yuzu-emu/mbedtls
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
29459 commits 1 branch 0 tags 94 MiB
Commit graph

6075 commits

Author SHA1 Message Date
Gilles Peskine
00f3085163 Missing dependency for MBEDTLS_PK_ECDSA 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-01-23 20:25:34 +01:00
Gilles Peskine
f3dbc98d96 mbedtls_pk_get_psa_attributes: support MBEDTLS_PK_USE_PSA_EC_DATA 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-01-23 20:09:38 +01:00
Gilles Peskine
758d8c7631 mbedtls_pk_get_psa_attributes: support MBEDTLS_PK_OPAQUE 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-01-23 20:09:38 +01:00
Gilles Peskine
94e3a873ce mbedtls_pk_get_psa_attributes: test bad usage value 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-01-23 20:09:38 +01:00
Gilles Peskine
ace7c7721e mbedtls_pk_get_psa_attributes: ECC support 
Add code and unit tests for MBEDTLS_PK_ECxxx in
mbedtls_pk_get_psa_attributes().

This commit only supports built-in ECC (MBEDTLS_ECP_C). A subsequent commit
will handle driver-only ECC.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-01-23 20:09:38 +01:00
Gilles Peskine
6ea18361df mbedtls_pk_get_psa_attributes: RSA support 
Add code and unit tests for MBEDTLS_PK_RSA in mbedtls_pk_get_psa_attributes().

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-01-23 20:09:38 +01:00
Gilles Peskine
0b17255da1 Introduce mbedtls_pk_get_psa_attributes 
Follow the specification in https://github.com/Mbed-TLS/mbedtls/pull/8657
as of dd77343381, i.e.
dd77343381/docs/architecture/psa-migration/psa-legacy-bridges.md (api-to-create-a-psa-key-from-a-pk-context)

This commit introduces the function declaration, its documentation, the
definition without the interesting parts and a negative unit test function.
Subsequent commits will add RSA, ECC and PK_OPAQUE support.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-01-23 20:09:38 +01:00
Valerio Setti
b054e449c9 test_suite_psa_crypto: remove tests for importing an RSA key in PEM format 
This feature was an unofficial extension which was never documented.
Now that we are removing the PK dependency in order to use only
functions from RSA module, PEM support is unavailable. Therefore
we explicitly remove it.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-01-23 16:12:27 +01:00
Valerio Setti
8e6093dd9f test_suite_rsa: add some basic testing of new parse/write priv/pub keys 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-01-23 15:19:07 +01:00
Dave Rodgman
e23d6479cc Bump version 
./scripts/bump_version.sh --version 3.5.1

Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2024-01-22 15:45:49 +00:00
Jonathan Winzig
af553bf719 Add required dependency to the testcase 
Co-authored-by: Paul Elliott <62069445+paul-elliott-arm@users.noreply.github.com>
Signed-off-by: Jonathan Winzig <jwinzig@hilscher.com>
 2024-01-22 15:31:05 +00:00
Jonathan Winzig
acd35a55c8 Remove unneeded testcase 
Signed-off-by: Jonathan Winzig <jwinzig@hilscher.com>
 2024-01-22 15:31:05 +00:00
Jonathan Winzig
144bfde1cd Update test-data to use SIZE_MAX 
Co-authored-by: David Horstmann <david.horstmann@arm.com>
Signed-off-by: Jonathan Winzig <jwinzig@hilscher.com>
 2024-01-22 15:31:05 +00:00
Jonathan Winzig
93f5240ae5 Add missing newline at the end of test_suite_x509write.data 
Signed-off-by: Jonathan Winzig <jwinzig@hilscher.com>
 2024-01-22 15:31:05 +00:00
Jonathan Winzig
1c7629c1c0 Add tests for Issue #8687 
Signed-off-by: Jonathan Winzig <jwinzig@hilscher.com>
 2024-01-22 15:31:05 +00:00
Manuel Pégourié-Gonnard
34c6e8a770
Merge pull request #8700 from valeriosetti/issue8461 
psa_asymmetric_encrypt() doesn't work with opaque driver
 2024-01-22 08:43:08 +00:00
Ronald Cron
f8fdbb5174 tests: tls13: Run early data test only in TLS 1.3 only config 
Temporary workaround to not run the early data test
in Windows-2013 where there is an issue with
mbedtls_vsnprintf().

