Paul Elliott
6ebe7d2e3a
Merge pull request #8095 from davidhorstmann-arm/initialize-struct-get-other-name
...
Coverity fix: Set `type_id` in `x509_get_other_name()`
2023-08-31 16:26:00 +00:00
Paul Elliott
b5d97156e4
Merge pull request #7857 from minosgalanakis/bugifx/address_curve_bits
...
[BigNum] test_suite_ecp: Fixed curve bit-length.
2023-08-31 13:14:11 +00:00
Gilles Peskine
f7632382cc
Merge pull request #8130 from davidhorstmann-arm/fix-unnecessary-include-prefixes
...
Fix unnecessary header prefixes in tests
2023-08-31 08:57:26 +00:00
Dave Rodgman
dbddb00158
Ensure mbedtls_sha3_finish zeroizes the context
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-08-30 18:43:23 +01:00
David Horstmann
22ec2aefa9
Fix unnecessary header prefixes in tests
...
Remove unnecessary "../library" prefix from test suite includes. This
makes the tests repo-agnostic between the mbedtls and psa-crypto repos.
Signed-off-by: David Horstmann <david.horstmann@arm.com>
2023-08-30 15:34:34 +01:00
Dave Rodgman
29bf911058
Merge pull request #7839 from daverodgman/psa-sha3
...
SHA-3 via PSA
2023-08-30 08:51:36 +00:00
Gilles Peskine
a878b663cf
Merge pull request #8090 from silabs-Kusumit/PBKDF2_higher_cost_tests
...
PBKDF2: tests with higher input costs
2023-08-29 14:00:17 +00:00
Gilles Peskine
e65bba4dd2
Merge pull request #7803 from gilles-peskine-arm/psa-low-hash-mac-size
...
Start testing the PSA built-in drivers: hashes
2023-08-22 11:19:41 +00:00
Gilles Peskine
6d14c2b858
Remove dead code
...
Do explain why we don't test a smaller buffer in addition to testing the
nominal size and a larger buffer.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-08-22 09:59:50 +02:00
Gilles Peskine
c9187c5866
New test suite for the low-level hash interface
...
Some basic test coverage for now:
* Nominal operation.
* Larger output buffer.
* Clone an operation and use it after the original operation stops.
Generate test data automatically. For the time being, only do that for
hashes that Python supports natively. Supporting all algorithms is future
work.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-08-22 09:59:42 +02:00
Gilles Peskine
796bc2b8f9
Merge pull request #7486 from AndrzejKurek/calloc-also-zeroizes
...
Document mbedtls_calloc zeroization
2023-08-21 15:47:21 +00:00
Janos Follath
e220d258fd
Merge pull request #8086 from yanesca/remove-new-bignum
...
Remove new bignum when not needed
2023-08-21 10:59:41 +00:00
David Horstmann
cfae6a1ae9
Fix incorrect detection of HardwareModuleName
...
The hardware module name otherName SAN contains 2 OIDs:
OtherName ::= SEQUENCE {
type-id OBJECT IDENTIFIER,
value [0] EXPLICIT ANY DEFINED BY type-id }
HardwareModuleName ::= SEQUENCE {
hwType OBJECT IDENTIFIER,
hwSerialNum OCTET STRING }
The first, type-id, is the one that identifies the otherName as a
HardwareModuleName. The second, hwType, identifies the type of hardware.
This change fixes 2 issues:
1. We were erroneously trying to identify HardwareModuleNames by looking
at hwType, not type-id.
2. We accidentally inverted the check so that we were checking that
hwType did NOT match HardwareModuleName.
This fix ensures that type-id is correctly checked to make sure that it
matches the OID for HardwareModuleName.
Signed-off-by: David Horstmann <david.horstmann@arm.com>
2023-08-18 19:31:39 +01:00
Kusumit Ghoderao
5cad47df8a
Modify test description
...
The test data was generated using the python script.
