Commit graph

7000 commits

Author SHA1 Message Date
Ronald Cron
d28f5a98f1 ssl-opt.sh: Add certificate key usage tests for TLS 1.3
Those are adaptations of the already existing
TLS 1.2 tests. It is not really possible to just
remove the TLS 1.2 dependency of the existing tests
because of the following:
. in TLS 1.3 the ciphersuite selection on server
  side is not related to the server certificate
. for tests involving OpenSSL the OpenSSL command line
  as to be adapted to TLS 1.3
. server authentication is mandatory in TLS 1.3
. a key with KeyEncipherment and not DigitalSignature
  usage is never acceptable

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-06-17 08:46:27 +02:00
Ronald Cron
ca3c6a5698
Merge pull request #5817 from xkqian/tls13_add_server_name
Tls13 add server name
2022-06-16 08:30:09 +02:00
Gilles Peskine
6194053feb ASN.1: test that we can parse what we can write
In asn1_write tests, when there's a parsing function corresponding to the
write function, call it and check that it can parse what we wrote.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-06-15 21:17:25 +02:00
Gilles Peskine
b7e215f6bc Fix copypasta in test data
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-06-15 21:16:42 +02:00
Andrzej Kurek
ca35f5bed0 test_suite_ssl: Use a zero fragment offset in a test with a too short record
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-06-15 07:19:40 -04:00
Ronald Cron
4ccd226cbf
Merge pull request #5864 from xkqian/tls13_add_comprehensive_cases
Tls13 add comprehensive cases
2022-06-15 09:18:11 +02:00
Przemek Stekiel
6c9fd61565 exercise_key_agreement_key: add special handling for HKDF_EXPAND
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-06-14 14:41:42 +02:00
Andrzej Kurek
7cf872557a Rearrange the session resumption code
Previously, the transforms were populated before extension
parsing, which resulted in the client rejecting a server
hello that contained a connection ID.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-06-14 08:26:19 -04:00
Przemek Stekiel
d898745f70 exercise_key_agreement_key: provide SALT for HKDF_EXTRACT
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-06-14 11:41:52 +02:00
XiaokangQian
3ed16231ab Refine server side SNI test cases
Change-Id: Icdc91ed382e81702e3b46645d3ce3534e62d4a13
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-06-14 08:24:04 +00:00
Jerry Yu
b7c12a466f Refactor compat scripts
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-06-12 20:53:02 +08:00
Gilles Peskine
2c2730a372 ASN.1 write tests: test with larger buffer
Test with the output buffer size up to *and including* the expected output
size plus one. `... < expected->len + 1` was evidently a mistake.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-06-10 20:15:44 +02:00
Gilles Peskine
321a08944b Fix bug whereby 0 was written as 0200 rather than 020100
0200 is not just non-DER, it's completely invalid, since there has to be a
sign bit.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-06-10 20:13:33 +02:00
Gilles Peskine
c9a30fba74 Add MPI write tests when the MPI object has a leading zero limb
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-06-10 20:13:07 +02:00
Gilles Peskine
0ab804a794 Fix mismatch between test data and test description
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-06-10 20:12:25 +02:00
Gilles Peskine
d8579b7673 Uncomment mbedtls_asn1_write_mpi tests with leading 1 bit
mbedtls_asn1_write_mpi() correctly handles the sign bit, so there's no
reason not to test that it's handled correctly.

Fix copypasta in test data that was commented out.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-06-10 20:10:37 +02:00
XiaokangQian
9b938b7c37 Share code with base class in generate_tls13_compat_tests.py
Change-Id: I4540bdff7072cdb9bcc9fdb0799c4165ca381b2a
CustomizedGitHooks: yes
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-06-10 07:06:32 +00:00
XiaokangQian
fb1a3fe7f3 Address comments about python syntax
CustomizedGitHooks: yes
Change-Id: I5c4d39789df802d0b839061ce8c59ad241917d0b
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-06-10 02:27:52 +00:00
Gilles Peskine
ae25bb043c Fix null pointer dereference in mpi_mod_int(0, 2)
Fix a null pointer dereference when performing some operations on zero
represented with 0 limbs: mbedtls_mpi_mod_int() dividing by 2, or
mbedtls_mpi_write_string() in base 2.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-06-09 19:32:46 +02:00
XiaokangQian
b1847a234e Re-structure to share more common code
Change-Id: I5034485f7511238d083c2725fbef8818d33ffb07
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-06-09 02:53:23 +00:00
Andrzej Kurek
ed4d217874 Add missing test dependencies for cookie parsing
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-06-08 11:57:57 -04:00
Andrzej Kurek
078e9bcda6 Add the mbedtls prefix to ssl_check_dtls_clihlo_cookie
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-06-08 11:47:33 -04:00
Paul Elliott
271c3052fb
Merge pull request #5892 from AndrzejKurek/ssl-opt-client-kill-fix
Fix a bug with executing ssl-client2 in ssl-opt.sh in a subshell
2022-06-08 14:27:01 +01:00
Dave Rodgman
11930699f1
Merge pull request #5827 from wernerlewis/time_utc
Use ASN1 UTC tags for dates before 2000
2022-06-08 13:54:19 +01:00
Paul Elliott
5f2bc754d6
Merge pull request #5792 from yuhaoth/pr/add-tls13-moving-state-tests
Pr/add-tls13-moving-state-tests
2022-06-08 13:39:52 +01:00
XiaokangQian
96287d98d8 Remove the certificate key check against the received signature
Change-Id: I07d8d46c58dec499f96cb7307fc0af15149d9df7
CustomizedGitHooks: yes
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-06-08 08:37:53 +00:00
XiaokangQian
9850fa8e8d Refine ssl_tls13_pick_cert()
Change-Id: I5448095e280d8968b20ade8b304d139e399e54f1
CustomizedGitHooks: yes
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-06-08 07:02:41 +00:00
Przemek Stekiel
b088a900f4 test_suite_psa_crypto_storage_format: disable KA(ECDH,HKDF_EXTRACT/EXPAND...) test cases
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-06-07 15:34:18 +02:00
Przemek Stekiel
d9e1287e64 crypto_config_test_driver_extension.h add HKDF_EXTRACT/EXPAND algs
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-06-07 14:19:39 +02:00
XiaokangQian
23c5be6b94 Enable SNI test for both tls12 and tls13
Change-Id: Iae5c39668db7caa1a59d7e67f226a5286d91db22
CustomizedGitHooks: yes
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-06-07 09:43:13 +00:00
Ronald Cron
00e5eaad62 test: ssl: Remove more TLS 1.2 dependencies in handshake state tests
That way the concerned tests are also run in the
TLS 1.3 only configuration where a TLS 1.3
handshake is performed.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-06-07 11:14:01 +02:00
Ronald Cron
bdddaef9bb test: ssl: Enable client authentication in handshake state tests
The endpoint initialization function was setting up
a certificate but the client certificate was not
used because client authentication was not enabled
(not enabled in the default SSL server configuration).

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-06-07 11:13:49 +02:00
Dave Rodgman
4b55a89327
Merge pull request #5887 from tom-daubney-arm/mbedtls_x509_crt_ext_types_accessor
Add accessor for x509 certificate extension types
2022-06-06 21:51:38 +01:00
Andrzej Kurek
cfb01948c8 Add cookie parsing tests to test_suite_ssl
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-06-06 15:29:15 -04:00
Andrzej Kurek
140b589ec6 Fix a bug with executing ssl-client2 in ssl-opt.sh in a subshell
When executing eval in the background, the next "$!" gives the
eval PID, not the ssl-client2 pid. This causes problems when
a client times out and the script tries to kill it. Instead, it
kills the parent eval call.
This caused problems with subsequent proxy tests receiving
old packets from a client from a previous test.
Moving the "&" to inside the eval call fixes the problem.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-06-06 15:02:36 -04:00
Thomas Daubney
5c9c2ce86d Add correct test dependencies
Functions called within the test mean that MBEDTLS_X509_CRT_PARSE_C
is a test dependency and so is declared in this commit.

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
2022-06-06 16:36:43 +01:00
Thomas Daubney
a5f39e0ec2 Move accessor definition
Move the definition of the accessor so that it is not defined
within the MBEDTLS_X509_CRT_WRITE_C guards. Thus remove the
dependency from the test and test cases.

