Commit graph

9937 commits

Author SHA1 Message Date
Gilles Peskine
edc8456e01 Work around a race condition in parallel builds
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-09-20 15:03:18 +02:00
Gilles Peskine
eda1b1f744
Merge pull request #7921 from valeriosetti/issue7613
TLS: Clean up ECDSA dependencies
2023-09-20 12:47:55 +00:00
Dave Rodgman
143f5f7c68 Add mbedtls_ct_bool_if and mbedtls_ct_bool_if_else_0
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-09-19 21:52:13 +01:00
Dave Rodgman
1cfc43c77b Rename mbedtls_ct_bool_xor to mbedtls_ct_bool_ne
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-09-19 18:39:33 +01:00
Dave Rodgman
986006e567 Make TEST_CALLOC_NONNULL more robust
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-09-19 18:30:25 +01:00
Dave Rodgman
6568f60358 Simplify mbedtls_ct_memcmp_partial test
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-09-19 17:48:24 +01:00
Dave Rodgman
2c9f86b3b6 Add docs for mbedtls_ct_memcmp_partial test
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-09-19 17:48:13 +01:00
Dave Rodgman
28bc1ab923 Use exact bounds for allocations in mbedtls_ct_memcmp_partial test
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-09-19 17:34:57 +01:00
Dave Rodgman
a328635305 Introduce TEST_CALLOC_NONNULL
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-09-19 17:34:39 +01:00
Dave Rodgman
ba600b2fd9 Remove expected param from mbedtls_ct_memcmp_partial test
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-09-19 17:26:13 +01:00
Waleed Elmelegy
071b69f47b Add correct dependency to DES3 test
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
2023-09-19 11:24:49 +01:00
Dave Rodgman
771ac65b0c Add tests for mbedtls_ct_memcmp_partial
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-09-19 09:10:59 +01:00
Gilles Peskine
d2e004e401 Test mbedtls_ssl_decrypt_buf(): stream cipher, negative cases
Test mbedtls_ssl_decrypt_buf() with a null cipher (the only type of stream
cipher we support). Test the good case (to make sure the test code
constructs the input correctly), test with an invalid MAC, and test with a
shortened input.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-09-18 19:07:50 +02:00
Waleed Elmelegy
6d2c5d5f5c Adjust cipher tests to new requirement of specifying padding mode
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
2023-09-18 17:41:25 +01:00
Gilles Peskine
9099d3fd76 Refactoring: create mbedtls_test_ssl_prepare_record_mac()
No semantic change.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-09-18 17:21:15 +02:00
Gilles Peskine
bd50d5baec
Merge pull request #8177 from gilles-peskine-arm/generated-files-off-in-release
Generated files off in release
2023-09-18 14:11:58 +00:00
Gilles Peskine
68ec3ccc7c Add missing cleanup
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-09-18 14:35:52 +02:00
Gilles Peskine
ac5fabed25 Refactoring: prepare to create mbedtls_test_ssl_prepare_record_mac()
No semantic change.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-09-18 14:35:42 +02:00
Gilles Peskine
a3237efefb Move testing of mbedtls_ssl_decrypt_buf to a new test suite
test_suite_ssl is huge and needs splitting.

Create a new test suite focused on mbedtls_ssl_decrypt_buf(), which is a
complicated function that needs more thorough testing with malformed inputs.
At this point, we are only doing negative testing with CBC-non-ETM test
suites. This needs to grow.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-09-18 14:23:13 +02:00
Manuel Pégourié-Gonnard
f299efdb96 Improve a comment
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-09-18 11:19:04 +02:00
Gilles Peskine
67c86e626b
Merge pull request #7961 from gilles-peskine-arm/psa_crypto_config-in-full
Enable MBEDTLS_PSA_CRYPTO_CONFIG in the full config
2023-09-18 08:13:12 +00:00
Manuel Pégourié-Gonnard
f7298cd397 Fix some issues in comments
Ranging from typos to outdated comment contradicting the code.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-09-18 09:55:24 +02:00
Gilles Peskine
8a7fb2d799
Merge pull request #1055 from waleed-elmelegy-arm/add-new-pkcs12-pbe2-ext-fun
Add new pkcs12 pbe2 ext fun
2023-09-15 18:43:03 +02:00
Manuel Pégourié-Gonnard
b95e92cd41
Merge pull request #8076 from valeriosetti/issue8005
Test with ECC and FFDH accelerated and no bignum
2023-09-14 09:12:35 +00:00
Gilles Peskine
0ddffb6de2
Merge pull request #7210 from sergio-nsk/patch-2
Fix llvm error: variable 'default_iv_length' and other may be used uninitialized
2023-09-13 16:38:55 +02:00
Gilles Peskine
3cea3efc25
Merge pull request #8025 from AgathiyanB/accept-numericoid-hexstring-x509
Accept numericoid hexstring x509
2023-09-13 08:54:33 +00:00
Dave Rodgman
da0bb9fae8
Merge pull request #8034 from gilles-peskine-arm/bump_version-doc_mainpage
Update capitalization of "Mbed" and fix bump_version.sh
2023-09-13 08:41:20 +00:00
Gilles Peskine
2e38a0d603 More spelling corrections
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-09-12 19:19:31 +02:00
Gilles Peskine
e820c0abc8 Update spelling "mbed TLS" to "Mbed TLS"
The official spelling of the trade mark changed from all-lowercase "mbed"
to normal proper noun capitalization "Mbed" a few years ago. We've been
using the new spelling in new text but still have the old spelling in a
lot of text. This commit updates most occurrences of "mbed TLS":

```
sed -i -e 's/mbed TLS/Mbed TLS/g' $(git ls-files ':!ChangeLog' ':!tests/data_files/**' ':!tests/suites/*.data' ':!programs/x509/*' ':!configs/tfm*')
```

Justification for the omissions:

* `ChangeLog`: historical text.
* `test/data_files/**`, `tests/suites/*.data`, `programs/x509/*`: many
  occurrences are significant names in certificates and such. Changing
  the spelling would invalidate many signatures and tests.
* `configs/tfm*`: this is an imported file. We'll follow the upstream
  updates.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-09-12 19:18:17 +02:00
Waleed Elmelegy
57d09b72ef Return back to modifying input parameters in pkcs12_parse_pbe_params
Return back to modifying input parameters in pkcs12_parse_pbe_params
to avoid change in behaviour.

Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
2023-09-12 14:05:10 +01:00
Waleed Elmelegy
a7d206fce6 Check set_padding has been called in mbedtls_cipher_finish
Check set_padding has been called in mbedtls_cipher_finish
in modes that require padding.

Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
2023-09-12 13:39:36 +01:00
Paul Elliott
45b6e5e69f Prevent potential use of uninitialised data in pkcs7 tests
Move the initialisation of the pkcs7 object to before the first possible
test failure, otherwise failure in those tests could result in an
uninitialised pointer being free'd. Found by coverity.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2023-09-12 11:58:21 +01:00
Dave Rodgman
49d7223036 Fix test under memsan
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-09-12 11:03:23 +01:00
Dave Rodgman
70e022b024 code style
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-09-12 09:29:13 +01:00
Manuel Pégourié-Gonnard
e9d97976b2 Update list of ignored tests
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-09-12 09:50:17 +02:00
Manuel Pégourié-Gonnard
96839e7450 Move common things to common function
These should be shared between ref and accel, for meaningful coverage
comparison.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-09-12 09:50:17 +02:00
Manuel Pégourié-Gonnard
0509b5878c Fix INVALID vs NOT_SUPPORTED issue in test suite
This fixes the last remaining failure.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-09-12 09:50:17 +02:00
Manuel Pégourié-Gonnard
25b45db3d8 Disable ECP_C in component with p256-m driver
Builds, but 20 test cases failing in test_suite_psa_crypto, to be
addressed in future commits.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-09-12 09:50:16 +02:00
Dave Rodgman
140d5c77d0 Add single-bit difference tests
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-09-11 19:10:05 +01:00
Waleed Elmelegy
e1cb35b719 Add new mbedtls_pkcs12_pbe_ext function to replace old function
Add new mbedtls_pkcs12_pbe_ext function to replace
old mbedtls_pkcs12_pbe function that have security
issues.

Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
2023-09-08 16:51:26 +01:00
Gilles Peskine
0b62b7a21f Allow turning off re-generation of files with make
In make builds, when GEN_FILES is false (empty), don't try to re-generate
configuration-independent source files, regardless of whether they seem
out of date. This is useful, for example, if you have a source tree where
`make generated_files` has already run and file timestamps reflect the
time the files were copied or extracted, and you are now in an environment
that lacks some of the necessary tools to re-generate the files.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-09-08 16:19:13 +02:00
Gilles Peskine
31d49cd57f
Merge pull request #1053 from waleed-elmelegy-arm/Improve-and-test-mbedtls_pkcs12_pbe
Improve & test legacy mbedtls_pkcs12_pbe
2023-09-08 13:08:05 +02:00
Waleed Elmelegy
1f59ee078f Add correct dependencies to pkcs12 tests
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
2023-09-07 17:59:35 +01:00
Waleed Elmelegy
096017023d Fix identation error in pkcs12 tests
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
2023-09-07 17:48:40 +01:00
David Horstmann
8ece2e9712 Fix incorrect test dependencies in pkwrite tests
These should rely in MBEDTLS_PEM_{PARSE,WRITE}_C where applicable, not
MBEDTLS_BASE64_C.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
2023-09-07 17:43:12 +01:00
Waleed Elmelegy
75b9eb36b4 Change pkcs12 test comparison macro to the new macro
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
2023-09-07 17:02:37 +01:00
Waleed Elmelegy
8317e91b1e Change pkcs12 test allocation macros to the new macros
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
2023-09-07 15:46:58 +01:00
Waleed Elmelegy
15de809e1a Improve pkcs12 pbe tests
* Simplify pkcs12 tests to use algo parameters instead of asn1 buffers.
* Fix output buffers allocation size.

Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
2023-09-05 16:34:55 +01:00
Waleed Elmelegy
255db80910 Improve & test legacy mbedtls_pkcs12_pbe
* Prevent pkcs12_pbe encryption when PKCS7 padding has been
  disabled since this not part of the specs.
* Allow decryption when PKCS7 padding is disabled for legacy
  reasons, However, invalid padding is not checked.
* Document new behaviour, known limitations and possible
  security concerns.
* Add tests to check these scenarios. Test data has been
  generated by the below code using OpenSSL as a reference:

#include <openssl/pkcs12.h>
#include <openssl/evp.h>
#include <openssl/des.h>
#include <openssl/asn1.h>
#include "crypto/asn1.h"
#include <string.h>

int main()
{
    char pass[] = "\xBB\xBB\xBB\xBB\xBB\xBB\xBB\xBB\xBB";
    unsigned char salt[] = "\xCC\xCC\xCC\xCC\xCC\xCC\xCC\xCC\xCC";
    unsigned char plaintext[] = "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA";
    unsigned char *ciphertext = NULL;
    int iter = 10;
    X509_ALGOR *alg =  X509_ALGOR_new();
    int ciphertext_len = 0;
    int alg_nid = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;
    alg->parameter = ASN1_TYPE_new();
    struct asn1_object_st * aobj;
    PKCS5_pbe_set0_algor(alg, alg_nid, iter,
                         salt, sizeof(salt)-1);

    aobj = alg->algorithm;
    printf("\"30%.2X", 2 + aobj->length + alg->parameter->value.asn1_string->length);
    printf("06%.2X", aobj->length);
    for (int i = 0; i < aobj->length; i++) {
        printf("%.2X", aobj->data[i]);
    }

    for (int i = 0; i < alg->parameter->value.asn1_string->length; i++) {
        printf("%.2X", alg->parameter->value.asn1_string->data[i]);
    }
    printf("\":\"");

    for (int i = 0; i < sizeof(pass)-1; i++) {
        printf("%.2X", pass[i] & 0xFF);
    }
    printf("\":\"");
    for (int i = 0; i < sizeof(plaintext)-1; i++) {
        printf("%.2X", plaintext[i]);
    }
    printf("\":");
    printf("0");
    printf(":\"");

    unsigned char * res = PKCS12_pbe_crypt(alg, pass, sizeof(pass)-1, plaintext, sizeof(plaintext)-1, &ciphertext, &ciphertext_len, 1);

    if (res == NULL)
        printf("Encryption failed!\n");
    for (int i = 0; i < ciphertext_len; i++) {
        printf("%.2X", res[i]);
    }
    printf("\"\n");