PBKDF2_AES_CMAC_PRF_128 test vectors are generated using PyCryptodome library:
https://github.com/Legrandin/pycryptodome
Steps to generate test vectors:
1. pip install pycryptodome
2. Use the python script below to generate Derived key (see description for details):
Example usage:
pbkdf2_cmac.py <password> <salt> <number_of_iterations> <derived_key_len>
derive_output.py 4a30314e4d45 54687265616437333563383762344f70656e54687265616444656d6f 16384 16
password : 4a30314e4d45
salt : 54687265616437333563383762344f70656e54687265616444656d6f
input cost : 16384
derived key len : 16
output : 8b27beed7e7a4dd6c53138c879a8e33c
"""
from Crypto.Protocol.KDF import PBKDF2
from Crypto.Hash import CMAC
from Crypto.Cipher import AES
import sys
def main():
#check args
if len(sys.argv) != 5:
print("Invalid number of arguments. Expected: <password> <salt> <input_cost> <derived_key_len>")
return
password = bytes.fromhex(sys.argv[1])
salt = bytes.fromhex(sys.argv[2])
iterations = int(sys.argv[3])
dklen = int(sys.argv[4])
# If password is not 16 bytes then we need to use CMAC to derive the password
if len(password) != 16:
zeros = bytes.fromhex("00000000000000000000000000000000")
cobj_pass = CMAC.new(zeros, msg=password, ciphermod=AES, mac_len=16)
passwd = bytes.fromhex(cobj_pass.hexdigest())
else:
passwd = password
cmac_prf = lambda p,s: CMAC.new(p, s, ciphermod=AES, mac_len=16).digest()
actual_output = PBKDF2(passwd, salt=salt, dkLen=dklen, count=iterations, prf=cmac_prf)
print('password : ' + password.hex())
print('salt : ' + salt.hex())
print('input cost : ' + str(iterations))
print('derived key len : ' + str(dklen))
print('output : ' + actual_output.hex())
if __name__ == "__main__":
main()
"""
Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>
2023-08-18 12:49:07 +05:30
Kusumit Ghoderao
e4d634cd87
Add tests with higher input costs for pbkdf2
...
Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>
2023-08-17 21:16:14 +05:30
Janos Follath
f2334b7b39
Remove new bignum when not needed
...
New bignum modules are only needed when the new ecp_curves module is
present. Remove them when they are not needed to save code size.
Signed-off-by: Janos Follath <janos.follath@arm.com>
2023-08-17 14:36:59 +01:00
Gilles Peskine
294be94922
Merge pull request #7818 from silabs-Kusumit/PBKDF2_cmac_implementation
...
PBKDF2 CMAC implementation
2023-08-17 11:15:16 +00:00
Gilles Peskine
d370f93898
Merge pull request #7898 from AndrzejKurek/csr-rfc822-dn
...
OPC UA - add support for RFC822 and DirectoryName SubjectAltNames when generating CSR's
2023-08-16 09:19:46 +00:00
Kusumit Ghoderao
6c104b9b3b
Modify derive output test cases and add actual output
...
Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>
2023-08-16 11:47:24 +05:30
Paul Elliott
6da3d83f33
Fix resource leak in test failure case
...
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2023-08-11 16:28:06 +01:00
Manuel Pégourié-Gonnard
26b7c93d9d
Merge pull request #7992 from valeriosetti/issue7755
...
driver-only ECC: BN.x509 testing
2023-08-10 19:41:09 +00:00
Manuel Pégourié-Gonnard
54da1a69a2
Merge pull request #7578 from daverodgman/safer-ct5
...
Improve constant-time interface
2023-08-10 16:57:39 +00:00
Tom Cosgrove
e7700a7d0a
Merge pull request #7936 from AgathiyanB/assert-false-macro
...
Add TEST_FAIL macro for tests
2023-08-10 15:01:34 +00:00
Valerio Setti
3580f448eb
test: solve test disparities for x509[parse/write] suites
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-08-10 14:50:43 +02:00
Dave Rodgman
ac69b45486
Document and test mbedtls_ct_size_if_else_0
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-08-10 12:18:13 +01:00
Dave Rodgman
98ddc01a7c
Rename ...if0 to ...else_0
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-08-10 12:11:31 +01:00
Dave Rodgman
b7825ceb3e
Rename uint->bool operators to reflect input types
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-08-10 11:58:18 +01:00
Valerio Setti
c5d85e5ead
test: remove BIGNUM dependencies from pk[parse/write] suites
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-08-10 06:43:23 +02:00
Gilles Peskine
a79256472c
Merge pull request #7788 from marekjansta/fix-x509-ec-algorithm-identifier
...