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
2022-06-06 15:42:32 +01:00
Przemek Stekiel
221391b3d2 generate_psa_tests.py: REVERT adapt OpFail test generator for HKDF-Exract/Expand algs
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-06-06 11:26:43 +02:00
Przemek Stekiel
66867731aa derive_output tests: fix output key length to be consistent with teh description
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-06-06 11:26:02 +02:00
Przemek Stekiel
cde3f783f5 Make info valid only after secret for HKDF-EXPAND + adapt tests
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-06-06 11:26:02 +02:00
Przemek Stekiel
0586f4c4ea Make salt mandatory for HKDF-EXTRACT + adapt tests
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-06-06 11:25:43 +02:00
Jerry Yu
6994e3e0c2 fix various issues
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-06-06 11:50:49 +08:00
Przemek Stekiel
0e99391afe derive_output test: fix output key bit length
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-06-03 16:18:15 +02:00
Przemek Stekiel
3e8249cde0 Add PSA_WANT_ALG_HKDF_EXPAND, PSA_WANT_ALG_HKDF_EXTRACT, adapt code and dependencies
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-06-03 16:18:15 +02:00
Przemek Stekiel
f0f0bd068b test_suite_psa_crypto_metadata: add test cases for the HKDF-Extract/Expand algorithms
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-06-03 16:18:15 +02:00
XiaokangQian
129aeb9b0e Update test cases and support sni ca override
Change-Id: I6052acde0b0ec1c25537f8dd81a35562da05a393
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-06-02 09:29:18 +00:00
Werner Lewis
acd01e58a3 Use ASN1 UTC tags for dates before 2000
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
2022-06-01 16:24:28 +01:00
Jerry Yu
f2d32e6c3d fix tls13_only test fail
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-06-01 18:05:18 +08:00
Thomas Daubney
3ff4fc6997 Add test data
Add two test cases for accessor test. One test where desired
ext type is presentent and the other of when the ext type is
not present.

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
2022-06-01 10:23:50 +01:00
Thomas Daubney
bd5466ab7e Add test for accessor
Add test logic for accessor.

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
2022-06-01 10:23:50 +01:00
Jerry Yu
7bf3358a2d Remove duplicated tests
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-06-01 16:55:17 +08:00
Jerry Yu
1443537da3 fix test fail when WANT_READ/WRITE returned
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-06-01 15:53:31 +08:00
XiaokangQian
f4f0f6961a Enable requires_openssl_tls1_3 in sni test cases
Change-Id: I71fbabe0b2ff80d5f1f15ae7df2b048503ccf965
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-06-01 00:42:27 +00:00
XiaokangQian
ac41edfc5e Enable requires_gnutls_tls1_3 in sni test cases
Change-Id: Iea18f4e6a6b4c6b90612b43a5bcd396cdd506335
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-05-31 13:22:13 +00:00
Jerry Yu
66537f40b6 fix certificate request fail
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-05-31 19:53:05 +08:00
Jerry Yu
1e7c438b67 remove tls1.3 dependancy
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-05-31 19:51:38 +08:00
Gilles Peskine
09858ae664
Merge pull request #5813 from mprse/deprecate_mbedtls_cipher_setup_psa
Deprecate mbedtls_cipher_setup_psa()
2022-05-31 10:56:52 +02:00
XiaokangQian
2ccd97b8ef Change test case name to sni
Change-Id: I8f6e68deab71cc49741cbdf233cf876e29683db9
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-05-31 08:30:17 +00:00
Jerry Yu
66adf3155c Update comments
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-05-31 15:23:29 +08:00
Jerry Yu
df0a71a0b0 Add handshake version test
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-05-31 15:06:04 +08:00
Jerry Yu
b3d86de3ea fix hanshake wrapup fail
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-05-31 15:06:04 +08:00
Jerry Yu
df65b66003 Add handshake over test
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-05-31 15:06:04 +08:00
Jerry Yu
85e5c81c37 fix check test cases fail
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-05-31 15:06:04 +08:00
Jerry Yu
d9d049d180 revert dbg config
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-05-31 15:06:04 +08:00
Jerry Yu
d8c57feaf9 Add moving state test for TLS1.3
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-05-31 15:06:04 +08:00
Jerry Yu
023ff7acb1 Move dependes_on of move handshakes state
Prepare share move_handshake_state function with
TLSv1.3

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-05-31 15:06:04 +08:00
XiaokangQian
d5d5b60c07 Add comprehensive test cases for TLS1.3 server side
Change-Id: I544cb12b3ffe5edd7d59fa54342ca7db5b5c8a2a
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-05-31 02:51:26 +00:00
XiaokangQian
f2a942073e Fix SNI test failure
Change-Id: Id3fce36af9bc52cac858b473168451945aa974f4
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-05-30 08:07:16 +00:00
XiaokangQian
40a3523eb7 Add support of server name extension to server side
Change-Id: Iccf5017e306ba6ead2e1026a29f397ead084cc4d
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-05-30 08:07:16 +00:00
XiaokangQian
9a4e1dd8a6 Add back openssl client auth test
Change-Id: Iea3b70381c3851102c542d1c55c0303bc3a14a92
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-05-26 00:58:11 +00:00
XiaokangQian
aca9048b5f Change base on review
Fix comments
Add test cases for client authentication with empty certificate

Change-Id: Id8a741ddd997ca92e36832f26088eb0e67830ad8
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-05-26 00:47:11 +00:00
XiaokangQian
c3017f620f Remove useless guards and refine checking
Change-Id: I9cd3073826fc65c203e479d83bed72331ff8963d
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-05-26 00:47:10 +00:00
XiaokangQian
189ded2b07 Remove coordinate functions and change state machine in server side
Change-Id: Id4abf78f493e77afc289409db691c9c61acde1d2
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-05-26 00:46:13 +00:00
Paul Elliott
8fba70f66c
Merge pull request #5749 from yuhaoth/pr/add-tls13-finished-message-and-wrapup
TLS 1.3: Add Finished Message and wrapup
2022-05-25 12:02:06 +01:00
Jerry Yu
5491f857d2 skip openssl client auth test
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-05-23 22:36:16 +08:00
Jerry Yu
090378c685 change exit code of cli auth test
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-05-23 21:03:52 +08:00
Manuel Pégourié-Gonnard
69e348db85
Merge pull request #5833 from superna9999/5826-create-mbedtls-pk-can-do-psa
Permissions 1: create `mbedtls_pk_can_do_ext()`
2022-05-23 10:58:32 +02:00
Jerry Yu
7eaadae941 fix no x509 info fail.
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-05-23 16:17:25 +08:00
Neil Armstrong
c661ff51c9 Fix pk_can_do_ext tests with non-opaque keys
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-05-20 09:49:04 +02:00
Neil Armstrong
5c5b116a49 Add pk_can_do_ext test for non-opaque keys
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-05-19 18:07:53 +02:00
Paul Elliott
4283a6b121
Merge pull request #5736 from gilles-peskine-arm/psa-raw_key_agreement-buffer_too_small
Make psa_raw_key_agreement return BUFFER_TOO_SMALL
2022-05-19 16:06:02 +01:00
Przemek Stekiel
476d9c45b8 Use MBEDTLS_TEST_DEPRECATED only in tests
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-05-19 14:11:06 +02:00
Przemek Stekiel
fcdd023ba6 derive_output tests: add invalid input secret test for HKDF-Expand
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-05-19 10:28:58 +02:00
Manuel Pégourié-Gonnard
6ab65e28cf
Merge pull request #5842 from mprse/decrypt_tests
RSA decrypt 2: TLS 1.2 integration testing
2022-05-18 12:58:50 +02:00
Jerry Yu
36becb1b81 update hrr tests
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-05-18 09:58:48 +08:00
Jerry Yu
a7abc5eaa8 fix ci test fails
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-05-18 09:58:48 +08:00
Jerry Yu
155493d4f5 fix openssl test fail.
different version openssl client return
different output. remove string check
to workaround it

