yuzu-emu/mbedtls
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
24593 commits 1 branch 0 tags 94 MiB
Commit graph

8681 commits

Author SHA1 Message Date
Dave Rodgman
cc77fe8e52 Fix PKCS #7 tests when MBEDTLS_HAVE_TIME_DATE unset 
Ensure that verification of an expired cert still fails, but
update the test to handle the different error code.

Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-03-11 09:46:13 +00:00
Dave Rodgman
d51b1c5666 Remove duplicate test macros 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-03-10 17:44:08 +00:00
Dave Rodgman
ca43e0d0ac Fix test file extension 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-03-10 13:06:01 +00:00
Dave Rodgman
f2f2dbcfd7 Add test case for PKCS7 file with zero signers 
The test file was created by manually modifying
tests/data_files/pkcs7_data_without_cert_signed.der, using
ASN.1 JavaScript decoder  https://lapo.it/asn1js/

Changes made:
The SignerInfos set was truncated to zero length.
All the parent sequences, sets, etc were then adjusted
for their new reduced length.

Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-03-10 12:52:00 +00:00
Dave Rodgman
ac447837d3
Merge pull request #7206 from xkqian/test_memory_management_in_pkcs7 
Test memory management in pkcs7
 2023-03-10 11:29:50 +00:00
Przemek Stekiel
f3ae020c37 Use user/peer instead role in jpake driver-wrapper tests 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-03-10 09:18:03 +01:00
Przemek Stekiel
af94c13b2c Add tests for user/peer input getters 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-03-10 09:18:03 +01:00
Przemek Stekiel
0c946e9aa9 Addapt jpake tests and add cases for set_user, set_peer 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-03-10 09:18:03 +01:00
Gilles Peskine
4da92832b0
Merge pull request #7117 from valeriosetti/issue6862 
driver-only ECDSA: enable ECDSA-based TLS 1.2 key exchanges
 2023-03-09 20:49:44 +01:00
Gilles Peskine
a25203c5f9
Merge pull request #7208 from paul-elliott-arm/interruptible_sign_hash_new_verify_tests 
Interruptible_{sign|verify}_hash: Add public key verification tests
 2023-03-09 20:48:13 +01:00
Dave Rodgman
bf4016e5d5
Merge pull request #6567 from mprse/ecjpake-driver-dispatch 2023-03-09 19:23:05 +00:00
Dave Rodgman
8657e3280a Add corrupt PKCS #7 test files 
Generated by running "make <filename>" and commiting the result.

Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-03-09 15:59:15 +00:00
valerio
2bf85e349d ssl-opt: enable test for accelerated ECDH + USE_PSA 
Signed-off-by: valerio <valerio.setti@nordicsemi.no>
 2023-03-09 16:39:07 +01:00
valerio
f27472b128 ssl-opt: enable test and fix failures for reference ECDH + USE_PSA" 
Signed-off-by: valerio <valerio.setti@nordicsemi.no>
 2023-03-09 16:20:38 +01:00
Przemek Stekiel
b8eaf635ba Remove MBEDTLS_SHA256_C from PSA_WANT_ALG_JPAKE config and adapt test dependencies 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-03-09 12:14:26 +01:00
Manuel Pégourié-Gonnard
913d9bb921
Merge pull request #7162 from valeriosetti/issue7055 
Legacy MBEDTLS_PK_PARSE_C and MBEDTLS_PK_WRITE_C dependencies in test_suite_psa_crypto
 2023-03-08 17:07:19 +01:00
Valerio Setti
1470ce3eba fix typos 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-03-08 16:50:12 +01:00
Valerio Setti
2f081473b6 test: fix disparities in test_suite_ssl 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-03-08 16:47:28 +01:00
Valerio Setti
f84b7d5c21 test: enable ECDSA based key exchanges in driver coverage tests 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-03-08 16:47:28 +01:00
Manuel Pégourié-Gonnard
289e5baa83
Merge pull request #7082 from valeriosetti/issue6861 
driver-only ECDSA: add ssl-opt.sh testing with testing parity
 2023-03-08 16:45:38 +01:00
Gabor Mezei
eb591ff94d
Add test generation for ecp_mod_p256_raw 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2023-03-08 14:12:20 +01:00
Gabor Mezei
ab6ac91a0a
Extract Secp256r1 from the prototype 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2023-03-08 14:09:50 +01:00
Valerio Setti
c0e7da55c5 test: removing remaning dependencies of PK_WRITE/PK_PARSE from test_suite_psa_crypto suites 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-03-08 11:03:09 +01:00
Valerio Setti
f9bc5b75f1 test: remove dependencies on PK_WRITE and PK_PARSE from test_suite_psa_crypto suites 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-03-08 11:03:09 +01:00
Valerio Setti
ccfad9ae0e ssl-opt: remove remaining redundant dependencies 
There were some dependencies that are now automatically satisfied by the
detect_required_features() function.

After this check there should be no redundant requirement for:
- requires_pk_alg "ECDSA"
- requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_ECDSA_CERT
- requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-03-08 10:25:05 +01:00
Valerio Setti
3b2c02821e ssl-opt: return to previous debug level in test 
This was a leftover from some debug activity that unfortunately ended up
in previous commits.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-03-08 10:22:29 +01:00
Gilles Peskine
a2fc399f57
Merge pull request #6829 from AndrzejKurek/unify-psa-errors 
Unify PSA to Mbed TLS error translation
 2023-03-07 19:55:44 +01:00
Gilles Peskine
30fc999f43
Merge pull request #7164 from oberon-microsystems/fix-test-exported-length-edwards 
Fix expected export length for Edwards curves in test suite.
 2023-03-07 19:53:48 +01:00
Valerio Setti
213c4eae3a ssl-opt: enhance comment for get_tls_version() function 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-03-07 19:29:57 +01:00
Janos Follath
fe780a3c4b
Merge pull request #7184 from gabor-mezei-arm/6349_Secp224r1_fast_reduction 
Extract Secp224r1 fast reduction from the prototype
 2023-03-07 10:57:58 +00:00
Xiaokang Qian
c96d2de569 Update corrupted char for pkcs7 corrupt signer info cases 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2023-03-07 10:35:47 +00:00
Przemek Stekiel
4aa99403f4 Fix configuration for accelerated jpake 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-03-07 10:50:09 +01:00
Xiaokang Qian
d2988adb31 Add rsa dependencies for pkcs7 corrupt signer info cases 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2023-03-07 08:38:58 +00:00
Xiaokang Qian
9c703d80ca Add fuzz bad cases for signer info 1 and 2 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2023-03-07 08:38:58 +00:00
Xiaokang Qian
8993a14567 Add unexpected tag cases for signer info 1 and 2 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2023-03-07 08:38:58 +00:00
Xiaokang Qian
e8c696ffd1 Add invalid size test case for signer info[2](The third one) 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2023-03-07 08:38:58 +00:00
Xiaokang Qian
72b4bcac03 Add invalid size test case for signer info 1(the second one) 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2023-03-07 08:38:55 +00:00
Manuel Pégourié-Gonnard
a5ffa93e43
Merge pull request #7142 from mpg/driver-only-ecdh-starter 
Driver-only ECDH starter
 2023-03-07 09:14:38 +01:00
Paul Elliott
8c092052bd Add public key verification tests 
Add public key verification tests, and alter test intent comments to make it
obvious that verify_hash_interruptible can do public keys as well as private
and keypairs.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2023-03-06 17:49:14 +00:00
Manuel Pégourié-Gonnard
86393db84d Revert local experiment. 
This was never meant to be committed here.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-03-06 16:19:05 +01:00
Valerio Setti
23e50b9042 ssl-opt: remove redundant ECDSA dependencies in TLS1.3 tests 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-03-06 14:48:39 +01:00
Manuel Pégourié-Gonnard
07d92620d4 Fix some message strings and comments in all.sh 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-03-06 13:38:55 +01:00
Manuel Pégourié-Gonnard
0d1f5be688 Add comment about shared config function 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-03-06 13:35:21 +01:00
Valerio Setti
5d8d1a7f60 analyze_outcomes: print all output on stderr 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-03-06 11:08:17 +01:00
Manuel Pégourié-Gonnard
228a30d16c
Merge pull request #7120 from mpg/md-light 
Define "MD light" subset of MD
 2023-03-06 11:02:19 +01:00
Dave Rodgman
4693fd9e9e
Merge pull request #7173 from daverodgman/zeroize-platform 
Use platform-provided secure zeroization
 2023-03-06 09:16:12 +00:00
Stephan Koch
6eb73113b1 Fix codestyle with uncrustify. 
Signed-off-by: Stephan Koch <koch@oberon.ch>
 2023-03-03 17:48:40 +01:00
Dave Rodgman
45cef61fa4
Merge branch 'development' into md-light 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-03-03 14:28:13 +00:00
Dave Rodgman
1f39a62ce6
Merge pull request #7151 from gilles-peskine-arm/psa-headers-alt 
Allow alternative names for overridable PSA headers
 2023-03-03 12:37:51 +00:00
Przemek Stekiel
5a49d3cce3 Replace mbedtls_x509_san_node with mbedtls_x509_subject_alternative_name 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-03-03 12:58:11 +01:00
Przemek Stekiel
8e83d3aaa9 Add tests for writting SAN to CSR 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-03-03 12:58:05 +01:00
Dave Rodgman
e11c1ceac9
Merge pull request #7200 from paul-elliott-arm/interruptible_sign_hash_fail_tests 
Enable all keys for interruptible op fail tests
 2023-03-03 11:51:57 +00:00
Andrzej Kurek
8a045ce5e6 Unify PSA to Mbed TLS error translation 
Move all error translation utilities to psa_util.c.
Introduce macros and functions to avoid having
a local copy of the error translating function in
each place.
Identify overlapping errors and introduce a
generic function.
Provide a single macro for all error translations
(unless one file needs a couple of different ones).
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2023-03-03 05:23:44 -05:00
Dave Rodgman
05b80a4eee
Merge pull request #6201 from gilles-peskine-arm/tls13_only-renegotiation 
Disable MBEDTLS_SSL_RENEGOTIATION in TLS-1.3-only builds
 2023-03-03 09:56:51 +00:00
Dave Rodgman
e965c3c4bd
Merge pull request #7197 from daverodgman/armclang-sha-warning 
Enable -Werror in all.sh for armclang
 2023-03-03 09:01:41 +00:00
Jerry Yu
9a12df022e Add tests for time rountine 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-03-03 15:31:28 +08:00
Valerio Setti
194e2bdb6a fix typos 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-03-02 17:18:10 +01:00
Paul Elliott
ddbc6ed6cd Enable all keys for interruptible op fail tests 
Due to a misunderstanding about the purpose of the test, I had limited this to
ECC keys only, however this defeats the purpose of the test, and left gaps in
test coverage.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2023-03-02 16:03:43 +00:00
Dave Rodgman
0fddf829d5 Add more detailed comment 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-03-02 15:32:12 +00:00
Gilles Peskine
57897b8d6a
Merge pull request #6493 from AndrzejKurek/pymod 
Use `config.py` as a module in `depends.py`
 2023-03-02 15:38:47 +01:00
Dave Rodgman
1c232a8311 Enable -Werror for armclang 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-03-02 13:39:04 +00:00
Dave Rodgman
2f386c55ff Disable MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT for armclang 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-03-02 13:38:33 +00:00
Gilles Peskine
136d25c416 Explicitly disable all DTLS options in tls13-only.h 
This makes no difference when starting from the default configuration. It
allows tls13-only.h to be used with other base configurations such as `full`.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-03-01 19:49:58 +01:00
Gilles Peskine
7d3186d18a Disable MBEDTLS_SSL_RENEGOTIATION in tls13-only configuration 
There's no renegotiation in TLS 1.3, so this option should have no effect.
Insist on having it disabled, to avoid the risk of accidentally having
different behavior in TLS 1.3 if the option is enabled (as happened in
https://github.com/Mbed-TLS/mbedtls/issues/6200).

