Neil Armstrong
3ee335dbe3
Add Cipher Encrypt multi-part case
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-02-22 10:56:18 +01:00
Neil Armstrong
752d811015
Add AEAD Key Policy check multi-part cases
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-02-22 10:56:18 +01:00
Neil Armstrong
78aeaf8ad7
Add Cipher Key Policy check one-shot cases
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-02-22 10:56:18 +01:00
Neil Armstrong
3af9b97a29
Add Multipart Message authentication Compute & Verify cases
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-02-22 10:56:18 +01:00
Neil Armstrong
ca30a00aad
Add Multipart Hash Compute & Compare tests
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-02-22 10:56:18 +01:00
Neil Armstrong
55a1be1f48
Add Multipart Hash Compare fail tests
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-02-22 10:56:18 +01:00
Neil Armstrong
161ec5c368
Add Multipart Hash Compute fail tests
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-02-22 10:56:18 +01:00
Neil Armstrong
edb20865c7
Add One-Shot Hash setup test
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-02-22 10:56:18 +01:00
Przemyslaw Stekiel
d9fa99917e
Extend test coverage for transparent driver decryption.
...
Encryption is not deterministic and can not be verified by a know-answer test.
Encryption is already verified via encrypt-decrypt test.
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2022-02-22 09:36:35 +01:00
Ronald Cron
4579a972bf
Merge pull request #5426 from gilles-peskine-arm/ssl-get-version-3.1
...
Add accessors to mbedtls_ssl_context: user data, version
ABI-API-checking fails which was expected as this PR adds a new field in mbedtls_ssl_context and mbedtls_ssl_config.
2022-02-21 17:03:24 +01:00
Manuel Pégourié-Gonnard
e3a2dd787e
Merge pull request #5521 from AndrzejKurek/rsa-pss-use-psa
...
Make RSA-PSS verification use PSA with MBEDTLS_USE_PSA_CRYPTO
2022-02-21 16:58:57 +01:00
Gabor Mezei
4fded1359a
Use PSA_INIT()
...
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-02-21 15:47:24 +01:00
Gabor Mezei
c5efb8e58b
Use PSA error code
...
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-02-21 15:46:38 +01:00
Gabor Mezei
5d7d201b87
Update test
...
Testing the hash length in this context is not applicable because there is no way
to specify it when calling mbedtls_psa_hkdf_extract.
Change to test invalid `alg` parameter.
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-02-21 15:46:33 +01:00
Gabor Mezei
ebc9368173
typo
...
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-02-21 15:44:51 +01:00
Gabor Mezei
298a2d6109
Use ASSERT_ALLOC
...
Change the calloc functions to ASSERT_ALLOC to check the
return value of calloc as well.
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-02-21 15:43:52 +01:00
Gabor Mezei
62bf024025
Make the mbedtls_psa_hkdf_extract function more PSA compatible
...
Change the return value to `psa_status_t`.
Add `prk_size` and `prk_len` parameters.
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-02-21 15:42:57 +01:00
Gabor Mezei
73cb6f54de
Add tests for mbedtls_psa_hkdf_extrct
...
The tests are based on the the test of mbedtls_hkdf_extract.
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-02-21 15:41:42 +01:00
Gilles Peskine
49d7ddf7f3
Serializing a context does not save the user data
...
The user data is typically a pointer to a data structure or a handle which
may no longer be valid after the session is restored. If the user data needs
to be preserved, let the application do it. This way, it is a conscious
decision for the application to save/restore either the pointer/handle
itself or the object it refers to.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-02-21 15:14:01 +01:00
Gilles Peskine
80dae04f24
Make user_data fields private
...
Add accessor functions.
Add unit tests for the accessor functions.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-02-21 15:14:01 +01:00
Gilles Peskine
1255b0de98
Positive unit testing for SSL context version functions
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-02-21 15:14:01 +01:00
Paul Elliott
436b72690d
Merge pull request #5362 from yuhaoth/pr/enable-tls13-only-build
...
TLS1.3:Enable tls13 only build
2022-02-21 11:22:37 +00:00
Thomas Daubney
4901978308
Modifies data files to match new test function name
...
This commit alters the relevant .data files
such that the new function name change of check_iv
to iv_len_validity is relfected there.
