa_write_restart': (3, 4),
}

def hash_ctx(s):
    if s == 'MBEDTLS_MD_MD5':
        return hashlib.md5()
    if s == 'MBEDTLS_MD_SHA1':
        return hashlib.sha1()
    if s == 'MBEDTLS_MD_SHA224':
        return hashlib.sha224()
    if s == 'MBEDTLS_MD_SHA256':
        return hashlib.sha256()
    if s == 'MBEDTLS_MD_SHA384':
        return hashlib.sha384()
    if s == 'MBEDTLS_MD_SHA512':
        return hashlib.sha512()

def fix(l):
    parts = l.rstrip().split(":")

    fun = parts[0]
    if fun not in functions:
        return l

    (alg_idx, msg_idx) = functions[fun]

    alg_str = parts[alg_idx]
    if alg_str == "MBEDTLS_MD_NONE":
        return l
    h = hash_ctx(alg_str)

    msg_str = parts[msg_idx][1:-1]
    h.update(msg_str.encode('ascii'))
    msg_hash = h.hexdigest()
    msg_hash_str = '"' + msg_hash.upper() + '"'

    parts[msg_idx] = msg_hash_str
    return ":".join(parts) + '\n'

filename = 'tests/suites/test_suite_' + suite + '.data'
with open(filename) as f:
    lines = f.readlines()

lines = [fix(l) for l in lines]

with open(filename, 'w') as f:
    f.writelines(lines)

Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-07-19 21:03:29 +02:00
Manuel Pégourié-Gonnard
abac037a7b Migrate from old inline to new actual function.
This is mostly:

    sed -i 's/mbedtls_psa_translate_md/mbedtls_hash_info_psa_from_md/' \
    library/*.c tests/suites/*.function

This should be good for code size as the old inline function was used
from 10 translation units inside the library, so we have 10 copies at
least.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-07-18 21:28:38 +02:00
Manuel Pégourié-Gonnard
4772884133 New internal module for managing hash information
Using static inline functions is bad for code size; the function from
md_internal.h was already used from 3 different C files, so already was
copied at least 3 times in the library, and this would only get worse
over time.

Use actual functions, and also share the actual data between them.

Provide a consistent set of operations. Conversion to/from
human-readable string was omitted for now but could be added later if
needed.

In the future, this can be used to replace other similar (inline)
functions that are currently scattered, including (but perhaps not
limited to):
- mbedtls_psa_translate_md() from psa_util.h
- mbedtls_md_info_from_psa() (indirectly) from psa_crypto_hash.h
- get_md_alg_from_psa() from psa_crypto_rsa.c

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-07-18 21:28:38 +02:00
Manuel Pégourié-Gonnard
4608c48b0c Rm useless use of MD in PK test functions
Same rationale as previous "Rm useless use of MD" commits.

Here the first two test functions were already not depending on MD_C,
but the new version is much simpler, as it avoids having two versions of
the code depending on the value of USE_PSA.

Changes to the data file generated with the following Python script:

import hashlib

suite = 'pk'
functions = {
        'pk_rsa_verify_test_vec': (2, 1, True),
        'pk_rsa_verify_ext_test_vec': (2, 1, True),
        'pk_sign_verify_restart': (6, 7, False),
}

def hash_ctx(s):
    if s == 'MBEDTLS_MD_MD5':
        return hashlib.md5()
    if s == 'MBEDTLS_MD_SHA1':
        return hashlib.sha1()
    if s == 'MBEDTLS_MD_SHA224':
        return hashlib.sha224()
    if s == 'MBEDTLS_MD_SHA256':
        return hashlib.sha256()
    if s == 'MBEDTLS_MD_SHA384':
        return hashlib.sha384()
    if s == 'MBEDTLS_MD_SHA512':
        return hashlib.sha512()
    if s == 'MBEDTLS_MD_RIPEMD160':
        return hashlib.new("ripemd160")

def fix(l):
    parts = l.rstrip().split(":")

