This also adds a new task in analyze_outcomes.py for checking
the accelaration coverage against the reference element.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
- rename file name from `early_data.txt` to `tls13_early_data.txt`
- fix typo issue
- remove redundant parameter
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
Coverity flagged this due to the potential leaked memory allocations in
mbedtls_mps_reader_random_usage()
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
These are explicitly PSA tests, so use PSA_WANT.
Was missed by analyze_outcomes.py because those test cases were not
listed properly, which will be fixed by #8088.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
There are some fallback test cases which should rely on builtin
implementations. This commit adjusts them with correct dependencies.
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
Calling mbedtls_cipher_free() on a context that was not initialised
is dangerous, and this could happen if the first test in
check_set_padding() failed.
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
crl_file is a test argument and can't be null. Besides the code above
already assumes that it's non-null.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
- the script now only terminates in case of hard faults
- each task is assigned a log
- this log tracks messages, warning and errors
- when task completes, errors and warnings are listed and
messages are appended to the main log
- on exit the main log is printed and the proper return value
is returned
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
When running a test suite, try to change to the directory containing the
executable. This allows running a test suite from any directory, and still
allow it to access its .datax file as well as data files (generally in
tests/data_files) used by individual test cases.
Only implemented on Unix-like systems and on Windows.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
In the full configuration MBEDTLS_TEST_HOOKS is
enabled thus the configurations in
test_full_cmake_gcc_asan_new_bignum and
test_full_cmake_gcc_asan_new_bignum_test_hooks
are the same. Keep the component that runs more
tests.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
These are build-only components so this was never supported for sure.
Let's stick to what's really tested for now, and expand later (with
proper testing!) if there's demand for more flexibility.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
These were temporaries to avoid unwanted use of low-level modules. Now
that we have test components with those modules fully disabled (replaced
with drivers), we no longer need these tests - which were out of date
too.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
Restore guards from the previous release, instead of the new, more
permissive guards.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
I chose to divide along the lines of Weierstrass vs other curve shapes
(currently just Montgomery), mainly because it's the first thing that
came to mind.
It happened to reveal an issue in the logic for when (deterministic)
ECDSA and ECJPAKE are built-in, which this commit is also fixing.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
By default, we disable ASN1_[PARSE/WRITE]_C in common_tfm_config.
In fact, this is what happens for accelerated p256m driver, which
means all asn1[parse/write] tests are skipped in driver_accel test.
However, those two macros are automatically enabled for built-in
ECDSA via PSA, which means all asn1[parse/write] tests are passed
in tfm_config test.
This commit simply ignores the whole asn1[parse/write] test suite
when analyzing between driver and reference.
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
{} are valid characters in test description, but they're not escaped
properly in python string format(). To resolve the bug of KeyError
when it tries to log test description which contains {}, we replace
{XXX} format with {{XXX}} in order to escape {} in python string
format() properly.
In addition, the calls to Results.log() are also handled to avoid
similar potential problems.
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
In analyze_outcomes.py, if a test case passes in reference_test but
not in driver_test, we log the key by key.format in python.
However, this causes error because of the grammar {} in python
string format. So removing {} to avoid KeyError for
sys.stderr.write((fmt + '\n').format(*args, **kwargs))
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
pk_psa_sign is guarded by MBEDTLS_TEST_PK_PSA_SIGN which is set under:
- The build has PK_[PARSE/WRITE]_C for RSA or ECDSA signature.
- The build has built-in ECC and ECDSA signature.
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
Since we have removed PK_C, PK_[WRITE/PARSE]_C, there is no need to
define PK related configurations again. Therefore we removed them
in common_tfm_config to make a simpler.
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
We have set MBEDTLS_MD_C in tfm_mbedcrypto_config_profile_medium.h
so there is no need to enable it again.
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
When testing the lifecycle of a transient key, it doesn't make much sense to
try psa_open_key: that expects a persistent key and the lookup takes a
different path. The error from psa_open_key is also different depending on
whether MBEDTLS_PSA_CRYPTO_STORAGE_C is enabled.
To check that the key ownership is taken into account, try to access the
same key id with a different owner without expecting that this is a
persistent key. Just call psa_get_key_attributes, which works fine for a
transient key.
