Commit graph

6419 commits

Author SHA1 Message Date
Paul Elliott
17f452aec4
Merge pull request #5448 from lhuang04/tls13_alpn
Port ALPN support for tls13 client from tls13-prototype
2022-03-08 17:53:38 +00:00
Przemek Stekiel
c85f0912c4 psa_crypto.c, test_suite_psa_crypto.function: fix style
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-03-08 11:37:54 +01:00
Przemek Stekiel
f8614a0ec2 asymmetric_encryption.h: trim trailing spaces
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-03-08 10:48:35 +01:00
Przemek Stekiel
b6bdebde5e asymmetric_encrypt: handle forced output
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-03-08 10:32:18 +01:00
Przemek Stekiel
d5e5c8b58d asymmetric_encrypt: add remining test driver cases
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-03-08 10:31:07 +01:00
Gilles Peskine
c9c967c812 Fix RSA sanity checks for asymmetric_encrypt
* Remove expected_output_data: since asymmetric encryption is randomized,
  it can't be useful.
* The decryption check needs the private exponent, not the public exponent.
* Use PSA macro for the expected ciphertext buffer size.
* Move RSA sanity checks to their own function for clarity.
* For RSAES-PKCS1-v1_5, check that the result of the private key operation
  has the form 0x00 0x02 ... 0x00 M where M is the plaintext.
* For OAEP, check that the result of the private key operation starts with
  0x00. The rest is the result of masking which it would be possible to
  check here, but not worth the trouble of implementing.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-03-07 21:18:37 +01:00
Gilles Peskine
44311f5c98
Merge pull request #5571 from superna9999/5162-pk-rsa-signing
PK: RSA signing
2022-03-07 17:09:14 +01:00
Gilles Peskine
6bf5c8cb1d
Merge pull request #5506 from superna9999/4964-extend-psa-one-shot-multipart
Extend PSA operation setup tests to always cover both one-shot and multipart
2022-03-07 17:04:37 +01:00
Gilles Peskine
fdfc10b250
Merge pull request #4408 from gilles-peskine-arm/storage-format-check-mononicity
Check storage format tests for regressions
2022-03-07 17:02:34 +01:00
Przemek Stekiel
72373f3819 WIP: Add asymmetric_encrypt test case
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-03-07 16:48:18 +01:00
Przemek Stekiel
7a58208809 Change names rsa->asymmetric_encryption
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-03-07 10:49:04 +01:00
Neil Armstrong
fd4c259a7b Use PSA_INIT() in mac_multipart_internal_func()
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-03-07 10:11:11 +01:00
Ron Eldor
0df1ecd5fd Fix test_suite_md API violation
Add a call to `mbedtls_md_starts()` in the `mbedtls_md_process()`
test, as it violates the API usage. Fixes #2227.

Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2022-03-04 16:48:17 +00:00
Przemek Stekiel
f25b16cadd test_psa_compliance: update tag to fix-pr-5139-3
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-03-04 14:25:09 +01:00
Andrzej Kurek
469fa95cbc Add the timing test dependency on MBEDTLS_HAVE_TIME
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-03-04 05:07:45 -05:00
David Horstmann
61faf665e6 Use $PWD instead of $(pwd) for consistency
Change the new baremetal all.sh tests to use $PWD rather than
calling pwd again directly.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
2022-03-04 05:07:45 -05:00
Daniel Axtens
814c8133c8 tests: add baremetal full config build
To be able to test utility programs for an absence of time.h, we need a
baremetal config that is not crypto only. Add one.

Signed-off-by: Daniel Axtens <dja@axtens.net>
2022-03-04 05:07:45 -05:00
Daniel Axtens
446af202f6 tests: prevent inclusion of time.h in baremetal compiles
baremetal compiles should not include time.h, as MBEDTLS_HAVE_TIME is
undefined. To test this, provide an overriding include directory that
has a time.h which throws a meaningful error if included.

Signed-off-by: Daniel Axtens <dja@axtens.net>
2022-03-04 05:07:45 -05:00
Daniel Axtens
09e34b78ee Add header guard around malloc(0) returning NULL implementation
Make it safe to import the config multiple times without having
multiple definition errors.

(This prevents errors in the fuzzers in a later patch.)

