The class BaseTarget served two purposes:
- track test cases and target files for generation
- provide an abstract base class for individual test groups
Splitting these allows decoupling these two and to have further common
superclasses across targets.
No intended change in generated test cases.
Signed-off-by: Janos Follath <janos.follath@arm.com>
Add a test case that would fail if all line comments were parsed before
block comments, and a test case that would fail if all block comments were
parsed before line comments.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
The value of the first sent signature algorithm is overwritten.
This test forces only a single algorithm to be sent and then
validates that the client received such algorithm.
04 03 is the expected value for SECP256R1_SHA256.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
Now when operation holds pointer to dynamically allocated buffer for password key we can't do copy of the operation object in test instead we need to re-initialize operation object after error.
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
Looking for the .data file doesn't work in out-of-tree builds. Use the
.datax file instead. `make clean` removes all .datax files, so this resolves
the issue of executables not present on the current branch being left behind
after a branch change followed by a `make clean`.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
When x is the most negative value of a two's complement type,
`(unsigned_type)(-x)` has undefined behavior, whereas `-(unsigned_type)x`
has well-defined behavior and does what was intended.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Although negative zero is officially unsupported, we've had bugs related to
it in the past. So do test functions with a negative zero input.
There will likely be cases where we don't want to accept negative zero as if
it was valid, because it's too hard to handle. We'll add exceptions on a
case by case basis.
For the functions that are currently tested by the generated tests, the new
test cases pass.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
The bignum module does not officially support "negative zero" (an
mbedtls_mpi object with s=-1 and all limbs zero). However, we have a
history of bugs where a function that should produce an official
zero (with s=1), produces a negative zero in some circumstances. So it's
good to check that the bignum functions are robust when passed a negative
zero as input. And for that, we need a way to construct a negative zero
from test case arguments.
There are checks that functions don't produce negative zeros as output in
the test suite. Skip those checks if there's a negative zero input: we
don't want functions to _create_ negative zeros, but we don't mind if
they _propagate_ negative zeros.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
This is to ensure that the MbedTLS based implementation of EC-JPAKE
is compatible with the PSA crypto one
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
The already existing "x509_csr_check()" function is extended in order
to support/test also CSR's extensions. The test is performed by
adding an extended key usage.
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
Add fields to mbedtls_ssl_context
Add write early data indication function
Add check whether write early data indication
Add early data option to ssl_client2
Add test cases for early data
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
Fix error in memory allocation in test code, which was triggering an
error in test_memory_buffer_allocator.
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
A core MPI must have at least 1 limb. We can no longer test with 0 limbs,
and we don't need to anyway, so don't try.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
This way static analyzers have a chance of knowing we don't expect the
bignum functions to support empty inputs. As things are, Coverity keeps
complaining about it.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Instead of corrupting the public key part of the message,
corrupt the proof part. A proof is conceptually similar to a signature,
and changing anything in it should make it invalid with
a high probability.
Also, instead of shifting data, perform a bitflip.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
The PSA_CRYPTO_C is excluded from typo check for the following
false negative report:
```
> include/mbedtls/check_config.h:329: 'PSA_CRYPTO_C' looks like a typo. It
was not found in any macros or any enums. If this is not a typo, put //no-
check-names after it.
|
329 | * Note: ECJPAKE_C depends on MD_C || PSA_CRYPTO_C. */
| ^^^^^^^^^^^^
```
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
This macro is expected to be defined out of the library, and there
is no definition in the library. Thus it needs to be excluded from
typo check.
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
Typos of PSA macro and enum names are not checked by check_names.py.
This commit extend the check list to include PSA_XXX references.
The words should be macro/enum names defined as public_macros,
internal_macros, private_macros and enums. This commit alse extend
the scope of enums to include those are defined in library/*.c.
A new type of macros "private", which are defined in library/*.c was
also added.
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
Add component_test_psa_config_accel_ecdh to all.sh to test key agreement driver wrapper with libtestdriver1.
Signed-off-by: Aditya Deshpande <aditya.deshpande@arm.com>
Looking for executables causes problems with leftover compiled test
suites from other branches when we forget to run make clean before
switching branches. Using the .data files is more robust as most of them
are tracked, so will be removed when switching branches.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
For the benefit of auto-formatting tools, move from the '$placeholder'
templating syntax to a new syntax of the form:
__MBEDTLS_TEST_TEMPLATE__PLACEHOLDER
This change allows the test code template to be almost entirely valid C.
