Commit graph

7711 commits

Author SHA1 Message Date
Dave Rodgman
5a1d00f03d Merge remote-tracking branch 'origin/development' into fast_xor
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2022-11-25 17:10:25 +00:00
Dave Rodgman
bf9b23abf8
Merge pull request #6648 from gilles-peskine-arm/psa-ecb-null-0
Fix NULL+0 undefined behavior in PSA crypto ECB
2022-11-25 17:07:46 +00:00
Bence Szépkúti
6e85673e8d
Merge pull request #3431 from naynajain/development-pkcs7
PKCS7 Parser - RFC 2315
2022-11-25 15:55:46 +01:00
Janos Follath
505a228b7b
Merge pull request #6606 from gabor-mezei-arm/6222_bignum_low_level_subtraction
Bignum: Add low level subtraction
2022-11-25 13:27:23 +00:00
Dave Rodgman
f1419dbbe8
Merge pull request #6381 from tom-cosgrove-arm/pr2164
mbedtls: fix possible false success in mbedtls_cipher_check_tag()
2022-11-25 10:55:10 +00:00
Bence Szépkúti
ae79fb2c2e Merge branch 'development' into pr3431 2022-11-25 03:12:43 +01:00
Gilles Peskine
4bdb9fbfa2 Enable all ciphers in OpenSSL >=1.1.0
OpenSSL may be configured to support features such as cipher suites or
protocol versions that are disabled by default. Enable them all: we're
testing, we don't care about enabling insecure stuff. This is not needed
with the builds of OpenSSL that we're currently using on the Jenkins CI, but
it's needed with more recent versions such as typically found on developer
machines, and with future CI additions.

The syntax to do that was only introduced in OpenSSL 1.1.0; fortunately we
don't need to do anything special with earlier versions.

With OpenSSL 1.1.1f on Ubuntu 20.04, this allows SHA-1 in certificates,
which is still needed for a few test cases in ssl-opt.sh. Curiously, this is
also needed for the cipher suite TLS-DHE-PSK-WITH-ARIA-128-GCM-SHA256 (and
no other, including other DHE-PSK or ARIA cipher suites).

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-11-24 22:41:55 +01:00
Dave Rodgman
7a910a8be0 Minor formatting tweaks
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2022-11-24 21:17:40 +00:00
Gabor Mezei
cbcbf4e434
Remove hand-written tests got raw_mod_sub
The generated tests cover all off the hand-written tests.

Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-11-24 11:48:59 +01:00
Dave Rodgman
3172e4e1c9 Fix typo in test_suite_common
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2022-11-23 19:38:13 +00:00
Dave Rodgman
15531bc6d2 Test for all alignment combinations
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2022-11-23 16:51:12 +00:00
Gabor Mezei
b3b3466657
Test subtraction if the parameters are aliased to each other
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-11-23 14:44:14 +01:00
Gabor Mezei
4d3f3c5430
Fix the checking of the used limbs
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-11-23 14:44:14 +01:00
Gabor Mezei
68a45e0aaf
Fix potential not initialized warning
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-11-23 14:44:14 +01:00
Gabor Mezei
c426d9b6cc
Add generated test for low level subtraction with modulus
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-11-23 14:44:13 +01:00
Gabor Mezei
cefe03a10c
Add tests for low level subtraction with modulus
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-11-23 14:44:13 +01:00
Janos Follath
531a871b88
Merge pull request #6235 from tom-cosgrove-arm/issue-6231-core-sub-int
Bignum: extract core_sub_int from the prototype
2022-11-23 13:32:02 +00:00
Gilles Peskine
42649d9270 Fix NULL+0 undefined behavior in ECB encryption and decryption
psa_cipher_encrypt() and psa_cipher_decrypt() sometimes add a zero offset to
a null pointer when the cipher does not use an IV. This is undefined
behavior, although it works as naively expected on most platforms. This
can cause a crash with modern Clang+ASan (depending on compiler optimizations).