    return 0;
}

Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
#
2023-09-05 15:45:55 +01:00
Kusumit Ghoderao
94d319065a Set input cost as 1 for psa_key_exercise test
Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>
2023-09-05 19:30:22 +05:30
Kusumit Ghoderao
7c61ffcc44 Rename parse_binary_string function
Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>
2023-09-05 19:29:47 +05:30
Valerio Setti
5dfaca4af5 all.sh: fix comments
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-09-05 08:48:51 +02:00
Agathiyan Bragadeesh
4ce9ac8463 Add round trip tests for x509 RDNs
Signed-off-by: Agathiyan Bragadeesh <agathiyan.bragadeesh2@arm.com>
2023-09-04 16:18:26 +01:00
Gilles Peskine
1a7d387072
Merge pull request #1041 from waleed-elmelegy-arm/add-new-pkcs5-pbe2-ext-fun
Add new pkcs5 pbe2 ext fun
2023-09-04 15:33:42 +02:00
Tom Cosgrove
b2fafa5a49 config-wrapper-zeroize-memset.h should be user-config-zeroize-memset.h and not include mbedtls_config.h
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2023-09-02 19:22:45 +01:00
Tom Cosgrove
7eced7d1d2 Move zeroize-as-memset into a config file under tests/
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2023-09-02 19:22:45 +01:00
Tom Cosgrove
daddf11a30 Add a build to all.sh to check mbedtls_platform_zeroize() calls
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2023-09-02 19:22:45 +01:00
Tom Cosgrove
351a391011 Fix incorrect use of mbedtls_platform_zeroize() in tests
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2023-09-02 19:22:45 +01:00
Dave Rodgman
4f69668558
Merge pull request #8082 from daverodgman/misc-code-size
Misc code size improvements
2023-09-02 11:44:31 +00:00
Paul Elliott
6147511bc0
Merge pull request #7955 from davidhorstmann-arm/psa-crypto-script-changes
Miscellaneous changes to scripts for PSA-Crypto enablement
2023-08-31 18:19:52 +00:00
Paul Elliott
6ebe7d2e3a
Merge pull request #8095 from davidhorstmann-arm/initialize-struct-get-other-name
Coverity fix: Set `type_id` in `x509_get_other_name()`
2023-08-31 16:26:00 +00:00
Paul Elliott
b5d97156e4
Merge pull request #7857 from minosgalanakis/bugifx/address_curve_bits
[BigNum] test_suite_ecp: Fixed curve bit-length.
2023-08-31 13:14:11 +00:00
Dave Rodgman
a9a53a05f0 Merge remote-tracking branch 'origin/development' into misc-code-size 2023-08-31 11:53:46 +01:00
Gilles Peskine
f7632382cc
Merge pull request #8130 from davidhorstmann-arm/fix-unnecessary-include-prefixes
Fix unnecessary header prefixes in tests
2023-08-31 08:57:26 +00:00
Gilles Peskine
7b2b76a2d4
Merge pull request #7165 from yanrayw/7094-collect-compatsh-test-cases
check_test_cases.py: support to collect test cases for compat.sh
2023-08-31 07:30:20 +00:00
Dave Rodgman
dbddb00158 Ensure mbedtls_sha3_finish zeroizes the context
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-08-30 18:43:23 +01:00
Gilles Peskine
03e9dea30b Merge remote-tracking branch 'development' into psa_crypto_config-in-full
Conflicts:
* `include/psa/crypto_sizes.h`: the addition of the `u` suffix in this branch
  conflicts with the rework of the calculation of `PSA_HASH_MAX_SIZE` and
  `PSA_HMAC_MAX_HASH_BLOCK_SIZE` in `development`. Use the new definitions
  from `development`, and add the `u` suffix to the relevant constants.
2023-08-30 18:32:57 +02:00
Gilles Peskine
2c40b90598 ssl-opt.sh doesn't actually use OPENSSL_LEGACY: remove unused function
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-08-30 16:38:56 +02:00
David Horstmann
22ec2aefa9 Fix unnecessary header prefixes in tests
Remove unnecessary "../library" prefix from test suite includes. This
makes the tests repo-agnostic between the mbedtls and psa-crypto repos.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
2023-08-30 15:34:34 +01:00
Waleed Elmelegy
21d7d85af7 Fix mbedtls_pkcs5_pbes test function failure
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
2023-08-30 13:12:09 +01:00
Yanray Wang
63f0abe226 check_test_cases: add a comment to explain idx in walk_compat_sh
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-08-30 18:31:37 +08:00
Dave Rodgman
730bbee226 Merge remote-tracking branch 'origin/development' into update-restricted-2023-08-30 2023-08-30 11:22:00 +01:00
Dave Rodgman
29bf911058
Merge pull request #7839 from daverodgman/psa-sha3
SHA-3 via PSA
2023-08-30 08:51:36 +00:00
David Horstmann
8f3ec8ec9d Use '--target' instead of shortened '-t'
This enables compatibility with older versions of CMake that do not have
the abbreviated switch.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
2023-08-30 09:46:20 +01:00
Yanray Wang
ab717b5287 Merge remote-tracking branch 'origin/development' into 7094-collect-compatsh-test-cases 2023-08-30 10:38:28 +08:00
David Horstmann
3ed1871920 Disable pylint error for non-uppercase names
Signed-off-by: David Horstmann <david.horstmann@arm.com>
2023-08-29 18:20:19 +01:00
Dave Rodgman
33e1f42307 Fix use of mbedtls_psa_safer_memcmp in test code
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-08-29 18:17:29 +01:00
David Horstmann
9cc6b2f446 Add missing import in test_psa_compliance.py
Signed-off-by: David Horstmann <david.horstmann@arm.com>
2023-08-29 17:36:35 +01:00
David Horstmann
fd9264e65b Fix pylint errors
Signed-off-by: David Horstmann <david.horstmann@arm.com>
2023-08-29 16:21:15 +01:00
Gilles Peskine
a878b663cf
Merge pull request #8090 from silabs-Kusumit/PBKDF2_higher_cost_tests
PBKDF2: tests with higher input costs
2023-08-29 14:00:17 +00:00
David Horstmann
41c316d3b2 Move -B switch into a single argument
This will prevent CMake from mistaking the build directory for the
source directory

Signed-off-by: David Horstmann <david.horstmann@arm.com>
2023-08-29 14:57:23 +01:00
Waleed Elmelegy
79b6e26b1b Improve mbedtls_pkcs5_pbes2_ext function test data
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
2023-08-29 14:55:03 +01:00
David Horstmann
b48822c816 Appease pylint by renaming variables
Signed-off-by: David Horstmann <david.horstmann@arm.com>
2023-08-29 14:12:53 +01:00
David Horstmann
beaee2604f Test PSA compliance: Build only the crypto target
Use CMake's -t option to build only the crypto target. Parameterize the
crypto target to have the right name depending on whether this is Mbed
TLS or PSA Crypto.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
2023-08-29 14:01:52 +01:00
David Horstmann
c69074dcf6 Tidy up reference to Mbed TLS in help message
Signed-off-by: David Horstmann <david.horstmann@arm.com>
2023-08-29 13:46:11 +01:00
David Horstmann
2ba89bece6 Disable pylint error in CMake command
Signed-off-by: David Horstmann <david.horstmann@arm.com>
2023-08-29 10:37:29 +01:00
David Horstmann
3b8984af5c Remove or qualify references to Mbed TLS
Either remove exclusive references to Mbed TLS or accompany them with
references to "PSA Crypto".

Signed-off-by: David Horstmann <david.horstmann@arm.com>
2023-08-29 10:32:26 +01:00
David Horstmann
f757069269 Rename 'mbedtls_dir' -> 'root_dir'
This makes it more repo-agnostic

Signed-off-by: David Horstmann <david.horstmann@arm.com>
2023-08-29 10:27:13 +01:00
David Horstmann
98af198a30 Correctly detect presence of the built library
Use the repo-specific test not just the Mbed TLS specific one.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
2023-08-29 10:25:54 +01:00
David Horstmann
58cf7c6c38 Use repo detection functions at start of all.sh
Signed-off-by: David Horstmann <david.horstmann@arm.com>
2023-08-29 10:15:05 +01:00
David Horstmann
d02b5f8f56 Separate directory discernment into 2 functions
Have separate in_mbedtls_repo() and in_psa_crypto_repo() functions

Signed-off-by: David Horstmann <david.horstmann@arm.com>
2023-08-29 09:55:56 +01:00
Gilles Peskine
1783870681 compat.sh: add --preserve-logs option
Similar to ssl-opt.sh.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-08-28 17:36:52 +02:00
Dave Rodgman
d395590597
Merge pull request #7579 from daverodgman/safer-ct-asm
Arm assembly implementation of constant time primitives
2023-08-28 08:26:29 +00:00
Gilles Peskine
7be571ac85 Remove GNUTLS_LEGACY and OPENSSL_LEGACY
They aren't used anywhere.