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-03-01 19:47:23 +01:00
Dave Rodgman
f4385faa6f
Merge pull request #7188 from paul-elliott-arm/interruptible_sign_hash_complete_after_start_fail 
Interruptible {sign|verify} hash - Call complete() after start() failure.
 2023-03-01 17:18:08 +00:00
Paul Elliott
42585f678b
Merge pull request #7176 from paul-elliott-arm/interruptible_sign_hash_verify_test_improvements 
Interruptible {sign|verify} hash verification test improvements
 2023-03-01 15:00:45 +00:00
Paul Elliott
ebf2e38662
Merge pull request #7177 from paul-elliott-arm/interruptible_sign_hash_improve_num_ops_testing 
Interruptible sign hash improve num ops testing
 2023-03-01 14:59:44 +00:00
Paul Elliott
de7c31e082 Improve comment wording 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2023-03-01 14:43:52 +00:00
Przemek Stekiel
f5dcb8886a Rework pake input getters tests 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-03-01 12:28:21 +01:00
Gilles Peskine
1eae11565d
Merge pull request #6949 from bensze01/replace_pkcs7_fuzzer_tests 
Replace fuzzer-generated PKCS #7 memory management tests
 2023-03-01 10:46:22 +01:00
Pengyu Lv
c6298ad46a Use parentheses to avoid executing the output 
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
 2023-03-01 10:31:29 +08:00
Pengyu Lv
c2b1864ceb Revert "Check if the license server is available for armcc" 
This reverts commit 55c4fa4f41.

After discussion, We decided not to check the availability
of the license server for the impacts on CI and user usages.

Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
 2023-03-01 10:25:08 +08:00
Paul Elliott
7c17308253 Add num_ops tests to sign and verify interruptible hash 
This is the only test usable for non-deterministic ECDSA, thus needs this
code path testing as well.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2023-02-28 17:23:29 +00:00
Paul Elliott
8359c14c14 Add hash corruption test to interruptible verify test 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2023-02-28 17:23:29 +00:00
Paul Elliott
c1e0400bac Add test to check not calling get_num_ops() 
Make sure that not calling get_num_ops() inbetweeen calls to complete() does
not mean that ops get lost (Regression test for previous fix).

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2023-02-28 17:20:14 +00:00
Paul Elliott
9e8819f356 Move 'change max_ops' test into ops tests 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2023-02-28 17:20:14 +00:00
Paul Elliott
5770224ef3 Rename max ops tests to ops tests 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2023-02-28 17:20:14 +00:00
Gilles Peskine
7e677fa2c5
Merge pull request #6389 from gilles-peskine-arm/ecdsa-use-psa-without-pkwrite 
Remove pkwrite dependency in pk using PSA for ECDSA
 2023-02-28 18:17:16 +01:00
Gilles Peskine
b52b788e55
Merge pull request #6895 from yuhaoth/pr/add-aes-with-armv8-crypto-extension 
Add AES with armv8 crypto extension
 2023-02-28 18:16:37 +01:00
Paul Elliott
587e780812 Test calling complete() after {sign|verify}_hash_start fails 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2023-02-28 17:13:39 +00:00
Gilles Peskine
e4616830b3
Merge pull request #7137 from lpy4105/issue/1785/ssl-test-script-fail 
compat.sh: Skip static ECDH cases if unsupported in openssl
 2023-02-28 18:11:39 +01:00
Dave Rodgman
17152df58d
Merge pull request #7175 from paul-elliott-arm/interruptible_sign_hash_test_comments 
Interruptible sign hash test comments
 2023-02-28 17:09:43 +00:00
Gilles Peskine
ebb63420cc
Merge pull request #7124 from oberon-microsystems/fix-test-output-length-on-success-only 
Fix test to check output length on PSA_SUCCESS only
 2023-02-28 18:09:33 +01:00
Bence Szépkúti
35d674a6ee Replace usage of echo -e in pkcs7 data Makefile 
This use of the shell builtin is not portable.

Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
 2023-02-28 17:01:21 +01:00
Dave Rodgman
ffb4dc38c8
Merge pull request #7183 from paul-elliott-arm/interruptible_sign_hash_test_max_ops_0 
Interruptible {sign|verify} hash : Change max_ops=min tests to use a value of zero.
 2023-02-28 15:56:01 +00:00
Bence Szépkúti
4a2fff6369 Fix expected error code 
This was overlooked during the rebase.

Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
 2023-02-28 16:40:27 +01:00
Gabor Mezei
804cfd32ea
Follow the naming convention 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2023-02-27 16:50:09 +01:00
Paul Elliott
ac2251dad1
Merge pull request #7076 from mprse/parse_RFC822_name 
Add parsing of x509 RFC822 name + test
 2023-02-27 14:16:13 +00:00
Paul Elliott
cd7e8bce03 Change max_ops=min tests to use zero 
Zero is the minimum value defined by the spec, just because the internal
implementation treats zero and one as the same thing does not mean that other
implementations will also do so.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2023-02-27 12:21:36 +00:00
Stephan Koch
5819d2c141 Feedback from Arm: guarantee that output_length <= output_size even on error, to reduce the risk that a missing error check 
escalates into a buffer overflow in the application code

Signed-off-by: Stephan Koch <koch@oberon.ch>
 2023-02-27 11:49:13 +01:00
oberon-sk
10c0f770ce asymmetric_encrypt: check output length only if return code is PSA_SUCCESS. 
Signed-off-by: Stephan Koch <koch@oberon.ch>
 2023-02-27 11:48:51 +01:00
Paul Elliott
c2033502f5 Give edge case tests a better name 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2023-02-26 18:47:58 +00:00
Paul Elliott
c7f6882995 Add comments to each test case to show intent 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2023-02-26 18:47:58 +00:00
Dave Rodgman
21dfce7a5c Add tests 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-02-25 17:10:38 +00:00
Dave Rodgman
a4e8fb0041 Add tests 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-02-24 15:57:30 +00:00
Bence Szépkúti
248971348b Replace fuzzer-generated PKCS7 regression tests 
This commit adds well-formed reproducers for the memory management
issues fixed in the following commits:

290f01b3f5
e7f8c616d0
f7641544ea

Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
 2023-02-24 15:31:03 +01:00
Ronald Cron
7dc4130210 Improve GnuTLS client priority for resumption basic check 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2023-02-24 12:10:09 +01:00
Pengyu Lv
55c4fa4f41 Check if the license server is available for armcc 
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
 2023-02-24 18:31:50 +08:00
Przemek Stekiel
6f2d1f419a Further pake tests optimizations 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-02-24 10:22:47 +01:00
Pengyu Lv
df07003c49 all.sh: add support function for build_armcc 
With this change, "--list-components" will not list
"build_armcc" on the system which is not installed
with Arm Compilers.

Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
 2023-02-24 16:03:31 +08:00
Pengyu Lv
51b5f00a43 all.sh: Skip build_mingw correctly 
If i686-w64-mingw32-gcc is not installed, then
build_mingw should be unsupported.

Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
 2023-02-24 15:38:52 +08:00
Manuel Pégourié-Gonnard
623c73b46d Remove config.py call on now-internal option 
It turns out config.py wouldn't complain, but it's still confusing.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-02-23 20:36:05 +01:00
Przemek Stekiel
083745e097 Fix code style 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-02-23 17:28:23 +01:00
Gilles Peskine
df6e84a447 Test the PSA alternative header configuration macros 
Test that MBEDTLS_PSA_CRYPTO_PLATFORM_FILE and
MBEDTLS_PSA_CRYPTO_STRUCT_FILE can be set to files in a directory that comes
after the standard directory in the include file search path.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-02-23 17:18:33 +01:00
Przemek Stekiel
bdc21e623e Disable MBEDTLS_PSA_CRYPTO_SE_C is ecdsa psa builds 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-02-23 17:12:19 +01:00
Valerio Setti
1af76d119d ssl-opt: automatically detect requirements from the specified certificates 
This moslty focus on tests using "server5*" cerificate. Several cases
are taken into account depending on:
- TLS version (1.2 or 1.3)
- server or client roles

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-02-23 16:55:59 +01:00
Valerio Setti
3f2309fea6 ssl-opt: remove redundant requires_config_enabled when force_ciphersuite is set 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-02-23 13:47:30 +01:00
Manuel Pégourié-Gonnard
0d4152186d Make MBEDTLS_MD_LIGHT private for now. 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-02-23 13:02:13 +01:00
Ronald Cron
1aa6e8d6e9 Restore same PSK length enforcement 
Restore same PSK length enforcement in
conf_psk and set_hs_psk, whether the
negotiated protocol is TLS 1.2 or TLS 1.3.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2023-02-23 09:48:50 +01:00
Valerio Setti
d1f991c879 ssl-opt: fix required configs in ECDSA related tests 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-02-23 09:31:41 +01:00
Pengyu Lv
9e7bb2a92c Update some comments 
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
 2023-02-23 16:03:56 +08:00
Przemek Stekiel
d59d2a4dee Optimize pake tests 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-02-23 07:30:40 +01:00
Janos Follath
406b9172ad
Merge pull request #7044 from minosgalanakis/bignum/6342_add_named_moduli_setup 
Bignum: Add named moduli setup
 2023-02-22 12:14:33 +00:00
Valerio Setti
6445912d9c test: enable ssl-opt in test_psa_crypto_config_[accel/reference]_ecdsa_use_psa 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-02-22 12:35:16 +01:00
Przemek Stekiel
51a677bb30 Remove support for pake opaque driver 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-02-22 11:30:32 +01:00
Przemek Stekiel
80a8849903 Adapt conditional compilation flags for jpake alg 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-02-22 11:30:32 +01:00
Przemek Stekiel
6b64862ef7 Documentation fixes and code adaptation 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-02-22 11:30:32 +01:00
Przemek Stekiel
251e86ae3f Adapt names to more suitable and fix conditional compilation flags 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-02-22 11:30:32 +01:00
Przemek Stekiel
b45b8ce474 Disable MBEDTLS_PSA_CRYPTO_SE_C is hash psa builds 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-02-22 11:30:32 +01:00
Przemek Stekiel
3e784d8981 PSA crypto pake: call abort on each failure 
Adapt driver hook counters in pake driver test.

Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-02-22 11:30:32 +01:00
Przemek Stekiel
a48cf500d7 mbedtls_test_transparent_pake_abort: call driver/build-in impl even when status is forced 
This is done to solve the problem with memory leak when pake abort status is forced. In this case the driver/build-in abort function was not executed.
After failure core clears the operation object and no successive abort call is possible.

Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-02-22 11:30:32 +01:00
Przemek Stekiel
f62b3bb087 Optimization of pake core functions 
Adapt pake test (passing NULL buffers is not allowed).
Passing the null buffer to psa_pake_output results in a hard fault.

Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-02-22 11:30:32 +01:00
Przemek Stekiel
9dd2440c95 Change pake input: key_lifetime -> key attributes 
In the future key attributes will be available for opaque driver via psa_crypto_driver_pake_get_password_key().

Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>

Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-02-22 11:30:32 +01:00
Przemek Stekiel
dde6a910bb Optimize out psa_pake_computation_stage_t 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-02-22 11:30:32 +01:00
Przemek Stekiel
ca8d2b2589 Add get-data functions for inputs + tests 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-02-22 11:30:32 +01:00
Przemek Stekiel
7b730175b3 Simplify psa_pake_computation_stage_s structure 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-02-22 11:30:32 +01:00
Przemek Stekiel
b09c487546 Combine core pake computation stage(step,sequence,state) into single driver step 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-02-22 11:30:31 +01:00
Przemek Stekiel
9a5b812aa8 Cleanup the code 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-02-22 11:30:31 +01:00
Przemek Stekiel
fcd70e250f Adapt pake driver wrapper tests for the new design 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-02-22 11:30:31 +01:00
Przemek Stekiel
e12ed36a6c Move JPAKE state machine logic from driver to core 
- Add `alg` and `computation_stage` to `psa_pake_operation_s`.
  Now when logic is moved to core information about `alg` is required.
  `computation_stage` is a structure that provides a union of computation stages for pake algorithms.
- Move the jpake operation logic from driver to core. This requires changing driver entry points for `psa_pake_output`/`psa_pake_input` functions and adding a `computation_stage` parameter. I'm not sure if this solution is correct. Now the driver can check the current computation stage and perform some action. For jpake drivers `step` parameter is now not used, but I think it needs to stay as it might be needed for other pake algorithms.
- Removed test that seems to be redundant as we can't be sure that operation is aborted after failure.

Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-02-22 11:30:31 +01:00
Przemek Stekiel
3f9dbac83f Adapt ake driver tests to the new design 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-02-22 11:30:31 +01:00
Przemek Stekiel
95629ab4ae Add forced status for pake setup 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-02-22 11:30:31 +01:00
Przemek Stekiel
c6b954686b Adapt test_suite_psa_crypto_pake test for the new design 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-02-22 11:30:31 +01:00
Przemek Stekiel
51eac53b93 Divide pake operation into two phases collecting inputs and computation. 
Functions that only set inputs do not have driver entry points.

Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-02-22 11:25:30 +01:00
Przemek Stekiel
0c78180ee5 mbedtls_psa_pake_get_implicit_key: move psa_key_derivation_input_bytes call to upper layer 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-02-22 11:25:30 +01:00
Przemek Stekiel
7658a0768b Add pake driver wrapper tests 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>

Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-02-22 11:25:30 +01:00
Przemek Stekiel
061a016c65 Add ALG_TLS12_PRF, TLS12_PSK_TO_MS, LG_TLS12_ECJPAKE_TO_PMS support to test driver extensions 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-02-22 11:25:30 +01:00
Przemek Stekiel
6a9785f061 Add pake.h to test driver header 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-02-22 11:25:30 +01:00
Przemek Stekiel
03790029a6 Add test components to test accelerated pake and fallback 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-02-22 11:25:30 +01:00
Przemek Stekiel
d3da040f34 Add test driver impl for pake 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-02-22 11:25:30 +01:00
Pengyu Lv
07d5085fcf Skip ECDH ciphersuites for O->m pair 
The mechanism of detecting unsupported ciphersuites
for OpenSSL client doesn't work on a modern OpenSSL.
At least, it fails on Travis CI which is installed
with OpenSSL 1.1.1f. So we need to skip ECDH cipher-
suites for O->m.

Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
 2023-02-22 12:18:48 +08:00
Pengyu Lv
a64c277588 compat.sh: Skip all *ECDH_* ciphersuites 
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
 2023-02-22 10:19:40 +08:00
Gilles Peskine
ffb92b0789
Merge pull request #7105 from davidhorstmann-arm/fix-oid-printing-bug 
Fix bugs in OID to string conversion
 2023-02-21 23:16:44 +01:00
Paul Elliott
48c591cb56 Fix warning with GCC 12 
Fix warning about variable being used uninitialised.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2023-02-21 16:31:56 +00:00
Gilles Peskine
250a5ac4cb
Merge pull request #7095 from paul-elliott-arm/interruptible_sign_hash_codestyle 
Implement PSA interruptible sign/verify hash
 2023-02-21 15:13:34 +01:00
Ronald Cron
d89360b87b Fix and improve documentation, comments and logs 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2023-02-21 14:57:25 +01:00
Manuel Pégourié-Gonnard
d1c001aff7 Fix some dependencies in test_suite_psa_crypto 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-02-21 13:37:17 +01:00
Przemek Stekiel
a006f8c17b Adapt dependencies for parsing rfc822Name test 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-02-21 13:36:56 +01:00
Manuel Pégourié-Gonnard
e91bcf31b6 Add comparison of accel_ecdh_use_psa against ref 
With temporary exclusions to be lifted as follow-ups.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-02-21 13:07:19 +01:00
Dave Rodgman
e42cedf256
Merge pull request #7077 from daverodgman/pkcs7-fixes-dm-rebased 
Pkcs7 fixes
 2023-02-21 11:53:30 +00:00
Manuel Pégourié-Gonnard
59a2b8fd57 Add component accel_ecdh_use_psa 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-02-21 12:42:31 +01:00
Manuel Pégourié-Gonnard
e3095e7cb0 Add comments to accel_ecdh component 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-02-21 12:19:06 +01:00
Gabor Mezei
f65a059a64
Add test generation for ecp_mod_p224_raw 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2023-02-21 11:40:27 +01:00
Gabor Mezei
66f88a9d22
Extract Secp224r1 from the prototype 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2023-02-21 11:32:29 +01:00
Pengyu Lv
5e780df3e3 Only use standard cipher name 
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
 2023-02-21 14:19:27 +08:00
David Horstmann
a4fad2ba67 Correct error code in test_suite_x509parse.data 
Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2023-02-20 14:57:47 +00:00
Dave Rodgman
716163e824 Improve allocation bounds in testing 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-02-20 14:46:51 +00:00
David Horstmann
5b5a0b618c Change error codes to more appropriate codes 
The more precise error codes are borrowed from the ASN1 module.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2023-02-20 14:24:12 +00:00
Przemek Stekiel
5b9e4168cf Add rfc822Name support in mbedtls_x509_info_subject_alt_name + adapt test 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-02-20 15:09:50 +01:00
Przemek Stekiel
608e3efc47 Add test for parsing SAN: rfc822Name 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-02-20 15:09:50 +01:00
Minos Galanakis
a30afe2216 ecp_curves: Minor refactoring. 
This patch introduces the following changes:
* Documentation for `mbedtls_ecp_modulus_setup()`
  moved to `ecp_invasive.h`.
* Added invalid modulus selector `MBEDTLS_ECP_MOD_NONE`.
* Adjusted negative tests to use invalid selectors.
* Reworded documentation.

Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2023-02-20 13:53:06 +00:00
Minos Galanakis
36f7c0e69b test_suite_ecp: Added .data for ecp_setup_test() 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2023-02-20 13:51:49 +00:00
Minos Galanakis
9a1d02d738 test_suite_ecp: Added test for mbedtls_ecp_modulus_setup() 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2023-02-20 13:51:48 +00:00
Janos Follath
ec718afb41
Merge pull request #7051 from gabor-mezei-arm/6376_Secp521r1_fast_reduction 
Add a raw entry point to Secp521r1 fast reduction
 2023-02-20 13:03:12 +00:00
Manuel Pégourié-Gonnard
9e04b5bcfc Disable MD-light in accel_hash_use_psa 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-02-20 12:53:23 +01:00
Ronald Cron
4bb6773640 tls13: Apply same preference rules for ciphersuites as for TLS 1.2 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2023-02-20 11:42:19 +01:00
Ronald Cron
b18c67af5f tls13: ssl-opt.sh: Add test of default crypto algo 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2023-02-20 11:42:19 +01:00
Ronald Cron
0a1c504156 tls13: Fix session resumption with 384 bits PSKs 
MBEDTLS_PSK_MAX_LEN main purpose is to determine
a miximum size for the TLS 1.2 pre-master secret.

This is not relevant to TLS 1.3 thus disable in
TLS 1.3 case the check against MBEDTLS_PSK_MAX_LEN
when setting during the handshake the PSK through
mbedtls_ssl_set_hs_psk(). This fixes the session
resumption with 384 bits PSKs when MBEDTLS_PSK_MAX_LEN
is smaller than that.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2023-02-20 11:42:19 +01:00
Ronald Cron
25e9ec61f0 tls13: server: Select preferred cipher suite 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2023-02-20 11:42:19 +01:00
Manuel Pégourié-Gonnard
718eb4f190
Merge pull request #7025 from AndrzejKurek/uri_san 
Add the uniformResourceIdentifier subtype for the subjectAltName
 2023-02-20 11:29:59 +01:00
Pengyu Lv
1c0e4c013a compat.sh: skip static ECDH cases if unsupported in openssl 
This commit add support to detect if openssl used for testing
supports static ECDH key exchange. Skip the ciphersutes if
openssl doesn't support them.

Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
 2023-02-20 18:05:21 +08:00
Paul Elliott
f8e5b56ad8 Fix get_num_ops internal code. 
Previously calling get_num_ops more than once would have ended up with ops
getting double counted, and not calling inbetween completes would have ended up
with ops getting missed. Fix this by moving this to where the work is actually
done, and add tests for double calls to get_num_ops().

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2023-02-19 18:55:10 +00:00
oberon-sk
6d50173d9c Handle Edwards curves similar to Montgomery curves wrt key export length. 
Signed-off-by: Stephan Koch <koch@oberon.ch>
 2023-02-17 11:19:20 +01:00
Manuel Pégourié-Gonnard
b9b630d628 Define "light" subset of MD 
See docs/architecture/psa-migration/md-cipher-dispatch.md

Regarding testing, the no_md component was never very useful, as that's
not something people are likely to want to do: it was mostly useful as
executable documentation of what depends on MD. It's going to be even
less useful when more and more modules auto-enable MD_LIGHT or even
MD_C. So, recycle it to test the build with only MD_LIGHT, which is
something that might happen in practice, and is necessary to ensure that
the division is consistent.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-02-16 22:30:06 +01:00
Manuel Pégourié-Gonnard
ba2412fd21 Remove internal function md_process() 
It was already marked as internal use only, and no longer used
internally. Also, it won't work when we dispatch to PSA.