Signed-off-by: David Horstmann <david.horstmann@arm.com>
Windows tests are failing pkcs7 verification due to differnt line
endings. Therefore, add make instuctions for building the data
files with Windows EOF instead. As a result, regenerate other data
files so that verification works.
Add these CRLF EOF files to the exception in check_files to ignore
the line endings.
Signed-off-by: Nick Child <nick.child@ibm.com>
Legacy Bignum is excluded as it doesn't get regular extensions like new
ones.
Each slot uses comments of their respective filetype. Since .data files
don't have a syntax for comments, dummy test cases are used. (These test
cases will never be executed and no noise will be added to tests.)
Signed-off-by: Janos Follath <janos.follath@arm.com>
I ran into a sequence where the assertion `stats[8] > 0` failed for the
range 1..272 with 100 iterations.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Turn mpi_fill_random_internal() into mbedtls_mpi_core_fill_random(). It
had basically the right code except for how X is passed to the function.
Write unit tests.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
* component_test_tls13_with_padding: just explicitly sets some options that
are identical with full.
* component_test_tls13_with_ecp_restartable: redundant since TLS 1.3 doesn't
have any support for restartable ECC.
* component_test_tls13_with_everest: not useful since TLS 1.3 doesn't call
ECDH directly, it just relies on the PSA abstraction.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
component_build_psa_accel_alg_ecdsa is subsumed by
component_test_psa_crypto_config_accel_ecdsa, which has the same
configuration and additionally runs the unit tests.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
MBEDTLS_TEST_HOOKS is not supposed to change the behavior of the library, so
it's generally good to have it on in functional tests.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
This patch updates the tests `mpi_mod_raw_cond_swap()` &
`mpi_mod_raw_cond_assign()` to use a non-zero modulus
when invoking `mbedtls_mpi_mod_modulus_setup()`
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
This patch addresses more review comments, and fixes
a circular depedency in the `mbedtls_mpi_mod_modulus_setup()`.
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
This patch addresses review comments with regards to style of
`mbedtls_mpi_mod_modulus_setup/free()`.
It also removes a test check which was triggering a use-after-free.
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
This patch updates the `mpi_mod_setup()` test suite
to check for incosistencies in the montgomery constant
data's lifecycle.
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
Ensure MBEDTLS_SSL_DTLS_CONNECTION_ID and MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT
are unset when MBEDTLS_SSL_PROTO_DTLS is not set in tls13-only tests.
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
Also remove compat tests from reference component as results from this run are not included in outcome file.
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
Ensure MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT is unset where
MBEDTLS_SSL_DTLS_CONNECTION_ID is unset.
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
Use a dictionary to specify optional parameters for each task.
If the task is not specified then all tasks are executed.
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
curves.pl, depends-hashes.pl, key-exchanges.pl and depends-pkalgs.pl are now superseded by depends.py.
Update all references to them accordingly.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
It's not needed as a feature. It gets reenabled automatically in
build_info.h like pk_write and pk_parse, but that's an implementation
detail.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
In the PSK exchange modes extension declare first
PSK ephemeral if we support both PSK ephemeral
and PSK. This is aligned with our implementation
giving precedence to PSK ephemeral over pure PSK
and improve compatibility with GnuTLS.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
This patch moves the following tests to test_suite_bignum_core:
* `mbedtls_mpi_core_get_mont_r2_unsafe_neg()`
* `mbedtls_mpi_core_get_mont_r2_unsafe()`
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
This patch adds the test for the method calculating the RR. The input/expected
data are generated manually using the following Python3 snippet:
~~~~~
import math
title="mpi_get_montgomery_constant_unsafe"
tt = title + " #{}"
in_data = [ "0f", ... ]
def limb_no(number, bil=64):
return int(math.ceil(int.bit_length(number)/(bil * 1.0)))
def calc_rr(number, bil=64 ):
return '{:x}'.format(pow(pow(2, limb_no(number, bil) * bil), 2, number))
def calc_rr_str(number, prefix=""):
rr64 = calc_rr(number)
rr32 = calc_rr(number, bil=32)
return '{}:"{:x}":"{}":"{}"'.format(prefix,number, rr32, rr64)
print("\n\n".join(["{}\n{}".format(tt.format(in_data.index(v)+1), calc_rr_str(int(v,base=16), title)) for v in in_data]))
~~~~~
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
Simplify TLS 1.3 dependencies taking into
account that
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
implies that MBEDTLS_SSL_PROTO_TLS1_3 is
defined.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
Remove requires_key_exchange_with_cert_in_tls12_enabled
and use `requires_any_configs_enabled` directly instead.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
Introduce and use
MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED to
guard TLS code (both 1.2 and 1.3) specific
to handshakes involving PSKs.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
Introduce and use
MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED to
guard TLS code (both TLS 1.2 and 1.3) specific
to handshakes involving certificates.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
Use MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED
instead of MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED to guard
code specific to one of the TLS 1.3 key exchange mode with
PSK.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
Use MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
instead of MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED to guard
code specific to the TLS 1.3 ephemeral key exchange mode.