Keep the command line options of all.sh to avoid breaking any wrapper
scripts that people might have.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-08-27 21:51:54 +02:00
Gilles Peskine
e29203be88 Stop using "legacy" OpenSSL and GnuTLS
None of the tests actually need GNUTLS_LEGACY (3.3.8): GNUTLS (3.4.10)
works.

None of the tests actually need OPENSSL_LEGACY (1.0.1j): OPENSSL (1.0.2g)
works.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-08-27 21:43:00 +02:00
Gilles Peskine
5f5e3886c5 Minor robustness improvement
Let openssl use any experimental or obsolete cipher that's not in ALL.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-08-27 21:41:31 +02:00
Gilles Peskine
5cb8605d79 ssl-opt.sh doesn't actually use OPENSSL_LEGACY, so remove it
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-08-27 21:40:56 +02:00
Gilles Peskine
8ca2041145
Merge pull request #8074 from tgonzalezorlandoarm/tg/allowlist
Implement allowlist of test cases that are legitimately not executed
2023-08-24 18:03:20 +00:00
David Horstmann
0ac57ca6c6 Rename is_psa_crypto -> in_psa_crypto_repo
(For consistency with all.sh)

Signed-off-by: David Horstmann <david.horstmann@arm.com>
2023-08-24 15:18:18 +01:00
David Horstmann
7f93d22ad9 Rename psa_crypto_lib_filename to just crypto_lib_filename
Signed-off-by: David Horstmann <david.horstmann@arm.com>
2023-08-24 15:18:18 +01:00
David Horstmann
4dcddcfae2 Parameterize out of source build directory
Use CMake to build the library out-of-source (rather than make)
in tests/scripts/test_psa_compliance.py and add a script argument for
the out-of-source build directory.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
2023-08-24 15:18:18 +01:00
David Horstmann
76a7738537 Invert logic for repo detection in all.sh
Instead of:
    ! in_psa_crypto_repo()
use
    in_mbedtls_repo()

Signed-off-by: David Horstmann <david.horstmann@arm.com>
2023-08-24 15:18:18 +01:00
David Horstmann
e31014a681 Tweak test_psa_compliance pylint annotations
Signed-off-by: David Horstmann <david.horstmann@arm.com>
2023-08-24 15:18:18 +01:00
David Horstmann
1d09184291 Modify test_psa_compliance.py for psa-crypto repo
Signed-off-by: David Horstmann <david.horstmann@arm.com>
2023-08-24 15:18:18 +01:00
David Horstmann
9a6c45b436 Make all.sh PSA-crypto-friendly
Introduce changes needed to run all.sh in the psa-crypto repo. Where
behaviour must differ, detect that we are in the psa-crypto repo by
checking for the 'core' directory.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
2023-08-24 15:18:11 +01:00
Tomás González
d43cab3f5c Correct analyze_outcomes identation
Signed-off-by: Tomás González <tomasagustin.gonzalezorlando@arm.com>
2023-08-24 09:12:40 +01:00
Agathiyan Bragadeesh
733766bc71 Remove trailing whitespace in data file.
Signed-off-by: Agathiyan Bragadeesh <agathiyan.bragadeesh2@arm.com>
2023-08-23 15:44:52 +01:00
Agathiyan Bragadeesh
de84f9d67a Add test for rejecting empty AttributeValue
Signed-off-by: Agathiyan Bragadeesh <agathiyan.bragadeesh2@arm.com>
2023-08-23 11:44:04 +01:00
Gilles Peskine
e65bba4dd2
Merge pull request #7803 from gilles-peskine-arm/psa-low-hash-mac-size
Start testing the PSA built-in drivers: hashes
2023-08-22 11:19:41 +00:00
Tomás González
a0631446b5 Correct analyze_outcomes.py identation
Signed-off-by: Tomás González <tomasagustin.gonzalezorlando@arm.com>
2023-08-22 12:18:04 +01:00
Agathiyan Bragadeesh
ea3e83f36a Amend test in test_suite_x509write
Needed since we now reject escaped null hexpairs in strings

Signed-off-by: Agathiyan Bragadeesh <agathiyan.bragadeesh2@arm.com>
2023-08-22 10:39:56 +01:00
Agathiyan Bragadeesh
01e9392c3f Add malformatted DER test for string_to_names
Signed-off-by: Agathiyan Bragadeesh <agathiyan.bragadeesh2@arm.com>
2023-08-22 10:39:56 +01:00
Agathiyan Bragadeesh
cab79188ca Remove redundant tests in test_suite_x509write
Signed-off-by: Agathiyan Bragadeesh <agathiyan.bragadeesh2@arm.com>
2023-08-22 10:39:56 +01:00
Agathiyan Bragadeesh
a0ba8aab2e Add test for non ascii x509 subject name
Signed-off-by: Agathiyan Bragadeesh <agathiyan.bragadeesh2@arm.com>
2023-08-22 10:39:56 +01:00
Agathiyan Bragadeesh
a953f8ab36 Remove duplicate test in test_suite_x509write
The test for outputing a hexstring representation is actually
testing dn_gets, and is tested in test_suite_x509parse.

Signed-off-by: Agathiyan Bragadeesh <agathiyan.bragadeesh2@arm.com>
2023-08-22 10:39:56 +01:00
Agathiyan Bragadeesh
957ca0595d Accept short name/ber encoded data in DNs
Signed-off-by: Agathiyan Bragadeesh <agathiyan.bragadeesh2@arm.com>
2023-08-22 10:39:56 +01:00
Agathiyan Bragadeesh
afdb187bbc Add more comprehensive string to name tests
Signed-off-by: Agathiyan Bragadeesh <agathiyan.bragadeesh2@arm.com>
2023-08-22 10:39:56 +01:00
Agathiyan Bragadeesh
e59dedbce2 Add test reject null characters in string to names
Signed-off-by: Agathiyan Bragadeesh <agathiyan.bragadeesh2@arm.com>
2023-08-22 10:39:56 +01:00
Agathiyan Bragadeesh
5ca9848513 Reword test in test_suite_x509write
Signed-off-by: Agathiyan Bragadeesh <agathiyan.bragadeesh2@arm.com>
2023-08-22 10:39:56 +01:00
Agathiyan Bragadeesh
47cc76f070 Update x509 test for numericoid/hexstring output
Signed-off-by: Agathiyan Bragadeesh <agathiyan.bragadeesh2@arm.com>
2023-08-22 10:39:56 +01:00
Agathiyan Bragadeesh
ef299d6735 Add more tests for RFC 4514
Signed-off-by: Agathiyan Bragadeesh <agathiyan.bragadeesh2@arm.com>
2023-08-22 10:39:56 +01:00
Agathiyan Bragadeesh
404b4bb9ab Add x509 tests for upper and lowercase hexpairs
Signed-off-by: Agathiyan Bragadeesh <agathiyan.bragadeesh2@arm.com>
2023-08-22 10:39:56 +01:00
Agathiyan Bragadeesh
dba8a641fe Add and update tests for x509write and x509parse
Due to change in handling non-ascii characters, existing tests had to be
updated to handle the new implementation. New tests and certificates
are added to test the escaping functionality in edge cases.

