Commit graph

10460 commits

Author SHA1 Message Date
Valerio Setti
954ef4bbd5 psa_util: improve convert_raw_to_der_single_int()
Allow the function to support DER buffers than what it is nominally
required by the provided coordinates. In other words let's ignore
padding zeros in the raw number.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-02-05 12:06:46 +01:00
Valerio Setti
315e4afc0a psa_util: change parameters order in ECDSA conversion functions
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-02-05 10:09:15 +01:00
Valerio Setti
c9dd8611f8 test_suite_psa_crypto_util: add missing new line at the end of file
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-02-02 12:34:06 +01:00
Valerio Setti
3ecb395fb9 test_suite_psa_crypto_util: fix tests for 0-length and one 0x00 byte for r and s
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-02-01 15:26:24 +01:00
Valerio Setti
efcc555002 test_suite_psa_crypto_util: add test with 0-length s
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-01-31 11:15:37 +01:00
Valerio Setti
252311d41e test_suite_psa_crypto_util: add test with 0-length for r
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-01-30 15:50:28 +01:00
Valerio Setti
98e1931a0a test_suite_psa_crypto_util: alloc/free buffer inside loop in ecdsa_raw_to_der_incremental()
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-01-30 15:46:02 +01:00
Valerio Setti
7a795fd951 suite_psa_crypto_util: add more test cases for DER->RAW
- r with MSb set
- Invalid r (only 1 zero byte)

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-01-29 18:08:42 +01:00
Valerio Setti
ee5238fcf4 suite_psa_crypto_util: add more testing for mbedtls_ecdsa_raw_to_der()
A new test function is added, ecdsa_raw_to_der_incremental, that tests
incremental output DER buffer sizes checking that only the correct one
(tested at last) works correctly.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-01-29 17:45:18 +01:00
Valerio Setti
9b9b5a52d9 psa_util: some code improvement to convert_der_to_raw_single_int()
This commit also fixes test_suite_psa_crypto_util.data due to the
change in one of the return values.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-01-29 17:25:19 +01:00
Valerio Setti
f8ce457fb6 all.sh: fix comment in check_test_dependencies()
MBEDTLS_ASN1_WRITE_C is no more required for ECDSA conversion
functions.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-01-26 14:55:14 +01:00
Valerio Setti
448377bec7 all.sh: remove MBEDTLS_ASN1_PARSE_C exception from check_test_dependencies()
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-01-24 16:26:35 +01:00
Valerio Setti
688f795cb3 asn1: use the new symbol to guard dependencies of ECDSA conversion functions
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-01-24 16:26:35 +01:00
Valerio Setti
f4d2dc2d77 psa_util: guard ECDSA conversion functions with proper (internal) symbol
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-01-24 16:26:35 +01:00
Valerio Setti
17105df3e7 test_suite_psa_crypto_util: add comments to 512/521 bit size test cases
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-01-24 16:26:35 +01:00
Valerio Setti
31657ed70c test_suite_psa_crypto_util: change curve type for 256bits tests
Tests with 256 bits curve simply depends on any curve of that size,
but they don't really care about which family is enabled.

Here I replaced PSA_WANT_ECC_SECP_R1_256 with PSA_WANT_ECC_SECP_K1_256
because otherwise there were test disparities in the
"analyze_driver_vs_reference_tfm_config" component of
"analyze_outcomes.py". It looked simpler to change the curve type
in the test suite's data rather than adding proper exceptions
in "analyze_outcomes.py"

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-01-24 16:26:35 +01:00
Valerio Setti
3ccb2b5423 all.sh: add exception for ASN1_PARSE_C in check_test_dependencies
There is no PSA equivalent to ASN1 legacy symbols.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-01-24 16:26:35 +01:00
Valerio Setti
3f0809a99d test_suite_psa_crypto_util: split ECDSA test function in two
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-01-24 16:26:35 +01:00
Valerio Setti
c22e3ce8ef psa_util: remove CRYPTO_C guard from ECDSA conversion functions
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-01-24 16:26:31 +01:00
Valerio Setti
99c0369d31 psa_util: add include asn1write.h in public header
This is mandatory to have support for the error codes defined
in the asn1write.h header file.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-01-24 16:14:37 +01:00
Valerio Setti
bda440f82d test_suite_psa_crypto_util: increase the size of tested integers
- Replace 192 case with 256
- Replace 256 case with 512
- Add 521 case

