Commit graph

7975 commits

Author SHA1 Message Date
Manuel Pégourié-Gonnard
bb12621746
Merge pull request #6808 from gilles-peskine-arm/basic-build-test-lcov-format-robustness-3.3
Fix code_coverage broken by extra echo in make lcov
2022-12-19 13:03:37 +01:00
Manuel Pégourié-Gonnard
c572246fa5 Use OPENSSL everywhere, not OPENSSL_CMD
These variables were both uses to select the default version of OpenSSL
to use for tests:
- when running compat.sh or ssl-opt.sh directly, OPENSSL_CMD was used;
- when running all.sh, OPENSSL was used.

This caused surprising situations if you had one but not the other set
in your environment. For example I used to have OPENSSL_CMD set but not
OPENSSL, so ssl-opt.sh was failing in some all.sh components but passing
when I ran it manually in the same configuration and build, a rather
unpleasant experience.

The natural name would be OPENSSL, and that's what set in the Docker
images used by the CI. However back in the 1.3.x days, that name was
already used in library/Makefile, so it was preferable to pick a
different one, hence OPENSSL_CMD. However the build system has not been
using this name since at least Mbed TLS 2.0.0, so it's now free for use
again (as demonstrated by the fact that it's been set in the CI without
causing any trouble).

So, unify things and use OPENSSL everywhere. Just leave an error message
for the benefit of developers which might have OPENSSL_CMD, not OPENSSL,
set in their environment from the old days.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-12-19 11:42:12 +01:00
Gilles Peskine
3b56d29147 List all the places with instructions to generate those files
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-12-19 00:56:44 +01:00
Gilles Peskine
9a3771e1b3 Don't touch the style of generated files
Ideally the result of the generator would conform to the code style, but
this would be difficult, especially with respect to the placement of line
breaks in long logical lines. So, to avoid surprises when checking the style
of generated files (which happens in releases and in long-time support
branches), systematically skip generated files.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-12-19 00:52:39 +01:00
Gilles Peskine
e162b4725c
Merge pull request #6777 from tom-cosgrove-arm/issue-6292-mod_inv
Bignum: Implement high level fixed width modular inversion
2022-12-17 13:26:02 +01:00
Gilles Peskine
cf86d70162
Merge pull request #6742 from gabor-mezei-arm/6022_bignum_mod_raw_mul
Bignum: Implement fixed width raw modular multiplication
2022-12-17 13:25:43 +01:00
Gilles Peskine
546493bee9
Merge pull request #6789 from mpg/doc-docker-from-ci
Point to docker images used in the CI
2022-12-17 01:54:24 +01:00
Valerio Setti
e7221a21ad test: adjust depends.py to new SHA224/SHA384 changes
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2022-12-16 14:43:48 +01:00
David Horstmann
f91090e4a3 Fix an incorrect regex in check_names.py
Allow check_names.py to detect declarations of the form:

enum some_enum_name {

This pattern has only just appeared due to code style correction, which
explains why the issue was not previously noticed.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
2022-12-16 13:39:04 +00:00
Gabor Mezei
b31b2e62ec
Generate operands in Mongomery representation for the test function
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-12-16 14:27:48 +01:00
Gilles Peskine
98d3a67a5c Simplify the coverage statistics summary
The script was parsing the output from `make lcov` to extract numbers and
calculate percentages. But everything including the percentages is already
present in the output of `make lcov`, just with a slightly different
presentation. So replace all this by a simple extraction of the relevant
lines from the output of `make lcov`.