Signed-off-by: Daniel Axtens <dja@axtens.net>
2022-03-04 05:07:45 -05:00
Neil Armstrong
502da11df1 Initialize PSA crypto in test_suite_pk pk_rsa_decrypt_test_vec() when USE_PSA_CRYPTO is enabled
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-03-03 16:52:47 +01:00
Neil Armstrong
5b32038ff0 Alternative CSR checks in x509_csr_check when USE_PSA_CRYPTO
The X509write x509_csr_check reference file depends on
mbedtls_test_rnd_pseudo_rand being used to match the pre-generated data.
This calls x509_crt_verifycsr() like in x509_csr_check_opaque() when
MBEDTLS_USE_PSA_CRYPTO is defined.

Notably using PSA_ALG_DETERMINISTIC_ECDSA() in ecdsa_sign_wrap() makes
this test run without these changes.

Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-03-03 16:44:06 +01:00
Neil Armstrong
5f8328b2f6 Initialize PSA crypto in test_suite_x509write for RSA signing tests
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-03-03 16:39:39 +01:00
Neil Armstrong
c921bfdf30 Fix 80 characters indentation in pk_rsa_encrypt_decrypt_test()
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-03-03 16:33:39 +01:00
Neil Armstrong
7f1055223d Remove pk_rsa_encrypt_test_vec() test in favor to pk_rsa_encrypt_decrypt_test()
Not checking the encrypt result with PSA makes the test useless.

Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-03-03 16:33:39 +01:00
Neil Armstrong
dac2f23a82 Stop checking against reference vector in pk_rsa_encrypt_test_vec when USE_PSA_CRYPTO
The pk_rsa_encrypt_test_vec() reference vector is calculated while using
mbedtls_test_rnd_pseudo_rand rng source, but since the RNG souce can't
be controlled when USE_PSA_CRYPTO is enabled we can't get the same
result.

The pk_rsa_encrypt_test_vec() fails when switching to mbedtls_test_rnd_std_rand
as rng source.

Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-03-03 16:33:39 +01:00
Neil Armstrong
e0df42cbb7 Introduce pk_rsa_encrypt_decrypt_test
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-03-03 16:33:39 +01:00
Neil Armstrong
445d2192d5 Initialize PSA crypto in test_suite_pk pk_rsa_encrypt_test_vec() & pk_rsa_alt() when USE_PSA_CRYPTO is enabled
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-03-03 16:33:39 +01:00
Neil Armstrong
fe6da1c35c Fix style issues in mac_sign_verify_multi()
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-03-03 16:29:14 +01:00
Gilles Peskine
052deb941f
Merge pull request #5554 from tom-daubney-arm/fix_uninitialised_buffers_in_tests
Fix uninitialised buffers in tests - Coverity issue
2022-03-03 13:30:58 +01:00
Gilles Peskine
d929dbbb25
Merge pull request #5368 from mfil/feature/additional_md_getters
Add function to get message digest info from context
2022-03-02 16:44:26 +01:00
Przemek Stekiel
38df86cc6c Simplyfy asymmetric_decrypt() test function
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-03-02 09:11:04 +01:00
Gilles Peskine
a9b4c436ee
Merge pull request #5588 from gilles-peskine-arm/mypy-on-jenkins
Make mypy unconditional
2022-03-01 20:48:42 +01:00
Gilles Peskine
92e08fba4c
Merge pull request #5475 from miudr/fix_issue_5140
Fix AEAD multipart incorrect offset in test_suite_psa_crypto.function
2022-03-01 20:45:54 +01:00
Dave Rodgman
2cf0d4f072
Merge pull request #5584 from gilles-peskine-arm/cmake-Wunused-function
Build tests with -Wunused-function with cmake
2022-03-01 19:17:16 +00:00
Przemek Stekiel
4400be408b Adapt test cases for invalid bits with and without ECC keys enabled
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-03-01 17:02:46 +01:00
Przemek Stekiel
dcab6ccb3b Return PSA_ERROR_INVALID_ARGUMENT for a public key, and PSA_ERROR_NOT_SUPPORTED for a type that is not handled.
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-03-01 14:29:49 +01:00
Neil Armstrong
4766f99fe5 Add multi-part mac sign/verify test
The test is based on the AEAD multi-part test, re-using the
design on aead_multipart_internal_func() to test differnet
sequence of psa_mac_update() for MAC update or verify.

Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-02-28 18:37:30 +01:00
Gilles Peskine
254efe5f0c Make mypy unconditional
Running mypy was optional for a transition period when it wasn't installed
on the CI. Now that it is, make it mandatory, to avoid silently skipping an
expected check if mypy doesn't work for some reason.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-02-28 16:06:36 +01:00
Neil Armstrong
60234f87a6 Revert "Introduce new mac_key_policy_multi() variant of mac_key_policy() testing multiple updates occurences"
This reverts commit 3ccd08b343.

Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-02-28 15:21:38 +01:00
Gilles Peskine
9c656ec718 Fix unused function warning
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-02-26 19:56:12 +01:00
Gilles Peskine
d5438a5678 Enable -Wunused-function in cmake builds for tests
This has been the case when building with make since
d3d8a64dfa. Be consistent.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-02-26 19:54:41 +01:00
Glenn Strauss
6989407261 Add accessor to retrieve SNI during handshake
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
2022-02-25 19:55:53 -05:00
Glenn Strauss
36872dbd0b Provide means to reset handshake cert list
Extend mbedtls_ssl_set_hs_own_cert() to reset handshake cert list
if cert provided is null.  Previously, mbedtls_ssl_set_hs_own_cert()
only provided a way to append to the handshake certificate list,
without providing a way to replace the handshake certificate list.

Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
2022-02-25 19:55:48 -05:00
Neil Armstrong
3ccd08b343 Introduce new mac_key_policy_multi() variant of mac_key_policy() testing multiple updates occurences
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-02-25 16:15:08 +01:00
Neil Armstrong
ee9686b446 Fix style issue in hash_setup()
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-02-25 15:47:34 +01:00
Neil Armstrong
e858996413 Use PSA version of mbedtls_ct_hmac() in mbedtls_ssl_decrypt_buf()
Due to mbedtls_ct_hmac() implementation the decryption MAC key
must be exportable.

Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-02-25 15:17:50 +01:00
Neil Armstrong
2968d306e4 Implement mbedtls_ct_hmac() using PSA hash API
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-02-25 15:16:50 +01:00
Neil Armstrong
cf8841a076 Remove non-PSA MAC keys in mbedtls_ssl_transform when MBEDTLS_USE_PSA_CRYPTO is defined
Also remove last usage of non-PSA MAC keys in ssl_decrypt_non_etm_cbc() SSL test.

Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-02-25 15:16:49 +01:00
Neil Armstrong
4f091290bd Remove Obsolete SSLs tests with truncated MAC tags & NULL/CBC cipher
These tests are related to an obsolete feature removed from the library.

Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-02-25 15:16:49 +01:00
Neil Armstrong
f4cc062935 Setup MAC PSA keys in build_transforms() to pass ssl_crypt_record() with PSA crypto
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-02-25 15:16:49 +01:00
Neil Armstrong
46a1760922 Allow USE_PSA_CRYPTO for handshake TLS tests
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-02-25 15:16:49 +01:00
Jerry Yu
2ff6ba1df0 Remove rsa_pss_rsae_sha256 support.
Sign rsa is not thread safe. Remove it from current code.
And a thread-safe version should be re-introduce in future.

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-02-23 10:38:25 +08:00
Gilles Peskine
9216536415 Add storage format checks to the interface checker
Expand abi_check.py to look for backward incompatibilities not only in
the interface exposed to application code (and to some extent driver
code), but also to the interface exposed via the storage format, which
is relevant when upgrading Mbed TLS on a device with a PSA keystore.

Strictly speaking, the storage format checks look for regressions in
the automatically generated storage format test data. Incompatible
changes that are not covered by the generated tests will also not be
covered by the interface checker.