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-01-22 09:37:45 +01:00
Ronald Cron
a8dd81b4de tests: tls13: Add early data unit test 
This aims to provide a basis for negative
testing around TLS 1.3 early data.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-01-22 09:37:45 +01:00
Ronald Cron
d903a86e52 tests: tls13: Add session resume with ticket unit test 
This aims to provide a basis for negative testing
around TLS 1.3 ticket, replacing eventually the
negative tests done in ssl-opt.sh using the
dummy_ticket option.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-01-22 09:37:45 +01:00
Valerio Setti
639d5678b5 pk: move mbedtls_pk_load_file to pk_internal 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-01-19 09:07:39 +01:00
Valerio Setti
25b282ebfe x509: move internal functions declarations to a private header 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-01-19 09:07:35 +01:00
Valerio Setti
b4f5076270 debug: move internal functions declarations to an internal header file 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-01-18 15:30:46 +01:00
Gilles Peskine
4d4891e18a
Merge pull request #8666 from valeriosetti/issue8340 
Export the mbedtls_md_psa_alg_from_type function
 2024-01-18 13:58:55 +00:00
Gilles Peskine
b1f96c0354
Merge pull request #7815 from gilles-peskine-arm/ecp-export-partial 
ECP keypair utility functions
 2024-01-18 10:29:05 +00:00
Gilles Peskine
c9077cccd3
Merge pull request #8664 from valeriosetti/issue7764 
Conversion function from ecp group to PSA curve
 2024-01-18 10:28:55 +00:00
Valerio Setti
48a847afb7 tests: add guards for DH groups 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-01-17 15:57:06 +01:00
Dave Rodgman
9039ba572b Fix test dependencies 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2024-01-16 18:38:55 +00:00
Dave Rodgman
b7778b2388 Fix ASAN error in test 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2024-01-16 16:27:34 +00:00
Dave Rodgman
24ad1b59e8 Add NIST AES-CTR test vectors 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2024-01-16 13:24:45 +00:00
Dave Rodgman
4cc6fb9039 add test for multipart AES-CTR 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2024-01-16 13:24:45 +00:00
Valerio Setti
4860a6c7ac test_suite_psa_crypto: revert known failing checks for [en|de]cryption with opaque keys 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-01-15 16:30:12 +01:00
Dave Rodgman
ae730348e9 Add tests for mbedtls_ctr_increment_counter 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2024-01-15 11:45:01 +00:00
Valerio Setti
f202c2968b test_suite_psa_crypto: test asymmetric encryption/decryption also with opaque keys 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-01-15 10:42:37 +01:00
Kusumit Ghoderao
153586a3d5 change values to ULL 
Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>
 2024-01-12 11:19:16 +05:30
Kusumit Ghoderao
a7c55d5a14 fix depends on condition 
Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>
 2024-01-11 00:43:48 +05:30
Paul Elliott
f149cd1a3a
Merge pull request #8688 from jwinzig-at-hilscher/development 
Fix bug in mbedtls_x509_set_extension
 2024-01-10 16:57:16 +00:00
Kusumit Ghoderao
179f33a1ea add test cases with different hash algs 
Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>
 2024-01-10 21:49:10 +05:30
Kusumit Ghoderao
7d4db631cf add depends on for capacity tests and fix code style 
Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>
 2024-01-10 21:49:09 +05:30
Kusumit Ghoderao
f4351c1a61 correct test data 
Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>
 2024-01-10 21:49:09 +05:30
Kusumit Ghoderao
83455ebcc0 disable pbkdf2_hmac set max capacity test 
Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>
 2024-01-10 21:49:09 +05:30
Kusumit Ghoderao
d3ae165adb Add tests for derive_full for hkdf_extract, hkdf_expand and ecjpake_to_pms 
Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>
 2024-01-10 21:49:09 +05:30
Kusumit Ghoderao
1da06da398 Add tests for derive_set_capacity for pbkdf and ecjpake_to_pms 
Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>
 2024-01-10 21:49:09 +05:30
Kusumit Ghoderao
604e1cbbe7 Change error status for invalid HKDF alg 
Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>
 2024-01-10 21:49:09 +05:30
Kusumit Ghoderao
9ffd397e4c Increase input parameter type and buffer size 
Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>
 2024-01-10 21:49:09 +05:30
Kusumit Ghoderao
4aa6b36a35 add tests for derive_full and derive_set_capacity 
Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>
 2024-01-10 21:49:09 +05:30
Jonathan Winzig
315c3ca9e5
Add required dependency to the testcase 
