David Horstmann
21b8387929
Add ChangeLog for OID-to-string fixes
...
Signed-off-by: David Horstmann <david.horstmann@arm.com>
2023-02-15 13:07:49 +00:00
David Horstmann
895eb7c9b5
Add testcases for overlong encoding of OIDs
...
Signed-off-by: David Horstmann <david.horstmann@arm.com>
2023-02-15 12:09:41 +00:00
David Horstmann
9c1887c4c7
Disallow overlong encoding when parsing OIDs
...
OID subidentifiers are encoded as follow. For every byte:
* The top bit is 1 if there is another byte to come, 0 if this is the
last byte.
* The other 7 bits form 7 bits of the number. These groups of 7 are
concatenated together in big-endian order.
Overlong encodings are explicitly disallowed by the BER/DER/X690
specification. For example, the number 1 cannot be encoded as:
0x80 0x80 0x01
It must be encoded as:
0x01
Enforce this in Mbed TLS' OID DER-to-string parser.
Signed-off-by: David Horstmann <david.horstmann@arm.com>
2023-02-15 12:02:27 +00:00
David Horstmann
f01de145bd
Add tests for mbedtls_oid_get_numeric_string()
...
Signed-off-by: David Horstmann <david.horstmann@arm.com>
2023-02-15 11:45:51 +00:00
David Horstmann
c7f700c795
Fix incorrect printing of OIDs
...
The first 2 components of an OID are combined together into the same
subidentifier via the formula:
subidentifier = (component1 * 40) + component2
The current code extracts component1 and component2 using division and
modulo as one would expect. However, there is a subtlety in the
specification[1]:
>This packing of the first two object identifier components recognizes
>that only three values are allocated from the root node, and at most
>39 subsequent values from nodes reached by X = 0 and X = 1.
If the root node (component1) is 2, the subsequent node (component2)
may be greater than 38. For example, the following are real OIDs:
* 2.40.0.25, UPU standard S25
* 2.49.0.0.826.0, Met Office
* 2.999, Allocated example OID
This has 2 implications that the current parsing code does not take
account of:
1. The second component may be > 39, so (subidentifier % 40) is not
correct in all circumstances.
2. The first subidentifier (containing the first 2 components) may be
more than one byte long. Currently we assume it is just 1 byte.
Improve parsing code to deal with these cases correctly.
[1] Rec. ITU-T X.690 (02/2021), 8.19.4
Signed-off-by: David Horstmann <david.horstmann@arm.com>
2023-02-14 17:00:25 +00:00
Dave Rodgman
319a5675db
Merge pull request #7084 from daverodgman/sizemax-uintmax
...
Assume SIZE_MAX >= INT_MAX, UINT_MAX
2023-02-14 10:06:22 +00:00
Manuel Pégourié-Gonnard
6b9503a32d
Merge pull request #7064 from valeriosetti/issue6860
...
driver-only ECDSA: get testing parity in SSL
2023-02-14 09:31:07 +01:00
Ronald Cron
70341c17b7
Merge pull request #6773 from yanrayw/6675-change-early_secrets-to-local
...
TLS 1.3: Key Generation: Change tls13_early_secrets to local variable
2023-02-14 09:03:32 +01:00
Valerio Setti
1b08d421a7
test: fix: replace CAN_ECDSA_SOME with CAN_ECDSA_SIGN+CAN_ECDSA_VERIFY when both are needed
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-02-13 15:35:37 +01:00
Valerio Setti
16f02e0196
test: adjust include after PK_CAN_ECDSA_SOME was moved
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-02-13 15:35:37 +01:00
Valerio Setti
d928aeb9ac
test_suite_ssl: use new macros for ECDSA capabilities
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-02-13 15:35:37 +01:00
Valerio Setti
ed02bb1f95
test_suite_debug: replace ECDSA_C with new ECDSA macros
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-02-13 15:35:37 +01:00
Valerio Setti
5dc6867f7e
test: don't skip debug and ssl suites in test parity for driver only ECDSA
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-02-13 15:35:37 +01:00
Manuel Pégourié-Gonnard
d3d8c852a0
Merge pull request #6997 from valeriosetti/issue6858
...
driver-only ECDSA: get testing parity in X.509
2023-02-13 15:30:06 +01:00
Valerio Setti
178b5bdddf
pk: move MBEDTLS_PK_CAN_ECDSA_SOME macro to pk.h and fix tests
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-02-13 11:15:06 +01:00
Valerio Setti
a119cb64ef
test: remove redundant ECDSA_C dependencies from test_suite_x509parse.data
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-02-13 09:54:49 +01:00
Manuel Pégourié-Gonnard
daa65956c3
Merge pull request #7046 from mpg/cleanup-md-tests
...
Clean up MD tests
2023-02-13 09:51:28 +01:00
Janos Follath
1e4abae73e
Merge pull request #7048 from KloolK/record-size-limit/extend-test-framework
...
Extend test framework for Record Size Limit Extension
2023-02-13 08:17:12 +00:00
Gilles Peskine
a9d39c42e9
Merge pull request #7085 from sergio-nsk/patch-1
...
Fix unreachable code compiler warning in psa_crypto_driver_wrappers.c
2023-02-12 23:56:32 +01:00
Dave Rodgman
641288bc1e
Restore test guards
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-02-11 22:02:04 +00:00
Dave Rodgman
91e832168f
Restore more test guards
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-02-11 20:07:43 +00:00
Dave Rodgman
a476363042
Restore more test guards
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-02-11 18:36:23 +00:00
Dave Rodgman
d26d7445b8
Restore guards on a couple of tests
...