A known defect in this commit is that the --brief output is not brief
for storage format checks.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-02-22 14:54:03 +01:00
Przemyslaw Stekiel
aeaa4f0651 Code optimization
- fix codding style
- fix comments and descriptions
- add helper function for montgomery curve
- move N-2 calculation outside the loop
- fix access to <data> bytes: *data[x] -> (*data)[x]

Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2022-02-22 13:35:27 +01:00
Przemyslaw Stekiel
f6c2c87492 Fix ECC derivation tests
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2022-02-22 13:35:27 +01:00
Przemyslaw Stekiel
7b6e61a132 Add test vectors for ECC key excercise
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2022-02-22 13:35:26 +01:00
Przemyslaw Stekiel
50fcc535e5 Add Weierstrass curve/bits consistancy check + negative test vectors
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2022-02-22 13:35:26 +01:00
Przemyslaw Stekiel
02cf12ff92 Enable tests for Montgomery curves
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2022-02-22 13:35:26 +01:00
Przemyslaw Stekiel
8590f3b5ff Enable related test vectors
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2022-02-22 13:35:26 +01:00
Przemyslaw Stekiel
696b120650 Add tests for ECC key derivation
Test code and test vectors are taken from PR #5218

Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2022-02-22 13:35:26 +01:00
Przemyslaw Stekiel
ab80c0cd6c test_psa_compliance.py: checkout fix-pr-5139 tag
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2022-02-22 13:35:26 +01:00
Neil Armstrong
66a479f8fb Add Cipher Decrypt Fail multi-part case
Make `PSA symetric decrypt: CCM*-no-tag, input too short (15 bytes)`
depend on MBEDTLS_CCM_C otherwise the multi-part test fails on
the missing CCM* instead on the input length validity for CCM*.

Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-02-22 10:56:18 +01:00
Neil Armstrong
d8dba4e0aa Add Cipher Encrypt Fail multi-part case
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-02-22 10:56:18 +01:00
Neil Armstrong
3ee335dbe3 Add Cipher Encrypt multi-part case
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-02-22 10:56:18 +01:00
Neil Armstrong
752d811015 Add AEAD Key Policy check multi-part cases
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-02-22 10:56:18 +01:00
Neil Armstrong
78aeaf8ad7 Add Cipher Key Policy check one-shot cases
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-02-22 10:56:18 +01:00
Neil Armstrong
3af9b97a29 Add Multipart Message authentication Compute & Verify cases
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-02-22 10:56:18 +01:00
Neil Armstrong
ca30a00aad Add Multipart Hash Compute & Compare tests
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-02-22 10:56:18 +01:00
Neil Armstrong
55a1be1f48 Add Multipart Hash Compare fail tests
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-02-22 10:56:18 +01:00
Neil Armstrong
161ec5c368 Add Multipart Hash Compute fail tests
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-02-22 10:56:18 +01:00
Neil Armstrong
edb20865c7 Add One-Shot Hash setup test
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-02-22 10:56:18 +01:00
Jerry Yu
ccb005e35f fix missing feedback address
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-02-22 17:38:34 +08:00
Przemyslaw Stekiel
d9fa99917e Extend test coverage for transparent driver decryption.
Encryption is not deterministic and can not be verified by a know-answer test.
Encryption is already verified via encrypt-decrypt test.

Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2022-02-22 09:36:35 +01:00
Jerry Yu
819f29730a fix various issues in ssl-opt
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-02-22 10:17:58 +08:00
Jerry Yu
2124d05e06 Add sha384 and sha512 case
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-02-22 10:17:58 +08:00
Jerry Yu
d66409ae92 Add non support sig alg check and test
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-02-22 10:17:58 +08:00
Jerry Yu
562a0fddf0 Add client version check
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-02-22 10:17:58 +08:00
Jerry Yu
6c3d821ff1 update ssl-opt test cases
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-02-22 10:17:58 +08:00
Jerry Yu
46b53b9920 remove duplicate test
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-02-22 10:17:58 +08:00
Jerry Yu
4bfa22aeb3 remove useless config option
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-02-22 10:17:58 +08:00
Jerry Yu
42ea733fdc remove RSA not found test
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-02-22 10:17:58 +08:00
Jerry Yu
7db5b8f68c add rsa_pss_rsae_sha256 write support
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-02-22 10:17:58 +08:00
Jerry Yu
37987ddd0f Add test cases
Add test cases for different sig algs.
Known issue is rsa_pss_rsae_sha256 fail

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-02-22 10:17:58 +08:00
Jerry Yu
ca133a34c5 Change state machine
Skip CertificateVerfiy if empty certificate or no
CertificateRequest received.