    fun = parts[0]
    if fun not in functions:
        return l

    (alg_idx, msg_idx, is_hex) = functions[fun]

    alg_str = parts[alg_idx]
    if alg_str == "MBEDTLS_MD_NONE" or alg_str == "255":
        return l
    h = hash_ctx(alg_str)

    msg_str = parts[msg_idx][1:-1]
    msg = bytes.fromhex(msg_str) if is_hex else bytes(msg_str, 'ascii')
    h.update(msg)
    msg_hash = h.hexdigest()
    msg_hash_str = '"' + msg_hash + '"'

    parts[msg_idx] = msg_hash_str
    return ":".join(parts) + '\n'

filename = 'tests/suites/test_suite_' + suite + '.data'
with open(filename) as f:
    lines = f.readlines()

lines = [fix(l) for l in lines]

with open(filename, 'w') as f:
    f.writelines(lines)

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-07-18 10:55:56 +02:00
Manuel Pégourié-Gonnard
5ef4e8d9b9 Don't depend on strong entropy for RSA tests
Tests are not here to demonstrate best practice, but to test a specific
part of the code. Using an RNG provided by the test framework also makes
the test code more focused on what we actually mean to test.

This brings the number of tests skipped in test_suite_rsa in
test_psa_crypto_config_accel_hash_use_psa down to 0 (from 50).

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-07-16 08:57:19 +02:00
Manuel Pégourié-Gonnard
1d1174a5c3 Rm spurious declared dependency in test_suite_rsa
Probably the result of copy-pasting: the test functions actually don't
use those modules at all.

This brings the number of tests skipped in test_suite_rsa in
test_psa_crypto_config_accel_hash_use_psa down to 50 (from 61).

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-07-16 08:41:34 +02:00
Manuel Pégourié-Gonnard
236c4e22f7 Adjust test dependencies after last commit
This brings the number of tests skipped in test_suite_rsa in
test_psa_crypto_config_accel_hash_use_psa down to 61 (from 117).

The changes to the test data file were generated with:

    sed -i -f or_psa_hash.sed tests/suites/test_suite_rsa.data

with or_psa_hash.sed containing:

    s/MBEDTLS_MD5_C/MBEDTLS_OR_PSA_WANT_ALG_MD5/g
    s/MBEDTLS_RIPEMD160_C/MBEDTLS_OR_PSA_WANT_ALG_RIPEMD160/g
    s/MBEDTLS_SHA1_C/MBEDTLS_OR_PSA_WANT_ALG_SHA_1/g
    s/MBEDTLS_SHA224_C/MBEDTLS_OR_PSA_WANT_ALG_SHA_224/g
    s/MBEDTLS_SHA256_C/MBEDTLS_OR_PSA_WANT_ALG_SHA_256/g
    s/MBEDTLS_SHA384_C/MBEDTLS_OR_PSA_WANT_ALG_SHA_384/g
    s/MBEDTLS_SHA512_C/MBEDTLS_OR_PSA_WANT_ALG_SHA_512/g

Here the MBEDTLS_OR_PSA_xxx macros are the right choice as we just need
data about the hashes to be available.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-07-16 08:38:35 +02:00
Manuel Pégourié-Gonnard
a4aa12f0a1 Rm useless use of MD in RSA test functions
Same rationale as two commits ago.

Changes to the data file generated with the following script:

import hashlib

suite = 'rsa'
functions = {
        'mbedtls_rsa_pkcs1_sign': (3, 1),
        'mbedtls_rsa_pkcs1_verify': (3, 1),
}

def hash_ctx(s):
    if s == 'MBEDTLS_MD_MD5':
        return hashlib.md5()
    if s == 'MBEDTLS_MD_SHA1':
        return hashlib.sha1()
    if s == 'MBEDTLS_MD_SHA224':
        return hashlib.sha224()
    if s == 'MBEDTLS_MD_SHA256':
        return hashlib.sha256()
    if s == 'MBEDTLS_MD_SHA384':
        return hashlib.sha384()
    if s == 'MBEDTLS_MD_SHA512':
        return hashlib.sha512()
    if s == 'MBEDTLS_MD_RIPEMD160':
        return hashlib.new("ripemd160")

