Commit graph

29757 commits

Author SHA1 Message Date
Gilles Peskine
34955677e5 Don't exercise if the algorithm is not supported
Parsing a key and importing it into PSA may result in a policy that
specifies an algorithm that is not included in the build. This happens if
the key type is supported, but not the algorithm, e.g. in a build with
MBEDTLS_ECP_C but not MBEDTLS_ECDSA_C.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-02-12 19:31:55 +01:00
Gilles Peskine
1d33876d37 Fix some preprocessor guards
Fix the build in some configurations.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-02-12 19:07:45 +01:00
Gilles Peskine
74860ddec2 Don't define pk_sign_verify in configurations where it's unused
In some configurations (e.g. ECDH but no ECDSA or RSA), the PK module is
useful but cannot perform any signatures. Then modern GCC complains:

```
../source/tests/suites/test_suite_pk.function: In function ‘test_pk_sign_verify’:
../source/tests/suites/test_suite_pk.function:1136:12: error: array subscript 0 is outside array bounds of ‘unsigned char[0]’ [-Werror=array-bounds]
../source/tests/suites/test_suite_pk.function:1094:19: note: while referencing sig’
…
```

This fixes test-ref-configs.pl with a modern GCC (specifically with
config-thread.h).

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-02-12 19:07:45 +01:00
Gilles Peskine
35cb319832 depends.py: set unique configuration names in outcome file
Set unique configuration names in the outcome file. This was lost in the
rewrite from depends-*.pl to depends.py.

Fix #7290

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-02-12 17:32:44 +01:00
Gilles Peskine
157679c0d5 mbedtls_pk_import_into_psa: positive tests with pkparse output
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-02-12 17:32:44 +01:00
Gilles Peskine
10e9c412c0 mbedtls_pk_import_into_psa: negative tests for different ECC curve
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-02-12 17:32:44 +01:00
Gilles Peskine
fc3d866ad2 mbedtls_pk_import_into_psa: implement and test
Implement mbedtls_pk_import_into_psa for all PK types except RSA_ALT.
This covers importing a key pair, importing a public key and importing
the public part of a key pair.

Test mbedtls_pk_import_into_psa() with the output of
mbedtls_pk_get_psa_attributes(). Also unit-test mbedtls_pk_import_into_psa()
on its own to get extra coverage, mostly for negative cases.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-02-12 17:32:44 +01:00
Gilles Peskine
fdb809ef86 exercise_key: fix asymmetric encrypt/decrypt with >2028-bit RSA
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-02-12 17:31:03 +01:00
Gilles Peskine
4781bd9773 exercise_key: allow SIGN_MESSAGE/VERIFY_MESSAGE with PSA_ALG_ANY_HASH
There was already code to instantiate the wildcard for sign/verify-hash.
Make that work with sign/verify-message as well.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-02-12 17:30:27 +01:00
Gilles Peskine
069cec1737 Also check the RSA length for public keys
Do for public keys what
"Fix mbedtls_pk_get_bitlen() for RSA with non-byte-aligned sizes"
did for key pairs.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-02-12 16:59:17 +01:00
Gilles Peskine
59d09486dc Cosmetic fix
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-02-12 16:58:39 +01:00
Ryan Everett
91ce792253 Fix return code error when locking mutex
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
2024-02-12 12:17:28 +00:00
Gilles Peskine
34a074af37 Add missing dependency on PEM
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-02-12 11:24:10 +01:00
Gilles Peskine
92fb604139 Fix mbedtls_pk_get_bitlen() for RSA with non-byte-aligned sizes
Add non-regression tests. Update some test functions to not assume that
byte_length == bit_length / 8.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-02-12 11:24:08 +01:00
Gilles Peskine
19f1adfc69 New function mbedtls_rsa_get_bitlen()
Document, implement and test mbedtls_rsa_get_bitlen().

