Gilles Peskine
7be571ac85
Remove GNUTLS_LEGACY and OPENSSL_LEGACY
...
They aren't used anywhere.
Keep the command line options of all.sh to avoid breaking any wrapper
scripts that people might have.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-08-27 21:51:54 +02:00
Gilles Peskine
e29203be88
Stop using "legacy" OpenSSL and GnuTLS
...
None of the tests actually need GNUTLS_LEGACY (3.3.8): GNUTLS (3.4.10)
works.
None of the tests actually need OPENSSL_LEGACY (1.0.1j): OPENSSL (1.0.2g)
works.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-08-27 21:43:00 +02:00
Gilles Peskine
5f5e3886c5
Minor robustness improvement
...
Let openssl use any experimental or obsolete cipher that's not in ALL.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-08-27 21:41:31 +02:00
Gilles Peskine
5cb8605d79
ssl-opt.sh doesn't actually use OPENSSL_LEGACY, so remove it
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-08-27 21:40:56 +02:00
Gilles Peskine
8ca2041145
Merge pull request #8074 from tgonzalezorlandoarm/tg/allowlist
...
Implement allowlist of test cases that are legitimately not executed
2023-08-24 18:03:20 +00:00
David Horstmann
0ac57ca6c6
Rename is_psa_crypto -> in_psa_crypto_repo
...
(For consistency with all.sh)
Signed-off-by: David Horstmann <david.horstmann@arm.com>
2023-08-24 15:18:18 +01:00
David Horstmann
7f93d22ad9
Rename psa_crypto_lib_filename to just crypto_lib_filename
...
Signed-off-by: David Horstmann <david.horstmann@arm.com>
2023-08-24 15:18:18 +01:00
David Horstmann
4dcddcfae2
Parameterize out of source build directory
...
Use CMake to build the library out-of-source (rather than make)
in tests/scripts/test_psa_compliance.py and add a script argument for
the out-of-source build directory.
Signed-off-by: David Horstmann <david.horstmann@arm.com>
2023-08-24 15:18:18 +01:00
David Horstmann
76a7738537
Invert logic for repo detection in all.sh
...
Instead of:
! in_psa_crypto_repo()
use
in_mbedtls_repo()
Signed-off-by: David Horstmann <david.horstmann@arm.com>
2023-08-24 15:18:18 +01:00
David Horstmann
e31014a681
Tweak test_psa_compliance pylint annotations
...
Signed-off-by: David Horstmann <david.horstmann@arm.com>
2023-08-24 15:18:18 +01:00
David Horstmann
1d09184291
Modify test_psa_compliance.py for psa-crypto repo
...
Signed-off-by: David Horstmann <david.horstmann@arm.com>
2023-08-24 15:18:18 +01:00
David Horstmann
9a6c45b436
Make all.sh PSA-crypto-friendly
...
Introduce changes needed to run all.sh in the psa-crypto repo. Where
behaviour must differ, detect that we are in the psa-crypto repo by
checking for the 'core' directory.
Signed-off-by: David Horstmann <david.horstmann@arm.com>
2023-08-24 15:18:11 +01:00
Tomás González
d43cab3f5c
Correct analyze_outcomes identation
...
Signed-off-by: Tomás González <tomasagustin.gonzalezorlando@arm.com>
2023-08-24 09:12:40 +01:00
Agathiyan Bragadeesh
733766bc71
Remove trailing whitespace in data file.
...
Signed-off-by: Agathiyan Bragadeesh <agathiyan.bragadeesh2@arm.com>
2023-08-23 15:44:52 +01:00
Agathiyan Bragadeesh
de84f9d67a
Add test for rejecting empty AttributeValue
...
Signed-off-by: Agathiyan Bragadeesh <agathiyan.bragadeesh2@arm.com>
2023-08-23 11:44:04 +01:00
Gilles Peskine
e65bba4dd2
Merge pull request #7803 from gilles-peskine-arm/psa-low-hash-mac-size
...
Start testing the PSA built-in drivers: hashes
2023-08-22 11:19:41 +00:00
Tomás González
a0631446b5
Correct analyze_outcomes.py identation
...
Signed-off-by: Tomás González <tomasagustin.gonzalezorlando@arm.com>
2023-08-22 12:18:04 +01:00
Agathiyan Bragadeesh
ea3e83f36a
Amend test in test_suite_x509write
...
Needed since we now reject escaped null hexpairs in strings
Signed-off-by: Agathiyan Bragadeesh <agathiyan.bragadeesh2@arm.com>
2023-08-22 10:39:56 +01:00
Agathiyan Bragadeesh
01e9392c3f
Add malformatted DER test for string_to_names
...
Signed-off-by: Agathiyan Bragadeesh <agathiyan.bragadeesh2@arm.com>
2023-08-22 10:39:56 +01:00
Agathiyan Bragadeesh
cab79188ca
Remove redundant tests in test_suite_x509write
...
Signed-off-by: Agathiyan Bragadeesh <agathiyan.bragadeesh2@arm.com>
2023-08-22 10:39:56 +01:00
Agathiyan Bragadeesh
a0ba8aab2e
Add test for non ascii x509 subject name
...
Signed-off-by: Agathiyan Bragadeesh <agathiyan.bragadeesh2@arm.com>
2023-08-22 10:39:56 +01:00
Agathiyan Bragadeesh
a953f8ab36
Remove duplicate test in test_suite_x509write
...
The test for outputing a hexstring representation is actually
testing dn_gets, and is tested in test_suite_x509parse.
Signed-off-by: Agathiyan Bragadeesh <agathiyan.bragadeesh2@arm.com>
2023-08-22 10:39:56 +01:00
Agathiyan Bragadeesh
957ca0595d
Accept short name/ber encoded data in DNs
...
Signed-off-by: Agathiyan Bragadeesh <agathiyan.bragadeesh2@arm.com>
2023-08-22 10:39:56 +01:00
Agathiyan Bragadeesh
afdb187bbc
Add more comprehensive string to name tests
...
Signed-off-by: Agathiyan Bragadeesh <agathiyan.bragadeesh2@arm.com>
2023-08-22 10:39:56 +01:00
Agathiyan Bragadeesh
e59dedbce2
Add test reject null characters in string to names
...
Signed-off-by: Agathiyan Bragadeesh <agathiyan.bragadeesh2@arm.com>
2023-08-22 10:39:56 +01:00
Agathiyan Bragadeesh
5ca9848513
Reword test in test_suite_x509write
...
Signed-off-by: Agathiyan Bragadeesh <agathiyan.bragadeesh2@arm.com>
2023-08-22 10:39:56 +01:00
Agathiyan Bragadeesh
47cc76f070
Update x509 test for numericoid/hexstring output
...
Signed-off-by: Agathiyan Bragadeesh <agathiyan.bragadeesh2@arm.com>
2023-08-22 10:39:56 +01:00
Agathiyan Bragadeesh
ef299d6735
Add more tests for RFC 4514
...
Signed-off-by: Agathiyan Bragadeesh <agathiyan.bragadeesh2@arm.com>
2023-08-22 10:39:56 +01:00
Agathiyan Bragadeesh
404b4bb9ab
Add x509 tests for upper and lowercase hexpairs
...
Signed-off-by: Agathiyan Bragadeesh <agathiyan.bragadeesh2@arm.com>
2023-08-22 10:39:56 +01:00
Agathiyan Bragadeesh
dba8a641fe
Add and update tests for x509write and x509parse
...
Due to change in handling non-ascii characters, existing tests had to be
updated to handle the new implementation. New tests and certificates
are added to test the escaping functionality in edge cases.
Signed-off-by: Agathiyan Bragadeesh <agathiyan.bragadeesh2@arm.com>
2023-08-22 10:39:52 +01:00
Agathiyan Bragadeesh
ef2decbe4a
Escape hexpairs characters RFC 4514
...
Converts none ascii to escaped hexpairs in mbedtls_x509_dn_gets and
interprets hexpairs in mbedtls_x509_string_to_names.
Signed-off-by: Agathiyan Bragadeesh <agathiyan.bragadeesh2@arm.com>
2023-08-22 10:38:16 +01:00
Agathiyan Bragadeesh
48513b8639
Escape special characters RFC 4514
...
This escapes special characters according to RFC 4514 in
mbedtls_x509_dn_gets and de-escapes in mbedtls_x509_string_to_names.
This commit does not handle hexpairs.
Signed-off-by: Agathiyan Bragadeesh <agathiyan.bragadeesh2@arm.com>
2023-08-22 10:38:16 +01:00
Tomás González
5022311c9d
Tidy up allow list definition
...
* Don't break string literals in the allow list definition
* Comment each test that belongs to the allow list is there.
Signed-off-by: Tomás González <tomasagustin.gonzalezorlando@arm.com>
2023-08-22 09:54:28 +01:00
Tomás González
7ebb18fbd6
Make non-executed tests that are not in the allow list an error
...
* Turn the warnings produced when finding non-executed tests that
are not in the allow list into errors.
Signed-off-by: Tomás González <tomasagustin.gonzalezorlando@arm.com>
2023-08-22 09:47:49 +01:00
Gilles Peskine
6d14c2b858
Remove dead code
...
Do explain why we don't test a smaller buffer in addition to testing the
nominal size and a larger buffer.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-08-22 09:59:50 +02:00
Gilles Peskine
c9187c5866
New test suite for the low-level hash interface
...
Some basic test coverage for now:
* Nominal operation.
* Larger output buffer.
* Clone an operation and use it after the original operation stops.