def fix(l):
    parts = l.rstrip().split(":")

    fun = parts[0]
    if fun not in functions:
        return l

    (alg_idx, msg_idx) = functions[fun]

    alg_str = parts[alg_idx]
    if alg_str == "MBEDTLS_MD_NONE" or alg_str == "255":
        return l
    h = hash_ctx(alg_str)

    msg_str = parts[msg_idx]
    msg_hex = msg_str[1:-1]
    msg = bytes.fromhex(msg_hex)
    h.update(msg)
    msg_hash = h.hexdigest()
    msg_hash_str = '"' + msg_hash + '"'

    parts[msg_idx] = msg_hash_str
    return ":".join(parts) + '\n'

filename = 'tests/suites/test_suite_' + suite + '.data'
with open(filename) as f:
    lines = f.readlines()

lines = [fix(l) for l in lines]

with open(filename, 'w') as f:
    f.writelines(lines)

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-07-16 08:20:26 +02:00
Manuel Pégourié-Gonnard
5ce9959185 Adjust test dependencies after last commit
This brings the number of tests skipped in test_suite_pkcs1_v15 in
test_psa_crypto_config_accel_hash_use_psa to 0.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-07-16 08:07:51 +02:00
Manuel Pégourié-Gonnard
a9e1d9953e Rm useless use of MD in PKCS#1v1.5 test functions
We had a message in the data file, and were computing its hash in the
test function. It is more efficient (and simpler when it comes to
dependencies) to directly have the message hash in the data file.

It was probably this way because some test vectors provide the message
for the sake of all-in-one implementation that hash-and-sign at once.
But our API gets a hash as the input and signs it. In unit tests, this
should be reflected in the signature of the test function, which should
take a hash as input.

The changes to the .data file were done using the following python
script:

import hashlib

suite = 'pkcs1_v15'

functions = {
        'pkcs1_rsassa_v15_sign': (10, 12),
        'pkcs1_rsassa_v15_verify': (6, 8),
}

def hash_ctx(s):
    if s == 'MBEDTLS_MD_MD5':
        return hashlib.md5()
    if s == 'MBEDTLS_MD_SHA1':
        return hashlib.sha1()
    if s == 'MBEDTLS_MD_SHA224':
        return hashlib.sha224()
    if s == 'MBEDTLS_MD_SHA256':
        return hashlib.sha256()
    if s == 'MBEDTLS_MD_SHA384':
        return hashlib.sha384()
    if s == 'MBEDTLS_MD_SHA512':
        return hashlib.sha512()

def fix(l):
    parts = l.rstrip().split(":")

    fun = parts[0]
    if fun not in functions:
        return l

    (alg_idx, msg_idx) = functions[fun]

    alg_str = parts[alg_idx]
    if alg_str == "MBEDTLS_MD_NONE":
        return l
    h = hash_ctx(alg_str)

    msg_str = parts[msg_idx]
    msg_hex = msg_str[1:-1]
    msg = bytes.fromhex(msg_hex)
    h.update(msg)
    msg_hash = h.hexdigest()
    msg_hash_str = '"' + msg_hash + '"'

    parts[msg_idx] = msg_hash_str
    return ":".join(parts) + '\n'

filename = 'tests/suites/test_suite_' + suite + '.data'
with open(filename) as f:
    lines = f.readlines()

lines = [fix(l) for l in lines]

with open(filename, 'w') as f:
    f.writelines(lines)

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-07-16 08:07:02 +02:00
Manuel Pégourié-Gonnard
4c1087f474 Use MBEDTLS_OR_PSA_WANT_xxx in test_suite_rsa
The encrypt/decrypt cases don't depend on actually computing a hash,
just on information about it being available, and this information is
guarded by MBEDTLS_OR_PSA_WANT_xxx.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-07-15 12:08:14 +02:00
Manuel Pégourié-Gonnard
3637c516a4 Refine dependencies in test_suite_pkcs1_v15
Having the whole .function file depend on SHA-1 was wrong: dependencies
in .function files are for compile-time dependencies all functions in
this file build just fine without SHA-1. It's just some tests cases that
do need SHA-1 at runtime, use dependencies on those specific tests in
the .data file then.