Signed-off-by: Agathiyan Bragadeesh <agathiyan.bragadeesh2@arm.com>
2023-08-22 10:39:52 +01:00
Agathiyan Bragadeesh
ef2decbe4a Escape hexpairs characters RFC 4514
Converts none ascii to escaped hexpairs in mbedtls_x509_dn_gets and
interprets hexpairs in mbedtls_x509_string_to_names.

Signed-off-by: Agathiyan Bragadeesh <agathiyan.bragadeesh2@arm.com>
2023-08-22 10:38:16 +01:00
Agathiyan Bragadeesh
48513b8639 Escape special characters RFC 4514
This escapes special characters according to RFC 4514 in
mbedtls_x509_dn_gets and de-escapes in mbedtls_x509_string_to_names.
This commit does not handle hexpairs.

Signed-off-by: Agathiyan Bragadeesh <agathiyan.bragadeesh2@arm.com>
2023-08-22 10:38:16 +01:00
Tomás González
5022311c9d Tidy up allow list definition
* Don't break string literals in the allow list definition
 * Comment each test that belongs to the allow list is there.

Signed-off-by: Tomás González <tomasagustin.gonzalezorlando@arm.com>
2023-08-22 09:54:28 +01:00
Tomás González
7ebb18fbd6 Make non-executed tests that are not in the allow list an error
* Turn the warnings produced when finding non-executed tests that
   are not in the allow list into errors.

Signed-off-by: Tomás González <tomasagustin.gonzalezorlando@arm.com>
2023-08-22 09:47:49 +01:00
Gilles Peskine
6d14c2b858 Remove dead code
Do explain why we don't test a smaller buffer in addition to testing the
nominal size and a larger buffer.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-08-22 09:59:50 +02:00
Gilles Peskine
c9187c5866 New test suite for the low-level hash interface
Some basic test coverage for now:

* Nominal operation.
* Larger output buffer.
* Clone an operation and use it after the original operation stops.

Generate test data automatically. For the time being, only do that for
hashes that Python supports natively. Supporting all algorithms is future
work.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-08-22 09:59:42 +02:00
Tom Cosgrove
17d5081ffb
Merge pull request #8099 from gilles-peskine-arm/split-config_psa-prepare
Prepare to split config_psa.h
2023-08-22 07:30:46 +00:00
Gilles Peskine
fdb722384b Move PSA information and dependency automation into their own module
This will let us use these features from other modules (yet to be created).

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-08-21 18:32:11 +02:00
Gilles Peskine
796bc2b8f9
Merge pull request #7486 from AndrzejKurek/calloc-also-zeroizes
Document mbedtls_calloc zeroization
2023-08-21 15:47:21 +00:00
Gilles Peskine
d686c2a822
Merge pull request #7971 from AgathiyanB/fix-data-files-makefile
Fix server1.crt.der in tests/data_files/Makefile
2023-08-21 14:43:07 +00:00
Gilles Peskine
44243e11ff Remove obsolete header inclusions
Since 3.0.0, mbedtls_config.h (formerly config.h) no longer needs to include
config_psa.h or check_config.h: build_info.h takes care of that.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-08-21 16:10:06 +02:00
Janos Follath
e220d258fd
Merge pull request #8086 from yanesca/remove-new-bignum
Remove new bignum when not needed
2023-08-21 10:59:41 +00:00
Gilles Peskine
ead1766b5f Fix PBKDF2 with empty salt segment on platforms where malloc(0)=NULL
"Fix PBKDF2 with empty salt on platforms where malloc(0)=NULL" took care of
making an empty salt work. But it didn't fix the case of an empty salt
segment followed by a non-empty salt segment, which still invoked memcpy
with a potentially null pointer as the source. This commit fixes that case,
and also simplifies the logic in the function a little.

Test data obtained with:
```
pip3 install cryptodome
python3 -c 'import sys; from Crypto.Hash import SHA256; from Crypto.Protocol.KDF import PBKDF2; cost = int(sys.argv[1], 0); salt = bytes.fromhex(sys.argv[2]); password = bytes.fromhex(sys.argv[3]); n = int(sys.argv[4], 0); print(PBKDF2(password=password, salt=salt, dkLen=n, count=cost, hmac_hash_module=SHA256).hex())' 1 "" "706173737764" 64
```

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-08-20 22:05:16 +02:00
Dave Rodgman
1fdc884ed8
Merge pull request #7384 from yuhaoth/pr/add-aes-accelerator-only-mode
AES: Add accelerator only mode
2023-08-18 20:55:44 +00:00
David Horstmann
cfae6a1ae9 Fix incorrect detection of HardwareModuleName
The hardware module name otherName SAN contains 2 OIDs:

 OtherName ::= SEQUENCE {
      type-id    OBJECT IDENTIFIER,
      value      [0] EXPLICIT ANY DEFINED BY type-id }

 HardwareModuleName ::= SEQUENCE {
                           hwType OBJECT IDENTIFIER,
                           hwSerialNum OCTET STRING }

The first, type-id, is the one that identifies the otherName as a
HardwareModuleName. The second, hwType, identifies the type of hardware.

This change fixes 2 issues:

1. We were erroneously trying to identify HardwareModuleNames by looking
at hwType, not type-id.
2. We accidentally inverted the check so that we were checking that
hwType did NOT match HardwareModuleName.

This fix ensures that type-id is correctly checked to make sure that it
matches the OID for HardwareModuleName.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
2023-08-18 19:31:39 +01:00
Kusumit Ghoderao
8eb55891ad Add tests in derive_key for pbkdf2
Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>
2023-08-18 22:04:31 +05:30
Kusumit Ghoderao
1dd596541b Add tests in derive_key_type for pbkdf2
Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>
2023-08-18 22:04:31 +05:30
Kusumit Ghoderao
1fe806a1a0 Add tests in derive_key_export for pbkdf2
Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>
2023-08-18 22:04:31 +05:30
Kusumit Ghoderao
e8f6a0d791 Add tests for derive_key_exercise for pbkdf2
Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>
2023-08-18 22:04:31 +05:30
Kusumit Ghoderao
ac7a04ac15 Move parse_binary_string function to psa_crypto_helpers
Add test code for pbkdf2 in psa_exercise_key

Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>
2023-08-18 22:04:16 +05:30
Kusumit Ghoderao
5cad47df8a Modify test description
The test data was generated using the python script.
PBKDF2_AES_CMAC_PRF_128 test vectors are generated using PyCryptodome library:
https://github.com/Legrandin/pycryptodome

Steps to generate test vectors:
1. pip install pycryptodome
2. Use the python script below to generate Derived key (see description for details):

