Commit graph

5857 commits

Author SHA1 Message Date
Paul Elliott
88ecbe176d Test generated nonce test generates expected sizes
(But only in the positive test cases)

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-09-22 22:34:17 +01:00
Paul Elliott
2c363a802a Add NULL / 0 buffer tests for update test
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-09-22 22:34:17 +01:00
Paul Elliott
fbb4c6d9a2 Replace AEAD operation init func with macro
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-09-22 22:34:17 +01:00
Paul Elliott
a2a09b096c Remove double initialisation of AEAD operation
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-09-22 22:34:17 +01:00
Paul Elliott
bb979e7748 Rename enum types
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-09-22 22:34:17 +01:00
Paul Elliott
bdc2c68d97 Add missing not setting nonce tests
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-09-22 22:34:17 +01:00
Paul Elliott
3ecdb3e308 Change test dependencys to PSA_WANT
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-09-22 22:34:17 +01:00
Jerry Yu
76e31ec169 Add gnutls version test for client hello
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-09-22 21:16:27 +08:00
Gilles Peskine
f0f2294f57
Merge pull request #4708 from mstarzyk-mobica/ccm_chunked
Ccm chunked - enable multipart CCM in PSA
2021-09-21 13:46:52 +02:00
Gilles Peskine
93cb6111ba
Merge pull request #4878 from SiliconLabs/remove_dependency_4877
Remove dependency of built-in keys on storage
2021-09-20 22:20:16 +02:00
Paul Elliott
0f32b7d345 Apply fixes to test driver from lib implementation
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-09-20 18:47:28 +01:00
Paul Elliott
64555bd98c Add missing initialisation to setup test.
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-09-20 18:47:28 +01:00
Gilles Peskine
3587dfdce8 Move long -D lists from all.sh to a header file
To facilitate maintenance and to make it easier to reproduce all.sh builds
manually, remove the long, repeated list of -D options from
component_test_psa_crypto_config_basic and component_test_psa_crypto_drivers
and put it in a header file instead.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-09-20 19:20:04 +02:00
Gilles Peskine
396853ad03 'make test': show failing test cases when cmake does
When building with make, `make test` runs `run-test-suites.pl` which has a
verbose mode that reports the failing test cases, but it didn't provide a
way to enable this verbose mode. With the present commit, you can run `make
test TEST_FLAGS=-v` to use verbose mode.

Base the default for verbose mode on the same environment variable that
`make test` uses when building with CMake: default off, but enabled if
`CTEST_OUTPUT_ON_FAILURE` is true. In particular, verbose mode will now be
on when building from `all.sh`.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-09-20 18:57:55 +02:00
Paul Elliott
4a760882bb Fix leaked test buffer
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-09-20 09:43:46 +01:00
Paul Elliott
6043e49039 Fix missed documentation header pt 2
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-09-20 09:43:46 +01:00
Paul Elliott
8eec8d4436 Fix missed documentation header
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-09-19 22:39:06 +01:00
Paul Elliott
f94bd99368 Add missing aead state tests.
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-09-19 18:43:17 +01:00
Paul Elliott
5221ef638a Add aead setup tests
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-09-19 18:43:17 +01:00
Paul Elliott
1c67e0b38c Add extra verify edge test cases
Add ability to pass NULL tag buffer (with length zero)