Remove it before the MD_LIGHT split to avoid a corner case: it's
technically a hashing function, no HMAC or extra metadata, but we still
don't want it in MD_LIGHT really.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-02-16 18:44:46 +01:00
Dave Rodgman
d652dce9ea Add failing test case (invalid signature) for zero-length data 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-02-16 16:39:34 +00:00
Dave Rodgman
c5874db5b0 Add test-case for signature over zero-length data 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-02-16 16:14:46 +00:00
Paul Elliott
0af1b5367b Remove some abbrevations from test descriptions. 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2023-02-16 12:15:39 +00:00
Paul Elliott
96b89b208a Add comment to indicate non-PSA spec assertion. 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2023-02-16 12:15:39 +00:00
Paul Elliott
f1743e2440 Add verify call to max ops tests 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2023-02-16 12:15:39 +00:00
Paul Elliott
c86d45e8a1 Remove spurious incorrect comment 
Comment originated from original version of this code, and the newer comment
which was added when it was pulled into a seperate function covers all cases.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2023-02-15 23:34:29 +00:00
Paul Elliott
efebad0d67 Run extra complete in failure tests regardless. 
We do not need to expect to fail, running another complete in either sign or
verify after successful completion should also return BAD_STATE.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2023-02-15 23:34:29 +00:00
Paul Elliott
01885fa5e5 Fix include guards on auxiliary test function. 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2023-02-15 23:34:29 +00:00
Paul Elliott
a4cb909fcd Add max ops tests 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2023-02-15 23:34:29 +00:00
Paul Elliott
76d671ad73 Split state tests into two functions 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2023-02-15 23:34:29 +00:00
Paul Elliott
b830b35fb1 Shorten test descriptions. 
Also mark some tests as being deterministic ECDSA where this was lacking.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2023-02-15 23:34:29 +00:00
Paul Elliott
1243f93cca Fix build fails with non ECDSA / restartable builds 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2023-02-15 23:34:29 +00:00
Paul Elliott
6f60037589 Move {min|max}_complete choice logic into function 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2023-02-15 23:34:29 +00:00
Paul Elliott
c9774411d4 Ensure that operation is put into error state if error occurs 
If an error occurs, calling any function on the same operation should return
PSA_ERROR_BAD_STATE, and we were not honouring that for all errors. Add extra
failure tests to try and ratify this.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2023-02-15 23:34:29 +00:00
Paul Elliott
f9c91a7fb5 Store the hash, rather than the pointer 
For sign and verify, the pointer passed in to the hash is not guaranteed to
remain valid inbetween calls, thus we need to store the hash in the
operation. Added a test to ensure this is the case.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2023-02-15 23:34:29 +00:00
Paul Elliott
0e9d6bd3f8 Replace MBEDTLS_ECP_DP_SECP384R1_ENABLED 
With more appropriate PSA_WANT_ECC_SECP_R1_384

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2023-02-15 23:34:29 +00:00
Paul Elliott
813f9cdcbb Non ECDSA algorithms should return not supported 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2023-02-15 23:34:29 +00:00
Paul Elliott
ab7c5c8550 Change incorrect define for MAX_OPS_UNLIMITED 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2023-02-15 23:34:29 +00:00
Paul Elliott
cb23311bd0 Fix incorrect test dependencies part 2 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2023-02-15 23:34:29 +00:00
Paul Elliott
c4e2be86ef Fix incorrect test dependancies 
Test for not having determnistic ECDSA was also being run when no ECDSA, and
this fails earlier. Fixed this and added a specific test for no ECDSA. Also
fixed (swapped) incorrect test descriptions.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2023-02-15 23:34:29 +00:00
Paul Elliott
62dfb95993 Fix broken negative test 
Test for unsupported deterministic ECDSA was originally passing due to
incorrect code, fixing the code unfortunately broke the test.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2023-02-15 23:34:29 +00:00
Paul Elliott
97ac7d9090 Calculate min/max completes rather than passing in to test 
Only 2 options were really possible anyway - complete in 1 op, or somewhere
between 2 and max ops. Anything else we cannot test due to implementation
specifics.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2023-02-15 23:34:29 +00:00
Paul Elliott
334d726d40 Ensure ops are tested on successful 'fail' tests 
Make sure the number of ops is tested in the interruptible failure tests,
should they get through the interruptible loop part.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2023-02-15 23:34:29 +00:00
Paul Elliott
edfc883568 Change test loops over to do...while 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2023-02-15 23:34:29 +00:00
Paul Elliott
59ad9457b6 Add {sign/verify}_hash_abort_internal 
Ensure that num_ops is cleared when manual abort is called, but obviously not
when an operation just completes, and test this.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2023-02-15 23:34:29 +00:00
Paul Elliott
20a360679b Add State tests 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2023-02-15 23:34:29 +00:00
Paul Elliott
0c68335a42 Convert tests to configurable max_ops 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2023-02-15 23:34:29 +00:00
Paul Elliott
4cec2f60dc Add interruptible to psa_op_fail tests 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2023-02-15 23:34:29 +00:00
Paul Elliott
9100797cb3 Negative tests 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2023-02-15 23:34:29 +00:00
Paul Elliott
712d512007 Basic tests 
Sign Hash, Verify Hash and Sign and Verify Hash.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2023-02-15 23:34:29 +00:00
Gabor Mezei
555b1f7e44
Add check for test 
Check the bit length of the output of ecp_mod_p521_raw.

Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2023-02-15 18:19:09 +01:00
Gabor Mezei
cf228706cd
Restrict input parameter size for ecp_mod_p521_raw 
The imput mpi parameter must have twice as many limbs as the modulus.

Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2023-02-15 18:19:08 +01:00
Gabor Mezei
b62ad5d569
Rename function to follow naming convention 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2023-02-15 18:13:48 +01:00
Gabor Mezei
d8f67b975b
Add test generation for ecp_mod_p521_raw 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2023-02-15 18:13:48 +01:00
Gilles Peskine
e2a9f86755
Merge pull request #6971 from gabor-mezei-arm/6026_Secp192r1_fast_reduction 
Extract Secp192r1 fast reduction from the prototype
 2023-02-15 16:22:36 +01:00
David Horstmann
895eb7c9b5 Add testcases for overlong encoding of OIDs 
Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2023-02-15 12:09:41 +00:00
David Horstmann
f01de145bd Add tests for mbedtls_oid_get_numeric_string() 
Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2023-02-15 11:45:51 +00:00
Andrzej Kurek
72082dc28e Improve tests/scripts/depends.py code 
As suggested by gilles-peskine-arm.

Co-authored-by: Gilles Peskine <gilles.peskine@arm.com>
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2023-02-15 05:20:33 -05:00
Gilles Peskine
c5e2a4fe67
Merge pull request #6937 from valeriosetti/issue6886 
Add test for PK parsing of keys using compressed points
 2023-02-14 19:54:29 +01:00
Andrzej Kurek
570a0f808b Move to DER certificates for new x509 tests 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2023-02-14 05:52:49 -05:00
Dave Rodgman
319a5675db
Merge pull request #7084 from daverodgman/sizemax-uintmax 
Assume SIZE_MAX >= INT_MAX, UINT_MAX
 2023-02-14 10:06:22 +00:00
Andrzej Kurek
4077372b98 Fix SHA requirement for SAN URI tests 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2023-02-13 10:18:17 -05:00
Andrzej Kurek
7a05fab716 Added the uniformResourceIdentifier subtype for the subjectAltName. 
Co-authored-by: Hannes Tschofenig <hannes.tschofenig@arm.com>
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2023-02-13 10:03:07 -05:00
Valerio Setti
1b08d421a7 test: fix: replace CAN_ECDSA_SOME with CAN_ECDSA_SIGN+CAN_ECDSA_VERIFY when both are needed 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-02-13 15:35:37 +01:00
Valerio Setti
16f02e0196 test: adjust include after PK_CAN_ECDSA_SOME was moved 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-02-13 15:35:37 +01:00
Valerio Setti
d928aeb9ac test_suite_ssl: use new macros for ECDSA capabilities 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-02-13 15:35:37 +01:00
Valerio Setti
ed02bb1f95 test_suite_debug: replace ECDSA_C with new ECDSA macros 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-02-13 15:35:37 +01:00
Valerio Setti
5dc6867f7e test: don't skip debug and ssl suites in test parity for driver only ECDSA 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-02-13 15:35:37 +01:00
Manuel Pégourié-Gonnard
d3d8c852a0
Merge pull request #6997 from valeriosetti/issue6858 
driver-only ECDSA: get testing parity in X.509
 2023-02-13 15:30:06 +01:00
Gabor Mezei
23d4b8baee
Add check for test 
Check the bit length of the output of p192_raw.

Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2023-02-13 14:13:33 +01:00
Gabor Mezei
a9d82dd0a2
Keep the description in one place, just refer it 
Delete the duplicated file description and refer to the original one
in generate_bignum_tests.py.

Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2023-02-13 14:10:23 +01:00
Valerio Setti
178b5bdddf pk: move MBEDTLS_PK_CAN_ECDSA_SOME macro to pk.h and fix tests 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-02-13 11:15:06 +01:00
Valerio Setti
a119cb64ef test: remove redundant ECDSA_C dependencies from test_suite_x509parse.data 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-02-13 09:54:49 +01:00
Manuel Pégourié-Gonnard
daa65956c3
Merge pull request #7046 from mpg/cleanup-md-tests 
Clean up MD tests
 2023-02-13 09:51:28 +01:00
Janos Follath
1e4abae73e
Merge pull request #7048 from KloolK/record-size-limit/extend-test-framework 
Extend test framework for Record Size Limit Extension
 2023-02-13 08:17:12 +00:00
Dave Rodgman
641288bc1e Restore test guards 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-02-11 22:02:04 +00:00
Dave Rodgman
91e832168f Restore more test guards 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-02-11 20:07:43 +00:00
Dave Rodgman
a476363042 Restore more test guards 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-02-11 18:36:23 +00:00
Dave Rodgman
d26d7445b8 Restore guards on a couple of tests 
These tests check for failures, but can only fail where SIZE_MAX
exceeds some limit (UINT_MAX or UINT32_MAX) and do not fail
in this way otherwise - so guards are needed.

Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-02-11 17:22:03 +00:00
Dave Rodgman
4a5c9ee7f2 Remove redundant SIZE_MAX guards 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-02-10 16:03:44 +00:00
Valerio Setti
25fd51f4af test: add missing include in test_suite_x509parse 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-02-10 15:21:40 +01:00
Gilles Peskine
3196ceb2fb
Merge pull request #7052 from yanrayw/7008-compatsh-disable-VERIFY-for-PSK 
compat.sh: remove VERIFY and duplicate test cases for PSK
 2023-02-10 15:07:27 +01:00
Gilles Peskine
b009559c8f
Merge pull request #7049 from KloolK/typos 
Fix typos
 2023-02-10 15:07:07 +01:00
Gilles Peskine
b8531c4b0b
Merge pull request #6882 from AndrzejKurek/x509_san_parsing_testing-dev 
X.509: Fix bug in SAN parsing and enhance negative testing
 2023-02-10 15:05:32 +01:00
Dave Rodgman
a22749e749
Merge pull request #6816 from nick-child-ibm/pkcs7_coverage 
Pkcs7 coverage
 2023-02-10 12:55:29 +00:00
Ronald Cron
834e65d47f
Merge pull request #6499 from xkqian/tls13_write_end_of_early_data 
Tls13 write end of early data
 2023-02-10 11:08:22 +01:00
Manuel Pégourié-Gonnard
2189fda914 Use TEST_EQUAL in one more place in test_suite_md 
The only remaining occurrences of TEST_ASSERT are now pointer comparison,
to NULL or to a reference md_info. That is, the output of the following
command is empty:

    grep TEST_ASSERT tests/suites/test_suite_md.function |
        egrep -v '= NULL|== md_info|md_info =='

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-02-09 09:18:22 +01:00
Manuel Pégourié-Gonnard
a9a1b21ca9 Use ASSERT_COMPARE in test_suite_md 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-02-09 09:15:50 +01:00
Dave Rodgman
4f70b3cdb4
Fix pylint warning 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-02-08 16:40:40 +00:00
Nick Child
c7c94df715 pkcs7/test: Format generate test script 
Adhere to syntax and format recommendations
from check-python-files.py

Signed-off-by: Nick Child <nick.child@ibm.com>
 2023-02-08 15:38:48 +00:00
Valerio Setti
00a6c6fcbe test: fix for using proper sign/verify macros 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-02-08 13:52:31 +01:00
Valerio Setti
40df83509b all.sh: fix comment for test_psa_crypto_config_accel_ecdsa_use_psa 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-02-08 13:52:31 +01:00
Valerio Setti
fcc6933a53 test: fix disparities in x509parse and x509write suites 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-02-08 13:52:31 +01:00
Valerio Setti
b9dc2513c1 test: add SHA1 to the supported algs in accelerated ECDSA 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-02-08 13:52:31 +01:00
Valerio Setti
c8801b7ef1 test: x509: remove disparities in driver only testing for ECDSA 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-02-08 13:52:31 +01:00
Valerio Setti
683a432a7f fix code style 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-02-08 13:39:10 +01:00
Valerio Setti
a1e3e3a28f test: pk: keep PK_WRITE_C only in RSA tests 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-02-08 13:39:10 +01:00
Gilles Peskine
be9e2a1634 The pk_psa_sign test function needs pk_write 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-02-08 13:39:10 +01:00
Manuel Pégourié-Gonnard
9cb1aa21c4
Merge pull request #6970 from valeriosetti/issue6857 
driver-only ECDSA: get testing parity in PK
 2023-02-08 13:33:15 +01:00
Xiaokang Qian
0de0d863b6 Rebase code to restore reco-delay and fix some style issues 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2023-02-08 07:41:42 +00:00
Yanray Wang
303829709d compat.sh: simplify code of iterating on VERIFY for PSK tests 
Since PSK cipher suites do not allow client certificate verification,
PSK test cases should be executed under VERIFY=NO. SUB_VERIFIES is
used to constrain verification option for PSK tests.

With aforementioned change, the latter check of
$VERIFY=YES && $TYPE!=PSK is redundant so it's removed.

Signed-off-by: Yanray Wang <yanray.wang@arm.com>
 2023-02-08 14:58:35 +08:00
Xiaokang Qian
57a138d5c3 Update message log for end of early data test cases 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2023-02-08 05:44:00 +00:00
Xiaokang Qian
7ed30e59af Fix the issue that gnutls server doesn't support packet 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2023-02-08 05:44:00 +00:00
Xiaokang Qian
94dd1dd6fa Update test case to indicate parsing of end of early data 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2023-02-08 05:43:59 +00:00
Xiaokang Qian
125afcb060 Add end-of-early-data write 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2023-02-08 05:43:58 +00:00
Nick Child
3dafc6c3b3 pkcs7: Drop support for signature in contentInfo of signed data 
The contentInfo field of PKCS7 Signed Data structures can
optionally contain the content of the signature. Per RFC 2315
it can also contain any of the PKCS7 data types. Add test and
comments making it clear that the current implementation
only supports the DATA content type and the data must be empty.

Return codes should be clear whether content was invalid or
unsupported.
Identification and fix provided by:
 - Demi Marie Obenour <demiobenour@gmail.com>
 - Dave Rodgman <dave.rodgman@arm.com>

Signed-off-by: Nick Child <nick.child@ibm.com>
 2023-02-07 20:04:52 +00:00
Andrzej Kurek
7dcdc132d5 Change SHA256_C to HAS_ALG_SHA256_VIA[..] in x509 tests 
This way these tests won't be skipped in a configuration with a driver.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2023-02-07 05:24:34 -05:00
Hanno Becker
5d82c3b99c X.509: Improve negative testing for SubjectAltName parsing 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2023-02-07 05:10:29 -05:00
Hanno Becker
db305ff42e X.509: Improve negative testing for SubjectAltName parsing 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2023-02-07 05:10:29 -05:00
Gilles Peskine
a0c806aac1
Merge pull request #7003 from lpy4105/issue/do-not-run-x86-tests-on-arm64 
all.sh: test_m32_xx is not supported on arm64 host
 2023-02-07 10:26:10 +01:00
Jerry Yu
e51eddce38 disable aesce when ASM not available 
Change-Id: Icd53a620cc3aed437b0e0e022ca5a36f29caeea1
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-02-07 17:11:53 +08:00
Yanray Wang
3f9961bfca compat.sh: remove G_CLIENT_PRIO as it's not used 
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
 2023-02-07 16:36:51 +08:00
Yanray Wang
a89c4d51f7 compat.sh: display "no" even if $VERIFY=YES for PSK test cases 
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
 2023-02-07 16:36:51 +08:00
Yanray Wang
5d646e705d compat.sh: do not filter PSK ciphersuites for GnuTLS if $VERIFY=YES 
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
 2023-02-07 16:36:51 +08:00
Yanray Wang
c66a46f734 compat.sh: remove check_openssl_server_bug 
As there is no $VERIFY for PSK test cases,
check_openssl_server_bug is not functional in compat.sh.

Signed-off-by: Yanray Wang <yanray.wang@arm.com>
 2023-02-07 16:36:51 +08:00
Yanray Wang
35c0eadf0f compat.sh: avoid running duplicate test cases for PSK 
With the introduction of PSK_TESTS,
 - Either `compat.sh -V NO` or `compat.sh -V YES` runs the PSK tests
 - `compat.sh` or `compat.sh -V "NO YES"` runs PSK tests only once

Signed-off-by: Yanray Wang <yanray.wang@arm.com>
 2023-02-07 16:36:51 +08:00
Yanray Wang
dae7057e1f compat.sh: ignore $VERIFY in PSK TYPE 
There is no need to provide CA file in PSK. Thus VERIFY is
meaningless for PSK. This change omits the arguments passed to
the client and server for $VERIFY=YES.