Example usage:
pbkdf2_cmac.py <password> <salt> <number_of_iterations> <derived_key_len>
derive_output.py 4a30314e4d45 54687265616437333563383762344f70656e54687265616444656d6f 16384 16

password         : 4a30314e4d45
salt             : 54687265616437333563383762344f70656e54687265616444656d6f
input cost       : 16384
derived key len  : 16
output           : 8b27beed7e7a4dd6c53138c879a8e33c

"""
from Crypto.Protocol.KDF import PBKDF2
from Crypto.Hash import CMAC
from Crypto.Cipher import AES
import sys

def main():
    #check args
    if len(sys.argv) != 5:
        print("Invalid number of arguments. Expected: <password> <salt> <input_cost> <derived_key_len>")
        return

    password    = bytes.fromhex(sys.argv[1])
    salt        = bytes.fromhex(sys.argv[2])
    iterations  = int(sys.argv[3])
    dklen       = int(sys.argv[4])

    # If password is not 16 bytes then we need to use CMAC to derive the password
    if len(password) != 16:
        zeros     = bytes.fromhex("00000000000000000000000000000000")
        cobj_pass = CMAC.new(zeros, msg=password, ciphermod=AES, mac_len=16)
        passwd    = bytes.fromhex(cobj_pass.hexdigest())
    else:
        passwd = password

    cmac_prf = lambda p,s: CMAC.new(p, s, ciphermod=AES, mac_len=16).digest()

    actual_output = PBKDF2(passwd, salt=salt, dkLen=dklen, count=iterations, prf=cmac_prf)

    print('password         : ' + password.hex())
    print('salt             : ' + salt.hex())
    print('input cost       : ' + str(iterations))
    print('derived key len  : ' + str(dklen))
    print('output           : ' + actual_output.hex())

if __name__ == "__main__":
    main()
"""

Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>
2023-08-18 12:49:07 +05:30
Bence Szépkúti
505dffd5e3
Merge pull request #7937 from yanrayw/code_size_compare_improvement
code_size_compare.py: preparation work to show code size changes in PR comment
2023-08-17 20:59:11 +00:00
Gilles Peskine
73936868b8 Merge remote-tracking branch 'development' into psa_crypto_config-in-full
Conflicts:
* tests/scripts/all.sh: component_test_crypto_full_no_cipher was removed
  in the development branch.
2023-08-17 19:46:34 +02:00
Kusumit Ghoderao
e4d634cd87 Add tests with higher input costs for pbkdf2
Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>
2023-08-17 21:16:14 +05:30
Gilles Peskine
dbd13c3689
Merge pull request #7662 from lpy4105/issue/renew_cert_2027-01-01
Updating crt/crl files due to expiry before 2027-01-01
2023-08-17 15:38:35 +00:00
Janos Follath
f2334b7b39 Remove new bignum when not needed
New bignum modules are only needed when the new ecp_curves module is
present. Remove them when they are not needed to save code size.

Signed-off-by: Janos Follath <janos.follath@arm.com>
2023-08-17 14:36:59 +01:00
Waleed Elmelegy
4a0a989913 Fix unused parameters warnings when MBEDTLS_CIPHER_PADDING_PKCS7 is disabled
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
2023-08-17 14:20:58 +01:00
Waleed Elmelegy
87bc1e1cda Fix heap overflow issue in pkcs5_pbes2 testing functions
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
2023-08-17 14:20:58 +01:00
Waleed Elmelegy
5d3f315478 Add new mbedtls_pkcs5_pbe2_ext function
Add new mbedtls_pkcs5_pbe2_ext function to replace old
function with possible security issues.

Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
2023-08-17 14:20:58 +01:00
Gilles Peskine
294be94922
Merge pull request #7818 from silabs-Kusumit/PBKDF2_cmac_implementation
PBKDF2 CMAC implementation
2023-08-17 11:15:16 +00:00
Jerry Yu
f258d17acd remove aesni + padlock - plain c tests
This test is not valid for padlock depends
on plain c

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-08-17 12:39:00 +08:00
Jerry Yu
bdd96b9adf disable aesni for componets without cpu modifiers
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-08-16 17:34:27 +08:00
Gilles Peskine
d370f93898
Merge pull request #7898 from AndrzejKurek/csr-rfc822-dn
OPC UA - add support for RFC822 and DirectoryName SubjectAltNames when generating CSR's
2023-08-16 09:19:46 +00:00
Jerry Yu
506759f5ce fix build fail for via padlock test
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-08-16 17:11:22 +08:00
Jerry Yu
b6d39c2f8c Add aesni test for i386
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-08-16 16:14:02 +08:00
Kusumit Ghoderao
6c104b9b3b Modify derive output test cases and add actual output
Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>
2023-08-16 11:47:24 +05:30
Valerio Setti
307810babb analyze_outcomes: add case for "ECC+FFDH w/o BN"
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-08-16 08:01:17 +02:00
Valerio Setti
4e2f244ab4 test: add accelerated and reference test for ECC+FFDH without BN
Since most of the code in "ECC+FFDH without BN" scenario was shared
with the "ECC without BN" one, I tried to reuse part of the code in
order to avoid duplications.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-08-16 08:01:12 +02:00
Tomás González
358c6c644a Add EdDSA and XTS to the allow list
As specified in
https://github.com/Mbed-TLS/mbedtls/issues/5390#issuecomment-1669585707
EdDSA and XTS tests are legitimately never executed, so add them to
the allow list.

Signed-off-by: Tomás González <tomasagustin.gonzalezorlando@arm.com>
2023-08-14 15:46:25 +01:00
Tomás González
b401e113ff Add a flag for requiring full coverage in coverage tests
Introduce the --require-full-coverage in analyze_outcomes.py so that
when analyze_outcomes.py --require-full-coverage is called, those
tests that are not executed and are not in the allowed list issue an
error instead of a warning.

Note that it is useful to run analyze_outcomes.py on incomplete test
results, so this error mode needs to remain optional in the long
term.

Signed-off-by: Tomás González <tomasagustin.gonzalezorlando@arm.com>
2023-08-14 15:46:12 +01:00
Tomás González
07bdcc2b0d Add allow list for non-executed test cases
The allow list explicits which test cases are allowed to not be
executed when testing. This may be, for example, because a feature
is yet to be developed but the test for that feature is already in
our code base.