Generate test data automatically. For the time being, only do that for
hashes that Python supports natively. Supporting all algorithms is future
work.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-08-22 09:59:42 +02:00
Tom Cosgrove
17d5081ffb
Merge pull request #8099 from gilles-peskine-arm/split-config_psa-prepare
...
Prepare to split config_psa.h
2023-08-22 07:30:46 +00:00
Gilles Peskine
fdb722384b
Move PSA information and dependency automation into their own module
...
This will let us use these features from other modules (yet to be created).
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-08-21 18:32:11 +02:00
Gilles Peskine
796bc2b8f9
Merge pull request #7486 from AndrzejKurek/calloc-also-zeroizes
...
Document mbedtls_calloc zeroization
2023-08-21 15:47:21 +00:00
Gilles Peskine
d686c2a822
Merge pull request #7971 from AgathiyanB/fix-data-files-makefile
...
Fix server1.crt.der in tests/data_files/Makefile
2023-08-21 14:43:07 +00:00
Gilles Peskine
44243e11ff
Remove obsolete header inclusions
...
Since 3.0.0, mbedtls_config.h (formerly config.h) no longer needs to include
config_psa.h or check_config.h: build_info.h takes care of that.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-08-21 16:10:06 +02:00
Janos Follath
e220d258fd
Merge pull request #8086 from yanesca/remove-new-bignum
...
Remove new bignum when not needed
2023-08-21 10:59:41 +00:00
Gilles Peskine
ead1766b5f
Fix PBKDF2 with empty salt segment on platforms where malloc(0)=NULL
...
"Fix PBKDF2 with empty salt on platforms where malloc(0)=NULL" took care of
making an empty salt work. But it didn't fix the case of an empty salt
segment followed by a non-empty salt segment, which still invoked memcpy
with a potentially null pointer as the source. This commit fixes that case,
and also simplifies the logic in the function a little.
Test data obtained with:
```
pip3 install cryptodome
python3 -c 'import sys; from Crypto.Hash import SHA256; from Crypto.Protocol.KDF import PBKDF2; cost = int(sys.argv[1], 0); salt = bytes.fromhex(sys.argv[2]); password = bytes.fromhex(sys.argv[3]); n = int(sys.argv[4], 0); print(PBKDF2(password=password, salt=salt, dkLen=n, count=cost, hmac_hash_module=SHA256).hex())' 1 "" "706173737764" 64
```
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-08-20 22:05:16 +02:00
Dave Rodgman
1fdc884ed8
Merge pull request #7384 from yuhaoth/pr/add-aes-accelerator-only-mode
...
AES: Add accelerator only mode
2023-08-18 20:55:44 +00:00
David Horstmann
cfae6a1ae9
Fix incorrect detection of HardwareModuleName
...
The hardware module name otherName SAN contains 2 OIDs:
OtherName ::= SEQUENCE {
type-id OBJECT IDENTIFIER,
value [0] EXPLICIT ANY DEFINED BY type-id }
HardwareModuleName ::= SEQUENCE {
hwType OBJECT IDENTIFIER,
hwSerialNum OCTET STRING }
The first, type-id, is the one that identifies the otherName as a
HardwareModuleName. The second, hwType, identifies the type of hardware.
This change fixes 2 issues:
1. We were erroneously trying to identify HardwareModuleNames by looking
at hwType, not type-id.
2. We accidentally inverted the check so that we were checking that
hwType did NOT match HardwareModuleName.
This fix ensures that type-id is correctly checked to make sure that it
matches the OID for HardwareModuleName.
Signed-off-by: David Horstmann <david.horstmann@arm.com>
2023-08-18 19:31:39 +01:00
Kusumit Ghoderao
8eb55891ad
Add tests in derive_key for pbkdf2
...
Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>
2023-08-18 22:04:31 +05:30
Kusumit Ghoderao
1dd596541b
Add tests in derive_key_type for pbkdf2
...
Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>
2023-08-18 22:04:31 +05:30
Kusumit Ghoderao
1fe806a1a0
Add tests in derive_key_export for pbkdf2
...
Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>
2023-08-18 22:04:31 +05:30
Kusumit Ghoderao
e8f6a0d791
Add tests for derive_key_exercise for pbkdf2
...
Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>
2023-08-18 22:04:31 +05:30
Kusumit Ghoderao
ac7a04ac15
Move parse_binary_string function to psa_crypto_helpers
...
Add test code for pbkdf2 in psa_exercise_key
Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>
2023-08-18 22:04:16 +05:30
Kusumit Ghoderao
5cad47df8a
Modify test description
...
The test data was generated using the python script.
PBKDF2_AES_CMAC_PRF_128 test vectors are generated using PyCryptodome library:
https://github.com/Legrandin/pycryptodome
Steps to generate test vectors:
1. pip install pycryptodome
2. Use the python script below to generate Derived key (see description for details):
Example usage:
pbkdf2_cmac.py <password> <salt> <number_of_iterations> <derived_key_len>
derive_output.py 4a30314e4d45 54687265616437333563383762344f70656e54687265616444656d6f 16384 16
password : 4a30314e4d45
salt : 54687265616437333563383762344f70656e54687265616444656d6f
input cost : 16384
derived key len : 16
output : 8b27beed7e7a4dd6c53138c879a8e33c
"""
from Crypto.Protocol.KDF import PBKDF2
from Crypto.Hash import CMAC
from Crypto.Cipher import AES
import sys
def main():
#check args
if len(sys.argv) != 5:
print("Invalid number of arguments. Expected: <password> <salt> <input_cost> <derived_key_len>")
return
password = bytes.fromhex(sys.argv[1])
salt = bytes.fromhex(sys.argv[2])
iterations = int(sys.argv[3])
dklen = int(sys.argv[4])
# If password is not 16 bytes then we need to use CMAC to derive the password
if len(password) != 16:
zeros = bytes.fromhex("00000000000000000000000000000000")
cobj_pass = CMAC.new(zeros, msg=password, ciphermod=AES, mac_len=16)
passwd = bytes.fromhex(cobj_pass.hexdigest())
else:
passwd = password
cmac_prf = lambda p,s: CMAC.new(p, s, ciphermod=AES, mac_len=16).digest()
actual_output = PBKDF2(passwd, salt=salt, dkLen=dklen, count=iterations, prf=cmac_prf)
print('password : ' + password.hex())
print('salt : ' + salt.hex())
print('input cost : ' + str(iterations))
print('derived key len : ' + str(dklen))
print('output : ' + actual_output.hex())
if __name__ == "__main__":
main()
"""
Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>
2023-08-18 12:49:07 +05:30
Bence Szépkúti
505dffd5e3
Merge pull request #7937 from yanrayw/code_size_compare_improvement
...
code_size_compare.py: preparation work to show code size changes in PR comment
2023-08-17 20:59:11 +00:00
Gilles Peskine
73936868b8
Merge remote-tracking branch 'development' into psa_crypto_config-in-full
...
Conflicts:
* tests/scripts/all.sh: component_test_crypto_full_no_cipher was removed
in the development branch.
2023-08-17 19:46:34 +02:00
Kusumit Ghoderao
e4d634cd87
Add tests with higher input costs for pbkdf2
...
Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>
2023-08-17 21:16:14 +05:30
Gilles Peskine
dbd13c3689
Merge pull request #7662 from lpy4105/issue/renew_cert_2027-01-01
...
Updating crt/crl files due to expiry before 2027-01-01
2023-08-17 15:38:35 +00:00
Janos Follath
f2334b7b39
Remove new bignum when not needed
...
New bignum modules are only needed when the new ecp_curves module is
present. Remove them when they are not needed to save code size.
Signed-off-by: Janos Follath <janos.follath@arm.com>
2023-08-17 14:36:59 +01:00
Waleed Elmelegy
4a0a989913
Fix unused parameters warnings when MBEDTLS_CIPHER_PADDING_PKCS7 is disabled
...
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
2023-08-17 14:20:58 +01:00
Waleed Elmelegy
87bc1e1cda
Fix heap overflow issue in pkcs5_pbes2 testing functions
...
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
2023-08-17 14:20:58 +01:00
Waleed Elmelegy
5d3f315478
Add new mbedtls_pkcs5_pbe2_ext function
...
Add new mbedtls_pkcs5_pbe2_ext function to replace old
function with possible security issues.
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
2023-08-17 14:20:58 +01:00
Gilles Peskine
294be94922
Merge pull request #7818 from silabs-Kusumit/PBKDF2_cmac_implementation
...
PBKDF2 CMAC implementation
2023-08-17 11:15:16 +00:00
Jerry Yu
f258d17acd
remove aesni + padlock - plain c tests
...
This test is not valid for padlock depends
on plain c
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-08-17 12:39:00 +08:00
Jerry Yu
bdd96b9adf
disable aesni for componets without cpu modifiers
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-08-16 17:34:27 +08:00
Gilles Peskine
d370f93898
Merge pull request #7898 from AndrzejKurek/csr-rfc822-dn
...
OPC UA - add support for RFC822 and DirectoryName SubjectAltNames when generating CSR's
2023-08-16 09:19:46 +00:00
Jerry Yu
506759f5ce
fix build fail for via padlock test
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-08-16 17:11:22 +08:00
Jerry Yu
b6d39c2f8c
Add aesni test for i386
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-08-16 16:14:02 +08:00
Kusumit Ghoderao
6c104b9b3b
Modify derive output test cases and add actual output
...
Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>
2023-08-16 11:47:24 +05:30
Valerio Setti
307810babb
analyze_outcomes: add case for "ECC+FFDH w/o BN"
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-08-16 08:01:17 +02:00
Valerio Setti
4e2f244ab4
test: add accelerated and reference test for ECC+FFDH without BN
...
Since most of the code in "ECC+FFDH without BN" scenario was shared
with the "ECC without BN" one, I tried to reuse part of the code in
order to avoid duplications.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-08-16 08:01:12 +02:00
Tomás González
358c6c644a
Add EdDSA and XTS to the allow list
...
As specified in
https://github.com/Mbed-TLS/mbedtls/issues/5390#issuecomment-1669585707
EdDSA and XTS tests are legitimately never executed, so add them to
the allow list.
Signed-off-by: Tomás González <tomasagustin.gonzalezorlando@arm.com>
2023-08-14 15:46:25 +01:00
Tomás González
b401e113ff
Add a flag for requiring full coverage in coverage tests
...
Introduce the --require-full-coverage in analyze_outcomes.py so that
when analyze_outcomes.py --require-full-coverage is called, those
tests that are not executed and are not in the allowed list issue an
error instead of a warning.
Note that it is useful to run analyze_outcomes.py on incomplete test
results, so this error mode needs to remain optional in the long
term.
Signed-off-by: Tomás González <tomasagustin.gonzalezorlando@arm.com>
2023-08-14 15:46:12 +01:00
Tomás González
07bdcc2b0d
Add allow list for non-executed test cases
...
The allow list explicits which test cases are allowed to not be
executed when testing. This may be, for example, because a feature
is yet to be developed but the test for that feature is already in
our code base.
Signed-off-by: Tomás González <tomasagustin.gonzalezorlando@arm.com>
2023-08-14 15:46:12 +01:00
Dave Rodgman
a797f152ee
Merge pull request #8067 from paul-elliott-arm/fix_bignum_test_leak
...
Fix resource leak in bignum test failure case
2023-08-14 09:33:13 +01:00
Paul Elliott
6da3d83f33
Fix resource leak in test failure case
...
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2023-08-11 16:28:06 +01:00
Dave Rodgman
963513dba5
Merge pull request #8008 from valeriosetti/issue7756
...
driver-only ECC: BN.TLS testing
2023-08-11 13:51:36 +00:00
Dave Rodgman
246210e3c4
Test CT asm under valgrind
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-08-11 08:47:38 +01:00
Valerio Setti
36344cecbd
ssl-opt: remove redundant requirement for RSA_C
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-08-11 09:37:14 +02:00
Tom Cosgrove
5e678fd4d2
Merge pull request #8050 from gilles-peskine-arm/all.sh-remove-crypto_full_no_cipher
...
Remove redundant test component component_test_crypto_full_no_cipher
2023-08-11 07:28:10 +00:00
Valerio Setti
132240f01a
test: use ASAN flags for testing the accelerated TFM configuration
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-08-11 08:33:27 +02:00
Valerio Setti
f01d648677
analyze_outcome: add new check for parity for TFM configuration
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-08-11 08:33:27 +02:00
Valerio Setti
ac6d35f793
test: update components' descriptions
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-08-11 08:33:27 +02:00
Valerio Setti
52ba0e3718
test: improve accelerated TFM configuration test and add reference
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-08-11 08:33:27 +02:00
Valerio Setti
c5c4bd225e
test: add component testing TFM configuration and P256M driver
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-08-11 08:33:27 +02:00
Valerio Setti
e0be95e81d
analyze_outcomes: skip tests that depend on BIGNUM_C
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-08-11 06:35:23 +02:00
Valerio Setti
4f577f3e51
ssl-opt: add RSA_C requirement when RSA encryption is used in certificate
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-08-11 06:35:23 +02:00
Valerio Setti
18535c352d
test: enable TLS, key exchances and ssl-opt teting in ecc_no_bignum()
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-08-11 06:33:52 +02:00
Manuel Pégourié-Gonnard
26b7c93d9d
Merge pull request #7992 from valeriosetti/issue7755
...
driver-only ECC: BN.x509 testing
2023-08-10 19:41:09 +00:00
Manuel Pégourié-Gonnard
54da1a69a2
Merge pull request #7578 from daverodgman/safer-ct5
...
Improve constant-time interface
2023-08-10 16:57:39 +00:00
Tom Cosgrove
e7700a7d0a
Merge pull request #7936 from AgathiyanB/assert-false-macro
...
Add TEST_FAIL macro for tests
2023-08-10 15:01:34 +00:00
Valerio Setti
3580f448eb
test: solve test disparities for x509[parse/write] suites
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-08-10 14:50:43 +02:00
Valerio Setti
29c1b4d04a
test: enable X509 testing in ecc_no_bignum component
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-08-10 14:50:03 +02:00
Dave Rodgman
ac69b45486
Document and test mbedtls_ct_size_if_else_0
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-08-10 12:18:13 +01:00
Dave Rodgman
98ddc01a7c
Rename ...if0 to ...else_0
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-08-10 12:11:31 +01:00
Dave Rodgman
b7825ceb3e
Rename uint->bool operators to reflect input types
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-08-10 11:58:18 +01:00
Gilles Peskine
f5a29a5b83
Remove redundant test component
...
component_test_crypto_full_no_cipher doesn't bring any extra value given the
existence of component_test_full_no_cipher.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-08-10 12:07:49 +02:00
Valerio Setti
2e0275d2a1
test: use unset-all option in config.py to optimize test code
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-08-10 07:05:47 +02:00
Valerio Setti
a8c655edb0
test: remove redundant code setting MBEDTLS_PSA_CRYPTO_CONFIG
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-08-10 07:05:47 +02:00
Valerio Setti
fe7d96cff7
test: minor optimizations to ecc_no_bignum components
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-08-10 06:43:23 +02:00
Valerio Setti
c5d85e5ead
test: remove BIGNUM dependencies from pk[parse/write] suites
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-08-10 06:43:23 +02:00
Valerio Setti
9b3dbcc2e3
analyze_outcomes: skip tests that unavoidably depend on bignum
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-08-10 06:43:23 +02:00
Manuel Pégourié-Gonnard
660bbf2470
test: disable BIGNUM support on the test ecc_no_bignum component
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-08-10 06:43:23 +02:00
Manuel Pégourié-Gonnard
06aebe4995
test: disable FFDH support on the test ecc_no_bignum component
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-08-10 06:43:23 +02:00
Manuel Pégourié-Gonnard
7dccb66d49
test: disable RSA support on the test ecc_no_bignum component
...
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-08-10 06:43:23 +02:00
Manuel Pégourié-Gonnard
abd00d0be8
test: adding new components for testing and driver coverage analysis without BN
...
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-08-10 06:43:23 +02:00
Gilles Peskine
b7d577e46b
Fix copypasta
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-08-09 19:48:58 +02:00
Gilles Peskine
9b8dead74a
Minor readability improvement
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-08-09 19:48:42 +02:00
Paul Elliott
2f12a29cdd
Merge pull request #7896 from AgathiyanB/gitignore-generated-files-toggle
...
Add script to toggle ignoring generated files
2023-08-09 14:54:32 +00:00
Janos Follath
115784bd3f
Merge pull request #1040 from waleed-elmelegy-arm/development-restricted
...
Improve & test legacy mbedtls_pkcs5_pbe2
2023-08-09 09:43:23 +01:00
Jerry Yu
76a51b99b6
replace strings command with grep
...
`strings | grep` will fail some time.
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-08-09 15:56:26 +08:00
Jerry Yu
a7de78d050
improve test
...
- `grep '^flags' /proc/cpuino` does not work in my local machine inside script.
- `make test programs/sleftest ` causes `strings | grep ` fail.
For timebeing, I did not figure out the root cause.
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-08-08 14:28:15 +08:00
Gilles Peskine
a79256472c
Merge pull request #7788 from marekjansta/fix-x509-ec-algorithm-identifier
...
Fixed x509 certificate generation to conform to RFCs when using ECC key
2023-08-07 19:14:54 +00:00
Minos Galanakis
2cae936107
test_suite_ecp: Moved curve bitlenth check after quasi reduction.
...
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
2023-08-07 16:49:22 +01:00
Minos Galanakis
831a2e6369
test_suite_ecp: Fixed curve bit-length.
...
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
2023-08-07 16:45:54 +01:00
Dave Rodgman
953f2a4780
Merge pull request #7892 from AgathiyanB/fix-coverage-MBEDTLS_ECP_NIST_OPTIM-disabled
...
Add dependency MBEDTLS_ECP_NIST_OPTIM for ECP test
2023-08-07 14:37:08 +00:00
Dave Rodgman
4dd89310e9
Update w.r.t. test macro name changes from #6253
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-08-07 11:49:12 +01:00
Dave Rodgman
c98f8d996a
Merge branch 'development' into safer-ct5
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-08-07 11:47:35 +01:00
Jerry Yu
7802f65a28
Add negative test for aesni only
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-08-07 10:38:50 +08:00
Dave Rodgman
2ec9892f24
Merge pull request #6253 from tom-cosgrove-arm/rename-assert_compare-to-test_assert_compare
...
Rename test macros `ASSERT_COMPARE()`, `ASSERT_ALLOC()` and `ASSERT_ALLOC_WEAK()`
2023-08-04 13:45:10 +00:00
Jerry Yu
c935aa617b
Add via padlock build test
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-08-04 16:29:05 +08:00
Jerry Yu
193cbc03fe
Add aesce build test
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-08-04 09:38:37 +08:00
Dave Rodgman
003a5e1ca7
Merge pull request #1046 from Mbed-TLS/merge_3.4.1
...
