mbedtls

Author	SHA1	Message	Date
Dave Rodgman	17152df58d	Merge pull request #7175 from paul-elliott-arm/interruptible_sign_hash_test_comments Interruptible sign hash test comments	2023-02-28 17:09:43 +00:00
Gilles Peskine	ebb63420cc	Merge pull request #7124 from oberon-microsystems/fix-test-output-length-on-success-only Fix test to check output length on PSA_SUCCESS only	2023-02-28 18:09:33 +01:00
Bence Szépkúti	35d674a6ee	Replace usage of echo -e in pkcs7 data Makefile This use of the shell builtin is not portable. Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>	2023-02-28 17:01:21 +01:00
Dave Rodgman	ffb4dc38c8	Merge pull request #7183 from paul-elliott-arm/interruptible_sign_hash_test_max_ops_0 Interruptible {sign\|verify} hash : Change max_ops=min tests to use a value of zero.	2023-02-28 15:56:01 +00:00
Bence Szépkúti	4a2fff6369	Fix expected error code This was overlooked during the rebase. Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>	2023-02-28 16:40:27 +01:00
Gabor Mezei	804cfd32ea	Follow the naming convention Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2023-02-27 16:50:09 +01:00
Paul Elliott	ac2251dad1	Merge pull request #7076 from mprse/parse_RFC822_name Add parsing of x509 RFC822 name + test	2023-02-27 14:16:13 +00:00
Paul Elliott	cd7e8bce03	Change max_ops=min tests to use zero Zero is the minimum value defined by the spec, just because the internal implementation treats zero and one as the same thing does not mean that other implementations will also do so. Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2023-02-27 12:21:36 +00:00
Stephan Koch	5819d2c141	Feedback from Arm: guarantee that output_length <= output_size even on error, to reduce the risk that a missing error check escalates into a buffer overflow in the application code Signed-off-by: Stephan Koch <koch@oberon.ch>	2023-02-27 11:49:13 +01:00
oberon-sk	10c0f770ce	asymmetric_encrypt: check output length only if return code is PSA_SUCCESS. Signed-off-by: Stephan Koch <koch@oberon.ch>	2023-02-27 11:48:51 +01:00
Paul Elliott	c2033502f5	Give edge case tests a better name Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2023-02-26 18:47:58 +00:00
Paul Elliott	c7f6882995	Add comments to each test case to show intent Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2023-02-26 18:47:58 +00:00
Dave Rodgman	21dfce7a5c	Add tests Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-02-25 17:10:38 +00:00
Bence Szépkúti	248971348b	Replace fuzzer-generated PKCS7 regression tests This commit adds well-formed reproducers for the memory management issues fixed in the following commits: `290f01b3f5` `e7f8c616d0` `f7641544ea` Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>	2023-02-24 15:31:03 +01:00
Manuel Pégourié-Gonnard	623c73b46d	Remove config.py call on now-internal option It turns out config.py wouldn't complain, but it's still confusing. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2023-02-23 20:36:05 +01:00
Gilles Peskine	df6e84a447	Test the PSA alternative header configuration macros Test that MBEDTLS_PSA_CRYPTO_PLATFORM_FILE and MBEDTLS_PSA_CRYPTO_STRUCT_FILE can be set to files in a directory that comes after the standard directory in the include file search path. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2023-02-23 17:18:33 +01:00
Valerio Setti	1af76d119d	ssl-opt: automatically detect requirements from the specified certificates This moslty focus on tests using "server5*" cerificate. Several cases are taken into account depending on: - TLS version (1.2 or 1.3) - server or client roles Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-02-23 16:55:59 +01:00
Valerio Setti	3f2309fea6	ssl-opt: remove redundant requires_config_enabled when force_ciphersuite is set Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-02-23 13:47:30 +01:00
Manuel Pégourié-Gonnard	0d4152186d	Make MBEDTLS_MD_LIGHT private for now. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2023-02-23 13:02:13 +01:00
