Ronald Cron
d28f5a98f1
ssl-opt.sh: Add certificate key usage tests for TLS 1.3
...
Those are adaptations of the already existing
TLS 1.2 tests. It is not really possible to just
remove the TLS 1.2 dependency of the existing tests
because of the following:
. in TLS 1.3 the ciphersuite selection on server
side is not related to the server certificate
. for tests involving OpenSSL the OpenSSL command line
as to be adapted to TLS 1.3
. server authentication is mandatory in TLS 1.3
. a key with KeyEncipherment and not DigitalSignature
usage is never acceptable
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-06-17 08:46:27 +02:00
Ronald Cron
ca3c6a5698
Merge pull request #5817 from xkqian/tls13_add_server_name
...
Tls13 add server name
2022-06-16 08:30:09 +02:00
Gilles Peskine
6194053feb
ASN.1: test that we can parse what we can write
...
In asn1_write tests, when there's a parsing function corresponding to the
write function, call it and check that it can parse what we wrote.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-06-15 21:17:25 +02:00
Gilles Peskine
b7e215f6bc
Fix copypasta in test data
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-06-15 21:16:42 +02:00
Andrzej Kurek
ca35f5bed0
test_suite_ssl: Use a zero fragment offset in a test with a too short record
...
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-06-15 07:19:40 -04:00
Ronald Cron
4ccd226cbf
Merge pull request #5864 from xkqian/tls13_add_comprehensive_cases
...
Tls13 add comprehensive cases
2022-06-15 09:18:11 +02:00
Przemek Stekiel
6c9fd61565
exercise_key_agreement_key: add special handling for HKDF_EXPAND
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-06-14 14:41:42 +02:00
Andrzej Kurek
7cf872557a
Rearrange the session resumption code
...
Previously, the transforms were populated before extension
parsing, which resulted in the client rejecting a server
hello that contained a connection ID.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-06-14 08:26:19 -04:00
Przemek Stekiel
d898745f70
exercise_key_agreement_key: provide SALT for HKDF_EXTRACT
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-06-14 11:41:52 +02:00
XiaokangQian
3ed16231ab
Refine server side SNI test cases
...
Change-Id: Icdc91ed382e81702e3b46645d3ce3534e62d4a13
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-06-14 08:24:04 +00:00
Jerry Yu
b7c12a466f
Refactor compat scripts
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-06-12 20:53:02 +08:00
Gilles Peskine
2c2730a372
ASN.1 write tests: test with larger buffer
...
Test with the output buffer size up to *and including* the expected output
size plus one. `... < expected->len + 1` was evidently a mistake.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-06-10 20:15:44 +02:00
Gilles Peskine
321a08944b
Fix bug whereby 0 was written as 0200 rather than 020100
...
0200 is not just non-DER, it's completely invalid, since there has to be a
sign bit.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-06-10 20:13:33 +02:00
Gilles Peskine
c9a30fba74
Add MPI write tests when the MPI object has a leading zero limb
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-06-10 20:13:07 +02:00
Gilles Peskine
0ab804a794
Fix mismatch between test data and test description
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-06-10 20:12:25 +02:00
Gilles Peskine
d8579b7673
Uncomment mbedtls_asn1_write_mpi tests with leading 1 bit
...
mbedtls_asn1_write_mpi() correctly handles the sign bit, so there's no
reason not to test that it's handled correctly.
Fix copypasta in test data that was commented out.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-06-10 20:10:37 +02:00
XiaokangQian
9b938b7c37
Share code with base class in generate_tls13_compat_tests.py
...
Change-Id: I4540bdff7072cdb9bcc9fdb0799c4165ca381b2a
CustomizedGitHooks: yes
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-06-10 07:06:32 +00:00
XiaokangQian
fb1a3fe7f3
Address comments about python syntax
...
CustomizedGitHooks: yes
Change-Id: I5c4d39789df802d0b839061ce8c59ad241917d0b
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-06-10 02:27:52 +00:00
Gilles Peskine
ae25bb043c
Fix null pointer dereference in mpi_mod_int(0, 2)
...
