mbedtls

Author	SHA1	Message	Date
Andrzej Kurek	228b12ce54	Rework depends.py to run more tests with hashes The test coverage reduction introduced in dc25cee lowered the coverage of hash tests due to intertwining dependencies. This commit introduces a new class for building a domain using both the complementary and exclusive classes. Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-10-19 08:35:09 -04:00
Andrzej Kurek	fe46949686	depends.py: disable part of the test jobs Disable exclusive jobs that run with a single config disabled. A lot more bugs should be found by running jobs with only one config of a family enabled. This will also lessen the burden on the CI. Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-10-19 08:35:09 -04:00
Andrzej Kurek	fcbd2acbc2	Split depends.py all.sh job into seven Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-10-19 08:35:09 -04:00
Andrzej Kurek	202932f521	Use upper case for constants in depends.py Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-10-19 08:35:09 -04:00
Andrzej Kurek	3322c22087	Improve depends.py structrue Apply most improvements suggested by pylint. Use config.py instead of config.pl. Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-10-19 08:35:09 -04:00
Andrzej Kurek	0e8b2d74f0	Fix python formatting and indentation Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-10-19 08:35:08 -04:00
Andrzej Kurek	3cca0c8e68	Add an all.sh component running depends.pl Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-10-19 08:35:08 -04:00
Andrzej Kurek	e05b17fb85	Update depends.py Remove old and add new dependencies. Introduce a way to handle non-trivial problems stemming from exclusive group testing. Exclude SHA256 and SHA512, as these are tested in SHA224 and SHA384 jobs, respectively. Change config.h to mbedtls_config.h). Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-10-19 08:35:08 -04:00
Andrzej Kurek	e64bd43495	Add missing ECP and ECDH dependencies in ssl test suites Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-10-19 08:35:08 -04:00
Andrzej Kurek	8e44139ca0	Add missing CURVE25519 requirements to TLS 1.3 tests Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-10-19 08:35:08 -04:00
Andrzej Kurek	84f30f2eb0	Add missing SHA256 dependency Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-10-19 08:35:08 -04:00
Andrzej Kurek	e38b788b79	Add missing key exchange dependencies Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-10-19 08:35:08 -04:00
Andrzej Kurek	90e8204476	Add missing SHA256 and ECDSA_C dependencies in test_suite_ssl Most of the tests (including those using endpoint_init functions) parse certificates that require MBEDTLS_SHA256_C to be present. Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-10-19 08:35:08 -04:00
Andrzej Kurek	0abebebe6d	Refactor ssl test suite to use pointers more This way it's easier to track structures that are partially set up. Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-10-19 08:35:08 -04:00
Andrzej Kurek	f502bcb13e	Fix missing AES dependencies Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-10-19 08:35:08 -04:00
Gilles Peskine	34a1557df6	Add domains for symmetric ciphers Add a domain for cipher base algorithms (block permutations and stream ciphers), a domain for block cipher chaining modes and a domain for block cipher padding modes. Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-10-19 08:35:08 -04:00
Gilles Peskine	c3b4deeb6c	When exercising key exchanges, don't build the test suites Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-10-19 08:35:08 -04:00
Gilles Peskine	584c24ace4	Declare more reverse dependencies Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-10-19 08:35:08 -04:00
Gilles Peskine	b1284cf6bc	Don't test builds with only deprecated hashes Don't try to build with only SHA-1 or with only RIPEMD160 or with only MD{2,4,5}. Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-10-19 08:35:08 -04:00
Gilles Peskine	bf7537d0a9	Use the full config as the baseline for all jobs Start each job from the full config minus some memory management settings and the job-specific settings. The original content of config.h no longer influences the configurations used for the jobs (but it still influences what jobs may run, in that the set of jobs is partly built by parsing #define and //#define lines in config.h). Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-10-19 08:35:08 -04:00
Gilles Peskine	e85163bb5c	Simplify final passed/failed reporting Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-10-19 08:35:08 -04:00
Gilles Peskine	0fa7cbeeb9	Add basic support for colored output Show "pass" lines in green and "fail" lines in red. Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-10-19 08:35:08 -04:00
Gilles Peskine	54aa5c6957	Factor running config.pl into its own function Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-10-19 08:35:08 -04:00