This is more robust than the previous code, which relied on `tail -n4` to
extract relevant lines, which broke when `make lcov` started to emit one
extra line at the end.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-12-16 12:09:17 +01:00
Ronald Cron
fbc115f43c
Merge pull request #6794 from ronald-cron-arm/tls13-fix-some-test-dependencies
TLS 1.3: Fix some test dependencies
2022-12-16 11:07:00 +01:00
Gilles Peskine
071f47343b Document the test strategy
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-12-16 10:13:29 +01:00
Gilles Peskine
d878d1c638 Add validation tests for mbedtls_mpi_{mod,mod_raw}_random
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-12-16 10:13:29 +01:00
Gilles Peskine
b1eea02f74 Implement and test mbedtls_mpi_mod_random
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-12-16 10:13:29 +01:00
Gilles Peskine
d008abbc4f Fix leak of modulus structures in tests
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-12-16 10:13:29 +01:00
Gilles Peskine
a57cf9813a Implement and test mbedtls_mpi_mod_raw_random
In the basic/XXX=core test cases, use odd upper bounds, because the mod
version of random() only supports odd upper bounds (the upper bound is a
modulus and the mod modules only support odd moduli).

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-12-16 10:13:29 +01:00
Gilles Peskine
8c32b24a35 Rename MPI-legacy test function for clarity
A mod version of the function will be added very soon.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-12-16 10:13:29 +01:00
Gilles Peskine
195f998107 New helper function to allocate and read a modulus
When including <test/bignum_helpers.h>, the library/ directory now needs to
be on the include path.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-12-16 10:13:28 +01:00
Gilles Peskine
881447d411 Move bignum helpers to their own module
Move bignum-related helper functions to their own files under tests/include
and tests/src. The primary motivation is that a subsequent commit will make
bignum_helpers.h include library/bignum*.h, but we want to be able to
include <test/helpers.h> without having the library directory on the include
path (we do this in some programs under programs/ intended for testing).

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-12-16 10:13:28 +01:00
Manuel Pégourié-Gonnard
5bf8629b2c
Merge pull request #6303 from gilles-peskine-arm/bignum-core-random
Bignum: Implement mbedtls_mpi_core_random
2022-12-16 09:58:07 +01:00
Gilles Peskine
d1dd41f3fc
Merge pull request #6723 from mpg/restartable-vs-use-psa
Document ECP_RESTARTABLE and make it compatible with USE_PSA
2022-12-15 19:47:44 +01:00
Gilles Peskine
c8d616364c
Merge pull request #6793 from tom-cosgrove-arm/update-mbedtls_mpi_mod_sub-tests-to-match-mod_add-tests
Update mbedtls_mpi_mod_sub() tests to incorporate mod_add test feedback
2022-12-15 19:47:01 +01:00
Tom Cosgrove
dc19759327 Add tests for mbedtls_mpi_mod_inv()
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2022-12-15 16:59:40 +00:00
Tom Cosgrove
786848b5c5 Add low-level Montgomery conversion functions to bignum_core
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2022-12-15 16:56:36 +00:00
Tom Cosgrove
28ff92cc3a Add an explicit mbedtls_mpi_core_montmul_working_limbs() function
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2022-12-15 16:56:36 +00:00
Tom Cosgrove
30f3b4d601 Add mbedtls_mpi_core_check_zero_ct() and tests
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2022-12-15 16:56:36 +00:00
Gilles Peskine
acdefdd51a Unify RNG initialization that must be unified
mpi_core_random_basic and mpi_random_values must generate the same random
sequences in order to get the expected test coverage (where we know we'll
hit certain numbers of retries). Facilitate this by defining the RNG seed
only once.

