Dave Rodgman
a9a53a05f0
Merge remote-tracking branch 'origin/development' into misc-code-size
2023-08-31 11:53:46 +01:00
Gilles Peskine
7b2b76a2d4
Merge pull request #7165 from yanrayw/7094-collect-compatsh-test-cases
...
check_test_cases.py: support to collect test cases for compat.sh
2023-08-31 07:30:20 +00:00
Dave Rodgman
dbddb00158
Ensure mbedtls_sha3_finish zeroizes the context
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-08-30 18:43:23 +01:00
Yanray Wang
63f0abe226
check_test_cases: add a comment to explain idx in walk_compat_sh
...
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-08-30 18:31:37 +08:00
Dave Rodgman
29bf911058
Merge pull request #7839 from daverodgman/psa-sha3
...
SHA-3 via PSA
2023-08-30 08:51:36 +00:00
Yanray Wang
ab717b5287
Merge remote-tracking branch 'origin/development' into 7094-collect-compatsh-test-cases
2023-08-30 10:38:28 +08:00
Dave Rodgman
33e1f42307
Fix use of mbedtls_psa_safer_memcmp in test code
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-08-29 18:17:29 +01:00
Gilles Peskine
a878b663cf
Merge pull request #8090 from silabs-Kusumit/PBKDF2_higher_cost_tests
...
PBKDF2: tests with higher input costs
2023-08-29 14:00:17 +00:00
Dave Rodgman
d395590597
Merge pull request #7579 from daverodgman/safer-ct-asm
...
Arm assembly implementation of constant time primitives
2023-08-28 08:26:29 +00:00
Gilles Peskine
8ca2041145
Merge pull request #8074 from tgonzalezorlandoarm/tg/allowlist
...
Implement allowlist of test cases that are legitimately not executed
2023-08-24 18:03:20 +00:00
Tomás González
d43cab3f5c
Correct analyze_outcomes identation
...
Signed-off-by: Tomás González <tomasagustin.gonzalezorlando@arm.com>
2023-08-24 09:12:40 +01:00
Gilles Peskine
e65bba4dd2
Merge pull request #7803 from gilles-peskine-arm/psa-low-hash-mac-size
...
Start testing the PSA built-in drivers: hashes
2023-08-22 11:19:41 +00:00
Tomás González
a0631446b5
Correct analyze_outcomes.py identation
...
Signed-off-by: Tomás González <tomasagustin.gonzalezorlando@arm.com>
2023-08-22 12:18:04 +01:00
Tomás González
5022311c9d
Tidy up allow list definition
...
* Don't break string literals in the allow list definition
* Comment each test that belongs to the allow list is there.
Signed-off-by: Tomás González <tomasagustin.gonzalezorlando@arm.com>
2023-08-22 09:54:28 +01:00
Tomás González
7ebb18fbd6
Make non-executed tests that are not in the allow list an error
...
* Turn the warnings produced when finding non-executed tests that
are not in the allow list into errors.
Signed-off-by: Tomás González <tomasagustin.gonzalezorlando@arm.com>
2023-08-22 09:47:49 +01:00
Gilles Peskine
6d14c2b858
Remove dead code
...
Do explain why we don't test a smaller buffer in addition to testing the
nominal size and a larger buffer.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-08-22 09:59:50 +02:00
Gilles Peskine
c9187c5866
New test suite for the low-level hash interface
...
Some basic test coverage for now:
* Nominal operation.
* Larger output buffer.
* Clone an operation and use it after the original operation stops.
Generate test data automatically. For the time being, only do that for
hashes that Python supports natively. Supporting all algorithms is future
work.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-08-22 09:59:42 +02:00
Tom Cosgrove
17d5081ffb
Merge pull request #8099 from gilles-peskine-arm/split-config_psa-prepare
...
Prepare to split config_psa.h
2023-08-22 07:30:46 +00:00
Gilles Peskine
fdb722384b
Move PSA information and dependency automation into their own module
...
This will let us use these features from other modules (yet to be created).
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-08-21 18:32:11 +02:00
Gilles Peskine
796bc2b8f9
Merge pull request #7486 from AndrzejKurek/calloc-also-zeroizes
...