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-09-19 18:43:17 +01:00
Paul Elliott
9961a668bd Remove negative tests from multipart_decrypt
Multipart decrypt now always expects positive result (i.e. the plaintext
that is passed in). Added new test that expects fail, and does no
multipart versions and concentrates on aead_verify.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-09-19 18:43:17 +01:00
Paul Elliott
fd0c154ce3 Add tests to oversend data/ad when lengths set
Previous tests only tested when the expected lengths were set to zero.
New test sends all data/ad then goes over by one byte.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-09-19 18:43:17 +01:00
Paul Elliott
ce2c1faf1a Remove uneccesary postive buffer size tests
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-09-19 18:43:17 +01:00
Paul Elliott
6a60b12ef9 Make buffer size checks +-1 from correct size
i.e Check correct buffer size +1 and correct buffer size -1 (where
applicable) to check too big and too small cases, and hopefully catch
edge cases.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-09-19 18:43:17 +01:00
Paul Elliott
a3d153f928 Make nonce based test descriptions more clear
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-09-19 18:43:16 +01:00
Paul Elliott
f38adbe558 Ensure tests expected to fail actually fail
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-09-19 18:43:16 +01:00
Paul Elliott
e49fe45478 Remove unneccesary nesting
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-09-19 18:43:16 +01:00
Paul Elliott
4e4d71a838 Move hidden logic into loop 'for' statement
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-09-19 18:43:16 +01:00
Paul Elliott
33746aac32 Convert set lengths options over to enum
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-09-19 18:43:16 +01:00
Paul Elliott
9454cfa911 Remove unneccesary safety check in test
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-09-19 18:43:16 +01:00
Paul Elliott
6bfd0fbbc6 Convert all uint32_t lengths over to size_t
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-09-19 18:43:16 +01:00
Paul Elliott
5a9642ff28 Correct switched blocks for output sizes
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-09-19 18:43:16 +01:00
Paul Elliott
719c1324a1 Add tag buffer size tests to finish buffer tests
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-09-19 18:43:16 +01:00
Paul Elliott
e58cb1e0cf Aligh finish_buffer_test vars with PSA standard
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-09-19 18:43:16 +01:00
Paul Elliott
4023ffd275 Re-add option of NULL buffer for nonce tests
NULL/zero length or valid buffer/zero length both now tested

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-09-19 18:43:16 +01:00
Paul Elliott
e64deda873 Add missing check to multipart decrypt
Ensure that the test actually does something, rather than skipping both
parts, also add comment to this effect.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-09-19 18:43:16 +01:00
Ronald Cron
133740b74e tests: Improve incomplete then overflow tests
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-09-17 09:38:07 +02:00
Jerry Yu
7a5ab044ca Add tls13 test with everst and ecp restartable
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-09-15 22:06:11 +08:00
Archana
9d17bf4215
Styling and refactoring
Signed-off-by: Archana <archana.madhavan@silabs.com>
2021-09-10 07:16:08 +05:30
Archana
9a2b6ff8f2
Fix test vector dependency
Fix opaque key test vector dependency to PSA_CRYPTO_DRIVER_TEST
instead of MBEDTLS_PSA_CRYPTO_DRIVERS while validating with
test drivers.

Signed-off-by: Archana <archana.madhavan@silabs.com>
2021-09-09 12:32:16 +05:30
Archana
a316b7e42b
Rebase and update signature for curve448 tests
Also include the opaque test cases for curve448 vectors.

Signed-off-by: Archana <archana.madhavan@silabs.com>
2021-09-09 10:11:02 +05:30
Archana
74d99c6bfc
Add a test to validate copy to read only lifetime
Signed-off-by: Archana <archana.madhavan@silabs.com>
2021-09-09 10:11:02 +05:30
Archana
449608bc61
Code style improvements
Signed-off-by: Archana <archana.madhavan@silabs.com>
2021-09-08 22:04:13 +05:30
Archana
8a180368fb
Add opaque test driver support for copy key
A minimal test driver extension is added to support
copy of opaque keys within the same location.
Test vector support is extended to cover opaque keys.

Signed-off-by: Archana <archana.madhavan@silabs.com>
2021-09-08 22:04:07 +05:30
Archana
6ed4bda2c6
pre-existing validation extended
The validation against key width and max key bits is extended to
all key types from the existing validation for only symmetric keys.

Signed-off-by: Archana <archana.madhavan@silabs.com>
2021-09-08 22:04:00 +05:30
Archana
4d7ae1d8cf
Add test driver support for opaque key import
-Add test driver support to import/export while wrapping keys
 meant to be stored in the PSA core as opaque( emulating an
 SE without storage ).
-Export validate_unstructured_key_bit_size as
 psa_validate_unstructured_key_bit_size, thereby changing its scope.
-Improve the import/export test cases in test_suite_psa_crypto to also
 cover opaque keys, thereby avoiding duplication.

Signed-off-by: Archana <archana.madhavan@silabs.com>
2021-09-08 22:03:54 +05:30
Jerry Yu
ed2ef2d9e0 add client hello msg test
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-09-08 10:37:20 +08:00
Mateusz Starzyk
83e4c1270a Add CCM tests for passing unexpected input.
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
2021-09-06 12:09:34 +02:00
Mateusz Starzyk
efec38bb29 Extend CCM corner cases tests.
Add tests covering skipped update() or update_ad()
for empty plaintext/ciphertext and empty auth data.

Test vector for P=0, A=0 generated using python's
cryptography.hazmat library.