Merge 3.4.1
2023-08-03 18:23:37 +01:00
Dave Rodgman
a0fc9987da
Merge branch 'development' into merge_3.4.1
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-08-03 15:56:59 +01:00
Dave Rodgman
6f80ac4979
Merge pull request #7864 from waleed-elmelegy-arm/enforce-min-RSA-key-size
...
Enforce minimum key size when generating RSA key size
2023-08-03 12:57:52 +00:00
Gilles Peskine
6919546ddf
Update more test dependencies when using test-ca.key
...
Those test cases aren't actually executed due to another typo which is
beyond the scope of this commit and will be resolved in
https://github.com/Mbed-TLS/mbedtls/pull/8029 . But update DES to AES anyway.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-08-03 12:02:14 +02:00
Jerry Yu
8a599c03fa
Add aesni only test
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-08-03 17:01:02 +08:00
Jerry Yu
17a9d2e412
Add MBEDTLS_AES_USE_HADWARE_ONLY for test_aesni
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-08-03 16:14:18 +08:00
Jerry Yu
1221a31cc4
Run aes tests only for test_aesni
...
That can reduce time of selftest
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-08-03 16:09:07 +08:00
Jerry Yu
69dd441eb5
Remove test_aes_*
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-08-03 16:00:20 +08:00
Valerio Setti
726ffbf642
ssl-opt: don't assume TLS 1.3 usage for external tool that don't have support
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-08-03 09:15:34 +02:00
Waleed Elmelegy
d4e7fe09b3
Change tests to work on different MBEDTLS_RSA_GEN_KEY_MIN_BITS configs
...
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
2023-08-02 16:59:59 +00:00
Gilles Peskine
a824f8bc91
Update test dependencies when using test-ca.key
...
"tests/data_files/test-ca.key" is now encrypted using AES instead of DES.
Update test dependencies accordingly. This fixes `depends.py cipher_id`.
This is a partial cherry-pick of 1a4cc5e92c
(done manually because the context on the same line is different).
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-08-02 16:38:21 +02:00
Kusumit Ghoderao
6eff0b2258
Remove test vector
...
Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>
2023-08-02 17:22:49 +05:30
Gilles Peskine
550d147078
Bump version to 3.4.1
...
```
./scripts/bump_version.sh --version 3.4.1
```
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-08-02 12:50:23 +02:00
Gilles Peskine
267bee9be8
Merge pull request #7903 from valeriosetti/issue7773
...
Define PSA_WANT_xxx_KEY_PAIR_yyy step 2/DH
2023-08-02 10:16:44 +00:00
Gilles Peskine
50745e7e35
Update failing unit tests to use the moved data files
...
After upgrading certificates, some parsing unit tests are failing because
the new certificates have a different expiry date, by design. Switch those
test cases to using the moved copy of the old data (as we did in a more
systematic way in the development branch).
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-08-02 12:12:53 +02:00
Gilles Peskine
7e52921c9a
Copy test certificates files from development
...
Copy updated test certificates and related data (keys, CSR, etc.) from
development. This replaces certificates that will expire on 2023-09-07,
causing the unit tests to fail. This also adds new data files that are not
used, and moves some files.
The replacement data is good until 2023-12-31.
The update causes some parsing unit tests to fail because the new
certificates have a different expiry date. This will be fixed in a
subsequent commit.
```
git checkout dc2d7cce02
-- tests/data_files tests/src/test_certs.h tests/src/certs.c
```
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-08-02 12:00:06 +02:00
Jerry Yu
d76ded046c
fix various issues
...
- unnecessary command
- extra blank and empty line
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-08-02 17:44:01 +08:00
Jerry Yu
3660623e59
Rename plain c option and update comments
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-08-02 17:44:01 +08:00
Jerry Yu
3fcf2b5053
Rename HAS_NO_PLAIN_C to DONT_USE_SOFTWARE_CRYPTO
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-08-02 17:44:00 +08:00
Jerry Yu
315fd30201
Rename plain c disable option
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-08-02 17:43:59 +08:00
Jerry Yu
d767cc4106
Add accelerator only tests.
...
The cases with runtime detection have been
covered by `full` configuration
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-08-02 17:43:58 +08:00
Valerio Setti
5a57e2abab
test: add new components for testing without ECDHE-ECDSA and TLS13
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-08-02 11:30:50 +02:00
Bence Szépkúti
9661f8ab0d
Merge pull request #7968 from gowthamsk-arm/use_earliest_latest_compilers
...
Use earliest latest compilers
2023-08-02 05:58:02 +00:00
Bence Szépkúti
895074e3f9
Merge pull request #8002 from valeriosetti/issue7904
...
PSA maximum size macro definitions should take support into account
2023-08-02 05:57:28 +00:00
Gilles Peskine
d55e451b3e
Merge pull request #7997 from yanesca/fix_new_bignum_tests
...
Fix new bignum tests
2023-08-01 12:09:39 +00:00
Gowtham Suresh Kumar
9da40b8927
Update default variable values for compilers
...
Signed-off-by: Gowtham Suresh Kumar <gowtham.sureshkumar@arm.com>
2023-07-31 23:11:18 +01:00
Dave Rodgman
926d8da47e
Fix test dependency
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-07-31 17:28:26 +01:00
Dave Rodgman
3d574da6fc
Revert to not enabling asm under Memsan
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-07-31 17:22:58 +01:00
Dave Rodgman
378280e57f
Revert "Move constant_flow.h into the main library"
...
This reverts commit fd78c34e23
.
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-07-31 17:22:55 +01:00
Dave Rodgman
fd78c34e23
Move constant_flow.h into the main library
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-07-31 12:48:33 +01:00
Dave Rodgman
04a334af55
Make const-time test not depend on internal knowledge of mbedtls_ct_condition_t
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-07-31 12:48:33 +01:00
Janos Follath
2f04582d37
Move MBEDTLS_ECP_WITH_MPI_UINT to mbedtls_config.h
...
There is a precedent for having bigger and less mature options in
mbedtls_config.h (MBEDTLS_USE_PSA_CRYPTO) for an extended period.
Having this option in mbedtls_config.h is simpler and more robust.
Signed-off-by: Janos Follath <janos.follath@arm.com>
2023-07-31 10:57:16 +01:00
Valerio Setti
f5051efa81
test: properly size output buffer in key_agreement_fail()
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-07-31 11:35:48 +02:00
Janos Follath
f3135af159
Use config.py in all new bignum tests
...
This previous test is correct, as it is using make. Switch to using
config.py for robustness and consistency.
Signed-off-by: Janos Follath <janos.follath@arm.com>
2023-07-31 10:07:57 +01:00
Janos Follath
82823b2fe8
Fix new bignum tests
...
These tests weren't working, because they use CMake and can't pass
options with CFLAGS directly. This could be mitigated by adding a CMake
option, but using config.py is less invasive and it is what we normally
use for setting build options anyway.
Signed-off-by: Janos Follath <janos.follath@arm.com>
2023-07-31 10:01:47 +01:00
Xiaokang Qian
d0657b0015
ecp_mod_p448 has been moved to ecp_mod_p_generic_raw, remove here
...
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2023-07-31 06:46:28 +00:00
Xiaokang Qian
e25597dad7
Make ecp_mode_xxx functions depend on the new macro
...
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2023-07-31 06:46:28 +00:00
Dave Rodgman
2b174abd86
code style
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-07-28 18:29:41 +01:00
Dave Rodgman
2d28c46055
Fix asm Memsan workaround
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-07-28 18:24:22 +01:00
Gowtham Suresh Kumar
6f1977bf20
Use variables for selecting compilers
...
The latest and earliest clang/GCC compilers are now used through
variables instead of symlinks and also the all.sh script is updated
to support options for overriding the default values.
Signed-off-by: Gowtham Suresh Kumar <gowtham.sureshkumar@arm.com>
2023-07-28 17:04:47 +01:00
Dave Rodgman
c2ad3ad62a
Fix error in test vectors
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-07-28 16:44:18 +01:00
Gowtham Suresh Kumar
1e829a403f
Use compgen to gather components in all.sh
...
Signed-off-by: Gowtham Suresh Kumar <gowtham.sureshkumar@arm.com>
2023-07-28 16:41:21 +01:00
Gowtham Suresh Kumar
8d45ec8b97
Remove test_clang_opt check
...
The component functions in all.sh will be listed using
compgen instead of sed so this check is not needed.
Signed-off-by: Gowtham Suresh Kumar <gowtham.sureshkumar@arm.com>
2023-07-28 16:36:25 +01:00
Valerio Setti
1eacae865e
test: check exported length against proper MAX_SIZE
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-07-28 17:29:48 +02:00
Dave Rodgman
fa5a4bbb02
Improve mbedtls_ct_memmove_left w.r.t. const-flow tests
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-07-28 16:13:52 +01:00
Dave Rodgman
8de3482507
Fix false-positive non-const-time errors in test
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-07-28 15:10:00 +01:00
Kusumit Ghoderao
be55b7e45a
Add test cases for 16 byte and empty password
...
Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>
2023-07-27 21:22:26 +05:30
Dave Rodgman
a0f81e8ef8
Add OID tests for HMAC-xxx
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-07-27 16:02:42 +01:00
Waleed Elmelegy
d7bdbbeb0a
Improve naming of mimimum RSA key size generation configurations
...
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
2023-07-27 14:50:09 +00:00
Tom Cosgrove
0540fe74e3
Fix code style
...
