Commit graph

6122 commits

Author SHA1 Message Date
Przemyslaw Stekiel
5b2de0c35c test_suite_ssl.data: remove redundant test cases
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2022-01-31 15:38:29 +01:00
Przemyslaw Stekiel
93cf4eea67 Adapt test_suite_ssl for psa crypto
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2022-01-31 15:38:29 +01:00
XiaokangQian
a909061c2a Refine HRR parse successfully message in test cases
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-01-27 03:48:27 +00:00
XiaokangQian
7bae3b616c Add more ciphersuites into test cases for hrr
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-01-26 10:53:15 +00:00
XiaokangQian
355e09ae9d Change code base on comments
Change functions name
Change some comments
Improve hrr test case for gnutls

Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-01-26 10:53:15 +00:00
XiaokangQian
78b1fa7e81 Update code base on comments
Move reset transcript for hrr to generic
Reset SHA256 or SHA384 other than both
Rename message layer reset
Add check log for hrr parse successfully

Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-01-26 10:53:15 +00:00
XiaokangQian
6db08dd2cb Change ssl-opt.sh to make hrr tests pass
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-01-26 10:51:13 +00:00
XiaokangQian
0b56a8f85c Replace curve_list with group_list and add update test scripts
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-01-26 10:51:13 +00:00
Gilles Peskine
c6753a6c90
Merge pull request #5363 from AndrzejKurek/clarify-testing-set-nonce-set-lengths
PSA AEAD: extend testing of set_nonce + set_lengths
2022-01-25 17:02:26 +01:00
Manuel Pégourié-Gonnard
24479b3185
Merge pull request #5395 from gilles-peskine-arm/ssl-opt-self-signed-positive
Add positive test case with self-signed certificates
2022-01-25 12:53:56 +01:00
Manuel Pégourié-Gonnard
fcca7cfa97
Merge pull request #5428 from gstrauss/mbedtls_ssl_ciphersuite
Add accessors for ciphersuite info
2022-01-24 11:13:31 +01:00
Manuel Pégourié-Gonnard
ff743a7f38
Merge pull request #5425 from gabor-mezei-arm/5181_tls_cipher_extend_testing_of_tickets
TLS Cipher 1a: extend testing of tickets
2022-01-24 10:25:29 +01:00
Glenn Strauss
6eef56392a Add tests for accessors for ciphersuite info
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
2022-01-23 08:37:02 -05:00
Gilles Peskine
6d6d93ea4a
Merge pull request #5350 from AndrzejKurek/psa-aead-invalid-tag-lengths-setup
Detect invalid tag lengths in psa_aead_setup
2022-01-21 21:46:37 +01:00
Gilles Peskine
c191addc8b
Merge pull request #5267 from mprse/mac_multipart
Extend driver dispatch tests for MAC multipart
2022-01-21 21:46:25 +01:00
Gilles Peskine
fe271b9c92
Merge pull request #5253 from AndrzejKurek/chacha-iv-len-16-fixes
Return an error from `mbedtls_cipher_set_iv` for an invalid IV length with ChaCha20 and ChaCha20+Poly
2022-01-21 21:46:08 +01:00
Przemyslaw Stekiel
daaf38b178 Remove multipart part from mac_verify test case
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2022-01-21 09:37:49 +01:00
Przemyslaw Stekiel
6ec59f817f Add mac_verify_multipart test case + test data
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2022-01-21 09:37:49 +01:00
Przemyslaw Stekiel
1af1983352 Remove multipart part from mac_sign test case
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2022-01-21 09:37:49 +01:00
Przemyslaw Stekiel
f47b8d39a4 Add mac_sign_multipart test case + test data
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2022-01-21 09:37:49 +01:00
Andrzej Kurek
f881601c91 Detect invalid tag lengths in psa_aead_setup
Read tag lengths from the driver and validate against preset values.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-01-20 07:40:12 -05:00
Andrzej Kurek
031df4a93a Clarify test descriptions
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-01-19 12:44:49 -05:00
Andrzej Kurek
e5f94fb556 PSA AEAD: test long plaintext lengths for psa_set_lengths
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-01-19 12:36:50 -05:00
Andrzej Kurek
1e8e1745a8 PSA AEAD: test more combinations of set_nonce and set_lengths
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-01-19 12:36:50 -05:00
Andrzej Kurek
a2ce72e5bf Test calling psa_aead_set_lengths and set_nonce in various order
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-01-19 12:36:50 -05:00
Andrzej Kurek
ad2b8b5c3c Fix a dependence in chacha cipher test suite
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-01-19 07:35:27 -05:00
Manuel Pégourié-Gonnard
d2da19b8eb
Merge pull request #5380 from AndrzejKurek/key-id-encodes-owner-psa-fixes
Make KEY_ID_ENCODES_OWNER compatible with USE_PSA_CRYPTO
2022-01-18 09:16:25 +01:00
Manuel Pégourié-Gonnard
a15503fcdd
Merge pull request #5344 from AndrzejKurek/psa-aead-more-generate-nonce-combinations
PSA AEAD: test more combinations of generate_nonce and set_lengths
2022-01-17 13:12:04 +01:00
Ronald Cron
188ed19456
Merge pull request #5351 from yuhaoth/pr/remove-duplicate-supported_group_ext
Remove duplicate function for writing supported_groups extension
2022-01-17 09:13:14 +01:00
Andrzej Kurek
b9fbc11e2c Dynamically allocate iv in dec_empty_buf tests
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-01-14 16:31:54 +01:00
Andrzej Kurek
8be8e4a524 Add a missing test case to ChaCha20 tests - decrypt empty buffer
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-01-14 16:31:54 +01:00
Andrzej Kurek
63439eda62 Return an error for IV lengths other than 12 with ChaCha20+Poly1305
The implementation was silently overwriting the IV length to 12
even though the caller passed a different value.
Change the behavior to signal that a different length is not supported.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-01-14 16:31:54 +01:00
Andrzej Kurek
33ca6af8a3 Return an error for IV lengths other than 12 with ChaCha20
The implementation was silently overwriting the IV length to 12
even though the caller passed a different value.
Change the behavior to signal that a different length is not supported.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-01-14 16:31:54 +01:00
Gabor Mezei
6e5aae63f8
Add tests for ticket_aead option
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-01-12 16:29:58 +01:00
Gilles Peskine
e1cc60eca9 Add positive test case with self-signed certificates
Add a positive test case where both the client and the server require
authentication and both use a non-CA self-signed certificate.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-01-07 23:10:56 +01:00
Bence Szépkúti
08f34656cb Return the same error in multipart and single shot AEAD
psa_aead_encrypt_setup() and psa_aead_decrypt_setup() were returning
PSA_ERROR_INVALID_ARGUMENT, while the same failed checks were producing
PSA_ERROR_NOT_SUPPORTED if they happened in psa_aead_encrypt() or
psa_aead_decrypt().