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
2022-02-21 09:57:51 +00:00
Manuel Pégourié-Gonnard
9b545c04f7
Merge pull request #5520 from gabor-mezei-arm/5402_implement_hkdf_expand_based_on_psa_hmac
...
HKDF 1b: Implement Expand in TLS 1.3 based on PSA HMAC
2022-02-21 09:30:31 +01:00
Jerry Yu
baa4934e7b
Add check tests
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-02-21 09:06:00 +08:00
Jerry Yu
53d23e2c95
Guards tls_prf functions with TLS1_2
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-02-21 09:06:00 +08:00
Thomas Daubney
5dcbc4d326
Changes name of iv_check to iv_len_validity
...
Commit changes name of check_iv to
iv_len_validity as this seems to better describe
its functionality.
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
2022-02-17 21:30:25 +00:00
Thomas Daubney
0bd08e7ac0
Initialise buffer before use
...
Commit initialises buf before it is used.
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
2022-02-17 21:30:25 +00:00
Gabor Mezei
cbe5ba500a
Add tests for mbedtls_psa_hkdf_expand
...
Add test cases which test psa_import_key and psa_mac_sign_setup
function call if they return error.
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-02-17 17:01:49 +01:00
Thomas Daubney
3a066ec999
Initialise iv buffer before use
...
Commit initialises the iv buffer before
it is passed to mbedtls_cipher_set_iv().
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
2022-02-17 14:00:06 +00:00
Gabor Mezei
8e3602569b
Typo
...
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-02-17 11:50:02 +01:00
Manuel Pégourié-Gonnard
4fa604cc3b
Merge pull request #5511 from SiliconLabs/feature/PSEC-3195-PSA-test-suites-NOT-using-UID-0
...
feat: Update test_suite_psa_its to NOT use UID=0
2022-02-17 11:49:33 +01:00
Andrzej Kurek
32048a6d92
pk_verify_ext: introduce more tests for signature length mismatches
...
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-02-16 06:17:00 -05:00
Gabor Mezei
d917081b8b
Typo
...
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-02-15 16:25:27 +01:00
Gabor Mezei
7381242748
Use PSA_INIT()
...
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-02-15 16:24:58 +01:00
Andrzej Kurek
8666df6f18
Add signature length mismatch handling when using PSA in pk_verify_ext
...
Introduce a regression test for that too.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-02-15 08:23:02 -05:00
Andrzej Kurek
853ad7bfcf
Use macros in tests for PSA init/deinit routines
...
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-02-15 07:13:03 -05:00
Gilles Peskine
bebeae9428
Merge pull request #5504 from gstrauss/mbedtls_pem_get_der
...
Add accessor to get der from mbedtls_pem_context
2022-02-10 23:56:57 +01:00
Gabor Mezei
b35759ded8
Add tests for mbedtls_psa_hkdf_expand
...
The tests are based on the test of mbedtls_hkdf_expand.
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-02-10 10:57:24 +01:00
Andrzej Kurek
7db1b78fff
Make RSA-PSS verification use PSA with MBEDTLS_USE_PSA_CRYPTO
...
Duplicate a test case but with a different expected error
due to error translation to and from PSA.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-02-09 14:13:44 -05:00
Gabor Mezei
748ab4ae77
Use ASSERT_ALLOC
...
Change the calloc functions to ASSERT_ALLOC to check the
return value of calloc as well.
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-02-09 16:31:48 +01:00
Manuel Pégourié-Gonnard
1df23b903f
Check the result of PEM decoding
...
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-02-08 14:53:50 -05:00
Manuel Pégourié-Gonnard
33ab075f45
Add success case for pem_read testing
...
Currently all cases were negative, so the block that exercised
mbedtls_pem_get_der() would never be reached.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-02-08 14:53:50 -05:00
Glenn Strauss
72bd4e4d6a
Add accessor to get buf from mbedtls_pem_context
...
Co-authored-by: Gilles Peskine <gilles.peskine@arm.com>
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
2022-02-08 14:53:46 -05:00
pespacek
443c78eb83
BUGFIX: PSA test vectors use UID 1 instead of 0.
...
Test vector to test rejection of uid = 0 was added.