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-11-23 14:16:52 +01:00
Manuel Pégourié-Gonnard
ef25a99f20
Merge pull request #6533 from valeriosetti/issue5847
Use PSA EC-JPAKE in TLS (1.2) - Part 2
2022-11-23 13:27:30 +01:00
Ronald Cron
1d1d53622f
Merge pull request #6490 from xkqian/tls13_parse_early_data_indication_ee
The internal CI merge job ran successfully.
2022-11-23 12:31:25 +01:00
Ronald Cron
cb0e680779
Merge pull request #6476 from yuhaoth/pr/fix-tls13-mbedtls_ssl_is_handshake_over
TLS 1.3: Fix tls13 mbedtls ssl is handshake over
2022-11-23 12:12:02 +01:00
Ronald Cron
d8603a7b44
Merge pull request #6638 from ronald-cron-arm/tls13-misc
TLS 1.3: Adjustments for the coming release
2022-11-23 09:07:36 +01:00
Dave Rodgman
8c18baf8c1 Add test for unaligned buffers
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2022-11-22 18:15:55 +00:00
Dave Rodgman
4413b6690f Add tests for mbedtls_xor
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2022-11-22 17:32:43 +00:00
Tom Cosgrove
d66d5b2fef Add unit tests for mbedtls_mpi_core_sub_int(), MPI A - scalar b
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2022-11-22 15:07:31 +00:00
Bence Szépkúti
a17d038ee1 Merge branch 'development' into pr3431 2022-11-22 15:54:52 +01:00
Janos Follath
0fc88779ec
Merge pull request #6632 from yanesca/refactor_bignum_test_framework
Refactor bignum test framework
2022-11-22 14:53:58 +00:00
Gilles Peskine
a08103aa94
Merge pull request #6611 from gilles-peskine-arm/run-test-suites-out-of-tree
Fix run-test-suites.pl in out-of-tree builds
2022-11-22 15:01:13 +01:00
Gilles Peskine
4f19d86e3f
Merge pull request #6608 from mprse/ecjpake_password_fix
Make a copy of the password key in operation object while setting j-pake password
2022-11-22 14:52:12 +01:00
Xiaokang Qian
8bee89994d Add parse function for early data in encrypted extentions
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2022-11-22 09:40:07 +00:00
Ronald Cron
c2e110f445 tls13: Disable MBEDTLS_SSL_EARLY_DATA by default
Eventually we want it to be enabled by default
when TLS 1.3 is enabled but currently the
feature is on development thus it should not be
enabled by default.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-11-22 09:01:46 +01:00
Gilles Peskine
339406daf9
Merge pull request #6609 from gilles-peskine-arm/mpi_sint-min-ub
Fix undefined behavior in bignum: NULL+0 and -most-negative-sint
2022-11-21 19:51:58 +01:00
Gilles Peskine
8b85b4835e
Merge pull request #6617 from tom-cosgrove-arm/call-mbedtls_mpi_mod_modulus_init-first-final-2
Must call mbedtls_mpi_mod_modulus_init() before anything else in tests
2022-11-21 19:50:20 +01:00
Przemek Stekiel
f82effa982 Optimize pake test code
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-11-21 15:10:32 +01:00
Przemek Stekiel
cd356c3cdb Add ec-jpake test to verify if key can be destroyed after set_password_key
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-11-21 12:25:21 +01:00
Dave Rodgman
9e1836cc16
Merge pull request #6593 from Mbed-TLS/fix_tls12_sent_sigalgs
Fix TLS1.2 signature algorithms list entry getting overwritten by length.
2022-11-21 10:09:57 +00:00
Janos Follath
f45797652f Bignum tests: set unique combinations off by default
Normally we need all the combinations, unique combinations make sense
only if the operation is commutative.

No changes to generated tests.

Signed-off-by: Janos Follath <janos.follath@arm.com>
2022-11-21 08:56:14 +00:00
Janos Follath
351e6885f5 Make pylint happy
Signed-off-by: Janos Follath <janos.follath@arm.com>
2022-11-21 08:56:14 +00:00
Janos Follath
87df373e0e Bignum test: Move identical function to superclass
No intended change in generated test cases.

Signed-off-by: Janos Follath <janos.follath@arm.com>
2022-11-21 08:56:13 +00:00
Janos Follath
0cd8967ba1 Split test generator base class
The class BaseTarget served two purposes:
- track test cases and target files for generation
- provide an abstract base class for individual test groups

Splitting these allows decoupling these two and to have further common
superclasses across targets.

No intended change in generated test cases.

Signed-off-by: Janos Follath <janos.follath@arm.com>
2022-11-21 08:56:13 +00:00
Jerry Yu
dddd35ccf3 remvoe unrelative change
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-11-20 12:31:45 +08:00
Jerry Yu
a8d3c5048f Rename new session ticket name for TLS 1.3
NewSessionTicket is different with TLS 1.2.
It should not share same state.

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-11-19 20:12:35 +08:00
Jerry Yu
c5826eaba2 Add debug message
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-11-19 20:12:35 +08:00
Jerry Yu
6969eee5d2 Remove Terminated message on 22.04
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-11-19 20:12:34 +08:00
Xiaokang Qian
4e83173bb7 Skip early data basic check temp
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2022-11-18 10:57:46 +00:00
Manuel Pégourié-Gonnard
ba7c006222
Merge pull request #6466 from mprse/driver-only-hash-ci
Driver-only hashes: test coverage in the CI
2022-11-18 09:31:13 +01:00
Paul Elliott
f6e342cae2 Add test for single signature alg with openssl
Test supplied by Gilles Peskine. Also rename previous test to fit to
naming pattern.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2022-11-17 14:58:14 +00:00
Paul Elliott
3b4cedaa71 Add SSL_SRV requirement to test
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2022-11-17 14:58:14 +00:00
Andrzej Kurek
ec71b0937f Introduce a test for single signature algorithm correctness
The value of the first sent signature algorithm is overwritten.
This test forces only a single algorithm to be sent and then
validates that the client received such algorithm.
04 03 is the expected value for SECP256R1_SHA256.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-11-17 14:58:14 +00:00
Ronald Cron
d12922a69a
Merge pull request #6486 from xkqian/tls13_add_early_data_indication
The merge job of the internal CI ran successfully. This is good to go.
2022-11-17 12:48:50 +01:00