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-01-24 16:14:37 +01:00
Valerio Setti
aed21640bd test_suite_psa_crypto_util: add test function and data for ECDSA conversion functions
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-01-24 16:14:37 +01:00
Manuel Pégourié-Gonnard
34c6e8a770
Merge pull request #8700 from valeriosetti/issue8461
psa_asymmetric_encrypt() doesn't work with opaque driver
2024-01-22 08:43:08 +00:00
Gilles Peskine
4d4891e18a
Merge pull request #8666 from valeriosetti/issue8340
Export the mbedtls_md_psa_alg_from_type function
2024-01-18 13:58:55 +00:00
Gilles Peskine
b1f96c0354
Merge pull request #7815 from gilles-peskine-arm/ecp-export-partial
ECP keypair utility functions
2024-01-18 10:29:05 +00:00
Gilles Peskine
c9077cccd3
Merge pull request #8664 from valeriosetti/issue7764
Conversion function from ecp group to PSA curve
2024-01-18 10:28:55 +00:00
Valerio Setti
4f34b155f5 test_driver_key_management: keep mbedtls_test_opaque_wrap_key() private
Only mbedtls_test_opaque_unwrap_key() is actually needed by other
test drivers to deal with opaque keys. mbedtls_test_opaque_wrap_key()
can be kept private to test_driver_key_management.c.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-01-18 08:44:13 +01:00
Dave Rodgman
9039ba572b Fix test dependencies
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2024-01-16 18:38:55 +00:00
Dave Rodgman
b7778b2388 Fix ASAN error in test
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2024-01-16 16:27:34 +00:00
Dave Rodgman
24ad1b59e8 Add NIST AES-CTR test vectors
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2024-01-16 13:24:45 +00:00
Dave Rodgman
4cc6fb9039 add test for multipart AES-CTR
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2024-01-16 13:24:45 +00:00
Valerio Setti
4860a6c7ac test_suite_psa_crypto: revert known failing checks for [en|de]cryption with opaque keys
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-01-15 16:30:12 +01:00
Valerio Setti
62b6f10f64 test_driver_asymmetric_encryption: implement opaque [en/de]cryption functions
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-01-15 16:30:07 +01:00
Valerio Setti
66a827fc83 test_driver_key_management: make opaque [un]wrapping functions public
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-01-15 15:00:52 +01:00
Dave Rodgman
ae730348e9 Add tests for mbedtls_ctr_increment_counter
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2024-01-15 11:45:01 +00:00
Valerio Setti
f202c2968b test_suite_psa_crypto: test asymmetric encryption/decryption also with opaque keys
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-01-15 10:42:37 +01:00
Tom Cosgrove
f1ba1933cf
Merge pull request #8526 from yanrayw/issue/7011/send_record_size_limit_ext
TLS1.3: SRV/CLI: add support for sending Record Size Limit extension
2024-01-12 13:39:15 +00:00
Waleed Elmelegy
4b09dcd19c Change renegotiation test to use G_NEXT_SRV
Change renegotiation test to use G_NEXT_SRV
to avoid problems when sending TLS 1.3
extensions since we exceed the extension
limit in G_SRV.

Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
2024-01-12 10:50:25 +00:00
Paul Elliott
3519cfb3d8
Merge pull request #8639 from bensze01/release_components
Set OpenSSL/GnuTLS variables when running release components
2024-01-11 15:38:35 +00:00
Ronald Cron
7c14afcaaa
Merge pull request #8595 from yanrayw/issue/8593/srv-CH-fix-version-check
TLS1.3: SRV: check `min_tls_version` when parsing ClientHello
2024-01-11 13:34:09 +00:00
Waleed Elmelegy
e83be5f639 Change renegotiation tests to work with TLS 1.2 only
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
2024-01-10 23:39:54 +00:00
Paul Elliott
f149cd1a3a
Merge pull request #8688 from jwinzig-at-hilscher/development
Fix bug in mbedtls_x509_set_extension
2024-01-10 16:57:16 +00:00
Waleed Elmelegy
1487760b55 Change order of checking of record size limit client tests
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
2024-01-10 16:17:28 +00:00
Waleed Elmelegy
a3bfdea82b Revert "Make sure record size limit is not configured without TLS 1.3"
This reverts commit 52cac7a3e6782bbf46a76158c9034afad53981a7.

Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
2024-01-10 16:17:28 +00:00
Waleed Elmelegy
7ae74b74cc Make sure record size limit is not configured without TLS 1.3
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
2024-01-10 16:17:28 +00:00
Waleed Elmelegy
e840263f76 Move record size limit testing to tls13 component
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
2024-01-10 16:17:28 +00:00
Waleed Elmelegy
2fa99b2ddd Add tests for client complying with record size limit
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
2024-01-10 16:17:28 +00:00
Waleed Elmelegy
f501790ff2 Improve comments across record size limit changes
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
2024-01-10 16:17:28 +00:00
Waleed Elmelegy
9457e67afd update record size limit tests to be more consistent
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
2024-01-10 16:17:28 +00:00
Waleed Elmelegy
3a37756496 Improve record size limit tests
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
2024-01-10 16:17:28 +00:00