Python script used for test vector generation:
```
import os
from cryptography.hazmat.primitives.ciphers.aead import AESCCM

def encrypt(key, iv, plaintext, associated_data):

    key = bytes.fromhex(key)
    iv = bytes.fromhex(iv)
    plaintext = bytes.fromhex(plaintext)
    associated_data = bytes.fromhex(associated_data)

    aesccm = AESCCM(key)
    ct = aesccm.encrypt(iv, plaintext, associated_data)
    return ct.hex()

def decrypt(key, associated_data, iv, ciphertext):

    key = bytes.fromhex(key)
    associated_data = bytes.fromhex(associated_data)
    iv = bytes.fromhex(iv)
    ciphertext = bytes.fromhex(ciphertext)

    aesccm = AESCCM(key)
    pt = aesccm.decrypt(iv, ciphertext, associated_data)
    return pt.hex()

key = "54caf96ef6d448734700aadab50faf7a"
plaintext = ""
iv = "a3803e752ae849c910d8da36af"
aad = ""

encrypted = encrypt(key, iv, plaintext, aad)

print(f"key: {key}")
print(f"iv: {iv}")
print(f"encrypted: {encrypted}")

print("--------------------------------------")

decrypted = decrypt(
    key,
    aad,
    iv,
    encrypted
)

print(f"decrypted: {decrypted}")
```

Results:
```
key: 54caf96ef6d448734700aadab50faf7a
iv: a3803e752ae849c910d8da36af
encrypted: eba8347baa6d61f87b67c2dd7c6d2053
--------------------------------------
decrypted:
```

Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
2021-09-06 12:09:34 +02:00
Mateusz Starzyk
cd975e4645 Extend CCM corner cases tests.
Add tests for passing incomplete input data in
the first call and too much data in the second call.

Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
2021-09-06 12:09:33 +02:00
Joe Subbiani
e5d6106071 Extend test in translate_ciphers.py
The list was trimmed previously according to code coverage, however
this did not really evalute all test cases, e.g in the case of re.sub
or m_cipher.replace. These lines are executed no matter what, so code
coverage is not suitable.

I have gone through each step in the translate functions and made sure
there is at least one ciphersuite per step

Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>
2021-09-03 13:30:44 +01:00
Joe Subbiani
49d57bcf19 Improve indentation according to pylint
Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>
2021-09-03 13:19:58 +01:00
Joe Subbiani
54110b3b6f Reduce translate_ciphers.py test list
Having a list of every ciphersuite suggests that it should be maintained with
any new ciphersuites that are added in the future. This in turn almost defeats
the purpose of having translation functions to begin with
Instead, the unit test now only test a much smaller subset of ciphersuite names
that exercise each stage in the OpenSSL and GnuTLS translate functions.
In the future, if a new cipersuite is added that requires an extra stage in
translation, then that cipher can be added to the test suite, otherwise it
should not be necessary.

Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>
2021-09-03 13:19:57 +01:00
Joe Subbiani
b0aba9a46e Improve comments to be more accurate
Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>
2021-09-03 13:19:57 +01:00
Joe Subbiani
1d592cba5c Remove NULL-SHA256 specific to OpenSSL
Instead add TLS-RSA-WITH-NULL-SHA256 to list of common ciphersuites.
It therefore has to be removed from GnuTLS as it could then duplicate.

Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>
2021-09-03 13:19:56 +01:00
Joe Subbiani
79f5790370 Remove test_translate_format()
As test_translate_ciphers_format.sh was made as a testing ground before
utilising translate_ciphers.py in compat.sh, once it was translated to
python code - as a unit test, it became redundant.

Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>
2021-09-03 13:19:56 +01:00
Joe Subbiani
a25ffab422 Integrate tests as unit tests into one file
Rather than having the tests seperated into different files, they were integrated
into translate_ciphers.py and can be run from root using:
`python -m unittest tests/scripts/translate_ciphers.py`

test_translate_ciphers_format.sh was originally made as a testing ground before
having the translation tool being implmented into compat.sh. Translating it to
python code makes it redundant and therefore it will be removed.

Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>
2021-09-03 13:19:50 +01:00
Joe Subbiani
f2de374fc1 Remove unused import
Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>
2021-09-03 13:18:55 +01:00
Joe Subbiani
a3d991c3d0 Improve python coding style
Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>
2021-09-03 13:18:55 +01:00
Joe Subbiani
918ee797ce Improve consitancy and useability
test_translate_ciphers_names.py
- Combined m, o and g ciphers all into one a single list of tuples to
  avoid needing to rely on indexes

test_translate_ciphers_format.sh
- Removed redundant test
- Added return errors

compat.sh
- Improved how translate_ciphers.py is called

translate_ciphers.py
- Improve regex and translation to be more intutive and efficient
- change how arguments are taken and handelled to be more reliable

Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>
2021-09-03 13:18:54 +01:00
Joe Subbiani
439a696903 Improve translation error checking
If translate_ciphers.py is used incorrectly in compat.sh, an error
check function - check_translation - is called to evaluate and inform
the user of the error that has occured.

Added an output that informs the users an error has taken place in
translate_ciphers.py incase the error response is an empty string.

Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>
2021-09-03 13:18:54 +01:00
Joe Subbiani
c3610baddf Check exit status of translate_ciphers.py
If a call to translate_ciphers.py from compat.sh returns an exit 1
status, the error message will be echod and the program will exit

Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>
2021-09-03 13:18:54 +01:00
Joe Subbiani
d614c0b197 Include translate ciphers tests in all.sh
To run test_translate_ciphers_names.py and _format.sh in the CI, include
it in all.sh component_check_generate_test_code.

Rename check_generate_test_code to check_test_helpers

Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>
2021-09-03 13:18:50 +01:00
Mateusz Starzyk
3050f054f2 Subtract 1 from input in CCM's incomplete data tests
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
2021-09-03 12:59:44 +02:00
Joe Subbiani
3eac5b9c6d Use zip rather than enumerate
After improving coding style, pylint suggeted using enumerate but
zip is more appropriate to avoid indexing

Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>
2021-09-02 18:53:52 +01:00
Joe Subbiani
a56e10db4c Run test_translate_ciphers_format.sh from root
Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>
2021-09-02 18:53:52 +01:00
Joe Subbiani
f849a93d94 Improve python coding style
As per check-python-files.sh, added string documentation for
files and functions.

Modified for loops to use enumerate rather than range(len(
although as the same iteration index is used for multiple
lists it does not seem quite appropriate

Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>
2021-09-02 18:53:52 +01:00
Joe Subbiani
f3fcc29eb1 Move translate scripts to appropriate folder
"tests/scripts/*.py is executable programs used only for testing"

Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>
2021-09-02 18:53:52 +01:00
Joe Subbiani
4a703cef89 Remove commented out old code
When making a modified function I commented out the previous code
in case I needed to use some of it, and forgot to remove it. This
has now been resolved

Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>
2021-09-02 18:53:52 +01:00
Joe Subbiani
43592bd1f9 Remove trailing whitespaces
Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>
2021-09-02 18:53:52 +01:00
Joe Subbiani
a032963d65 Modify comment descriptions of add_xxx_ciphersuites()
Modify the comments to include the use of the translate function
and retire the explanation of maintaining 2 seperate lists

Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>
2021-09-02 18:53:52 +01:00
Joe Subbiani
6452f1ee35 Modify file name comments to match the file rename
Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>
2021-09-02 18:53:52 +01:00
Joe Subbiani
0fadf8ef7d Improve coding style and consistancy
- Replace uses of mbed and gnu with mbedtls and gnutls respectivley.
 - Uses sys.exit() rather than exit()
 - Rename format() as it is an inbuilt python function
 - Add error information if incorrect arguments are passsed to
   translate_ciphers.py

Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>
2021-09-02 18:53:52 +01:00
Joe Subbiani
34d62620fb Reduce calls to translate_ciphers.py in compat.sh
After every edge case to append which ciphers were being used
a call to translate_ciphers.py was being made.

Now a call to translate_ciphers are made at the end of every
function where ciphersuite names are being added. This occurs
3 times. 1 for MBedTLS, GNUTLS and OpenSSL. 1 for MBedTLS and
OpenSSL and another 1 for MBedTLS and GNUTLS.

Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>
2021-09-02 18:53:52 +01:00
Joe Subbiani
d16d273a40 Compact 2 format functions to 1
In translate_ciphers.py there were 2 format functions that were
virtually identical and a check was made beforehand to decide
which one to call. Now the check is made inside a single function
to reduce duplicate code

Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>
2021-09-02 18:53:52 +01:00
Joe Subbiani
15d7124661 Replace lists with calls to translate_ciphersuite.py
Replace the OpenSSL $O_CIPHERS and GNU $G_CIPHERS declarations
with calls to translate_ciphersuite.py

Declared a new variable for each sublist $CIPHERS which is appended
to MBedTLS $M_CIPHERS and translated+appended to the OpenSSL and GNU
lists.

