Now that the C code supports the full range of intmax_t, allow any size of
signed integer type in the .data file parser.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Change the type of signed integer arguments from int32_t to intmax_t.
This allows the C code to work with test function arguments with a range
larger than int32_t. A subsequent commit will change the .datax generator
to support larger types.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Use normalization the equality comparisons instead of loose regular
expressions to determine the type of an argument of a test function.
Now declarations are parsed in a stricter way: there can't be ignored junk
at the beginning or at the end. For example, `long long unsigned int x`
was accepted as a test function argument (but not `long long unsigned x`),
although this was misleading since the value was truncated to the range of
int. Now only recognized types are accepted.
The new code is slightly looser in that it accepts `char const*` as well as
`const char*`.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
The test framework stores size_t and int32_t values in the parameter store
by converting them all to int. This is ok in practice, since we assume int
covers int32_t and we don't have test data larger than 2GB. But it's
confusing and error-prone. So make the parameter store a union, which allows
size_t values not to be potentially truncated and makes the code a little
clearer.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
In the .datax parser, since we're calling strtol() anyway, rely on it for
verification. This makes the .datax parser very slightly more
liberal (leading spaces and '+' are now accepted), and changes the
interpretation of numbers with leading zeros to octal.
Before, an argument like :0123: was parsed as decimal, but an argument like
:0123+1: was parsed as a C expression and hence the leading zero marked an
octal representation. Now, a leading zero is always interpreted according to
C syntax, namely indicating octal. There are no nonzero integer constants
with a leading zero in a .data file, so this does not affect existing test
cases.
In the .datax generator, allow negative arguments to be 'int' (before, they
were systematically treated as 'exp' even though they didn't need to be).
In the .datax parser, validate the range of integer constants. They have to
fit in int32_t. In the .datax generator, use 'exp' instead of 'int' for
integer constants that are out of range.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Treat backslash as a universal escape character: "\n" is a newline,
backslash escapes any non-alphanumeric character.
This affects some test cases that had "\," standing for backslash-comma.
With the new uniform treatment of backslashes, this needs to be "\\,".
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
We're using the non-standard function strcasecmp() just so that the case
of digits beyond 9 can be different in the library and in the test data.
Use matching case in the test data, and use a standard function for the
comparison.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
This patch introduces basic unit-testing for the `ecp_mod_p256k1()`.
The method is exposed through the ecp_invasive interface, and
the standard testing data is being provided by the python framework.
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
This patch introduces basic unit-testing for the `ecp_mod_p224k1()`.
The method is exposed through the ecp_invasive interface, and
the standard testing data is being provided by the python framework.
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
Only some test cases are skipped for which ECP_C is mandatory,
but the other ones are included.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
Changes in test_suite_psa_crypto are to enforce the dependency
on ECP_C which is mandatory for some key's derivation.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
Instead of using the legacy mbedtls_ecp_gen_keypair() which makes
use of ECP's math, when USE_PSA_CRYPTO is enabled then the new
function pk_genkey_ec() is used in test_suite_pk.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
Instead of using the legacy mbedtls_ecp_mul() function which makes use of
ECP's math, this commit adds a new function named pk_derive_public_key()
which implements the same behavior using PSA functions.
The flow is simple:
- import the private key into PSA
- export its public part
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
This patch introduces a new local hash define of
`MBEDTLS_ECP_DP_SECP_GENERIC_ENABLED` to replace the
removed curve specific macros, introduced in upstream.
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
This patch replaces similiarly structured test functions
for:
* MBEDTLS_ECP_DP_SECP192R1
* MBEDTLS_ECP_DP_SECP224R1
* MBEDTLS_ECP_DP_SECP256R1
* MBEDTLS_ECP_DP_SECP384R1
* MBEDTLS_ECP_DP_BP512R1R1
with a more generic version, which adjusts the parameters, based on the `curve_id` field,
provided by the testing data.
The python test framework has been updated to provide that extra field.
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
Restore the dependency on !MBEDTLS_SSL_PROTO_TLS1_3
of the DTLS fragmentation tests. That way the test
is not run on Windows 2013 (as in development) where
there is an issue with MBEDTLS_PRINTF_SIZET when
running those tests. I will address this issue in a
separate PR.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
Set hybrid TLS 1.2/1.3 as default server
configuration if both TLS 1.2 and TLS 1.3
are enabled at build time.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
Also updated the x509_get_general_names function to be able to parse rfc822Names
Test are also updated according these changes.
