Commit graph

5145 commits

Author SHA1 Message Date
Andrzej Kurek
e12b01d31b Add support for directoryName subjectAltName
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2023-03-29 11:03:01 -04:00
Valerio Setti
e4758aa34b test: add a companion test for another curve (x25519) and fix issues
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-03-29 10:28:06 +02:00
Valerio Setti
1a6d96f59e test: use full config as test starting point and solve issues
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-03-29 10:28:06 +02:00
Valerio Setti
659aa686c8 test: use BUILTIN symbols in as weierstrass key derivation guard
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-03-29 10:27:18 +02:00
Valerio Setti
a532983e56 test: add legacy dependency for weierstrass key derivation
Weierstrass key derivation still depends on ECP_C (no driver dispatch
yet), so the legacy dependency is still mandatory here.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-03-29 10:27:18 +02:00
Gabor Mezei
df9c029dd5
Remove obsolete ecp_fix_negative function
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2023-03-28 18:43:07 +02:00
Janos Follath
0f5086847c
Merge pull request #7343 from minosgalanakis/ecp/sec-384-update-test-macro-deps
ecp: Updated ecp384 depedency macro
2023-03-28 15:04:10 +01:00
Paul Elliott
f04848cc3b Revert "Add generated files"
This reverts commit df2b5da57f.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2023-03-27 21:20:52 +01:00
Minos Galanakis
37bdd93730 ecp_mod_p224_raw: Added MBEDTLS_ECP_DP_SECP224R1_ENABLED as a dependency
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
2023-03-27 18:19:22 +01:00
Paul Elliott
d01a3bca05 Merge tag 'v3.4.0' into mbedtls-3.4.0_mergeback
Mbed TLS 3.4.0
2023-03-27 18:09:49 +01:00
Janos Follath
445c3bfcac
Merge pull request #7222 from minosgalanakis/bignum/6851_extract_Secp384r1_fast_reduction
Bignum:  Extract secp384r1 fast reduction from the prototype
2023-03-27 16:56:30 +01:00
Manuel Pégourié-Gonnard
c584c27426 Disable built-in SHA-256 in accel_hash too
Now that Entropy doesn't need it any more, we can have driver-only
SHA-256 (and 224 with it) in the non-USE_PSA component too.

This reveals a missing PSA_INIT in a PK test using SHA-256.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-03-24 10:43:40 +01:00
Manuel Pégourié-Gonnard
e9319772b3 Fix failures in test_suite_random
Appeared after the dependencies were changed to use MD_CAN.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-03-24 10:43:40 +01:00
Manuel Pégourié-Gonnard
33783b4646 Manually fix two remaining instances of old macros
Unless I missed something, all remaining instance of all macros are in
files where it makes sense to use these. I went over the output of:

    git grep -c -E 'MBEDTLS_(MD5|RIPEMD160|SHA[0-9]*)_C'

and I think all the files listed fall into one of the following
acceptable categories:

- documentation and historical documents: Changelog, docs/**/*.md
- config files and related: mbedtls_config.h, configs/*.h,
  check_config.h, config_psa.h, etc.
- scripts that build/modify configs: all.sh, depends.py,
  set_psa_test_dependencies.py, etc.
- implementation of MD or PSA or related: md.h, psa_util.h, etc. and
  corresponding test suites
- implementation of hashes: md5.c, sha256.h, etc. and corresponding test
  suites
- two example programs using a low-level hash API: hash/hello.c,
  pkey/ecdsa.c
- test/benchmark.c, test/selftest.c: actually want our built-in
  implementations
- a function in test_suite_psa_crypto_storage_format that is
  specifically for checking if the hash is built in.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-03-24 10:43:40 +01:00
Manuel Pégourié-Gonnard
93302422fd Fix instances of old feature macros being used
sed -i -f md.sed include/mbedtls/ssl.h library/hmac_drbg.c programs/pkey/*.c programs/x509/*.c tests/scripts/generate_pkcs7_tests.py tests/suites/test_suite_random.data

