Commit graph

114 commits

Author SHA1 Message Date
Dave Rodgman
f1419dbbe8
Merge pull request #6381 from tom-cosgrove-arm/pr2164
mbedtls: fix possible false success in mbedtls_cipher_check_tag()
2022-11-25 10:55:10 +00:00
Andrzej Kurek
ed05279e4f Comment fix
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-10-21 10:28:55 -04:00
Andrzej Kurek
8f26c8a0cf Fix a typo in test_suite_cipher
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-10-21 10:28:55 -04:00
Tom Cosgrove
edca207260 MBEDTLS_CIPHER_CHACHA20_POLY1305 is an mbedtls_cipher_type_t not an mbedtls_cipher_mode_t
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2022-10-14 12:10:40 +01:00
Tom Cosgrove
c621a6d38f Update tests to account for CIPHER_FEATURE_UNAVAILABLE on non-authenticated alg
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2022-09-30 17:15:54 +01:00
Przemek Stekiel
6f29a6c4b4 test_suite_cipher.function: always include aes.h
It is done to have MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH macro available (used in tests)

Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-09-27 15:04:14 +02:00
Tuvshinzaya Erdenekhuu
d5ebedffd0 Removed unused variable in cipher test
Signed-off-by: Tuvshinzaya Erdenekhuu <tuvshinzaya.erdenekhuu@arm.com>
2022-08-31 10:14:57 +01:00
Tuvshinzaya Erdenekhuu
6c68927948 Enabled invalid param test for cipher
Signed-off-by: Tuvshinzaya Erdenekhuu <tuvshinzaya.erdenekhuu@arm.com>
2022-08-31 10:14:57 +01:00
Przemek Stekiel
476d9c45b8 Use MBEDTLS_TEST_DEPRECATED only in tests
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-05-19 14:11:06 +02:00
Przemek Stekiel
e58ca8bb5e Add MBEDTLS_TEST_DEPRECATED dependency
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-05-13 15:48:41 +02:00
Przemek Stekiel
61922d1328 Fix mbedtls_cipher_setup_psa() dependencies in tests
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-05-12 13:51:51 +02:00
Thomas Daubney
5dcbc4d326 Changes name of iv_check to iv_len_validity
Commit changes name of check_iv to
iv_len_validity as this seems to better describe
its functionality.

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
2022-02-17 21:30:25 +00:00
Thomas Daubney
3a066ec999 Initialise iv buffer before use
Commit initialises the iv buffer before
it is passed to mbedtls_cipher_set_iv().

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
2022-02-17 14:00:06 +00:00
Andrzej Kurek
b9fbc11e2c Dynamically allocate iv in dec_empty_buf tests
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-01-14 16:31:54 +01:00
Andrzej Kurek
63439eda62 Return an error for IV lengths other than 12 with ChaCha20+Poly1305
The implementation was silently overwriting the IV length to 12
even though the caller passed a different value.
Change the behavior to signal that a different length is not supported.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-01-14 16:31:54 +01:00
Andrzej Kurek
33ca6af8a3 Return an error for IV lengths other than 12 with ChaCha20
The implementation was silently overwriting the IV length to 12
even though the caller passed a different value.
Change the behavior to signal that a different length is not supported.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-01-14 16:31:54 +01:00
Gilles Peskine
dc8ecda46f Don't fail until everything is initialized
Can't call mbedtls_cipher_free(&invalid_ctx) in cleanup if
mbedtls_cipher_init(&invalid_ctx) hasn't been called.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-12-10 14:28:31 +01:00
Paul Elliott
0cf7e38606 Add checked return to cipher setup
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-12-09 18:27:01 +00:00
Max Fillinger
72abd8a9c3 Fix type for iv size and block size in tests
Signed-off-by: Max Fillinger <max@max-fillinger.net>
2021-11-28 14:13:52 +01:00
Max Fillinger
c60c3a0c77 Include new getters in test suites
Signed-off-by: Max Fillinger <max@max-fillinger.net>
2021-11-10 15:12:04 +01:00
Mateusz Starzyk
f257a6e8f8 Add CCM*-no-tag tests for the cipher module.
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
2021-10-27 16:27:44 +02:00
Gilles Peskine
6ac8f94a72 Fix cipher info key length sanity checks
Most supported ciphers have a 128-bit, 192-bit or 256-bit keys. List the
exceptions explicitly.