Co-authored-by: Paul Elliott <62069445+paul-elliott-arm@users.noreply.github.com>
Signed-off-by: Jonathan Winzig <jwinzig@hilscher.com>
 2024-01-09 18:31:11 +01:00
Jonathan Winzig
6c9779fabb Remove unneeded testcase 
Signed-off-by: Jonathan Winzig <jwinzig@hilscher.com>
 2024-01-09 17:47:10 +01:00
Jonathan Winzig
a72454bc16
Update test-data to use SIZE_MAX 
Co-authored-by: David Horstmann <david.horstmann@arm.com>
Signed-off-by: Jonathan Winzig <jwinzig@hilscher.com>
 2024-01-09 17:39:42 +01:00
Jonathan Winzig
c5e77bf4e4
Add missing newline at the end of test_suite_x509write.data 
Signed-off-by: Jonathan Winzig <jwinzig@hilscher.com>
 2024-01-09 16:47:12 +01:00
Tom Cosgrove
3a6059beca
Merge pull request #7455 from KloolK/record-size-limit/comply-with-limit 
Comply with the received Record Size Limit extension
 2024-01-09 15:22:17 +00:00
Jonathan Winzig
2bd2b788cf Add tests for Issue #8687 
Signed-off-by: Jonathan Winzig <jwinzig@hilscher.com>
 2024-01-09 15:19:42 +01:00
Valerio Setti
db6e02902d test_suite_psa_crypto: test also MBEDTLS_ECP_DP_MAX in ecc_conversion_functions_fail() 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-01-09 13:41:52 +01:00
Valerio Setti
ac73952474 test_suite_psa_crypto: improve failing tests for EC conversion functions 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-01-09 13:41:52 +01:00
Valerio Setti
4ba0c61eda test_suite_psa_crypto: add test case for ECP conversion with null values 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-01-09 13:41:52 +01:00
Valerio Setti
ad819679a5 test_suite_psa_crypto: explicitly check return values of conversion functions 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-01-09 13:41:52 +01:00
Valerio Setti
bf999cb22e test_suite_psa_crypto: add test functions and cases for ECC conversion functions 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-01-09 13:41:52 +01:00
Valerio Setti
673868be5d psa_crypto_ecp: add helper for checking EC parameters 
This commit also updates "test_suite_psa_crypto.data" replacing
PSA_ERROR_NOT_SUPPORTED with PSA_ERROR_INVALID_ARGUMENT when
a wrong bit size is provided while importing key.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-01-09 13:41:52 +01:00
Valerio Setti
9b2d738ccd Revert "test_suite_md: improve md_to_from_psa() test function and related data" 
This reverts commit 2c1070b397.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-01-09 08:41:21 +01:00
Manuel Pégourié-Gonnard
4aad0ff510
Merge pull request #8632 from valeriosetti/issue8598 
[G5] Make block_cipher work with PSA
 2024-01-08 08:07:53 +00:00
Paul Elliott
3dce2327ab Use new thread abstraction for ctr_drbg tests 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2024-01-05 21:04:52 +00:00
Paul Elliott
17c119a5e3 Migrate to threading_helpers.h 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2024-01-05 21:04:52 +00:00
Manuel Pégourié-Gonnard
5bad043c06
Merge pull request #8641 from valeriosetti/issue8358 
G3-G4 wrap-up
 2024-01-04 10:48:00 +00:00
Gilles Peskine
a10d112e45 Remove useless guards on MBEDTLS_BIGNUM_C 
All of ECP requires the bignum module and there is no plan to change that,
so guarding a few bits of code is just noise.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-01-03 14:08:10 +01:00
Gilles Peskine
5d867872dd Improve readability of null-argument tests 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-01-02 17:57:51 +01:00
Valerio Setti
2c1070b397 test_suite_md: improve md_to_from_psa() test function and related data 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-01-02 14:58:22 +01:00
Valerio Setti
384fbde49a library/tests: replace md_psa.h with psa_util.h as include file for MD conversion 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-01-02 13:27:32 +01:00
Valerio Setti
e581e140cc oid/pkparse: add missing guards for PKCS[5/12] functions when !CIPHER_C 
This commit also updates test_suite_pkparse.data file adding
MBEDTLS_CIPHER_C dependencies whenever PKCS[5/12] is used.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-12-29 16:35:58 +01:00
Valerio Setti
160b2bde09 test_suite_cmac: add used key type to all test cases 
This is useful for grepping and skipping disparities in
analyze_outcomes.py.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-12-29 14:07:11 +01:00
Valerio Setti
9a4cc122a7 test_suite_block_cipher.psa: remove misleading initial comment 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-12-28 18:33:17 +01:00
Gilles Peskine
62e33bcc64 New function mbedtls_ecp_write_public_key 
Directly export the public part of a key pair without having to go through
intermediate objects (using mbedtls_ecp_point_write_binary would require a
group object and a point object).