Gilles Peskine	46c8256547	Flush log output after each line Otherwise the output can be out of order when redirected. Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-10-19 08:35:08 -04:00
Gilles Peskine	b39e3ecee6	New script to exercise compilation options Unify curves.pl, key-exchanges.pl, depends-pkalgs.pl and depends-hashes.pl into a single, newly-written script. For curves, key exchanges and hashes, in addition to testing all-but-one settings in the group like the old scripts, also run the tests with a single option in the group. Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-10-19 08:35:08 -04:00
Andrzej Kurek	e40b92178d	Fix missing padding dependencies Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-10-19 08:35:08 -04:00
Andrzej Kurek	252283f2aa	Fix missing cipher mode dependencies Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-10-19 08:35:08 -04:00
Przemek Stekiel	8258ea7b7d	test_suite_psa_crypto: adapt dependenies and guards so the test can run in the driver-only build Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-10-19 13:20:20 +02:00
Manuel Pégourié-Gonnard	0dc40773d6	Improve comments & messages Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2022-10-19 12:12:21 +02:00
Manuel Pégourié-Gonnard	deef905a1c	Update is_builtin_calling_md() for PKCS#1 v2.1 Since https://github.com/Mbed-TLS/mbedtls/pull/6141 it can "fall back" to PSA when MD is not available (but will use MD if available, to preserve backwards compatibility). Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2022-10-19 11:02:15 +02:00
Manuel Pégourié-Gonnard	98b91d40d6	RSA PKCS#1 v1.5 no longer depends on MD This has been the case since https://github.com/Mbed-TLS/mbedtls/pull/6065 which forgot to update the documentation, and also is_builtin_calling_md(), so update those. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2022-10-19 10:59:30 +02:00
Gabor Mezei	4dceede71b	Fix overly replacement in the documentation Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2022-10-18 16:44:17 +02:00
Przemek Stekiel	98b1af4e34	test_suite_debug: adapt dependenies so the test can run in the driver-only build Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-10-18 14:52:41 +02:00
Janos Follath	7cd1ebe0bb	Merge pull request #6296 from gilles-peskine-arm/test_data_generation-pr_6093_followup Minor fixes to test_data_generation.py	2022-10-18 13:38:28 +01:00
Manuel Pégourié-Gonnard	d92fb01419	Skip bits not needed in outcome-analysis.sh Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2022-10-18 12:10:45 +02:00
David Horstmann	3cd67584bc	Improve X509 DN test naming Signed-off-by: David Horstmann <david.horstmann@arm.com>	2022-10-17 17:59:10 +01:00
David Horstmann	d0e3d45e96	Add explanatory comments to raw DER test data Break down the DER-encoded ASN.1 test data into its structure in a comment and explain it, to make it easier to understand where the data came from and how it is corrupted. Signed-off-by: David Horstmann <david.horstmann@arm.com>	2022-10-17 17:55:04 +01:00
Gilles Peskine	47da7bfac8	Merge pull request #6434 from gilles-peskine-arm/lmots_import_export_test-memory_leak LMS: Fix memory leak if unit test fails	2022-10-17 17:57:59 +02:00
Gabor Mezei	0c74e084d5	Fix condition Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2022-10-17 16:09:58 +02:00
Gilles Peskine	503d09b52d	Fix memory leak if unit test fails Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2022-10-17 12:27:43 +02:00
Manuel Pégourié-Gonnard	6c6f04b651	Merge pull request #6419 from mpg/fix-assert-alloc-usage Fix usage of ASSERT_ALLOC()	2022-10-17 12:10:48 +02:00
Gilles Peskine	8874cd570e	Merge pull request #4826 from RcColes/development Add LMS implementation	2022-10-14 18:33:01 +02:00
Gabor Mezei	ffb4aa0ddc	Rename variables to have unambiguous names Use bytes instead of len in the variable names. Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2022-10-14 16:39:04 +02:00
Gabor Mezei	8bcd7cca94	Use count instead of bytes in ASSERT_ALLOC argument Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2022-10-14 16:18:10 +02:00
Manuel Pégourié-Gonnard	b3c30907d6	Merge pull request #6383 from mprse/aead_driver_test Enable testing of AEAD drivers with libtestdriver1	2022-10-14 11:11:01 +02:00
Manuel Pégourié-Gonnard	47b8de834d	Fix usage of ASSERT_ALLOC() The second argument is the number of elements of the type the first argument is pointing to, so we shouldn't be using sizeof there. This was resulting in overly large allocations. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2022-10-14 09:35:55 +02:00
Gilles Peskine	fa65237fd4	Fix which config header MBEDTLS_LMS_xxx is unset from Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2022-10-13 22:05:38 +02:00
Gilles Peskine	31c2dcb611	Fix file names in reproduction instructions in test data Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2022-10-13 20:48:15 +02:00
