We had a message in the data file, and were computing its hash in the
test function. It is more efficient (and simpler when it comes to
dependencies) to directly have the message hash in the data file.
It was probably this way because some test vectors provide the message
for the sake of all-in-one implementation that hash-and-sign at once.
But our API gets a hash as the input and signs it. In unit tests, this
should be reflected in the signature of the test function, which should
take a hash as input.
The changes to the .data file were done using the following python
script:
import hashlib
suite = 'pkcs1_v21'
functions = {
'pkcs1_rsassa_pss_sign': (6, 8),
'pkcs1_rsassa_pss_verify': (4, 6),
'pkcs1_rsassa_pss_verify_ext': (4, 8),
}
def hash_ctx(s):
if s == 'MBEDTLS_MD_MD5':
return hashlib.md5()
if s == 'MBEDTLS_MD_SHA1':
return hashlib.sha1()
if s == 'MBEDTLS_MD_SHA224':
return hashlib.sha224()
if s == 'MBEDTLS_MD_SHA256':
return hashlib.sha256()
if s == 'MBEDTLS_MD_SHA384':
return hashlib.sha384()
if s == 'MBEDTLS_MD_SHA512':
return hashlib.sha512()
def fix(l):
parts = l.rstrip().split(":")
fun = parts[0]
if fun not in functions:
return l
(digest_idx, msg_idx) = functions[fun]
alg_str = parts[digest_idx]
if alg_str == "MBEDTLS_MD_NONE":
return l
h = hash_ctx(alg_str)
msg_str = parts[msg_idx]
msg_hex = msg_str[1:-1]
msg = bytes.fromhex(msg_hex)
h.update(msg)
msg_hash = h.hexdigest()
msg_hash_str = '"' + msg_hash + '"'
parts[msg_idx] = msg_hash_str
return ":".join(parts) + '\n'
filename = 'tests/suites/test_suite_' + suite + '.data'
with open(filename) as f:
lines = f.readlines()
lines = [fix(l) for l in lines]
with open(filename, 'w') as f:
f.writelines(lines)
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
Where hashlen was previously ignored when the hash length could be
inferred from an md_alg parameter, the two must now match.
Adapt the existing tests accordingly. Adapt the sample programs accordingly.
This commit does not add any negative testing.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Remove padding parameters as mbedtls_rsa_init()
cannot return an error code when padding
parameters are invalid.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
If a fallback is not explicitly configured in the
mbedtls_test_rnd_buf_info structure, fail after the buffer is
exhausted.
There is no intended behavior change in this commit: all existing uses
of mbedtls_test_rnd_buffer_rand() have been updated to set
mbedtls_test_rnd_std_rand as the fallback.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Commit removes the mode parameter
from the mbedtls_rsa_rsassa_pss_verify_ext
function. This change is propagated
throughout the codebase.
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
Commit removes the f_rng parameter from
the mbedtls_rsa_rsassa_pss_verify_ext
function. This is in preparation for
the removal of the mode parameter.
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
Commit removes p_rng parameter from the
mbedtls_rsa_rsassa_pss_verify_ext function
in preparation for removal of the mode
parameter.
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
Commit removes mode parameter from
mbedtls_rsa_pkcs1_verify and propagates the
change throughout the codebase.
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
Commit removes p_rng from mbedtls_rsa_pkcs1_verify
since p_rng has no relevance following the removal
of f_rng from this function.
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
Commit removes f_rng parameter from
mbedtls_rsa_pkcs1_verify as a prerequisite
to removing the mode parameter. f_rng no
longer has relevance in this function if
mode is removed.
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
Commit removes the mode parameter from
mbedtls_rsa_pkcs1_sign and progagates the
change to all relevant parts of the codebase.
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
Removal of the mode parameter from
mbedtls_rsa_pkcs1_encrypt function. This change
is propagated throughout the codebase and to
relevant tests.
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
The mode parameter has been removed from the
mbedtls_rsa_pkcs1_decrypt function. The change
has been progagated to all function calls,
including in test suite .function files.
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
- all positibe test cases were sampled from the CAVP test suite
(SigGenPSS_186-2.txt, SigGenPSS_186-3.txt)
Only kept one representative for each triple (modlen, sha, saltlen)
- two extra test cases were added to cover the maximum salt length
(slen=olen-slen-2 and slen=(olen-slen-2)-1)
- in rsa.c, the salt intermediate buffer was too small to cover cases
where slen > hlen. So reworked the code to generate the salt in the
encoded message directly. This has the advantage to remove a memcpy
and a memset.
Signed-off-by: Cédric Meuter <cedric.meuter@gmail.com>
Remove `hex` in name of variables of type data_t to reserve it
for variables of type char* that are the hexadecimal
representation of a data buffer.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
Command to find the files in which lines have gone
larger than 79 characters due to the renaming:
grep '.\{80\}' \
`git diff-tree --no-commit-id --name-only -r HEAD` \
| grep "\<mbedtls_test_rnd_"
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
Command to find the files in which lines have gone
larger than 79 characters due to the renaming:
grep '.\{80\}' \
`git diff-tree --no-commit-id --name-only -r HEAD` \
| grep hexcmp
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
Reduce the stack usage of the `test_suite_pkcs1_v21` by reducing the
size of the buffers used in the tests, to a reasonable big enough size,
and change the size sent to the API to sizeof output.
- Separate string and hex parameter as unhexify is moved out of the function. It's input should only be hex.
- Fix test mbedtls_ccm_encrypt_and_tag that grows input message buffer with tag
- Add missing expected length parameter in ECP TLS tests
- Add deleted TEST_ASSERT and mbedtls calls that got removed in script based code generation
Changes include:
- Integers marked with '#' in the .function files.
- Strings should have "" in .data files.
- String comparison instead of preprocessor-like replace for e.g. '=='
- Params and variables cannot have the same name in .function files
A new OID module has been created that contains the main OID searching
functionality based on type-dependent arrays. A base type is used to
contain the basic values (oid_descriptor_t) and that type is extended to
contain type specific information (like a pk_alg_t).
As a result the rsa sign and verify function prototypes have changed. They
now expect a md_type_t identifier instead of the removed RSA_SIG_XXX
defines.
All OID definitions have been moved to oid.h
All OID matching code is in the OID module.
The RSA PKCS#1 functions cleaned up as a result and adapted to use the
MD layer.
The SSL layer cleanup up as a result and adapted to use the MD layer.
The X509 parser cleaned up and matches OIDs in certificates with new
module and adapted to use the MD layer.
The X509 writer cleaned up and adapted to use the MD layer.
Apps and tests modified accordingly