Then manually revert programs/pkey/ecdsa.c as it's using a low-level
hash API.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-03-24 10:43:40 +01:00
Manuel Pégourié-Gonnard
2334d3a9b1 Fix driver_wrappers test
These were assuming that psa_crypto_init() doesn't call hashes, which is
not always correct.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-03-24 10:43:40 +01:00
Manuel Pégourié-Gonnard
5cd4b6403b Use MD-light in entropy.c
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-03-24 10:43:40 +01:00
Manuel Pégourié-Gonnard
ac6db4d649
Merge pull request #7317 from mpg/lift-exclusions
Lift exclusions from driver-only hash component
2023-03-23 12:01:01 +01:00
Paul Elliott
df2b5da57f Add generated files
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2023-03-23 10:58:43 +00:00
Paul Elliott
db67e99bbf Bump library, libcrypto and libx509 versions
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2023-03-23 10:57:39 +00:00
Przemek Stekiel
69aba90e5b Add tests case for step with different buffer size
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-03-23 08:06:09 +01:00
Valerio Setti
13ce40323f test_suite_ssl: remove redundant dependencies when the key exchange is specified
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-03-22 10:40:05 +01:00
Valerio Setti
7a2f39692a ecdhe: solve disparities in accelerated ECDHE vs reference
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-03-22 10:37:45 +01:00
Minos Galanakis
37f4cb6d0e ecp_curves: Minor rework for p384
This patch adjusts formatting, documentation and testing.

Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
2023-03-21 15:46:50 +00:00
Minos Galanakis
619385d8bc test_suite_ecp: Added ecp_mod_p384_raw() test case.
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
2023-03-21 15:45:17 +00:00
Manuel Pégourié-Gonnard
8965b65bd8 Remove now-spurious dependencies
Now that HMAC-DRBG can use driver, so can deterministic ECDSA

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-03-21 16:42:06 +01:00
Manuel Pégourié-Gonnard
91cc8bbc87 Enable ECDSA-det in driver-only hashes component
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-03-21 16:42:06 +01:00
Manuel Pégourié-Gonnard
d111fbdad1 Enable HMAC-DRBG in driver-only hashes component
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-03-21 16:42:05 +01:00
Manuel Pégourié-Gonnard
0d1921c4c2 Enable HKDF in driver-only hashes test
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-03-21 16:42:05 +01:00
Paul Elliott
f1eb5e2a04 Merge branch 'development-restricted' into mbedtls-3.4.0rc0-pr
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2023-03-21 15:35:17 +00:00
Manuel Pégourié-Gonnard
7d381f517a MD: use MD_CAN in test suite and check for parity
Split the part the varies between driver/built-in builds to a separate
file for convenience. Fix analyze_outcomes.py to be able to exclude
specific data files and not just a whole family at once.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-03-21 16:29:31 +01:00
Manuel Pégourié-Gonnard
7224086ebc Remove legacy_or_psa.h
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-03-21 16:29:31 +01:00
Manuel Pégourié-Gonnard
23fc437037 SSL: fix test failures
1. Change USE_PSA_CRYPTO_INIT/DONE to MD_OR_USE.

2. Add missing occurrences - some of these were already necessary in
principle (in one form or another) but where missing and this was not
detected so far as `psa_hash` doesn't complain in case of a missing
init, but now MD makes it visible.

3. Add missing include in ssl_test_lib.h.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-03-21 16:29:31 +01:00
Manuel Pégourié-Gonnard
bef824d394 SSL: use MD_CAN macros
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-03-21 16:29:31 +01:00
Manuel Pégourié-Gonnard
33a13028e5 X.509: fix test failures
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-03-21 16:28:00 +01:00
Manuel Pégourié-Gonnard
a946489efd X.509: use MD_CAN macros
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-03-21 16:28:00 +01:00
Manuel Pégourié-Gonnard
fa99afa2bc PK: fix test failures
Introduce MD_OR_USE_PSA_INIT/DONE. This will likely be used everywhere
in X.509 and SSL/TLS, but most places in PK only need USE_PSA_INIT/DONE.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-03-21 16:28:00 +01:00
Manuel Pégourié-Gonnard
0b8095d96a PK: use MD_CAN macros
sed -i -f md.sed tests/suites/test_suite_pk{,parse,write}.*

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-03-21 16:28:00 +01:00
Manuel Pégourié-Gonnard
ebef58d301 OID + misc crypto: use MD_CAN and fix failures
After this, only PK, X.509 and TLS remain to be done.

Deterministic uses HMAC-DRBG which uses MD, so it needs crypto_init()
when using a driver-only hash.