Fix the seed to explicitly list all 16 words of the key. This isn't strictly
required (missing initializer fields get the value zero), but it's clearer.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-12-15 15:15:47 +01:00
Gabor Mezei
80a334ada3
Add generated tests for mod_raw_mul
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-12-15 15:04:20 +01:00
Gilles Peskine
031114d6ec Hide check_test_cases warnings on the CI
We aren't paying attention to the warnings. So hide them and save log size.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-12-15 14:46:31 +01:00
Ronald Cron
f5b4706974 TLS 1.3: Fix some test dependencies
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-12-15 13:46:23 +01:00
Gilles Peskine
9fa4897839
Merge pull request #6772 from wernerlewis/bignum_refactor_sub
Bignum: Refactor mpi_core_sub tests to use arch_split
2022-12-15 12:32:44 +01:00
Gilles Peskine
081369111e
Merge pull request #6594 from gilles-peskine-arm/generate_test_code-function_comments
Allow comments in test function prototypes
2022-12-15 12:32:11 +01:00
Manuel Pégourié-Gonnard
116a5166d1
Merge pull request #6699 from gilles-peskine-arm/lcov-script
lcov script
2022-12-15 12:29:23 +01:00
Tom Cosgrove
7f4d15e84d Update mbedtls_mpi_mod_sub() tests to incorporate mod_add test feedback
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2022-12-15 10:55:15 +00:00
Manuel Pégourié-Gonnard
50faa55e4d
Merge pull request #6732 from wernerlewis/bignum_6019_mod_add
Bignum: Implement mbedtls_mpi_mod_add()
2022-12-15 11:39:24 +01:00
Manuel Pégourié-Gonnard
59626b6179 Point to docker images used in the CI
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-12-15 10:08:26 +01:00
Dave Rodgman
01f6e61781
Merge pull request #986 from Mbed-TLS/merge-back-3.3.0-3
Merge back 3.3.0 3
2022-12-14 19:18:05 +00:00
Dave Rodgman
ebef3562c3 Revert "Add generated files"
This reverts commit c18d932705.

Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2022-12-14 19:14:00 +00:00
Manuel Pégourié-Gonnard
c98624af3c
Merge pull request #6680 from valeriosetti/issue6599
Allow isolation of EC J-PAKE password when used in TLS
2022-12-14 11:04:33 +01:00
Valerio Setti
46e8fd8263 test: sha: test SHA224 and SHA256 separately
This is meant to adapt to the new library design in which
SHA224 and SHA256 can be built independently from each other.

Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2022-12-14 10:58:02 +01:00
Valerio Setti
898e7a3afe test: sha: test SHA384 and SHA512 separately
This is meant to adapt to the new library design in which
SHA384 and SHA512 can be built independently from each other.

Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2022-12-14 10:50:54 +01:00
Werner Lewis
ca906e9dd7 Remove B + A tests
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
2022-12-14 09:44:05 +00:00
Werner Lewis
79341a4e7e Reallocate X_raw to enforce no overflow
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
2022-12-14 09:44:05 +00:00
Werner Lewis
25690a98f0 Rename oret to expected_ret
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
2022-12-14 09:36:48 +00:00
Manuel Pégourié-Gonnard
2b70a3f831
Merge pull request #6558 from lpy4105/6416-psa_macros_name_typo
check_names: extend typo check to PSA macro/enum names
2022-12-13 09:56:27 +01:00
Manuel Pégourié-Gonnard
48232ed2c1
Merge pull request #6743 from minosgalanakis/bignum/implement_modular_negation
Bignum: Implement fixed width modular negation
2022-12-13 09:54:38 +01:00
Demi Marie Obenour
1362c5ab16 Test for both PKCS 7 bugs found by OSS-Fuzz
Previously the same test was repeated twice.

Signed-off-by: Demi Marie Obenour <demiobenour@gmail.com>
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2022-12-12 21:59:02 +01:00
Werner Lewis
91a2aabb86 Refactor mpi_core_sub tests to use arch_split
Tests are refactored to generate separate cases for 32-bit and 64-bit
limbs using arch_split. Duplicate arguments and branching in the test
function is removed.