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2023-07-27 14:17:27 +01:00
Janos Follath
e0fa7ec4db
Merge pull request #7988 from gabor-mezei-arm/7598_add_32bit_test_component
...
Add 32bit test component for ecp with new bignum interface
2023-07-27 13:00:04 +00:00
Agathiyan Bragadeesh
763b353f2f
Replace TEST_ASSERT("message" == 0) with TEST_FAIL
...
Signed-off-by: Agathiyan Bragadeesh <agathiyan.bragadeesh2@arm.com>
2023-07-27 13:52:31 +01:00
Dave Rodgman
5c60382201
code style
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-07-27 13:28:41 +01:00
Dave Rodgman
d2c9f6d256
Strengthen psa_mac_verify testing
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-07-27 13:00:02 +01:00
Dave Rodgman
0c38385858
Use psa_mac_compare in tests; add some HMAC edge-cases
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-07-27 12:54:09 +01:00
Waleed Elmelegy
3d158f0c28
Adapt tests to work on all possible minimum RSA key sizes
...
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
2023-07-27 11:03:35 +00:00
Waleed Elmelegy
ab5707185a
Add a minimum rsa key size config to psa config
...
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
2023-07-27 11:00:03 +00:00
Waleed Elmelegy
76336c3e4d
Enforce minimum key size when generating RSA key size
...
Add configuration to enforce minimum size when
generating a RSA key, it's default value is 1024
bits since this the minimum secure value currently
but it can be any value greater than or equal 128
bits. Tests were modifed to accommodate for this
change.
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
2023-07-27 10:58:25 +00:00
Valerio Setti
3a96227706
generate_psa_tests: remove checks for DH's LEGACY symbols
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-07-27 11:01:33 +02:00
Valerio Setti
27602c32a2
test: accelerate all KEY_PAIR symbols in accel FFDH component
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-07-27 09:15:34 +02:00
Valerio Setti
a55f042636
psa: replace DH_KEY_PAIR_LEGACY with new symbols
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-07-27 09:15:34 +02:00
Gilles Peskine
1997f3022f
PSA_CRYPTO_DRIVER_TEST_ALL is incompatible with MBEDTLS_PSA_CRYPTO_CONFIG
...
Explain how PSA_CRYPTO_DRIVER_TEST_ALL works and why we have it. Note that
it is incompatible with MBEDTLS_PSA_CRYPTO_CONFIG. As a consequence, disable
that option in component_test_psa_crypto_drivers.
MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS is in the full config, so there's no need to
add it explicitly.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-07-26 22:34:13 +02:00
Gilles Peskine
51ed3139d1
Merge pull request #7909 from mpg/dh-generate-psa-tests
...
Enable DH in generate_psa_tests.py
2023-07-26 17:46:09 +00:00
Dave Rodgman
44fae4908d
Add PSA HMAC MD5 test
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-07-26 18:45:19 +01:00
Dave Rodgman
faff45c917
Add HMAC tests for other digest algorithms
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-07-26 18:13:58 +01:00
Dave Rodgman
fe5adfe547
Add HMAC test-cases for SHA3
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-07-26 17:58:48 +01:00
Gilles Peskine
6b9017045f
Don't call psa_crypto_init with uninitialized local contexts (entropy)
...
psa_crypto_init can fail, and if it does we'll try calling free() on the
local variable, which is uninitialized. This commit fixes memory corruption
when a test fails.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-07-26 18:43:39 +02:00
Gowtham Suresh Kumar
186731b22a
Fix warnings from clang-16
...
Running clang-16 on mbedtls reports warnings of type "-Wstrict-prototypes".
This patch fixes these warnings by adding void to functions with no
arguments. The generate_test_code.py is modified to insert void into test
functions with no arguments in *.function files.
Signed-off-by: Gowtham Suresh Kumar <gowtham.sureshkumar@arm.com>
2023-07-26 17:11:51 +01:00
Gowtham Suresh Kumar
a12baf8c5f
Update test scripts to use latest/earliest compilers
...
The Ubuntu 16.04 and 22.04 docker images have been updated with
earliest and latest versions of gcc and clang respectively.
This patch adds the necessary component and support functions
required for the CI to run these compilers.
For FreeBSD we invoke the function by name so a condition is added
to disable the existing test_clang_opt function for linux.
Signed-off-by: Gowtham Suresh Kumar <gowtham.sureshkumar@arm.com>
2023-07-26 16:51:45 +01:00
Gabor Mezei
e256cc1552
Add 32bit test component for ecp with new bignum interface
...
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2023-07-26 17:35:44 +02:00
Gilles Peskine
bb07377458
Merge pull request #7935 from AgathiyanB/add-enum-casts
...
Add type casts for integer and enum types
2023-07-26 11:27:27 +02:00
Manuel Pégourié-Gonnard
c154a043bb
Fix dependencies for DH (and RSA) key pairs
...
- RSA was missing the MBEDTLS_ prefix.
- DH needs the same temporary fix (prefix + suffix) for now.
- hack_dependencies_not_implemented() needs to ignore MBEDTLS_PSA_WANT
dependencies.
While at it, make the code currently used for ECC more generic, so that
it's ready to be used for RSA and DH in the near future.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-07-26 09:34:30 +02:00
Manuel Pégourié-Gonnard
afe4b79114
Enable DH in generate_psa_tests.py
...
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-07-26 09:32:42 +02:00
Gilles Peskine
f1517e690a
PermissionIssueTracker is obsoleted by ShebangIssueTracker
...
ShebangIssueTracker implements the rule that scripts must be executable if
and only if they have a shebang line. By removing PermissionIssueTracker, we
now allow files with any extension to be executable (provided they have a
shebang line), and allow *.sh and *.pl to be non-executable modules if they
don't have a shebang line (as was already the case for *.py).
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-07-25 20:59:14 +02:00
Gilles Peskine
63c3534981
Pacify Pylint
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-07-25 19:40:35 +02:00
Gilles Peskine
2f8c545d3d
Make --quiet a little less quiet
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-07-25 19:40:35 +02:00
Gilles Peskine
1b01559fea
Error out if run from the wrong directory
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-07-25 19:40:35 +02:00
Gilles Peskine
9fdc657cbf
Add --quiet option to suppress demos' output
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-07-25 19:40:35 +02:00
Gilles Peskine
198d87ad52
Minor readability improvements
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-07-25 19:40:14 +02:00
Gilles Peskine
82b2727e51
Run demo scripts in some builds
...
Run the sample program demo scripts in builds with a configuration
that is at least as complete as the default configuration.
Do not run sample programs in all configurations since they are
expected to fail if a required feature is missing.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-07-25 19:40:09 +02:00
Gilles Peskine
2fcf04f468
Run demo scripts and check that they work
...
run_demos.py is the frontend to a framework for smoke-testing the
sample programs. It runs scripts called programs/*/*_demo.sh
("demo scripts") and check that they succeed. A typical demo script
runs one sample program or a combination of sample programs to
demonstrate their usage.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-07-25 19:31:43 +02:00
Dave Rodgman
e3268afb11
Add PSA SHA3 tests for hash_verify and multipart
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-07-25 17:33:55 +01:00
Paul Elliott
f1c032adba
Merge pull request #7902 from valeriosetti/issue7772
...
Define PSA_WANT_xxx_KEY_PAIR_yyy step 2/RSA
2023-07-25 17:13:43 +01:00
Agathiyan Bragadeesh
93a859341b
Remove remaining redundant casts
...
Signed-off-by: Agathiyan Bragadeesh <agathiyan.bragadeesh2@arm.com>
2023-07-25 12:28:59 +01:00
Agathiyan Bragadeesh
d298b76421
Remove redundant casts
...
Signed-off-by: Agathiyan Bragadeesh <agathiyan.bragadeesh2@arm.com>
2023-07-25 11:33:00 +01:00
Valerio Setti
19fec5487d
test: remove GENPRIME dependency when RSA_KEY_PAIR_GENERATE
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-07-25 12:31:50 +02:00
Dave Rodgman
cad28ae77a
Merge remote-tracking branch 'origin/development' into psa-sha3
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-07-24 15:51:13 +01:00
Waleed Elmelegy
f3fafc3645
Fix CI errors related pkcs5_pbe changes
...
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
2023-07-24 11:45:46 +01:00
Yanray Wang
21127f7095
code_size_compare: add logging module and tweak prompt message
...
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-07-24 18:07:12 +08:00
Agathiyan Bragadeesh
8dc913899d
Fix server1.crt.der in makefile
...
Signed-off-by: Agathiyan Bragadeesh <agathiyan.bragadeesh2@arm.com>
2023-07-24 10:44:00 +01:00
Agathiyan Bragadeesh
3dd3ae219e
Remove trailing backslash
...
Signed-off-by: Agathiyan Bragadeesh <agathiyan.bragadeesh2@arm.com>
2023-07-21 17:07:00 +01:00
Gilles Peskine
5fd88b7f75
Simplify the logic in a test
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-07-21 17:50:49 +02:00
Gilles Peskine
9d5952dba8
Fix some dependencies on symmetric crypto in some TLS 1.3 tests
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-07-21 17:50:49 +02:00
Gilles Peskine
eb41e0d6c8
Correct some msg messages in full config
...
When MBEDTLS_USE_PSA_CRYPTO is disabled on a base of full, mention it.
Now that full implies MBEDTLS_PSA_CRYPTO_CONFIG, don't mention it, and don't
set it explicitly.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-07-21 17:50:49 +02:00
Gilles Peskine
14302ed1c0
Simplify msg messages in full config
...