This reduces the number of cases skipped in this test suite in
test_psa_crypto_config_accel_hash_use_psa from 28 (all of them) down to
12 (those that actually use SHA-1 as opposed to no hash).

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-07-13 12:41:36 +02:00
Paul Elliott
81c69b547a Revert "Revert "Revert "Add generated files for 3.2.0 release"""
This reverts commit 185d24ba0e.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2022-07-12 11:29:34 +01:00
Paul Elliott
cd08ba0326 Bump version to 3.2.1
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2022-07-12 10:51:55 +01:00
Dave Rodgman
185d24ba0e Revert "Revert "Add generated files for 3.2.0 release""
This reverts commit 7adb8cbc0e.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2022-07-12 10:51:44 +01:00
Manuel Pégourié-Gonnard
bbd0dc6cbd Fix hash-specific dependencies of test_suite_pk
Applied:

    sed -i -f use_psa_hash.sed tests/suites/test_suite_pk.*

with use_psa_hash.sed as follows:

    s/MBEDTLS_MD5_C/MBEDTLS_USE_PSA_WANT_ALG_MD5/g
    s/MBEDTLS_RIPEMD160_C/MBEDTLS_USE_PSA_WANT_ALG_RIPEMD160/g
    s/MBEDTLS_SHA1_C/MBEDTLS_USE_PSA_WANT_ALG_SHA_1/g
    s/MBEDTLS_SHA224_C/MBEDTLS_USE_PSA_WANT_ALG_SHA_224/g
    s/MBEDTLS_SHA256_C/MBEDTLS_USE_PSA_WANT_ALG_SHA_256/g
    s/MBEDTLS_SHA384_C/MBEDTLS_USE_PSA_WANT_ALG_SHA_384/g
    s/MBEDTLS_SHA512_C/MBEDTLS_USE_PSA_WANT_ALG_SHA_512/g

With this commit, test_suite_pk achieves parity between:

- crypto_full minus PKCS#1v2.1
- same minus MD (from all.sh's test_crypto_full_no_md)

and between:

- default config plus use_psa minus PKCS#1v2.1
- same with accelerators (test_psa_crypto_config_accel_hash_use_psa)

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-07-12 11:11:20 +02:00
Manuel Pégourié-Gonnard
abcfa90276 PK test functions don't depend on software SHA-256
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-07-12 11:11:20 +02:00
Manuel Pégourié-Gonnard
2d08ea49c8 Some PK test functions no longer depend on MD
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-07-12 11:11:20 +02:00
Manuel Pégourié-Gonnard
043c8c5de8 Add USE_PSA version of PK test functions
While at it, also fix buffer size for functions that already depend on
USE_PSA: it should be PSA_HASH_MAX_SIZE for functions that always use
PSA, and the new macro MBEDTLS_USE_PSA_MD_MAX_SIZE for functions that
use it or not depending on USE_PSA.

The only case where MBEDTLS_MD_MAX_SIZE is OK is when the function
always uses MD - currently this is the case with
pk_sign_verify_restart() as it is incompatible with USE_PSA anyway.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-07-12 11:11:20 +02:00
Manuel Pégourié-Gonnard
e496c6273e Sort out MD dependencies in RSA tests
When MD is only used to compute a size, use md_internal.h instead.