Also, remove a special-purpose macro that's no longer needed.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-03-21 16:28:00 +01:00
Manuel Pégourié-Gonnard
1d3bf24555 test_suite_psa_crypto: use PSA_WANT
Could use MD_CAN, as both are equivalent when MBEDTLS_PSA_CRYPTO_C is
defined, but using PSA_WANT is preferable in a PSA context.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-03-21 16:28:00 +01:00
Manuel Pégourié-Gonnard
a5f04621bd PKCS5: use MD_CAN macros
sed -i -f md.sed library/pkcs5.c tests/suites/test_suite_pkcs5* include/mbedtls/pkcs5.h

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-03-21 16:28:00 +01:00
Manuel Pégourié-Gonnard
49e67f814f PKCS5: always use MD
As a consequence, MD_C is now enabled in component accel_hash_use_psa.

Fix guards in X.509 info function to avoid this causing a failure now.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-03-21 16:28:00 +01:00
Manuel Pégourié-Gonnard
c1f10441e0 RSA: use MD_CAN macros
sed -i -f md.sed library/rsa.c tests/suites/test_suite_rsa* include/mbedtls/rsa.h tests/suites/test_suite_pkcs1_v*

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-03-21 16:28:00 +01:00
Manuel Pégourié-Gonnard
fb8d90a2db RSA: always use MD light
Note: already auto-enabled in build_info.h

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-03-21 16:28:00 +01:00
Manuel Pégourié-Gonnard
52d02a85d3 PEM: use MD_CAN macros
sed -i -f md.sed library/pem.c tests/suites/test_suite_pem* include/mbedtls/pem.h

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-03-21 16:28:00 +01:00
Manuel Pégourié-Gonnard
1c2008fa37 PEM: always use MD light
Note: PEM_PARSE already auto-enables MD_LIGHT in build_info.h

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-03-21 16:28:00 +01:00
Manuel Pégourié-Gonnard
0baad53ac9 PKCS12: use MD_CAN macros
sed -i -f md.sed library/pkcs12.c tests/suites/test_suite_pkcs12.* include/mbedtls/pkcs12.h

with md.sed as before.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-03-21 16:28:00 +01:00
Manuel Pégourié-Gonnard
be97afe5d4 PKCS12: always use MD light
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-03-21 16:28:00 +01:00
Manuel Pégourié-Gonnard
b2eb1f7456 ECJPAKE: use MD_CAN macros
sed -i -f md.sed \
    library/ecjpake.c \
    include/medtls/ecjpake.h \
    tests/suites/test_suite_ecjpake.*

With md.sed as follows:

s/\bMBEDTLS_HAS_ALG_MD5_VIA_MD_OR_PSA_BASED_ON_USE_PSA\b/MBEDTLS_MD_CAN_MD5/g
s/\bMBEDTLS_HAS_ALG_RIPEMD160_VIA_MD_OR_PSA_BASED_ON_USE_PSA\b/MBEDTLS_MD_CAN_RIPEMD160/g
s/\bMBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA_BASED_ON_USE_PSA\b/MBEDTLS_MD_CAN_SHA1/g
s/\bMBEDTLS_HAS_ALG_SHA_224_VIA_MD_OR_PSA_BASED_ON_USE_PSA\b/MBEDTLS_MD_CAN_SHA224/g
s/\bMBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA\b/MBEDTLS_MD_CAN_SHA256/g
s/\bMBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA\b/MBEDTLS_MD_CAN_SHA384/g
s/\bMBEDTLS_HAS_ALG_SHA_512_VIA_MD_OR_PSA_BASED_ON_USE_PSA\b/MBEDTLS_MD_CAN_SHA512/g

s/\bMBEDTLS_HAS_ALG_MD5_VIA_MD_OR_PSA\b/MBEDTLS_MD_CAN_MD5/g
s/\bMBEDTLS_HAS_ALG_RIPEMD160_VIA_MD_OR_PSA\b/MBEDTLS_MD_CAN_RIPEMD160/g
s/\bMBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA\b/MBEDTLS_MD_CAN_SHA1/g
s/\bMBEDTLS_HAS_ALG_SHA_224_VIA_MD_OR_PSA\b/MBEDTLS_MD_CAN_SHA224/g
s/\bMBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA\b/MBEDTLS_MD_CAN_SHA256/g
s/\bMBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA\b/MBEDTLS_MD_CAN_SHA384/g
s/\bMBEDTLS_HAS_ALG_SHA_512_VIA_MD_OR_PSA\b/MBEDTLS_MD_CAN_SHA512/g