Document mbedtls_calloc zeroization
2023-08-21 15:47:21 +00:00
Gilles Peskine
d686c2a822
Merge pull request #7971 from AgathiyanB/fix-data-files-makefile
...
Fix server1.crt.der in tests/data_files/Makefile
2023-08-21 14:43:07 +00:00
Gilles Peskine
44243e11ff
Remove obsolete header inclusions
...
Since 3.0.0, mbedtls_config.h (formerly config.h) no longer needs to include
config_psa.h or check_config.h: build_info.h takes care of that.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-08-21 16:10:06 +02:00
Janos Follath
e220d258fd
Merge pull request #8086 from yanesca/remove-new-bignum
...
Remove new bignum when not needed
2023-08-21 10:59:41 +00:00
Dave Rodgman
1fdc884ed8
Merge pull request #7384 from yuhaoth/pr/add-aes-accelerator-only-mode
...
AES: Add accelerator only mode
2023-08-18 20:55:44 +00:00
Kusumit Ghoderao
5cad47df8a
Modify test description
...
The test data was generated using the python script.
PBKDF2_AES_CMAC_PRF_128 test vectors are generated using PyCryptodome library:
https://github.com/Legrandin/pycryptodome
Steps to generate test vectors:
1. pip install pycryptodome
2. Use the python script below to generate Derived key (see description for details):
Example usage:
pbkdf2_cmac.py <password> <salt> <number_of_iterations> <derived_key_len>
derive_output.py 4a30314e4d45 54687265616437333563383762344f70656e54687265616444656d6f 16384 16
password : 4a30314e4d45
salt : 54687265616437333563383762344f70656e54687265616444656d6f
input cost : 16384
derived key len : 16
output : 8b27beed7e7a4dd6c53138c879a8e33c
"""
from Crypto.Protocol.KDF import PBKDF2
from Crypto.Hash import CMAC
from Crypto.Cipher import AES
import sys
def main():
#check args
if len(sys.argv) != 5:
print("Invalid number of arguments. Expected: <password> <salt> <input_cost> <derived_key_len>")
return
password = bytes.fromhex(sys.argv[1])
salt = bytes.fromhex(sys.argv[2])
iterations = int(sys.argv[3])
dklen = int(sys.argv[4])
# If password is not 16 bytes then we need to use CMAC to derive the password
if len(password) != 16:
zeros = bytes.fromhex("00000000000000000000000000000000")
cobj_pass = CMAC.new(zeros, msg=password, ciphermod=AES, mac_len=16)
passwd = bytes.fromhex(cobj_pass.hexdigest())
else:
passwd = password
cmac_prf = lambda p,s: CMAC.new(p, s, ciphermod=AES, mac_len=16).digest()
actual_output = PBKDF2(passwd, salt=salt, dkLen=dklen, count=iterations, prf=cmac_prf)
print('password : ' + password.hex())
print('salt : ' + salt.hex())
print('input cost : ' + str(iterations))
print('derived key len : ' + str(dklen))
print('output : ' + actual_output.hex())
if __name__ == "__main__":
main()
"""
Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>
2023-08-18 12:49:07 +05:30
Bence Szépkúti
505dffd5e3
Merge pull request #7937 from yanrayw/code_size_compare_improvement
...
code_size_compare.py: preparation work to show code size changes in PR comment
2023-08-17 20:59:11 +00:00
Kusumit Ghoderao
e4d634cd87
Add tests with higher input costs for pbkdf2
...
Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>
2023-08-17 21:16:14 +05:30
Gilles Peskine
dbd13c3689
Merge pull request #7662 from lpy4105/issue/renew_cert_2027-01-01
...
Updating crt/crl files due to expiry before 2027-01-01
2023-08-17 15:38:35 +00:00
Janos Follath
f2334b7b39
Remove new bignum when not needed
...
New bignum modules are only needed when the new ecp_curves module is
present. Remove them when they are not needed to save code size.
Signed-off-by: Janos Follath <janos.follath@arm.com>
2023-08-17 14:36:59 +01:00
Gilles Peskine
294be94922
Merge pull request #7818 from silabs-Kusumit/PBKDF2_cmac_implementation
...