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-12-24 15:23:19 +01:00
Gilles Peskine
6dd87384ae Rename variable that's a C++ keyword 
It gave uncrustify trouble
(https://github.com/uncrustify/uncrustify/issues/4044)

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-12-24 15:23:19 +01:00
Gilles Peskine
7ea72026cd New function mbedtls_ecp_keypair_calc_public 
For when you calculate or import a private key, and then need to calculate
the public key.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-12-22 21:30:03 +01:00
Gilles Peskine
28240323d3 New function mbedtls_ecp_set_public_key 
Set the public key in a key pair. This complements mbedtls_ecp_read_key and
the functions can be used in either order.

Document the need to call check functions separately.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-12-22 21:30:03 +01:00
Gilles Peskine
091a85a762 Promise mbedtls_ecp_read_key doesn't overwrite the public key 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-12-22 21:30:03 +01:00
Gilles Peskine
ba5b5d67aa Support partial export from mbedtls_ecp_keypair 
Sometimes you don't need to have all the parts of a key pair object. Relax
the behavior of mbedtls_ecp_keypair so that you can extract just the parts
that you need.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-12-22 21:30:03 +01:00
Gilles Peskine
e6886102ef New function mbedtls_ecp_keypair_get_group_id 
Add a simple function to get the group id from a key object.

This information is available via mbedtls_ecp_export, but that function
consumes a lot of memory, which is a waste if all you need is to identify
the curve.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-12-22 21:30:03 +01:00
Valerio Setti
a69e872001 pkcs[5/12]: add CIPHER_C for [en/de]crypting functions 
This commit also updates corresponding test suites.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-12-21 16:39:04 +01:00
Gilles Peskine
0e6fdc4f1d
Merge pull request #8342 from yanesca/threading_test_pc 
Threading test proof of concept and plan
 2023-12-21 12:08:41 +00:00
Waleed Elmelegy
049cd302ed Refactor record size limit extension handling 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2023-12-20 17:28:31 +00:00
Tomi Fontanilles
9c69348c24 pk test suite: rename the parameter named parameter 
Signed-off-by: Tomi Fontanilles <129057597+tomi-font@users.noreply.github.com>
 2023-12-20 12:59:57 +02:00
Tomi Fontanilles
8174662b64 pk: implement non-PSA mbedtls_pk_sign_ext() 
This makes the function always available with its
its implementation depending on MBEDTLS_USE_PSA_CRYPTO.

Related dependencies and tests are updated as well.

Fixes #7583.