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-02-22 10:17:58 +08:00
Jerry Yu
22abd06cd0 Add rsa key check
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-02-22 10:17:58 +08:00
Jerry Yu
aa6214a571 add empty client certificate tests
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-02-22 10:17:58 +08:00
Jerry Yu
c19884f487 change expect exit value
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-02-22 10:17:58 +08:00
Jerry Yu
25e0ddcf47 Add client certificate file
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-02-22 10:17:58 +08:00
Jerry Yu
200b47b8f5 Add more tests for CertificateRequest
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-02-22 10:17:58 +08:00
Jerry Yu
960bc28bcc Add tests for no middlebox mode
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-02-22 10:17:57 +08:00
Ronald Cron
4579a972bf
Merge pull request #5426 from gilles-peskine-arm/ssl-get-version-3.1
Add accessors to mbedtls_ssl_context: user data, version
ABI-API-checking fails which was expected as this PR adds a new field in mbedtls_ssl_context and mbedtls_ssl_config.
2022-02-21 17:03:24 +01:00
Manuel Pégourié-Gonnard
e3a2dd787e
Merge pull request #5521 from AndrzejKurek/rsa-pss-use-psa
Make RSA-PSS verification use PSA with MBEDTLS_USE_PSA_CRYPTO
2022-02-21 16:58:57 +01:00
Gabor Mezei
4fded1359a
Use PSA_INIT()
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-02-21 15:47:24 +01:00
Gabor Mezei
c5efb8e58b
Use PSA error code
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-02-21 15:46:38 +01:00
Gabor Mezei
5d7d201b87
Update test
Testing the hash length in this context is not applicable because there is no way
to specify it when calling mbedtls_psa_hkdf_extract.
Change to test invalid `alg` parameter.

Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-02-21 15:46:33 +01:00
Gabor Mezei
ebc9368173
typo
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-02-21 15:44:51 +01:00
Gabor Mezei
298a2d6109
Use ASSERT_ALLOC
Change the calloc functions to ASSERT_ALLOC to check the
return value of calloc as well.

Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-02-21 15:43:52 +01:00
Gabor Mezei
62bf024025
Make the mbedtls_psa_hkdf_extract function more PSA compatible
Change the return value to `psa_status_t`.
Add `prk_size` and `prk_len` parameters.

Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-02-21 15:42:57 +01:00
Gabor Mezei
73cb6f54de
Add tests for mbedtls_psa_hkdf_extrct
The tests are based on the the test of mbedtls_hkdf_extract.

Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-02-21 15:41:42 +01:00
Gilles Peskine
860429f8af Add version number debug check to the GnuTLS interop test as well
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-02-21 15:14:02 +01:00
Gilles Peskine
49d7ddf7f3 Serializing a context does not save the user data
The user data is typically a pointer to a data structure or a handle which
may no longer be valid after the session is restored. If the user data needs
to be preserved, let the application do it. This way, it is a conscious
decision for the application to save/restore either the pointer/handle
itself or the object it refers to.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-02-21 15:14:01 +01:00
Gilles Peskine
80dae04f24 Make user_data fields private
Add accessor functions.

Add unit tests for the accessor functions.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-02-21 15:14:01 +01:00
Gilles Peskine
c63a1e0e15 Fix mbedtls_ssl_get_version() for TLSv1.3
Test it in ssl-opt.sh.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-02-21 15:14:01 +01:00
Gilles Peskine
1255b0de98 Positive unit testing for SSL context version functions
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-02-21 15:14:01 +01:00
Paul Elliott
436b72690d
Merge pull request #5362 from yuhaoth/pr/enable-tls13-only-build
TLS1.3:Enable tls13 only build
2022-02-21 11:22:37 +00:00
Thomas Daubney
4901978308 Modifies data files to match new test function name
This commit alters the relevant .data files
such that the new function name change of check_iv
to iv_len_validity is relfected there.

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
2022-02-21 09:57:51 +00:00
Tom Cosgrove
f3ebd90a1c SECLIB-667: Accelerate SHA-256 with A64 crypto extensions
Provide an additional pair of #defines, MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT
and MBEDTLS_SHA256_USE_A64_CRYPTO_ONLY. At most one of them may be
specified. If used, it is necessary to compile with -march=armv8-a+crypto.

The MBEDTLS_SHA256_PROCESS_ALT and MBEDTLS_SHA256_ALT mechanisms
continue to work, and are mutually exclusive with A64_CRYPTO.