These tests check for failures, but can only fail where SIZE_MAX
exceeds some limit (UINT_MAX or UINT32_MAX) and do not fail
in this way otherwise - so guards are needed.
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-02-11 17:22:03 +00:00
Sergey
c36c14c7af
Update psa_crypto_driver_wrappers.c.jinja
...
Signed-off-by: Sergey <sergio_nsk@yahoo.de>
2023-02-10 14:14:00 -07:00
Dave Rodgman
ab1f3c153a
Merge pull request #7081 from tom-cosgrove-arm/dont-use-lstrlenW
2023-02-10 20:50:07 +00:00
Dave Rodgman
54647737f6
Add checks to selftest
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-02-10 16:16:17 +00:00
Dave Rodgman
4a5c9ee7f2
Remove redundant SIZE_MAX guards
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-02-10 16:03:44 +00:00
Dave Rodgman
37296a413a
Document SIZE_MAX requirement in README.md
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-02-10 15:39:22 +00:00
Valerio Setti
25fd51f4af
test: add missing include in test_suite_x509parse
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-02-10 15:21:40 +01:00
Gilles Peskine
928593f732
Merge pull request #7041 from gilles-peskine-arm/pk_ext-pss_options-public
...
Make the fields of mbedtls_pk_rsassa_pss_options public
2023-02-10 15:08:06 +01:00
Gilles Peskine
3196ceb2fb
Merge pull request #7052 from yanrayw/7008-compatsh-disable-VERIFY-for-PSK
...
compat.sh: remove VERIFY and duplicate test cases for PSK
2023-02-10 15:07:27 +01:00
Gilles Peskine
b009559c8f
Merge pull request #7049 from KloolK/typos
...
Fix typos
2023-02-10 15:07:07 +01:00
Gilles Peskine
b8531c4b0b
Merge pull request #6882 from AndrzejKurek/x509_san_parsing_testing-dev
...
X.509: Fix bug in SAN parsing and enhance negative testing
2023-02-10 15:05:32 +01:00
Dave Rodgman
a22749e749
Merge pull request #6816 from nick-child-ibm/pkcs7_coverage
...
Pkcs7 coverage
2023-02-10 12:55:29 +00:00
Tom Cosgrove
b96c309395
Don't use lstrlenW() on Windows
...
The lstrlenW() function isn't available to UWP apps, and isn't necessary, since
when given -1, WideCharToMultiByte() will process the terminating null character
itself (and the length returned by the function includes this character).
Resolves #2994
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2023-02-10 12:52:13 +00:00
Ronald Cron
834e65d47f
Merge pull request #6499 from xkqian/tls13_write_end_of_early_data
...
Tls13 write end of early data
2023-02-10 11:08:22 +01:00
Manuel Pégourié-Gonnard
cf1c16af6e
Merge pull request #6925 from gilles-peskine-arm/coding-style-doc
...
Switch to the new coding style: documentation
2023-02-10 10:05:27 +01:00
Dave Rodgman
78c6f40736
Fix code-style
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-02-09 09:21:14 +00:00
Manuel Pégourié-Gonnard
2189fda914
Use TEST_EQUAL in one more place in test_suite_md
...
The only remaining occurrences of TEST_ASSERT are now pointer comparison,
to NULL or to a reference md_info. That is, the output of the following
command is empty:
grep TEST_ASSERT tests/suites/test_suite_md.function |
egrep -v '= NULL|== md_info|md_info =='
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-02-09 09:18:22 +01:00
Manuel Pégourié-Gonnard
a9a1b21ca9
Use ASSERT_COMPARE in test_suite_md
...
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-02-09 09:15:50 +01:00
Dave Rodgman
4f70b3cdb4
Fix pylint warning
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-02-08 16:40:40 +00:00
Nick Child
14f255f332
pkcs7: Remove unnecessary dependencies
...
stdio, stdlib and string header files are not
used. Remove them.
Signed-off-by: Nick Child <nick.child@ibm.com>
2023-02-08 15:38:48 +00:00
Nick Child
c7c94df715
pkcs7/test: Format generate test script
...
Adhere to syntax and format recommendations
from check-python-files.py
Signed-off-by: Nick Child <nick.child@ibm.com>
2023-02-08 15:38:48 +00:00
Valerio Setti
00a6c6fcbe
test: fix for using proper sign/verify macros
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-02-08 13:52:31 +01:00
Valerio Setti
40df83509b
all.sh: fix comment for test_psa_crypto_config_accel_ecdsa_use_psa
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-02-08 13:52:31 +01:00
Valerio Setti
ce0caa3384
oid: fix comment in #endif
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-02-08 13:52:31 +01:00
Valerio Setti
fcc6933a53
test: fix disparities in x509parse and x509write suites
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-02-08 13:52:31 +01:00
Valerio Setti
b9dc2513c1
test: add SHA1 to the supported algs in accelerated ECDSA
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-02-08 13:52:31 +01:00
Valerio Setti
f972ce8d69
oid: replace ECDSA_C with new macros for ECDSA capabilities
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-02-08 13:52:31 +01:00
Valerio Setti
c8801b7ef1
test: x509: remove disparities in driver only testing for ECDSA
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-02-08 13:52:31 +01:00