Signed-off-by: Tomi Fontanilles <129057597+tomi-font@users.noreply.github.com>
 2023-12-20 12:59:57 +02:00
Valerio Setti
45c84feacc test_suite_ccm: add missing BLOCK_CIPHER_PSA_[INIT/DONE]() 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-12-20 09:54:39 +01:00
Valerio Setti
689c0f71cb tests: use new CCM/GCM capability macros in tests 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-12-20 09:54:18 +01:00
Paul Elliott
22dbaf05b6 Add AES_PSA_INIT() to thread test case 
Tests were failing when PSA was being used in ctr_drbg_seed() as PSA was
not initialised.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2023-12-18 18:18:04 +00:00
Paul Elliott
445af3c25a Move test dependancies to function file 
Dependancies are determined by code in this case.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2023-12-18 14:49:34 +00:00
Paul Elliott
40f0ec246e Remove requirement for SHA512 from ctr_drbg test 
Set the entropy len prior to doing the test to ensure the outcome is the
same regardless of whether SHA512 or SHA256 is used.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2023-12-18 14:49:34 +00:00
Paul Elliott
bb0e48f94f Make number of threads a test argument 
Remove hard coded number of threads.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2023-12-18 14:49:34 +00:00
Paul Elliott
fed410f58e Increase entropy buffer sizes 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2023-12-18 14:49:34 +00:00
Paul Elliott
811c600d88 Guard tests correctly 
All guarded options change output, thus failing the test.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2023-12-18 14:49:34 +00:00
Paul Elliott
6a997c9994 Fix code style 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2023-12-18 14:49:34 +00:00
Paul Elliott
bda25dd29c Add re-seeding option to test 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2023-12-18 14:49:34 +00:00
Paul Elliott
20b2efa293 Fix missing include 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2023-12-18 14:49:33 +00:00
Janos Follath
178bf3ee8a Fix failing multi-threaded unit test 
Signed-off-by: Janos Follath <janos.follath@arm.com>
 2023-12-18 14:49:33 +00:00
Janos Follath
a16ee6b7d4 Add multi-threaded unit test 
The unit test we add is designed to fail. The goal is to test the tests
and show that they catch the problem. A later commit will fix the unit
test and will make it pass.

Signed-off-by: Janos Follath <janos.follath@arm.com>
 2023-12-18 14:49:33 +00:00
Dave Rodgman
543d275c68
Merge pull request #8635 from daverodgman/asan-opt 
CI perf - prefer clang for Asan
 2023-12-15 13:25:02 +00:00
Dave Rodgman
c1f0f5b8af Fix a typo 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-12-14 23:34:48 +00:00
Dave Rodgman
815b240d72 Fix unused function/variable warnings from clang 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-12-14 23:20:48 +00:00
Valerio Setti
ac7df142e8 test_suite_block_cipher: fix unused variable when !MBEDTLS_BLOCK_CIPHER_SOME_PSA 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-12-14 18:08:14 +01:00
Valerio Setti
1cf81c3c80 test_suite_block_cipher: add new data file for PSA/legacy dispatch test 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-12-14 18:08:14 +01:00
Valerio Setti
10e9aa26c5 tests: add PSA_INIT/PSA_DONE to CCM and GCM test suites 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-12-14 18:08:14 +01:00
Manuel Pégourié-Gonnard
1f67363d6a
Merge pull request #8616 from lpy4105/issue/8553/test-driver-only-rsa 
Add test for driver-only RSA (crypto only)
 2023-12-14 11:05:55 +00:00
Dave Rodgman
bdba26c8d7
Merge pull request #8626 from davidhorstmann-arm/fix-uninit-mpi-test 
Fix possible free of uninitialized MPI
 2023-12-13 11:19:00 +00:00
Manuel Pégourié-Gonnard
7404af6ec3
Merge pull request #8599 from valeriosetti/issue8357 
G2 wrap-up
 2023-12-13 08:17:27 +00:00
David Horstmann
e04a97a1eb Move MPI initialization to start of function 
This prevents a call to mbedtls_mpi_free() on uninitialized data when
USE_PSA_INIT() fails.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2023-12-08 18:34:15 +00:00
Pengyu Lv
d90fbf7769 Adjuest checks in generate_key_rsa suite 
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
 2023-12-08 17:30:33 +08:00
Pengyu Lv
9e976f3649 Conditionally check the attribute of generated RSA key 
`psa_get_key_attributes` depends on some built-in
implementation of RSA. Guard the check with coresponding
macros.

Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
 2023-12-07 10:22:35 +08:00
Valerio Setti
58d0206f39 test_suite_block_cipher: fix depends_on for Camellia tests 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-12-04 15:24:25 +01:00
Valerio Setti
302a487499 test_driver_key_management: rename counter for export_public_key() hits 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-12-04 11:04:42 +01:00
Valerio Setti
829ce0facf test_driver_cipher: add forced return status for encrypt and set_iv 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-12-04 11:04:42 +01:00
Valerio Setti
7ef35a9b3c test_suite_psa_crypto_driver_wrappers: add counter for failing psa_cipher_update() 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-12-04 11:04:42 +01:00
Valerio Setti
83e0de8481 crypto_extra: revert changes to mbedtls_psa_random_free() 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-12-04 11:04:42 +01:00
Valerio Setti
0ca1868fcd test_suite_psa_crypto_driver_wrappers: fix missing hit counter reset before test 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-12-04 11:04:42 +01:00
Valerio Setti
7448367f68 test_suite_psa_crypto_slot_management: modify check on open key slots 
This commit
- Reverts changes previously done to psa_crypto_helpers.[c,h]
- Implements a new check for open key slots in
  mbedtls_test_helper_is_psa_leaking():
   - when CTR_DRBG does not use AES_C or PSA does not have an external
     RNG, then we allow 1 key slot (it's the one holding the AES key)
   - when the above conditions are not met, then we fallback to the
     usual check for "no open key slots remaining"