Signed-off-by: pespacek <peter.spacek@silabs.com>
2022-02-08 15:19:26 +01:00
pespacek
d62e906b1c
TEST: added psa_its_set expected failure test
...
Signed-off-by: pespacek <peter.spacek@silabs.com>
2022-02-08 15:19:26 +01:00
Manuel Pégourié-Gonnard
45c5768a74
Merge pull request #5434 from mprse/tls_use_psa
...
TLS Cipher: use PSA crypto
2022-02-08 10:27:25 +01:00
Ronald Cron
6a0b1ef27e
Merge pull request #5282 from AndrzejKurek/import-opaque-driver-wrappers
...
Add tests for an opaque import in the driver wrappers
2022-02-07 11:14:43 +01:00
Andrzej Kurek
ba4cadef14
Test drivers: rename import call source to driver location
...
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-02-03 10:27:01 -05:00
Andrzej Kurek
333e0fac1d
Formatting and documentation fixes
...
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-02-03 09:42:47 -05:00
Przemyslaw Stekiel
5648d577a4
Optimize psa_cipher_encrypt_helper()
...
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2022-02-03 14:55:24 +01:00
Przemyslaw Stekiel
8c010eb467
Fix comments, code style, remove debug code
...
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2022-02-03 14:55:24 +01:00
Przemyslaw Stekiel
d66387f8fa
Init psa status to PSA_ERROR_CORRUPTION_DETECTED
...
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2022-02-03 09:16:41 +01:00
Przemyslaw Stekiel
f4facef9ba
Adapt ssl_decrypt_non_etm_cbc() test for psa crypto and remove redundant test cases
...
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2022-02-03 09:16:41 +01:00
Manuel Pégourié-Gonnard
1ab2d6966c
Merge pull request #5385 from AndrzejKurek/use-psa-crypto-reduced-configs
...
Resolve problems with reduced configs using USE_PSA_CRYPTO
2022-02-02 10:20:26 +01:00
Przemyslaw Stekiel
77aec8d181
Rename ssl_psa_status_to_mbedtls->psa_ssl_status_to_mbedtls
...
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2022-01-31 20:22:53 +01:00
Przemyslaw Stekiel
89dad93a78
Rename psa_status_to_mbedtls->ssl_psa_status_to_mbedtls and add conversion for PSA_ERROR_INVALID_SIGNATURE
...
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2022-01-31 15:39:24 +01:00
Przemyslaw Stekiel
4a36dd3da6
ssl test ssl_decrypt_non_etm_cbc(): add missing ret check
...
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2022-01-31 15:38:29 +01:00
Przemyslaw Stekiel
f4ca3f0e52
ssl test build_transforms(): in psa mode distinguish encrypt/decrypt keys
...
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2022-01-31 15:38:29 +01:00
Przemyslaw Stekiel
f57b45660d
Rename tls_mbedtls_cipher_to_psa() to be consistent with function naming convention.
...
New function name: mbedtls_ssl_cipher_to_psa().
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2022-01-31 15:38:29 +01:00
Przemyslaw Stekiel
f4b3f087ae
test_suite_ssl.data: remove redundant test cases(short tag + GCM)
...
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2022-01-31 15:38:29 +01:00
Przemyslaw Stekiel
5b2de0c35c
test_suite_ssl.data: remove redundant test cases
...
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2022-01-31 15:38:29 +01:00
Przemyslaw Stekiel
93cf4eea67
Adapt test_suite_ssl for psa crypto
...
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2022-01-31 15:38:29 +01:00
Mircea Udrea
657ff4fd09
Fix AEAD multipart incorrect offset in test_suite_psa_crypto.function
...
When working with block cipher modes like GCM(PSA_ALG_IS_AEAD_ON_BLOCK_CIPHER),
aead_multipart_internal_func() should calculate the offset in output buffer
based on output_length, not using the offset of the input buffer(part_offset).
Signed-off-by: Mircea Udrea <mircea.udrea@silexinsight.com>
2022-01-31 13:51:56 +01:00
Gilles Peskine
c6753a6c90
Merge pull request #5363 from AndrzejKurek/clarify-testing-set-nonce-set-lengths
...