Fixed x509 certificate generation to conform to RFCs when using ECC key
2023-08-07 19:14:54 +00:00
Minos Galanakis
2cae936107
test_suite_ecp: Moved curve bitlenth check after quasi reduction.
...
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
2023-08-07 16:49:22 +01:00
Minos Galanakis
831a2e6369
test_suite_ecp: Fixed curve bit-length.
...
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
2023-08-07 16:45:54 +01:00
Dave Rodgman
953f2a4780
Merge pull request #7892 from AgathiyanB/fix-coverage-MBEDTLS_ECP_NIST_OPTIM-disabled
...
Add dependency MBEDTLS_ECP_NIST_OPTIM for ECP test
2023-08-07 14:37:08 +00:00
Dave Rodgman
4dd89310e9
Update w.r.t. test macro name changes from #6253
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-08-07 11:49:12 +01:00
Dave Rodgman
c98f8d996a
Merge branch 'development' into safer-ct5
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-08-07 11:47:35 +01:00
Dave Rodgman
2ec9892f24
Merge pull request #6253 from tom-cosgrove-arm/rename-assert_compare-to-test_assert_compare
...
Rename test macros `ASSERT_COMPARE()`, `ASSERT_ALLOC()` and `ASSERT_ALLOC_WEAK()`
2023-08-04 13:45:10 +00:00
Dave Rodgman
003a5e1ca7
Merge pull request #1046 from Mbed-TLS/merge_3.4.1
...
Merge 3.4.1
2023-08-03 18:23:37 +01:00
Dave Rodgman
a0fc9987da
Merge branch 'development' into merge_3.4.1
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-08-03 15:56:59 +01:00
Dave Rodgman
6f80ac4979
Merge pull request #7864 from waleed-elmelegy-arm/enforce-min-RSA-key-size
...
Enforce minimum key size when generating RSA key size
2023-08-03 12:57:52 +00:00
Gilles Peskine
6919546ddf
Update more test dependencies when using test-ca.key
...
Those test cases aren't actually executed due to another typo which is
beyond the scope of this commit and will be resolved in
https://github.com/Mbed-TLS/mbedtls/pull/8029 . But update DES to AES anyway.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-08-03 12:02:14 +02:00
Waleed Elmelegy
d4e7fe09b3
Change tests to work on different MBEDTLS_RSA_GEN_KEY_MIN_BITS configs
...
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
2023-08-02 16:59:59 +00:00
Gilles Peskine
a824f8bc91
Update test dependencies when using test-ca.key
...
"tests/data_files/test-ca.key" is now encrypted using AES instead of DES.
Update test dependencies accordingly. This fixes `depends.py cipher_id`.
This is a partial cherry-pick of 1a4cc5e92c
(done manually because the context on the same line is different).
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-08-02 16:38:21 +02:00
Kusumit Ghoderao
6eff0b2258
Remove test vector
...
Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>
2023-08-02 17:22:49 +05:30
Gilles Peskine
550d147078
Bump version to 3.4.1
...
```
./scripts/bump_version.sh --version 3.4.1
```
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-08-02 12:50:23 +02:00
Gilles Peskine
267bee9be8
Merge pull request #7903 from valeriosetti/issue7773
...
Define PSA_WANT_xxx_KEY_PAIR_yyy step 2/DH
2023-08-02 10:16:44 +00:00
Gilles Peskine
50745e7e35
Update failing unit tests to use the moved data files
...
After upgrading certificates, some parsing unit tests are failing because
the new certificates have a different expiry date, by design. Switch those
test cases to using the moved copy of the old data (as we did in a more
systematic way in the development branch).
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-08-02 12:12:53 +02:00
Bence Szépkúti
895074e3f9
Merge pull request #8002 from valeriosetti/issue7904
...
PSA maximum size macro definitions should take support into account
2023-08-02 05:57:28 +00:00
Dave Rodgman
926d8da47e
Fix test dependency
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-07-31 17:28:26 +01:00
Dave Rodgman
378280e57f
Revert "Move constant_flow.h into the main library"
...
This reverts commit fd78c34e23
.
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-07-31 17:22:55 +01:00
Dave Rodgman
fd78c34e23
Move constant_flow.h into the main library
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-07-31 12:48:33 +01:00
Dave Rodgman
04a334af55
Make const-time test not depend on internal knowledge of mbedtls_ct_condition_t
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-07-31 12:48:33 +01:00