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-12-04 11:04:42 +01:00
Valerio Setti
45337a8895 test_suite_psa_crypto_driver_wrappers: add counter for cipher_update() 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-12-04 11:04:42 +01:00
Valerio Setti
6ef82ae39d test_suite_psa_crypto_driver_wrappers: improving driver access counters 
When AES_C is not defined CTR_DRBG relies on PSA to get AES-ECB. This
means that, when AES-ECB is accelerated, each random operation goes through
driver access as well. This might result in unexpectedly increased
counters for driver's access.
We add extra counters in test_driver_[cipher/key_management].c to be
more specific on which driver functions are accessed and ignore
extra accesses due to CTR_DRBG.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-12-04 11:04:42 +01:00
Valerio Setti
0a903db804 test_suite_psa_crypto_slot_management: some fix for available key slots 
When AES_C is not defined, CTR_DRBG relies on PSA to get AES-ECB. This means
that PSA holds an open AES key since psa_crypto_init() is called, which
- reduces the maximum number of available key slots
- shifts the 1st available index

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-12-04 11:04:41 +01:00
Valerio Setti
dc32ac20fd test_suite_[ctr_drbg/random]: initialize/close PSA in tests 
This commit also adds AES_PSA_[INIT/DONE] in "psa_crypto_helpers.h". Its
scope is to call PSA_[INIT/DONE] only when AES_C is not defined (which is
when PSA is effectively required for CTR_DRBG).

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-12-04 11:04:41 +01:00
Janos Follath
c6f1637f8c
Merge pull request #8534 from paul-elliott-arm/fix_mutex_abstraction 
Make mutex abstraction and tests thread safe
 2023-11-29 13:26:23 +00:00
Dave Rodgman
c3cd410acf
Merge pull request #8286 from gilles-peskine-arm/check_mbedtls_calloc_overallocation-disable_with_asan 
Fix test_suite_platform failure with Asan on modern Clang
 2023-11-28 16:48:31 +00:00
Pengyu Lv
6c927c0795 Merge branch 'development' into review/gilles/update-old-dep-MD_CAN 2023-11-28 09:31:44 +08:00
Paul Elliott
f25d831123 Ensure mutex test mutex gets free'd 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2023-11-23 18:49:43 +00:00
Dave Rodgman
8cd4bc4ac2
Merge pull request #8124 from yanrayw/support_cipher_encrypt_only 
Support the negative option MBEDTLS_BLOCK_CIPHER_NO_DECRYPT
 2023-11-23 17:43:00 +00:00
Dave Rodgman
c44042ddbc
Merge pull request #7905 from lpy4105/issue/misc-improvement 
misc improvements
 2023-11-23 16:20:58 +00:00
Yanray Wang
690ee81533 Merge remote-tracking branch 'origin/development' into support_cipher_encrypt_only 2023-11-23 10:31:26 +08:00
Gilles Peskine
3b2b7f8acf MSan and TSan complain as well, not just ASan 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-11-22 18:08:17 +01:00
Gilles Peskine
05ebe967be Disable check_mbedtls_calloc overallocation under ASan 
This test case exercises an integer overflow in calloc. Under Asan, with
a modern Clang, this triggers an Asan complaint. The complaint can be
avoided with ASAN_OPTIONS=allocator_may_return_null=1, but this has to
be set in the environment before the program starts, and could hide
other errors.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-11-22 17:56:26 +01:00
Jerry Yu
aa5dc24df9 Change if to switch case 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-11-21 09:59:25 +08:00
Jerry Yu
713ce1f889 various improvement 
- improve change log entry
- improve comments
- remove unnecessary statement
- change type of client_age