Fix a null pointer dereference when performing some operations on zero
represented with 0 limbs: mbedtls_mpi_mod_int() dividing by 2, or
mbedtls_mpi_write_string() in base 2.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-06-09 19:32:46 +02:00
XiaokangQian
b1847a234e
Re-structure to share more common code
...
Change-Id: I5034485f7511238d083c2725fbef8818d33ffb07
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-06-09 02:53:23 +00:00
Andrzej Kurek
ed4d217874
Add missing test dependencies for cookie parsing
...
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-06-08 11:57:57 -04:00
Andrzej Kurek
078e9bcda6
Add the mbedtls prefix to ssl_check_dtls_clihlo_cookie
...
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-06-08 11:47:33 -04:00
Paul Elliott
271c3052fb
Merge pull request #5892 from AndrzejKurek/ssl-opt-client-kill-fix
...
Fix a bug with executing ssl-client2 in ssl-opt.sh in a subshell
2022-06-08 14:27:01 +01:00
Dave Rodgman
11930699f1
Merge pull request #5827 from wernerlewis/time_utc
...
Use ASN1 UTC tags for dates before 2000
2022-06-08 13:54:19 +01:00
Paul Elliott
5f2bc754d6
Merge pull request #5792 from yuhaoth/pr/add-tls13-moving-state-tests
...
Pr/add-tls13-moving-state-tests
2022-06-08 13:39:52 +01:00
XiaokangQian
96287d98d8
Remove the certificate key check against the received signature
...
Change-Id: I07d8d46c58dec499f96cb7307fc0af15149d9df7
CustomizedGitHooks: yes
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-06-08 08:37:53 +00:00
XiaokangQian
9850fa8e8d
Refine ssl_tls13_pick_cert()
...
Change-Id: I5448095e280d8968b20ade8b304d139e399e54f1
CustomizedGitHooks: yes
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-06-08 07:02:41 +00:00
Przemek Stekiel
b088a900f4
test_suite_psa_crypto_storage_format: disable KA(ECDH,HKDF_EXTRACT/EXPAND...) test cases
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-06-07 15:34:18 +02:00
Przemek Stekiel
d9e1287e64
crypto_config_test_driver_extension.h add HKDF_EXTRACT/EXPAND algs
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-06-07 14:19:39 +02:00
XiaokangQian
23c5be6b94
Enable SNI test for both tls12 and tls13
...
Change-Id: Iae5c39668db7caa1a59d7e67f226a5286d91db22
CustomizedGitHooks: yes
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-06-07 09:43:13 +00:00
Ronald Cron
00e5eaad62
test: ssl: Remove more TLS 1.2 dependencies in handshake state tests
...
That way the concerned tests are also run in the
TLS 1.3 only configuration where a TLS 1.3
handshake is performed.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-06-07 11:14:01 +02:00
Ronald Cron
bdddaef9bb
test: ssl: Enable client authentication in handshake state tests
...
The endpoint initialization function was setting up
a certificate but the client certificate was not
used because client authentication was not enabled
(not enabled in the default SSL server configuration).
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-06-07 11:13:49 +02:00
Dave Rodgman
4b55a89327
Merge pull request #5887 from tom-daubney-arm/mbedtls_x509_crt_ext_types_accessor
...
Add accessor for x509 certificate extension types
2022-06-06 21:51:38 +01:00
Andrzej Kurek
cfb01948c8
Add cookie parsing tests to test_suite_ssl
...
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-06-06 15:29:15 -04:00
Andrzej Kurek
140b589ec6
Fix a bug with executing ssl-client2 in ssl-opt.sh in a subshell
...
When executing eval in the background, the next "$!" gives the
eval PID, not the ssl-client2 pid. This causes problems when
a client times out and the script tries to kill it. Instead, it
kills the parent eval call.