This fixes a test failure when MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER is
enabled and MBEDTLS_PSA_CRYPTO_STORAGE_C is disabled.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Separate the fits-in-buffer check (*data_length <= data_size) from the
we-think-it's-a-sensible-size check (*data_length <=
MBEDTLS_X509_MAX_DN_NAME_SIZE).
This requires using an intermediate buffer for the DER data, since its
maximum sensible size has to be larger than the maximum sensible size for
the payload, due to the overhead of the ASN.1 tag+length.
Remove test cases focusing on the DER length since the implementation no
longer has a threshold for it.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Fix the expected output in some test cases.
Add a few more test cases to exercise both a payload length around 256 bytes
and a DER length around 256 bytes, since both are placed in a 256-byte
buffer (value of MBEDTLS_X509_MAX_DN_NAME_SIZE).
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Due to differing validations amongst X.509 library functions, there are
inputs that mbedtls_x509_string_to_names() accepts, but it produces output
that some library functions can't parse. Accept this for now. Do call the
functions, even when we don't care about their return code: we're ok with
returning errors, but not with e.g. a buffer overflow.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
In particular, "X509 String to Names: long hexstring (DER=258 bytes, too long)"
causes a buffer overflow in parse_attribute_value_der_encoded().
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Before this PR, the tests passed without this, but they shouldn't have.
Accelerators need to declare what curves they support, and if no curve
is declared as accelerated, the built-in implementations of algs and key
types need to be enabled.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
Those components were introduced in #7103, resolving #6622: Some PSA
ECC size macros are too small when the largest accelerated curve is
larger than the largest built-in curve.
At that point, it was not possible yet to omit all built-in curves,
so we made these components that had only one (small) curve built-in and
all the others accelerated.
Now that it's possible to disable all ECC built-ins, and we have tests
doing that, we don't need that kind of fiddling any more.
Note: these component disabled RSA in order to make sure max key size
macros were not taken from RSA. We have test components with all of ECC
accelerated and RSA disabled
(component_test_psa_crypto_config_accel_ecc_no_bignum and
component_test_psa_crypto_config_accel_ecc_ffdh_no_bignum), making the
"all curves except one" components really redundant.
Note: removing them was one of the items in #7757.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
Conflicts:
* `include/mbedtls/build_info.h`: a new fragment to auto-enable
`MBEDTLS_CIPHER_PADDING_PKCS7` was added in
c9f4040f7f in `development-restricted`.
In `development`, this section of the file has moved to
`include/mbedtls/config_adjust_legacy_crypto.h`.
* `library/bignum.c`: function name change in `development-restricted` vs
comment change in development. The comment change in `development` is not
really relevant, so just take the line from `development-restricted`.
Components that accelerate an algorithm that uses hashing internally
(such as deterministic ECDSA and RSA-PSS) need the hash algorithms
available in libtestdriver1.
Previously, the omission of SHA-3 in
tests/include/test/drivers/crypto_config_test_driver_extension.h meant
it was enabled in libtestdriver1 when not requesting its acceleration,
and disabled when requesting it. Adding it in a previous commit fixed
the components that asked it accelerated, but broke the component that
didn't ask for it but still needed it.
Fix those components by explicitly requesting SHA-3 as we already do for
the other hash algorithms that are require for the same reason.
Note: this broke test_suite_psa_crypto_storage_format.v0 which is
apparently the only place exercising signatures with SHA-3.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
Switch pkparse to use new mbedtls_pkcs12_pbe_ext function
and deprecate mbedtls_pkcs12_pbe function.
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
Switch pkparse to use new mbedtls_pkcs5_pbes2_ext function
and deprecate mbedtls_pkcs5_pbes2 function.
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
Test mbedtls_ssl_decrypt_buf() with a null cipher (the only type of stream
cipher we support). Test the good case (to make sure the test code
constructs the input correctly), test with an invalid MAC, and test with a
shortened input.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
test_suite_ssl is huge and needs splitting.
Create a new test suite focused on mbedtls_ssl_decrypt_buf(), which is a
complicated function that needs more thorough testing with malformed inputs.