Gilles Peskine	2875aa7b01	Fix instructions and test data for pyhsslms interop tests The test data was invalid because it had the extra 4-byte prefix for HSS. Regenerate it (which produces completely new signatures since it is randomized). Rearrange the reproduction instructions for the second test case so that it shows more clearly how to generate a second signature with the same private key. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2022-10-13 20:45:05 +02:00
Raef Coles	8bccc999d9	Don't mention error type in LMS test comments Signed-off-by: Raef Coles <raef.coles@arm.com>	2022-10-13 17:57:31 +01:00
Raef Coles	6d7d94a821	Use correct export length in LMS export tests Signed-off-by: Raef Coles <raef.coles@arm.com>	2022-10-13 17:55:46 +01:00
Raef Coles	aa9d52bcdc	Rename LMS private key files to match library name Signed-off-by: Raef Coles <raef.coles@arm.com>	2022-10-13 17:53:40 +01:00
Raef Coles	f8bfe2783b	Remove bad character from LMS test case Signed-off-by: Raef Coles <raef.coles@arm.com>	2022-10-13 17:35:28 +01:00
Raef Coles	d543697092	Fix minor type in LMS test description Signed-off-by: Raef Coles <raef.coles@arm.com>	2022-10-13 17:06:42 +01:00
Raef Coles	a2514f622f	Update pyhsslms test instructions with script Due to tool name conflict hampering data reproduction Signed-off-by: Raef Coles <raef.coles@arm.com>	2022-10-13 17:04:21 +01:00
Raef Coles	ce18e528ff	Rename LMS private key files And remove now-unnecessary modification to check_files.py Signed-off-by: Raef Coles <raef.coles@arm.com>	2022-10-13 16:45:05 +01:00
Raef Coles	e4d96b804c	Update LMS and LMOTS test comments Signed-off-by: Raef Coles <raef.coles@arm.com>	2022-10-13 16:45:05 +01:00
Raef Coles	493724e3c2	Check correct output size in LMOTS export test Signed-off-by: Raef Coles <raef.coles@arm.com>	2022-10-13 15:43:07 +01:00
Raef Coles	ed0e4591dc	Add output length test for LMS export too-big test Signed-off-by: Raef Coles <raef.coles@arm.com>	2022-10-13 15:05:47 +01:00
Ronald Cron	49e4184812	Merge pull request #6299 from xkqian/tls13_add_servername_check Add server name check when proposing pre-share key	2022-10-13 16:00:59 +02:00
Raef Coles	33f7d66304	Add output check to export too-big buffer tests Signed-off-by: Raef Coles <raef.coles@arm.com>	2022-10-13 14:30:36 +01:00
Raef Coles	1d88ea870f	Remove unneeded NULL pointer checks in LMS tests Signed-off-by: Raef Coles <raef.coles@arm.com>	2022-10-13 14:30:35 +01:00
Raef Coles	d1c1f7f7be	Disable LMS in all.sh tests that lack _WANT_SHA256 Signed-off-by: Raef Coles <raef.coles@arm.com>	2022-10-13 14:30:31 +01:00
Raef Coles	a21671123a	Remove `sudo pip3` in LM(OT)S tests instructions Signed-off-by: Raef Coles <raef.coles@arm.com>	2022-10-13 14:30:27 +01:00
Raef Coles	1b43a7448d	Clean up LMS and LMOTS feature dependencies Remove SHA256 dependencies from tests, fix incorrect boolean logic in check_config, and change depends_hashes.pl to disable LMS in one test Signed-off-by: Raef Coles <raef.coles@arm.com>	2022-10-13 14:30:26 +01:00
Raef Coles	6b2c573b3d	And export buffer too large test to LMS and LMOTS Signed-off-by: Raef Coles <raef.coles@arm.com>	2022-10-13 14:30:24 +01:00
Raef Coles	534f66f3f0	Fix assert arguments in LMS and LMOTS export tests Signed-off-by: Raef Coles <raef.coles@arm.com>	2022-10-13 14:30:23 +01:00
Raef Coles	d1c2a80319	Remove duplicated assert from LMOTS tests Signed-off-by: Raef Coles <raef.coles@arm.com>	2022-10-13 14:30:21 +01:00
Raef Coles	20d2e06ca4	Add cleanup frees in LMS and LMOTS tests Signed-off-by: Raef Coles <raef.coles@arm.com>	2022-10-13 14:30:20 +01:00
Raef Coles	781f7bedb0	Properly mark LMOTS leak test as failed Signed-off-by: Raef Coles <raef.coles@arm.com>	2022-10-13 14:30:18 +01:00
Raef Coles	d137c86125	Don't skip LMS tests due to out of memory error Signed-off-by: Raef Coles <raef.coles@arm.com>	2022-10-13 14:30:17 +01:00
Raef Coles	76563399fd	Fix LMS and LMOTS test dependencies Mark them as depending on PSA_WANT_ALG_SHA256 so that test_depends_hashes_psa doesn't fail Signed-off-by: Raef Coles <raef.coles@arm.com>	2022-10-13 14:30:15 +01:00
Raef Coles	59eb0d0f2b	Fix LMOTS signature leak test dependencies As it requires MBEDTLS_LMS_PRIVATE Signed-off-by: Raef Coles <raef.coles@arm.com>	2022-10-13 14:30:12 +01:00
Raef Coles	d0c701237a	Replace TEST_ASSERT with TEST_EQUAL in LMS tests Signed-off-by: Raef Coles <raef.coles@arm.com>	2022-10-13 14:30:09 +01:00
Raef Coles	f9b8502865	Add LMS import/export negative tests Signed-off-by: Raef Coles <raef.coles@arm.com>	2022-10-13 14:30:06 +01:00
Raef Coles	4511055511	Exclude binary LMS keys from file checking Signed-off-by: Raef Coles <raef.coles@arm.com>	2022-10-13 14:30:05 +01:00
Raef Coles	9fc303a99a	Add extra LMOTS import negative tests And fix failures that are related to the new tests Signed-off-by: Raef Coles <raef.coles@arm.com>	2022-10-13 14:30:01 +01:00
