Commit graph

5145 commits

Author SHA1 Message Date
Yanray Wang
55a6619135 Move the renamed typedef statements to ssl_helpers.h
With this change, the renamed typedef statements (commit de3caee)
are moved from test_suite_ssl.function into ssl_helpers.h

Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-03-13 19:15:53 +08:00
Yanray Wang
9ef0dce9e3 Rename the typedef statements which are used for TLS connection
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-03-13 19:15:53 +08:00
Yanray Wang
47907a4bb4 Create ssl_helpers.c to hold functions of TLS connection
test_suite_ssl.function contains many functions that are used to set
up a TLS connection. To reduce its file size, those functions would
be moved to ssl_helpers.c under tests/src. As the start of this
implementation, some necessary header files are moved in advance.

Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-03-13 19:15:53 +08:00
Dave Rodgman
756b028511
Merge pull request #7171 from daverodgman/pr5527
Fix undefined behavior in ssl_read if buf parameter is NULL
2023-03-13 10:46:29 +00:00
Jerry Yu
c5b48a6f04 Add time test with delay
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-03-13 15:25:44 +08:00
Przemek Stekiel
18cd6c908c Use local macros for j-pake slient/server strings
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-03-12 16:59:28 +01:00
Przemek Stekiel
aa1834254e Fix code style
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-03-12 16:59:28 +01:00
Przemek Stekiel
09104b8712 rework psa_pake_set_role to be consistent with requirements and adapt tests
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-03-12 16:59:28 +01:00
Przemek Stekiel
f15d335f5b ecjpake_setup: clean up handling of errors
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-03-12 16:59:28 +01:00
Dave Rodgman
8e528ece74 Disable test under MBEDTLS_MEMORY_BUFFER_ALLOC_C
This test allocates too much memory to work when the alternative
memory allocator is used.

Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-03-12 13:30:56 +00:00
Dave Rodgman
45bed94406 Add parse failure test when MBEDTLS_RSA_C not set
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-03-12 10:01:02 +00:00
Dave Rodgman
651fb529f9 Make pkcs7_parse test not depend on MBEDTLS_RSA_C
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-03-12 10:00:44 +00:00
Dave Rodgman
4fa8590b62 Fix test dependency
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-03-12 09:34:08 +00:00
Dave Rodgman
f8565b3c2b Add more PKCS #7 tests with expired cert
Add test which uses an expired cert but is otherwise OK, which
passes if and only if MBEDTLS_HAVE_TIME_DATE is not set.

Add similar test which verifies against a different data file,
which must fail regardless of MBEDTLS_HAVE_TIME_DATE.

Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-03-11 10:26:39 +00:00
Dave Rodgman
cc77fe8e52 Fix PKCS #7 tests when MBEDTLS_HAVE_TIME_DATE unset
Ensure that verification of an expired cert still fails, but
update the test to handle the different error code.

Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-03-11 09:46:13 +00:00
Dave Rodgman
ca43e0d0ac Fix test file extension
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-03-10 13:06:01 +00:00
Dave Rodgman
f2f2dbcfd7 Add test case for PKCS7 file with zero signers
The test file was created by manually modifying
tests/data_files/pkcs7_data_without_cert_signed.der, using
ASN.1 JavaScript decoder  https://lapo.it/asn1js/

Changes made:
The SignerInfos set was truncated to zero length.
All the parent sequences, sets, etc were then adjusted
for their new reduced length.

Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-03-10 12:52:00 +00:00
Dave Rodgman
ac447837d3
Merge pull request #7206 from xkqian/test_memory_management_in_pkcs7
Test memory management in pkcs7
2023-03-10 11:29:50 +00:00
Przemek Stekiel
f3ae020c37 Use user/peer instead role in jpake driver-wrapper tests
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-03-10 09:18:03 +01:00
Przemek Stekiel
af94c13b2c Add tests for user/peer input getters
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-03-10 09:18:03 +01:00
Przemek Stekiel
0c946e9aa9 Addapt jpake tests and add cases for set_user, set_peer
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-03-10 09:18:03 +01:00
Gilles Peskine
4da92832b0
Merge pull request #7117 from valeriosetti/issue6862
driver-only ECDSA: enable ECDSA-based TLS 1.2 key exchanges
2023-03-09 20:49:44 +01:00
Gilles Peskine
a25203c5f9
Merge pull request #7208 from paul-elliott-arm/interruptible_sign_hash_new_verify_tests
Interruptible_{sign|verify}_hash: Add public key verification tests
2023-03-09 20:48:13 +01:00
Dave Rodgman
bf4016e5d5
Merge pull request #6567 from mprse/ecjpake-driver-dispatch 2023-03-09 19:23:05 +00:00
Przemek Stekiel
b8eaf635ba Remove MBEDTLS_SHA256_C from PSA_WANT_ALG_JPAKE config and adapt test dependencies
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-03-09 12:14:26 +01:00
Valerio Setti
2f081473b6 test: fix disparities in test_suite_ssl
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-03-08 16:47:28 +01:00
Gabor Mezei
eb591ff94d
Add test generation for ecp_mod_p256_raw
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2023-03-08 14:12:20 +01:00
Gabor Mezei
ab6ac91a0a
Extract Secp256r1 from the prototype
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2023-03-08 14:09:50 +01:00
Valerio Setti
c0e7da55c5 test: removing remaning dependencies of PK_WRITE/PK_PARSE from test_suite_psa_crypto suites
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-03-08 11:03:09 +01:00
Valerio Setti
f9bc5b75f1 test: remove dependencies on PK_WRITE and PK_PARSE from test_suite_psa_crypto suites
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-03-08 11:03:09 +01:00
Gilles Peskine
a2fc399f57
Merge pull request #6829 from AndrzejKurek/unify-psa-errors
Unify PSA to Mbed TLS error translation
2023-03-07 19:55:44 +01:00
Janos Follath
fe780a3c4b
Merge pull request #7184 from gabor-mezei-arm/6349_Secp224r1_fast_reduction
Extract Secp224r1 fast reduction from the prototype
2023-03-07 10:57:58 +00:00
Przemek Stekiel
4aa99403f4 Fix configuration for accelerated jpake
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-03-07 10:50:09 +01:00
Xiaokang Qian
d2988adb31 Add rsa dependencies for pkcs7 corrupt signer info cases
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2023-03-07 08:38:58 +00:00
Xiaokang Qian
9c703d80ca Add fuzz bad cases for signer info 1 and 2
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2023-03-07 08:38:58 +00:00
Xiaokang Qian
8993a14567 Add unexpected tag cases for signer info 1 and 2
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2023-03-07 08:38:58 +00:00
Xiaokang Qian
e8c696ffd1 Add invalid size test case for signer info[2](The third one)
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2023-03-07 08:38:58 +00:00
Xiaokang Qian
72b4bcac03 Add invalid size test case for signer info 1(the second one)
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2023-03-07 08:38:55 +00:00
Manuel Pégourié-Gonnard
a5ffa93e43
Merge pull request #7142 from mpg/driver-only-ecdh-starter
Driver-only ECDH starter
2023-03-07 09:14:38 +01:00
Paul Elliott
8c092052bd Add public key verification tests
Add public key verification tests, and alter test intent comments to make it
obvious that verify_hash_interruptible can do public keys as well as private
and keypairs.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2023-03-06 17:49:14 +00:00
Manuel Pégourié-Gonnard
228a30d16c
Merge pull request #7120 from mpg/md-light
Define "MD light" subset of MD
2023-03-06 11:02:19 +01:00
Dave Rodgman
4693fd9e9e
Merge pull request #7173 from daverodgman/zeroize-platform
Use platform-provided secure zeroization
2023-03-06 09:16:12 +00:00
Dave Rodgman
45cef61fa4
Merge branch 'development' into md-light
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-03-03 14:28:13 +00:00
Przemek Stekiel
5a49d3cce3 Replace mbedtls_x509_san_node with mbedtls_x509_subject_alternative_name
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-03-03 12:58:11 +01:00
Przemek Stekiel
8e83d3aaa9 Add tests for writting SAN to CSR
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-03-03 12:58:05 +01:00
Andrzej Kurek
8a045ce5e6 Unify PSA to Mbed TLS error translation
Move all error translation utilities to psa_util.c.
Introduce macros and functions to avoid having
a local copy of the error translating function in
each place.
Identify overlapping errors and introduce a
generic function.
Provide a single macro for all error translations
(unless one file needs a couple of different ones).
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2023-03-03 05:23:44 -05:00
Jerry Yu
9a12df022e Add tests for time rountine
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-03-03 15:31:28 +08:00
Paul Elliott
ddbc6ed6cd Enable all keys for interruptible op fail tests
Due to a misunderstanding about the purpose of the test, I had limited this to
ECC keys only, however this defeats the purpose of the test, and left gaps in
test coverage.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2023-03-02 16:03:43 +00:00
Dave Rodgman
f4385faa6f
Merge pull request #7188 from paul-elliott-arm/interruptible_sign_hash_complete_after_start_fail
Interruptible {sign|verify} hash - Call complete() after start() failure.
2023-03-01 17:18:08 +00:00
Paul Elliott
42585f678b
Merge pull request #7176 from paul-elliott-arm/interruptible_sign_hash_verify_test_improvements
Interruptible {sign|verify} hash verification test improvements
2023-03-01 15:00:45 +00:00
Paul Elliott
ebf2e38662
Merge pull request #7177 from paul-elliott-arm/interruptible_sign_hash_improve_num_ops_testing
Interruptible sign hash improve num ops testing
2023-03-01 14:59:44 +00:00
Paul Elliott
de7c31e082 Improve comment wording
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2023-03-01 14:43:52 +00:00
Przemek Stekiel
f5dcb8886a Rework pake input getters tests
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-03-01 12:28:21 +01:00
Gilles Peskine
1eae11565d
Merge pull request #6949 from bensze01/replace_pkcs7_fuzzer_tests
Replace fuzzer-generated PKCS #7 memory management tests
2023-03-01 10:46:22 +01:00
Paul Elliott
7c17308253 Add num_ops tests to sign and verify interruptible hash
This is the only test usable for non-deterministic ECDSA, thus needs this
code path testing as well.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2023-02-28 17:23:29 +00:00
Paul Elliott
8359c14c14 Add hash corruption test to interruptible verify test
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2023-02-28 17:23:29 +00:00
Paul Elliott
c1e0400bac Add test to check not calling get_num_ops()
Make sure that not calling get_num_ops() inbetweeen calls to complete() does
not mean that ops get lost (Regression test for previous fix).

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2023-02-28 17:20:14 +00:00
Paul Elliott
9e8819f356 Move 'change max_ops' test into ops tests
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2023-02-28 17:20:14 +00:00
Paul Elliott
5770224ef3 Rename max ops tests to ops tests
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2023-02-28 17:20:14 +00:00
Gilles Peskine
7e677fa2c5
Merge pull request #6389 from gilles-peskine-arm/ecdsa-use-psa-without-pkwrite
Remove pkwrite dependency in pk using PSA for ECDSA
2023-02-28 18:17:16 +01:00
Paul Elliott
587e780812 Test calling complete() after {sign|verify}_hash_start fails
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2023-02-28 17:13:39 +00:00
Dave Rodgman
17152df58d
Merge pull request #7175 from paul-elliott-arm/interruptible_sign_hash_test_comments
Interruptible sign hash test comments
2023-02-28 17:09:43 +00:00
Gilles Peskine
ebb63420cc
Merge pull request #7124 from oberon-microsystems/fix-test-output-length-on-success-only
Fix test to check output length on PSA_SUCCESS only
2023-02-28 18:09:33 +01:00
Dave Rodgman
ffb4dc38c8
Merge pull request #7183 from paul-elliott-arm/interruptible_sign_hash_test_max_ops_0
Interruptible {sign|verify} hash : Change max_ops=min tests to use a value of zero.
2023-02-28 15:56:01 +00:00
Bence Szépkúti
4a2fff6369 Fix expected error code
This was overlooked during the rebase.

Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2023-02-28 16:40:27 +01:00
Gabor Mezei
804cfd32ea
Follow the naming convention
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2023-02-27 16:50:09 +01:00
Paul Elliott
ac2251dad1
Merge pull request #7076 from mprse/parse_RFC822_name
Add parsing of x509 RFC822 name + test
2023-02-27 14:16:13 +00:00
Paul Elliott
cd7e8bce03 Change max_ops=min tests to use zero
Zero is the minimum value defined by the spec, just because the internal
implementation treats zero and one as the same thing does not mean that other
implementations will also do so.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2023-02-27 12:21:36 +00:00
Stephan Koch
5819d2c141 Feedback from Arm: guarantee that output_length <= output_size even on error, to reduce the risk that a missing error check
escalates into a buffer overflow in the application code

Signed-off-by: Stephan Koch <koch@oberon.ch>
2023-02-27 11:49:13 +01:00
oberon-sk
10c0f770ce asymmetric_encrypt: check output length only if return code is PSA_SUCCESS.
Signed-off-by: Stephan Koch <koch@oberon.ch>
2023-02-27 11:48:51 +01:00
Paul Elliott
c2033502f5 Give edge case tests a better name
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2023-02-26 18:47:58 +00:00
Paul Elliott
c7f6882995 Add comments to each test case to show intent
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2023-02-26 18:47:58 +00:00
Dave Rodgman
21dfce7a5c Add tests
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-02-25 17:10:38 +00:00
Dave Rodgman
a4e8fb0041 Add tests
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-02-24 15:57:30 +00:00
Bence Szépkúti
248971348b Replace fuzzer-generated PKCS7 regression tests
This commit adds well-formed reproducers for the memory management
issues fixed in the following commits:

290f01b3f5
e7f8c616d0
f7641544ea

Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2023-02-24 15:31:03 +01:00
Przemek Stekiel
6f2d1f419a Further pake tests optimizations
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-02-24 10:22:47 +01:00
Przemek Stekiel
083745e097 Fix code style
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-02-23 17:28:23 +01:00
Przemek Stekiel
d59d2a4dee Optimize pake tests
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-02-23 07:30:40 +01:00
Janos Follath
406b9172ad
Merge pull request #7044 from minosgalanakis/bignum/6342_add_named_moduli_setup
Bignum: Add named moduli setup
2023-02-22 12:14:33 +00:00
Przemek Stekiel
80a8849903 Adapt conditional compilation flags for jpake alg
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-02-22 11:30:32 +01:00
Przemek Stekiel
3e784d8981 PSA crypto pake: call abort on each failure
Adapt driver hook counters in pake driver test.

Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-02-22 11:30:32 +01:00
Przemek Stekiel
f62b3bb087 Optimization of pake core functions
Adapt pake test (passing NULL buffers is not allowed).
Passing the null buffer to psa_pake_output results in a hard fault.

Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-02-22 11:30:32 +01:00
Przemek Stekiel
dde6a910bb Optimize out psa_pake_computation_stage_t
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-02-22 11:30:32 +01:00
Przemek Stekiel
ca8d2b2589 Add get-data functions for inputs + tests
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-02-22 11:30:32 +01:00
Przemek Stekiel
7b730175b3 Simplify psa_pake_computation_stage_s structure
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-02-22 11:30:32 +01:00
Przemek Stekiel
9a5b812aa8 Cleanup the code
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-02-22 11:30:31 +01:00
Przemek Stekiel
fcd70e250f Adapt pake driver wrapper tests for the new design
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-02-22 11:30:31 +01:00
Przemek Stekiel
e12ed36a6c Move JPAKE state machine logic from driver to core
- Add `alg` and `computation_stage` to `psa_pake_operation_s`.
  Now when logic is moved to core information about `alg` is required.
  `computation_stage` is a structure that provides a union of computation stages for pake algorithms.
- Move the jpake operation logic from driver to core. This requires changing driver entry points for `psa_pake_output`/`psa_pake_input` functions and adding a `computation_stage` parameter. I'm not sure if this solution is correct. Now the driver can check the current computation stage and perform some action. For jpake drivers `step` parameter is now not used, but I think it needs to stay as it might be needed for other pake algorithms.
- Removed test that seems to be redundant as we can't be sure that operation is aborted after failure.

Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-02-22 11:30:31 +01:00
Przemek Stekiel
3f9dbac83f Adapt ake driver tests to the new design
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-02-22 11:30:31 +01:00
Przemek Stekiel
c6b954686b Adapt test_suite_psa_crypto_pake test for the new design
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-02-22 11:30:31 +01:00
Przemek Stekiel
7658a0768b Add pake driver wrapper tests
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>

Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-02-22 11:25:30 +01:00
Gilles Peskine
ffb92b0789
Merge pull request #7105 from davidhorstmann-arm/fix-oid-printing-bug
Fix bugs in OID to string conversion
2023-02-21 23:16:44 +01:00
Paul Elliott
48c591cb56 Fix warning with GCC 12
Fix warning about variable being used uninitialised.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2023-02-21 16:31:56 +00:00
Gilles Peskine
250a5ac4cb
Merge pull request #7095 from paul-elliott-arm/interruptible_sign_hash_codestyle
Implement PSA interruptible sign/verify hash
2023-02-21 15:13:34 +01:00
Manuel Pégourié-Gonnard
d1c001aff7 Fix some dependencies in test_suite_psa_crypto
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-02-21 13:37:17 +01:00
Przemek Stekiel
a006f8c17b Adapt dependencies for parsing rfc822Name test
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-02-21 13:36:56 +01:00
Dave Rodgman
e42cedf256
Merge pull request #7077 from daverodgman/pkcs7-fixes-dm-rebased
Pkcs7 fixes
2023-02-21 11:53:30 +00:00
Gabor Mezei
f65a059a64
Add test generation for ecp_mod_p224_raw
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2023-02-21 11:40:27 +01:00
Gabor Mezei
66f88a9d22
Extract Secp224r1 from the prototype
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2023-02-21 11:32:29 +01:00
David Horstmann
a4fad2ba67 Correct error code in test_suite_x509parse.data
Signed-off-by: David Horstmann <david.horstmann@arm.com>
2023-02-20 14:57:47 +00:00
Dave Rodgman
716163e824 Improve allocation bounds in testing
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-02-20 14:46:51 +00:00
David Horstmann
5b5a0b618c Change error codes to more appropriate codes
The more precise error codes are borrowed from the ASN1 module.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
2023-02-20 14:24:12 +00:00
Przemek Stekiel
5b9e4168cf Add rfc822Name support in mbedtls_x509_info_subject_alt_name + adapt test
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-02-20 15:09:50 +01:00
Przemek Stekiel
608e3efc47 Add test for parsing SAN: rfc822Name
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-02-20 15:09:50 +01:00
Minos Galanakis
a30afe2216 ecp_curves: Minor refactoring.
This patch introduces the following changes:
* Documentation for `mbedtls_ecp_modulus_setup()`
  moved to `ecp_invasive.h`.
* Added invalid modulus selector `MBEDTLS_ECP_MOD_NONE`.
* Adjusted negative tests to use invalid selectors.
* Reworded documentation.

Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
2023-02-20 13:53:06 +00:00
Minos Galanakis
36f7c0e69b test_suite_ecp: Added .data for ecp_setup_test()
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
2023-02-20 13:51:49 +00:00
Minos Galanakis
9a1d02d738 test_suite_ecp: Added test for mbedtls_ecp_modulus_setup()
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
2023-02-20 13:51:48 +00:00
Janos Follath
ec718afb41
Merge pull request #7051 from gabor-mezei-arm/6376_Secp521r1_fast_reduction
Add a raw entry point to Secp521r1 fast reduction
2023-02-20 13:03:12 +00:00
Manuel Pégourié-Gonnard
718eb4f190
Merge pull request #7025 from AndrzejKurek/uri_san
Add the uniformResourceIdentifier subtype for the subjectAltName
2023-02-20 11:29:59 +01:00
Paul Elliott
f8e5b56ad8 Fix get_num_ops internal code.
Previously calling get_num_ops more than once would have ended up with ops
getting double counted, and not calling inbetween completes would have ended up
with ops getting missed. Fix this by moving this to where the work is actually
done, and add tests for double calls to get_num_ops().

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2023-02-19 18:55:10 +00:00
Manuel Pégourié-Gonnard
b9b630d628 Define "light" subset of MD
See docs/architecture/psa-migration/md-cipher-dispatch.md

Regarding testing, the no_md component was never very useful, as that's
not something people are likely to want to do: it was mostly useful as
executable documentation of what depends on MD. It's going to be even
less useful when more and more modules auto-enable MD_LIGHT or even
MD_C. So, recycle it to test the build with only MD_LIGHT, which is
something that might happen in practice, and is necessary to ensure that
the division is consistent.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-02-16 22:30:06 +01:00
Manuel Pégourié-Gonnard
ba2412fd21 Remove internal function md_process()
It was already marked as internal use only, and no longer used
internally. Also, it won't work when we dispatch to PSA.

Remove it before the MD_LIGHT split to avoid a corner case: it's
technically a hashing function, no HMAC or extra metadata, but we still
don't want it in MD_LIGHT really.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-02-16 18:44:46 +01:00
Dave Rodgman
d652dce9ea Add failing test case (invalid signature) for zero-length data
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-02-16 16:39:34 +00:00
Dave Rodgman
c5874db5b0 Add test-case for signature over zero-length data
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-02-16 16:14:46 +00:00
Paul Elliott
0af1b5367b Remove some abbrevations from test descriptions.
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2023-02-16 12:15:39 +00:00
Paul Elliott
96b89b208a Add comment to indicate non-PSA spec assertion.
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2023-02-16 12:15:39 +00:00
Paul Elliott
f1743e2440 Add verify call to max ops tests
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2023-02-16 12:15:39 +00:00
Paul Elliott
c86d45e8a1 Remove spurious incorrect comment
Comment originated from original version of this code, and the newer comment
which was added when it was pulled into a seperate function covers all cases.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2023-02-15 23:34:29 +00:00
Paul Elliott
efebad0d67 Run extra complete in failure tests regardless.
We do not need to expect to fail, running another complete in either sign or
verify after successful completion should also return BAD_STATE.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2023-02-15 23:34:29 +00:00
Paul Elliott
01885fa5e5 Fix include guards on auxiliary test function.
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2023-02-15 23:34:29 +00:00
Paul Elliott
a4cb909fcd Add max ops tests
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2023-02-15 23:34:29 +00:00
Paul Elliott
76d671ad73 Split state tests into two functions
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2023-02-15 23:34:29 +00:00
Paul Elliott
b830b35fb1 Shorten test descriptions.
Also mark some tests as being deterministic ECDSA where this was lacking.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2023-02-15 23:34:29 +00:00
Paul Elliott
1243f93cca Fix build fails with non ECDSA / restartable builds
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2023-02-15 23:34:29 +00:00
Paul Elliott
6f60037589 Move {min|max}_complete choice logic into function
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2023-02-15 23:34:29 +00:00
Paul Elliott
c9774411d4 Ensure that operation is put into error state if error occurs
If an error occurs, calling any function on the same operation should return
PSA_ERROR_BAD_STATE, and we were not honouring that for all errors. Add extra
failure tests to try and ratify this.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2023-02-15 23:34:29 +00:00
Paul Elliott
f9c91a7fb5 Store the hash, rather than the pointer
For sign and verify, the pointer passed in to the hash is not guaranteed to
remain valid inbetween calls, thus we need to store the hash in the
operation. Added a test to ensure this is the case.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2023-02-15 23:34:29 +00:00
Paul Elliott
0e9d6bd3f8 Replace MBEDTLS_ECP_DP_SECP384R1_ENABLED
With more appropriate PSA_WANT_ECC_SECP_R1_384