Valerio Setti	d1f991c879	ssl-opt: fix required configs in ECDSA related tests Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-02-23 09:31:41 +01:00
Pengyu Lv	9e7bb2a92c	Update some comments Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>	2023-02-23 16:03:56 +08:00
Janos Follath	406b9172ad	Merge pull request #7044 from minosgalanakis/bignum/6342_add_named_moduli_setup Bignum: Add named moduli setup	2023-02-22 12:14:33 +00:00
Valerio Setti	6445912d9c	test: enable ssl-opt in test_psa_crypto_config_[accel/reference]_ecdsa_use_psa Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-02-22 12:35:16 +01:00
Pengyu Lv	07d5085fcf	Skip ECDH ciphersuites for O->m pair The mechanism of detecting unsupported ciphersuites for OpenSSL client doesn't work on a modern OpenSSL. At least, it fails on Travis CI which is installed with OpenSSL 1.1.1f. So we need to skip ECDH cipher- suites for O->m. Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>	2023-02-22 12:18:48 +08:00
Pengyu Lv	a64c277588	compat.sh: Skip all ECDH_ ciphersuites Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>	2023-02-22 10:19:40 +08:00
Gilles Peskine	ffb92b0789	Merge pull request #7105 from davidhorstmann-arm/fix-oid-printing-bug Fix bugs in OID to string conversion	2023-02-21 23:16:44 +01:00
Paul Elliott	48c591cb56	Fix warning with GCC 12 Fix warning about variable being used uninitialised. Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2023-02-21 16:31:56 +00:00
Gilles Peskine	250a5ac4cb	Merge pull request #7095 from paul-elliott-arm/interruptible_sign_hash_codestyle Implement PSA interruptible sign/verify hash	2023-02-21 15:13:34 +01:00
Manuel Pégourié-Gonnard	d1c001aff7	Fix some dependencies in test_suite_psa_crypto Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2023-02-21 13:37:17 +01:00
Przemek Stekiel	a006f8c17b	Adapt dependencies for parsing rfc822Name test Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2023-02-21 13:36:56 +01:00
Manuel Pégourié-Gonnard	e91bcf31b6	Add comparison of accel_ecdh_use_psa against ref With temporary exclusions to be lifted as follow-ups. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2023-02-21 13:07:19 +01:00
Dave Rodgman	e42cedf256	Merge pull request #7077 from daverodgman/pkcs7-fixes-dm-rebased Pkcs7 fixes	2023-02-21 11:53:30 +00:00
Manuel Pégourié-Gonnard	59a2b8fd57	Add component accel_ecdh_use_psa Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2023-02-21 12:42:31 +01:00
Manuel Pégourié-Gonnard	e3095e7cb0	Add comments to accel_ecdh component Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2023-02-21 12:19:06 +01:00
Gabor Mezei	f65a059a64	Add test generation for ecp_mod_p224_raw Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2023-02-21 11:40:27 +01:00
Gabor Mezei	66f88a9d22	Extract Secp224r1 from the prototype Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2023-02-21 11:32:29 +01:00
Pengyu Lv	5e780df3e3	Only use standard cipher name Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>	2023-02-21 14:19:27 +08:00
David Horstmann	a4fad2ba67	Correct error code in test_suite_x509parse.data Signed-off-by: David Horstmann <david.horstmann@arm.com>	2023-02-20 14:57:47 +00:00
Dave Rodgman	716163e824	Improve allocation bounds in testing Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-02-20 14:46:51 +00:00
David Horstmann	5b5a0b618c	Change error codes to more appropriate codes The more precise error codes are borrowed from the ASN1 module. Signed-off-by: David Horstmann <david.horstmann@arm.com>	2023-02-20 14:24:12 +00:00
Przemek Stekiel	5b9e4168cf	Add rfc822Name support in mbedtls_x509_info_subject_alt_name + adapt test Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2023-02-20 15:09:50 +01:00
Przemek Stekiel	608e3efc47	Add test for parsing SAN: rfc822Name Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2023-02-20 15:09:50 +01:00