This caused problems with subsequent proxy tests receiving
old packets from a client from a previous test.
Moving the "&" to inside the eval call fixes the problem.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-06-06 15:02:36 -04:00
Thomas Daubney
5c9c2ce86d
Add correct test dependencies
...
Functions called within the test mean that MBEDTLS_X509_CRT_PARSE_C
is a test dependency and so is declared in this commit.
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
2022-06-06 16:36:43 +01:00
Thomas Daubney
a5f39e0ec2
Move accessor definition
...
Move the definition of the accessor so that it is not defined
within the MBEDTLS_X509_CRT_WRITE_C guards. Thus remove the
dependency from the test and test cases.
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
2022-06-06 15:42:32 +01:00
Przemek Stekiel
221391b3d2
generate_psa_tests.py: REVERT adapt OpFail test generator for HKDF-Exract/Expand algs
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-06-06 11:26:43 +02:00
Przemek Stekiel
66867731aa
derive_output tests: fix output key length to be consistent with teh description
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-06-06 11:26:02 +02:00
Przemek Stekiel
cde3f783f5
Make info valid only after secret for HKDF-EXPAND + adapt tests
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-06-06 11:26:02 +02:00
Przemek Stekiel
0586f4c4ea
Make salt mandatory for HKDF-EXTRACT + adapt tests
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-06-06 11:25:43 +02:00
Jerry Yu
6994e3e0c2
fix various issues
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-06-06 11:50:49 +08:00
Przemek Stekiel
0e99391afe
derive_output test: fix output key bit length
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-06-03 16:18:15 +02:00
Przemek Stekiel
3e8249cde0
Add PSA_WANT_ALG_HKDF_EXPAND, PSA_WANT_ALG_HKDF_EXTRACT, adapt code and dependencies
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-06-03 16:18:15 +02:00
Przemek Stekiel
f0f0bd068b
test_suite_psa_crypto_metadata: add test cases for the HKDF-Extract/Expand algorithms
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-06-03 16:18:15 +02:00
XiaokangQian
129aeb9b0e
Update test cases and support sni ca override
...
Change-Id: I6052acde0b0ec1c25537f8dd81a35562da05a393
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-06-02 09:29:18 +00:00
Werner Lewis
acd01e58a3
Use ASN1 UTC tags for dates before 2000
...
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
2022-06-01 16:24:28 +01:00
Jerry Yu
f2d32e6c3d
fix tls13_only test fail
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-06-01 18:05:18 +08:00
Thomas Daubney
3ff4fc6997
Add test data
...
Add two test cases for accessor test. One test where desired
ext type is presentent and the other of when the ext type is
not present.
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
2022-06-01 10:23:50 +01:00
Thomas Daubney
bd5466ab7e
Add test for accessor
...
Add test logic for accessor.
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
2022-06-01 10:23:50 +01:00
Jerry Yu
7bf3358a2d
Remove duplicated tests
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-06-01 16:55:17 +08:00
Jerry Yu
1443537da3
fix test fail when WANT_READ/WRITE returned
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-06-01 15:53:31 +08:00
XiaokangQian
f4f0f6961a
Enable requires_openssl_tls1_3 in sni test cases
...
Change-Id: I71fbabe0b2ff80d5f1f15ae7df2b048503ccf965
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-06-01 00:42:27 +00:00
XiaokangQian
ac41edfc5e
Enable requires_gnutls_tls1_3 in sni test cases
...
Change-Id: Iea18f4e6a6b4c6b90612b43a5bcd396cdd506335
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-05-31 13:22:13 +00:00
Jerry Yu
66537f40b6
fix certificate request fail
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-05-31 19:53:05 +08:00
Jerry Yu
1e7c438b67
remove tls1.3 dependancy
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-05-31 19:51:38 +08:00
Gilles Peskine
09858ae664
Merge pull request #5813 from mprse/deprecate_mbedtls_cipher_setup_psa
...