Don't reiterate that this includes MBEDTLS_USE_PSA_CRYPTO and, now,
MBEDTLS_PSA_CRYPTO_CONFIG.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-07-21 17:50:49 +02:00
Gilles Peskine
884b462044
When subtracting classic symbols from full, turn off PSA_CRYPTO_CONFIG
...
Otherwise unwanted algorithms creep back from the default-on PSA_WANT
symbols.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-07-21 17:50:49 +02:00
Gilles Peskine
cf4fe58fd0
Make malloc-0-null a user config file
...
Having a wrapper made it harder to use: incompatible with setting
MBEDTLS_CONFIG_FILE, harder to combine with other settings. It was also
surprising since it was the only test config that was structured in that
way.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-07-21 17:50:49 +02:00
Gilles Peskine
36dea1501b
Fix inconsistencies in no-chachapoly test
...
The original goal (https://github.com/Mbed-TLS/mbedtls/pull/5072 ) was to run
a test with ChaChaPoly disabled in PSA. It was actually implemented with GCM
also partially disabled (legacy GCM enabled but PSA GCM disabled), which
distracted from the objective. It's actually useful to test both with and
without GCM, so test both. Don't test inconsistencies between legacy and PSA
support because that's not a common case and not one we have particular
reasons to test.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-07-21 17:50:49 +02:00
Gilles Peskine
8dbdf2f7ea
Fix typo in function name
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-07-21 17:45:12 +02:00
Gilles Peskine
af3a5a263e
Remove comments that duplicate the 'msg' call just below
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-07-21 17:45:12 +02:00
Gilles Peskine
e92ff1128b
Remove duplicated component
...
There were two copies of component_test_psa_crypto_config_accel_pake,
identical except for two typos. Keep the copy without the typos.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-07-21 17:45:12 +02:00
Gilles Peskine
5647d06be8
Merge pull request #7518 from gilles-peskine-arm/psa_inject_entropy-file-stability
...
Fix and test MBEDTLS_PSA_INJECT_ENTROPY
2023-07-21 17:37:15 +02:00
Gilles Peskine
2387bdab0f
Merge pull request #1038 from Mbed-TLS/development
...
Merge development into development-restricted
2023-07-21 15:40:36 +02:00
Tom Cosgrove
e4e9e7da58
For tests, rename TEST_BUFFERS_EQUAL() to TEST_MEMORY_COMPARE()
...
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2023-07-21 11:45:25 +01:00
Tom Cosgrove
a45d902822
Rename the length argument to TEST_CALLOC() to be the more accurate item_count
...
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2023-07-21 11:36:11 +01:00
Tom Cosgrove
05b2a87ea0
For tests, rename TEST_CALLOC_OR_FAIL() to just TEST_CALLOC()
...
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2023-07-21 11:32:25 +01:00
Ronald Cron
87f62850f3
Merge pull request #7893 from ronald-cron-arm/misc-from-psa-crypto
...
Miscellaneous fixes resulting from the work on PSA-Crypto
2023-07-21 10:54:41 +02:00
Tom Cosgrove
412a813ad4
For tests, rename ASSERT_ALLOC_WEAK() to TEST_CALLOC_OR_SKIP()
...
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2023-07-20 16:55:14 +01:00
Gilles Peskine
c723e86e56
Fix copypasta in function documentation
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-07-20 17:54:19 +02:00
Tom Cosgrove
f9ffd11e7a
For tests, rename ASSERT_ALLOC() to TEST_CALLOC_OR_FAIL()
...
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2023-07-20 16:51:21 +01:00
Tom Cosgrove
65cd8519f7
For tests, rename ASSERT_COMPARE() to TEST_BUFFERS_EQUAL()
...
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2023-07-20 16:51:15 +01:00
Manuel Pégourié-Gonnard
c844c1a771
Merge pull request #7546 from mpg/align-psa-md-identifiers
...
Align psa md identifiers
2023-07-20 11:34:28 +02:00
Ronald Cron
7612d8c049
all.sh: Use consistently CONFIG_TEST_DRIVER_H
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2023-07-20 10:20:55 +02:00
Ronald Cron
6b49b55d6d
all.sh: Use consistently CRYPTO_CONFIG_H
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2023-07-20 10:02:59 +02:00
Ronald Cron
7a93ac5308
all.sh: Use consistently CONFIG_H
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2023-07-20 10:02:32 +02:00
Dave Rodgman
8e8e6b9be3
Merge pull request #7934 from AgathiyanB/move-declarations-to-top
...
Move declarations to top of functions
2023-07-19 15:25:27 +01:00
Waleed Elmelegy
708d78f80b
Improve & test legacy mbedtls_pkcs5_pbe2
...
* Prevent pkcs5_pbe2 encryption when PKCS7 padding has been
disabled since this not part of the specs.
* Allow decryption when PKCS7 padding is disabled for legacy
reasons, However, invalid padding is not checked.
* Add tests to check these scenarios. Test data has been
reused but with changing padding data in last block to
check for valid/invalid padding.
* Document new behaviour, known limitations and possible
security concerns.
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
2023-07-19 14:01:35 +01:00
Dave Rodgman
5f65acb02b
Merge pull request #7859 from gilles-peskine-arm/mbedtls_mpi-smaller
...
Reduce the size of mbedtls_mpi
2023-07-18 16:48:37 +01:00
Agathiyan Bragadeesh
dc28a5a105
Rename ASSERT_FALSE to TEST_FAIL
...
Signed-off-by: Agathiyan Bragadeesh <agathiyan.bragadeesh2@arm.com>
2023-07-18 11:45:28 +01:00
Agathiyan Bragadeesh
ebb40bc336
Add ASSERT_FALSE macro for tests
...
Signed-off-by: Agathiyan Bragadeesh <agathiyan.bragadeesh2@arm.com>
2023-07-18 11:38:04 +01:00
Manuel Pégourié-Gonnard
828b3acd6b
Merge pull request #7848 from valeriosetti/issue7749
...
driver-only ECC: EPCf.TLS testing
2023-07-18 10:33:21 +02:00
Agathiyan Bragadeesh
2d310deace
Add cast in test macros.h
...
Signed-off-by: Agathiyan Bragadeesh <agathiyan.bragadeesh2@arm.com>
2023-07-17 18:27:03 +01:00
Tom Cosgrove
08b04b11ff
Merge pull request #7923 from gabor-mezei-arm/7598_fix_clone_of_ecp_module
...
[Bignum] Fixes for the ecp module cloning
2023-07-17 15:28:18 +01:00
Agathiyan Bragadeesh
2f017a8356
Add enum casts in ssl_helpers.c
...
Signed-off-by: Agathiyan Bragadeesh <agathiyan.bragadeesh2@arm.com>
2023-07-17 15:14:42 +01:00
Agathiyan Bragadeesh
be3ad4aed3
Add type casts in psa_exercise_key
...
Signed-off-by: Agathiyan Bragadeesh <agathiyan.bragadeesh2@arm.com>
2023-07-17 15:14:42 +01:00
Agathiyan Bragadeesh
932126525a
Move declarations to top in ssl_helpers.c
...
Signed-off-by: Agathiyan Bragadeesh <agathiyan.bragadeesh2@arm.com>
2023-07-17 12:21:06 +01:00
Ronald Cron
e501d0e71e
Add change log and non-regression test
...
Add change log and non-regression test
for CCM* with no tag not supported in
CCM only configuration.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2023-07-17 11:53:20 +02:00
Ronald Cron
2e3795dc3c
tests: Fix header inclusion
...
When building tests, the path of the library
directory is part of the possible paths for
the includes thus no need to construct it
manually when including headers.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2023-07-17 11:52:32 +02:00
Gilles Peskine
b366fe955d
Merge pull request #7478 from yuhaoth/pr/add-script-for-generating-cert-macros
...
Add script for generating cert macros
2023-07-17 11:13:07 +02:00
Gilles Peskine
d8c4549246
Merge pull request #7432 from oberon-microsystems/fix-test-ecjpake-to-pms-dependency
...
Fix derive_ecjpake_to_pms dependency in PSA crypto test
2023-07-17 11:05:40 +02:00
Gabor Mezei
f0021d495a
Update test function dependencies
...
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2023-07-14 14:43:27 +02:00
Gabor Mezei
92ce4c2cbf
Fix ecp variant check
...
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2023-07-14 14:43:22 +02:00
Paul Elliott
3c22366695
Merge pull request #7863 from valeriosetti/issue7790
...
PK: parse: fix disparity with private Montgomery keys
2023-07-11 18:02:12 +01:00
Dave Rodgman
84eaefa43e
Use designated initializers for mbedtls_mpi
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-07-11 16:02:46 +01:00
Paul Elliott
88f34e3348
Merge pull request #7703 from gabor-mezei-arm/7598_clone_the_eco_module
...