Minos Galanakis	a30afe2216	ecp_curves: Minor refactoring. This patch introduces the following changes: * Documentation for `mbedtls_ecp_modulus_setup()` moved to `ecp_invasive.h`. * Added invalid modulus selector `MBEDTLS_ECP_MOD_NONE`. * Adjusted negative tests to use invalid selectors. * Reworded documentation. Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>	2023-02-20 13:53:06 +00:00
Minos Galanakis	36f7c0e69b	test_suite_ecp: Added .data for `ecp_setup_test()` Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>	2023-02-20 13:51:49 +00:00
Minos Galanakis	9a1d02d738	test_suite_ecp: Added test for `mbedtls_ecp_modulus_setup()` Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>	2023-02-20 13:51:48 +00:00
Janos Follath	ec718afb41	Merge pull request #7051 from gabor-mezei-arm/6376_Secp521r1_fast_reduction Add a raw entry point to Secp521r1 fast reduction	2023-02-20 13:03:12 +00:00
Manuel Pégourié-Gonnard	9e04b5bcfc	Disable MD-light in accel_hash_use_psa Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2023-02-20 12:53:23 +01:00
Manuel Pégourié-Gonnard	718eb4f190	Merge pull request #7025 from AndrzejKurek/uri_san Add the uniformResourceIdentifier subtype for the subjectAltName	2023-02-20 11:29:59 +01:00
Pengyu Lv	1c0e4c013a	compat.sh: skip static ECDH cases if unsupported in openssl This commit add support to detect if openssl used for testing supports static ECDH key exchange. Skip the ciphersutes if openssl doesn't support them. Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>	2023-02-20 18:05:21 +08:00
Paul Elliott	f8e5b56ad8	Fix get_num_ops internal code. Previously calling get_num_ops more than once would have ended up with ops getting double counted, and not calling inbetween completes would have ended up with ops getting missed. Fix this by moving this to where the work is actually done, and add tests for double calls to get_num_ops(). Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2023-02-19 18:55:10 +00:00
oberon-sk	6d50173d9c	Handle Edwards curves similar to Montgomery curves wrt key export length. Signed-off-by: Stephan Koch <koch@oberon.ch>	2023-02-17 11:19:20 +01:00
Manuel Pégourié-Gonnard	b9b630d628	Define "light" subset of MD See docs/architecture/psa-migration/md-cipher-dispatch.md Regarding testing, the no_md component was never very useful, as that's not something people are likely to want to do: it was mostly useful as executable documentation of what depends on MD. It's going to be even less useful when more and more modules auto-enable MD_LIGHT or even MD_C. So, recycle it to test the build with only MD_LIGHT, which is something that might happen in practice, and is necessary to ensure that the division is consistent. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2023-02-16 22:30:06 +01:00
Manuel Pégourié-Gonnard	ba2412fd21	Remove internal function md_process() It was already marked as internal use only, and no longer used internally. Also, it won't work when we dispatch to PSA. Remove it before the MD_LIGHT split to avoid a corner case: it's technically a hashing function, no HMAC or extra metadata, but we still don't want it in MD_LIGHT really. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2023-02-16 18:44:46 +01:00
Dave Rodgman	d652dce9ea	Add failing test case (invalid signature) for zero-length data Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-02-16 16:39:34 +00:00
Dave Rodgman	c5874db5b0	Add test-case for signature over zero-length data Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-02-16 16:14:46 +00:00
Paul Elliott	0af1b5367b	Remove some abbrevations from test descriptions. Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2023-02-16 12:15:39 +00:00
Paul Elliott	96b89b208a	Add comment to indicate non-PSA spec assertion. Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2023-02-16 12:15:39 +00:00
Paul Elliott	f1743e2440	Add verify call to max ops tests Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2023-02-16 12:15:39 +00:00