Deprecate mbedtls_cipher_setup_psa()
2022-05-31 10:56:52 +02:00
XiaokangQian
2ccd97b8ef
Change test case name to sni
...
Change-Id: I8f6e68deab71cc49741cbdf233cf876e29683db9
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-05-31 08:30:17 +00:00
Jerry Yu
66adf3155c
Update comments
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-05-31 15:23:29 +08:00
Jerry Yu
df0a71a0b0
Add handshake version test
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-05-31 15:06:04 +08:00
Jerry Yu
b3d86de3ea
fix hanshake wrapup fail
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-05-31 15:06:04 +08:00
Jerry Yu
df65b66003
Add handshake over test
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-05-31 15:06:04 +08:00
Jerry Yu
85e5c81c37
fix check test cases fail
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-05-31 15:06:04 +08:00
Jerry Yu
d9d049d180
revert dbg config
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-05-31 15:06:04 +08:00
Jerry Yu
d8c57feaf9
Add moving state test for TLS1.3
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-05-31 15:06:04 +08:00
Jerry Yu
023ff7acb1
Move dependes_on of move handshakes state
...
Prepare share move_handshake_state function with
TLSv1.3
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-05-31 15:06:04 +08:00
XiaokangQian
d5d5b60c07
Add comprehensive test cases for TLS1.3 server side
...
Change-Id: I544cb12b3ffe5edd7d59fa54342ca7db5b5c8a2a
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-05-31 02:51:26 +00:00
XiaokangQian
f2a942073e
Fix SNI test failure
...
Change-Id: Id3fce36af9bc52cac858b473168451945aa974f4
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-05-30 08:07:16 +00:00
XiaokangQian
40a3523eb7
Add support of server name extension to server side
...
Change-Id: Iccf5017e306ba6ead2e1026a29f397ead084cc4d
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-05-30 08:07:16 +00:00
XiaokangQian
9a4e1dd8a6
Add back openssl client auth test
...
Change-Id: Iea3b70381c3851102c542d1c55c0303bc3a14a92
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-05-26 00:58:11 +00:00
XiaokangQian
aca9048b5f
Change base on review
...
Fix comments
Add test cases for client authentication with empty certificate
Change-Id: Id8a741ddd997ca92e36832f26088eb0e67830ad8
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-05-26 00:47:11 +00:00
XiaokangQian
c3017f620f
Remove useless guards and refine checking
...
Change-Id: I9cd3073826fc65c203e479d83bed72331ff8963d
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-05-26 00:47:10 +00:00
XiaokangQian
189ded2b07
Remove coordinate functions and change state machine in server side
...
Change-Id: Id4abf78f493e77afc289409db691c9c61acde1d2
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-05-26 00:46:13 +00:00
Paul Elliott
8fba70f66c
Merge pull request #5749 from yuhaoth/pr/add-tls13-finished-message-and-wrapup
...
TLS 1.3: Add Finished Message and wrapup
2022-05-25 12:02:06 +01:00
Jerry Yu
5491f857d2
skip openssl client auth test
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-05-23 22:36:16 +08:00
Jerry Yu
090378c685
change exit code of cli auth test
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-05-23 21:03:52 +08:00
Manuel Pégourié-Gonnard
69e348db85
Merge pull request #5833 from superna9999/5826-create-mbedtls-pk-can-do-psa
...
Permissions 1: create `mbedtls_pk_can_do_ext()`
2022-05-23 10:58:32 +02:00
Jerry Yu
7eaadae941
fix no x509 info fail.
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-05-23 16:17:25 +08:00
Neil Armstrong
c661ff51c9
Fix pk_can_do_ext tests with non-opaque keys
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-05-20 09:49:04 +02:00
Neil Armstrong
5c5b116a49
Add pk_can_do_ext test for non-opaque keys
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-05-19 18:07:53 +02:00
Paul Elliott
4283a6b121
Merge pull request #5736 from gilles-peskine-arm/psa-raw_key_agreement-buffer_too_small
...
