Przemek Stekiel
3e8249cde0
Add PSA_WANT_ALG_HKDF_EXPAND, PSA_WANT_ALG_HKDF_EXTRACT, adapt code and dependencies
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-06-03 16:18:15 +02:00
Przemek Stekiel
f0f0bd068b
test_suite_psa_crypto_metadata: add test cases for the HKDF-Extract/Expand algorithms
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-06-03 16:18:15 +02:00
Przemek Stekiel
fcdd023ba6
derive_output tests: add invalid input secret test for HKDF-Expand
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-05-19 10:28:58 +02:00
Przemek Stekiel
6786a87ccd
derive_output tests: add capacity HKDF-Extract/Expand tests
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-05-11 12:40:21 +02:00
Przemek Stekiel
2849e0e4d5
derive_output tests: add negative HKDF-Extract/Expand tests
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-05-11 12:38:01 +02:00
Przemek Stekiel
e1036fbe90
derive_output tests: add positive HKDF-Extract/Expand tests
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-05-11 12:34:53 +02:00
Przemek Stekiel
ead1bb9987
derive_output test: Adapt for HKDF-Extract/Expand algs
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-05-11 12:22:57 +02:00
Werner Lewis
e59a531455
Fix memcpy() UB in mbedtls_asn1_named_data()
...
Removes a case in mbedtls_asn1_named_data() where memcpy() could be
called with a null pointer and zero length. A test case is added for
this code path, to catch the undefined behavior when running tests with
UBSan.
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
2022-05-04 11:45:06 +01:00
Manuel Pégourié-Gonnard
068a13d909
Merge pull request #5771 from superna9999/5761-rsa-decrypt-rework-pk-wrap-as-opaque
...
RSA decrypt 0: Rework `mbedtls_pk_wrap_as_opaque()`
2022-05-02 09:06:49 +02:00
Gilles Peskine
310294f06a
Merge pull request #5759 from tom-daubney-arm/correct_x509_flag_parse_tests
...
Set flag to proper value in x509 parse tests
2022-04-28 18:27:36 +02:00
Gilles Peskine
2b5d898eb4
Merge pull request #5644 from gilles-peskine-arm/psa-storage-format-test-exercise
...
PSA storage format: exercise key
2022-04-28 18:20:02 +02:00
Neil Armstrong
95974974d2
Update mbedtls_pk_wrap_as_opaque() usage in PK & X509write tests
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-04-28 13:27:59 +02:00
Manuel Pégourié-Gonnard
ad47487e25
Merge pull request #5742 from superna9999/5669-review-test-incompatible-psa
...
Fixup or re-enable tests with Use PSA
2022-04-28 09:57:13 +02:00
Neil Armstrong
1c9eb722fd
Update PSA specific comment in pk_rsa_verify_ext_test_vec()
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-04-25 14:38:18 +02:00
Ronald Cron
a828f4d89c
Merge pull request #5684 from tom-daubney-arm/M-AEAD_decrypt_driver_dispatch_test
...
M aead decrypt driver dispatch test
The internal CI "merge TLS testing" ran successfully, CI is OK.
2022-04-23 12:10:21 +02:00
Neil Armstrong
6e6967f6a0
Reorganize PSA INVALID_PADDING handling for test #5 in pk_rsa_verify_ext_test_vec()
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-04-22 16:46:24 +02:00
Gilles Peskine
eef30bcea1
Merge pull request #5755 from mpg/ecdsa-range-test
...
Expand negative coverage of ECDSA verification
2022-04-22 16:43:44 +02:00
Manuel Pégourié-Gonnard
60d83f0126
Merge pull request #5710 from superna9999/5627-pk-opaque-rsa-x509
...
RSA sign 3a: X.509 integration testing
2022-04-22 14:29:23 +02:00
Thomas Daubney
7d063f6467
Adds comments for clarification
...
Adds two comments to clarify 1) why an offset is used
in the call to psa_aead_verify() and 2) why the test of
.hits_finish is always 0 in this test case.
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
2022-04-22 11:36:07 +01:00
Ronald Cron
38b8aa4f63
Merge pull request #5539 from xkqian/add_client_hello_to_server
...
Add client hello into server side
2022-04-22 10:26:00 +02:00
Neil Armstrong
e6ed23cb90
Fix typo in x509_crt_check() comment
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-04-22 09:44:04 +02:00
XiaokangQian
e8ff350698
Update code to align with tls13 coding standard
...
Change-Id: I3c98b7d0db63aecc712a67f4e8da2cb9945c8f17
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-04-22 02:34:40 +00:00
Manuel Pégourié-Gonnard
70701e39b5
Merge pull request #5726 from mprse/mixed_psk_1_v2
...
Mixed PSK 1: Extend PSK-to-MS algorithm in PSA (v.2)
2022-04-21 17:11:52 +02:00
Manuel Pégourié-Gonnard
90c70146b5
Merge pull request #5728 from superna9999/5711-pk-opaque-rsa-pss-sign
...