PSA AEAD: extend testing of set_nonce + set_lengths
2022-01-25 17:02:26 +01:00
Gilles Peskine
6d6d93ea4a
Merge pull request #5350 from AndrzejKurek/psa-aead-invalid-tag-lengths-setup
...
Detect invalid tag lengths in psa_aead_setup
2022-01-21 21:46:37 +01:00
Gilles Peskine
c191addc8b
Merge pull request #5267 from mprse/mac_multipart
...
Extend driver dispatch tests for MAC multipart
2022-01-21 21:46:25 +01:00
Gilles Peskine
fe271b9c92
Merge pull request #5253 from AndrzejKurek/chacha-iv-len-16-fixes
...
Return an error from `mbedtls_cipher_set_iv` for an invalid IV length with ChaCha20 and ChaCha20+Poly
2022-01-21 21:46:08 +01:00
Przemyslaw Stekiel
daaf38b178
Remove multipart part from mac_verify test case
...
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2022-01-21 09:37:49 +01:00
Przemyslaw Stekiel
6ec59f817f
Add mac_verify_multipart test case + test data
...
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2022-01-21 09:37:49 +01:00
Przemyslaw Stekiel
1af1983352
Remove multipart part from mac_sign test case
...
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2022-01-21 09:37:49 +01:00
Przemyslaw Stekiel
f47b8d39a4
Add mac_sign_multipart test case + test data
...
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2022-01-21 09:37:49 +01:00
Andrzej Kurek
f881601c91
Detect invalid tag lengths in psa_aead_setup
...
Read tag lengths from the driver and validate against preset values.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-01-20 07:40:12 -05:00
Andrzej Kurek
031df4a93a
Clarify test descriptions
...
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-01-19 12:44:49 -05:00
Andrzej Kurek
e5f94fb556
PSA AEAD: test long plaintext lengths for psa_set_lengths
...
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-01-19 12:36:50 -05:00
Andrzej Kurek
1e8e1745a8
PSA AEAD: test more combinations of set_nonce and set_lengths
...
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-01-19 12:36:50 -05:00
Andrzej Kurek
a2ce72e5bf
Test calling psa_aead_set_lengths and set_nonce in various order
...
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-01-19 12:36:50 -05:00
Andrzej Kurek
77b8e098f9
Add missing MBEDTLS_ASN1_WRITE_C dependency in test_suite_psa_crypto
...
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-01-19 12:34:23 -05:00
Andrzej Kurek
ad2b8b5c3c
Fix a dependence in chacha cipher test suite
...
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-01-19 07:35:27 -05:00
Andrzej Kurek
ee8b57ffa6
Add missing dependency on MBEDTLS_GCM_C in cipher tests
...
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-01-19 07:08:27 -05:00
Manuel Pégourié-Gonnard
d2da19b8eb
Merge pull request #5380 from AndrzejKurek/key-id-encodes-owner-psa-fixes
...
Make KEY_ID_ENCODES_OWNER compatible with USE_PSA_CRYPTO
2022-01-18 09:16:25 +01:00
Manuel Pégourié-Gonnard
a15503fcdd
Merge pull request #5344 from AndrzejKurek/psa-aead-more-generate-nonce-combinations
...
PSA AEAD: test more combinations of generate_nonce and set_lengths
2022-01-17 13:12:04 +01:00
Andrzej Kurek
b9fbc11e2c
Dynamically allocate iv in dec_empty_buf tests
...
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-01-14 16:31:54 +01:00
Andrzej Kurek
8be8e4a524
Add a missing test case to ChaCha20 tests - decrypt empty buffer
...
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-01-14 16:31:54 +01:00
Andrzej Kurek
63439eda62
Return an error for IV lengths other than 12 with ChaCha20+Poly1305
...
The implementation was silently overwriting the IV length to 12
even though the caller passed a different value.
Change the behavior to signal that a different length is not supported.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-01-14 16:31:54 +01:00
Andrzej Kurek
33ca6af8a3
Return an error for IV lengths other than 12 with ChaCha20
...
The implementation was silently overwriting the IV length to 12
even though the caller passed a different value.
Change the behavior to signal that a different length is not supported.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-01-14 16:31:54 +01:00
Przemyslaw Stekiel
0c8e0d0c30
driver tests: fix duplicated test names
...