When it's actually used to compute a hash, mark the test function as
depending on it. This is probably suboptimal in the long run, and we
might want to either adapt the code so that it can use PSA Crypto
instead, or just pre-compute the hash in the test data.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-07-12 11:11:19 +02:00
Manuel Pégourié-Gonnard
6a0a160f99 Avoid a dependency on MD in test_suite_pk
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-07-12 11:11:18 +02:00
Paul Elliott
7adb8cbc0e Revert "Add generated files for 3.2.0 release"
This reverts commit cb21f2eab3.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2022-07-11 18:18:30 +01:00
Paul Elliott
cb21f2eab3 Add generated files for 3.2.0 release
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2022-07-11 13:56:01 +01:00
Paul Elliott
20362cd1ca Bump library and so versions for 3.2.0 release
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2022-07-11 13:56:01 +01:00
Paul Elliott
9a8d78419f Fixup test tls13_server_certificate_msg_invalid_vector_len
The parameters for init_handshake_options had changed on the development
branch after this test was created, so fixing up this test in order to
correct build failures after merge.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2022-07-11 11:34:14 +01:00
Ronald Cron
ce7d76e2ee Merge remote-tracking branch 'mbedtls-restricted/development-restricted' into mbedtls-3.2.0rc0-pr 2022-07-11 10:22:37 +02:00
Andrzej Kurek
ddb8cd601d test_suite_ssl: Fix handshake options cleanup
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-07-04 16:07:28 -04:00
Andrzej Kurek
9dc4402afa test_suite_ssl: zeroize the cache pointer in case if the struct memory gets reused
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-07-04 10:40:15 -04:00
Andrzej Kurek
1e085686ec test_suite_ssl: remove unnecessary user data checks
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-07-04 10:40:09 -04:00
Andrzej Kurek
3d0d501517 test_suite_ssl: prefer ASSERT_ALLOC over malloc
Fix formatting for option initialization
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-07-04 10:39:34 -04:00
Andrzej Kurek
92d7417d89 Formatting fixes
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-07-04 10:21:59 -04:00
Andrzej Kurek
e11acb2c9b test_suite_ssl: add proper cache cleanup
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-07-04 10:21:59 -04:00
Andrzej Kurek
e8ad0d7d42 Disable bad session id length test in TLS 1.3
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-07-04 10:21:59 -04:00
Andrzej Kurek
456a109edb test_suite_ssl: add required dependencies for default handshake parameters
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-07-04 10:21:59 -04:00
Andrzej Kurek
6e518ab086 test_suite_ssl: add missing options cleanup
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-07-04 10:21:59 -04:00
Andrzej Kurek
ed58b50ea6 test_suite_ssl: add missing MBEDTLS_SSL_SERVER_C dependency
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-07-04 10:21:59 -04:00
Andrzej Kurek
626a931bb9 test_suite_ssl: Add missing arguments in endpoint initialization
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-07-04 10:21:59 -04:00
Andrzej Kurek
514683abdc Add a test with a bad session_id_len that makes cache setting fail
Force a bad session_id_len before handshake wrapup. This should
result in a forced jump to a clean up of a serialized session.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-07-04 10:18:29 -04:00
Andrzej Kurek
780dc18f74 Refactor test_suite_ssl tests to enable cache setting
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-07-04 10:18:28 -04:00
Manuel Pégourié-Gonnard
4d7af2aee0
Merge pull request #5835 from superna9999/5831-tls-1-2-ciphersuite-selection
Permissions 2a: TLS 1.2 ciphersuite selection
2022-07-04 12:37:02 +02:00
Ronald Cron
0e39ece23f
Merge pull request #5916 from yuhaoth/pr/tls13-refactor-get-sig-alg-from-pk
Refactor signature algorithm chooser
2022-07-04 09:10:08 +02:00
Neil Armstrong
6931e439e4 Fix Handshake select ECDH-RSA- test dependencies
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-07-01 18:30:10 +02:00
Manuel Pégourié-Gonnard
790ab52ee0
Merge pull request #5962 from gilles-peskine-arm/storage-format-doc-202206
Documentation about storage format compatibility
2022-07-01 12:21:17 +02:00
Ronald Cron
cb67e1a890
Merge pull request #5917 from gilles-peskine-arm/asn1write-0-fix
Improve ASN.1 write tests
2022-06-30 15:42:16 +02:00
Neil Armstrong
b2c3b5be2d Fix depends on handshake_ciphersuite_select tests
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-06-30 10:49:04 +02:00
Neil Armstrong
db13497490 Reorganize & add more handshake_ciphersuite_select to test all MBEDTLS_KEY_EXCHANGE_XXX cases
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-06-30 09:06:28 +02:00
Paul Elliott
f6a56cf5ff
Merge pull request #939 from ronald-cron-arm/tls13-add-missing-overread-check
TLS 1.3: Add missing overread check
2022-06-29 17:01:14 +01:00
Werner Lewis
ec0193d019 Update test to cover move-decrypt sequence
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
2022-06-29 16:17:50 +01:00
Werner Lewis
dd76ef359d Refactor AES context to be shallow-copyable
Replace RK pointer in AES context with a buffer offset, to allow
shallow copying. Fixes #2147.