[Bignum] Clone the ECP module
2023-07-11 15:00:01 +01:00
Valerio Setti
42796e25cf
generate_psa_tests: fix automatically generated tests for RSA
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-07-11 14:06:00 +02:00
Valerio Setti
acab57b6b4
test: replace RSA_KEY_PAIR_LEGACY with proper symbols
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-07-11 14:06:00 +02:00
Valerio Setti
b2bcedbf9a
library: replace MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_LEGACY
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-07-11 14:06:00 +02:00
Valerio Setti
1e6063c8ee
test: set MBEDTLS_ECP_DP dependency also for Montgomery curves
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-07-11 11:28:22 +02:00
Valerio Setti
d476faa595
test: add more tests for Montgomery's invalid masks
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-07-11 11:28:22 +02:00
Valerio Setti
aed87994da
test: verify that Montgomery keys can be fixed on parsing
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-07-11 11:28:22 +02:00
Valerio Setti
4a09dcc6f6
test: replace ECP_DP_CURVE25519_ENABLED with PSA_WANT_ECC_MONTGOMERY_255
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-07-11 11:28:22 +02:00
Valerio Setti
ef80d11c1f
test: add proper key requirements in X25519 key parsing tests
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-07-11 11:28:22 +02:00
Valerio Setti
5f54020d1a
analyze_outcomes: do not skip test about wrong Montgomery private key
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-07-11 11:28:22 +02:00
Valerio Setti
0a92121716
test: test of Montgomery keys with uncorrect bits whenever PK_HAVE_ECC_KEYS
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-07-11 11:28:22 +02:00
Gilles Peskine
b387fcf59b
Adapt names (curves -> groups) in a separately added test case
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-07-11 09:19:13 +02:00
Gilles Peskine
6aca2c9613
Merge pull request #7716 from mpg/psa-util-internal
...
Split psa_util.h between internal and public
2023-07-10 18:33:23 +02:00
Gilles Peskine
d9f0c76f9e
Merge pull request #7879 from tgonzalezorlandoarm/development
...
tests/test_suite_pem: Augment DES test cases with AES: PEM
2023-07-10 18:28:01 +02:00
Dave Rodgman
f3e488ec40
Merge pull request #7216 from lpy4105/issue/6840/add-getters-for-some-fields
...
Add getters for some fields
2023-07-10 17:14:11 +01:00
Andrzej Kurek
bdb41dd46d
Add missing resource deallocation in tests
...
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2023-07-10 08:09:50 -04:00
Manuel Pégourié-Gonnard
f614bde912
Merge pull request #7656 from mprse/ffdh_tls13_v2_drivers
...
FFDH 4: driver-only parity testing - with TLS 1.3
2023-07-10 13:08:47 +02:00
Dave Rodgman
e183ecef3d
Merge pull request #7136 from yanrayw/5692-record-compatsh-test-cases
...
Record the outcome of each test case in compat.sh
2023-07-10 12:08:32 +01:00
Manuel Pégourié-Gonnard
5c41ae867b
Merge pull request #7887 from ronald-cron-arm/fix-hrr-in-psk-kem
...
tls13: server: Fix spurious HRR
2023-07-10 09:58:13 +02:00
Valerio Setti
ee3a4d0d38
debug: replace occurence of ECP_LIGHT with PK_HAVE_ECC_KEYS
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-07-10 09:13:57 +02:00
Valerio Setti
6f0441d11e
tls: replace occurencies of ECP_LIGHT with PK_HAVE_ECC_KEYS
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-07-10 09:13:57 +02:00
Valerio Setti
0085c2e486
test: fix message's text
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-07-10 09:10:20 +02:00
Valerio Setti
16b70f2b1a
test: enabled ssl-opt testing in no_ecp_at_all components
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-07-10 09:10:20 +02:00
Valerio Setti
887f823deb
test: re-enable TLS and key exchanges in no_ecp_at_all component
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-07-10 09:10:20 +02:00
Pengyu Lv
5cbb93ef14
Add test for cache timeout getter
...
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-07-10 13:25:24 +08:00
Pengyu Lv
db6143364a
Add test for endpoint getter
...
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-07-10 11:33:23 +08:00
Pengyu Lv
30e0870937
Add test for hostname getter
...
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-07-10 11:33:23 +08:00
Dave Rodgman
7dbd2bf90c
Merge pull request #7441 from gilles-peskine-arm/mbedtls_x509_crt_parse_path-qemu-bug
...
More mbedtls_x509_crt_parse_path() tests, and note qemu-user bug when 32-bit code run on 64-bit host
2023-07-07 19:15:31 +01:00
Paul Elliott
2dfe7993af
Merge pull request #6914 from davidhorstmann-arm/cmake-pass-through-config-defines
...
Pass `MBEDTLS_CONFIG_FILE` defines through cmake
2023-07-07 17:01:57 +01:00
Manuel Pégourié-Gonnard
461d59b2f8
Merge pull request #7858 from mprse/ffdh_tls13_v2_f
...
Make use of FFDH keys in TLS 1.3 - follow-up
2023-07-07 16:19:35 +02:00
Dave Rodgman
8abb3497ad
Merge branch 'development' into mbedtls_x509_crt_parse_path-qemu-bug
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-07-07 15:11:35 +01:00
Ronald Cron
8a74f07c2a
tls13: server: Fix spurious HRR
...
If the server during a TLS 1.3 handshake selects
the PSK key exchange mode, it does not matter
if it did not find in the key share extension
a key share for a group it supports. Such a
key share is used and necessary only in the
case of the ephemeral or PSK ephemeral key
exchange mode. This is a possible scenario in
the case of a server that supports only the PSK
key exchange mode and a client that also
supports a key exchange mode with ephemeral keys.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2023-07-07 15:53:12 +02:00
Andrzej Kurek
34ccd8d0b6
Test x509 csr SAN DN and RFC822 generation
...
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2023-07-07 08:18:43 -04:00
Manuel Pégourié-Gonnard
9967f11066
Merge pull request #7810 from valeriosetti/issue7771
...
Define PSA_WANT_xxx_KEY_PAIR_yyy step 2/ECC
2023-07-07 10:22:47 +02:00
Agathiyan Bragadeesh
77b0d645f5
Add gitignore anchors to denote generated files
...
These anchors encapsulate gitignore patterns which typically ignore
files generated, so that scripts can be used to comment and uncomment
these patterns for releases when we need the generated files in the
repository.
Signed-off-by: Agathiyan Bragadeesh <agabra02@e127300.arm.com>
2023-07-06 17:58:18 +01:00
Agathiyan Bragadeesh
3e1e2e1f78
Add dependency MBEDTLS_ECP_NIST_OPTIM for ECP test
...
For tests running the ecp_fast_mod with MBEDTLS_ECP_DP_SECPXXXR1 the
dependency MBEDTLS_ECP_NIST_OPTIM has been added as this gives the
curves the optimised reduction function that ecp_fast_mod tests.
Signed-off-by: Agathiyan Bragadeesh <agabra02@e127300.arm.com>
2023-07-06 15:40:19 +01:00
Tomás González
3719f9ec91
tests/test_suite_pem: Augment DES test cases with AES: PEM
...
A few negative test cases in test_suite_pem.data rely on DES
(“invalid iv”, “malformed”). DES is deprecated.
Construct similar test cases using AES.
Signed-off-by: Tomás González <tomasagustin.gonzalezorlando@arm.com>
2023-07-06 14:21:23 +01:00
Manuel Pégourié-Gonnard
a30c5cfc66
Use minimal include in test_suite_random
...
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-07-06 12:47:29 +02:00
Manuel Pégourié-Gonnard
d55d66f5ec
Fix missing includes
...
Some files relied on psa_util.h to provide the includes they need.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-07-06 12:47:28 +02:00
Manuel Pégourié-Gonnard
801d5b441d
Remove unnecessary (and harmful) include
...
Besides being unnecessary, it was causing problem when build SSL test
programs, which include this header, then in turn trying to include the
internal header from library, which didn't work.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-07-06 12:47:26 +02:00
Manuel Pégourié-Gonnard
2be8c63af7
Create psa_util_internal.h
...
Most functions in psa_util.h are going to end up there (except those
that can be static in one file), but I wanted to have separate commits
for file creation and moving code around, so for now the new file's
pretty empty but that will change in the next few commits.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-07-06 12:42:33 +02:00
Przemek Stekiel
615cbcdbdf
Provide additional comments for claryfication
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-07-06 12:16:39 +02:00
Dave Rodgman
8dda131a0a
Test OID lookup for every hash algorithm
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-07-06 09:52:20 +01:00
Gabor Mezei
2a7bcaf8af
Use only MBEDTLS_ECP_WITH_MPI_UINT
to switch between the ecp variants
...
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2023-07-06 10:37:51 +02:00
Jerry Yu
ba3eee7211
Add indent
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-07-06 10:16:15 +08:00
Jerry Yu
4d31022d90
Add missed intermediate file
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-07-06 10:16:14 +08:00
Jerry Yu
c5b2e284fa
Remove workaround code
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-07-06 10:16:10 +08:00
Jerry Yu
99a82dd043
fix python lint fails
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-07-06 10:13:46 +08:00
Jerry Yu
2ef2e78837
Add commands for test_certs.h
...
And update target file
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-07-06 10:13:46 +08:00
Jerry Yu
5811869311
Add test_certs.h generate script
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-07-06 10:13:46 +08:00
Jerry Yu
fa0c3995c4
Move certs/keys data to seperate file
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-07-06 10:13:46 +08:00
Dave Rodgman
6cc1734f3e
Fix test dependency
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-07-05 20:27:45 +01:00
Dave Rodgman
0c2d1afaf3
Fix free before pointers initialised
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-07-05 20:23:09 +01:00
Dave Rodgman
f324a74fab
Add tests for MBEDTLS_MD_SHA3_xxx_VIA_PSA
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-07-05 19:55:15 +01:00
Dave Rodgman
76814b6207
fix missing include
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-07-05 19:38:21 +01:00
Dave Rodgman
c0a0990b6e
Improve testing of md/PSA alg identifier macro conversions
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-07-05 19:17:50 +01:00
Dave Rodgman
7bb7602a66
Add OID tests for SHA-3
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-07-05 19:03:21 +01:00
Gabor Mezei
6db604711d
Add a new test component to test the new bignum interface with TEST_HOOKS
...