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2022-01-10 12:55:06 +01:00
Przemyslaw Stekiel
0a875ef2d7
Add driver PSA_ALG_RSA_OAEP tests for asymmetric encrypt/decrypt
...
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2022-01-10 12:55:06 +01:00
Przemyslaw Stekiel
eed991bf4e
Add driver dispatch tests for RSA message verify
...
Tested algs:
PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256)
PSA_ALG_RSA_PSS(PSA_ALG_SHA_256)
PSA_ALG_RSA_PSS_ANY_SALT(PSA_ALG_SHA_256)
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2022-01-10 12:55:06 +01:00
Przemyslaw Stekiel
66ed8d680f
Add driver dispatch tests for RSA message sign
...
Tested algs:
PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256)
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2022-01-10 12:55:06 +01:00
Przemyslaw Stekiel
d06e927325
Add driver dispatch tests for RSA hash verify
...
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2022-01-10 12:55:06 +01:00
Przemyslaw Stekiel
9b52a15872
Add driver dispatch tests for RSA hash sign
...
Tested key types:
PSA_ALG_RSA_PKCS1V15_SIGN_RAW
PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256)
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2022-01-10 12:55:06 +01:00
Przemyslaw Stekiel
de13365cf6
test_suite_psa_crypto_driver_wrappers.function: trim trailing whitespace
...
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2022-01-10 12:55:06 +01:00
Przemyslaw Stekiel
06a9fee67d
Add driver tests for asymmetric encrypt/decrypt
...
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2022-01-10 12:55:06 +01:00
Bence Szépkúti
08f34656cb
Return the same error in multipart and single shot AEAD
...
psa_aead_encrypt_setup() and psa_aead_decrypt_setup() were returning
PSA_ERROR_INVALID_ARGUMENT, while the same failed checks were producing
PSA_ERROR_NOT_SUPPORTED if they happened in psa_aead_encrypt() or
psa_aead_decrypt().
The PSA Crypto API 1.1 spec will specify PSA_ERROR_INVALID_ARGUMENT
in the case that the supplied algorithm is not an AEAD one.
Also move these shared checks to a helper function, to reduce code
duplication and ensure that the functions remain in sync.
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2022-01-07 19:36:07 +01:00
Andrzej Kurek
dc137252a1
Add tests for an opaque import in the driver wrappers
...
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-01-03 14:26:50 +01:00
Andrzej Kurek
03e01461ad
Make KEY_ID_ENCODES_OWNER compatible with USE_PSA_CRYPTO
...
Fix library references, tests and programs.
Testing is performed in the already present all.sh test.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-01-03 12:53:24 +01:00
Max Fillinger
0bb38336a5
Add function to get md info from md context
...
Signed-off-by: Max Fillinger <max@max-fillinger.net>
2021-12-28 16:32:00 +01:00
Dave Rodgman
b8c3301b80
Revert "Add generated files"
...
This reverts commit 4e62cbc322
.
2021-12-17 09:44:04 +00:00
Andrzej Kurek
ad83752811
PSA AEAD: test more combinations of generate_nonce and set_lengths
...
Extend PSA AEAD testing by adding CCM and ChaChaPoly.
Add more combinations of functions to test the API.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2021-12-15 15:30:29 +01:00
Ronald Cron
4e62cbc322
Add generated files
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-12-15 09:02:53 +01:00
Ronald Cron
17b1e2f6c3
Bump version to 3.1.0
...
Executed ./scripts/bump_version.sh --version 3.1.0 --so-crypto 11 --so-tls 17
+ fix of build_info.h
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-12-15 09:02:53 +01:00
Ronald Cron
8188d19b0e
Merge branch 'development-restricted' into mbedtls-3.1.0rc-pr
2021-12-14 10:58:18 +01:00
Gilles Peskine
a5c18512b9
Merge pull request #5155 from paul-elliott-arm/pcks12_fix
...
Fixes for pkcs12 with NULL and/or zero length password
2021-12-13 14:52:36 +01:00
Paul Elliott
6e7deb1d55
Add expected output for tests
...