Signed-off-by: Werner Lewis <werner.lewis@arm.com>
2022-06-29 16:17:50 +01:00
Dave Rodgman
5b50f38f92
Merge pull request #934 from gilles-peskine-arm/mpi-0-mod-2
Fix null pointer dereference in mpi_mod_int(0, 2)
2022-06-29 15:02:59 +01:00
Jerry Yu
a0bb906c9f fix handshake_version test fail.
when both tls13 and tls12 are enabled, the
test will fail.

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-06-29 16:16:09 +08:00
Gilles Peskine
d86abf2392
Merge pull request #5861 from wernerlewis/csr_subject_comma
Fix output of commas and other special characters in X509 DN values
2022-06-28 21:00:49 +02:00
Neil Armstrong
2407279fa4 Add tests with specific hash for handshake_ciphersuite_select positive tests
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-06-28 18:12:17 +02:00
Neil Armstrong
8c52ed8d1e Add negative testing of ciphersuite selection using Opaque algs & usage
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-06-28 18:12:17 +02:00
Ronald Cron
585cd70d04 tests: ssl: Fix coverity deadcode issue
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-06-28 09:21:13 +02:00
Ronald Cron
b94854f8e3
Merge pull request #5973 from ronald-cron-arm/tls13-misc-tests
TLS 1.3: Enable and add tests
2022-06-28 09:15:17 +02:00
Gilles Peskine
5969a4b5e0 Don't call memcpy(NULL, 0) which has undefined behavior
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-06-27 23:59:53 +02:00
Dave Rodgman
f5b7082f6e
Merge pull request #5811 from polhenarejos/bug_x448
Fix order value for curve x448
2022-06-27 13:47:24 +01:00
Werner Lewis
9b0e940135 Fix case where final special char exceeds buffer
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
2022-06-27 12:01:22 +01:00
Werner Lewis
31ecb9600a Add tests for exceeded buffer size
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
2022-06-27 11:23:43 +01:00
Werner Lewis
b33dacdb50 Fix parsing of special chars in X509 DN values
Use escape mechanism defined in RFC 1779 when parsing commas and other
special characters in X509 DN values. Resolves failures when generating
a certificate with a CSR containing a comma in subject value.
Fixes #769.

Signed-off-by: Werner Lewis <werner.lewis@arm.com>
2022-06-27 11:19:50 +01:00
Ronald Cron
cf600bc07c Comment fixes
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-06-27 09:28:49 +02:00
Ronald Cron
e7b9b6b380 tls13: Add checks of overread check failures
In Certificate message parsing tests with
invalid vector lengths, add checks that the
parsing failed on the expected overread check.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-06-27 09:28:49 +02:00
Ronald Cron
e3dac4aaa1 tls13: Add Certificate msg parsing tests with invalid vector lengths
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-06-27 09:28:42 +02:00
Ronald Cron
21a1b2d374 Enable "Sending app data" SSL unit tests for TLS 1.3
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-06-24 12:06:46 +02:00