Commit graph

6610 commits

Author SHA1 Message Date
Ronald Cron
25b1f5d2b7
Merge pull request #5545 from xffbai/tls13-write-enc-ext
TLS1.3: add writing encrypted extensions on server side.
2022-05-06 13:54:45 +02:00
Werner Lewis
e59a531455 Fix memcpy() UB in mbedtls_asn1_named_data()
Removes a case in mbedtls_asn1_named_data() where memcpy() could be
called with a null pointer and zero length. A test case is added for
this code path, to catch the undefined behavior when running tests with
UBSan.

Signed-off-by: Werner Lewis <werner.lewis@arm.com>
2022-05-04 11:45:06 +01:00
Jerry Yu
7c0da07445 Update state check
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-05-03 15:08:54 +08:00
Manuel Pégourié-Gonnard
068a13d909
Merge pull request #5771 from superna9999/5761-rsa-decrypt-rework-pk-wrap-as-opaque
RSA decrypt 0: Rework `mbedtls_pk_wrap_as_opaque()`
2022-05-02 09:06:49 +02:00
Manuel Pégourié-Gonnard
67397fa4fd
Merge pull request #5704 from mprse/mixed_psk_2cx
Mixed PSK 2a, 2b, 2c: enable client/server support opaque RSA-PSK, ECDHE-PSK, DHE-PSK
2022-04-29 10:47:16 +02:00
Gilles Peskine
310294f06a
Merge pull request #5759 from tom-daubney-arm/correct_x509_flag_parse_tests
Set flag to proper value in x509 parse tests
2022-04-28 18:27:36 +02:00
Gilles Peskine
2b5d898eb4
Merge pull request #5644 from gilles-peskine-arm/psa-storage-format-test-exercise
PSA storage format: exercise key
2022-04-28 18:20:02 +02:00
Gilles Peskine
038108388a
Merge pull request #5654 from gilles-peskine-arm/psa-crypto-config-file
Support alternative MBEDTLS_PSA_CRYPTO_CONFIG_FILE
2022-04-28 18:17:50 +02:00
Gilles Peskine
4098083ed4
Merge pull request #5745 from superna9999/5712-pk-opaque-rsa-pss-sign-tls
RSA-PSS sign 2: TLS 1.3 integration testing
2022-04-28 18:16:44 +02:00
Neil Armstrong
95974974d2 Update mbedtls_pk_wrap_as_opaque() usage in PK & X509write tests
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-04-28 13:27:59 +02:00
Manuel Pégourié-Gonnard
ad47487e25
Merge pull request #5742 from superna9999/5669-review-test-incompatible-psa
Fixup or re-enable tests with Use PSA
2022-04-28 09:57:13 +02:00
Neil Armstrong
98136b14e0 Fixup and update comment of disabled USE_PSA_CRYPTO test check in all.sh
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-04-27 10:00:42 +02:00
Neil Armstrong
1c9eb722fd Update PSA specific comment in pk_rsa_verify_ext_test_vec()
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-04-25 14:38:18 +02:00
Jerry Yu
cef55dbd6a ssl-opt: add state check
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-04-25 19:41:47 +08:00
Ronald Cron
eecd0d2fc3
Merge pull request #5679 from yuhaoth/pr/add-tls13-write-server-hello 2022-04-25 09:28:40 +02:00
Ronald Cron
a828f4d89c
Merge pull request #5684 from tom-daubney-arm/M-AEAD_decrypt_driver_dispatch_test
M aead decrypt driver dispatch test
The internal CI "merge TLS testing" ran successfully, CI is OK.
2022-04-23 12:10:21 +02:00
Neil Armstrong
882e02ea7a Move and fixup check_test_requires_psa_disabled() into check_test_cases()
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-04-22 16:53:07 +02:00
Neil Armstrong
6e6967f6a0 Reorganize PSA INVALID_PADDING handling for test #5 in pk_rsa_verify_ext_test_vec()
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-04-22 16:46:24 +02:00
Gilles Peskine
eef30bcea1
Merge pull request #5755 from mpg/ecdsa-range-test
Expand negative coverage of ECDSA verification
2022-04-22 16:43:44 +02:00
Jerry Yu
955ddd75a3 fix various issues
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-04-22 22:27:33 +08:00
Przemek Stekiel
85d46fe6cf ssl-opt.sh: add tests for clent/server psa opaque dhe-psk key exchange
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-04-22 14:54:33 +02:00
Przemek Stekiel
b6a0503dda ssl-opt.sh: add tests for clent/server psa opaque ecdhe-psk key exchange
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-04-22 14:53:55 +02:00
Przemek Stekiel
b270b56372 ssl-opt.sh: add tests for server psa opaque rsa-psk key exchange
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-04-22 14:52:28 +02:00
Przemek Stekiel
8e0495e0f4 ssl-opt.sh: add tests for client psa opaque rsa-psk key exchange
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-04-22 14:52:28 +02:00
Manuel Pégourié-Gonnard
60d83f0126
Merge pull request #5710 from superna9999/5627-pk-opaque-rsa-x509
RSA sign 3a: X.509 integration testing
2022-04-22 14:29:23 +02:00
Thomas Daubney
7d063f6467 Adds comments for clarification
Adds two comments to clarify 1) why an offset is used
in the call to psa_aead_verify() and 2) why the test of
.hits_finish is always 0 in this test case.