Expected output generated by OpenSSL (see below) apart from the case
where both password and salt are either NULL or zero length, as OpenSSL
does not support this. For these test cases we have had to use our own
output as that which is expected. Code to generate test cases is as
follows:
#include <openssl/pkcs12.h>
#include <openssl/evp.h>
#include <string.h>
int Keygen_Uni( const char * test_name, unsigned char *pass, int
passlen, unsigned char *salt,
int saltlen, int id, int iter, int n,
unsigned char *out, const EVP_MD
*md_type )
{
size_t index;
printf( "%s\n", test_name );
int ret = PKCS12_key_gen_uni( pass, passlen, salt, saltlen, id, iter,
n, out, md_type );
if( ret != 1 )
{
printf( "Key generation returned %d\n", ret );
}
else
{
for( index = 0; index < n; ++index )
{
printf( "%02x", out[index] );
}
printf( "\n" );
}
printf( "\n" );
}
int main(void)
{
unsigned char out_buf[48];
unsigned char pass[64];
int pass_len;
unsigned char salt[64];
int salt_len;
/* If ID=1, then the pseudorandom bits being produced are to be used
as key material for performing encryption or decryption.
If ID=2, then the pseudorandom bits being produced are to be
used as an IV (Initial Value) for encryption or decryption.
If ID=3, then the pseudorandom bits being produced are
to be used as an integrity key for MACing.
*/
int id = 1;
int iter = 3;
memset( out_buf, 0, sizeof( out_buf ) );
memset( pass, 0, sizeof( pass ) );
memset( salt, 0, sizeof( salt ) );
Keygen_Uni( "Zero length pass and salt", pass, 0, salt, 0, id, iter,
sizeof(out_buf),
out_buf, EVP_md5( ) );
memset( out_buf, 0, sizeof( out_buf ) );
Keygen_Uni( "NULL pass and salt", NULL, 0, NULL, 0, id, iter,
sizeof(out_buf),
out_buf, EVP_md5( ) );
memset( out_buf, 0, sizeof( out_buf ) );
salt[0] = 0x01;
salt[1] = 0x23;
salt[2] = 0x45;
salt[3] = 0x67;
salt[4] = 0x89;
salt[5] = 0xab;
salt[6] = 0xcd;
salt[7] = 0xef;
Keygen_Uni( "Zero length pass", pass, 0, salt, 8, id, iter,
sizeof(out_buf),
out_buf, EVP_md5( ) );
memset( out_buf, 0, sizeof( out_buf ) );
Keygen_Uni( "NULL pass", NULL, 0, salt, 8, id, iter, sizeof(out_buf),
out_buf, EVP_md5( ) );
memset( out_buf, 0, sizeof( out_buf ) );
memset( salt, 0, sizeof( salt ) );
pass[0] = 0x01;
pass[1] = 0x23;
pass[2] = 0x45;
pass[3] = 0x67;
pass[4] = 0x89;
pass[5] = 0xab;
pass[6] = 0xcd;
pass[7] = 0xef;
Keygen_Uni( "Zero length salt", pass, 8, salt, 0, id, iter,
sizeof(out_buf),
out_buf, EVP_md5( ) );
memset( out_buf, 0, sizeof( out_buf ) );
Keygen_Uni( "NULL salt", pass, 8, NULL, 0, id, iter, sizeof(out_buf),
out_buf, EVP_md5( ) );
memset( out_buf, 0, sizeof( out_buf ) );
salt[0] = 0x01;
salt[1] = 0x23;
salt[2] = 0x45;
salt[3] = 0x67;
salt[4] = 0x89;
salt[5] = 0xab;
salt[6] = 0xcd;
salt[7] = 0xef;
Keygen_Uni( "Valid pass and salt", pass, 8, salt, 8, id, iter,
sizeof(out_buf),
out_buf, EVP_md5( ) );
return 0;
}
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-12-10 20:53:59 +00:00
Ronald Cron
2331fdb280
Merge pull request #5293 from ronald-cron-arm/tls13-mvp-misc
...
Miscellaneous final changes for TLS 1.3 MVP release
2021-12-10 17:46:47 +01:00
Gilles Peskine
dc8ecda46f
Don't fail until everything is initialized
...