Raef Coles	71f554b48f	Use real data for negative LMOTS tests To avoid errors caused by the null public keys and signatures Signed-off-by: Raef Coles <raef.coles@arm.com>	2022-10-13 14:30:00 +01:00
Raef Coles	66edf6a833	Use hsslms data for LMOTS import/export test Also, test that export fails when the buffer is too small. Signed-off-by: Raef Coles <raef.coles@arm.com>	2022-10-13 14:29:58 +01:00
Raef Coles	8b55ba623e	Source LMOTS data from hsslms So it can be reproduced Signed-off-by: Raef Coles <raef.coles@arm.com>	2022-10-13 14:29:57 +01:00
Raef Coles	a6b47c0aac	Add LMS hsslms interop tests Signed-off-by: Raef Coles <raef.coles@arm.com>	2022-10-13 14:29:55 +01:00
Raef Coles	d6adcb6146	Add negative LMS import/export tests Signed-off-by: Raef Coles <raef.coles@arm.com>	2022-10-13 14:29:53 +01:00
Raef Coles	810612e14e	Update LMS and LMOTS to use TEST_EQUAL Signed-off-by: Raef Coles <raef.coles@arm.com>	2022-10-13 14:29:51 +01:00
Raef Coles	90e13fc3c6	Add repro instructions for LMS test data Add more interop tests, and use real data for the negative tests Signed-off-by: Raef Coles <raef.coles@arm.com>	2022-10-13 14:29:49 +01:00
Raef Coles	0dc604ed2b	Change how LMS and LMOTS negative tests work Signed-off-by: Raef Coles <raef.coles@arm.com>	2022-10-13 14:29:48 +01:00
Raef Coles	7726678b23	Remove debugging code left in LMOTS tests Signed-off-by: Raef Coles <raef.coles@arm.com>	2022-10-13 14:29:46 +01:00
Raef Coles	370cc43630	Make LMS public key export part of public key api Signed-off-by: Raef Coles <raef.coles@arm.com>	2022-10-13 14:29:28 +01:00
Raef Coles	be3bdd8240	Rename LMS and LMOTS init/free functions To match convention Signed-off-by: Raef Coles <raef.coles@arm.com>	2022-10-13 14:29:18 +01:00
Raef Coles	5127e859d7	Update LMS and LMOTS dependency macros Signed-off-by: Raef Coles <raef.coles@arm.com>	2022-10-13 14:29:11 +01:00
Raef Coles	b4568c5423	Disable LMS in PSA crypto client test Signed-off-by: Raef Coles <raef.coles@arm.com>	2022-10-13 14:29:07 +01:00
Raef Coles	47bccb7e47	Disable LMS_PRIVATE in all.sh when LMS is disabled Signed-off-by: Raef Coles <raef.coles@arm.com>	2022-10-13 14:29:06 +01:00
Raef Coles	a7e03adef5	Disable LMS in all.sh when PSA isn't enabled Signed-off-by: Raef Coles <raef.coles@arm.com>	2022-10-13 14:29:04 +01:00
Raef Coles	98c504373c	Update LMS test description To correct copy-paste error Signed-off-by: Raef Coles <raef.coles@arm.com>	2022-10-13 14:29:02 +01:00
Raef Coles	40158e11fc	Add LMOTS test hook to header Signed-off-by: Raef Coles <raef.coles@arm.com>	2022-10-13 14:28:58 +01:00
Raef Coles	9c9027b1a4	Add extra LMS and LMOTS tests NULL-message and LMOTS signature leak tests Signed-off-by: Raef Coles <raef.coles@arm.com>	2022-10-13 14:28:50 +01:00
Raef Coles	f5919e2997	Update LMS/LMOTS tests Document tests and source of data, use test RNG, pass more parameters into each test Signed-off-by: Raef Coles <raef.coles@arm.com>	2022-10-13 14:28:43 +01:00
Raef Coles	e9479a0264	Update LMS API to support multiple parameter sets Parameterise macros to allow variation of sizes Signed-off-by: Raef Coles <raef.coles@arm.com>	2022-10-13 14:28:36 +01:00
Raef Coles	ab4f87413a	Add MBEDTLS_LMS_PRIVATE define To enable private key operations Signed-off-by: Raef Coles <raef.coles@arm.com>	2022-10-13 14:28:35 +01:00
Raef Coles	01c71a17b3	Update LMS and LMOTS api Fix function names and parameters. Move macros to be more private. Update implementation. Signed-off-by: Raef Coles <raef.coles@arm.com>	2022-10-13 14:28:25 +01:00
Raef Coles	c8f9604d7b	Use PSA hashing for LMS and LMOTS Signed-off-by: Raef Coles <raef.coles@arm.com>	2022-10-13 14:28:23 +01:00
Raef Coles	7dce69a27a	Make LMOTS a private api Signed-off-by: Raef Coles <raef.coles@arm.com>	2022-10-13 14:28:22 +01:00
Raef Coles	8ff6df538c	Add LMS implementation Also an LM-OTS implementation as one is required for LMS. Signed-off-by: Raef Coles <raef.coles@arm.com>	2022-10-13 14:28:15 +01:00
Manuel Pégourié-Gonnard	f155ab9a91	Abort on errors when we should We're not strictly required to abort, but at least to leave the context is an invalid state. For "late" functions like input() and output(), calling abort() is the easiest way to do that. Do it systematically for input() and output() by using a wrapper. psa_pake_get_implicit_key() was already doing it. For "early" function, we can just leave the operation in its current state which is already invalid. Restore previous tests about that. Not adding systematic tests, though, just test the two functions that are the most important, and more likely to return errors. Since we now abort in more cases, we need to make sure we don't invalidate the operation that's going to be re-used later in the test. For that reason, use a copy of the operation for calls to input() and output() that are expected to return errors. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2022-10-13 13:20:31 +02:00
