Remove the keyLength parameter from the AES-256 tests.
Add MBEDTLS_CIPHER_PADDING_PKCS7 to the dependencies.
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
These tests do not specify a hash function. This is an optional parameter
with default value hmacWithSHA1, so these test cases are dependant on SHA-1
and not SHA-256
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
Previously the buffer size was increased in order to allow for large
test data, these new tests fit in the original sized buffer.
Test data generated with openssl using the following command line:
openssl kdf -keylen $LEN -kdfopt digest:SHA256 -kdfopt iter:10000 -kdfopt
pass:"PasswordPasswordPassword" -kdfopt hexsalt:0102030405060708 PBKDF2
openssl enc -$ENC -iv 2F904F75B47B48A618068D79BD9A826C -K $KEY -in $IN
-e -out $OUT
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
In the full configuration MBEDTLS_TEST_HOOKS is
enabled thus the configurations in
test_full_cmake_gcc_asan_new_bignum and
test_full_cmake_gcc_asan_new_bignum_test_hooks
are the same. Keep the component that runs more
tests.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
These are build-only components so this was never supported for sure.
Let's stick to what's really tested for now, and expand later (with
proper testing!) if there's demand for more flexibility.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
These were temporaries to avoid unwanted use of low-level modules. Now
that we have test components with those modules fully disabled (replaced
with drivers), we no longer need these tests - which were out of date
too.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
Restore guards from the previous release, instead of the new, more
permissive guards.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
I chose to divide along the lines of Weierstrass vs other curve shapes
(currently just Montgomery), mainly because it's the first thing that
came to mind.
It happened to reveal an issue in the logic for when (deterministic)
ECDSA and ECJPAKE are built-in, which this commit is also fixing.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
Separate the fits-in-buffer check (*data_length <= data_size) from the
we-think-it's-a-sensible-size check (*data_length <=
MBEDTLS_X509_MAX_DN_NAME_SIZE).
This requires using an intermediate buffer for the DER data, since its
maximum sensible size has to be larger than the maximum sensible size for
the payload, due to the overhead of the ASN.1 tag+length.
Remove test cases focusing on the DER length since the implementation no
longer has a threshold for it.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Fix the expected output in some test cases.
Add a few more test cases to exercise both a payload length around 256 bytes
and a DER length around 256 bytes, since both are placed in a 256-byte
buffer (value of MBEDTLS_X509_MAX_DN_NAME_SIZE).
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Due to differing validations amongst X.509 library functions, there are
inputs that mbedtls_x509_string_to_names() accepts, but it produces output
that some library functions can't parse. Accept this for now. Do call the
functions, even when we don't care about their return code: we're ok with
returning errors, but not with e.g. a buffer overflow.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>