Can't call mbedtls_cipher_free(&invalid_ctx) in cleanup if
mbedtls_cipher_init(&invalid_ctx) hasn't been called.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-12-10 14:28:31 +01:00
Ronald Cron
6f135e1148
Rename MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL to MBEDTLS_SSL_PROTO_TLS1_3
...
As we have now a minimal viable implementation of TLS 1.3,
let's remove EXPERIMENTAL from the config option enabling
it.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-12-10 13:47:55 +01:00
Gilles Peskine
fe051f6aab
Merge pull request #5297 from paul-elliott-arm/test_suite_cipher_returns
...
Add checked return to cipher setup in Cipher tests
2021-12-10 10:39:57 +01:00
Paul Elliott
0cf7e38606
Add checked return to cipher setup
...
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-12-09 18:27:01 +00:00
Paul Elliott
46a6c20d0c
Add checked returns to tests without them.
...
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-12-09 18:16:13 +00:00
Gilles Peskine
d5b2a59826
Merge pull request #5047 from paul-elliott-arm/psa-m-aead-ccm
...
PSA Multipart AEAD CCM Internal implementation and tests.
2021-12-09 14:49:42 +01:00
Manuel Pégourié-Gonnard
d7d740eb6e
Merge pull request #5236 from gabor-mezei-arm/4926_base64_move_constant-time_functions
...
Move base64 constant-time functions to the new module
2021-12-09 12:40:18 +01:00
Paul Elliott
37ec16b579
Add explanation for workaround in test code
...
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-12-09 09:44:11 +00:00
Paul Elliott
3938fef25c
Indicate set nonce negative test failure reasons
...
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-12-08 20:09:09 +00:00
Manuel Pégourié-Gonnard
39c2aba920
Merge pull request #849 from ronald-cron-arm/fix-cipher-iv
...
Avoid using encryption output buffer to pass generated IV to PSA driver
2021-12-08 13:30:06 +01:00
Gilles Peskine
392113434a
Merge pull request #5263 from ronald-cron-arm/psa-test-driver_3.x
...
Forward port to 3.x: Introduce PSA test driver library to test PSA configuration
2021-12-07 12:52:20 +01:00
Ronald Cron
8c8cea25c7
Merge pull request #5166 from xffbai/code-align
...
Align the TLS 1.3 code with coding rules
2021-12-06 10:54:00 +01:00
Ronald Cron
c9586dbbcf
tests: psa: Add dependencies on built-in hash
...
Add dependencies on built-in hash of signature/
signature verification and asymmetric
encryption/decryption tests. The dependency is
not added for tests based on SHA-256 as SHA-256
is always present when PSA is involved (necessary
to the PSA core) and that way most of PSA signature
/verification tests are still run when PSA hash
operations are accelerated.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-12-06 07:50:27 +01:00
Ronald Cron
d21e6b71d5
tests: psa: Fix the dependencies on some driver wrappers fallback tests
...
The driver wrappers fallback tests depend on the builtin
support not builtin or driver.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-12-03 18:55:33 +01:00
Ronald Cron
ae4a690926
tests: psa: Fix MD5 support not available dependencies
...
MD5 should not be supported by the library and any driver.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-12-03 18:55:33 +01:00
Ronald Cron
18cd8db99a
tests: ssl: Add misssing dependencies on SHA-1
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-12-03 18:55:33 +01:00
Ronald Cron
40e46cf89c
tests: psa: Remove wrong test function dependencies
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-12-03 18:55:33 +01:00
Gilles Peskine
1bbf6d645b
Merge pull request #5149 from mfil/feature/additional_cipher_info_getters
...
Additional cipher_info getters
2021-12-03 17:21:51 +01:00
Xiaofei Bai
d25fab6f79
Update based on comments
...
Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com>
2021-12-02 06:36:27 +00:00
Paul Elliott
4768a30d9b
Simplify Input usage macros
...
Also ensure they are used in test data rather than values
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-11-30 16:39:51 +00:00
Paul Elliott
df00695bfc
Rename (and relabel) pkcs12 test case
...
Remove surplus _test suffix. Change labeling from Pcks12 to PCKS#12 as
it should be.
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-11-30 16:31:10 +00:00
Paul Elliott
3584ae4d5f
Remove incorrect test dependency
...