Paul Elliott	c86d45e8a1	Remove spurious incorrect comment Comment originated from original version of this code, and the newer comment which was added when it was pulled into a seperate function covers all cases. Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2023-02-15 23:34:29 +00:00
Paul Elliott	efebad0d67	Run extra complete in failure tests regardless. We do not need to expect to fail, running another complete in either sign or verify after successful completion should also return BAD_STATE. Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2023-02-15 23:34:29 +00:00
Paul Elliott	01885fa5e5	Fix include guards on auxiliary test function. Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2023-02-15 23:34:29 +00:00
Paul Elliott	a4cb909fcd	Add max ops tests Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2023-02-15 23:34:29 +00:00
Paul Elliott	76d671ad73	Split state tests into two functions Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2023-02-15 23:34:29 +00:00
Paul Elliott	b830b35fb1	Shorten test descriptions. Also mark some tests as being deterministic ECDSA where this was lacking. Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2023-02-15 23:34:29 +00:00
Paul Elliott	1243f93cca	Fix build fails with non ECDSA / restartable builds Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2023-02-15 23:34:29 +00:00
Paul Elliott	6f60037589	Move {min\|max}_complete choice logic into function Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2023-02-15 23:34:29 +00:00
Paul Elliott	c9774411d4	Ensure that operation is put into error state if error occurs If an error occurs, calling any function on the same operation should return PSA_ERROR_BAD_STATE, and we were not honouring that for all errors. Add extra failure tests to try and ratify this. Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2023-02-15 23:34:29 +00:00
Paul Elliott	f9c91a7fb5	Store the hash, rather than the pointer For sign and verify, the pointer passed in to the hash is not guaranteed to remain valid inbetween calls, thus we need to store the hash in the operation. Added a test to ensure this is the case. Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2023-02-15 23:34:29 +00:00
Paul Elliott	0e9d6bd3f8	Replace MBEDTLS_ECP_DP_SECP384R1_ENABLED With more appropriate PSA_WANT_ECC_SECP_R1_384 Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2023-02-15 23:34:29 +00:00
Paul Elliott	813f9cdcbb	Non ECDSA algorithms should return not supported Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2023-02-15 23:34:29 +00:00
Paul Elliott	ab7c5c8550	Change incorrect define for MAX_OPS_UNLIMITED Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2023-02-15 23:34:29 +00:00
Paul Elliott	cb23311bd0	Fix incorrect test dependencies part 2 Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2023-02-15 23:34:29 +00:00
Paul Elliott	c4e2be86ef	Fix incorrect test dependancies Test for not having determnistic ECDSA was also being run when no ECDSA, and this fails earlier. Fixed this and added a specific test for no ECDSA. Also fixed (swapped) incorrect test descriptions. Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2023-02-15 23:34:29 +00:00
Paul Elliott	62dfb95993	Fix broken negative test Test for unsupported deterministic ECDSA was originally passing due to incorrect code, fixing the code unfortunately broke the test. Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2023-02-15 23:34:29 +00:00
Paul Elliott	97ac7d9090	Calculate min/max completes rather than passing in to test Only 2 options were really possible anyway - complete in 1 op, or somewhere between 2 and max ops. Anything else we cannot test due to implementation specifics. Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2023-02-15 23:34:29 +00:00
Paul Elliott	334d726d40	Ensure ops are tested on successful 'fail' tests Make sure the number of ops is tested in the interruptible failure tests, should they get through the interruptible loop part. Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2023-02-15 23:34:29 +00:00