RSA-PSS sign 1: PK
2022-04-21 17:11:18 +02:00
Neil Armstrong
843795ad2f
Use macro for public key buffer size in pk_psa_wrap_sign_ext()
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-04-21 12:23:28 +02:00
Przemek Stekiel
4e47a91d2e
Fix indentation issues
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-04-21 11:53:57 +02:00
Przemek Stekiel
4daaa2bd05
derive_output mix-psk test: add more cases for derivation of output key
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-04-21 11:53:57 +02:00
Przemek Stekiel
6aabc473ce
derive_output test: remove redundant tests with raw key agreement
...
Already handled by input_bytes().
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-04-21 11:53:57 +02:00
Przemek Stekiel
e665466a80
derive_output test: add other key type value 11 to handle raw key type
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-04-21 11:53:57 +02:00
Przemek Stekiel
c5bd1b8b24
PSA key derivation mix-psk tests: add description for bad state cases
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-04-21 11:53:57 +02:00
Przemek Stekiel
38647defa8
derive_output() test: fix code style
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-04-21 11:53:57 +02:00
Przemek Stekiel
cd00d7f724
test PSA key derivation: add positive and negative cases for mixed-psk
...
Mix-PSK-to-MS test vectors are generated using python-tls library:
https://github.com/python-tls/tls
Steps to generate test vectors:
1. git clone git@github.com:python-tls/tls.git
2. cd tls
3. python3 setup.py build
4. sudo python3 setup.py install
5. Use the python script below to generate Master Secret (see description for details):
"""
Script to derive MS using mixed PSK to MS algorithm.
Script can be used to generate expected result for mixed PSK to MS tests.
Script uses python tls library:
https://github.com/python-tls/tls
Example usage:
derive_ms.py <secret> <other_secret> <seed> <label> <hash>
derive_ms.py 01020304 ce2fa604b6a3e08fc42eda74ab647adace1168b199ed178dbaae12521d68271d7df56eb56c55878034cf01bd887ba4d7 5bc0b19b4a8b24b07afe7ec65c471e94a7d518fcef06c3574315255c52afe21b5bc0b19b872b9b26508458f03603744d575f463a11ae7f1b090c012606fd3e9f 6d617374657220736563726574 SHA256
secret : 01020304
other_secret : ce2fa604b6a3e08fc42eda74ab647adace1168b199ed178dbaae12521d68271d7df56eb56c55878034cf01bd887ba4d7
pms : 0030ce2fa604b6a3e08fc42eda74ab647adace1168b199ed178dbaae12521d68271d7df56eb56c55878034cf01bd887ba4d7000401020304
seed : 5bc0b19b4a8b24b07afe7ec65c471e94a7d518fcef06c3574315255c52afe21b5bc0b19b872b9b26508458f03603744d575f463a11ae7f1b090c012606fd3e9f
label : 6d617374657220736563726574
output : 168fecea35190f9df34c042f24ecaa5e7825337f2cd82719464df5462f16aae84cb38a65c0d612ca9273f998ad32c05b
"""
from cryptography.hazmat.primitives import hashes
from tls._common.prf import prf
import os
import sys
def build_pms(other_secret: bytes, secret: bytes) -> bytes:
other_secret_size = len(other_secret).to_bytes(2, byteorder='big')
secret_size = len(secret).to_bytes(2, byteorder='big')
return(other_secret_size + other_secret + secret_size + secret)
def derive_ms(secret: bytes, other_secret: bytes, seed: bytes, label: bytes, hash: hashes.HashAlgorithm) -> bytes:
return prf(build_pms(other_secret, secret), label, seed, hash, 48)
def main():
#check args
if len(sys.argv) != 6:
print("Invalid number of arguments. Expected: <secret> <other_secret> <seed> <label> <hash>" )
return
if sys.argv[5] != 'SHA384' and sys.argv[5] != 'SHA256':
print("Invalid hash algorithm. Expected: SHA256 or SHA384" )
return
secret = bytes.fromhex(sys.argv[1])
other_secret = bytes.fromhex(sys.argv[2])
seed = bytes.fromhex(sys.argv[3])
label = bytes.fromhex(sys.argv[4])
hash_func = hashes.SHA384() if sys.argv[5] == 'SHA384' else hashes.SHA256()
pms = build_pms(other_secret, secret)
actual_output = derive_ms(secret, other_secret, seed, label, hash_func)
print('secret : ' + secret.hex())
print('other_secret : ' + other_secret.hex())
print('pms : ' + pms.hex())
print('seed : ' + seed.hex())
print('label : ' + label.hex())
print('output : ' + actual_output.hex())
if __name__ == "__main__":
main()
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-04-21 11:41:41 +02:00
Gilles Peskine
286c314ae3
cipher_alg_without_iv: also test multipart decryption
...