There should be minimal code size impact if no A64_CRYPTO option is set.

Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2022-02-21 08:37:26 +00:00
Manuel Pégourié-Gonnard
9b545c04f7
Merge pull request #5520 from gabor-mezei-arm/5402_implement_hkdf_expand_based_on_psa_hmac
HKDF 1b: Implement Expand in TLS 1.3 based on PSA HMAC
2022-02-21 09:30:31 +01:00
Jerry Yu
baa4934e7b Add check tests
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-02-21 09:06:00 +08:00
Jerry Yu
53d23e2c95 Guards tls_prf functions with TLS1_2
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-02-21 09:06:00 +08:00
Jerry Yu
6331909d12 remove ifndef guard
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-02-21 09:06:00 +08:00
Jerry Yu
81d5e1feca fix various issues
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-02-21 09:06:00 +08:00
Jerry Yu
da5af22015 tls13_only: add tls13_only test component
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-02-21 09:06:00 +08:00
Jerry Yu
ab08290c09 tls13_only: skip tls12 tests.
TLS1.2 test depends on MBEDTLS_SSL_PROTO_TLS1_2. Skip
them if it is not set

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-02-21 09:06:00 +08:00
Jerry Yu
8a497205cc tls13_only: tls 1.3 suite pass
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-02-21 09:06:00 +08:00
Jerry Yu
c10f6b4735 tls13_only: simple test pass
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-02-21 09:06:00 +08:00
Thomas Daubney
5dcbc4d326 Changes name of iv_check to iv_len_validity
Commit changes name of check_iv to
iv_len_validity as this seems to better describe
its functionality.

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
2022-02-17 21:30:25 +00:00
Thomas Daubney
0bd08e7ac0 Initialise buffer before use
Commit initialises buf before it is used.

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
2022-02-17 21:30:25 +00:00
Gabor Mezei
cbe5ba500a
Add tests for mbedtls_psa_hkdf_expand
Add test cases which test psa_import_key and psa_mac_sign_setup
function call if they return error.

Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-02-17 17:01:49 +01:00
Thomas Daubney
3a066ec999 Initialise iv buffer before use
Commit initialises the iv buffer before
it is passed to mbedtls_cipher_set_iv().

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
2022-02-17 14:00:06 +00:00
Gabor Mezei
8e3602569b
Typo
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-02-17 11:50:02 +01:00
Manuel Pégourié-Gonnard
4fa604cc3b
Merge pull request #5511 from SiliconLabs/feature/PSEC-3195-PSA-test-suites-NOT-using-UID-0
feat: Update test_suite_psa_its to NOT use UID=0
2022-02-17 11:49:33 +01:00
Manuel Pégourié-Gonnard
3d1f8b9c00
Merge pull request #5532 from ronald-cron-arm/tls13_and_use_psa_crypto
Make TLS 1.3 compatible with MBEDTLS_USE_PSA_CRYPTO
2022-02-16 17:33:47 +01:00
Andrzej Kurek
32048a6d92 pk_verify_ext: introduce more tests for signature length mismatches
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-02-16 06:17:00 -05:00
Gabor Mezei
d917081b8b
Typo
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-02-15 16:25:27 +01:00
Gabor Mezei
7381242748
Use PSA_INIT()
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-02-15 16:24:58 +01:00
Andrzej Kurek
8666df6f18 Add signature length mismatch handling when using PSA in pk_verify_ext
Introduce a regression test for that too.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-02-15 08:23:02 -05:00
Ronald Cron
a7a1deabf8
Merge pull request #5393 from gilles-peskine-arm/opt-testcases-outcomes-fix
Fix test suite name reporting of opt-testcases/tls13-compat.sh
2022-02-15 13:53:10 +01:00
Andrzej Kurek
853ad7bfcf Use macros in tests for PSA init/deinit routines
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-02-15 07:13:03 -05:00
lhuang04
86cacac91a Port ALPN support for tls13 client from tls13-prototype
Summary:
Port ALPN implementation of tls13 client from
[tls13-prototype](https://github.com/hannestschofenig/mbedtls/blob/tls13-prototype/library/ssl_tls13_client.c#L1124).