Paul Elliott	edfc883568	Change test loops over to do...while Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2023-02-15 23:34:29 +00:00
Paul Elliott	59ad9457b6	Add {sign/verify}_hash_abort_internal Ensure that num_ops is cleared when manual abort is called, but obviously not when an operation just completes, and test this. Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2023-02-15 23:34:29 +00:00
Paul Elliott	20a360679b	Add State tests Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2023-02-15 23:34:29 +00:00
Paul Elliott	0c68335a42	Convert tests to configurable max_ops Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2023-02-15 23:34:29 +00:00
Paul Elliott	4cec2f60dc	Add interruptible to psa_op_fail tests Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2023-02-15 23:34:29 +00:00
Paul Elliott	9100797cb3	Negative tests Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2023-02-15 23:34:29 +00:00
Paul Elliott	712d512007	Basic tests Sign Hash, Verify Hash and Sign and Verify Hash. Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2023-02-15 23:34:29 +00:00
Gabor Mezei	555b1f7e44	Add check for test Check the bit length of the output of ecp_mod_p521_raw. Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2023-02-15 18:19:09 +01:00
Gabor Mezei	cf228706cd	Restrict input parameter size for ecp_mod_p521_raw The imput mpi parameter must have twice as many limbs as the modulus. Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2023-02-15 18:19:08 +01:00
Gabor Mezei	b62ad5d569	Rename function to follow naming convention Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2023-02-15 18:13:48 +01:00
Gabor Mezei	d8f67b975b	Add test generation for ecp_mod_p521_raw Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2023-02-15 18:13:48 +01:00
Gilles Peskine	e2a9f86755	Merge pull request #6971 from gabor-mezei-arm/6026_Secp192r1_fast_reduction Extract Secp192r1 fast reduction from the prototype	2023-02-15 16:22:36 +01:00
David Horstmann	895eb7c9b5	Add testcases for overlong encoding of OIDs Signed-off-by: David Horstmann <david.horstmann@arm.com>	2023-02-15 12:09:41 +00:00
David Horstmann	f01de145bd	Add tests for mbedtls_oid_get_numeric_string() Signed-off-by: David Horstmann <david.horstmann@arm.com>	2023-02-15 11:45:51 +00:00
Andrzej Kurek	72082dc28e	Improve tests/scripts/depends.py code As suggested by gilles-peskine-arm. Co-authored-by: Gilles Peskine <gilles.peskine@arm.com> Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2023-02-15 05:20:33 -05:00
Gilles Peskine	c5e2a4fe67	Merge pull request #6937 from valeriosetti/issue6886 Add test for PK parsing of keys using compressed points	2023-02-14 19:54:29 +01:00
Andrzej Kurek	570a0f808b	Move to DER certificates for new x509 tests Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2023-02-14 05:52:49 -05:00
Dave Rodgman	319a5675db	Merge pull request #7084 from daverodgman/sizemax-uintmax Assume SIZE_MAX >= INT_MAX, UINT_MAX	2023-02-14 10:06:22 +00:00
Andrzej Kurek	4077372b98	Fix SHA requirement for SAN URI tests Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2023-02-13 10:18:17 -05:00
Andrzej Kurek	7a05fab716	Added the uniformResourceIdentifier subtype for the subjectAltName. Co-authored-by: Hannes Tschofenig <hannes.tschofenig@arm.com> Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2023-02-13 10:03:07 -05:00
Valerio Setti	1b08d421a7	test: fix: replace CAN_ECDSA_SOME with CAN_ECDSA_SIGN+CAN_ECDSA_VERIFY when both are needed Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-02-13 15:35:37 +01:00
Valerio Setti	16f02e0196	test: adjust include after PK_CAN_ECDSA_SOME was moved Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-02-13 15:35:37 +01:00
Valerio Setti	d928aeb9ac	test_suite_ssl: use new macros for ECDSA capabilities Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-02-13 15:35:37 +01:00
Valerio Setti	ed02bb1f95	test_suite_debug: replace ECDSA_C with new ECDSA macros Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-02-13 15:35:37 +01:00

1 2 3 4 5 ...

8309 commits