This commit fixes a test failure with the null cipher and an incorrect
comment that omitted several key lengths.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-09-01 08:31:49 +02:00
Gilles Peskine
0be02bd823 Add accessor functions for cipher_info fields
Add functions to read the type, mode, name and key_bitlen fields from
mbedtls_cipher_info_t. These are the fields that applications are most
likely to care about.

TLS code also uses iv_size and block_size, which it might make sense to
expose, but most applications shouldn't need those, so I'm not exposing them
for now.

Call the new functions in unit tests, so they're at least smoke-tested.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-08-31 22:52:41 +02:00
TRodziewicz
2d0769d149 Simplification of the tests
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
2021-05-27 17:36:54 +02:00
TRodziewicz
7019955c76 Removal of the TEST_VALID_PARAM macro and its usages
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
2021-05-27 17:35:04 +02:00
TRodziewicz
062f353804 Changes after code review
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
2021-05-27 17:34:14 +02:00
Ronald Cron
875b5fb7fa Refactor optional parameter check tests
Remove tests related to NULL pointers,
keep tests related to invalid enum values.
Remove test code related to MBEDTLS_CHECK_PARAMS.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
2021-05-27 17:27:14 +02:00
TRodziewicz
c1c479fbe9 Fllow-up of the review: ChangeLog expansion, mmigration guides added and comments fixed
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
2021-05-06 00:53:22 +02:00
TRodziewicz
18efb73743 Remove deprecated functions and constants.
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
2021-04-29 23:12:19 +02:00
Gilles Peskine
f6be590bf6 Include psa_crypto_helpers.h in helpers.function
Include psa_crypto_helpers.h automatically if MBEDTLS_PSA_CRYPTO_C is
enabled, like helpers.h is included automatically.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-01-06 18:21:18 +01:00
Gilles Peskine
8a3d234859 Fail the test case immediately if cipher_reset_key fails
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-12-07 10:02:13 +01:00
Gilles Peskine
a2971ea62c Simplify some buffer comparisons in tests
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-12-07 09:58:47 +01:00
Gilles Peskine
70edd689a8 cipher_auth_xxcrypt(): fix some null pointer handling
Make sure that if a buffer is allowed to be empty, a null pointer is
accepted if the buffer length is 0. This was already the case for most
but not all arguments to mbedtls_cipher_auth_{en,de}crypt{,_ext}.

Make sure to pass NULL for an empty buffer in the tests.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-12-07 09:58:26 +01:00
Manuel Pégourié-Gonnard
b23e31d86a Minor documentation/comment fixes
typos, overlong lines

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-12-07 09:57:35 +01:00
Manuel Pégourié-Gonnard
f215ef82af Test that auth_decrypt{,_ext}() zeroize on failure
The documentation says it does, so it should be tested.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-12-03 12:33:31 +01:00
Manuel Pégourié-Gonnard
86796bc8a5 Add check_param test for cipher_auth_xxcrypt_ext()
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-12-03 12:25:10 +01:00
Manuel Pégourié-Gonnard
9b2a78966f Use exact-size buffers for testing auth_xxcrypt()
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-12-03 12:25:10 +01:00
Manuel Pégourié-Gonnard
513c243317 Deprecate mbedtls_cipher_auth_xxcrypt()
This temporarily breaks all.sh '*deprecated*' (deprecated functions still used
in the library), which will be fix in the next commit.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-12-03 12:25:09 +01:00
Manuel Pégourié-Gonnard
f2ffbc4387 Stop supporting NIST_KW in cipher_auth_xxcrypt()
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-12-03 12:25:09 +01:00
Manuel Pégourié-Gonnard
53f10e70fd Test cipher_auth_{en,de}crypt_ext()
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-12-03 12:25:09 +01:00
Manuel Pégourié-Gonnard
89a8fe50fe Extract helper function for repeated test code
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-12-03 12:25:09 +01:00
Manuel Pégourié-Gonnard
4c1a1006df Improve comments/structure of auth_crypt test
We want to test both sets of functions (ext and non-ext) in turn, so goto exit
is not really and option.