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-11-30 16:21:27 +00:00
Max Fillinger
72abd8a9c3
Fix type for iv size and block size in tests
...
Signed-off-by: Max Fillinger <max@max-fillinger.net>
2021-11-28 14:13:52 +01:00
Gabor Mezei
d77b86cc5b
Delete base64_invasive.h due to functions are moved to the constant-time module
...
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2021-11-26 17:20:02 +01:00
Gabor Mezei
28d611559e
Move mbedtls_ct_uchar_mask_of_range function to the constant-time module
...
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2021-11-26 17:09:38 +01:00
Gabor Mezei
b8d78926eb
Rename functions to have suitable name
...
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2021-11-26 16:51:18 +01:00
Ronald Cron
13ed5c1c05
test: psa driver wrapper: Add non regression test for psa_cipher_encrypt()
...
Add non regression test for invalid usage of
the output buffer in psa_cipher_encrypt().
The output buffer should not be used to pass
the IV to the driver as a local attacker could
be able to control the used IV.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-11-26 15:46:20 +01:00
Ronald Cron
c60772c5d9
test: psa driver wrapper: Add cipher_encrypt negative testing
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-11-26 15:46:20 +01:00
Ronald Cron
2d75cd72da
test: psa driver wrapper: Add non regression test for psa_cipher_generate_iv()
...
Add non regression test for invalid usage of
the output buffer in psa_cipher_generate_iv().
The output buffer should not be used to pass
the IV to the driver as a local attacker could
be able to control the used IV.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-11-26 15:46:20 +01:00
Ronald Cron
6c9bb0f71e
test: psa cipher: Add unexpected IV setting/generation negative tests
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-11-26 15:46:20 +01:00
Xiaofei Bai
746f9481ea
Fix 1_3/13 usages in macros and function names
...
Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com>
2021-11-26 08:08:36 +00:00
Gilles Peskine
161d661d90
Merge pull request #5222 from paul-elliott-arm/fix_test_suite_ssl
...
Fix test_suite_ssl compilation errors with GCC11
2021-11-25 22:02:43 +01:00
Paul Elliott
21c8fe5c6e
Fix compilation errors.
...
Under gcc11(+) both message and received would cause errors for
potentially being used uninitialised. We fixed many of these issues in
another PR, but this one is only seen under certain configs.
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-11-24 17:19:51 +00:00
Gabor Mezei
be7b21da22
Merge branch 'development' into 3649_move_constant_time_functions_into_separate_module
2021-11-24 10:44:13 +01:00
Paul Elliott
bfa273e507
Fix missing test dependancies
...
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-11-22 17:50:26 +00:00
Paul Elliott
d663543004
Add PKCS12 tests
...
Only regression tests for the empty password bugs for now. Further tests
will follow later.
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-11-22 10:10:24 +00:00
Bence Szépkúti
6d48e20d4b
Indicate nonce sizes invalid for ChaCha20-Poly1305
...
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2021-11-17 18:06:11 +01:00
Bence Szépkúti
357b78e42c
Indicate if we know that a nonce length is invalid
...
This restores the behaviour found in the previously released versions
and development_2.x.
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2021-11-17 18:06:04 +01:00
Dave Rodgman
491d849ad1
Fix derive_input test ignoring parameter
...
Fix derive_input test hardcoding key type instead of using test argument.
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2021-11-16 16:05:06 +00:00
Dave Rodgman
3f86a90261
Update test to handle changed error code
...
Update test to handle changed error code from psa_key_derivation_output_key
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2021-11-16 16:05:06 +00:00
Gilles Peskine
f1a7ea88d1
Merge pull request #5092 from mprse/generate_key2
...
Generate test cases for PSA key generation
2021-11-10 20:55:35 +01:00
Max Fillinger
c60c3a0c77
Include new getters in test suites
...
Signed-off-by: Max Fillinger <max@max-fillinger.net>
2021-11-10 15:12:04 +01:00
Manuel Pégourié-Gonnard
087f04783d
Merge pull request #5076 from mstarzyk-mobica/psa_ccm_no_tag
...
PSA CCM*-no-tag
2021-11-10 10:18:55 +01:00
Gilles Peskine
4db2624bfe
Fix test bug: some classification flags were not tested
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-11-03 15:51:32 +01:00