Fixes #4674

Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>
2021-09-02 18:53:52 +01:00
Joe Subbiani
a16ccac1d9 Format files and add license comment
Changes to pass tests/scripts/check_files.py
-Add missing new line at end of each file
-Remove any trailing whitespaces
-Added file shebang comments

Added license info and purpose of file descriptions. The 2 test_translate...
files may not be stay later down the line, but incase they do become
permanent, it is good to add the appropriate comments now.

Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>
2021-09-02 18:53:51 +01:00
Joe Subbiani
29239b00a6 Move translate scripts to test directory
To be used by compat.sh, the files were moved to the same directory.
The files were also renamed to be distinguishable aside from their
file extensions

Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>
2021-09-02 18:53:51 +01:00
Ronald Cron
13592ca654
Merge pull request #4879 from yuhaoth/pr/upgrade-gnutls-next
Upgrade gnutls next
2021-09-02 16:38:19 +02:00
Mateusz Starzyk
df2507301b Use AES-128 for multipart CCM corner cases tests
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
2021-09-02 12:36:02 +02:00
Jerry Yu
75261df2e3 fix comment issues
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-09-02 17:56:20 +08:00
Jerry Yu
b12d81d1a3 Add feature tests for gnutls-next
Test NO_TICKETS and DISABLE_TLS13_COMPAT_MODE

Change-Id: Idf21b36bd64c7eefe4e0e6fb875b2e06ebb0aa07
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-09-02 17:31:10 +08:00
Jerry Yu
ab46aa0436 Upgrade gnutls-next to 3.7.2
v3.7.2 introduces DISABLE_TLS13_COMPAT_MODE. That can be
used to verify if TLS13 COMPATIBLE is not available.

Change-Id: Id68748e92504835b5a63b2565a618f728e7222f6
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-09-02 17:31:10 +08:00
Gilles Peskine
0bf740ee4f
Merge pull request #4765 from gilles-peskine-arm/all.sh-subshells-3.0
Run all.sh components in a subshell
2021-09-02 10:26:58 +02:00
Paul Elliott
b0450febe6 Tests for sending too much data after set lengths
We previously had tests for not sending enough (additional) data, but
were missing tests for sending too much. I have added these to the state
tests, as I don't think this is complex enough to deserve a standalone
test.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-09-01 15:09:15 +01:00
Paul Elliott
7f62842247 Add test for calling update when nonce not set
Previously only testing calling update_ad in this state.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-09-01 15:09:15 +01:00
Paul Elliott
c6d11d02f5 Aligh update buffer test variables with psa naming
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-09-01 15:09:15 +01:00
Mateusz Starzyk
7251eda6ff Replace BAD_SEQUENCE error with BAD_INPUT
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
2021-09-01 13:26:44 +02:00
Manuel Pégourié-Gonnard
5a8abb144c
Merge pull request #4883 from mstarzyk-mobica/fix_psa_sign_msg
PSA MAC computation with _HASH flag implies _MESSAGE.
2021-09-01 12:23:20 +02:00
Gilles Peskine
6ac8f94a72 Fix cipher info key length sanity checks
Most supported ciphers have a 128-bit, 192-bit or 256-bit keys. List the
exceptions explicitly.

This commit fixes a test failure with the null cipher and an incorrect
comment that omitted several key lengths.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-09-01 08:31:49 +02:00
Gilles Peskine
0be02bd823 Add accessor functions for cipher_info fields
Add functions to read the type, mode, name and key_bitlen fields from
mbedtls_cipher_info_t. These are the fields that applications are most
likely to care about.

TLS code also uses iv_size and block_size, which it might make sense to
expose, but most applications shouldn't need those, so I'm not exposing them
for now.

Call the new functions in unit tests, so they're at least smoke-tested.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-08-31 22:52:41 +02:00
Mateusz Starzyk
1ebcd55afa Extend mac_key_policy test.
Add checks for psa_mac_compute and psa_mac_verify.

Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
2021-08-30 17:11:01 +02:00
Manuel Pégourié-Gonnard
e45ee40f7e
Merge pull request #4811 from hanno-arm/tls13_ciphersuite_api
Add TLS 1.3 ciphersuite and key exchange identifiers and API
2021-08-30 09:47:46 +02:00
Paul Elliott
5e69aa5709 Remove NULL check for set nonce
Also remove tests which would pass NULL to this function.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-08-25 17:40:40 +01:00
Paul Elliott
6f0e72038d Align set nonce variables with psa convention
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-08-25 17:40:40 +01:00
Paul Elliott
f127763ec9 Align generate nonce variables with psa convention
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-08-25 17:40:40 +01:00
Jerry Yu
31c01d303e Rename available values for tls13_kex_modes
Rename `psk_pure` to `psk` and `ephemeral_pure` to `ephemeral`

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-08-25 18:13:53 +08:00
Mateusz Starzyk
cbefb6ba4d Merge branch 'development' into ccm_chunked
Conflicts:
	library/ccm.c

Conflict resolved by re-applying the MBEDTLS_BYTE_0 macro.
Conflict resolved by ignoring the MBEDTLS_PUT_UINT16_BE macro
used in development branch on the 'b' buffer, because the 'b'
buffer is removed in current branch.
2021-08-24 15:14:23 +02:00
Mateusz Starzyk
d07f4fc30f Use separate expected results for MAC sign and verify key policy.
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
2021-08-24 14:16:55 +02:00
Yuto Takano
fc1e9ffcb2 Use Abstract Base Classes to ensure Problem is not instantiated
- Problem() is a parent abstract class that should only be used for
  subclassing.
- With the help of ABC, implement abstract methods that force
  subclasses to implement quiet and verbose outputs.
- The repeated logic of "if self.quiet" is consolidated in Problem.

Signed-off-by: Yuto Takano <yuto.takano@arm.com>
2021-08-23 13:54:56 +01:00
Mateusz Starzyk
cb0a7cd142 Fix mac_key_policy test function
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
2021-08-20 11:34:49 +02:00
Yuto Takano
5f83171999 Fix listing line number wrongly using start char pos
Signed-off-by: Yuto Takano <yuto.takano@arm.com>
2021-08-18 18:03:24 +01:00
Yuto Takano
7143209604 Remove unused imports in list_internal_identifiers.py
Signed-off-by: Yuto Takano <yuto.takano@arm.com>
2021-08-17 12:44:16 +01:00
Yuto Takano
3590691bad Fix issues raised by Pylint 2.4.4 on CI
Locally they were unreported by Pylint 2.9.2.

Signed-off-by: Yuto Takano <yuto.takano@arm.com>
2021-08-17 11:05:43 +01:00
Yuto Takano
4b7d23dfa6 Separate make clean and make lib in check_names
Signed-off-by: Yuto Takano <yuto.takano@arm.com>
2021-08-17 10:48:22 +01:00
Yuto Takano
704b0f77e1 Use .span() for positions, and separate line_no argument in Match
This reverts a previous change where line_no was removed and put into
a triple tuple. It was discovered that re.Match.span() conveniently
returns (start, end), so separating line_no again makes the code cleaner.
The legibility of the code heavily outweighs the issues pointed out by
Pylint (hence disabled).

Signed-off-by: Yuto Takano <yuto.takano@arm.com>
2021-08-17 10:41:23 +01:00
Yuto Takano
b1417b4554 Use Enums for the enum-parsing state machine
Signed-off-by: Yuto Takano <yuto.takano@arm.com>
2021-08-17 10:30:20 +01:00
Yuto Takano
5473be2914 Use a class variable for quiet instead of passing it around
Signed-off-by: Yuto Takano <yuto.takano@arm.com>
2021-08-17 10:14:24 +01:00
Archana
0dc86b5a2a
Remove dependency of builtin keys on storage
The psa_open_key API depends on MBEDTLS_PSA_CRYPTO_STORAGE_C.
This is unnecessary for builtin keys and so is fixed.
Updated an open_fail test vector keeping with the same.

Signed-off-by: Archana <archana.madhavan@silabs.com>
2021-08-17 02:46:00 +05:30
Paul Elliott
66696b5591 Improve nonce length checks
Add the missing nonce length checks (this function is being used by
oneshot functions as well as multipart, and thus all cipher suites are
being used) and cover the case where a NULL buffer gets passed in.
Extended the set nonce test to cover this.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-08-16 18:44:50 +01:00
Yuto Takano
6adb287960 Move duplicated behaviour in get_files to own function
Signed-off-by: Yuto Takano <yuto.takano@arm.com>
2021-08-16 11:38:34 +01:00
Yuto Takano
90bc026913 Exclusively use re.search() to avoid confusion with .match()
Also fix newline being removed when lines were concatenated

Signed-off-by: Yuto Takano <yuto.takano@arm.com>
2021-08-16 11:34:10 +01:00
Yuto Takano
9d9c6dc46e Align the item counts in check_names for ease of reading
Signed-off-by: Yuto Takano <yuto.takano@arm.com>
2021-08-16 10:43:45 +01:00
Yuto Takano
165700c914 Remove unnecessary try/catch in list_internal_identifiers
The try/catch was used to catch Exceptions and exit with code 1,
a legacy from check_names.py which uses the pattern to exit with
code 2. But code 1 is the default for the Python runtime anyway,
so it is redundant and can be removed.