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-05-18 09:58:48 +08:00
Jerry Yu
6622049bcc test:add state check
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-05-18 09:58:48 +08:00
Jerry Yu
4d8567fa9e fix various issues
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-05-18 09:58:48 +08:00
Gilles Peskine
42ed963c72 Update PSA compliance test branch
Update to a branch with a fix for the test case
"expected error for psa_raw_key_agreement - Small buffer size"
since we just fixed the corresponding bug.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-05-17 17:23:09 +02:00
Paul Elliott
a478441517
Merge pull request #5748 from yuhaoth/pr/add-tls13-write-certificate-and-verify
TLS1.3:Add Certificate and CertificateVerify message on Server Side
2022-05-17 15:47:36 +01:00
Neil Armstrong
8eb0afb726 Remove duplicate pk_can_do_ext test
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-05-17 14:58:11 +02:00
Neil Armstrong
408f6a60a3 Add usage parameter to mbedtls_pk_can_do_ext()
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-05-17 14:23:20 +02:00
Neil Armstrong
434d4eb74f Remove invalid comments in pk_can_do_ext()
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-05-17 11:58:22 +02:00
Gilles Peskine
7be11a790d Use TEST_LE_U in some places where it applies
Systematically replace "TEST_ASSERT( $x <= $y )" by "TEST_LE_U( $x, $y )" in
test_suite_psa_crypto. In this file, all occurrences of this pattern are
size_t so unsigned.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-05-16 19:37:53 +02:00
Gilles Peskine
d1465429a2 New test helper macros TEST_LE_U, TEST_LE_S
Test assertions for integer comparisons that display the compared values on
failure. Similar to TEST_EQUAL.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-05-16 19:33:11 +02:00
Gilles Peskine
3ff25443c8 Separate the validation of the size macros and of the function
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-05-16 19:33:11 +02:00
Gilles Peskine
d4a258a08f Improve PSA_RAW_KEY_AGREEMENT_OUTPUT_SIZE validation
We want to check:
1. actual output <= PSA_RAW_KEY_AGREEMENT_OUTPUT_SIZE (the output fits
   if the caller uses the key-specific buffer size macro)
2. actual output <= PSA_RAW_KEY_AGREEMENT_OUTPUT_MAX_SIZE (the output fits
   if the caller uses the generic buffer size macro)
3. PSA_RAW_KEY_AGREEMENT_OUTPUT_SIZE <= PSA_RAW_KEY_AGREEMENT_OUTPUT_MAX_SIZE
   (consistency in the calculation)

We were only testing (1) and (2). Test (3) as well. (1) and (3) together
imply (2) so there's no need to test (2).

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-05-16 19:33:11 +02:00
Gilles Peskine
992bee8b6e Test psa_raw_key_agreement with a larger/smaller buffer
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-05-16 19:33:11 +02:00
Przemek Stekiel
8da6da3da2 ssl-opt.sh: add test of RSA Opaque keys with TLS 1.2 server for decryption
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-05-16 14:37:50 +02:00
Gilles Peskine
9b7e29663f
Merge pull request #4211 from ccawley2011/mingw
Fix compilation with MinGW32
2022-05-16 12:30:37 +02:00
Przemek Stekiel
e58ca8bb5e Add MBEDTLS_TEST_DEPRECATED dependency
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-05-13 15:48:41 +02:00
Jerry Yu
b89125b81a Add test without server certificate
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-05-13 15:50:04 +08:00
Przemek Stekiel
61922d1328 Fix mbedtls_cipher_setup_psa() dependencies in tests
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-05-12 13:51:51 +02:00
Manuel Pégourié-Gonnard
1cd4f6a873
Merge pull request #5794 from mprse/cipher_dep
Fix undeclared dependencies: CIPHER
2022-05-12 13:09:04 +02:00
Manuel Pégourié-Gonnard
4014a0408e
Merge pull request #5617 from gilles-peskine-arm/chacha20-rfc7539-test-vector
PSA: ChaCha20: add RFC 7539 test vector with counter=1
2022-05-12 12:34:20 +02:00
Neil Armstrong
ce1d2397d2 Add tests for mbedtls_pk_can_do_ext() in test_suite_pktest_suite_pk
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-05-12 11:53:02 +02:00
Przemek Stekiel
da5f483ad8 all.sh: Fix order of CIPHER dependencies
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-05-12 10:42:20 +02:00
Przemek Stekiel
179d74831f all.sh: add build/test config crypto_full minus CIPHER
Dependency list:

- ['MBEDTLS_CIPHER_C']
- ['MBEDTLS_CMAC_C', 'MBEDTLS_NIST_KW_C', 'MBEDTLS_PKCS12_C', 'MBEDTLS_PKCS5_C', 'MBEDTLS_CCM_C', 'MBEDTLS_GCM_C', 'MBEDTLS_PSA_CRYPTO_C']
- ['MBEDTLS_PSA_CRYPTO_SE_C', 'MBEDTLS_PSA_CRYPTO_STORAGE_C', 'MBEDTLS_USE_PSA_CRYPTO']

Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-05-12 10:42:20 +02:00
Przemek Stekiel
10f3a601b4 all.sh: add build/test config full minus CIPHER
Dependency list:
- ['MBEDTLS_CIPHER_C']
- ['MBEDTLS_CMAC_C', 'MBEDTLS_NIST_KW_C', 'MBEDTLS_PKCS12_C', 'MBEDTLS_PKCS5_C', 'MBEDTLS_CCM_C', 'MBEDTLS_GCM_C', 'MBEDTLS_PSA_CRYPTO_C', 'MBEDTLS_SSL_TLS_C', 'MBEDTLS_SSL_TICKET_C']
- ['MBEDTLS_PSA_CRYPTO_SE_C', 'MBEDTLS_PSA_CRYPTO_STORAGE_C', 'MBEDTLS_SSL_PROTO_TLS1_3', 'MBEDTLS_SSL_CLI_C', 'MBEDTLS_SSL_SRV_C', 'MBEDTLS_SSL_DTLS_ANTI_REPLAY', 'MBEDTLS_SSL_DTLS_CONNECTION_ID', 'MBEDTLS_USE_PSA_CRYPTO']

Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-05-12 10:42:20 +02:00
Jerry Yu
c450566b85 Update client auth tests
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-05-12 14:44:59 +08:00
Jerry Yu
c8bdbf72d3 test:add state check for certificate and verify
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-05-12 14:44:59 +08:00
Dave Rodgman
3009a97e00 Minor spelling / grammar improvements
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2022-05-11 21:25:54 +01:00
Andrzej Kurek
5c65c5781f Fix additional misspellings found by codespell
Remaining hits seem to be hex data, certificates,
and other miscellaneous exceptions.
List generated by running codespell -w -L 
keypair,Keypair,KeyPair,keyPair,ciph,nd

Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-05-11 21:25:54 +01:00
Shaun Case
8b0ecbccf4 Redo of PR#5345. Fixed spelling and typographical errors found by CodeSpell.
Signed-off-by: Shaun Case <warmsocks@gmail.com>
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2022-05-11 21:25:51 +01:00
Przemek Stekiel
398c503f6f generate_psa_tests.py: adapt OpFail test generator for HKDF-Exract/Expand algs
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-05-11 14:05:40 +02:00
Przemek Stekiel
6786a87ccd derive_output tests: add capacity HKDF-Extract/Expand tests
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-05-11 12:40:21 +02:00
Przemek Stekiel
2849e0e4d5 derive_output tests: add negative HKDF-Extract/Expand tests
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-05-11 12:38:01 +02:00
Przemek Stekiel
e1036fbe90 derive_output tests: add positive HKDF-Extract/Expand tests
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-05-11 12:34:53 +02:00
Przemek Stekiel
ead1bb9987 derive_output test: Adapt for HKDF-Extract/Expand algs
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-05-11 12:22:57 +02:00
Manuel Pégourié-Gonnard
5479f5321a
Merge pull request #5772 from superna9999/5762-rsa-decrypt-pk
RSA decrypt 1a: PK
2022-05-11 11:01:01 +02:00
Neil Armstrong
814562afaa Switch last TEST_ASSERT() in TEST_EQUAL() in pk_wrap_rsa_decrypt_test_vec()
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-05-11 09:29:57 +02:00
Paul Elliott
d1a954d243
Merge pull request #5707 from yuhaoth/pr/add-tls13-write-hello-retry-request
TLS1.3: Add  HelloRetryRequest Write
2022-05-10 17:25:33 +01:00
Cameron Cawley
ea5496ceb3 Fix compilation with MinGW32
Signed-off-by: Cameron Cawley <ccawley2011@gmail.com>
2022-05-10 13:46:09 +01:00
Manuel Pégourié-Gonnard
42650260a9
Merge pull request #5783 from mprse/md_dep_v3
Fix undeclared dependencies: MD
2022-05-10 10:41:32 +02:00
Manuel Pégourié-Gonnard
9bbb7bacae
Merge pull request #5791 from superna9999/5788-unify-non-opaque-and-opaque-psks
Unify non-opaque and opaque PSKs
2022-05-09 10:15:16 +02:00
Jerry Yu
ede50ea891 move hrr tests
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-05-09 15:49:09 +08:00
Jerry Yu
23f7a6fc5c share write_body between HRR and ServerHello
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-05-09 15:49:01 +08:00
Jerry Yu
cb03677f85 add hrr test
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-05-09 15:48:59 +08:00
XiaokangQian
a987e1d2f8 Change state machine after encrypted extension and update cases
Change-Id: Ie84a2d52a08538afb8f6096af0c054bd55ed66cb
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-05-07 01:37:04 +00:00
XiaokangQian
45c22201b3 Update test cases and encrypted extension state set
Change-Id: Ie1acd10b61cefa9414169b276a0c5c5ff2f9eb79
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-05-07 01:37:04 +00:00
XiaokangQian
2f150e184f Update status and add test cases for client certificate request
Change-Id: If9b9672540d2b427496b7297aa484b8bcfeb75c5
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-05-07 01:37:04 +00:00
Ronald Cron
25b1f5d2b7
Merge pull request #5545 from xffbai/tls13-write-enc-ext
TLS1.3: add writing encrypted extensions on server side.
2022-05-06 13:54:45 +02:00
Przemek Stekiel
d3ba7367c9 component_test_crypto_full_no_md: fix order of disabled features
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-05-06 11:41:56 +02:00
Przemek Stekiel
fe2367af26 all.sh: add build/test config crypto_full minus MD
Dependeny list:
- ['MBEDTLS_MD_C']
- ['MBEDTLS_ECJPAKE_C', 'MBEDTLS_PKCS5_C', 'MBEDTLS_PKCS12_C', 'MBEDTLS_PKCS1_V15', 'MBEDTLS_PKCS1_V21', 'MBEDTLS_HKDF_C', 'MBEDTLS_HMAC_DRBG_C', 'MBEDTLS_PK_C']
- ['MBEDTLS_ECDSA_DETERMINISTIC', 'MBEDTLS_PK_PARSE_C', 'MBEDTLS_PK_WRITE_C', 'MBEDTLS_RSA_C']

Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-05-05 12:09:03 +02:00
Przemek Stekiel
1068c224a4 Adapt generated psa no_supported tests for HMAC
Remove no_supported HMAC generate/import tests when !PSA_KEY_TYPE_HMAC as HMAC key creation works regardless of PSA_WANT_KEY_TYPE_HMAC.

Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-05-05 12:09:03 +02:00
Przemek Stekiel
cd204992f2 Fix dependencies in tests
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-05-05 12:09:03 +02:00
Werner Lewis
e59a531455 Fix memcpy() UB in mbedtls_asn1_named_data()
Removes a case in mbedtls_asn1_named_data() where memcpy() could be
called with a null pointer and zero length. A test case is added for
this code path, to catch the undefined behavior when running tests with
UBSan.

Signed-off-by: Werner Lewis <werner.lewis@arm.com>
2022-05-04 11:45:06 +01:00
Neil Armstrong
cd05f0b9e5 Drop skip PMS generation for opaque XXX-PSK now Opaque PSA key is always present when MBEDTLS_USE_PSA_CRYPTO selected
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-05-04 11:08:41 +02:00
Neil Armstrong
4c3b4e079c Initialize & free PSA in test_multiple_psks()
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-05-04 11:08:41 +02:00
Jerry Yu
7c0da07445 Update state check
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-05-03 15:08:54 +08:00
Neil Armstrong
b32ae72e27 Add PK Opaque RSA decrypt tests
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-05-02 09:14:58 +02:00
Manuel Pégourié-Gonnard
068a13d909
Merge pull request #5771 from superna9999/5761-rsa-decrypt-rework-pk-wrap-as-opaque
RSA decrypt 0: Rework `mbedtls_pk_wrap_as_opaque()`
2022-05-02 09:06:49 +02:00
Manuel Pégourié-Gonnard
67397fa4fd
Merge pull request #5704 from mprse/mixed_psk_2cx
Mixed PSK 2a, 2b, 2c: enable client/server support opaque RSA-PSK, ECDHE-PSK, DHE-PSK
2022-04-29 10:47:16 +02:00
Gilles Peskine
310294f06a
Merge pull request #5759 from tom-daubney-arm/correct_x509_flag_parse_tests
Set flag to proper value in x509 parse tests
2022-04-28 18:27:36 +02:00
Gilles Peskine
2b5d898eb4
Merge pull request #5644 from gilles-peskine-arm/psa-storage-format-test-exercise
PSA storage format: exercise key
2022-04-28 18:20:02 +02:00
Gilles Peskine
038108388a
Merge pull request #5654 from gilles-peskine-arm/psa-crypto-config-file
Support alternative MBEDTLS_PSA_CRYPTO_CONFIG_FILE
2022-04-28 18:17:50 +02:00
Gilles Peskine
4098083ed4
Merge pull request #5745 from superna9999/5712-pk-opaque-rsa-pss-sign-tls
RSA-PSS sign 2: TLS 1.3 integration testing
2022-04-28 18:16:44 +02:00
Neil Armstrong
95974974d2 Update mbedtls_pk_wrap_as_opaque() usage in PK & X509write tests
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-04-28 13:27:59 +02:00
Manuel Pégourié-Gonnard
ad47487e25
Merge pull request #5742 from superna9999/5669-review-test-incompatible-psa
Fixup or re-enable tests with Use PSA
2022-04-28 09:57:13 +02:00
Neil Armstrong
98136b14e0 Fixup and update comment of disabled USE_PSA_CRYPTO test check in all.sh
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-04-27 10:00:42 +02:00
Neil Armstrong
1c9eb722fd Update PSA specific comment in pk_rsa_verify_ext_test_vec()
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-04-25 14:38:18 +02:00
Jerry Yu
cef55dbd6a ssl-opt: add state check
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-04-25 19:41:47 +08:00
Ronald Cron
eecd0d2fc3
Merge pull request #5679 from yuhaoth/pr/add-tls13-write-server-hello 2022-04-25 09:28:40 +02:00
Ronald Cron
a828f4d89c
Merge pull request #5684 from tom-daubney-arm/M-AEAD_decrypt_driver_dispatch_test
M aead decrypt driver dispatch test
The internal CI "merge TLS testing" ran successfully, CI is OK.
2022-04-23 12:10:21 +02:00
Neil Armstrong
882e02ea7a Move and fixup check_test_requires_psa_disabled() into check_test_cases()
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-04-22 16:53:07 +02:00
Neil Armstrong
6e6967f6a0 Reorganize PSA INVALID_PADDING handling for test #5 in pk_rsa_verify_ext_test_vec()
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-04-22 16:46:24 +02:00
Gilles Peskine
eef30bcea1
Merge pull request #5755 from mpg/ecdsa-range-test
Expand negative coverage of ECDSA verification
2022-04-22 16:43:44 +02:00
Jerry Yu
955ddd75a3 fix various issues
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-04-22 22:27:33 +08:00
Przemek Stekiel
85d46fe6cf ssl-opt.sh: add tests for clent/server psa opaque dhe-psk key exchange
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-04-22 14:54:33 +02:00
Przemek Stekiel
b6a0503dda ssl-opt.sh: add tests for clent/server psa opaque ecdhe-psk key exchange
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-04-22 14:53:55 +02:00
Przemek Stekiel
b270b56372 ssl-opt.sh: add tests for server psa opaque rsa-psk key exchange
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-04-22 14:52:28 +02:00
Przemek Stekiel
8e0495e0f4 ssl-opt.sh: add tests for client psa opaque rsa-psk key exchange
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-04-22 14:52:28 +02:00
Manuel Pégourié-Gonnard
60d83f0126
Merge pull request #5710 from superna9999/5627-pk-opaque-rsa-x509
RSA sign 3a: X.509 integration testing
2022-04-22 14:29:23 +02:00
Thomas Daubney
7d063f6467 Adds comments for clarification
Adds two comments to clarify 1) why an offset is used
in the call to psa_aead_verify() and 2) why the test of
.hits_finish is always 0 in this test case.