Make psa_raw_key_agreement return BUFFER_TOO_SMALL
2022-05-19 16:06:02 +01:00
Przemek Stekiel
476d9c45b8
Use MBEDTLS_TEST_DEPRECATED only in tests
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-05-19 14:11:06 +02:00
Przemek Stekiel
fcdd023ba6
derive_output tests: add invalid input secret test for HKDF-Expand
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-05-19 10:28:58 +02:00
Manuel Pégourié-Gonnard
6ab65e28cf
Merge pull request #5842 from mprse/decrypt_tests
...
RSA decrypt 2: TLS 1.2 integration testing
2022-05-18 12:58:50 +02:00
Jerry Yu
36becb1b81
update hrr tests
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-05-18 09:58:48 +08:00
Jerry Yu
a7abc5eaa8
fix ci test fails
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-05-18 09:58:48 +08:00
Jerry Yu
155493d4f5
fix openssl test fail.
...
different version openssl client return
different output. remove string check
to workaround it
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-05-18 09:58:48 +08:00
Jerry Yu
6622049bcc
test:add state check
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-05-18 09:58:48 +08:00
Jerry Yu
4d8567fa9e
fix various issues
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-05-18 09:58:48 +08:00
Gilles Peskine
42ed963c72
Update PSA compliance test branch
...
Update to a branch with a fix for the test case
"expected error for psa_raw_key_agreement - Small buffer size"
since we just fixed the corresponding bug.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-05-17 17:23:09 +02:00
Paul Elliott
a478441517
Merge pull request #5748 from yuhaoth/pr/add-tls13-write-certificate-and-verify
...
TLS1.3:Add Certificate and CertificateVerify message on Server Side
2022-05-17 15:47:36 +01:00
Neil Armstrong
8eb0afb726
Remove duplicate pk_can_do_ext test
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-05-17 14:58:11 +02:00
Neil Armstrong
408f6a60a3
Add usage parameter to mbedtls_pk_can_do_ext()
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-05-17 14:23:20 +02:00
Neil Armstrong
434d4eb74f
Remove invalid comments in pk_can_do_ext()
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-05-17 11:58:22 +02:00
Gilles Peskine
7be11a790d
Use TEST_LE_U in some places where it applies
...
Systematically replace "TEST_ASSERT( $x <= $y )" by "TEST_LE_U( $x, $y )" in
test_suite_psa_crypto. In this file, all occurrences of this pattern are
size_t so unsigned.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-05-16 19:37:53 +02:00
Gilles Peskine
d1465429a2
New test helper macros TEST_LE_U, TEST_LE_S
...
Test assertions for integer comparisons that display the compared values on
failure. Similar to TEST_EQUAL.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-05-16 19:33:11 +02:00
Gilles Peskine
3ff25443c8
Separate the validation of the size macros and of the function
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-05-16 19:33:11 +02:00
Gilles Peskine
d4a258a08f
Improve PSA_RAW_KEY_AGREEMENT_OUTPUT_SIZE validation
...
We want to check:
1. actual output <= PSA_RAW_KEY_AGREEMENT_OUTPUT_SIZE (the output fits
if the caller uses the key-specific buffer size macro)
2. actual output <= PSA_RAW_KEY_AGREEMENT_OUTPUT_MAX_SIZE (the output fits
if the caller uses the generic buffer size macro)
3. PSA_RAW_KEY_AGREEMENT_OUTPUT_SIZE <= PSA_RAW_KEY_AGREEMENT_OUTPUT_MAX_SIZE
(consistency in the calculation)
We were only testing (1) and (2). Test (3) as well. (1) and (3) together
imply (2) so there's no need to test (2).
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-05-16 19:33:11 +02:00
Gilles Peskine
992bee8b6e
Test psa_raw_key_agreement with a larger/smaller buffer
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-05-16 19:33:11 +02:00
Przemek Stekiel
8da6da3da2
ssl-opt.sh: add test of RSA Opaque keys with TLS 1.2 server for decryption
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-05-16 14:37:50 +02:00
Gilles Peskine
9b7e29663f
Merge pull request #4211 from ccawley2011/mingw
...