Signed-off-by: Yanray Wang <yanray.wang@arm.com>
 2023-02-07 16:36:20 +08:00
Valerio Setti
bf74f52920 test: add a comment specifying why restartable cannot be tested 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-02-07 08:02:23 +01:00
Valerio Setti
4836374088 test: ECDSA driver only: fixing disparities in tests 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-02-07 08:02:23 +01:00
Valerio Setti
4e0278d710 test: ECDSA driver only: disable ECP_RESTARTABLE 
This is not yet supported in driver only implementation

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-02-07 08:02:23 +01:00
Valerio Setti
4e26df99aa test: ECDSA driver_only: verify disparities in PK 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-02-07 08:02:23 +01:00
Jan Bruckner
1aabe5c4d7 Fix typos 
Signed-off-by: Jan Bruckner <jan@janbruckner.de>
 2023-02-06 12:54:53 +01:00
Jan Bruckner
aa31b19395 Extend test framework for Record Size Limit Extension 
Fixes #7006

Signed-off-by: Jan Bruckner <jan@janbruckner.de>
 2023-02-06 12:54:29 +01:00
Manuel Pégourié-Gonnard
cced3521cb Fix style in test_suite_md.function 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-02-06 12:37:02 +01:00
Andrzej Kurek
81cf5ad347
Improve tests/scripts/depends.py code 
As suggested by gilles-peskine-arm.

Co-authored-by: Gilles Peskine <gilles.peskine@arm.com>
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2023-02-06 10:48:43 +01:00
Nick Child
50886c25f3 pkcs7/test: Add test for parsing a disabled algorithm 
If the digest algorithm is not compiled into Mbedtls,
then any pkcs7 structure which uses this algorithm
should fail with MBEDTLS_ERR_PKCS7_INVALID_ALG.
Add test for this case.

Signed-off-by: Nick Child <nick.child@ibm.com>
 2023-02-03 20:33:12 +00:00
Nick Child
6291cc2444 pkcs7/test: Remove f strings in generator script 
MbedTLS CI uses python v3.5, f strings are not supported
until v3.6 . Remove f string's from generate_pkcs7_tests.py.

Signed-off-by: Nick Child <nick.child@ibm.com>
 2023-02-03 20:33:12 +00:00
Gilles Peskine
0cfb08ddf1
Merge pull request #6922 from mprse/csr_v3 
Parsing v3 extensions from a CSR - v.2
 2023-02-03 16:41:11 +01:00
Manuel Pégourié-Gonnard
f5e2331f8a Use TEST_EQUAL when applicable in test_suite_md 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-02-03 12:51:03 +01:00
Manuel Pégourié-Gonnard
b707bedca4 Avoid unnecessary copy in test_suite_md 
Also avoids buffer with an arbitrary size while at it.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-02-03 12:32:41 +01:00
Manuel Pégourié-Gonnard
4ba98f5350 Use MBEDTLS_MD_MAX_SIZE in test_suite_md 
Not only was the size of 100 arbitrary, it's also not great for testing:
using MBEDTLS_MD_MAX_SIZE will get us an ASan error if it ever is too
small.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-02-03 12:25:53 +01:00
Manuel Pégourié-Gonnard
c90514ee11 Use MD type not string to in MD test data 
For all test that want to use a hash, identify it by its numerical type
rather than a string. The motivation is that when we isolate the
MD-light subset from the larger MD, it won't have support for string
identifiers. Do the change for all tests, not just those that will
exercise functions in MD-light, for the sake of uniformity and because
numerical identifiers just feel better.

Note: mbedtls_md_info_from_string is still tested in md_info().

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-02-03 12:13:10 +01:00
Gilles Peskine
753ad17a41
Merge pull request #6982 from aditya-deshpande-arm/check-files-characters 
check_files.py: Allow specific Box Drawing characters to be used
 2023-02-03 11:46:06 +01:00
Gilles Peskine
e2db23d741
Merge pull request #6902 from yanrayw/6651-enable-cipher-suite-names-consistent 
compat.sh: report and filter cipher suite names consistently
 2023-02-03 11:38:31 +01:00
Manuel Pégourié-Gonnard
bae8d2ae13
Merge pull request #7028 from daverodgman/sizeof-brackets 
Fix use of sizeof without brackets
 2023-02-03 10:29:56 +01:00
Manuel Pégourié-Gonnard
d56def5c30
Merge pull request #6946 from valeriosetti/issue6856 
driver-only ECDSA: fix testing disparities in ecp, random, se_driver_hal
 2023-02-03 08:51:04 +01:00
Yanray Wang
131ec931eb Remove the additional dot in output of compat.sh 
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
 2023-02-03 12:13:04 +08:00
Dave Rodgman
6dd757a8ba Fix use of sizeof without brackets 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-02-02 12:40:50 +00:00
Valerio Setti
00c1ccb08c depends.py: fix typo and slightly reorganized code 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-02-02 11:33:31 +01:00
Aditya Deshpande
ebb2269f68 Allow whole Box Drawings range 
Signed-off-by: Aditya Deshpande <aditya.deshpande@arm.com>
 2023-02-01 13:30:26 +00:00
Pengyu Lv
c92df3ba59 all.sh: test_m32_xx is not supported on arm64 host 
test_m32_xxx tests are x86 specific, but the support
function only identifies a 64-bit system. So the tests
will be run on arm64 host and cause a test failure.
This change restricts those tests to amd64/x86_64
only.

Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
 2023-02-01 10:50:50 +08:00
Gabor Mezei
2038ce976e
Rename function to follow naming convention 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2023-01-31 14:40:05 +01:00
Gabor Mezei
95ecaaf56d
Add test generation support for the ecp module 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2023-01-31 14:40:05 +01:00
Gabor Mezei
51ec06aa51
Add test function for ecp_mod_p192_raw 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2023-01-31 14:40:05 +01:00
Gilles Peskine
470f10cfc5
Merge pull request #6941 from gabor-mezei-arm/6375_quasi-reduction_function 
Add function to fix quasi-reduction
 2023-01-31 11:25:25 +01:00
Nick Child
a0c15d0fec pkcs7/test: Add test cases for pkcs7 with 3 signers 
Previously, a loop in pkcs7_get_signers_info_set was not
getting covered by tests. This was because when there are
two or less signers, the loop will not execute.
Therefore, add new data files for another signer and use
three signers to generate a new pkcs7 DER file. Add a test
case to make sure that verification is still successfula and
use the test script to create ASN1 errors throoughout the
stucture:
./generate_pkcs7_tests.py ../data_files/pkcs7_data_3_signed.der

This results in the loop being executed.

Signed-off-by: Nick Child <nick.child@ibm.com>
 2023-01-30 19:30:38 +00:00
Nick Child
951f700909 pkcs7/test: Allocate hash dynamically 
Rather than using a static array, use the md_info
size to allocate dynamically.

Signed-off-by: Nick Child <nick.child@ibm.com>
 2023-01-30 16:45:04 +00:00
Nick Child
c547447deb pkcs7/test: Let verify take dynamic number of certs 
Previously there were two test functions for verify.
One allowed for the verification of one certificate and
the other allowed for verification of two certificates.

Merge these two functions into one function that can take
any number of certificates as an argument.

Signed-off-by: Nick Child <nick.child@ibm.com>
 2023-01-30 16:45:04 +00:00
Nick Child
ec81709516 pkcs7: Ensure all data in asn1 structure is accounted for 
Several PKCS7 invalid ASN1 Tests were failing due to extra
data bytes or incorrect content lengths going unnoticed. Make
the parser aware of possible malformed ASN1 data.

Signed-off-by: Nick Child <nick.child@ibm.com>
 2023-01-30 16:44:58 +00:00
Nick Child
4983ddf747 test/pkcs7: Add more tests for better coverage 
Add test calls to raw asn1 data with slight syntatical errors
Increases %branches covered from 70.4% to 87.7%.
Add a script which serves as documentation for how these new test
cases were generated:
 ./generate_pkcs7_tests.py ../data_files/pkcs7_data_cert_signed_sha256.der
 ./generate_pkcs7_tests.py ../data_files/pkcs7_data_multiple_signed.der

Signed-off-by: Nick Child <nick.child@ibm.com>
 2023-01-30 15:55:44 +00:00
Nick Child
b781770b3e test/pkcs7: Add helper function 
In the future, tests will be added which take in a char buffer
and buflen. Rather than duplicate code, have tests which
read from file and from buffer use the same helper function

Signed-off-by: Nick Child <nick.child@ibm.com>
 2023-01-30 15:55:44 +00:00
Nick Child
e8a811650b test/pkcs7: Add test for expired cert 
PKCS7 verification should fail if the signing cert is expired.
Add test case for this condition.