Signed-off-by: Werner Lewis <werner.lewis@arm.com>
2022-12-12 17:18:43 +00:00
Manuel Pégourié-Gonnard
a9ac61203b
Merge pull request #6666 from daverodgman/fast_unaligned
Fast unaligned memory access macros
2022-12-12 12:18:17 +01:00
Minos Galanakis
9a60b2373b bignum_mod_raw testsuite: Refactored mpi_mod_raw_neg().
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
2022-12-12 11:13:56 +00:00
Minos Galanakis
6118a3e5aa test_suite_bignumg_mod_raw: Added test for mpi_mod_raw_neg
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
2022-12-12 11:13:56 +00:00
Valerio Setti
785116a5be test: pake: modify opaque key verification before destruction
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2022-12-12 11:59:25 +01:00
Manuel Pégourié-Gonnard
cd98805bd7
Merge pull request #6683 from mpg/optimize-with-asan
Optimize with asan
2022-12-12 11:58:23 +01:00
Manuel Pégourié-Gonnard
cd98b939b6
Merge pull request #6750 from tom-cosgrove-arm/issue-6023-mod_inv_prime
Bignum: Implement mbedtls_mpi_mod_raw_inv_prime()
2022-12-12 09:52:21 +01:00
Valerio Setti
31e99bb0c7 test: pake: fix: destroy key only in opaque case
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2022-12-09 14:35:10 +01:00
Valerio Setti
9d313dfeeb test: pake: minor enhancement for opaque keys
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2022-12-09 11:38:59 +01:00
Dave Rodgman
c18d932705 Add generated files
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2022-12-09 09:44:10 +00:00
Manuel Pégourié-Gonnard
182a23b1da Adjust all.sh now that restartable is in full
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-12-09 10:09:34 +01:00
Manuel Pégourié-Gonnard
ad45c4d386 Document that ECP_RESTARTABLE depends on ECP_C
This is not new, it had always been the case, just not documented.

Pointed out by depends.py pkalgs (again, now that restartable is part of
full).

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-12-09 10:09:33 +01:00
Manuel Pégourié-Gonnard
578664601e Fix missing dependency declaration in test
muladd() (restartable or not) is only available when at least one short
weirstrass curve is enabled.

Found by depends.py curves (now that restartable is part of full).

Also, document that restartable only work for short weierstrass curves
(actually unrelated, but this made me think of that).

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-12-09 10:09:33 +01:00
Manuel Pégourié-Gonnard
a6e3d3ec10 Disable restartable in build_module_alt
Previously we did not need that as restartable was excluded from full.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-12-09 10:09:33 +01:00
Manuel Pégourié-Gonnard
a37398427b Remove check for tests disabled with USE_PSA
The previous commit declared that some tests cases in ssl-opt.sh depend
on USE_PSA being disabled, which is the right thing to do.

We had a check that forbade that - it was mainly meant to prevent
accidental re-introduction of such dependencies after we cleaned up a
number of cases where it was not warranted, but already at the time that
was controversial [1]. Now it's preventing us from doing the right
thing, so let's just remove it.

[1]: https://github.com/Mbed-TLS/mbedtls/pull/5742#discussion_r855112412

See also https://github.com/Mbed-TLS/mbedtls/pull/5907/ which also
removes this for a similar reason.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-12-09 10:09:33 +01:00
Manuel Pégourié-Gonnard
55a188b420 Clarify the "restart vs use PSA" situation in TLS
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-12-09 10:09:33 +01:00
Manuel Pégourié-Gonnard
cc6e0a650f Fix missing initialisation of PSA Crypto
This fixes the two failures in test_suite_x509parse when both
ECP_RESTARTABLE and USE_PSA_CRYPTO are enabled.

The failure happened because the operation is dispatched to PSA when
restart is disabled (max_ops == 0).

Previously it was correct for this test function not to initialize PSA,
because it depends on ECP_RESTARTABLE which used to conflict with
USE_PSA_CRYPTO, but that's no longer the case.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-12-09 10:09:32 +01:00
Manuel Pégourié-Gonnard
1a100b69a4
Merge pull request #6705 from davidhorstmann-arm/code-style-script-non-corrected
Add code style correction script
2022-12-09 09:41:14 +01:00
Jerry Yu
ddda050604 tls13: Upstream various fix in prototype
- Adjust max input_max_frag_len
- Guard transform_negotiate
- Adjust function position
- update comments
- fix wrong requirements

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-12-09 09:51:20 +08:00
Valerio Setti
2a3ffb4203 test: pake: add test for opaque password key
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2022-12-08 16:27:46 +01:00
Dave Rodgman
48223bc19e Bump version to 3.3.0. No changes to .so versions.
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2022-12-08 14:43:19 +00:00
Tom Cosgrove
6129268fee Bignum: Implement mbedtls_mpi_mod_raw_inv_prime() and tests
Fixes #6023.

Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2022-12-08 09:44:10 +00:00
Tom Cosgrove
a7f0d7b029 mbedtls_mpi_core_exp_mod() ouuput may alias input A
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2022-12-08 08:46:28 +00:00
Gilles Peskine
3e5d56e7d4 Remove duplicated test cases
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-12-07 22:57:54 +01:00
Valerio Setti
f11e05a413 test: psa: minor improvements to test
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2022-12-07 16:02:45 +01:00
Dave Rodgman
90af1a10ab
Merge pull request #6734 from daverodgman/fix_test_dep_spelling
Fix spelling of test dependency
2022-12-07 09:06:29 +00:00
Janos Follath
d45924d862
Merge pull request #6733 from tom-cosgrove-arm/issue-6293-mod_exp-memory
Have mbedtls_mpi_core_exp_mod() take a temporary instead of allocating memory
2022-12-07 08:32:31 +00:00
Gilles Peskine
8781dd0e61 Fix overly large allocations of MPIs
The second argument of ASSERT_ALLOC is a number of array elements, not a
number of bytes.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-12-06 23:05:06 +01:00
Gilles Peskine
de09ddd64e Move tests of random-in-range functions to their own suite
The random-in-nrange test code has auxiliary functions that are common to all
the interfaces (core, mod_raw (upcoming), mod (upcoming), legacy), and does
some differential testing to check that all the layers consume the RNG in
the saame way. Test them all in the same test suite.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-12-06 22:50:11 +01:00
Dave Rodgman
1fe45295d7
Merge pull request #6685 from gilles-peskine-arm/valgrind-cf-skip-tests
Rationalize Valgrind tests
2022-12-06 18:39:32 +00:00
David Horstmann
92b5ac1a47 Add all.sh component to test with code style
Run the main test suites after running code style correction to check
that code style correction does not break these tests.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
2022-12-06 17:44:30 +00:00
Dave Rodgman
92011eef34
Merge pull request #6717 from tom-cosgrove-arm/fix-typos-2212
Fix typos prior to release
2022-12-06 15:00:34 +00:00
Dave Rodgman
614688711d Fix spelling of test dependency
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2022-12-06 14:44:08 +00:00
Tom Cosgrove
0a0ddedfb7 Have mbedtls_mpi_core_exp_mod() take a temporary instead of allocating memory
Last PR needed for #6293

Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2022-12-06 14:37:18 +00:00
Werner Lewis
3f2999ad25 Rename test_suite_bignum_mod.data for consistency
Use the same naming convention as bignum and bignum_core now that test
data is generated.

Signed-off-by: Werner Lewis <werner.lewis@arm.com>
2022-12-06 11:55:32 +00:00
Werner Lewis
e1b6b7c0ac Implement mbedtls_mpi_mod_add()
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
2022-12-06 11:55:32 +00:00
Valerio Setti
ba22c9c1ff test: pake: remove useless check in ssl_ecjpake_set_password()
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2022-12-06 11:42:33 +01:00
Valerio Setti
2e1e43fb82 test: pake: fix error in ssl_ecjpake_set_password()
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2022-12-06 11:41:57 +01:00
Manuel Pégourié-Gonnard
2b7ad6472b Document all effects of MBEDTLS_ECP_RESTARTABLE
It might not be obvious that this option goes beyond adding new
functions, but also automagically modifies the behaviour of TLS
in some circumstances. Moreover, the exact modifications and
circumstances were not documented anywhere outside the ChangeLog.

Fix that.

While at it, adjust the test that checks no restartable behaviour with
other key exchanges, to use a key exchange that allows cert-based client
authentication so that we can check that this is not restartable either.