Signed-off-by: Yuto Takano <yuto.takano@arm.com>
2021-08-16 10:39:24 +01:00
Yuto Takano
8246eb8fb6 Fix English typos in comments of check_names and list-identifiers
Signed-off-by: Yuto Takano <yuto.takano@arm.com>
2021-08-16 10:37:24 +01:00
Yuto Takano
fb86ac70f5 Comment Match.__str__ and use format() to simplify calculation
Signed-off-by: Yuto Takano <yuto.takano@arm.com>
2021-08-16 10:32:40 +01:00
Manuel Pégourié-Gonnard
f11724bf2e
Merge pull request #4861 from yuhaoth/pr/add-openssl-gnutls-tls1_3-check
Add openssl/gnutls tls1.3 feature tests.
2021-08-13 09:15:22 +02:00
Manuel Pégourié-Gonnard
4512f21473
Merge pull request #3572 from mpg/add-arm-linux-build
Add arm-linux-gnueabi-gcc build
2021-08-12 13:16:02 +02:00
Hanno Becker
932064d660 Add ssl-opt.sh tests for ssl_client/server TLS 1.3 kex parameters
Those tests are so far only checking that ssl_client2/ssl_server2
recognize the arguments, nothing more.

Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-08-12 06:31:14 +01:00
Hanno Becker
ae336852c5 Add ssl-opt.sh run to TLS 1.3 test in all.sh
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-08-12 06:28:45 +01:00
Dave Rodgman
2aec149e13
Merge pull request #4248 from hanno-arm/tls13_populate_transform
Fix and test compliance of TLS 1.3 record protection
2021-08-11 16:41:51 +01:00
Jerry Yu
0402979ed3 Add openssl/gnutls tls1.3 feature tests.
Add functions and test cases to make sure
tls1.3 is available in openssl/gnutls

Change-Id: I797d15117a8de96614f392e6bb2ed16b6d71ba69
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-08-11 18:09:49 +08:00
Yuto Takano
d73cec1e09 Add newline at end of list-identifiers.sh
Signed-off-by: Yuto Takano <yuto.takano@arm.com>
2021-08-10 15:45:28 +01:00
Yuto Takano
ac72fac465 Put back list-identifiers.sh as a thin wrapper around the python script
Signed-off-by: Yuto Takano <yuto.takano@arm.com>
2021-08-10 15:09:16 +01:00
Mateusz Starzyk
e0f5227550 Add CCM test for calling finish without any input.
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
2021-08-10 14:31:57 +02:00
Mateusz Starzyk
8fb1754e1a Add short description for CCM test functions.
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
2021-08-10 14:00:14 +02:00
Mateusz Starzyk
f442de69eb Add tests for CCM corner cases.
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
2021-08-10 14:00:14 +02:00
Mateusz Starzyk
bccbf88bc3 Rename CCM test functions.
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
2021-08-10 14:00:14 +02:00
Mateusz Starzyk
ceb5bc6150 Fix typos.
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
2021-08-10 13:58:39 +02:00
Mateusz Starzyk
8788906947 Add CCM test for edge cases.
Cover:
- not calling auth data update
- not calling cipher text update
- exceeding configured auth data length
- exceeding configured cipher text length

Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
2021-08-10 13:58:39 +02:00
Mateusz Starzyk
c8bdf36a72 Validate tag pointer in ccm function.
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
2021-08-10 13:58:39 +02:00
Mateusz Starzyk
27a1bef89d Tidy up test functions.
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
2021-08-10 13:56:37 +02:00
Mateusz Starzyk
29ec75b34e Add multipart testing to CCM* tests.
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
2021-08-10 13:56:37 +02:00
Mateusz Starzyk
25a3dfe7dd Add multipart tests for ccm suite.
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
2021-08-10 13:56:37 +02:00
Manuel Pégourié-Gonnard
448c80727d
Merge pull request #4853 from yuhaoth/pr/add-tls13-config-check-and-dummy-handshake
TLS1_3:add tls13 config check and dummy handshake
2021-08-10 12:59:09 +02:00
Yuto Takano
206b022ad0 Fix off-by-one error in string formatting in Python
Signed-off-by: Yuto Takano <yuto.takano@arm.com>
2021-08-10 11:30:43 +01:00
Jerry Yu
b9930e7d70 Add dummy tls1.3 handshake dispatch functions
Base on version config, `handshack_{clinet,server}_step`
will call different step function. TLS1.3 features will
be gradully added base on it.