s/\bMBEDTLS_HAS_ALG_MD5_VIA_LOWLEVEL_OR_PSA\b/MBEDTLS_MD_CAN_MD5/g
s/\bMBEDTLS_HAS_ALG_RIPEMD160_VIA_LOWLEVEL_OR_PSA\b/MBEDTLS_MD_CAN_RIPEMD160/g
s/\bMBEDTLS_HAS_ALG_SHA_1_VIA_LOWLEVEL_OR_PSA\b/MBEDTLS_MD_CAN_SHA1/g
s/\bMBEDTLS_HAS_ALG_SHA_224_VIA_LOWLEVEL_OR_PSA\b/MBEDTLS_MD_CAN_SHA224/g
s/\bMBEDTLS_HAS_ALG_SHA_256_VIA_LOWLEVEL_OR_PSA\b/MBEDTLS_MD_CAN_SHA256/g
s/\bMBEDTLS_HAS_ALG_SHA_384_VIA_LOWLEVEL_OR_PSA\b/MBEDTLS_MD_CAN_SHA384/g
s/\bMBEDTLS_HAS_ALG_SHA_512_VIA_LOWLEVEL_OR_PSA\b/MBEDTLS_MD_CAN_SHA512/g

s/\bMBEDTLS_MD5_C\b/MBEDTLS_MD_CAN_MD5/g
s/\bMBEDTLS_RIPEMD160_C\b/MBEDTLS_MD_CAN_RIPEMD160/g
s/\bMBEDTLS_SHA1_C\b/MBEDTLS_MD_CAN_SHA1/g
s/\bMBEDTLS_SHA224_C\b/MBEDTLS_MD_CAN_SHA224/g
s/\bMBEDTLS_SHA256_C\b/MBEDTLS_MD_CAN_SHA256/g
s/\bMBEDTLS_SHA384_C\b/MBEDTLS_MD_CAN_SHA384/g
s/\bMBEDTLS_SHA512_C\b/MBEDTLS_MD_CAN_SHA512/g

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-03-21 16:28:00 +01:00
Manuel Pégourié-Gonnard
41bc8b6b1e ECJPAKE: always use MD light
This enables access to all available hashes, instead of the previous
situation where you had to choose by including MD_C or not.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-03-21 16:28:00 +01:00
Manuel Pégourié-Gonnard
ffcda5679a Make MD_PSA_INIT/DONE available to all suites
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-03-21 16:28:00 +01:00
Manuel Pégourié-Gonnard
e0e161b54a
Merge pull request #7296 from valeriosetti/issue7253-part1
driver-only ECDH: enable ECDH-based TLS 1.2 key exchanges -- part 1
2023-03-21 16:09:02 +01:00
Dave Rodgman
3543806026
Merge pull request #7190 from yanrayw/6197_rsa_get_padding_hashID
RSA: provide interface to retrieve padding mode and hash_id
2023-03-20 18:34:53 +00:00
Dave Rodgman
d3b6e92967
Merge pull request #997 from gilles-peskine-arm/aesni-intrinsics
Implement AESNI with intrinsics
2023-03-20 18:20:51 +00:00
Valerio Setti
fdea36d137 test_suite_ssl: remove redundant ECDH dependencies when the key exchange is specified
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-03-20 14:02:07 +01:00
Valerio Setti
866aa187e8 ecdh: solve disparities in accelerated ECDH vs reference
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-03-20 14:02:07 +01:00
Manuel Pégourié-Gonnard
14c194aae9
Merge pull request #7271 from mpg/use-md-light
Use md light
2023-03-20 09:01:16 +01:00
Yanray Wang
69bc8403eb rsa_tests: use TEST_EQUAL instead of TEST_ASSERT
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-03-17 20:33:08 +08:00
Yanray Wang
e05a21f084 rsa: add a test to check default padding mode and hash_id
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-03-17 20:09:20 +08:00
Yanray Wang
15d3df7aec rsa: add positive test cases for getter functions
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-03-17 19:49:04 +08:00
Yanray Wang
d41684e8bc rsa.c: rename getter function of hash_id
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-03-17 18:57:42 +08:00
Paul Elliott
9f02a4177b
Merge pull request #7009 from mprse/csr_write_san
Added ability to include the SubjectAltName extension to a CSR - v.2
2023-03-17 10:07:27 +00:00
Manuel Pégourié-Gonnard
6ea8d3414f Fix a comment
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-03-17 09:43:50 +01:00
Manuel Pégourié-Gonnard
ec000c1a00
Merge pull request #7242 from mpg/md-dispatch-psa
Implement MD dispatch to PSA
2023-03-17 09:42:40 +01:00
Gilles Peskine
28e4dc1e39 Fix use of arithmetic on void*
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-03-16 21:39:47 +01:00
Janos Follath
c18cd0c8e6
Merge pull request #7230 from gabor-mezei-arm/6850_Secp256r1_fast_reduction
Extract Secp256r1 fast reduction from the prototype
2023-03-16 19:43:25 +00:00
Dave Rodgman
4a060ffa59
Merge pull request #7303 from daverodgman/msan_bzero_testcase
Add tests that cover msan explicit_bzero issue
2023-03-16 17:55:19 +00:00
Gilles Peskine
844f65dc65 Explicitly test AES contexts with different alignments
Don't leave it up to chance.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-03-16 14:54:48 +01:00
Dave Rodgman
0a3c72df02 Add explanatory comment
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-03-16 13:43:32 +00:00
Gilles Peskine
5fcdf49f0e Move copy-context testing to an auxiliary function
This is in preparation for running it multiple times with different
alignments.