The PSA Crypto API 1.1 spec will specify PSA_ERROR_INVALID_ARGUMENT
in the case that the supplied algorithm is not an AEAD one.

Also move these shared checks to a helper function, to reduce code
duplication and ensure that the functions remain in sync.

Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2022-01-07 19:36:07 +01:00
Bence Szépkúti
bac671cd23 Fix the multipart AEAD compliance tests
Update the fork of the compliance test suite, and remove the multipart
AEAD tests from the expected failures list.

Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2022-01-06 15:46:17 +01:00
Andrzej Kurek
03e01461ad Make KEY_ID_ENCODES_OWNER compatible with USE_PSA_CRYPTO
Fix library references, tests and programs.
Testing is performed in the already present all.sh test.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-01-03 12:53:24 +01:00
Jerry Yu
136320ba0b fix ci fail
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-12-21 17:09:00 +08:00
Archana
947cf611f2
Jinja2 prerequisite set up on the docker
Jinja2 rev 2.10.1 is required for the driver wrappers code gen.
The same is set up in the bionic docker file.

Signed-off-by: Archana <archana.madhavan@silabs.com>
2021-12-18 13:29:10 +05:30
Archana
6f21e45b78
Fix Pylint errors and improve Python script
Pylint errors are fixed.
The Python script is improved to take default arguments when not
passed (eg invoked from root of the tree)

check-generated-files.sh and CMakeLists.sh updated.

Signed-off-by: Archana <archana.madhavan@silabs.com>
2021-12-18 13:28:59 +05:30
Dave Rodgman
77d778eee2
Merge branch 'development' into mbedtls-3.1.0_merge_into_release 2021-12-17 10:01:53 +00:00
Dave Rodgman
b8c3301b80 Revert "Add generated files"
This reverts commit 4e62cbc322.
2021-12-17 09:44:04 +00:00
Andrzej Kurek
ad83752811 PSA AEAD: test more combinations of generate_nonce and set_lengths
Extend PSA AEAD testing by adding CCM and ChaChaPoly.
Add more combinations of functions to test the API.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2021-12-15 15:30:29 +01:00
Gilles Peskine
ccbc318fc5 Remove generation of ssl_debug_helpers_generated.h
It's now under version control and meant to be updated manually.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-12-15 12:55:37 +01:00
Ronald Cron
4e62cbc322 Add generated files
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-12-15 09:02:53 +01:00
Ronald Cron
17b1e2f6c3 Bump version to 3.1.0
Executed ./scripts/bump_version.sh --version 3.1.0 --so-crypto 11 --so-tls 17
+ fix of build_info.h

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-12-15 09:02:53 +01:00
Ronald Cron
8188d19b0e Merge branch 'development-restricted' into mbedtls-3.1.0rc-pr 2021-12-14 10:58:18 +01:00
Gilles Peskine
12e27d4c5b List ssl_debug_helpers_generated.h in generated files
Running `generate_ssl_debug_helpers.py` generates both
`ssl_debug_helpers_generated.c` and `ssl_debug_helpers_generated.h`.

List the `.h` file as well as the `.c` file in `check-generated-files.sh` so
that `check-generated-files.sh -u` will complain if it isn't up to date.

List it in `Makefile` and `CMakeLists.txt` so that parallel builds know when
to wait until the `.h` file is present. In `Makefile`, declare the `.c` file
as depending on the `.h` file for order. This way, a dependency for either
will wait until the `.h` file is present, and since the `.h` file is
generated after the `.c` file, this guarantees that the `.c` file is
present.

This fixes random failures of `make -j` from a fresh checkout.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-12-14 00:19:47 +01:00
Gilles Peskine
a5c18512b9
Merge pull request #5155 from paul-elliott-arm/pcks12_fix
Fixes for pkcs12 with NULL and/or zero length password
2021-12-13 14:52:36 +01:00