And a new test cases is added to make sure it reports
`feature is not available`.

Change-Id: I4f0e36cb610f5aa59f97910fb8204bfbf2825949
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-08-10 13:34:32 +08:00
Jerry Yu
b19ccc3998 fix test_suite_debug test fail
Before `mbedtls_ssl_setup`, config functions should
be called. Without it, `mbedtls_ssl_setup` will raise
invalid value error.

Change-Id: I46fdaa5e8eb83d06c620087a9e1e7e14e1c5d9b5
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-08-10 13:34:32 +08:00
Jerry Yu
c46e9b4091 tests: Add negative version config tests.
tls1.3 and tls1.2 can not be enabled at same
time before #4832 resolved.

And the test won't run into `handshake` stage, add
`skip_handshak_check` function to skip it.

Change-Id: I13f3b06b2f33b9c9beb8cac90f5fda41a4ed53f3
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-08-10 13:34:32 +08:00
Yuto Takano
7bfac1d7fe Fix incorrect reference to NameCheck in script docstring
Signed-off-by: Yuto Takano <yuto.takano@arm.com>
2021-08-09 15:49:25 +01:00
Yuto Takano
55c6c87d95 Separate code parsing and name checking in two classes
Signed-off-by: Yuto Takano <yuto.takano@arm.com>
2021-08-09 15:35:19 +01:00
Janos Follath
f8f88d6b00
Merge pull request #4746 from gilles-peskine-arm/bump-version-3.0
Fix release scripts for 3.0
2021-08-09 15:28:28 +01:00
Yuto Takano
50953433a4 Bring back logging of number of files
Signed-off-by: Yuto Takano <yuto.takano@arm.com>
2021-08-09 14:54:36 +01:00
Yuto Takano
8e9a219310 Improve ease of specifying which files to look in (check_names)
- Instead of os.path.join, use glob patterns (supports Windows too)
- Instead of creating the lists beforehand (which adds messiness), pass glob
  expessions to functions and let them memoise it.
- Add support for excluding based on glob patterns, which isn't used now but
  could come in handy.

Signed-off-by: Yuto Takano <yuto.takano@arm.com>
2021-08-09 14:48:53 +01:00
Yuto Takano
f005c3369a Change variable name argparser to parser
Signed-off-by: Yuto Takano <yuto.takano@arm.com>
2021-08-09 13:56:36 +01:00
Yuto Takano
d70d446d69 Improve code style consistency in check_names.py
Signed-off-by: Yuto Takano <yuto.takano@arm.com>
2021-08-09 12:45:51 +01:00
Yuto Takano
68d241211b Create list_internal_identifiers.py
This is the equivalent of `list-identifiers.sh --internal`, which is
useful for generating an exclusion file for ABI/API checking.

Signed-off-by: Yuto Takano <yuto.takano@arm.com>
2021-08-09 12:10:31 +01:00
Yuto Takano
977e07f5c8 Use glob in get_files(), call setup_logger on init
glob is more flexible and simplifies the function arguments drastically.
It is also much more intuitive to extend in the future when the filepaths
need to be extended or changed.

setup_logger had to be called as the first thing after instantiation, so
this commit simplify makes it automatic.

Several clarification comments are added too.

Signed-off-by: Yuto Takano <yuto.takano@arm.com>
2021-08-09 11:56:15 +01:00
Yuto Takano
51efcb143d Rename check-names.py to check_names.py
This is necessary to import check_names from other scripts, which
will inevitably happen in the next few commits to implement the equivalent
of `list-identifiers.sh --internal`.

Signed-off-by: Yuto Takano <yuto.takano@arm.com>
2021-08-09 11:54:12 +01:00
Yuto Takano
6fececf192 Comment why is used
Signed-off-by: Yuto Takano <yuto.takano@arm.com>
2021-08-07 17:28:23 +01:00