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
2022-04-22 11:36:07 +01:00
Jerry Yu
8b9fd374b8 Add P_CLI test to easy debug
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-04-22 16:45:01 +08:00
Jerry Yu
abf20c7564 add state check
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-04-22 16:45:01 +08:00
Ronald Cron
38b8aa4f63
Merge pull request #5539 from xkqian/add_client_hello_to_server
Add client hello into server side
2022-04-22 10:26:00 +02:00
Neil Armstrong
7f6f672d7e Add Opaque PK test case for TLS 1.3
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-04-22 10:23:10 +02:00
Manuel Pégourié-Gonnard
21f82c7510
Merge pull request #5709 from superna9999/5625-pk-opaque-rsa-tls12
RSA sign 3b: TLS 1.2 integration testing
2022-04-22 10:05:43 +02:00
Neil Armstrong
e6ed23cb90 Fix typo in x509_crt_check() comment
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-04-22 09:44:04 +02:00
XiaokangQian
e8ff350698 Update code to align with tls13 coding standard
Change-Id: I3c98b7d0db63aecc712a67f4e8da2cb9945c8f17
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-04-22 02:34:40 +00:00
Manuel Pégourié-Gonnard
70701e39b5
Merge pull request #5726 from mprse/mixed_psk_1_v2
Mixed PSK 1: Extend PSK-to-MS algorithm in PSA (v.2)
2022-04-21 17:11:52 +02:00
Manuel Pégourié-Gonnard
90c70146b5
Merge pull request #5728 from superna9999/5711-pk-opaque-rsa-pss-sign
RSA-PSS sign 1: PK
2022-04-21 17:11:18 +02:00
Gilles Peskine
9d8716c5aa
Merge pull request #5739 from gilles-peskine-arm/depends-curves-positive-only
Don't test with all-but-one elliptic curves
2022-04-21 12:34:44 +02:00
Neil Armstrong
843795ad2f Use macro for public key buffer size in pk_psa_wrap_sign_ext()
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-04-21 12:23:28 +02:00
Gilles Peskine
afbfed9397
Merge pull request #5582 from gilles-peskine-arm/ssl-opt-auto-psk
Run ssl-opt.sh in more reduced configurations
2022-04-21 12:03:53 +02:00
Przemek Stekiel
4e47a91d2e Fix indentation issues
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-04-21 11:53:57 +02:00
Przemek Stekiel
4daaa2bd05 derive_output mix-psk test: add more cases for derivation of output key
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-04-21 11:53:57 +02:00
Przemek Stekiel
6aabc473ce derive_output test: remove redundant tests with raw key agreement
Already handled by input_bytes().
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-04-21 11:53:57 +02:00
Przemek Stekiel
e665466a80 derive_output test: add other key type value 11 to handle raw key type
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-04-21 11:53:57 +02:00
Przemek Stekiel
c5bd1b8b24 PSA key derivation mix-psk tests: add description for bad state cases
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-04-21 11:53:57 +02:00
Przemek Stekiel
38647defa8 derive_output() test: fix code style
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-04-21 11:53:57 +02:00
Przemek Stekiel
cd00d7f724 test PSA key derivation: add positive and negative cases for mixed-psk
Mix-PSK-to-MS test vectors are generated using python-tls library:
https://github.com/python-tls/tls

Steps to generate test vectors:
1. git clone git@github.com:python-tls/tls.git
2. cd tls
3. python3 setup.py build
4. sudo python3 setup.py install
5. Use the python script below to generate Master Secret (see description for details):

"""
Script to derive MS using mixed PSK to MS algorithm.

Script can be used to generate expected result for mixed PSK to MS tests.

Script uses python tls library:
https://github.com/python-tls/tls

Example usage:
derive_ms.py <secret> <other_secret> <seed> <label> <hash>
derive_ms.py 01020304 ce2fa604b6a3e08fc42eda74ab647adace1168b199ed178dbaae12521d68271d7df56eb56c55878034cf01bd887ba4d7 5bc0b19b4a8b24b07afe7ec65c471e94a7d518fcef06c3574315255c52afe21b5bc0b19b872b9b26508458f03603744d575f463a11ae7f1b090c012606fd3e9f 6d617374657220736563726574 SHA256

secret          : 01020304
other_secret    : ce2fa604b6a3e08fc42eda74ab647adace1168b199ed178dbaae12521d68271d7df56eb56c55878034cf01bd887ba4d7
pms             : 0030ce2fa604b6a3e08fc42eda74ab647adace1168b199ed178dbaae12521d68271d7df56eb56c55878034cf01bd887ba4d7000401020304
seed            : 5bc0b19b4a8b24b07afe7ec65c471e94a7d518fcef06c3574315255c52afe21b5bc0b19b872b9b26508458f03603744d575f463a11ae7f1b090c012606fd3e9f
label           : 6d617374657220736563726574
output          : 168fecea35190f9df34c042f24ecaa5e7825337f2cd82719464df5462f16aae84cb38a65c0d612ca9273f998ad32c05b
"""
from cryptography.hazmat.primitives import hashes
from tls._common.prf import prf
import os
import sys

def build_pms(other_secret: bytes, secret: bytes) -> bytes:
    other_secret_size = len(other_secret).to_bytes(2, byteorder='big')
    secret_size = len(secret).to_bytes(2, byteorder='big')
    return(other_secret_size + other_secret + secret_size + secret)

def derive_ms(secret: bytes, other_secret: bytes, seed: bytes, label: bytes, hash: hashes.HashAlgorithm) -> bytes:
    return prf(build_pms(other_secret, secret), label, seed, hash, 48)

def main():
    #check args
    if len(sys.argv) != 6:
        print("Invalid number of arguments. Expected: <secret> <other_secret> <seed> <label> <hash>" )
        return
    if sys.argv[5] != 'SHA384' and sys.argv[5] != 'SHA256':
        print("Invalid hash algorithm. Expected: SHA256 or SHA384" )
        return

    secret = bytes.fromhex(sys.argv[1])
    other_secret = bytes.fromhex(sys.argv[2])
    seed = bytes.fromhex(sys.argv[3])
    label = bytes.fromhex(sys.argv[4])
    hash_func = hashes.SHA384() if sys.argv[5] == 'SHA384' else hashes.SHA256()
    pms = build_pms(other_secret, secret)

    actual_output = derive_ms(secret, other_secret, seed, label, hash_func)

    print('secret       : ' + secret.hex())
    print('other_secret : ' + other_secret.hex())
    print('pms          : ' + pms.hex())
    print('seed         : ' + seed.hex())
    print('label        : ' + label.hex())
    print('output       : ' + actual_output.hex())

if __name__ == "__main__":
    main()

Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-04-21 11:41:41 +02:00
Gilles Peskine
b29d814169 Use MAX_SIZE macros instead of hard-coding IV/nonce max size
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-21 11:33:17 +02:00
Gilles Peskine
5eef11af2c Remove redundant initialization of iv_length
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-21 11:33:11 +02:00
Gilles Peskine
286c314ae3 cipher_alg_without_iv: also test multipart decryption
For multipart encrpytion, call psa_cipher_finish(). This is not actually
necessary for non-pathological implementations of ECB (the only currently
supported IV-less cipher algorithm) because it requires the input to be a
whole number of blocks and non-pathological implementations emit the output
block from update() as soon as an input block is available. But in principle
a driver could delay output and thus require a call to finish().

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-21 11:27:17 +02:00
Gilles Peskine
9e38f2c8fd cipher_alg_without_iv: generalized to also do decryption
Test set_iv/generate_iv after decrypt_setup. Test successful decryption.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-21 11:25:00 +02:00
Gilles Peskine
9b9b614a02 cipher_encrypt_alg_without_iv: validate size macros independently
Validate the size macros directly from the output length in the test data,
rather than using the value returned by the library. This is equivalent
since the value returned by the library is checked to be identical.

Enforce that SIZE() <= MAX_SIZE(), in addition to length <= SIZE(). This is
stronger than the previous code which merely enforced length <= SIZE() and
length <= MAX_SIZE().

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-21 11:24:48 +02:00
Neil Armstrong
09030a345c Refine component_check_test_requires_psa_disabled change grep options order for better compatibility
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-04-21 11:17:43 +02:00
Manuel Pégourié-Gonnard
ec52893ec3 Improve readability and relevance of values
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-04-21 09:25:23 +02:00
Thomas Daubney
28015e1e44 Set flag to proper value
Set flag to proper value. Was previously 0xFFFFFFF and has been
corrected to 0xFFFFFFFF.

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
2022-04-21 08:12:59 +01:00
XiaokangQian
318dc763a6 Fix test failure issue and update code styles
Change-Id: I0b08da1b083abdb19dc383e6f4b210f66659c109
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-04-20 09:43:51 +00:00
XiaokangQian
de33391fa0 Rebase and solve conflicts
Change-Id: I7f838ff5b607fe5e6b68d74d0edc1def8fc9a744
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-04-20 08:49:42 +00:00
Manuel Pégourié-Gonnard
d8d19de1c7 Expand negative coverage of ECDSA verification
Motivated by CVE-2022-21449, to which we're not vulnerable, but we
didn't have a test for it. Now we do.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-04-20 10:34:22 +02:00
XiaokangQian
3f84d5d0cd Update test cases and fix the test failure
Change-Id: If93506fc3764d49836b229d51e4ad5b008cc3343
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-04-20 07:45:50 +00:00
XiaokangQian
8f9dfe41c0 Fix comments about coding styles and test cases
Change-Id: I70ebc05e9dd9fa084d7b0ce724a25464c3425e22
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-04-20 07:45:50 +00:00
XiaokangQian
cfd925f3e8 Fix comments and remove hrr related code
Change-Id: Iab1fc5415b3b7f7b5bcb0a41a01f4234cc3497d6
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-04-20 07:45:50 +00:00
XiaokangQian
ed582dd023 Update based on comments
Remove cookie support from server side
Change code to align with coding styles
Re-order functions of client_hello