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2023-02-15 23:34:29 +00:00
Paul Elliott
813f9cdcbb Non ECDSA algorithms should return not supported
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2023-02-15 23:34:29 +00:00
Paul Elliott
ab7c5c8550 Change incorrect define for MAX_OPS_UNLIMITED
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2023-02-15 23:34:29 +00:00
Paul Elliott
cb23311bd0 Fix incorrect test dependencies part 2
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2023-02-15 23:34:29 +00:00
Paul Elliott
c4e2be86ef Fix incorrect test dependancies
Test for not having determnistic ECDSA was also being run when no ECDSA, and
this fails earlier. Fixed this and added a specific test for no ECDSA. Also
fixed (swapped) incorrect test descriptions.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2023-02-15 23:34:29 +00:00
Paul Elliott
62dfb95993 Fix broken negative test
Test for unsupported deterministic ECDSA was originally passing due to
incorrect code, fixing the code unfortunately broke the test.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2023-02-15 23:34:29 +00:00
Paul Elliott
97ac7d9090 Calculate min/max completes rather than passing in to test
Only 2 options were really possible anyway - complete in 1 op, or somewhere
between 2 and max ops. Anything else we cannot test due to implementation
specifics.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2023-02-15 23:34:29 +00:00
Paul Elliott
334d726d40 Ensure ops are tested on successful 'fail' tests
Make sure the number of ops is tested in the interruptible failure tests,
should they get through the interruptible loop part.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2023-02-15 23:34:29 +00:00
Paul Elliott
edfc883568 Change test loops over to do...while
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2023-02-15 23:34:29 +00:00
Paul Elliott
59ad9457b6 Add {sign/verify}_hash_abort_internal
Ensure that num_ops is cleared when manual abort is called, but obviously not
when an operation just completes, and test this.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2023-02-15 23:34:29 +00:00
Paul Elliott
20a360679b Add State tests
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2023-02-15 23:34:29 +00:00
Paul Elliott
0c68335a42 Convert tests to configurable max_ops
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2023-02-15 23:34:29 +00:00
Paul Elliott
4cec2f60dc Add interruptible to psa_op_fail tests
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2023-02-15 23:34:29 +00:00
Paul Elliott
9100797cb3 Negative tests
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2023-02-15 23:34:29 +00:00
Paul Elliott
712d512007 Basic tests
Sign Hash, Verify Hash and Sign and Verify Hash.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2023-02-15 23:34:29 +00:00
Gabor Mezei
555b1f7e44
Add check for test
Check the bit length of the output of ecp_mod_p521_raw.

Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2023-02-15 18:19:09 +01:00
Gabor Mezei
cf228706cd
Restrict input parameter size for ecp_mod_p521_raw
The imput mpi parameter must have twice as many limbs as the modulus.

Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2023-02-15 18:19:08 +01:00
Gabor Mezei
b62ad5d569
Rename function to follow naming convention
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2023-02-15 18:13:48 +01:00
Gabor Mezei
d8f67b975b
Add test generation for ecp_mod_p521_raw
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2023-02-15 18:13:48 +01:00
Gilles Peskine
e2a9f86755
Merge pull request #6971 from gabor-mezei-arm/6026_Secp192r1_fast_reduction
Extract Secp192r1 fast reduction from the prototype
2023-02-15 16:22:36 +01:00
David Horstmann
895eb7c9b5 Add testcases for overlong encoding of OIDs
Signed-off-by: David Horstmann <david.horstmann@arm.com>
2023-02-15 12:09:41 +00:00
David Horstmann
f01de145bd Add tests for mbedtls_oid_get_numeric_string()
Signed-off-by: David Horstmann <david.horstmann@arm.com>
2023-02-15 11:45:51 +00:00
Gilles Peskine
c5e2a4fe67
Merge pull request #6937 from valeriosetti/issue6886
Add test for PK parsing of keys using compressed points
2023-02-14 19:54:29 +01:00
Andrzej Kurek
570a0f808b Move to DER certificates for new x509 tests
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2023-02-14 05:52:49 -05:00
Dave Rodgman
319a5675db
Merge pull request #7084 from daverodgman/sizemax-uintmax
Assume SIZE_MAX >= INT_MAX, UINT_MAX
2023-02-14 10:06:22 +00:00
Andrzej Kurek
4077372b98 Fix SHA requirement for SAN URI tests
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2023-02-13 10:18:17 -05:00
Andrzej Kurek
7a05fab716 Added the uniformResourceIdentifier subtype for the subjectAltName.
Co-authored-by: Hannes Tschofenig <hannes.tschofenig@arm.com>
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2023-02-13 10:03:07 -05:00
Valerio Setti
1b08d421a7 test: fix: replace CAN_ECDSA_SOME with CAN_ECDSA_SIGN+CAN_ECDSA_VERIFY when both are needed
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-02-13 15:35:37 +01:00
Valerio Setti
16f02e0196 test: adjust include after PK_CAN_ECDSA_SOME was moved
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-02-13 15:35:37 +01:00
Valerio Setti
d928aeb9ac test_suite_ssl: use new macros for ECDSA capabilities
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-02-13 15:35:37 +01:00
Valerio Setti
ed02bb1f95 test_suite_debug: replace ECDSA_C with new ECDSA macros
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-02-13 15:35:37 +01:00
Manuel Pégourié-Gonnard
d3d8c852a0
Merge pull request #6997 from valeriosetti/issue6858
driver-only ECDSA: get testing parity in X.509
2023-02-13 15:30:06 +01:00
Gabor Mezei
23d4b8baee
Add check for test
Check the bit length of the output of p192_raw.

Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2023-02-13 14:13:33 +01:00
Valerio Setti
178b5bdddf pk: move MBEDTLS_PK_CAN_ECDSA_SOME macro to pk.h and fix tests
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-02-13 11:15:06 +01:00
Valerio Setti
a119cb64ef test: remove redundant ECDSA_C dependencies from test_suite_x509parse.data
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-02-13 09:54:49 +01:00
Manuel Pégourié-Gonnard
daa65956c3
Merge pull request #7046 from mpg/cleanup-md-tests
Clean up MD tests
2023-02-13 09:51:28 +01:00
Dave Rodgman
641288bc1e Restore test guards
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-02-11 22:02:04 +00:00
Dave Rodgman
91e832168f Restore more test guards
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-02-11 20:07:43 +00:00
Dave Rodgman
a476363042 Restore more test guards
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-02-11 18:36:23 +00:00
Dave Rodgman
d26d7445b8 Restore guards on a couple of tests
These tests check for failures, but can only fail where SIZE_MAX
exceeds some limit (UINT_MAX or UINT32_MAX) and do not fail
in this way otherwise - so guards are needed.

Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-02-11 17:22:03 +00:00
Dave Rodgman
4a5c9ee7f2 Remove redundant SIZE_MAX guards
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-02-10 16:03:44 +00:00
Valerio Setti
25fd51f4af test: add missing include in test_suite_x509parse
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-02-10 15:21:40 +01:00
Gilles Peskine
b8531c4b0b
Merge pull request #6882 from AndrzejKurek/x509_san_parsing_testing-dev
X.509: Fix bug in SAN parsing and enhance negative testing
2023-02-10 15:05:32 +01:00
Dave Rodgman
a22749e749
Merge pull request #6816 from nick-child-ibm/pkcs7_coverage
Pkcs7 coverage
2023-02-10 12:55:29 +00:00
Manuel Pégourié-Gonnard
2189fda914 Use TEST_EQUAL in one more place in test_suite_md
The only remaining occurrences of TEST_ASSERT are now pointer comparison,
to NULL or to a reference md_info. That is, the output of the following
command is empty:

    grep TEST_ASSERT tests/suites/test_suite_md.function |
        egrep -v '= NULL|== md_info|md_info =='

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-02-09 09:18:22 +01:00
Manuel Pégourié-Gonnard
a9a1b21ca9 Use ASSERT_COMPARE in test_suite_md
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-02-09 09:15:50 +01:00
Valerio Setti
00a6c6fcbe test: fix for using proper sign/verify macros
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-02-08 13:52:31 +01:00
Valerio Setti
fcc6933a53 test: fix disparities in x509parse and x509write suites
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-02-08 13:52:31 +01:00
Valerio Setti
683a432a7f fix code style
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-02-08 13:39:10 +01:00
Valerio Setti
a1e3e3a28f test: pk: keep PK_WRITE_C only in RSA tests
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-02-08 13:39:10 +01:00
Gilles Peskine
be9e2a1634 The pk_psa_sign test function needs pk_write
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-02-08 13:39:10 +01:00
Nick Child
3dafc6c3b3 pkcs7: Drop support for signature in contentInfo of signed data
The contentInfo field of PKCS7 Signed Data structures can
optionally contain the content of the signature. Per RFC 2315
it can also contain any of the PKCS7 data types. Add test and
comments making it clear that the current implementation
only supports the DATA content type and the data must be empty.

Return codes should be clear whether content was invalid or
unsupported.
Identification and fix provided by:
 - Demi Marie Obenour <demiobenour@gmail.com>
 - Dave Rodgman <dave.rodgman@arm.com>

Signed-off-by: Nick Child <nick.child@ibm.com>
2023-02-07 20:04:52 +00:00
Andrzej Kurek
7dcdc132d5 Change SHA256_C to HAS_ALG_SHA256_VIA[..] in x509 tests
This way these tests won't be skipped in a configuration with a driver.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2023-02-07 05:24:34 -05:00
Hanno Becker
5d82c3b99c X.509: Improve negative testing for SubjectAltName parsing
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2023-02-07 05:10:29 -05:00
Hanno Becker
db305ff42e X.509: Improve negative testing for SubjectAltName parsing
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2023-02-07 05:10:29 -05:00
Valerio Setti
4836374088 test: ECDSA driver only: fixing disparities in tests
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-02-07 08:02:23 +01:00
Manuel Pégourié-Gonnard
cced3521cb Fix style in test_suite_md.function
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-02-06 12:37:02 +01:00
Nick Child
50886c25f3 pkcs7/test: Add test for parsing a disabled algorithm
If the digest algorithm is not compiled into Mbedtls,
then any pkcs7 structure which uses this algorithm
should fail with MBEDTLS_ERR_PKCS7_INVALID_ALG.
Add test for this case.

Signed-off-by: Nick Child <nick.child@ibm.com>
2023-02-03 20:33:12 +00:00
Gilles Peskine
0cfb08ddf1
Merge pull request #6922 from mprse/csr_v3
Parsing v3 extensions from a CSR - v.2
2023-02-03 16:41:11 +01:00
Manuel Pégourié-Gonnard
f5e2331f8a Use TEST_EQUAL when applicable in test_suite_md
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-02-03 12:51:03 +01:00
Manuel Pégourié-Gonnard
b707bedca4 Avoid unnecessary copy in test_suite_md
Also avoids buffer with an arbitrary size while at it.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-02-03 12:32:41 +01:00
Manuel Pégourié-Gonnard
4ba98f5350 Use MBEDTLS_MD_MAX_SIZE in test_suite_md
Not only was the size of 100 arbitrary, it's also not great for testing:
using MBEDTLS_MD_MAX_SIZE will get us an ASan error if it ever is too
small.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-02-03 12:25:53 +01:00
Manuel Pégourié-Gonnard
c90514ee11 Use MD type not string to in MD test data
For all test that want to use a hash, identify it by its numerical type
rather than a string. The motivation is that when we isolate the
MD-light subset from the larger MD, it won't have support for string
identifiers. Do the change for all tests, not just those that will
exercise functions in MD-light, for the sake of uniformity and because
numerical identifiers just feel better.

Note: mbedtls_md_info_from_string is still tested in md_info().