PBKDF2 CMAC implementation
2023-08-17 11:15:16 +00:00
Jerry Yu
f258d17acd
remove aesni + padlock - plain c tests
...
This test is not valid for padlock depends
on plain c
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-08-17 12:39:00 +08:00
Jerry Yu
bdd96b9adf
disable aesni for componets without cpu modifiers
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-08-16 17:34:27 +08:00
Gilles Peskine
d370f93898
Merge pull request #7898 from AndrzejKurek/csr-rfc822-dn
...
OPC UA - add support for RFC822 and DirectoryName SubjectAltNames when generating CSR's
2023-08-16 09:19:46 +00:00
Jerry Yu
506759f5ce
fix build fail for via padlock test
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-08-16 17:11:22 +08:00
Jerry Yu
b6d39c2f8c
Add aesni test for i386
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-08-16 16:14:02 +08:00
Kusumit Ghoderao
6c104b9b3b
Modify derive output test cases and add actual output
...
Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>
2023-08-16 11:47:24 +05:30
Tomás González
358c6c644a
Add EdDSA and XTS to the allow list
...
As specified in
https://github.com/Mbed-TLS/mbedtls/issues/5390#issuecomment-1669585707
EdDSA and XTS tests are legitimately never executed, so add them to
the allow list.
Signed-off-by: Tomás González <tomasagustin.gonzalezorlando@arm.com>
2023-08-14 15:46:25 +01:00
Tomás González
b401e113ff
Add a flag for requiring full coverage in coverage tests
...
Introduce the --require-full-coverage in analyze_outcomes.py so that
when analyze_outcomes.py --require-full-coverage is called, those
tests that are not executed and are not in the allowed list issue an
error instead of a warning.
Note that it is useful to run analyze_outcomes.py on incomplete test
results, so this error mode needs to remain optional in the long
term.
Signed-off-by: Tomás González <tomasagustin.gonzalezorlando@arm.com>
2023-08-14 15:46:12 +01:00
Tomás González
07bdcc2b0d
Add allow list for non-executed test cases
...
The allow list explicits which test cases are allowed to not be
executed when testing. This may be, for example, because a feature
is yet to be developed but the test for that feature is already in
our code base.
Signed-off-by: Tomás González <tomasagustin.gonzalezorlando@arm.com>
2023-08-14 15:46:12 +01:00
Dave Rodgman
a797f152ee
Merge pull request #8067 from paul-elliott-arm/fix_bignum_test_leak
...
Fix resource leak in bignum test failure case
2023-08-14 09:33:13 +01:00
Paul Elliott
6da3d83f33
Fix resource leak in test failure case
...
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2023-08-11 16:28:06 +01:00
Dave Rodgman
963513dba5
Merge pull request #8008 from valeriosetti/issue7756
...
driver-only ECC: BN.TLS testing
2023-08-11 13:51:36 +00:00
Dave Rodgman
246210e3c4
Test CT asm under valgrind
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-08-11 08:47:38 +01:00
Valerio Setti
36344cecbd
ssl-opt: remove redundant requirement for RSA_C
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-08-11 09:37:14 +02:00
Tom Cosgrove
5e678fd4d2
Merge pull request #8050 from gilles-peskine-arm/all.sh-remove-crypto_full_no_cipher
...
Remove redundant test component component_test_crypto_full_no_cipher
2023-08-11 07:28:10 +00:00
Valerio Setti
e0be95e81d
analyze_outcomes: skip tests that depend on BIGNUM_C
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-08-11 06:35:23 +02:00
Valerio Setti
4f577f3e51
ssl-opt: add RSA_C requirement when RSA encryption is used in certificate
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-08-11 06:35:23 +02:00
Valerio Setti
18535c352d
test: enable TLS, key exchances and ssl-opt teting in ecc_no_bignum()
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-08-11 06:33:52 +02:00
Manuel Pégourié-Gonnard
26b7c93d9d
Merge pull request #7992 from valeriosetti/issue7755
...
driver-only ECC: BN.x509 testing
2023-08-10 19:41:09 +00:00
Manuel Pégourié-Gonnard
54da1a69a2
Merge pull request #7578 from daverodgman/safer-ct5
...
Improve constant-time interface
2023-08-10 16:57:39 +00:00