Also, separate setting up the context (which is going to be the same for both
ext and non-ext functions) from setting up the buffers (which will vary).

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-12-03 12:25:08 +01:00
Ronald Cron
9ed4073ea5 tests: Get rid of mbedtls_test_unhexify() in unit test code
In test functions calling mbedtls_test_unhexify(), change the
type of the associated parameters from `char*` to `data_t`.

That way the `unhexify` operation is done by the test
framework and not by the unit test code.

Use for the new parameters of type data_t the name of the
local variable that use to store the `unhexify` version of
the `char*` parameter.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-06-26 10:45:16 +02:00
Ronald Cron
72d628f7f5 tests: Add mbedtls_test_ prefix to *hexify functions
Add mbedtls_test_ prefix to hexify() and unhexify()
test helper functions.

Command to change *.function files:
find . -name "*.function" -exec awk -i inplace \
    '{sub(/(un|)hexify\>/,"mbedtls_test_&")}1' {} \;

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-06-12 14:33:08 +02:00
Ronald Cron
02c78b7825 tests: Create an include folder
Create an include folder dedicated to include files for
tests. With the upcoming work on tests for PSA crypto
drivers the number of includes specific to tests is going
to increase significantly thus create a dedicated folder.

Don't put the include files in the include folder but in
include/test folder. This way test headers can be included
using a test/* path pattern as mbedtls and psa headers
are included using an mbedtls/* and psa/* path pattern.
This makes explicit the scope of the test headers.

Move the existing includes for tests into include/test and
update the code and build systems (make and cmake)
accordingly.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-06-10 16:03:05 +02:00
Jaeden Amero
4013b98df0
Merge pull request #166 from k-stachowiak/IOTCRYPT-440-add-missing-dec_empty_buf-tests
Add missing dec_empty_buf tests
2019-09-04 10:18:11 +01:00
Gilles Peskine
5386f6ba07 Fix PSA init/deinit in mbedtls_xxx tests when using PSA
In tests of mbedtls_cipher_xxx and mbedtls_pk_xxx with
MBEDTLS_USE_PSA_CRYPTO enabled, initialize and deinitialize the PSA
subsystem in every function. Before, the tests were only passing
because the first function to be called happened to call
psa_crypto_init() but not mbedtls_psa_crypto_free(). In some
configurations (not tested on CI), psa_crypto_init() was not called so
the tests using PSA failed.

Call PSA_DONE() at the end of each test function. This ensures that no
resources are leaked in the form of PSA crypto slot contents.
Incidentally, this also fixes a build error due to
test_helper_psa_done() being unused in test_suite_pk: the fact that it
wasn't used betrayed the missing calls to PSA_DONE().
2019-08-01 13:11:47 +02:00
k-stachowiak
d8727230f7 Add negative tests for empty buffer decoding for certain ciphers 2019-07-29 17:46:29 +02:00
Jaeden Amero
5ab80efa10 test: Check empty buffer decryption for chachapoly
Previously, even in the Chacha20 and Chacha20-Poly1305 tests, we would
test that decryption of an empty buffer would work with
MBEDTLS_CIPHER_AES_128_CBC.

Make the cipher used with the dec_empty_buf() test configurable, so that
Chacha20 and Chacha20-Poly1305 empty buffer tests can use ciphers other
than AES CBC. Then, make the Chacha20 and Chacha20-Poly1305 empty buffer
tests use the MBEDTLS_CIPHER_CHACHA20 and
MBEDTLS_CIPHER_CHACHA20_POLY1305 cipher suites.
2019-06-07 12:57:33 +01:00
Gilles Peskine
424840e033 Call mbedtls_cipher_free() to reset a cipher context
mbedtls_cipher_reset() only restarts the operation, it doesn't
dissociate the key from the context.
2019-04-16 16:06:34 +02:00