For multipart encrpytion, call psa_cipher_finish(). This is not actually
necessary for non-pathological implementations of ECB (the only currently
supported IV-less cipher algorithm) because it requires the input to be a
whole number of blocks and non-pathological implementations emit the output
block from update() as soon as an input block is available. But in principle
a driver could delay output and thus require a call to finish().
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-21 11:27:17 +02:00
Gilles Peskine
9e38f2c8fd
cipher_alg_without_iv: generalized to also do decryption
...
Test set_iv/generate_iv after decrypt_setup. Test successful decryption.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-21 11:25:00 +02:00
Gilles Peskine
9b9b614a02
cipher_encrypt_alg_without_iv: validate size macros independently
...
Validate the size macros directly from the output length in the test data,
rather than using the value returned by the library. This is equivalent
since the value returned by the library is checked to be identical.
Enforce that SIZE() <= MAX_SIZE(), in addition to length <= SIZE(). This is
stronger than the previous code which merely enforced length <= SIZE() and
length <= MAX_SIZE().
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-21 11:24:48 +02:00
Manuel Pégourié-Gonnard
ec52893ec3
Improve readability and relevance of values
...
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-04-21 09:25:23 +02:00
Thomas Daubney
28015e1e44
Set flag to proper value
...
Set flag to proper value. Was previously 0xFFFFFFF and has been
corrected to 0xFFFFFFFF.
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
2022-04-21 08:12:59 +01:00
XiaokangQian
de33391fa0
Rebase and solve conflicts
...
Change-Id: I7f838ff5b607fe5e6b68d74d0edc1def8fc9a744
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-04-20 08:49:42 +00:00
Manuel Pégourié-Gonnard
d8d19de1c7
Expand negative coverage of ECDSA verification
...
Motivated by CVE-2022-21449, to which we're not vulnerable, but we
didn't have a test for it. Now we do.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-04-20 10:34:22 +02:00
XiaokangQian
8f9dfe41c0
Fix comments about coding styles and test cases
...
Change-Id: I70ebc05e9dd9fa084d7b0ce724a25464c3425e22
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-04-20 07:45:50 +00:00
XiaokangQian
cfd925f3e8
Fix comments and remove hrr related code
...
Change-Id: Iab1fc5415b3b7f7b5bcb0a41a01f4234cc3497d6
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-04-20 07:45:50 +00:00
Paul Elliott
a2da9c7e45
Merge pull request #5631 from gstrauss/enum-tls-vers
...
Unify internal/external TLS protocol version enums
2022-04-19 17:05:26 +01:00
Gilles Peskine
f4d70b2944
Merge pull request #5608 from AndrzejKurek/raw-key-agreement-fail
...
Add a test for a raw key agreement failure
2022-04-19 14:00:48 +02:00
Neil Armstrong
655725a624
Unify PSA & non-PSA Verify ext RSA #5 test, and handle different return in pk_rsa_verify_ext_test_vec()
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-04-15 12:00:16 +02:00
Gilles Peskine
6e0f80ab94
Don't try to perform operations when driver support is lacking
...
We test some configurations using drivers where the driver doesn't
support certain hash algorithms, but declares that it supports
compound algorithms that use those hashes. Until this is fixed,
in those configurations, don't try to actually perform operations.
The built-in implementation of asymmetric algorithms that use a
hash internally only dispatch to the internal md module, not to
PSA. Until this is supported, don't try to actually perform
operations when the operation is built-in and the hash isn't.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-15 11:10:14 +02:00
Gilles Peskine
09dc05b880
Merge pull request #5635 from gilles-peskine-arm/psa-test-op-fail
...
PSA: systematically test operation failure
2022-04-15 10:52:47 +02:00
Glenn Strauss
59b0d54ba0
Convert tests to use mbedtls_ssl_conf_(min|max)_tls_version()
...
Replace use of mbedtls_ssl_conf_(min/max)_version()
(PR feedback from @ronald-cron-arm)
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
2022-04-14 15:40:14 -04:00
Glenn Strauss
39e624ca76
Convert tests to use MBEDTLS_SSL_VERSION_TLS1_*
...
(PR feedback from @ronald-cron-arm)
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
2022-04-14 15:40:14 -04:00
Glenn Strauss
e3af4cb72a
mbedtls_ssl_(read|write)_version using tls_version
...
remove use of MBEDTLS_SSL_MINOR_VERSION_*
remove use of MBEDTLS_SSL_MAJOR_VERSION_*
(only remaining use is in tests/suites/test_suite_ssl.data)
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
2022-04-14 15:40:14 -04:00
Glenn Strauss
60bfe60d0f
mbedtls_ssl_ciphersuite_t min_tls_version,max_tls_version
...
Store the TLS version in tls_version instead of major, minor version num
Note: existing application use which accesses the struct member
(using MBEDTLS_PRIVATE) is not compatible, as the struct is now smaller.
Reduce size of mbedtls_ssl_ciphersuite_t
members are defined using integral types instead of enums in
order to pack structure and reduce memory usage by internal
ciphersuite_definitions[]
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
2022-04-14 15:40:12 -04:00