Signed-off-by: toth92g <toth92g@gmail.com>
- Wrong condition was checked (ref_ret != 0 instead of ref_ret == 0)
- tags were not checked (nor lengths)
- Using ASSERT_COMPARE where possible
Signed-off-by: toth92g <toth92g@gmail.com>
A few tests are also added which test the feature with a correct certificate and multiple ones with erroneous ASN1 tags.
Signed-off-by: toth92g <toth92g@gmail.com>
Instead of using the legacy mbedtls_ecp_check_pub_priv() function which
was based on ECP math, we add a new option named eckey_check_pair_psa()
which takes advantage of PSA.
Of course, this is available when MBEDTLS_USE_PSA_CRYPTO in enabled.
Tests were also fixed accordingly.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
All RSA associated algs are now forcedly disabled both on library
and driver sides.
Some PSA driver tests required to be fixed because they were just
requiring for not having the built-in version, but they didn't check
if the driver one was present (kind of assuming that RSA was always
supported on the driver side).
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
The test cases use the following MPI values.
The .data file only includes those (a, b) values where a <= b; the test code
does a * b and b * a.
0 1 80 ff 100 fffe ffff 10000 ffffffff 100000000
20000000000000 7f7f7f7f7f7f7f7f 8000000000000000 ffffffffffffffff
10000000000000000 10000000000000001 1234567890abcdef0
fffffffffffffffffefefefefefefefe 100000000000000000000000000000000
1234567890abcdef01234567890abcdef0
ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff
1234567890abcdef01234567890abcdef01234567890abcdef01234567890abcdef0
4df72d07b4b71c8dacb6cffa954f8d88254b6277099308baf003fab73227f34029643b5a263f66e0d3c3fa297ef71755efd53b8fb6cb812c6bbf7bcf179298bd9947c4c8b14324140a2c0f5fad7958a69050a987a6096e9f055fb38edf0c5889eca4a0cfa99b45fbdeee4c696b328ddceae4723945901ec025076b12b
The lines in the .data file were generated by the following script
```
#!/usr/bin/env perl
#
# mpi-test-core-mul.pl - generate MPI tests in Perl for mbedtls_mpi_core_mul()
#
use strict;
use warnings;
use Math::BigInt;
use sort 'stable';
my $echo = 0;
my @mul_mpis = qw(
0 1 80 ff 100 fffe ffff 10000 ffffffff 100000000
20000000000000 7f7f7f7f7f7f7f7f 8000000000000000 ffffffffffffffff
10000000000000000 10000000000000001 1234567890abcdef0 fffffffffffffffffefefefefefefefe
100000000000000000000000000000000 1234567890abcdef01234567890abcdef0
ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff
1234567890abcdef01234567890abcdef01234567890abcdef01234567890abcdef0
4df72d07b4b71c8dacb6cffa954f8d88254b6277099308baf003fab73227f34029643b5a263f66e0d3c3fa297ef71755efd53b8fb6cb812c6bbf7bcf179298bd9947c4c8b14324140a2c0f5fad7958a69050a987a6096e9f055fb38edf0c5889eca4a0cfa99b45fbdeee4c696b328ddceae4723945901ec025076b12b
);
generate_tests();
sub generate_tests {
generate_mbedtls_mpi_core_mul();
}
sub generate_mbedtls_mpi_core_mul {
my $sub_name = (caller(0))[3]; # e.g. main::generate_mbedtls_mpi_sub_mpi
my ($ignore, $test_name) = split("main::generate_", $sub_name);
my @cases = ();
for my $ah (@mul_mpis) {
for my $bh (@mul_mpis) {
my $a = Math::BigInt->from_hex($ah);
my $b = Math::BigInt->from_hex($bh);
next if $a > $b; # don't need to repeat test cases
my $r = $a * $b;
my $rh = $r->to_hex();
my $desc = "$test_name #NUMBER: 0x$ah * 0x$bh = 0x$rh";
my $case = output($test_name, str($ah), str($bh), str($rh));
push(@cases, [$case, $desc]);
}
}
output_cases("", @cases);
}
sub output_cases {
my ($explain, @cases) = @_;
my $count = 1;
for my $c (@cases) {
my ($case, $desc, $dep) = @$c;
$desc =~ s/NUMBER/$count/; $count++;
if (defined($explain) && $desc =~ /EXPLAIN/) {
$desc =~ s/EXPLAIN/$explain/;
$explain = "";
}
my $depends = "";
$depends = "depends_on:$dep\n" if defined($dep) && length($dep);
print <<EOF;
$desc
$depends$case
EOF
}
}
sub output {
return join(":", @_);
}
sub str {
return '"' . $_[0] . '"';
}
```
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
The support for the PSA crypto driver interface
is not optional anymore as the implementation of
the PSA cryptography interface has been restructured
around the PSA crypto driver interface (see
psa-crypto-implementation-structure.md). There is
thus no purpose for the configuration options
MBEDTLS_PSA_CRYPTO_DRIVERS anymore.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
Now, that the errors are not silently ignored
anymore, instead of expecting a <malformed>
tag in parsed data, the test case returns
an error.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
Weierstrass key derivation still depends on ECP_C (no driver dispatch
yet), so the legacy dependency is still mandatory here.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
Now that Entropy doesn't need it any more, we can have driver-only
SHA-256 (and 224 with it) in the non-USE_PSA component too.