This commit also fixes the fact that we weren't calling mbedtls_aes_free()
on the context (we still aren't if the test fails). It's not an issue except
possibly in some ALT implementations.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-03-16 14:42:39 +01:00
Gilles Peskine
f99ec202d7 AES context copy test: have one for each key size
Don't use all-bytes zero as a string, it's harder to debug.

This commit uses the test vectors from FIPS 197 appendix C.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-03-16 14:27:40 +01:00
Gilles Peskine
d50cfddfd7 AES context copy test: clean up
Don't use hexcmp to compare binary data. Improve readability.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-03-16 14:25:58 +01:00
Dave Rodgman
5d2024333b Fix missing line ending
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-03-16 12:14:51 +00:00
Dave Rodgman
ecd649205d Add tests that cover msan explicit_bzero issue
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-03-16 12:02:15 +00:00
Manuel Pégourié-Gonnard
ec31f2917f Systematically call PSA_INIT for MD tests
All tests that call md_setup() or compute a hash of a HMAC may now need
it in some builds.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-03-16 09:48:20 +01:00
Manuel Pégourié-Gonnard
9b14639342 Dispatch according to init status.
We shouldn't dispatch to PSA when drivers have not been initialized yet.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-03-16 09:46:51 +01:00
Manuel Pégourié-Gonnard
7abdf7eee5 Add utility function to check for drivers init
This will be used in the next commit.

While at it, move driver initialization before RNG init - this will be
handy when the entropy module wants to use drivers for hashes.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-03-16 09:46:51 +01:00
Yanray Wang
f56181a105 ssl_helpers.c: add mbedtls_test prefix for tweak_tls13_certificate*
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-03-16 14:59:38 +08:00
Yanray Wang
b088bfc453 ssl_helpers.c: add mbedtls_test_ssl prefix for *_exchange_data
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-03-16 14:59:38 +08:00
Yanray Wang
5f86a42813 ssl_helpers.c: add mbedtls_test prefix for mbedtls_mock_socket_init
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-03-16 14:59:38 +08:00
Demi Marie Obenour
889534a4d2 Fix segfault in mbedtls_oid_get_numeric_string
When passed an empty OID, mbedtls_oid_get_numeric_string would read one
byte from the zero-sized buffer and return an error code that depends on
its value.  This is demonstrated by the test suite changes, which
check that an OID with length zero and an invalid buffer pointer does
not cause Mbed TLS to segfault.

Also check that second and subsequent subidentifiers are terminated, and
add a test case for that.  Furthermore, stop relying on integer division
by 40, use the same loop for both the first and subsequent
subidentifiers, and add additional tests.