Use it also for the dependencies of TLS 1.3 only tests
relying on ephemeral key exchange mode, but for
tests in tls13-kex-modes.sh where the change is done
later using all
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_.*ENABLED macros.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
Add TLS 1.3 specific configuration options
to enable/disable the support for TLS 1.3
key exchange modes.
These configurations are introduced to
move away from the aforementioned
enablement/disablement based on
MBEDTLS_KEY_EXCHANGE_xxx_ENABLED options
that relate to group of TLS 1.2
ciphersuites.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
Although our build scripts support that, it's annoying, because it makes
"test_suite_XXX" ambiguous between "all the data for
test_suite_XXX.function" and "just test_suite_XXX.data".
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
It just got renamed, and it's also not the most canonical example since it's
a somewhat deprecated interface. Make a different module the example.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Align the name of the bignum test suite with the source module (which was
renamed from mpi.c to bignum.c in the PolarSSL 1.x days). This also brings
it into line with the test suites for the low-level bignum interfaces.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Many bignum tests have multiple calculated result values, so return
these as a list, rather than formatting as a string.
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
Separate file is added for classes used to generate cases for tests
in bignum_core.function. Common elements of the BignumOperation class
are added to classes in a new common file, for use across files.
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
Test cases for mpi_core_add_if, mpi_core_mla, mpi_core_sub,
mpi_core_montmul are not copied into new files, these are generated in
subsequent commits.
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
ASSERT_ALLOC calculates the size itself, and the parameter indicates number of elements.
```
mbedtls_calloc( sizeof( *( pointer ) ), ( length ) );
```
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
When building SHA512 without SHA384,
there are some code paths that resulted
in unused variables or usage of undefined code.
This commit fixes that.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
The test coverage reduction introduced in
dc25cee lowered the coverage of hash tests
due to intertwining dependencies.
This commit introduces a new class for building
a domain using both the complementary
and exclusive classes.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
Disable exclusive jobs that run with a single
config disabled. A lot more bugs should be found by running jobs with only one config
of a family enabled.
This will also lessen the burden on the CI.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
Remove old and add new dependencies.
Introduce a way to handle non-trivial problems
stemming from exclusive group testing.
Exclude SHA256 and SHA512, as these are tested
in SHA224 and SHA384 jobs, respectively.
Change config.h to mbedtls_config.h).
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
Most of the tests (including those using endpoint_init functions) parse
certificates that require MBEDTLS_SHA256_C to be present.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
Add a domain for cipher base algorithms (block permutations and stream
ciphers), a domain for block cipher chaining modes and a domain for
block cipher padding modes.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
Start each job from the full config minus some memory management
settings and the job-specific settings.
The original content of config.h no longer influences the
configurations used for the jobs (but it still influences what jobs
may run, in that the set of jobs is partly built by parsing #define
and //#define lines in config.h).
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
Unify curves.pl, key-exchanges.pl, depends-pkalgs.pl and
depends-hashes.pl into a single, newly-written script.
For curves, key exchanges and hashes, in addition to testing
all-but-one settings in the group like the old scripts, also run the
tests with a single option in the group.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
Since https://github.com/Mbed-TLS/mbedtls/pull/6141 it can "fall back"
to PSA when MD is not available (but will use MD if available, to
preserve backwards compatibility).
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
This has been the case since
https://github.com/Mbed-TLS/mbedtls/pull/6065 which forgot to update the
documentation, and also is_builtin_calling_md(), so update those.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
Break down the DER-encoded ASN.1 test data into its structure in a
comment and explain it, to make it easier to understand where the data
came from and how it is corrupted.