Signed-off-by: Nick Child <nick.child@ibm.com>
 2023-01-30 15:55:44 +00:00
Nick Child
ff2746fa56 test/pkcs7: Add test for wrong hash alg 
Add a test to verify a hash which uses a different digest
algorithm than the one specified in the pkcs7.

Signed-off-by: Nick Child <nick.child@ibm.com>
 2023-01-30 15:55:44 +00:00
Aditya Deshpande
15b6dd0fb4 Modify comments to make them more inclusive 
Signed-off-by: Aditya Deshpande <aditya.deshpande@arm.com>
 2023-01-30 13:46:58 +00:00
Aditya Deshpande
ea637081dd Allow specific Box Drawing UTF characters that are used in Markdown trees in check_files.py 
Signed-off-by: Aditya Deshpande <aditya.deshpande@arm.com>
 2023-01-30 13:19:32 +00:00
Manuel Pégourié-Gonnard
aae61257d1
Merge pull request #6883 from valeriosetti/issue6843 
Improve X.509 cert writing serial number management
 2023-01-30 13:08:57 +01:00
Manuel Pégourié-Gonnard
e28397a376
Merge pull request #6938 from aditya-deshpande-arm/check-names-exclusions 
check_names.py: Compare identifiers in excluded files against symbols parsed by nm
 2023-01-30 09:21:58 +01:00
Valerio Setti
18b9b035ad test: add test for a full length serial of 0xFF 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-01-27 11:47:57 +01:00
Valerio Setti
a87f839113 test: improve error handling in x509_set_serial_check() 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-01-27 11:29:42 +01:00
Manuel Pégourié-Gonnard
169d9e6eb4
Merge pull request #6802 from gilles-peskine-arm/test_suite_psa_crypto_metadata-20221215 
Add metadata tests for CCM* and TLS1.2-ECJPAKE-to-PMS
 2023-01-27 10:05:00 +01:00
Przemek Stekiel
59f4a18b6f Fix test dependency SHA1 -> SHA256 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-01-27 07:14:14 +01:00
Gilles Peskine
b82977a429
Merge pull request #6962 from davidhorstmann-arm/fix-check-python-errors 
Fix check python errors
 2023-01-26 21:54:25 +01:00
Gilles Peskine
81505e4a16
Merge pull request #6917 from yanrayw/6658-not-print-Terminated-ubuntu-22.04 
Fix the problem of printing "Terminated" in compat.sh under Ubuntu-22.04
 2023-01-26 21:53:33 +01:00
Gilles Peskine
b20028b3a3 Avoid using external programs in inner loops 
Don't use external programs for string manipulation that the shell can do.
This makes the script a little faster (~10% when testing PSK).

For this commit, I only looked at code run in the innermost loop.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-01-26 21:45:45 +01:00
Gilles Peskine
47aab850da Batch cipher translations to go faster 
Python has a high startup cost, so go back to invoking it only once per
server start, rather than once per client start. This is a measurable
performance improvement (running time ~*0.5 with PSK, less dramatic with
asymmetric crypto).

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-01-26 21:45:45 +01:00
Gilles Peskine
292cd6f4e5 Don't use the cipher suite in check_openssl_server_bug 
We can detect PSK based on $TYPE. This allows more flexibility in how cipher
suites are spelled.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-01-26 21:44:26 +01:00
Valerio Setti
af4815c6a4 x509: replace/fix name of new function for setting serial 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-01-26 17:43:09 +01:00
Valerio Setti
fa49a8ecdb test: fix complementary domain testing for !MBEDTLS_ECP_C 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-01-26 17:16:38 +01:00
Przemek Stekiel
d7992df529 Use input files to parse CSR instead of bytes 
Additionally fix the generation of test_csr_v3_all_malformed_extension_ns_cert_bitstream_tag.csr.der which was incorectly malformed.

Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-01-25 16:19:50 +01:00
Valerio Setti
de7bb5b361 test: add failing check for secp224r1 with compressed format 
The test is expected to fail, so we verify that this is really
not suppported

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-01-25 14:02:03 +01:00
Valerio Setti
9cb0f7a423 test: driver-only: fix disparities in random 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-01-25 11:49:11 +01:00
Valerio Setti
3002c99247 test: extend analyze_outcomes.py in order to skip only some test in a suite 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-01-25 11:49:00 +01:00
Valerio Setti
7e57920511 test: driver-only: fix disparities in psa_crypto_se_driver_hal 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-01-25 11:30:46 +01:00
Valerio Setti
4682948c1e test: driver-only: fix disparities in ECP 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-01-25 11:30:31 +01:00
Przemek Stekiel
94e21e153f Skip unsupported extensions 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-01-25 11:08:32 +01:00
Przemek Stekiel
92cce3fe6d Use extension .csr.der to indicate format 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-01-25 10:33:26 +01:00
Przemek Stekiel
f0e25c72d9 Add missing dependencies for negative tests, remove PEM dependency 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-01-25 09:38:01 +01:00
David Horstmann
f0c75796be Fix a missing type hint warning 
Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2023-01-24 18:53:15 +00:00
Gabor Mezei
86c90fca3e
Rename variables to follow the naming convention 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2023-01-24 14:21:10 +01:00
Gabor Mezei
ee2aff2093
Add check for test input 
The input for fix_quasi_reduction must be in range 0 <= X < 2N.

Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2023-01-24 14:21:05 +01:00
Andrzej Kurek
576803faa2 depends.py: improve expected argument type 
Requested config option can be either boolean or a string.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2023-01-24 07:40:42 -05:00
Manuel Pégourié-Gonnard
00d3e96042
Merge pull request #6855 from mpg/driver-only-ecdsa-starter 
Driver-only ECDSA starter
 2023-01-24 13:06:17 +01:00
Przemek Stekiel
160968586b Add negative test cases and use DER format for CSRs 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-01-24 10:57:19 +01:00
Przemek Stekiel
3f948c96e2 Fix typo in test dependencies 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-01-24 10:57:19 +01:00
Przemek Stekiel
685d472db3 Adapt expected output of existing tests 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-01-24 10:57:19 +01:00
Przemek Stekiel
46a4a4987e Add tests to very parsing of CSR v3 extensions 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-01-24 10:57:19 +01:00
Przemek Stekiel
e7fbbb3fbd Generate csr files to test v3 extensions 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-01-24 10:57:19 +01:00
Manuel Pégourié-Gonnard
4455fd2449
Merge pull request #6531 from AndrzejKurek/depends-py-kex-fixes 
Depends.py - add exclusive domain tests to key exchange testing
 2023-01-24 09:32:05 +01:00
Gabor Mezei
9073f7dd3b
Remove unneeded check 
The fix_quasi_reduction function changed to static so checking the
invalid arguments are not needed anymore.

Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2023-01-23 19:05:37 +01:00
Gabor Mezei
e81a2b85c9
Change the fix_quasi_reduction function to static 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2023-01-23 18:58:20 +01:00
Gabor Mezei
aaa1d2a276
Move the quasi reduction fixing function to bignum_mod_raw 
Rename the function to 'fix_quasi_reduction' to better suite its functionality.
Also changed the name prefix to suite for the new module.

Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2023-01-23 18:55:57 +01:00
Andrzej Kurek
3b0215d453 depends.py: merge set/unset config option into one function 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2023-01-23 07:19:22 -05:00
Manuel Pégourié-Gonnard
d84902f4ef Add issue numbers to TODO comments 
In the python script I didn't use the word TODO because pylint doesn't
like that, but morally it's the same.

I removed the comment about "do we need a subset of compat.sh?" because
it turns out that `ssl-opt.sh` is already exercising all the key
exchanges:

    % sed -n 's/.*force_ciphersuite=TLS-\([^ ]*\)-WITH.*/\1/p' tests/ssl-opt.sh | sort -u
    DHE-PSK
    DHE-RSA
    ECDH-ECDSA
    ECDHE-ECDSA
    ECDHE-PSK
    ECDHE-RSA
    ECJPAKE
    PSK
    RSA
    RSA-PSK

(the only omission is ECDH-RSA which is not of interest here and does
not actually differ from ECDH-ECDSA). So, we don't need a subset of
compat.sh because we're already getting enough testing from ssl-opt.sh
(not to mention test_suite_ssl).

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-01-23 13:03:13 +01:00
Manuel Pégourié-Gonnard
bc19a0b0d8 Fix missing SHA-224 in test driver build 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-01-23 12:54:24 +01:00
Manuel Pégourié-Gonnard
5a2e02635a Improve a few comments & documentation 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-01-23 12:51:52 +01:00