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-11-21 09:59:25 +08:00
Jerry Yu
4ac648ef20 improve readability 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-11-21 09:59:24 +08:00
Jerry Yu
d84c14f80c improve code style 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-11-21 09:59:24 +08:00
Jerry Yu
b2455d2472 Guards ticket_creation_time 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-11-21 09:59:24 +08:00
Jerry Yu
342a555eef rename ticket received 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-11-21 09:58:19 +08:00
Jerry Yu
25ba4d40ef rename ticket_creation to ticket_creation_time 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-11-21 09:58:19 +08:00
Jerry Yu
28547c49ed update tests 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-11-21 09:58:18 +08:00
Ronald Cron
97137f91b6
Merge pull request #7071 from yuhaoth/pr/tls13-ticket-add-max_early_data_size-field 
TLS 1.3 EarlyData: add `max_early_data_size` field for ticket
 2023-11-20 08:04:57 +00:00
Pengyu Lv
c5d4c46983 Add missing PSA init 
EC might be supported through PSA, so use `MD_OR_USE_PSA_INIT`
in pk_parse_{public_}keyfile_ec.

Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
 2023-11-16 09:07:28 +08:00
Manuel Pégourié-Gonnard
dc848955d6
Merge pull request #8519 from mpg/block-cipher 
[G2] Add internal module block_cipher
 2023-11-15 11:53:22 +00:00
Gilles Peskine
4ebccc0396 Update PSA init for md-ligt 
Also initialize PSA in builds where hashes are PSA-only, for the sake of
encrypted keys (otherwise PBKDF fails).

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-11-15 11:04:30 +01:00
Gilles Peskine
799befd58e Update to TEST_EQUAL macros for easier debuggability 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-11-15 11:04:23 +01:00
Manuel Pégourié-Gonnard
9e80a91f27
Merge pull request #8164 from yanrayw/adjust_tfm_configs 
Adjust how we handle TF-M config files
 2023-11-15 08:21:27 +00:00
Manuel Pégourié-Gonnard
cf582df426
Merge pull request #8498 from mpg/legacy-deps-psa-tests 
Remove legacy dependencies from PSA tests
 2023-11-13 08:16:30 +00:00
Manuel Pégourié-Gonnard
76fa16cab3 block_cipher: add encrypt() 
Test data copied from existing test suites.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-11-10 12:14:53 +01:00
Manuel Pégourié-Gonnard
3e0884fc53 block_cipher: add setkey() 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-11-10 11:52:10 +01:00
Manuel Pégourié-Gonnard
21718769d1 Start adding internal module block_cipher.c 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-11-10 11:21:17 +01:00
Manuel Pégourié-Gonnard
7d7ce0e66a
Merge pull request #8495 from lpy4105/issue/6322/driver-only-cipher_aead-tls 
[G3] Driver-only cipher+aead: TLS: main test suite
 2023-11-09 11:10:34 +00:00
Gilles Peskine
4dec9ebdc2
Merge pull request #8378 from mschulz-at-hilscher/fixes/issue-8377 
Fixes "CSR parsing with critical fields fails"
 2023-11-08 18:07:04 +00:00
Dave Rodgman
0d22539de0
Merge pull request #8468 from daverodgman/mbedtls-3.5.1-pr 
Mbed TLS 3.5.1
 2023-11-08 18:01:32 +00:00
Dave Rodgman
28d40930ae Restore bump version 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-11-08 11:40:08 +00:00
Gilles Peskine
1d6de4ceb7 No more limitations accelerated algorithms using a built-in hash 
It used to be the case that when an algorithm that uses a hash inside was
accelerated through a PSA driver, it might end up calling a hash algorithm
that is not available from the driver. Since we introduced MBEDTLS_MD_LIGHT,
this no longer happens: PSA accelerated hashes are available to callers of
the MD module, so the test driver can use all available hash algorithms.
Hence the workaround to skip testing certain accelerated cases is no longer
needed.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-11-08 12:30:52 +01:00
Manuel Pégourié-Gonnard
fcc5f31bb8 Rm unjustified MD_C dependencies in PSA test 
RSA will auto-enable MD_LIGHT, we don't need to list MD_C as a
dependency here.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-11-08 12:30:52 +01:00