Manuel Pégourié-Gonnard	b63a9ef09f	Fix buffer sizes in ecjpake_setup test function Also, the error code changed from INSUFFICIENT_MEMORY to INVALID_DATA. Temporarily remove a test about aborting the operation on error. Auto-abort will be re-introduced in the next commit in a more systematic way. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2022-10-13 13:17:20 +02:00
Gilles Peskine	0fe6631486	Merge pull request #6291 from gilles-peskine-arm/platform.h-unconditional-3.2 Include platform.h unconditionally	2022-10-13 10:19:22 +02:00
Przemek Stekiel	072fad12d9	Disable MBEDTLS_SSL_TICKET_C in aead driver test. MBEDTLS_SSL_TICKET_C depends now on: MBEDTLS_GCM_C \|\| MBEDTLS_CCM_C \|\| MBEDTLS_CHACHAPOLY_C. All features are disabled in this config. Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-10-13 09:59:52 +02:00
Manuel Pégourié-Gonnard	2aa5af9bec	Merge pull request #6403 from mpg/print-failed-suites Print the list of failed suites in verbose mode	2022-10-13 09:59:45 +02:00
Xiaokang Qian	ed0620cb13	Refine code base on comments Move code to proper macro guards protection Fix typo issues Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>	2022-10-12 11:06:51 +00:00
Xiaokang Qian	2f9efd3038	Address comments base on review Change function name to ssl_session_set_hostname() Remove hostname_len Change hostname to c_string Update test cases to multi session tickets Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>	2022-10-12 11:06:49 +00:00
Xiaokang Qian	adf84a4a8c	Remove public api mbedtls_ssl_reset_hostname() Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>	2022-10-12 11:05:11 +00:00
Xiaokang Qian	281fd1bdd8	Add server name check when proposeing pre-share key Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>	2022-10-12 11:03:41 +00:00
Gilles Peskine	8fd3254cfc	Merge pull request #6374 from mprse/enc_types Test TLS 1.2 builds with each encryption type	2022-10-12 12:45:50 +02:00
Ronald Cron	78317c832b	Merge pull request #6327 from yuhaoth/pr/tls13-psk-after-session-tickets TLS 1.3: PSK and NewSessionTicket: Add support for sending PSK and Ticket together.	2022-10-12 12:39:51 +02:00
Przemek Stekiel	ee1bb4145f	Make sure that disabled features are not included in image and fix test config Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-10-12 10:15:59 +02:00
Gilles Peskine	fcee740b83	Automatically enable PK_PARSE for RSA in PSA PSA crypto currently needs MBEDTLS_PK_PARSE_C to parse RSA keys to do almost anything with them (import, get attributes, export public from private, any cryptographic operations). Force it on, for symmetry with what we're doing for MBEDTLS_PK_WRITE_C. Fixes #6409. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2022-10-11 21:15:24 +02:00
Gilles Peskine	aef1ba679d	Add build with a typical configuration for a PSA crypto service Disable non-crypto features that can't be called through the PSA API, as well as algorithms that have no PSA interface. This serves as a non-regression test for #6408 and #6409. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2022-10-11 21:09:21 +02:00
Gilles Peskine	58e5d804ee	test_suite_pk: Add missing dependencies on MBEDTLS_PEM_PARSE_C Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2022-10-11 20:57:38 +02:00
Gilles Peskine	d23d8dee24	test_suite_dhm: Add missing dependencies on MBEDTLS_PEM_PARSE_C Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2022-10-11 20:57:21 +02:00
Gilles Peskine	9624a5932e	Add mbedtls_dhm_parse_dhmfile test case with DER input dh.optlen.der is the result of converting dh.optlen.pem from PEM to DER. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2022-10-11 20:52:34 +02:00
Jerry Yu	c2bfaf00d9	fix wrong typo Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-10-11 18:07:19 +08:00
Manuel Pégourié-Gonnard	ac6c67053d	Print the list of failed suites in verbose mode In verbose mode, the full output of each failing suite is printed out, which for some suites runs in the 1000s of lines. If you didn't redirect output to a file, this is a lot to scroll and can make it hard to quickly identify which test suites failed. So, let's print out that information at the end. This is useful information for starting to figure out what went wrong. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2022-10-11 10:48:32 +02:00
Gilles Peskine	b50e433b66	Test mbedtls_mpi_core_bitlen Copy the test data for mbedtls_mpi_bitlen except for 0-length and negative cases. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2022-10-10 23:03:47 +02:00
Gilles Peskine	e943283f2f	More mbedtls_mpi_bitlen test cases * with leading zero limb * with trailing zero limb * negative Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2022-10-10 23:03:47 +02:00
Gilles Peskine	24baa81043	Improve mbedtls_mpi_bitlen test descriptions Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2022-10-10 23:03:47 +02:00