Fix compilation with MinGW32
2022-05-16 12:30:37 +02:00
Przemek Stekiel
e58ca8bb5e
Add MBEDTLS_TEST_DEPRECATED dependency
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-05-13 15:48:41 +02:00
Jerry Yu
b89125b81a
Add test without server certificate
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-05-13 15:50:04 +08:00
Przemek Stekiel
61922d1328
Fix mbedtls_cipher_setup_psa() dependencies in tests
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-05-12 13:51:51 +02:00
Manuel Pégourié-Gonnard
1cd4f6a873
Merge pull request #5794 from mprse/cipher_dep
...
Fix undeclared dependencies: CIPHER
2022-05-12 13:09:04 +02:00
Manuel Pégourié-Gonnard
4014a0408e
Merge pull request #5617 from gilles-peskine-arm/chacha20-rfc7539-test-vector
...
PSA: ChaCha20: add RFC 7539 test vector with counter=1
2022-05-12 12:34:20 +02:00
Neil Armstrong
ce1d2397d2
Add tests for mbedtls_pk_can_do_ext() in test_suite_pktest_suite_pk
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-05-12 11:53:02 +02:00
Przemek Stekiel
da5f483ad8
all.sh: Fix order of CIPHER dependencies
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-05-12 10:42:20 +02:00
Przemek Stekiel
179d74831f
all.sh: add build/test config crypto_full minus CIPHER
...
Dependency list:
- ['MBEDTLS_CIPHER_C']
- ['MBEDTLS_CMAC_C', 'MBEDTLS_NIST_KW_C', 'MBEDTLS_PKCS12_C', 'MBEDTLS_PKCS5_C', 'MBEDTLS_CCM_C', 'MBEDTLS_GCM_C', 'MBEDTLS_PSA_CRYPTO_C']
- ['MBEDTLS_PSA_CRYPTO_SE_C', 'MBEDTLS_PSA_CRYPTO_STORAGE_C', 'MBEDTLS_USE_PSA_CRYPTO']
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-05-12 10:42:20 +02:00
Przemek Stekiel
10f3a601b4
all.sh: add build/test config full minus CIPHER
...
Dependency list:
- ['MBEDTLS_CIPHER_C']
- ['MBEDTLS_CMAC_C', 'MBEDTLS_NIST_KW_C', 'MBEDTLS_PKCS12_C', 'MBEDTLS_PKCS5_C', 'MBEDTLS_CCM_C', 'MBEDTLS_GCM_C', 'MBEDTLS_PSA_CRYPTO_C', 'MBEDTLS_SSL_TLS_C', 'MBEDTLS_SSL_TICKET_C']
- ['MBEDTLS_PSA_CRYPTO_SE_C', 'MBEDTLS_PSA_CRYPTO_STORAGE_C', 'MBEDTLS_SSL_PROTO_TLS1_3', 'MBEDTLS_SSL_CLI_C', 'MBEDTLS_SSL_SRV_C', 'MBEDTLS_SSL_DTLS_ANTI_REPLAY', 'MBEDTLS_SSL_DTLS_CONNECTION_ID', 'MBEDTLS_USE_PSA_CRYPTO']
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-05-12 10:42:20 +02:00
Jerry Yu
c450566b85
Update client auth tests
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-05-12 14:44:59 +08:00
Jerry Yu
c8bdbf72d3
test:add state check for certificate and verify
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-05-12 14:44:59 +08:00
Dave Rodgman
3009a97e00
Minor spelling / grammar improvements
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2022-05-11 21:25:54 +01:00
Andrzej Kurek
5c65c5781f
Fix additional misspellings found by codespell
...
Remaining hits seem to be hex data, certificates,
and other miscellaneous exceptions.