Signed-off-by: Demi Marie Obenour <demiobenour@gmail.com>
2023-03-16 01:06:41 -04:00
Jerry Yu
02d684061b Adjust time delay tests to fix fails
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-03-15 19:00:50 +08:00
Gilles Peskine
8d60574b7b
Merge pull request #6500 from yanrayw/split-TLS-connection-func-into-ssl_helpers
Move TLS connection helper code from test_suite_ssl.function to ssl_helpers.c
2023-03-15 10:50:03 +01:00
Yanray Wang
ac36115355 test_suite_rsa.function: remove redundant test cases
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-03-15 16:55:36 +08:00
Yanray Wang
097147540d test_suite_rsa.function: add tests
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-03-15 16:42:58 +08:00
Manuel Pégourié-Gonnard
18336dace2
Merge pull request #7196 from mprse/ecjpake-driver-dispatch-peer-user
EC J-PAKE: partial fix for role vs user+peer
2023-03-15 09:37:30 +01:00
Przemek Stekiel
c0e6250ff9 Fix documentation and tests
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-03-14 11:49:36 +01:00
Gilles Peskine
215ecd0439
Merge pull request #7252 from daverodgman/enable_pkcs7
Enable PKCS 7
2023-03-14 10:39:50 +01:00
Jerry Yu
e7ea823d43 remove extra spaces
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-03-14 17:33:42 +08:00
Jerry Yu
1f7dd8df9b fix random fails
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-03-14 13:12:08 +08:00
Przemek Stekiel
fde112830f Code optimizations and documentation fixes
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-03-13 16:28:27 +01:00
Yanray Wang
5ba709c449 Move #define Directive into ssl_helpers.h
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-03-13 19:20:42 +08:00
Yanray Wang
09a6f7e14f Move TEST_AVAILABLE_ECC into ssl_helpers.h
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-03-13 19:20:42 +08:00
Yanray Wang
1db628f254 Move ECJPAKE_TEST_SET_PASSWORD into ssl_helpers.h
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-03-13 19:20:42 +08:00
Yanray Wang
e64b40520d Fix build error in CI about test_fail_if_psa_leaking
During test of component build_arm_linux_gnueabi_gcc_arm5vte and
build_arm_none_eabi_gcc_m0plus. It fails with
 - error: implicit declaration of function
   ‘test_fail_if_psa_leaking’

It happens because test_fail_if_psa_leaking is defined in
helpers.function. This block of code is not converted into C code
while compiling ssl_helpers.c. The function has been moved to
psa_crypto_helpers.c in order to fix this build error.

Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-03-13 19:20:42 +08:00
Yanray Wang
4d07d1c394 Resolve build errors for ssl_helpers.c and test_suite_ssl.c
Since we move many functions from test_suite_ssl.function to
ssl_helpers.c in commit 8e2bbdd. This causes various of
build errors. This commit fixes all the build errors by
 - including header files
 - providing function definition
 - adding guards for typedef statements and functions

Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-03-13 19:20:42 +08:00
Yanray Wang
e6afd919dd Move TLS connection related functions to ssl_helpers.c
Some functions are renamed in commit d51d285. This change moves all
those functions which are used to set up a TLS connection from
test_suite_ssl.function into ssl_helpers.c.

Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-03-13 19:20:42 +08:00
Yanray Wang
d577a68325 Improve code readability for test_suite_ssl.function
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-03-13 19:15:53 +08:00
Yanray Wang
bd29683c90 Rewrap the lines to fit code standard in test_suite_ssl.function
As the typedef statements and functions are renamed in commit
de3caee and commit d51d285 respectively. This commit aims
to align code lines to fit code standard and improve code
readability.

Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-03-13 19:15:53 +08:00
Yanray Wang
f7b62353cb Rename the functions which are used to set up TLS connection
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-03-13 19:15:53 +08:00
Yanray Wang
55a6619135 Move the renamed typedef statements to ssl_helpers.h
With this change, the renamed typedef statements (commit de3caee)
are moved from test_suite_ssl.function into ssl_helpers.h

Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-03-13 19:15:53 +08:00
Yanray Wang
9ef0dce9e3 Rename the typedef statements which are used for TLS connection
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-03-13 19:15:53 +08:00
Yanray Wang
47907a4bb4 Create ssl_helpers.c to hold functions of TLS connection
test_suite_ssl.function contains many functions that are used to set
up a TLS connection. To reduce its file size, those functions would
be moved to ssl_helpers.c under tests/src. As the start of this
implementation, some necessary header files are moved in advance.

Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-03-13 19:15:53 +08:00
Dave Rodgman
756b028511
Merge pull request #7171 from daverodgman/pr5527
Fix undefined behavior in ssl_read if buf parameter is NULL
2023-03-13 10:46:29 +00:00
Jerry Yu
c5b48a6f04 Add time test with delay
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-03-13 15:25:44 +08:00
Przemek Stekiel
18cd6c908c Use local macros for j-pake slient/server strings
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-03-12 16:59:28 +01:00
Przemek Stekiel
aa1834254e Fix code style
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-03-12 16:59:28 +01:00
Przemek Stekiel
09104b8712 rework psa_pake_set_role to be consistent with requirements and adapt tests
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-03-12 16:59:28 +01:00
Przemek Stekiel
f15d335f5b ecjpake_setup: clean up handling of errors
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-03-12 16:59:28 +01:00
Dave Rodgman
8e528ece74 Disable test under MBEDTLS_MEMORY_BUFFER_ALLOC_C
This test allocates too much memory to work when the alternative
memory allocator is used.

Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-03-12 13:30:56 +00:00
Dave Rodgman
45bed94406 Add parse failure test when MBEDTLS_RSA_C not set
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-03-12 10:01:02 +00:00
Dave Rodgman
651fb529f9 Make pkcs7_parse test not depend on MBEDTLS_RSA_C
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-03-12 10:00:44 +00:00
Dave Rodgman
4fa8590b62 Fix test dependency
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-03-12 09:34:08 +00:00
Dave Rodgman
f8565b3c2b Add more PKCS #7 tests with expired cert
Add test which uses an expired cert but is otherwise OK, which
passes if and only if MBEDTLS_HAVE_TIME_DATE is not set.

Add similar test which verifies against a different data file,
which must fail regardless of MBEDTLS_HAVE_TIME_DATE.

Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-03-11 10:26:39 +00:00
Dave Rodgman
cc77fe8e52 Fix PKCS #7 tests when MBEDTLS_HAVE_TIME_DATE unset
Ensure that verification of an expired cert still fails, but
update the test to handle the different error code.

Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-03-11 09:46:13 +00:00
Dave Rodgman
ca43e0d0ac Fix test file extension
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-03-10 13:06:01 +00:00
Dave Rodgman
f2f2dbcfd7 Add test case for PKCS7 file with zero signers
The test file was created by manually modifying
tests/data_files/pkcs7_data_without_cert_signed.der, using
ASN.1 JavaScript decoder  https://lapo.it/asn1js/

Changes made:
The SignerInfos set was truncated to zero length.
All the parent sequences, sets, etc were then adjusted
for their new reduced length.

Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-03-10 12:52:00 +00:00
Dave Rodgman
ac447837d3
Merge pull request #7206 from xkqian/test_memory_management_in_pkcs7
Test memory management in pkcs7
2023-03-10 11:29:50 +00:00
Przemek Stekiel
f3ae020c37 Use user/peer instead role in jpake driver-wrapper tests
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-03-10 09:18:03 +01:00
Przemek Stekiel
af94c13b2c Add tests for user/peer input getters
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-03-10 09:18:03 +01:00
Przemek Stekiel
0c946e9aa9 Addapt jpake tests and add cases for set_user, set_peer
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-03-10 09:18:03 +01:00
Gilles Peskine
4da92832b0
Merge pull request #7117 from valeriosetti/issue6862
driver-only ECDSA: enable ECDSA-based TLS 1.2 key exchanges
2023-03-09 20:49:44 +01:00
Gilles Peskine
a25203c5f9
Merge pull request #7208 from paul-elliott-arm/interruptible_sign_hash_new_verify_tests
Interruptible_{sign|verify}_hash: Add public key verification tests
2023-03-09 20:48:13 +01:00
Dave Rodgman
bf4016e5d5
Merge pull request #6567 from mprse/ecjpake-driver-dispatch 2023-03-09 19:23:05 +00:00
Przemek Stekiel
b8eaf635ba Remove MBEDTLS_SHA256_C from PSA_WANT_ALG_JPAKE config and adapt test dependencies
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-03-09 12:14:26 +01:00
Valerio Setti
2f081473b6 test: fix disparities in test_suite_ssl
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-03-08 16:47:28 +01:00
Gabor Mezei
eb591ff94d
Add test generation for ecp_mod_p256_raw
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2023-03-08 14:12:20 +01:00
Gabor Mezei
ab6ac91a0a
Extract Secp256r1 from the prototype
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2023-03-08 14:09:50 +01:00
Valerio Setti
c0e7da55c5 test: removing remaning dependencies of PK_WRITE/PK_PARSE from test_suite_psa_crypto suites
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-03-08 11:03:09 +01:00
Valerio Setti
f9bc5b75f1 test: remove dependencies on PK_WRITE and PK_PARSE from test_suite_psa_crypto suites
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-03-08 11:03:09 +01:00
Gilles Peskine
a2fc399f57
Merge pull request #6829 from AndrzejKurek/unify-psa-errors
Unify PSA to Mbed TLS error translation
2023-03-07 19:55:44 +01:00
Janos Follath
fe780a3c4b
Merge pull request #7184 from gabor-mezei-arm/6349_Secp224r1_fast_reduction
Extract Secp224r1 fast reduction from the prototype
2023-03-07 10:57:58 +00:00
Przemek Stekiel
4aa99403f4 Fix configuration for accelerated jpake
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-03-07 10:50:09 +01:00
Xiaokang Qian
d2988adb31 Add rsa dependencies for pkcs7 corrupt signer info cases
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2023-03-07 08:38:58 +00:00
Xiaokang Qian
9c703d80ca Add fuzz bad cases for signer info 1 and 2
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2023-03-07 08:38:58 +00:00
Xiaokang Qian
8993a14567 Add unexpected tag cases for signer info 1 and 2
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2023-03-07 08:38:58 +00:00
Xiaokang Qian
e8c696ffd1 Add invalid size test case for signer info[2](The third one)
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2023-03-07 08:38:58 +00:00
Xiaokang Qian
72b4bcac03 Add invalid size test case for signer info 1(the second one)
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2023-03-07 08:38:55 +00:00
Manuel Pégourié-Gonnard
a5ffa93e43
Merge pull request #7142 from mpg/driver-only-ecdh-starter
Driver-only ECDH starter
2023-03-07 09:14:38 +01:00
Paul Elliott
8c092052bd Add public key verification tests
Add public key verification tests, and alter test intent comments to make it
obvious that verify_hash_interruptible can do public keys as well as private
and keypairs.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2023-03-06 17:49:14 +00:00
Manuel Pégourié-Gonnard
228a30d16c
Merge pull request #7120 from mpg/md-light
Define "MD light" subset of MD
2023-03-06 11:02:19 +01:00
Dave Rodgman
4693fd9e9e
Merge pull request #7173 from daverodgman/zeroize-platform
Use platform-provided secure zeroization
2023-03-06 09:16:12 +00:00
Dave Rodgman
45cef61fa4
Merge branch 'development' into md-light
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-03-03 14:28:13 +00:00
Przemek Stekiel
5a49d3cce3 Replace mbedtls_x509_san_node with mbedtls_x509_subject_alternative_name
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-03-03 12:58:11 +01:00
Przemek Stekiel
8e83d3aaa9 Add tests for writting SAN to CSR
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-03-03 12:58:05 +01:00
Andrzej Kurek
8a045ce5e6 Unify PSA to Mbed TLS error translation
Move all error translation utilities to psa_util.c.
Introduce macros and functions to avoid having
a local copy of the error translating function in
each place.
Identify overlapping errors and introduce a
generic function.
Provide a single macro for all error translations
(unless one file needs a couple of different ones).
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2023-03-03 05:23:44 -05:00
Jerry Yu
9a12df022e Add tests for time rountine
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-03-03 15:31:28 +08:00
Paul Elliott
ddbc6ed6cd Enable all keys for interruptible op fail tests
Due to a misunderstanding about the purpose of the test, I had limited this to
ECC keys only, however this defeats the purpose of the test, and left gaps in
test coverage.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2023-03-02 16:03:43 +00:00
Dave Rodgman
f4385faa6f
Merge pull request #7188 from paul-elliott-arm/interruptible_sign_hash_complete_after_start_fail
Interruptible {sign|verify} hash - Call complete() after start() failure.
2023-03-01 17:18:08 +00:00
Paul Elliott
42585f678b
Merge pull request #7176 from paul-elliott-arm/interruptible_sign_hash_verify_test_improvements
Interruptible {sign|verify} hash verification test improvements
2023-03-01 15:00:45 +00:00