Gilles Peskine	c5772a194e	mbedtls_test_read_mpi_core: allow odd number of hex digits Test functions must now take a char* argument rather than data_t*. This does not affect existing test data. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2022-10-10 23:03:47 +02:00
Janos Follath	1b5c85c75b	Merge pull request #6386 from gilles-peskine-arm/bignum-mbedtls_test_read_mpi_core Introduce mbedtls_test_read_mpi_core	2022-10-10 15:14:46 +01:00
Jerry Yu	03aa174d7c	Improve test message and title Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-10-10 21:48:37 +08:00
Gabor Mezei	44ba2f6db9	Add more test cases Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2022-10-10 15:32:12 +02:00
Gabor Mezei	a67a1a3ebc	Remove the 'is_fail' parameter from the test functions Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2022-10-10 15:25:59 +02:00
Gabor Mezei	d71eb0c3ac	Use better test macro Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2022-10-10 13:09:04 +02:00
Gabor Mezei	d6441da4c5	Remove redundant memory initialization When memory is allocated it is also initialized with 0. Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2022-10-10 13:05:16 +02:00
Gabor Mezei	251cb632f1	Remove unused macro definition Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2022-10-10 13:02:21 +02:00
Przemek Stekiel	52a428b824	Fix MBEDTLS_SSL_TICKET_C, MBEDTLS_SSL_SESSION_TICKETS dependencies Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-10-10 11:23:18 +02:00
Przemek Stekiel	42bb3ff40b	Adapt expected results in ChaCha20-Poly1305 ( invalid tag length) Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-10-10 07:28:40 +02:00
Jerry Yu	63b06ea06e	Update test cases Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-10-08 14:56:38 +08:00
Jerry Yu	25ab654781	Add dummy ticket support Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-10-07 10:11:05 +08:00
Jerry Yu	8897c07075	Add server only guards for psk callback Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-10-07 10:11:05 +08:00
Przemek Stekiel	c1ceae4848	crypto_config_test_driver_extension.h: add support for ChaCha20 - Poly1305 This is done to have LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305 defined in libtestdriver1. Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-10-06 16:53:47 +02:00
David Horstmann	db73d3b149	Add mbedtls_x509_get_name memory leak unit test Introduce a unit test to test mbedtls_x509_get_name() and add a testcase with a corrupt DER-encoded name that causes mbedtls_x509_get_name() to have to cleanup things it is allocated. If it fails to do this, a memory leak is detected under Asan builds. Signed-off-by: David Horstmann <david.horstmann@arm.com>	2022-10-05 13:09:57 +01:00
Manuel Pégourié-Gonnard	ec7012dbc7	Fix I/O format of PSA EC J-PAKE for compliance The format used by the mbedtls_ecjpake_xxx() APIs and that defined by the PSA Crypto PAKE extension are quite different; the former is tailored to the needs of TLS while the later is quite generic and plain. Previously we only addressed some part of this impedance mismatch: the different number of I/O rounds, but failed to address the part where the legacy API adds some extras (length bytes, ECParameters) that shouldn't be present in the PSA Crypto version. See comments in the code. Add some length testing as well; would have caught the issue. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2022-10-05 12:52:48 +02:00
Gilles Peskine	99a82dce74	Readability improvement Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2022-10-05 11:20:56 +02:00
Gilles Peskine	80ca44f33c	Merge pull request #6325 from gabor-mezei-arm/6308_missing_initialization_in_test Add initialization for structures in test	2022-10-05 11:09:35 +02:00
Gilles Peskine	22514eb99b	Fix typo in documentation Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2022-10-04 15:09:53 +02:00
Gabor Mezei	8fcde5bb8e	Remove duplicate test case Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2022-10-04 13:53:33 +02:00
Gabor Mezei	02e5d439db	Add more tests for cond_assign/swap functions Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2022-10-03 16:45:11 +02:00
Gabor Mezei	6546a6cc03	Rewrite tests for cond_assign/swap The cond_swap and cond_assign test functions now requires the same limb size for the MPI parameters. Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2022-10-03 14:56:51 +02:00
Przemek Stekiel	6a5cc74cc4	Fix typos and comments Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-10-03 09:04:16 +02:00
Przemek Stekiel	bd99a0221b	test_driver_aead.c: add support for LIBTESTDRIVER1 tests Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-10-02 21:01:23 +02:00
Przemek Stekiel	e290f2ea14	all.sh: add testing of AEAD drivers with libtestdriver1 Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-10-02 20:58:39 +02:00