List generated by running codespell -w -L
keypair,Keypair,KeyPair,keyPair,ciph,nd
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-05-11 21:25:54 +01:00
Shaun Case
8b0ecbccf4
Redo of PR#5345. Fixed spelling and typographical errors found by CodeSpell.
...
Signed-off-by: Shaun Case <warmsocks@gmail.com>
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2022-05-11 21:25:51 +01:00
Przemek Stekiel
398c503f6f
generate_psa_tests.py: adapt OpFail test generator for HKDF-Exract/Expand algs
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-05-11 14:05:40 +02:00
Przemek Stekiel
6786a87ccd
derive_output tests: add capacity HKDF-Extract/Expand tests
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-05-11 12:40:21 +02:00
Przemek Stekiel
2849e0e4d5
derive_output tests: add negative HKDF-Extract/Expand tests
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-05-11 12:38:01 +02:00
Przemek Stekiel
e1036fbe90
derive_output tests: add positive HKDF-Extract/Expand tests
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-05-11 12:34:53 +02:00
Przemek Stekiel
ead1bb9987
derive_output test: Adapt for HKDF-Extract/Expand algs
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-05-11 12:22:57 +02:00
Manuel Pégourié-Gonnard
5479f5321a
Merge pull request #5772 from superna9999/5762-rsa-decrypt-pk
...
RSA decrypt 1a: PK
2022-05-11 11:01:01 +02:00
Neil Armstrong
814562afaa
Switch last TEST_ASSERT() in TEST_EQUAL() in pk_wrap_rsa_decrypt_test_vec()
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-05-11 09:29:57 +02:00
Paul Elliott
d1a954d243
Merge pull request #5707 from yuhaoth/pr/add-tls13-write-hello-retry-request
...
TLS1.3: Add HelloRetryRequest Write
2022-05-10 17:25:33 +01:00
Cameron Cawley
ea5496ceb3
Fix compilation with MinGW32
...
Signed-off-by: Cameron Cawley <ccawley2011@gmail.com>
2022-05-10 13:46:09 +01:00
Manuel Pégourié-Gonnard
42650260a9
Merge pull request #5783 from mprse/md_dep_v3
...
Fix undeclared dependencies: MD
2022-05-10 10:41:32 +02:00
Manuel Pégourié-Gonnard
9bbb7bacae
Merge pull request #5791 from superna9999/5788-unify-non-opaque-and-opaque-psks
...
Unify non-opaque and opaque PSKs
2022-05-09 10:15:16 +02:00
Jerry Yu
ede50ea891
move hrr tests
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-05-09 15:49:09 +08:00
Jerry Yu
23f7a6fc5c
share write_body between HRR and ServerHello
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-05-09 15:49:01 +08:00
Jerry Yu
cb03677f85
add hrr test
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-05-09 15:48:59 +08:00
XiaokangQian
a987e1d2f8
Change state machine after encrypted extension and update cases
...
Change-Id: Ie84a2d52a08538afb8f6096af0c054bd55ed66cb
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-05-07 01:37:04 +00:00
XiaokangQian
45c22201b3
Update test cases and encrypted extension state set
...
Change-Id: Ie1acd10b61cefa9414169b276a0c5c5ff2f9eb79
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-05-07 01:37:04 +00:00
XiaokangQian
2f150e184f
Update status and add test cases for client certificate request
...
Change-Id: If9b9672540d2b427496b7297aa484b8bcfeb75c5
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-05-07 01:37:04 +00:00
Ronald Cron
25b1f5d2b7
Merge pull request #5545 from xffbai/tls13-write-enc-ext
...
TLS1.3: add writing encrypted extensions on server side.
2022-05-06 13:54:45 +02:00
Przemek Stekiel
d3ba7367c9
component_test_crypto_full_no_md: fix order of disabled features
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-05-06 11:41:56 +02:00
Przemek Stekiel
fe2367af26
all.sh: add build/test config crypto_full minus MD
...