We don't have any automated test checking that the server is never
affected. That would require adding an ec_max_ops command-line option to
ssl_server2 that never has any effect, just to check that it indeed
doesn't. I'm not sure that's worth it. I tested manually and could
confirm that the server never has restartable behaviour, even for the
parts that are shared between client and server such as cert chain
verification.

Note (from re-reading the code): all restartable behaviour is controlled
by the flag ssl->handshake->ecrs_enabled which is only client-side with
the ECDHE-ECDSA key exchange (TLS 1.2).

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-12-06 10:54:35 +01:00
Tom Cosgrove
f51f972d67 Apply review comments
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2022-12-05 15:47:40 +00:00
Tom Cosgrove
1797b05602 Fix typos prior to release
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2022-12-04 17:19:59 +00:00
Valerio Setti
70e029006d test: pake: fix mixed testing in test_tls1_2_ecjpake_compatibility
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2022-12-02 16:21:56 +01:00
Valerio Setti
e7518ba28e test: pake: reshaping the ssl_ecjpake_set_password()
Removed the "error injection" strategy. Now the functions checks
for all the errors in a row.

Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2022-12-02 12:09:43 +01:00
Gilles Peskine
da9746e8ce Test NOT_ACCEPTABLE cases for MPI get-random
Test some cases where mbedtls_mpi_core_random() or mbedtls_mpi_random()
should return MBEDTLS_ERR_MPI_NOT_ACCEPTABLE. These test cases use a very
small range that makes the NOT_ACCEPTABLE case likely. The test code uses a
deterministic RNG whose implementation is in the test framework, so we know
that the tests will pass reproducibly unless the implementation the test
framework changes.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-12-01 23:46:31 +01:00
Gilles Peskine
e3a1b81cb9 Switch mpi_random_many test function to testing core
The test function mpi_random_many() is the main function for testing the
get-random-in-range function. It validates that the random generator's
output is within the desired range, and performs some basic statistical
checks including checking that small ranges are covered exhaustively.

Switch this function from testing mbedtls_mpi_random() to testing
mbedtls_mpi_core_random(). This does not reduce the test coverage of
mbedtls_mpi_random() because the same properties are now validated
indirectly via mpi_random_values() which checks that mbedtls_mpi_random()
and mbedtls_mpi_core_random() produce identical values for identical inputs.

As of this commit, mpi_random_many() still uses some legacy mpi functions
internally because the corresponding functions don't exist yet in core.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-12-01 23:46:31 +01:00
Gilles Peskine
34e8a2c287 Test mbedtls_mpi_random differentially from mbedtls_mpi_core_random
For good cases, test that mbedtls_mpi_random() produces the same output as
mbedtls_mpi_core_random().

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-12-01 23:46:31 +01:00
Gilles Peskine
6f949ea67b New constant-flow function mbedtls_mpi_core_uint_le_mpi
Compare a single-limb MPI with a multi-limb MPI. This is rather ad hoc, but
will be useful for mbedtls_mpi_core_random.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-12-01 23:06:43 +01:00
Valerio Setti
b287ddff7e test: psa_pake: add more tests for opaque password setting
Added mixed cases:
- server using opaque password, while client not
- client using opaque password, while server not

Added a test with mismatched passwords in case both server and
client are using opaque passwords (the same test was already
present for the non-opaque case)

Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2022-12-01 16:18:12 +01:00
Tom Cosgrove
62b20488f1 Implement mbedtls_mpi_mod_sub()
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2022-12-01 14:27:37 +00:00
Valerio Setti
dc40bbc2d7 test: pake: remove redundant test for opaque passwords
This is already covered by other already existing cases such as
"component_test_full_cmake_gcc_asan" which build with
"config.py full" and run all "ssl-opt.sh" test cases.

Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2022-12-01 15:25:49 +01:00
Valerio Setti
4452e98ec1 test: pake: add tests for set password functions
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2022-12-01 15:08:35 +01:00
Dave Rodgman
481a5e427b Improve parsing of test data
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2022-12-01 13:31:20 +00:00