Change-Id: If31509ece402f8276e6cac37f261e0b166d05e18
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-04-20 07:43:48 +00:00
XiaokangQian
c4b8c99a38 Rebase and solve conflicts and issues
Change-Id: I17246c5b2f8a8ec4989c8b0b83b55cad0491b78a
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-04-20 07:43:48 +00:00
XiaokangQian
5e4528cd12 Add test cases for server side parse client hello
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-04-20 07:43:48 +00:00
Ronald Cron
9d0a3e8296 generate_tls13_compat_tests.py: Fix/Unify parameter ordering
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-04-19 18:31:24 +02:00
Ronald Cron
df5f8681cc ssl-opt.sh: Fix/Unify TLS 1.3 test descriptions
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-04-19 18:31:24 +02:00
Paul Elliott
a2da9c7e45
Merge pull request #5631 from gstrauss/enum-tls-vers
Unify internal/external TLS protocol version enums
2022-04-19 17:05:26 +01:00
Gilles Peskine
f4d70b2944
Merge pull request #5608 from AndrzejKurek/raw-key-agreement-fail
Add a test for a raw key agreement failure
2022-04-19 14:00:48 +02:00
Gilles Peskine
5bd0b51048 Use terse output from lsof
This both simplifies parsing a little, and suppresses warnings. Suppressing
warnings is both good and bad: on the one hand it resolves problems such as
https://github.com/Mbed-TLS/mbedtls/issues/5731, on the other hand it may
hide clues as to why lsof wouldn't be working as expected.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-16 11:34:23 +02:00
Gilles Peskine
a841c2a20f test_cmake_out_of_source: run an ssl-opt test case that exists
component_test_cmake_out_of_source was running the ssl-opt.sh test case
"Fallback SCSV: beginning of list", but this test case was removed in Mbed
TLS 3.0, so ssl-opt.sh was running nothing, which is not an effective test.
In 2.x, the test case was chosen because it uses an additional auxiliary
program tests/scripts/tcp_client.pl. This auxiliary program is no longer
used. So instead, run at least one test case that's sure to exist.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-16 11:31:25 +02:00
Gilles Peskine
7393ec5ccf test_cmake_out_of_source: validate that ssl-opt passed
If the ssl-opt test case was skipped, the test was ineffective.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-16 11:30:24 +02:00
Neil Armstrong
4ad82e4b33 Add component_check_test_requires_psa_disabled used to check if some tests requiring PSA to be disabled are presemt
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-04-15 13:27:17 +02:00
Neil Armstrong
655725a624 Unify PSA & non-PSA Verify ext RSA #5 test, and handle different return in pk_rsa_verify_ext_test_vec()
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-04-15 12:00:16 +02:00
Gilles Peskine
f96e977584 No need to recalculate iv_length
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-15 11:10:14 +02:00
Gilles Peskine
6e0f80ab94 Don't try to perform operations when driver support is lacking
We test some configurations using drivers where the driver doesn't
support certain hash algorithms, but declares that it supports
compound algorithms that use those hashes. Until this is fixed,
in those configurations, don't try to actually perform operations.

The built-in implementation of asymmetric algorithms that use a
hash internally only dispatch to the internal md module, not to
PSA. Until this is supported, don't try to actually perform
operations when the operation is built-in and the hash isn't.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-15 11:10:14 +02:00
Gilles Peskine
17e350b12a Short-tag AEAD with the nominal length are encoded as nominal AEAD
`PSA_ALG_AEAD_WITH_SHORTENED_TAG(aead_alg, len) == aead_alg` when
`len == PSA_AEAD_TAG_LENGTH(aead_alg)`. So skip this case when testing
the printing of constants.

This fixes one test case due to the way arguments of
`PSA_ALG_AEAD_WITH_SHORTENED_TAG` are enumerated (all algorithms are tested
for a value of `len` which isn't problematic, and all values of `len` are
tested for one algorithm).

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-15 11:10:14 +02:00
Gilles Peskine
aa3449dd22 exercise_key: support combined key agreement+derivation algorithms
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-15 11:10:14 +02:00
Gilles Peskine
61548d1035 Only exercise Brainpool curve keys on one algorithm
There's nothing wrong with ECC keys on Brainpool curves,
but operations with them are very slow. So we only exercise them
with a single algorithm, not with all possible hashes. We do
exercise other curves with all algorithms so test coverage is
perfectly adequate like this.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-15 11:10:14 +02:00
Gilles Peskine
4bd90dc6b1 Don't exercise OAEP with small key and large hash
RSA-OAEP requires the key to be larger than a function of the hash size.
Ideally such combinations would be detected as a key/algorithm
incompatibility. However key/algorithm compatibility is currently tested
between the key type and the algorithm without considering the key size, and
this is inconvenient to change. So as a workaround, dispense
OAEP-with-too-small-hash from exercising, without including it in the
automatic operation-failure test generation.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-15 11:10:14 +02:00
Gilles Peskine
d586b82e12 exercise_key: signature: detect function/algorithm incompatibility
Don't try to use {sign,verify}_message on algorithms that only support
{sign_verify}_hash. Normally exercise_key() tries all usage that is
supported by policy, however PSA_KEY_USAGE_{SIGN,VERIFY}_MESSAGE is implied
by PSA_KEY_USAGE_{SIGN,VERIFY}_HASH so it's impossible for the test data to
omit the _MESSAGE policies with hash-only algorithms.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-15 11:10:14 +02:00
Gilles Peskine
7acb1980ee Use PSA_AEAD_NONCE_LENGTH when exercising AEAD keys
Don't re-code the logic to determine a valid nonce length.

This fixes exercise_key() for PSA_ALG_CHACHA20_POLY1305, which was trying to
use a 16-byte nonce.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-15 11:10:14 +02:00
Gilles Peskine
bbf452c689 exercise_key: support modes where IV length is not 16
Support ECB, which has no IV. The code also now supports arbitrary IV
lengths based on the algorithm and key type.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-15 11:10:14 +02:00
Gilles Peskine
e6b85b4d42 Storage format tests: exercise operations with keys
In key read tests, add usage flags that are suitable for the key type and
algorithm. This way, the call to exercise_key() in the test not only checks
that exporting the key is possible, but also that operations on the key are
possible.

This triggers a number of failures in edge cases where the generator
generates combinations that are not valid, which will be fixed in subsequent
commits.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-15 11:10:14 +02:00
Gilles Peskine
16b2506e3d Abbreviate descriptions of generated PSA storage tests
This currently makes all the descriptions unambiguous even when truncated at
66 characters, as the unit test framework does.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-15 11:10:14 +02:00
Gilles Peskine
e8e058c9d4 Unify the code to shorten expressions
The output of generate_psa_tests.py is almost unchanged: the differences are
only spaces after commas (now consistently omitted).

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-15 11:10:14 +02:00
Gilles Peskine
564fae8328 Refactor usage flag formatting and implication
When generating storage format tests, pass usage flags around as a list, and
format them as the last thing.

In Storagekey(), simplify the addition of implicit usage flags: this no
longer requires parsing.

The output is unchanged.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-15 11:10:14 +02:00
Gilles Peskine
7de7c1020c Storage format tests: cover algorithms for each key type
In the generated storage format test cases, cover all supported
algorithms for each key type. This is a step towards exercising
the key with all the algorithms it supports; a subsequent commit
will generate a policy that permits the specified algorithms.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-15 11:10:14 +02:00
Gilles Peskine
fa70ced195 Remove ad hoc is_valid_for_signature method
Use the new generic is_public method.

Impact on generated cases: there are new HMAC test cases for SIGN_HASH. It
was a bug that these test cases were previously not generated.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-15 11:10:14 +02:00
Gilles Peskine
09dc05b880
Merge pull request #5635 from gilles-peskine-arm/psa-test-op-fail
PSA: systematically test operation failure
2022-04-15 10:52:47 +02:00
Neil Armstrong
eed1c6255d Enable TLS 1.3 ALPN tests when MBEDTLS_USE_PSA_CRYPTO is enabled
Those were disabled in original submission, but it works fine
with PSA crypto enabled.

Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-04-15 09:30:31 +02:00
Glenn Strauss
59b0d54ba0 Convert tests to use mbedtls_ssl_conf_(min|max)_tls_version()
Replace use of mbedtls_ssl_conf_(min/max)_version()

(PR feedback from @ronald-cron-arm)

Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
2022-04-14 15:40:14 -04:00
Glenn Strauss
39e624ca76 Convert tests to use MBEDTLS_SSL_VERSION_TLS1_*
(PR feedback from @ronald-cron-arm)

Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
2022-04-14 15:40:14 -04:00
Glenn Strauss
e3af4cb72a mbedtls_ssl_(read|write)_version using tls_version
remove use of MBEDTLS_SSL_MINOR_VERSION_*
remove use of MBEDTLS_SSL_MAJOR_VERSION_*
(only remaining use is in tests/suites/test_suite_ssl.data)

Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
2022-04-14 15:40:14 -04:00
Glenn Strauss
60bfe60d0f mbedtls_ssl_ciphersuite_t min_tls_version,max_tls_version
Store the TLS version in tls_version instead of major, minor version num

Note: existing application use which accesses the struct member
(using MBEDTLS_PRIVATE) is not compatible, as the struct is now smaller.