Signed-off-by: Tomás González <tomasagustin.gonzalezorlando@arm.com>
2023-08-14 15:46:12 +01:00
Dave Rodgman
a797f152ee
Merge pull request #8067 from paul-elliott-arm/fix_bignum_test_leak
Fix resource leak in bignum test failure case
2023-08-14 09:33:13 +01:00
Paul Elliott
6da3d83f33 Fix resource leak in test failure case
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2023-08-11 16:28:06 +01:00
Dave Rodgman
963513dba5
Merge pull request #8008 from valeriosetti/issue7756
driver-only ECC: BN.TLS testing
2023-08-11 13:51:36 +00:00
Dave Rodgman
246210e3c4 Test CT asm under valgrind
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-08-11 08:47:38 +01:00
Valerio Setti
36344cecbd ssl-opt: remove redundant requirement for RSA_C
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-08-11 09:37:14 +02:00
Tom Cosgrove
5e678fd4d2
Merge pull request #8050 from gilles-peskine-arm/all.sh-remove-crypto_full_no_cipher
Remove redundant test component component_test_crypto_full_no_cipher
2023-08-11 07:28:10 +00:00
Valerio Setti
132240f01a test: use ASAN flags for testing the accelerated TFM configuration
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-08-11 08:33:27 +02:00
Valerio Setti
f01d648677 analyze_outcome: add new check for parity for TFM configuration
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-08-11 08:33:27 +02:00
Valerio Setti
ac6d35f793 test: update components' descriptions
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-08-11 08:33:27 +02:00
Valerio Setti
52ba0e3718 test: improve accelerated TFM configuration test and add reference
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-08-11 08:33:27 +02:00
Valerio Setti
c5c4bd225e test: add component testing TFM configuration and P256M driver
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-08-11 08:33:27 +02:00
Valerio Setti
e0be95e81d analyze_outcomes: skip tests that depend on BIGNUM_C
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-08-11 06:35:23 +02:00
Valerio Setti
4f577f3e51 ssl-opt: add RSA_C requirement when RSA encryption is used in certificate
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-08-11 06:35:23 +02:00
Valerio Setti
18535c352d test: enable TLS, key exchances and ssl-opt teting in ecc_no_bignum()
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-08-11 06:33:52 +02:00
Manuel Pégourié-Gonnard
26b7c93d9d
Merge pull request #7992 from valeriosetti/issue7755
driver-only ECC: BN.x509 testing
2023-08-10 19:41:09 +00:00
Manuel Pégourié-Gonnard
54da1a69a2
Merge pull request #7578 from daverodgman/safer-ct5
Improve constant-time interface
2023-08-10 16:57:39 +00:00
Tom Cosgrove
e7700a7d0a
Merge pull request #7936 from AgathiyanB/assert-false-macro
Add TEST_FAIL macro for tests
2023-08-10 15:01:34 +00:00
Valerio Setti
3580f448eb test: solve test disparities for x509[parse/write] suites
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-08-10 14:50:43 +02:00
Valerio Setti
29c1b4d04a test: enable X509 testing in ecc_no_bignum component
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-08-10 14:50:03 +02:00
Dave Rodgman
ac69b45486 Document and test mbedtls_ct_size_if_else_0
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-08-10 12:18:13 +01:00
Dave Rodgman
98ddc01a7c Rename ...if0 to ...else_0
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-08-10 12:11:31 +01:00
Dave Rodgman
b7825ceb3e Rename uint->bool operators to reflect input types
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-08-10 11:58:18 +01:00
Gilles Peskine
f5a29a5b83 Remove redundant test component
component_test_crypto_full_no_cipher doesn't bring any extra value given the
existence of component_test_full_no_cipher.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-08-10 12:07:49 +02:00
Valerio Setti
2e0275d2a1 test: use unset-all option in config.py to optimize test code
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-08-10 07:05:47 +02:00
Valerio Setti
a8c655edb0 test: remove redundant code setting MBEDTLS_PSA_CRYPTO_CONFIG
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-08-10 07:05:47 +02:00
Valerio Setti
fe7d96cff7 test: minor optimizations to ecc_no_bignum components
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-08-10 06:43:23 +02:00
Valerio Setti
c5d85e5ead test: remove BIGNUM dependencies from pk[parse/write] suites
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-08-10 06:43:23 +02:00
Valerio Setti
9b3dbcc2e3 analyze_outcomes: skip tests that unavoidably depend on bignum
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-08-10 06:43:23 +02:00
Manuel Pégourié-Gonnard
660bbf2470 test: disable BIGNUM support on the test ecc_no_bignum component
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-08-10 06:43:23 +02:00
Manuel Pégourié-Gonnard
06aebe4995 test: disable FFDH support on the test ecc_no_bignum component
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-08-10 06:43:23 +02:00
Manuel Pégourié-Gonnard
7dccb66d49 test: disable RSA support on the test ecc_no_bignum component
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-08-10 06:43:23 +02:00
Manuel Pégourié-Gonnard
abd00d0be8 test: adding new components for testing and driver coverage analysis without BN
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-08-10 06:43:23 +02:00
Gilles Peskine
b7d577e46b Fix copypasta
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-08-09 19:48:58 +02:00
Gilles Peskine
9b8dead74a Minor readability improvement
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-08-09 19:48:42 +02:00
Paul Elliott
2f12a29cdd
Merge pull request #7896 from AgathiyanB/gitignore-generated-files-toggle
Add script to toggle ignoring generated files
2023-08-09 14:54:32 +00:00
Janos Follath
115784bd3f
Merge pull request #1040 from waleed-elmelegy-arm/development-restricted
Improve & test legacy mbedtls_pkcs5_pbe2
2023-08-09 09:43:23 +01:00
Jerry Yu
76a51b99b6 replace strings command with grep
`strings | grep` will fail some time.

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-08-09 15:56:26 +08:00
Jerry Yu
a7de78d050 improve test
- `grep '^flags' /proc/cpuino` does not work in my local machine inside script.
- `make test programs/sleftest ` causes `strings | grep ` fail.

For timebeing, I did not figure out the root cause.

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-08-08 14:28:15 +08:00
Gilles Peskine
a79256472c
Merge pull request #7788 from marekjansta/fix-x509-ec-algorithm-identifier
Fixed x509 certificate generation to conform to RFCs when using ECC key
2023-08-07 19:14:54 +00:00
Minos Galanakis
2cae936107 test_suite_ecp: Moved curve bitlenth check after quasi reduction.
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
2023-08-07 16:49:22 +01:00
Minos Galanakis
831a2e6369 test_suite_ecp: Fixed curve bit-length.
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
2023-08-07 16:45:54 +01:00
Dave Rodgman
953f2a4780
Merge pull request #7892 from AgathiyanB/fix-coverage-MBEDTLS_ECP_NIST_OPTIM-disabled
Add dependency MBEDTLS_ECP_NIST_OPTIM for ECP test
2023-08-07 14:37:08 +00:00
Dave Rodgman
4dd89310e9 Update w.r.t. test macro name changes from #6253
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-08-07 11:49:12 +01:00
Dave Rodgman
c98f8d996a
Merge branch 'development' into safer-ct5
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-08-07 11:47:35 +01:00
Jerry Yu
7802f65a28 Add negative test for aesni only
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-08-07 10:38:50 +08:00
Dave Rodgman
2ec9892f24
Merge pull request #6253 from tom-cosgrove-arm/rename-assert_compare-to-test_assert_compare
Rename test macros `ASSERT_COMPARE()`, `ASSERT_ALLOC()` and `ASSERT_ALLOC_WEAK()`
2023-08-04 13:45:10 +00:00
Jerry Yu
c935aa617b Add via padlock build test
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-08-04 16:29:05 +08:00
Jerry Yu
193cbc03fe Add aesce build test
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-08-04 09:38:37 +08:00
Dave Rodgman
003a5e1ca7
Merge pull request #1046 from Mbed-TLS/merge_3.4.1
Merge 3.4.1
2023-08-03 18:23:37 +01:00
Dave Rodgman
a0fc9987da Merge branch 'development' into merge_3.4.1
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-08-03 15:56:59 +01:00
Dave Rodgman
6f80ac4979
Merge pull request #7864 from waleed-elmelegy-arm/enforce-min-RSA-key-size
Enforce minimum key size when generating RSA key size
2023-08-03 12:57:52 +00:00
Gilles Peskine
6919546ddf Update more test dependencies when using test-ca.key
Those test cases aren't actually executed due to another typo which is
beyond the scope of this commit and will be resolved in
https://github.com/Mbed-TLS/mbedtls/pull/8029 . But update DES to AES anyway.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-08-03 12:02:14 +02:00
Jerry Yu
8a599c03fa Add aesni only test
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-08-03 17:01:02 +08:00
Jerry Yu
17a9d2e412 Add MBEDTLS_AES_USE_HADWARE_ONLY for test_aesni
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-08-03 16:14:18 +08:00
Jerry Yu
1221a31cc4 Run aes tests only for test_aesni
That can reduce time of selftest