Gilles Peskine	5bbdfce44c	Streamline mbedtls_mpi_core_lt_ct unit test Use mbedtls_test_read_mpi_core() to read the test data. Among other benefits, X and Y are now allocated to their exact size, so analyzers (Asan, Valgrind, Coverity, ...) have a chance of complaining if the tested function overflows the buffer. Remove TEST_CF_PUBLIC calls which are no longer necessary. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2022-09-30 18:53:04 +02:00
Gilles Peskine	3aae4e815e	New function mbedtls_test_read_mpi_core Allocate and read an MPI from a binary test argument. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2022-09-30 18:51:41 +02:00
Gilles Peskine	571576fc5c	Move the definition of data_t to a header file This way it can be used in helper functions. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2022-09-30 18:51:41 +02:00
Gilles Peskine	bdc7b8bb6a	Allow test assertions on constant-flow scalar data When testing a function that is supposed to be constant-flow, we declare the inputs as constant-flow secrets with TEST_CF_SECRET. The result of such a function is itself a constant-flow secret, so it can't be tested with comparison operators. In TEST_EQUAL, TEST_LE_U and TEST_LE_S, declare the values to be compared as public. This way, test code doesn't need to explicitly declare results as public if they're only used by one of these macros. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2022-09-30 18:51:41 +02:00
Gilles Peskine	97483b0fd4	Remove incorrect comment This comment (which used to be attached to the implementation, and should not have been moved to the header file) is incorrect: the library function mbedtls_mpi_read_string preserves leading zeros as desired, but does not create a zero-limb object for an empty string. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2022-09-30 18:51:41 +02:00
Gabor Mezei	ec5685f1ee	Use exact-size buffers for inputs and outputs to library functions in tests Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2022-09-30 14:48:54 +02:00
Gabor Mezei	f5ca726ce1	Rename variables to match bettr to its purpose The length in bytes is used with the 'len' prefix and the length in limbs is used with the 'limbs' prefix. Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2022-09-30 14:35:42 +02:00
Gabor Mezei	8b05e3b148	Add memory freeing Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2022-09-30 13:36:41 +02:00
Gabor Mezei	a7584888da	Use exact-size buffers for inputs and outputs to library functions in tests Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2022-09-30 13:36:41 +02:00
Gabor Mezei	821d15107b	Check true and false condition in the same test case Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2022-09-30 13:36:41 +02:00
Gabor Mezei	3eff425b1a	Use only one limb parameter for assign Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2022-09-30 13:36:40 +02:00
Gabor Mezei	027d696434	Remove unused code Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2022-09-30 13:36:40 +02:00
Gabor Mezei	b2763ef507	Do not read uninitialized memory Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2022-09-30 13:36:40 +02:00
Gabor Mezei	cfc0eb8d22	Remove unused parameter Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2022-09-30 13:36:39 +02:00
Gabor Mezei	53e455db7b	Remove return value checking from test functions of assign and swap Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2022-09-30 13:36:39 +02:00
Gabor Mezei	b27b1c5db0	Add tests for conditional assign and swap functions Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2022-09-30 13:36:30 +02:00
Gilles Peskine	845de0898e	Merge pull request #6083 from tom-cosgrove-arm/issue-6015-montgomery-multiplication Montgomery multiplication from bignum prototype	2022-09-30 10:35:21 +02:00
Victor Barpp Gomes	d0225afcb6	Add a new test with a binary hwSerialNum Signed-off-by: Victor Barpp Gomes <17840319+Kabbah@users.noreply.github.com>	2022-09-29 13:52:55 -03:00
Victor Barpp Gomes	47c7a732d2	Print RFC 4108 hwSerialNum in hex format Signed-off-by: Victor Barpp Gomes <17840319+Kabbah@users.noreply.github.com>	2022-09-29 11:34:23 -03:00
Tom Cosgrove	4386ead662	Correct the aliasing requirements in doc for mbedtls_mpi_core_montmul(), and test them Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>	2022-09-29 14:40:21 +01:00
Przemek Stekiel	48a6a666a0	Add ssl-opt tls 1.2 tests for single cipher builds Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-09-29 15:29:33 +02:00
Przemek Stekiel	8d4b241028	Remove redundant indirect dependencies after optimizing setup for one cipher components Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-09-29 10:13:40 +02:00
Przemek Stekiel	a891a091a3	test_suite_cmac.data: fix bug: use cipher type instead cipher id Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-09-29 09:53:20 +02:00
Przemek Stekiel	68db0d2f67	Optimize one cipher only components and adapt nemes Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-09-29 08:32:25 +02:00