Reduce size of mbedtls_ssl_ciphersuite_t

members are defined using integral types instead of enums in
order to pack structure and reduce memory usage by internal
ciphersuite_definitions[]

Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
2022-04-14 15:40:12 -04:00
Glenn Strauss
2dfcea2b9d mbedtls_ssl_config min_tls_version, max_tls_version
Store the TLS version in tls_version instead of major, minor version num

Note: existing application use which accesses the struct member
(using MBEDTLS_PRIVATE) is not compatible on little-endian platforms,
but is compatible on big-endian platforms.  For systems supporting
only TLSv1.2, the underlying values are the same (=> 3).

New setter functions are more type-safe,
taking argument as enum mbedtls_ssl_protocol_version:
mbedtls_ssl_conf_max_tls_version()
mbedtls_ssl_conf_min_tls_version()

Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
2022-04-14 15:39:43 -04:00
Glenn Strauss
da7851c825 Rename mbedtls_ssl_session minor_ver to tls_version
Store the TLS version instead of minor version number in tls_version.

Note: struct member size changed from unsigned char to uint16_t
Due to standard structure padding, the structure size does not change
unless alignment is 1-byte (instead of 2-byte or more)

Note: existing application use which accesses the struct member
(using MBEDTLS_PRIVATE) is compatible on little-endian platforms,
but not compatible on big-endian platforms.  The enum values for
the lower byte of MBEDTLS_SSL_VERSION_TLS1_2 and of
MBEDTLS_SSL_VERSION_TLS1_3 matches MBEDTLS_SSL_MINOR_VERSION_3 and
MBEDTLS_SSL_MINOR_VERSION_4, respectively.

Note: care has been taken to preserve serialized session format,
which uses only the lower byte of the TLS version.

Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
2022-04-14 15:23:57 -04:00
Glenn Strauss
07c641605e Rename mbedtls_ssl_transform minor_ver to tls_version
Store the TLS version in tls_version instead of minor version number.

Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
2022-04-14 15:23:54 -04:00
Glenn Strauss
dff84620a0 Unify internal/external TLS protocol version enums
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
2022-04-14 13:45:20 -04:00
Neil Armstrong
06baf04870 Initialize PSA to fix move_handshake_to_state when USE_PSA is enabled
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-04-14 16:21:15 +02:00
Neil Armstrong
537e915a6e Enable DTLS renegotiation, resize_buffers, _serialize_mfl & renegotiate_mfl tests with PSA
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-04-14 15:40:26 +02:00
Neil Armstrong
181fe694ef Enable handshake_serialization & handshake_fragmentation tests with PSA
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-04-14 15:39:01 +02:00
Neil Armstrong
993eea3362 Enable app_data_tls & app_data_dtls tests with PSA
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-04-14 15:37:23 +02:00
Neil Armstrong
0739336dd2 Enable mbedtls_endpoint_sanity tests with PSA
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-04-14 15:36:17 +02:00
Andrzej Kurek
83e60eef4d tests: fix bitflip comment
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-04-14 08:51:41 -04:00
Gilles Peskine
e2c342b9bf Don't test with all-but-one elliptic curves
`curves.pl` (invoked by `all.sh test_depends_curves`, and
`all.sh test_depends_curves_psa`) currently runs two series of tests:
* For each curve, test with only that curve enabled.
* For each curve, test with all curves but that one.

Originally this script was introduced to validate test dependencies, and for
that all-but-one gives better results because it handles test cases that
require multiple curves. Then we extended the script to also test with a
single curve, which matches many real-world setups and catches some product
bugs. Single-curve testing also validates test dependencies in a more
limited way.

Remove all-but-one curve testing, because it doesn't add much to the test
coverage. Mainly, this means that we now won't detect if a test case
declares two curve dependencies but actually also depends on a third. This
is an acceptable loss.

The trigger for removing all-but-one curve testing is that this will make
the job take only about half as long, and the length of the job was a bit of
a problem. Resolves #5729.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-14 12:00:17 +02:00
Manuel Pégourié-Gonnard
636b5f10da Add comment in compat.sh about callers
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-04-14 09:21:56 +02:00
Manuel Pégourié-Gonnard
9473229996 Fix compat.sh invocation in basic-built-test.sh
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-04-14 09:21:38 +02:00
Gilles Peskine
45e680e651 Explain why we check that a certain feature is enabled
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-13 23:23:21 +02:00
Gilles Peskine
5417d48044 Remove mostly-redundant test build
component_test_CID_no_debug was added specifically to be a non-regression
test for https://github.com/Mbed-TLS/mbedtls/issues/3998. Running compat.sh
in the newly introduced config-ccm-psk-dtls1_2.h is also a non-regression
test for that bug. Therefore component_test_CID_no_debug is redundant for
its primary purpose.

Of course every configuration is different, but the additional coverage from
component_test_CID_no_debug is minimal, unlike config-ccm-psk-dtls1_2.h
which is a plausible real-world configuration.

In mbedtls-2.28, component_test_CID_no_debug was never added, and running
the unit tests in that configuration does not trigger the #3998 bug, only
compat.sh does. So, rather than backport component_test_CID_no_debug to
2.28.2, I am removing it from 3.2.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-13 22:47:17 +02:00
Gilles Peskine
2ecf4ff349 Restore explicit version requirement on 1.3 HelloRetryRequest tests
A concurrent branch changes the way the test cases run to no longer use
force_version=tls13, so the automatic version requirement detection will no
longer work after that branch is merged. Therefore, keep the manual
requirement (at least until automatic detection gets smarter).

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-13 19:08:38 +02:00
Gilles Peskine
c912673f8d Automatically detect protocol version requirement from force_version
When the client or server uses a specific protocol version, automatically
require that version to be enabled at compile time.

An explicit call is still needed in test cases that require a specific
protocol version (due to analyzing version-specific behavior, or checking
the version in logs), but do not force that specific protocol version, or that
force a specific version only on the openssl/gnutls side.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-13 16:14:01 +02:00
Neil Armstrong
999930e447 Add RSA PK Wrapped Sign ext tests
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-04-13 14:55:17 +02:00
Gilles Peskine
740b734f25 Move ticket, alpn detection into maybe_requires_ciphersuite_enabled
No intended behavior change.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-13 11:32:46 +02:00
Gilles Peskine
b898b3df90 Prepare to generalize maybe_requires_ciphersuite_enabled
Rename maybe_requires_ciphersuite_enabled() to detect_required_features()
and refactor its code a little. No intended behavior change. In subsequent
commits, this function will detect other requirements in a similar way.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-13 11:32:46 +02:00
Neil Armstrong
a4dbfddba2 Add DHE-RSA Opaque PK key tests variants in ssl-opt.sh
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-04-13 10:49:25 +02:00
Neil Armstrong
3e9a142017 Add RSA Opaque PK key tests variants in ssl-opt.sh
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-04-13 10:49:25 +02:00
Manuel Pégourié-Gonnard
296787f75c Rm DES from invocations of compat.sh
It no longer makes sense, either in -e or -f: those ciphersuites have
been removed anyway.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-04-13 10:45:10 +02:00
Manuel Pégourié-Gonnard
4111b73d8f Update comment and default exclude
- comments about (3)DES were inconsistent (one saying "keep 3DES" and
the other "exclude it")
- we don't have any DES or 3DES ciphersuite anyway, so no need to
exclude them or comment about it
- while at it, fix comment about ARIA: it's in the default config now

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-04-13 10:45:10 +02:00
Joe Subbiani
32df1450f1 Order ciphersuite names alphabetically
The ciphers were originally separated by the version conditions, and the spacing
was retained in case it was required later. It has been decided it would be better
to have an unbroken list in alphabetically order to quickly locate ciphers when
necessary

Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>
2022-04-13 10:45:08 +02:00
Joe Subbiani
f05fae0f7a Remove unsupported ciphersuites
Remove ciphersuites that are no longer supported.
running ./test/compat.sh -e '^$' -p mbedtls no longer skips any tests

Fixes #4818

Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>
2022-04-13 10:41:43 +02:00
Joe Subbiani
9f84761c66 Removed redundant mode checks
As anything below (D)TLS 1.2 is no longer supported, checks for the
minor version will always be true, and have therefore been removed

Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>
2022-04-13 10:40:49 +02:00
Neil Armstrong
6ce6dd9bd7 Add Test generating certificates using an opaque EC key
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-04-13 10:32:03 +02:00
Neil Armstrong
98f899c7a5 Test generating certificates using an opaque RSA key
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-04-13 10:31:38 +02:00
Neil Armstrong
9fb9203182 Test generating CSRs using an opaque RSA key
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-04-13 10:31:08 +02:00
Manuel Pégourié-Gonnard
6c242a01f7
Merge pull request #5634 from superna9999/5625-pk-opaque-rsa-basics
PK Opaque RSA sign
2022-04-13 09:55:42 +02:00
Przemek Stekiel
ffbb7d35fc derive_output: add optional step for derivation
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-04-12 11:27:00 +02:00
Andrzej Kurek
57f58b0e65 Prefer TEST_EQUAL over TEST_ASSERT in test suites
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-04-08 16:51:03 -04:00
Gilles Peskine
b4f874d1da raw_key_agreement_fail: Add a nominal run
Ensure that the nominal run works properly, so that it's apparent that the
injected failure is responsible for the failure of the handshake.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-08 16:50:38 -04:00
Gilles Peskine
6cbc9986fb Remove redundant empty slot count check
USE_PSA_DONE() already checks that there are no used key slots.

The call to TEST_ASSERT() wouldn't have worked properly on failure anyway,
since it would jump back to the exit label.

Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-04-08 16:47:19 -04:00
Andrzej Kurek
28f883eba5 Remove RSA & DTLS dependency in raw key agreement test
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-04-08 16:46:57 -04:00
Gilles Peskine
e1730e492d
Merge pull request #5708 from AndrzejKurek/timeless-struggles
Remove the dependency on MBEDTLS_TIME_H from the timing module
2022-04-08 18:43:16 +02:00
Neil Armstrong
cb87403560 Use 1024 bits RSA key size for RSA PK Opaque tests
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-04-08 15:14:40 +02:00
Andrzej Kurek
5735369f4a Remove the dependency on MBEDTLS_HAVE_TIME from MBEDTLS_TIMING_C
The timing module might include time.h on its own when on 
a suitable platform, even if MBEDTLS_HAVE_TIME is disabled. 


Co-authored-by: Tom Cosgrove <tom.cosgrove@arm.com>
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-04-08 04:41:42 -04:00
Gilles Peskine
7d904e7127 Test MBEDTLS_PSA_CRYPTO_CONFIG_FILE and MBEDTLS_PSA_CRYPTO_USER_CONFIG_FILE
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-07 21:59:53 +02:00
Gilles Peskine
e10df779b7 Test MBEDTLS_USER_CONFIG_FILE as such
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-07 21:59:53 +02:00
Gilles Peskine
f4798279c0 Remove obsolete comment
mbedtls/mbedtls_config.h (formerly mbedtls/config.h) used to be included
directly in many places, so we wanted to test that all of these places
allowed the MBEDTLS_CONFIG_FILE override. Now mbedtls/mbedtls_config.h is
only included via build_info.h, so this is not relevant anymore.

It is no longer particularly useful to test MBEDTLS_CONFIG_FILE with the
full config, but it isn't harmful either, so keep it that way.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-07 21:59:53 +02:00
Gilles Peskine
2003c2f455 Simplify build_mbedtls_config_file
$CONFIG_H no longer includes check_config.h since Mbed TLS 3.0.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-07 21:40:25 +02:00
Thomas Daubney
7435d2d08e Renames encrypt setup tests
Similar to the previous commit, this commit removes
the word 'multi-part' from the encrypt setup tests.

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
2022-04-07 15:21:47 +01:00
Gilles Peskine
a91b68564c
Merge pull request #5429 from yuhaoth/pr/fix-parallel-build-fail-of-cmake_out_source
fix parallel build fail of cmake out source
2022-04-07 16:21:43 +02:00
Gilles Peskine
8e5e8d73db
Merge pull request #5686 from AndrzejKurek/off-by-one-ssl-opt
Fix an off-by-one error in ssl-opt.sh
2022-04-07 16:20:55 +02:00
Thomas Daubney
5defdfcc8a Renames decrypt setup tests
The word multi-part is implied and has hence been
removed.

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
2022-04-07 15:17:32 +01:00
Thomas Daubney
6f57be93ec Removes unecessary statement
After other changes had taken place the call to
PSA_ASSERT( psa_get_key_attributes( key, &attributes ) )
was no longer needed.

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
2022-04-07 15:10:34 +01:00
Thomas Daubney
d9c69b7655 Changes PSA initialisation
Commit adds in call to PSA_INIT()

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
2022-04-07 14:57:10 +01:00
Neil Armstrong
67fc036976 Add support for RSA wrap in pk_psa_sign() test
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-04-07 14:51:47 +02:00
Neil Armstrong
5b87ebb601 Prepare pk_psa_sign() test to accept RSA parameters
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-04-07 14:51:47 +02:00
Neil Armstrong
0cd78ddd71 Update test for Opaque PK key
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-04-07 14:51:47 +02:00
Manuel Pégourié-Gonnard
1b05aff3ad
Merge pull request #5624 from superna9999/5312-tls-server-ecdh
TLS ECDH 3b: server-side static ECDH (1.2)
2022-04-07 11:46:25 +02:00
Gilles Peskine
d2d90af7d9 Make mbedtls_ssl_get_bytes_avail tests more independent
Don't depend on the default sizes in the test programs: pass explicit
request and buffer sizes.

Don't depend on MAX_CONTENT_LEN (other than it not being extremely small:
this commit assumes that it will never be less than 101).

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-06 23:39:06 +02:00
Gilles Peskine
c8d242f625 set_maybe_calc_verify: $1 is intended to be auth_mode
Document that this is what it is. Don't allow made-up numerical values.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-06 22:23:45 +02:00
Andrzej Kurek
cb33bc5d0b Change the bit to flip to guarantee failure
For weistrass curves the pair is encoded as 0x04 || x || y.
Flipping one of the bits in the first byte should be a sure failure.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-04-06 11:26:39 -04:00
Andrzej Kurek
39d88d4918 Change the number of expected free key slots
TLS code now uses PSA to generate an ECDH private key.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-04-06 11:26:39 -04:00
Andrzej Kurek
41b7e66e61 Tests: add missing requirements for the raw key agreement test
SECP384R1 is needed for the default loaded
certificate.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-04-06 11:26:39 -04:00
Andrzej Kurek
cc28e9a252 Tests: add missing group termination
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-04-06 11:26:39 -04:00
Andrzej Kurek
65ded569e0 Update raw key agreement test dependencies
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-04-06 11:26:39 -04:00
Andrzej Kurek
b3427823bd Test failing raw_key_agreement in ssl mock tests
Force a bitflip in server key to make the raw key
agreement fail, and then verify that no key slots
are left open at the end. Use a Weierstrass curve
to have a high chance of failure upon encountering
such bitflip.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-04-06 11:24:17 -04:00
Andrzej Kurek
74394a5c39 Add a group_list argument to mocked ssl tests
This will be used to force a group list in certain tests
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-04-06 11:23:34 -04:00
Thomas Daubney
d868d0f7a0 Removes trailing whitespace
Travis found and complained about a trailing whitespace.
This commit removes the error.

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
2022-04-06 15:29:27 +01:00
Thomas Daubney
28428f45c7 Corrects mistake from encrypt setup test
This commit alters an ASSERT_COMPARE statement
at the end of the aead_encrypt_setup test. This is to
correct a mistake introduced by the preceding PR.

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
2022-04-06 14:54:46 +01:00
Thomas Daubney
dbb9754541 Adds changes from first review round
This commit adds the required changes that arose from
the first round of reviewing. The total_input_data argument
has been removed and so the .data file needed to be edited
also.

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
2022-04-06 14:42:10 +01:00
Thomas Daubney
b3e452d5ab Adds insufficient memory test case
Adds test data for the test case where the insufficient
memory error is forced on the driver status.

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
2022-04-06 14:00:49 +01:00
Thomas Daubney
e15bc38e40 Adds fallback test case
Commit adds test data for the case where the
algorithm is not supported by the driver but
the fallback option is available in the library.

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
2022-04-06 14:00:49 +01:00
Thomas Daubney
063c2cd298 Adds positive test case
Commit adds test data for positive test of decrypt
setup test case

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
2022-04-06 14:00:42 +01:00
Thomas Daubney
03c4ba03c1 Adds test for decrypt setup driver dispatch
Commit adds a test for checking driver dispatch
for the M-AEAD decrypt setup function.

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
2022-04-06 13:58:30 +01:00