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
2022-04-22 11:36:07 +01:00
Jerry Yu
8b9fd374b8 Add P_CLI test to easy debug
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-04-22 16:45:01 +08:00
Jerry Yu
abf20c7564 add state check
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-04-22 16:45:01 +08:00
Ronald Cron
38b8aa4f63
Merge pull request #5539 from xkqian/add_client_hello_to_server
Add client hello into server side
2022-04-22 10:26:00 +02:00
Neil Armstrong
7f6f672d7e Add Opaque PK test case for TLS 1.3
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-04-22 10:23:10 +02:00
Manuel Pégourié-Gonnard
21f82c7510
Merge pull request #5709 from superna9999/5625-pk-opaque-rsa-tls12
RSA sign 3b: TLS 1.2 integration testing
2022-04-22 10:05:43 +02:00
Neil Armstrong
e6ed23cb90 Fix typo in x509_crt_check() comment
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-04-22 09:44:04 +02:00
XiaokangQian
e8ff350698 Update code to align with tls13 coding standard
Change-Id: I3c98b7d0db63aecc712a67f4e8da2cb9945c8f17
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-04-22 02:34:40 +00:00
Manuel Pégourié-Gonnard
70701e39b5
Merge pull request #5726 from mprse/mixed_psk_1_v2
Mixed PSK 1: Extend PSK-to-MS algorithm in PSA (v.2)
2022-04-21 17:11:52 +02:00
Manuel Pégourié-Gonnard
90c70146b5
Merge pull request #5728 from superna9999/5711-pk-opaque-rsa-pss-sign
RSA-PSS sign 1: PK
2022-04-21 17:11:18 +02:00
Gilles Peskine
9d8716c5aa
Merge pull request #5739 from gilles-peskine-arm/depends-curves-positive-only
Don't test with all-but-one elliptic curves
2022-04-21 12:34:44 +02:00
Neil Armstrong
843795ad2f Use macro for public key buffer size in pk_psa_wrap_sign_ext()
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-04-21 12:23:28 +02:00
Gilles Peskine
afbfed9397
Merge pull request #5582 from gilles-peskine-arm/ssl-opt-auto-psk
Run ssl-opt.sh in more reduced configurations
2022-04-21 12:03:53 +02:00
Przemek Stekiel
4e47a91d2e Fix indentation issues
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-04-21 11:53:57 +02:00
Przemek Stekiel
4daaa2bd05 derive_output mix-psk test: add more cases for derivation of output key
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-04-21 11:53:57 +02:00
Przemek Stekiel
6aabc473ce derive_output test: remove redundant tests with raw key agreement
Already handled by input_bytes().
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-04-21 11:53:57 +02:00
Przemek Stekiel
e665466a80 derive_output test: add other key type value 11 to handle raw key type
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-04-21 11:53:57 +02:00
Przemek Stekiel
c5bd1b8b24 PSA key derivation mix-psk tests: add description for bad state cases
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-04-21 11:53:57 +02:00
Przemek Stekiel
38647defa8 derive_output() test: fix code style
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-04-21 11:53:57 +02:00
Przemek Stekiel
cd00d7f724 test PSA key derivation: add positive and negative cases for mixed-psk
Mix-PSK-to-MS test vectors are generated using python-tls library:
https://github.com/python-tls/tls

Steps to generate test vectors:
1. git clone git@github.com:python-tls/tls.git
2. cd tls
3. python3 setup.py build
4. sudo python3 setup.py install
5. Use the python script below to generate Master Secret (see description for details):

"""
Script to derive MS using mixed PSK to MS algorithm.

Script can be used to generate expected result for mixed PSK to MS tests.