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-08-03 16:09:07 +08:00
Jerry Yu
69dd441eb5 Remove test_aes_*
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-08-03 16:00:20 +08:00
Valerio Setti
726ffbf642 ssl-opt: don't assume TLS 1.3 usage for external tool that don't have support
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-08-03 09:15:34 +02:00
Waleed Elmelegy
d4e7fe09b3 Change tests to work on different MBEDTLS_RSA_GEN_KEY_MIN_BITS configs
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
2023-08-02 16:59:59 +00:00
Gilles Peskine
a824f8bc91 Update test dependencies when using test-ca.key
"tests/data_files/test-ca.key" is now encrypted using AES instead of DES.
Update test dependencies accordingly. This fixes `depends.py cipher_id`.

This is a partial cherry-pick of 1a4cc5e92c
(done manually because the context on the same line is different).

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-08-02 16:38:21 +02:00
Kusumit Ghoderao
6eff0b2258 Remove test vector
Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>
2023-08-02 17:22:49 +05:30
Gilles Peskine
550d147078 Bump version to 3.4.1
```
./scripts/bump_version.sh --version 3.4.1
```

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-08-02 12:50:23 +02:00
Gilles Peskine
267bee9be8
Merge pull request #7903 from valeriosetti/issue7773
Define PSA_WANT_xxx_KEY_PAIR_yyy step 2/DH
2023-08-02 10:16:44 +00:00
Gilles Peskine
50745e7e35 Update failing unit tests to use the moved data files
After upgrading certificates, some parsing unit tests are failing because
the new certificates have a different expiry date, by design. Switch those
test cases to using the moved copy of the old data (as we did in a more
systematic way in the development branch).

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-08-02 12:12:53 +02:00
Gilles Peskine
7e52921c9a Copy test certificates files from development
Copy updated test certificates and related data (keys, CSR, etc.) from
development. This replaces certificates that will expire on 2023-09-07,
causing the unit tests to fail. This also adds new data files that are not
used, and moves some files.

The replacement data is good until 2023-12-31.

The update causes some parsing unit tests to fail because the new
certificates have a different expiry date. This will be fixed in a
subsequent commit.

```
git checkout dc2d7cce02 -- tests/data_files tests/src/test_certs.h tests/src/certs.c
```

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-08-02 12:00:06 +02:00
Jerry Yu
d76ded046c fix various issues
- unnecessary command
- extra blank and empty line

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-08-02 17:44:01 +08:00
Jerry Yu
3660623e59 Rename plain c option and update comments
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-08-02 17:44:01 +08:00
Jerry Yu
3fcf2b5053 Rename HAS_NO_PLAIN_C to DONT_USE_SOFTWARE_CRYPTO
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-08-02 17:44:00 +08:00
Jerry Yu
315fd30201 Rename plain c disable option
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-08-02 17:43:59 +08:00
Jerry Yu
d767cc4106 Add accelerator only tests.
The cases with runtime detection have been
covered by `full` configuration

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-08-02 17:43:58 +08:00
Valerio Setti
5a57e2abab test: add new components for testing without ECDHE-ECDSA and TLS13
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-08-02 11:30:50 +02:00
Bence Szépkúti
9661f8ab0d
Merge pull request #7968 from gowthamsk-arm/use_earliest_latest_compilers
Use earliest latest compilers
2023-08-02 05:58:02 +00:00
Bence Szépkúti
895074e3f9
Merge pull request #8002 from valeriosetti/issue7904
PSA maximum size macro definitions should take support into account
2023-08-02 05:57:28 +00:00
Gilles Peskine
d55e451b3e
Merge pull request #7997 from yanesca/fix_new_bignum_tests
Fix new bignum tests
2023-08-01 12:09:39 +00:00
Gowtham Suresh Kumar
9da40b8927 Update default variable values for compilers
Signed-off-by: Gowtham Suresh Kumar <gowtham.sureshkumar@arm.com>
2023-07-31 23:11:18 +01:00
Dave Rodgman
926d8da47e Fix test dependency
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-07-31 17:28:26 +01:00
Dave Rodgman
3d574da6fc Revert to not enabling asm under Memsan
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-07-31 17:22:58 +01:00
Dave Rodgman
378280e57f Revert "Move constant_flow.h into the main library"
This reverts commit fd78c34e23.

Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-07-31 17:22:55 +01:00
Dave Rodgman
fd78c34e23 Move constant_flow.h into the main library
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-07-31 12:48:33 +01:00
Dave Rodgman
04a334af55 Make const-time test not depend on internal knowledge of mbedtls_ct_condition_t
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-07-31 12:48:33 +01:00
Janos Follath
2f04582d37 Move MBEDTLS_ECP_WITH_MPI_UINT to mbedtls_config.h
There is a precedent for having bigger and less mature options in
mbedtls_config.h (MBEDTLS_USE_PSA_CRYPTO) for an extended period.
Having this option in mbedtls_config.h is simpler and more robust.

Signed-off-by: Janos Follath <janos.follath@arm.com>
2023-07-31 10:57:16 +01:00
Valerio Setti
f5051efa81 test: properly size output buffer in key_agreement_fail()
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-07-31 11:35:48 +02:00
Janos Follath
f3135af159 Use config.py in all new bignum tests
This previous test is correct, as it is using make. Switch to using
config.py for robustness and consistency.

Signed-off-by: Janos Follath <janos.follath@arm.com>
2023-07-31 10:07:57 +01:00
Janos Follath
82823b2fe8 Fix new bignum tests
These tests weren't working, because they use CMake and can't pass
options with CFLAGS directly. This could be mitigated by adding a CMake
option, but using config.py is less invasive and it is what we normally
use for setting build options anyway.

Signed-off-by: Janos Follath <janos.follath@arm.com>
2023-07-31 10:01:47 +01:00
Xiaokang Qian
d0657b0015 ecp_mod_p448 has been moved to ecp_mod_p_generic_raw, remove here
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2023-07-31 06:46:28 +00:00
Xiaokang Qian
e25597dad7 Make ecp_mode_xxx functions depend on the new macro
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2023-07-31 06:46:28 +00:00
Dave Rodgman
2b174abd86 code style
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-07-28 18:29:41 +01:00