At this point, we are only doing negative testing with CBC-non-ETM test
suites. This needs to grow.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
The official spelling of the trade mark changed from all-lowercase "mbed"
to normal proper noun capitalization "Mbed" a few years ago. We've been
using the new spelling in new text but still have the old spelling in a
lot of text. This commit updates most occurrences of "mbed TLS":
```
sed -i -e 's/mbed TLS/Mbed TLS/g' $(git ls-files ':!ChangeLog' ':!tests/data_files/**' ':!tests/suites/*.data' ':!programs/x509/*' ':!configs/tfm*')
```
Justification for the omissions:
* `ChangeLog`: historical text.
* `test/data_files/**`, `tests/suites/*.data`, `programs/x509/*`: many
occurrences are significant names in certificates and such. Changing
the spelling would invalidate many signatures and tests.
* `configs/tfm*`: this is an imported file. We'll follow the upstream
updates.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Return back to modifying input parameters in pkcs12_parse_pbe_params
to avoid change in behaviour.
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
Move the initialisation of the pkcs7 object to before the first possible
test failure, otherwise failure in those tests could result in an
uninitialised pointer being free'd. Found by coverity.
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
These should be shared between ref and accel, for meaningful coverage
comparison.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
Builds, but 20 test cases failing in test_suite_psa_crypto, to be
addressed in future commits.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
We should run make clean before we build libraries in armc6_build_test.
On the one hand, this makes sure we do have a clean build directory
initially. On the other hand, we can do extra actions after building
the library with armc6_build_test.
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
grep corresponding mbedtls_xxx_setkey_dec and mbedtls_xxx_decrypt
symbols in cipher_only tests to make sure CIPHER_ENCRYPT_ONLY is
enabled as expected.
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
Add new mbedtls_pkcs12_pbe_ext function to replace
old mbedtls_pkcs12_pbe function that have security
issues.
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
In make builds, when GEN_FILES is false (empty), don't try to re-generate
configuration-independent source files, regardless of whether they seem
out of date. This is useful, for example, if you have a source tree where
`make generated_files` has already run and file timestamps reflect the
time the files were copied or extracted, and you are now in an environment
that lacks some of the necessary tools to re-generate the files.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
* Prevent pkcs12_pbe encryption when PKCS7 padding has been
disabled since this not part of the specs.
* Allow decryption when PKCS7 padding is disabled for legacy
reasons, However, invalid padding is not checked.
* Document new behaviour, known limitations and possible
security concerns.
* Add tests to check these scenarios. Test data has been
generated by the below code using OpenSSL as a reference:
#include <openssl/pkcs12.h>
#include <openssl/evp.h>
#include <openssl/des.h>
#include <openssl/asn1.h>
#include "crypto/asn1.h"
#include <string.h>
int main()
{
char pass[] = "\xBB\xBB\xBB\xBB\xBB\xBB\xBB\xBB\xBB";
unsigned char salt[] = "\xCC\xCC\xCC\xCC\xCC\xCC\xCC\xCC\xCC";
unsigned char plaintext[] = "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA";
unsigned char *ciphertext = NULL;
int iter = 10;
X509_ALGOR *alg = X509_ALGOR_new();
int ciphertext_len = 0;
int alg_nid = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;
alg->parameter = ASN1_TYPE_new();
struct asn1_object_st * aobj;
PKCS5_pbe_set0_algor(alg, alg_nid, iter,
salt, sizeof(salt)-1);
aobj = alg->algorithm;
printf("\"30%.2X", 2 + aobj->length + alg->parameter->value.asn1_string->length);
printf("06%.2X", aobj->length);
for (int i = 0; i < aobj->length; i++) {
printf("%.2X", aobj->data[i]);
}
for (int i = 0; i < alg->parameter->value.asn1_string->length; i++) {
printf("%.2X", alg->parameter->value.asn1_string->data[i]);
}
printf("\":\"");
for (int i = 0; i < sizeof(pass)-1; i++) {
printf("%.2X", pass[i] & 0xFF);
}
printf("\":\"");
for (int i = 0; i < sizeof(plaintext)-1; i++) {
printf("%.2X", plaintext[i]);
}
printf("\":");
printf("0");
printf(":\"");
unsigned char * res = PKCS12_pbe_crypt(alg, pass, sizeof(pass)-1, plaintext, sizeof(plaintext)-1, &ciphertext, &ciphertext_len, 1);
if (res == NULL)
printf("Encryption failed!\n");
for (int i = 0; i < ciphertext_len; i++) {
printf("%.2X", res[i]);
}
printf("\"\n");
return 0;
}
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
#