Signed-off-by: David Horstmann <david.horstmann@arm.com>
The second argument is the number of elements of the type the first
argument is pointing to, so we shouldn't be using sizeof there.
This was resulting in overly large allocations.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
The test data was invalid because it had the extra 4-byte prefix for HSS.
Regenerate it (which produces completely new signatures since it is
randomized).
Rearrange the reproduction instructions for the second test case so that it
shows more clearly how to generate a second signature with the same private
key.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Remove SHA256 dependencies from tests, fix incorrect boolean logic in
check_config, and change depends_hashes.pl to disable LMS in one test
Signed-off-by: Raef Coles <raef.coles@arm.com>
We're not strictly required to abort, but at least to leave the context
is an invalid state. For "late" functions like input() and output(),
calling abort() is the easiest way to do that. Do it systematically for
input() and output() by using a wrapper. psa_pake_get_implicit_key() was
already doing it. For "early" function, we can just leave the operation
in its current state which is already invalid.
Restore previous tests about that. Not adding systematic tests, though,
just test the two functions that are the most important, and more likely
to return errors.
Since we now abort in more cases, we need to make sure we don't
invalidate the operation that's going to be re-used later in the test.
For that reason, use a copy of the operation for calls to input() and
output() that are expected to return errors.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
Also, the error code changed from INSUFFICIENT_MEMORY to INVALID_DATA.
Temporarily remove a test about aborting the operation on error.
Auto-abort will be re-introduced in the next commit in a more systematic
way.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
MBEDTLS_SSL_TICKET_C depends now on: MBEDTLS_GCM_C || MBEDTLS_CCM_C || MBEDTLS_CHACHAPOLY_C.
All features are disabled in this config.
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
Change function name to ssl_session_set_hostname()
Remove hostname_len
Change hostname to c_string
Update test cases to multi session tickets
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
PSA crypto currently needs MBEDTLS_PK_PARSE_C to parse RSA keys to do almost
anything with them (import, get attributes, export public from private, any
cryptographic operations). Force it on, for symmetry with what we're doing
for MBEDTLS_PK_WRITE_C. Fixes#6409.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Disable non-crypto features that can't be called through the PSA API, as
well as algorithms that have no PSA interface.
This serves as a non-regression test for #6408 and #6409.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
In verbose mode, the full output of each failing suite is printed out,
which for some suites runs in the 1000s of lines. If you didn't redirect
output to a file, this is a lot to scroll and can make it hard to
quickly identify which test suites failed.
So, let's print out that information at the end. This is useful
information for starting to figure out what went wrong.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
Test functions must now take a char* argument rather than data_t*. This does
not affect existing test data.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
This is done to have LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305 defined in libtestdriver1.
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
Introduce a unit test to test mbedtls_x509_get_name() and add a testcase
with a corrupt DER-encoded name that causes mbedtls_x509_get_name() to
have to cleanup things it is allocated. If it fails to do this, a memory
leak is detected under Asan builds.
Signed-off-by: David Horstmann <david.horstmann@arm.com>
The format used by the mbedtls_ecjpake_xxx() APIs and that defined by
the PSA Crypto PAKE extension are quite different; the former is
tailored to the needs of TLS while the later is quite generic and plain.
Previously we only addressed some part of this impedance mismatch: the
different number of I/O rounds, but failed to address the part where the
legacy API adds some extras (length bytes, ECParameters) that shouldn't
be present in the PSA Crypto version. See comments in the code.
Add some length testing as well; would have caught the issue.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
Use mbedtls_test_read_mpi_core() to read the test data. Among other
benefits, X and Y are now allocated to their exact size, so analyzers (Asan,
Valgrind, Coverity, ...) have a chance of complaining if the tested function
overflows the buffer.
Remove TEST_CF_PUBLIC calls which are no longer necessary.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
When testing a function that is supposed to be constant-flow, we declare the
inputs as constant-flow secrets with TEST_CF_SECRET. The result of such a
function is itself a constant-flow secret, so it can't be tested with
comparison operators.
In TEST_EQUAL, TEST_LE_U and TEST_LE_S, declare the values to be compared as
public. This way, test code doesn't need to explicitly declare results as
public if they're only used by one of these macros.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
This comment (which used to be attached to the implementation, and should
not have been moved to the header file) is incorrect: the library function
mbedtls_mpi_read_string preserves leading zeros as desired, but does not
create a zero-limb object for an empty string.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