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-02-03 12:13:10 +01:00
Manuel Pégourié-Gonnard
bae8d2ae13
Merge pull request #7028 from daverodgman/sizeof-brackets
Fix use of sizeof without brackets
2023-02-03 10:29:56 +01:00
Manuel Pégourié-Gonnard
d56def5c30
Merge pull request #6946 from valeriosetti/issue6856
driver-only ECDSA: fix testing disparities in ecp, random, se_driver_hal
2023-02-03 08:51:04 +01:00
Dave Rodgman
6dd757a8ba Fix use of sizeof without brackets
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-02-02 12:40:50 +00:00
Gabor Mezei
2038ce976e
Rename function to follow naming convention
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2023-01-31 14:40:05 +01:00
Gabor Mezei
51ec06aa51
Add test function for ecp_mod_p192_raw
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2023-01-31 14:40:05 +01:00
Gilles Peskine
470f10cfc5
Merge pull request #6941 from gabor-mezei-arm/6375_quasi-reduction_function
Add function to fix quasi-reduction
2023-01-31 11:25:25 +01:00
Nick Child
a0c15d0fec pkcs7/test: Add test cases for pkcs7 with 3 signers
Previously, a loop in pkcs7_get_signers_info_set was not
getting covered by tests. This was because when there are
two or less signers, the loop will not execute.
Therefore, add new data files for another signer and use
three signers to generate a new pkcs7 DER file. Add a test
case to make sure that verification is still successfula and
use the test script to create ASN1 errors throoughout the
stucture:
./generate_pkcs7_tests.py ../data_files/pkcs7_data_3_signed.der

This results in the loop being executed.

Signed-off-by: Nick Child <nick.child@ibm.com>
2023-01-30 19:30:38 +00:00
Nick Child
951f700909 pkcs7/test: Allocate hash dynamically
Rather than using a static array, use the md_info
size to allocate dynamically.

Signed-off-by: Nick Child <nick.child@ibm.com>
2023-01-30 16:45:04 +00:00
Nick Child
c547447deb pkcs7/test: Let verify take dynamic number of certs
Previously there were two test functions for verify.
One allowed for the verification of one certificate and
the other allowed for verification of two certificates.

Merge these two functions into one function that can take
any number of certificates as an argument.

Signed-off-by: Nick Child <nick.child@ibm.com>
2023-01-30 16:45:04 +00:00
Nick Child
ec81709516 pkcs7: Ensure all data in asn1 structure is accounted for
Several PKCS7 invalid ASN1 Tests were failing due to extra
data bytes or incorrect content lengths going unnoticed. Make
the parser aware of possible malformed ASN1 data.

Signed-off-by: Nick Child <nick.child@ibm.com>
2023-01-30 16:44:58 +00:00
Nick Child
4983ddf747 test/pkcs7: Add more tests for better coverage
Add test calls to raw asn1 data with slight syntatical errors
Increases %branches covered from 70.4% to 87.7%.
Add a script which serves as documentation for how these new test
cases were generated:
 ./generate_pkcs7_tests.py ../data_files/pkcs7_data_cert_signed_sha256.der
 ./generate_pkcs7_tests.py ../data_files/pkcs7_data_multiple_signed.der

Signed-off-by: Nick Child <nick.child@ibm.com>
2023-01-30 15:55:44 +00:00
Nick Child
b781770b3e test/pkcs7: Add helper function
In the future, tests will be added which take in a char buffer
and buflen. Rather than duplicate code, have tests which
read from file and from buffer use the same helper function

Signed-off-by: Nick Child <nick.child@ibm.com>
2023-01-30 15:55:44 +00:00
Nick Child
e8a811650b test/pkcs7: Add test for expired cert
PKCS7 verification should fail if the signing cert is expired.
Add test case for this condition.

Signed-off-by: Nick Child <nick.child@ibm.com>
2023-01-30 15:55:44 +00:00
Nick Child
ff2746fa56 test/pkcs7: Add test for wrong hash alg
Add a test to verify a hash which uses a different digest
algorithm than the one specified in the pkcs7.

Signed-off-by: Nick Child <nick.child@ibm.com>
2023-01-30 15:55:44 +00:00
Manuel Pégourié-Gonnard
aae61257d1
Merge pull request #6883 from valeriosetti/issue6843
Improve X.509 cert writing serial number management
2023-01-30 13:08:57 +01:00
Valerio Setti
18b9b035ad test: add test for a full length serial of 0xFF
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-01-27 11:47:57 +01:00
Valerio Setti
a87f839113 test: improve error handling in x509_set_serial_check()
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-01-27 11:29:42 +01:00
Manuel Pégourié-Gonnard
169d9e6eb4
Merge pull request #6802 from gilles-peskine-arm/test_suite_psa_crypto_metadata-20221215
Add metadata tests for CCM* and TLS1.2-ECJPAKE-to-PMS
2023-01-27 10:05:00 +01:00
Przemek Stekiel
59f4a18b6f Fix test dependency SHA1 -> SHA256
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-01-27 07:14:14 +01:00
Valerio Setti
af4815c6a4 x509: replace/fix name of new function for setting serial
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-01-26 17:43:09 +01:00
Valerio Setti
fa49a8ecdb test: fix complementary domain testing for !MBEDTLS_ECP_C
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-01-26 17:16:38 +01:00
Przemek Stekiel
d7992df529 Use input files to parse CSR instead of bytes
Additionally fix the generation of test_csr_v3_all_malformed_extension_ns_cert_bitstream_tag.csr.der which was incorectly malformed.

Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-01-25 16:19:50 +01:00
Valerio Setti
de7bb5b361 test: add failing check for secp224r1 with compressed format
The test is expected to fail, so we verify that this is really
not suppported

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-01-25 14:02:03 +01:00
Valerio Setti
7e57920511 test: driver-only: fix disparities in psa_crypto_se_driver_hal
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-01-25 11:30:46 +01:00
Valerio Setti
4682948c1e test: driver-only: fix disparities in ECP
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-01-25 11:30:31 +01:00
Przemek Stekiel
94e21e153f Skip unsupported extensions
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-01-25 11:08:32 +01:00
Przemek Stekiel
92cce3fe6d Use extension .csr.der to indicate format
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-01-25 10:33:26 +01:00
Przemek Stekiel
f0e25c72d9 Add missing dependencies for negative tests, remove PEM dependency
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-01-25 09:38:01 +01:00
Gabor Mezei
86c90fca3e
Rename variables to follow the naming convention
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2023-01-24 14:21:10 +01:00
Gabor Mezei
ee2aff2093
Add check for test input
The input for fix_quasi_reduction must be in range 0 <= X < 2N.

Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2023-01-24 14:21:05 +01:00
Przemek Stekiel
160968586b Add negative test cases and use DER format for CSRs
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-01-24 10:57:19 +01:00
Przemek Stekiel
3f948c96e2 Fix typo in test dependencies
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-01-24 10:57:19 +01:00
Przemek Stekiel
685d472db3 Adapt expected output of existing tests
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-01-24 10:57:19 +01:00
Przemek Stekiel
46a4a4987e Add tests to very parsing of CSR v3 extensions
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-01-24 10:57:19 +01:00
Manuel Pégourié-Gonnard
4455fd2449
Merge pull request #6531 from AndrzejKurek/depends-py-kex-fixes
Depends.py - add exclusive domain tests to key exchange testing
2023-01-24 09:32:05 +01:00
Gabor Mezei
9073f7dd3b
Remove unneeded check
The fix_quasi_reduction function changed to static so checking the
invalid arguments are not needed anymore.

Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2023-01-23 19:05:37 +01:00
Gabor Mezei
e81a2b85c9
Change the fix_quasi_reduction function to static
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2023-01-23 18:58:20 +01:00
Gabor Mezei
aaa1d2a276
Move the quasi reduction fixing function to bignum_mod_raw
Rename the function to 'fix_quasi_reduction' to better suite its functionality.
Also changed the name prefix to suite for the new module.

Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2023-01-23 18:55:57 +01:00
Janos Follath
3e0769b598
Merge pull request #6832 from daverodgman/fast-unaligned-ct
Improve efficiency of some constant time functions
2023-01-23 10:55:35 +00:00
Dave Rodgman
58c721e894 Add TEST_CF_SECRET to mbedtls_ct_memcpy_if_eq test
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-01-21 11:13:55 +00:00
Dave Rodgman
22b0d1adbf Test memcmp with differences starting after the first byte
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-01-21 10:29:00 +00:00
Dave Rodgman
95ec58cc12 Remove not-needed stdio include from tests
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-01-20 14:04:48 +00:00
Dave Rodgman
39188c0a2a Add unit tests for mbedtls_ct_memcmp and mbedtls_ct_memcpy_if_eq
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-01-20 14:04:48 +00:00
Dave Rodgman
dc3b1540cd Fix test guards
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-01-20 11:39:00 +00:00
Andrzej Kurek
723b8779f9 Add missing key exchange requirements to test_suite_ssl
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2023-01-19 18:31:00 -05:00
Andrzej Kurek
a86cef32cf Add missing KEX DHE-RSA requirement for one ssl test
This specific cipher is used to test record splitting.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2023-01-19 18:27:57 -05:00
Andrzej Kurek
9113df8c8f Add missing RSA-type dependencies in test_suite_ssl
These tests are not run in development because of the
overlapping !TLS_1_3 requirement and usage of full config.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2023-01-19 18:26:31 -05:00
Gilles Peskine
2566679eb8 Add metadata test case for PSA_ALG_TLS12_ECJPAKE_TO_PMS
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-01-19 12:11:20 +01:00
Gilles Peskine
4db02f2324 Add SECRET input validation test cases for PSA_WANT_ALG_TLS12_ECJPAKE_TO_PMS
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-01-19 12:11:19 +01:00
Gilles Peskine
763ffdd2a6 Add metadata test case for PSA_ALG_CCM_STAR_NO_TAG
The following shell command (requiring GNU grep) looks for algorithms and
key types, as well as IS and GET macros, that lack metadata tests:
```
for x in $(grep -Pho '(?<=^#define )PSA_(ALG|KEY_TYPE)_(?!CATEGORY_|NONE\b|\w+_(BASE|FLAG|MASK|CASE))\w+' include/psa/crypto_values.h include/psa/crypto_extra.h); do grep -qw $x tests/suites/test_suite_psa_crypto_metadata.* || echo $x; done
```

This may have false negatives: it only checks that the constants are
mentioned at least once, not that the tests are written correctly.

This has false positives:
* Types and algorithms that Mbed TLS does not support.
* PSA_ALG_ECDSA_IS_DETERMINISTIC, PSA_ALG_DSA_IS_DETERMINISTIC are peculiar
  auxiliary macros that only apply to very specific algorithms and aren't
  tested like the other IS macros.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-01-19 12:11:19 +01:00
Gilles Peskine
bba2630549 Add ECJPAKE secret input types to psa/crypto_config.h
Add PSA_WANT_KEY_TYPE_PASSWORD and PSA_WANT_KEY_TYPE_PASSWORD_HASH to
psa/crypto_config.h, since the types PSA_KEY_TYPE_PASSWORD and
PSA_KEY_TYPE_PASSWORD_HASH are used by ECJPAKE.

The two key types are always enabled, like PSA_KEY_TYPE_DERIVE.

Add the key types to the metadata test suite as well.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-01-19 12:11:19 +01:00
Andrzej Kurek
714ae6551e Add missing key exchange requirements to test_suite_ssl
Some of the tests use mbedtls_test_cli_key_rsa_der and
mbedtls_test_cli_crt_rsa_der, and these can be used with
specific ciphersuites.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2023-01-17 10:38:11 -05:00
Gabor Mezei
a38db2a55b
Add missing inlcude
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2023-01-17 16:34:49 +01:00
Gabor Mezei
65fc9f78d4
Add tests for ecp quasi-reduction
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2023-01-17 13:16:46 +01:00
Valerio Setti
c60611b986 test: check pkparse with compressed ec
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-01-16 16:27:11 +01:00
Valerio Setti
856cec45eb test: x509: add more tests for checking certificate serial
- added 2 new certificates: 1 for testing a serial which is full lenght
  and another one for a serial which starts with 0x80

- added also proper Makefile and openssl configuration file to generate
  these 2 new certificates

Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2023-01-12 17:01:45 +01:00
Valerio Setti
b8dc18f3b6 test: fix: remove invalid comment
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2023-01-12 17:01:44 +01:00
Valerio Setti
ea19d2db73 changelog: fixed typos
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2023-01-12 17:01:44 +01:00
Valerio Setti
aad8dbd38d test: fix tests for x509write_crt_set_serial(_new)
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2023-01-12 17:01:44 +01:00
Valerio Setti
5d164c4e23 fix: add missing deprecation guards
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2023-01-12 17:01:44 +01:00