Ronald Cron	77c691f099	Merge pull request #6194 from xkqian/tls13_add_psk_client_cases TLS 1.3: Add PSK client cases	2022-09-28 17:08:06 +02:00
Przemek Stekiel	0cc3466c9e	Change testing strategy to default + one cypher only (psa/no psa) In full config TLS 1.2 is disabled. Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-09-28 12:06:57 +02:00
Przemek Stekiel	b0de1c040b	Add components to build and test default/full config with legacy-ccm cipher only Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-09-28 11:15:16 +02:00
Przemek Stekiel	9550c05757	Add component to build and test full config with stream cipher only Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-09-28 09:51:55 +02:00
Xiaokang Qian	a70bd9108a	Fix the description of psk client cases Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>	2022-09-28 07:50:13 +00:00
Manuel Pégourié-Gonnard	e3358e14b2	Merge pull request #6051 from mprse/permissions_2b_v2 Permissions 2b: TLS 1.3 sigalg selection	2022-09-28 09:50:04 +02:00
Manuel Pégourié-Gonnard	f3f9e450b6	Merge pull request #6115 from AndrzejKurek/ecjpake-kdf-tls-1-2 Ad-hoc KDF for EC J-PAKE in TLS 1.2	2022-09-28 09:47:32 +02:00
Przemek Stekiel	d582a01073	Make MBEDTLS_SSL_CONTEXT_SERIALIZATION dependent on AEAD Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-09-28 07:59:01 +02:00
Xiaokang Qian	ca343ae280	Improve message logs and test cases description in psk Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>	2022-09-28 02:07:54 +00:00
Gabor Mezei	0bb138241b	Add initialization for structures Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2022-09-27 18:48:44 +02:00
Przemek Stekiel	6f29a6c4b4	test_suite_cipher.function: always include aes.h It is done to have MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH macro available (used in tests) Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-09-27 15:04:14 +02:00
Przemek Stekiel	a82290b727	Fix guards for mbedtls_ssl_ticket_write() and mbedtls_ssl_ticket_parse() functions Both functions are calling mbedtls_cipher_auth_[encrypt/decrypt]_ext() functions. These functions are guarded with MBEDTLS_CIPHER_MODE_AEAD \|\| MBEDTLS_NIST_KW_C flags - make it consistent. As a result ssl_server2 won't build now with MBEDTLS_SSL_SESSION_TICKETS enabled (mbedtls_cipher_auth_[encrypt/decrypt]_ext() functions not available). Mark MBEDTLS_SSL_SESSION_TICKETS as dependent on MBEDTLS_CIPHER_MODE_AEAD \|\| MBEDTLS_NIST_KW_C and disable MBEDTLS_SSL_SESSION_TICKETS in stream cipher only build. Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-09-27 15:04:14 +02:00
Przemek Stekiel	11c362a050	Add component to build and test default config with stream cipher only Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-09-27 15:04:08 +02:00
Xiaokang Qian	9c172042b6	Change cases description base on comments Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>	2022-09-27 11:41:50 +00:00
Xiaokang Qian	e12d30d751	Move psk related cases into tls13-kex-modes.sh Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>	2022-09-27 11:34:14 +00:00
Andrzej Kurek	3539f2c90b	Improve readability in ecjpake tests Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-09-26 10:56:02 -04:00
Xiaokang Qian	954d5769ef	PSK: change descriptions base on comments Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>	2022-09-26 08:40:10 +00:00
Xiaokang Qian	ac8195f4f7	Fix wrongly kex mode fallback issue in psk cases Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>	2022-09-26 06:31:58 +00:00
Gilles Peskine	12a1e85caa	Merge pull request #6138 from Zaya-dyno/validation_remove_change_key_agree Validation remove change key agree	2022-09-23 17:04:20 +02:00
Gilles Peskine	f70f4ead7f	Merge pull request #6248 from gilles-peskine-arm/all-sh-force-3.2 Fix all.sh --force	2022-09-23 17:04:00 +02:00
Gilles Peskine	87953f228f	Merge pull request #6091 from Zaya-dyno/validation_remove_change_pk Validation remove change pk	2022-09-23 17:03:30 +02:00
Paul Elliott	2c282c9bd0	Merge pull request #6180 from yuhaoth/pr/add-tls13-multiple-session-tickets TLS 1.3: NewSessionTicket: Add support for sending multiple tickets per session.	2022-09-23 15:48:33 +01:00
Gabor Mezei	f29c2a5313	Add initialization for structures Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2022-09-23 15:25:27 +02:00
Xiaokang Qian	210727f3b1	Skip some psk cases cause wrong fallback to ephemeral Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>	2022-09-23 07:25:40 +00:00
Xiaokang Qian	dea2cbe199	Fix various test issues in psk m->m cases Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>	2022-09-23 01:49:33 +00:00
Xiaokang Qian	658204c71e	Remove negative test cases for m->O and m->G Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>	2022-09-23 01:49:33 +00:00
Xiaokang Qian	8939930b82	Rebase and fix some test failures Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>	2022-09-23 01:49:33 +00:00

... 2 3 4 5 6 ...

7588 commits