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2023-07-05 16:54:20 +02:00
Dave Rodgman
3d0c8255aa
Merge pull request #7825 from daverodgman/cipher_wrap_size
...
Cipher wrap size improvement
2023-07-05 15:45:48 +01:00
David Horstmann
969c145f34
Use CONFIG_H variable rather than config file name
...
Signed-off-by: David Horstmann <david.horstmann@arm.com>
2023-07-05 14:12:13 +01:00
David Horstmann
20550e3d59
all.sh component to test cmake custom config file
...
Signed-off-by: David Horstmann <david.horstmann@arm.com>
2023-07-05 14:12:13 +01:00
Andrzej Kurek
026235c4ec
Disable msan errors on null allocation in all.sh
...
Such error was raised in platform tests,
and it's a valid test case.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2023-07-05 08:32:43 -04:00
Przemek Stekiel
565353ef71
Cleanup the code
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-07-05 11:07:07 +02:00
Przemek Stekiel
7ac93bea8c
Adapt names: dh -> xxdh
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-07-05 09:26:26 +02:00
Przemek Stekiel
45255e4c71
Adapt names (curves -> groups)
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-07-05 09:26:26 +02:00
Przemek Stekiel
6f199859b6
Adapt handshake fields to ffdh
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-07-05 09:25:00 +02:00
Przemek Stekiel
84f4ff1dd3
Minor adaptations after ffdh was enabled for tls1.3
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-07-05 09:12:08 +02:00
Przemek Stekiel
85b644262d
Add ffdh accel vs reference check to analyze_outcomes.py
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-07-04 12:35:54 +02:00
Przemek Stekiel
01c248c00b
Enable TLS1.3 in FFDH alg build with drivers and add reference config(without drivers)
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-07-04 12:35:54 +02:00
Kusumit Ghoderao
7333ed3efa
Add max iterations test case for cmac
...
Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>
2023-07-04 15:17:03 +05:30
Kusumit Ghoderao
d80183864a
Add test case for zero input cost
...
Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>
2023-07-04 15:17:02 +05:30
Kusumit Ghoderao
671320633c
Add test cases for key and plain inputs
...
Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>
2023-07-04 15:17:02 +05:30
Kusumit Ghoderao
9d4c74f25c
Add test cases for output validation of pbkdf2 cmac
...
PBKDF2_AES_CMAC_PRF_128 test vectors are generated using PyCryptodome library:
https://github.com/Legrandin/pycryptodome
Steps to generate test vectors:
1. pip install pycryptodome
2. Use the python script below to generate Derived key (see description for details):
Example usage:
pbkdf2_cmac.py <password> <salt> <number_of_iterations> <derived_key_len>
derive_ms.py 4a30314e4d45 54687265616437333563383762344f70656e54687265616444656d6f 16384 16
password : 4a30314e4d45
salt : 54687265616437333563383762344f70656e54687265616444656d6f
input cost : 16384
derived key len : 16
output : 8b27beed7e7a4dd6c53138c879a8e33c
"""
from Crypto.Protocol.KDF import PBKDF2
from Crypto.Hash import CMAC
from Crypto.Cipher import AES
import sys
def main():
#check args
if len(sys.argv) != 5:
print("Invalid number of arguments. Expected: <password> <salt> <input_cost> <derived_key_len>")
return
password = bytes.fromhex(sys.argv[1])
salt = bytes.fromhex(sys.argv[2])
iterations = int(sys.argv[3])
dklen = int(sys.argv[4])
# If password is not 16 bytes then we need to use CMAC to derive the password
if len(password) != 16:
zeros = bytes.fromhex("00000000000000000000000000000000")
cobj_pass = CMAC.new(zeros, msg=password, ciphermod=AES, mac_len=16)
passwd = bytes.fromhex(cobj_pass.hexdigest())
else:
passwd = password
cmac_prf = lambda p,s: CMAC.new(p, s, ciphermod=AES, mac_len=16).digest()
actual_output = PBKDF2(passwd, salt=salt, dkLen=dklen, count=iterations, prf=cmac_prf)
print('password : ' + password.hex())
print('salt : ' + salt.hex())
print('input cost : ' + str(iterations))
print('derived key len : ' + str(dklen))
print('output : ' + actual_output.hex())
if __name__ == "__main__":
main()
"""
Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>
2023-07-04 15:17:01 +05:30
Kusumit Ghoderao
1d3fca21b1
Add test cases for input validation of pbkdf2 cmac
...
Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>
2023-07-04 15:17:01 +05:30
Pengyu Lv
b687c03183
Fix the command for server9-sha*.crt
...
The new command could generate
parse_input/server9-sha*.crt correctly.
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-07-04 17:30:21 +08:00
Pengyu Lv
49c56e651d
Add target for parse_input/cert_example_multi_nocn.crt
...
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-07-04 17:30:21 +08:00
Pengyu Lv
19e949e644
Fix typo and long line format
...
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-07-04 17:30:21 +08:00
Pengyu Lv
736d2bb715
Update crl-rsa-pss-*.pem manually
...
The rules will be in a seperate PR.
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-07-04 17:30:21 +08:00
Jerry Yu
59f392cd4d
upgrade server9-bad-saltlen.crt
...
Upgrade scripts
```python
import subprocess
from asn1crypto import pem, x509,core
output_filename="server9-bad-saltlen.crt"
tmp_filename="server9-bad-saltlen.crt.tmp"
tmp1_filename="server9-bad-saltlen.crt.tmp1"
subprocess.check_call(rf''' openssl x509 -req -extfile server5.crt.openssl.v3_ext \
-passin "pass:PolarSSLTest" -CA test-ca.crt -CAkey test-ca.key \
-set_serial 24 -days 3650 \
-sigopt rsa_padding_mode:pss -sigopt rsa_pss_saltlen:max \
-sigopt rsa_mgf1_md:sha256 -sha256 \
-in server9.csr -out {output_filename}
''',shell=True)
with open(output_filename,'rb') as f:
_,_,der_bytes=pem.unarmor(f.read())
target_certificate=x509.Certificate.load(der_bytes)
with open(tmp_filename,'wb') as f:
f.write(target_certificate['tbs_certificate'].dump())
subprocess.check_call(rf'openssl dgst -sign test-ca.key -passin "pass:PolarSSLTest" \
-sigopt rsa_padding_mode:pss -sigopt rsa_pss_saltlen:32 \
-sigopt rsa_mgf1_md:sha256 -out {tmp1_filename} {tmp_filename}',
shell=True)
with open(tmp1_filename,'rb') as f:
signature_value= core.OctetBitString(f.read())
with open(output_filename,'wb') as f:
target_certificate['signature_value']=signature_value
f.write(pem.armor('CERTIFICATE',target_certificate.dump()))
```
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-07-04 17:30:21 +08:00
Pengyu Lv
4ad45c01b9
Update server9*.crt
...
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-07-04 17:30:21 +08:00
Pengyu Lv
8c40c573b2
Add server9-bad-{mgfhash,saltlen}.crt
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-07-04 17:30:21 +08:00
Pengyu Lv
b5ac935e44
Add rules to generate server9*.crt
...
Except for server9-bad-saltlen.crt and
server9-bad-mgfhash.crt.
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-07-04 17:30:21 +08:00
Jerry Yu
4ca9520582
Update server1-nospace.crt
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-07-04 17:30:21 +08:00
Jerry Yu
0efdfcbfd3
Update v1 crt files
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-07-04 17:30:21 +08:00
Pengyu Lv
0d545a1815
Update cert_example_multi_nocn.crt
...
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-07-04 17:30:21 +08:00
Pengyu Lv
e025cb2096
Add rules to generate cert_example_multi_nocn.crt
...
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-07-04 17:30:21 +08:00
Pengyu Lv
d9ba29733e
Update server5.[e]ku-*.crt
...
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-07-04 17:30:21 +08:00
Pengyu Lv
1ca5c0eae9
Add rules to generate server5.[e]ku-*.crt
...
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-07-04 17:30:21 +08:00
Pengyu Lv
5b91dc7265
Update server2.ku-*.crt
...
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-07-04 17:30:21 +08:00
Pengyu Lv
0063599e6f
Add rules to generate server2.ku-*.crt
...
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-07-04 17:30:21 +08:00
Pengyu Lv
55ee7f8e13
Add rule for server2-badsign.crt
...
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-07-04 17:30:21 +08:00
Jerry Yu
0f381fd02f
Update test-ca2.ku-*.crt
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-07-04 17:30:21 +08:00
Pengyu Lv
5a1dbf3d6e
Fix the rule for server5-ss-forgeca.crt
...
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-07-04 17:30:21 +08:00
Jerry Yu
affc294dfe
Add the rule and update server6-ss-child.crt
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-07-04 17:30:21 +08:00
Jerry Yu
4d69b29076
Update server5-selfsigned.crt
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-07-04 17:30:21 +08:00
Dave Rodgman
9cf17dad9d
Merge pull request #7851 from daverodgman/fix-unused-aes
...
Fix AES dependencies - build TF-M config cleanly
2023-07-03 16:49:00 +01:00
Andrzej Kurek
cf669b058b
Add a dummy usage of a pointer in tests
...
This way clang with O1 doesn't optimize it.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2023-07-03 10:42:27 -04:00