Dependeny list:
- ['MBEDTLS_MD_C']
- ['MBEDTLS_ECJPAKE_C', 'MBEDTLS_PKCS5_C', 'MBEDTLS_PKCS12_C', 'MBEDTLS_PKCS1_V15', 'MBEDTLS_PKCS1_V21', 'MBEDTLS_HKDF_C', 'MBEDTLS_HMAC_DRBG_C', 'MBEDTLS_PK_C']
- ['MBEDTLS_ECDSA_DETERMINISTIC', 'MBEDTLS_PK_PARSE_C', 'MBEDTLS_PK_WRITE_C', 'MBEDTLS_RSA_C']
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-05-05 12:09:03 +02:00
Przemek Stekiel
1068c224a4
Adapt generated psa no_supported tests for HMAC
...
Remove no_supported HMAC generate/import tests when !PSA_KEY_TYPE_HMAC as HMAC key creation works regardless of PSA_WANT_KEY_TYPE_HMAC.
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-05-05 12:09:03 +02:00
Przemek Stekiel
cd204992f2
Fix dependencies in tests
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-05-05 12:09:03 +02:00
Werner Lewis
e59a531455
Fix memcpy() UB in mbedtls_asn1_named_data()
...
Removes a case in mbedtls_asn1_named_data() where memcpy() could be
called with a null pointer and zero length. A test case is added for
this code path, to catch the undefined behavior when running tests with
UBSan.
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
2022-05-04 11:45:06 +01:00
Neil Armstrong
cd05f0b9e5
Drop skip PMS generation for opaque XXX-PSK now Opaque PSA key is always present when MBEDTLS_USE_PSA_CRYPTO selected
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-05-04 11:08:41 +02:00
Neil Armstrong
4c3b4e079c
Initialize & free PSA in test_multiple_psks()
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-05-04 11:08:41 +02:00
Jerry Yu
7c0da07445
Update state check
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-05-03 15:08:54 +08:00
Neil Armstrong
b32ae72e27
Add PK Opaque RSA decrypt tests
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-05-02 09:14:58 +02:00
Manuel Pégourié-Gonnard
068a13d909
Merge pull request #5771 from superna9999/5761-rsa-decrypt-rework-pk-wrap-as-opaque
...
RSA decrypt 0: Rework `mbedtls_pk_wrap_as_opaque()`
2022-05-02 09:06:49 +02:00
Manuel Pégourié-Gonnard
67397fa4fd
Merge pull request #5704 from mprse/mixed_psk_2cx
...
Mixed PSK 2a, 2b, 2c: enable client/server support opaque RSA-PSK, ECDHE-PSK, DHE-PSK
2022-04-29 10:47:16 +02:00
Gilles Peskine
310294f06a
Merge pull request #5759 from tom-daubney-arm/correct_x509_flag_parse_tests
...
Set flag to proper value in x509 parse tests
2022-04-28 18:27:36 +02:00
Gilles Peskine
2b5d898eb4
Merge pull request #5644 from gilles-peskine-arm/psa-storage-format-test-exercise
...
PSA storage format: exercise key
2022-04-28 18:20:02 +02:00
Gilles Peskine
038108388a
Merge pull request #5654 from gilles-peskine-arm/psa-crypto-config-file
...
Support alternative MBEDTLS_PSA_CRYPTO_CONFIG_FILE
2022-04-28 18:17:50 +02:00
Gilles Peskine
4098083ed4
Merge pull request #5745 from superna9999/5712-pk-opaque-rsa-pss-sign-tls
...
RSA-PSS sign 2: TLS 1.3 integration testing
2022-04-28 18:16:44 +02:00
Neil Armstrong
95974974d2
Update mbedtls_pk_wrap_as_opaque() usage in PK & X509write tests
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-04-28 13:27:59 +02:00
Manuel Pégourié-Gonnard
ad47487e25
Merge pull request #5742 from superna9999/5669-review-test-incompatible-psa
...
Fixup or re-enable tests with Use PSA
2022-04-28 09:57:13 +02:00