This reveals a missing PSA_INIT in a PK test using SHA-256.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
Unless I missed something, all remaining instance of all macros are in
files where it makes sense to use these. I went over the output of:
git grep -c -E 'MBEDTLS_(MD5|RIPEMD160|SHA[0-9]*)_C'
and I think all the files listed fall into one of the following
acceptable categories:
- documentation and historical documents: Changelog, docs/**/*.md
- config files and related: mbedtls_config.h, configs/*.h,
check_config.h, config_psa.h, etc.
- scripts that build/modify configs: all.sh, depends.py,
set_psa_test_dependencies.py, etc.
- implementation of MD or PSA or related: md.h, psa_util.h, etc. and
corresponding test suites
- implementation of hashes: md5.c, sha256.h, etc. and corresponding test
suites
- two example programs using a low-level hash API: hash/hello.c,
pkey/ecdsa.c
- test/benchmark.c, test/selftest.c: actually want our built-in
implementations
- a function in test_suite_psa_crypto_storage_format that is
specifically for checking if the hash is built in.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
sed -i -f md.sed include/mbedtls/ssl.h library/hmac_drbg.c programs/pkey/*.c programs/x509/*.c tests/scripts/generate_pkcs7_tests.py tests/suites/test_suite_random.data
Then manually revert programs/pkey/ecdsa.c as it's using a low-level
hash API.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
These were assuming that psa_crypto_init() doesn't call hashes, which is
not always correct.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
Split the part the varies between driver/built-in builds to a separate
file for convenience. Fix analyze_outcomes.py to be able to exclude
specific data files and not just a whole family at once.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
1. Change USE_PSA_CRYPTO_INIT/DONE to MD_OR_USE.
2. Add missing occurrences - some of these were already necessary in
principle (in one form or another) but where missing and this was not
detected so far as `psa_hash` doesn't complain in case of a missing
init, but now MD makes it visible.
3. Add missing include in ssl_test_lib.h.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
Introduce MD_OR_USE_PSA_INIT/DONE. This will likely be used everywhere
in X.509 and SSL/TLS, but most places in PK only need USE_PSA_INIT/DONE.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
After this, only PK, X.509 and TLS remain to be done.
Deterministic uses HMAC-DRBG which uses MD, so it needs crypto_init()
when using a driver-only hash.
Also, remove a special-purpose macro that's no longer needed.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
Could use MD_CAN, as both are equivalent when MBEDTLS_PSA_CRYPTO_C is
defined, but using PSA_WANT is preferable in a PSA context.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
As a consequence, MD_C is now enabled in component accel_hash_use_psa.
Fix guards in X.509 info function to avoid this causing a failure now.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
sed -i -f md.sed library/pkcs12.c tests/suites/test_suite_pkcs12.* include/mbedtls/pkcs12.h
with md.sed as before.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
This enables access to all available hashes, instead of the previous
situation where you had to choose by including MD_C or not.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
This is in preparation for running it multiple times with different
alignments.
This commit also fixes the fact that we weren't calling mbedtls_aes_free()
on the context (we still aren't if the test fails). It's not an issue except
possibly in some ALT implementations.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Don't use all-bytes zero as a string, it's harder to debug.
This commit uses the test vectors from FIPS 197 appendix C.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
All tests that call md_setup() or compute a hash of a HMAC may now need
it in some builds.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
This will be used in the next commit.
While at it, move driver initialization before RNG init - this will be
handy when the entropy module wants to use drivers for hashes.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
When passed an empty OID, mbedtls_oid_get_numeric_string would read one
byte from the zero-sized buffer and return an error code that depends on
its value. This is demonstrated by the test suite changes, which
check that an OID with length zero and an invalid buffer pointer does
not cause Mbed TLS to segfault.
Also check that second and subsequent subidentifiers are terminated, and
add a test case for that. Furthermore, stop relying on integer division
by 40, use the same loop for both the first and subsequent
subidentifiers, and add additional tests.
Signed-off-by: Demi Marie Obenour <demiobenour@gmail.com>