Test Plan:

Reviewers:

Subscribers:

Tasks:

Tags:
Signed-off-by: lhuang04 <lhuang04@fb.com>
2022-02-14 08:03:32 -08:00
Ronald Cron
135427cb35 Run TLS 1.3 tests when MBEDTLS_USE_PSA_CRYPTO is enabled
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-02-11 16:10:44 +01:00
Gilles Peskine
bebeae9428
Merge pull request #5504 from gstrauss/mbedtls_pem_get_der
Add accessor to get der from mbedtls_pem_context
2022-02-10 23:56:57 +01:00
Gabor Mezei
b35759ded8
Add tests for mbedtls_psa_hkdf_expand
The tests are based on the test of mbedtls_hkdf_expand.

Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-02-10 10:57:24 +01:00
Glenn Strauss
e328245618 Add test case use of mbedtls_ssl_ticket_rotate
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
2022-02-09 14:33:16 -05:00
Andrzej Kurek
7db1b78fff Make RSA-PSS verification use PSA with MBEDTLS_USE_PSA_CRYPTO
Duplicate a test case but with a different expected error
due to error translation to and from PSA.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-02-09 14:13:44 -05:00
Gabor Mezei
748ab4ae77
Use ASSERT_ALLOC
Change the calloc functions to ASSERT_ALLOC to check the
return value of calloc as well.

Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-02-09 16:31:48 +01:00
Ronald Cron
6ca6faa67e
Merge pull request #5080 from xffbai/add-tls13-read-certificate-request
add tls1_3 read certificate request
2022-02-09 09:51:55 +01:00
Manuel Pégourié-Gonnard
1df23b903f Check the result of PEM decoding
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-02-08 14:53:50 -05:00
Manuel Pégourié-Gonnard
33ab075f45 Add success case for pem_read testing
Currently all cases were negative, so the block that exercised
mbedtls_pem_get_der() would never be reached.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-02-08 14:53:50 -05:00
Glenn Strauss
72bd4e4d6a Add accessor to get buf from mbedtls_pem_context
Co-authored-by: Gilles Peskine <gilles.peskine@arm.com>
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
2022-02-08 14:53:46 -05:00
pespacek
443c78eb83 BUGFIX: PSA test vectors use UID 1 instead of 0.
Test vector to test rejection of uid = 0 was added.

Signed-off-by: pespacek <peter.spacek@silabs.com>
2022-02-08 15:19:26 +01:00
pespacek
d62e906b1c TEST: added psa_its_set expected failure test
Signed-off-by: pespacek <peter.spacek@silabs.com>
2022-02-08 15:19:26 +01:00
Manuel Pégourié-Gonnard
45c5768a74
Merge pull request #5434 from mprse/tls_use_psa
TLS Cipher: use PSA crypto
2022-02-08 10:27:25 +01:00
Ronald Cron
6a0b1ef27e
Merge pull request #5282 from AndrzejKurek/import-opaque-driver-wrappers
Add tests for an opaque import in the driver wrappers
2022-02-07 11:14:43 +01:00
Manuel Pégourié-Gonnard
d81e774083
Merge pull request #5463 from gilles-peskine-arm/cmake-test-suite-enumeration
CMake: generate the list of test suites automatically
2022-02-07 09:48:23 +01:00
Gilles Peskine
827dbd9d35 Remove obsolete calls to if_build_succeeded
This is now a no-op.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-02-04 00:32:58 +01:00
Gilles Peskine
c1247c0cbb Remove obsolete variable restoration or unset at the end of a component
This is no longer useful now that components run in a subshell.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-02-04 00:32:58 +01:00
Gilles Peskine
3bc3409edf Remove obsolete cd at the end of a component
This is no longer useful now that components run in a subshell.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-02-04 00:32:58 +01:00
Gilles Peskine
a300099246 Stop CMake out of source tests running on 16.04 (continued)
The race condition mentioned in the previous commit
"Stop CMake out of source tests running on 16.04"
has also been observed with test_cmake_as_subdirectory and can presumably
happen with test_cmake_as_package and test_cmake_as_package_install as well.
So skip all of these components on Ubuntu 16.04.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-02-04 00:32:58 +01:00
Andrzej Kurek
59469d7c64 Test driver: keep variable declarations first
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-02-03 10:30:30 -05:00