Script uses python tls library:
https://github.com/python-tls/tls

Example usage:
derive_ms.py <secret> <other_secret> <seed> <label> <hash>
derive_ms.py 01020304 ce2fa604b6a3e08fc42eda74ab647adace1168b199ed178dbaae12521d68271d7df56eb56c55878034cf01bd887ba4d7 5bc0b19b4a8b24b07afe7ec65c471e94a7d518fcef06c3574315255c52afe21b5bc0b19b872b9b26508458f03603744d575f463a11ae7f1b090c012606fd3e9f 6d617374657220736563726574 SHA256

secret          : 01020304
other_secret    : ce2fa604b6a3e08fc42eda74ab647adace1168b199ed178dbaae12521d68271d7df56eb56c55878034cf01bd887ba4d7
pms             : 0030ce2fa604b6a3e08fc42eda74ab647adace1168b199ed178dbaae12521d68271d7df56eb56c55878034cf01bd887ba4d7000401020304
seed            : 5bc0b19b4a8b24b07afe7ec65c471e94a7d518fcef06c3574315255c52afe21b5bc0b19b872b9b26508458f03603744d575f463a11ae7f1b090c012606fd3e9f
label           : 6d617374657220736563726574
output          : 168fecea35190f9df34c042f24ecaa5e7825337f2cd82719464df5462f16aae84cb38a65c0d612ca9273f998ad32c05b
"""
from cryptography.hazmat.primitives import hashes
from tls._common.prf import prf
import os
import sys

def build_pms(other_secret: bytes, secret: bytes) -> bytes:
    other_secret_size = len(other_secret).to_bytes(2, byteorder='big')
    secret_size = len(secret).to_bytes(2, byteorder='big')
    return(other_secret_size + other_secret + secret_size + secret)

def derive_ms(secret: bytes, other_secret: bytes, seed: bytes, label: bytes, hash: hashes.HashAlgorithm) -> bytes:
    return prf(build_pms(other_secret, secret), label, seed, hash, 48)

def main():
    #check args
    if len(sys.argv) != 6:
        print("Invalid number of arguments. Expected: <secret> <other_secret> <seed> <label> <hash>" )
        return
    if sys.argv[5] != 'SHA384' and sys.argv[5] != 'SHA256':
        print("Invalid hash algorithm. Expected: SHA256 or SHA384" )
        return

    secret = bytes.fromhex(sys.argv[1])
    other_secret = bytes.fromhex(sys.argv[2])
    seed = bytes.fromhex(sys.argv[3])
    label = bytes.fromhex(sys.argv[4])
    hash_func = hashes.SHA384() if sys.argv[5] == 'SHA384' else hashes.SHA256()
    pms = build_pms(other_secret, secret)

    actual_output = derive_ms(secret, other_secret, seed, label, hash_func)

    print('secret       : ' + secret.hex())
    print('other_secret : ' + other_secret.hex())
    print('pms          : ' + pms.hex())
    print('seed         : ' + seed.hex())
    print('label        : ' + label.hex())
    print('output       : ' + actual_output.hex())

if __name__ == "__main__":
    main()

Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-04-21 11:41:41 +02:00
Gilles Peskine
b29d814169 Use MAX_SIZE macros instead of hard-coding IV/nonce max size
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-21 11:33:17 +02:00
Gilles Peskine
5eef11af2c Remove redundant initialization of iv_length
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-21 11:33:11 +02:00
Gilles Peskine
286c314ae3 cipher_alg_without_iv: also test multipart decryption
For multipart encrpytion, call psa_cipher_finish(). This is not actually
necessary for non-pathological implementations of ECB (the only currently
supported IV-less cipher algorithm) because it requires the input to be a
whole number of blocks and non-pathological implementations emit the output
block from update() as soon as an input block is available. But in principle
a driver could delay output and thus require a call to finish().

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-21 11:27:17 +02:00
Gilles Peskine
9e38f2c8fd cipher_alg_without_iv: generalized to also do decryption
Test set_iv/generate_iv after decrypt_setup. Test successful decryption.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-21 11:25:00 +02:00
Gilles Peskine
9b9b614a02 cipher_encrypt_alg_without_iv: validate size macros independently
Validate the size macros directly from the output length in the test data,
rather than using the value returned by the library. This is equivalent
since the value returned by the library is checked to be identical.

Enforce that SIZE() <= MAX_SIZE(), in addition to length <= SIZE(). This is
stronger than the previous code which merely enforced length <= SIZE() and
length <= MAX_SIZE().

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-21 11:24:48 +02:00