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-02-12 11:23:05 +01:00
Ryan Everett
e02b63ac89
Merge branch 'Mbed-TLS:development' into threadsafe-key-locking 2024-02-12 10:04:07 +00:00
Janos Follath
f741db3d6e
Merge pull request #8764 from Ryan-Everett-arm/threadsafe-key-wiping
Make key destruction thread safe
2024-02-12 09:37:59 +00:00
PiotrBzdrega
f6a9cfa5d2 adjust indentation
Signed-off-by: PiotrBzdrega <piotrbzdrega@yandex.com>
2024-02-11 09:41:56 +01:00
PiotrBzdrega
2b20ff62fc move entropy init prior arguments number recognition
Signed-off-by: PiotrBzdrega <piotrbzdrega@yandex.com>
2024-02-11 02:15:03 +01:00
Manuel Pégourié-Gonnard
c3d17cde46
Merge pull request #8702 from minosgalanakis/update/dhm_context_in_programs_5015
[MBEDTLS_PRIVATE] Update dhm context in programs
2024-02-10 08:47:51 +00:00
Manuel Pégourié-Gonnard
2e2af414d0
Merge pull request #7604 from zvolin/feature/pkcs5-aes
Add AES encrypted keys support for PKCS5 PBES2
2024-02-10 08:46:18 +00:00
Paul Elliott
53ddf420c8
Merge pull request #8689 from paul-elliott-arm/make_tests_thread_safe
Make test data thread safe
2024-02-09 19:43:09 +00:00
Gilles Peskine
05ee3fbdc0 mbedtls_pk_import_into_psa: documentation
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-02-09 19:31:04 +01:00
Gilles Peskine
48b87ebde3 Choose a curve for tests at compile time
This makes it possible to use the curve in test data.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-02-09 19:31:04 +01:00
Valerio Setti
4ade8ee5b9 test_suite_pem: more tests for ASN.1 parsing after decoding
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-02-09 17:44:07 +01:00
Matthias Schulz
a6ac0f1330 Replaced MBEDTLS_GCM_LARGETABLE by MBEDTLS_GCM_LARGE_TABLE. Removed empty comment line in doc block.
Signed-off-by: Matthias Schulz <mschulz@hilscher.com>
2024-02-09 17:11:54 +01:00
Paul Elliott
5d2bcc63cd Fix typo / improve documentation for test step fns
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2024-02-09 14:41:24 +00:00
Paul Elliott
54ad01efed Merge remote-tracking branch 'upstream/development' into make_tests_thread_safe 2024-02-09 14:33:58 +00:00
Ryan Everett
9dc076b4f4 Fix issue with lock failures returning CORRUPTION_DETECTED
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
2024-02-09 14:20:09 +00:00
Ryan Everett
7fee4f7318 Fix mutex unlock error handling in psa_destroy_key
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
2024-02-09 14:11:27 +00:00
Ryan Everett
67f3568895 Reduce analyze_block_cipher_dispatch exceptions
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
2024-02-09 13:02:23 +00:00
Matthias Schulz
10902c5640
Use NULL for pointer initialization
Co-authored-by: Dave Rodgman <dave.rodgman@arm.com>
Signed-off-by: Matthias Schulz <140500342+mschulz-at-hilscher@users.noreply.github.com>
2024-02-09 11:14:50 +01:00
Matthias Schulz
cdf9894e60
Ajdusted change log.
Co-authored-by: Dave Rodgman <dave.rodgman@arm.com>
Signed-off-by: Matthias Schulz <140500342+mschulz-at-hilscher@users.noreply.github.com>
2024-02-09 11:11:38 +01:00
Ronald Cron
a93e25e749 tls12: Fix documentation of TLS 1.2 session serialized data
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-02-09 10:01:30 +01:00
Ronald Cron
7b0ac0b980 Add change log for mbedtls_ssl_session_get_ticket_creation_time()
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-02-09 09:50:18 +01:00
Ronald Cron
c7fa82ee33 tests: ssl: Improve test parameter sanity check
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-02-09 09:33:09 +01:00
Ronald Cron
7fdee8b710 ssl_session: Reorder some fields to reduce padding
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-02-09 09:26:12 +01:00
Valerio Setti
010d23f9af test_suite_[pkparse|x509parse]: fix return values of some PEM related error tests
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-02-09 06:42:18 +01:00
Valerio Setti
2653e92a57 pem: fix valid data length returned by mbedtls_pem_read_buffer()
ctx->buflen now returns the amount of valid data in ctx->buf.
Unencrypted buffers were already ok, but encrypted ones were
used to return the length of the encrypted buffer, not the
unencrypted one.
This commit fix this behavior for encrypted buffers.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-02-09 06:42:18 +01:00
Valerio Setti
b1f6d2ad6f asn1: enable mbedtls_asn1_get_tag() when PEM_PARSE_C is defined
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-02-09 06:42:18 +01:00
Valerio Setti
9de84bd677 rsa: reject buffers with data outside main SEQUENCE when parsing keys
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-02-09 06:42:18 +01:00
Manuel Pégourié-Gonnard
ac60afc2d2 Remove useless overly strong dependency
ECJPAKE_C only needs MD_LIGHT and it allready auto-enables it in
config_adjust_legacy_crypto.h, so nothing to check here.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2024-02-08 23:46:55 +01:00
Matthias Schulz
4a9610bffe Remove comments referencing private defines.
Signed-off-by: Matthias Schulz <mschulz@hilscher.com>
2024-02-08 18:39:17 +01:00
Matthias Schulz
0e690d3c0b Add changelog.
Signed-off-by: Matthias Schulz <mschulz@hilscher.com>
2024-02-08 18:37:20 +01:00
Matthias Schulz
f3116341e2
spelling
Co-authored-by: Dave Rodgman <dave.rodgman@arm.com>
Signed-off-by: Matthias Schulz <140500342+mschulz-at-hilscher@users.noreply.github.com>
2024-02-08 18:35:36 +01:00
Ryan Everett
75e65fe24b Reformat AES encryption test data in pkcs5 tests
The added comma is needed so that these tests match the regex exceptions
in analyze_outcomes.py.
Moved the Encryption tests so that they are separate to decryption.

Signed-off-by: Ryan Everett <ryan.everett@arm.com>
2024-02-08 15:44:43 +00:00
Ryan Everett
afb2eee263 Add PKCS5/12 exceptions to analyze_block_cipher_dispatch
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
2024-02-08 14:31:54 +00:00
Ryan Everett
791fc2e24c Merge remote-tracking branch 'upstream/development' into pkcs5_aes_new
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
2024-02-08 14:26:29 +00:00
Matthias Schulz
782667883a Fix:
- Remove unnecessary tests.
- Update description of MBEDTLS_GCM_LARGETABLE parameter.
- Move acceleration defines from gcm.h to gcm.c.
- Remove unnecessary zero setting after shift.
- Fix implementation for big-endian architectures.

Signed-off-by: Matthias Schulz <mschulz@hilscher.com>
2024-02-08 13:59:15 +01:00
Janos Follath
7a28738205
Merge pull request #8636 from paul-elliott-arm/new_test_thread_interface
New test thread interface
2024-02-08 12:35:40 +00:00