Dave Rodgman
6da7872aa2
Merge pull request #1083 from gilles-peskine-arm/development-restricted-merge-20230925
...
Merge development into development-restricted
2023-09-25 18:16:01 +01:00
Valerio Setti
bbf86afdeb
test_suite_psa_crypto: fix curve dependency in test
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-09-25 17:39:41 +02:00
Valerio Setti
db6b4db7a0
Renaming all MBEDTLS_HAVE for curves to MBEDTLS_ECP_HAVE
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-09-25 17:39:41 +02:00
Valerio Setti
6d809cc969
lib/test: use new internal helpers in library's code and tests
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-09-25 17:39:41 +02:00
Gilles Peskine
ffe590d197
Merge pull request #1058 from waleed-elmelegy-arm/check-set_padding-is-called
...
Check set_padding has been called in mbedtls_cipher_finish
2023-09-25 17:12:36 +02:00
Gilles Peskine
ca1e605b9c
Merge remote-tracking branch 'upstream-public/development' into development-restricted-merge-20230925
...
Conflicts:
* `include/mbedtls/build_info.h`: a new fragment to auto-enable
`MBEDTLS_CIPHER_PADDING_PKCS7` was added in
c9f4040f7f
in `development-restricted`.
In `development`, this section of the file has moved to
`include/mbedtls/config_adjust_legacy_crypto.h`.
* `library/bignum.c`: function name change in `development-restricted` vs
comment change in development. The comment change in `development` is not
really relevant, so just take the line from `development-restricted`.
2023-09-25 16:16:26 +02:00
Dave Rodgman
025bed9eb7
Merge pull request #1076 from daverodgman/more-ct
...
Use CT module more consistently
2023-09-25 11:50:10 +01:00
Manuel Pégourié-Gonnard
4fe1e8762d
Fix SHA-3 dependencies in test_suite_md
...
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-09-25 10:05:23 +02:00
Manuel Pégourié-Gonnard
f4ceb16813
Fix dependencies for SHA-3 MD dispatch tests
...
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-09-24 09:48:46 +02:00
Gilles Peskine
ae3cda9541
Merge pull request #8092 from silabs-Kusumit/PBKDF2_output_key
...
PBKDF2: test output_key
2023-09-22 18:01:06 +00:00
Gilles Peskine
18e1d11cfe
Merge pull request #1049 from waleed-elmelegy-arm/Switch-pkparse-to-mbedtls_pkcs5_pbe2_ext
...
Switch pkparse to use new pkcs5/12 pbe functions
2023-09-22 18:06:50 +02:00
Dave Rodgman
9fc868012c
Fix test error
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-09-22 10:56:13 +01:00
Gilles Peskine
193f94276e
Merge pull request #1071 from gilles-peskine-arm/ssl_decrypt_stream_short_buffer
...
Fix buffer overread in mbedtls_ssl_decrypt_buf with stream cipher
2023-09-22 11:43:03 +02:00
Dave Rodgman
fbe74a9e51
Add mbedtls_ct_error_if, with tests
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-09-22 09:58:25 +01:00
Dave Rodgman
9d0869140b
Remove tests for mbedtls_ct_int_if
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-09-21 21:54:08 +01:00
Dave Rodgman
f1915f623d
Improve testing for mbedtls_ct_int_if
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-09-21 19:22:59 +01:00
Dave Rodgman
cc3c670670
Fix compiler cast warning
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-09-21 16:33:26 +01:00
Waleed Elmelegy
3643947a1e
Add correct dependencies for AES-192/256 cipher tests
...
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
2023-09-21 16:22:15 +01:00
Waleed Elmelegy
38202a2b18
Improve pkparse test dependencies and changelog
...
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
2023-09-21 15:21:10 +01:00
Waleed Elmelegy
f4e665101d
Add more tests to check setting padding mode
...
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
2023-09-21 14:04:35 +01:00
Dave Rodgman
93b3228d42
Add tests for mbedtls_ct_error_if
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-09-21 13:50:51 +01:00
Waleed Elmelegy
556a0790f6
Fix code style in pkparse tests
...
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
2023-09-21 09:19:56 +01:00
Waleed Elmelegy
9d4d8ebaf2
Add PKCS5/12 dependecies to pkparse tests
...
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
2023-09-21 08:45:56 +01:00
Pengyu Lv
9d87a38976
test_suite_ssl: improve variable naming in ssl_set_hostname_twice
...
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-09-21 10:32:12 +08:00
Waleed Elmelegy
15bcf38e88
Add test pkparse test dependencies
...
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
2023-09-20 20:02:16 +01:00
Waleed Elmelegy
1db5cdaf57
Add tests to test pkcs8 parsing of encrypted keys
...
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
2023-09-20 19:29:02 +01:00
Waleed Elmelegy
d527896b7e
Switch pkparse to use new mbedtls_pkcs12_pbe_ext function
...
Switch pkparse to use new mbedtls_pkcs12_pbe_ext function
and deprecate mbedtls_pkcs12_pbe function.
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
2023-09-20 19:29:02 +01:00
Waleed Elmelegy
c9f4040f7f
Switch pkparse to use new mbedtls_pkcs5_pbes2_ext function
...
Switch pkparse to use new mbedtls_pkcs5_pbes2_ext function
and deprecate mbedtls_pkcs5_pbes2 function.
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
2023-09-20 19:28:28 +01:00
Manuel Pégourié-Gonnard
5edb942708
Merge pull request #8041 from mpg/tfm-p256m
...
Test TF-M config with p256-m driver
2023-09-20 16:09:56 +00:00
Dave Rodgman
143f5f7c68
Add mbedtls_ct_bool_if and mbedtls_ct_bool_if_else_0
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-09-19 21:52:13 +01:00
Dave Rodgman
1cfc43c77b
Rename mbedtls_ct_bool_xor to mbedtls_ct_bool_ne
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-09-19 18:39:33 +01:00
Dave Rodgman
6568f60358
Simplify mbedtls_ct_memcmp_partial test
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-09-19 17:48:24 +01:00
Dave Rodgman
2c9f86b3b6
Add docs for mbedtls_ct_memcmp_partial test
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-09-19 17:48:13 +01:00
Dave Rodgman
28bc1ab923
Use exact bounds for allocations in mbedtls_ct_memcmp_partial test
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-09-19 17:34:57 +01:00
Dave Rodgman
ba600b2fd9
Remove expected param from mbedtls_ct_memcmp_partial test
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-09-19 17:26:13 +01:00
Waleed Elmelegy
071b69f47b
Add correct dependency to DES3 test
...
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
2023-09-19 11:24:49 +01:00
Dave Rodgman
771ac65b0c
Add tests for mbedtls_ct_memcmp_partial
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-09-19 09:10:59 +01:00
Gilles Peskine
d2e004e401
Test mbedtls_ssl_decrypt_buf(): stream cipher, negative cases
...
Test mbedtls_ssl_decrypt_buf() with a null cipher (the only type of stream
cipher we support). Test the good case (to make sure the test code
constructs the input correctly), test with an invalid MAC, and test with a
shortened input.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-09-18 19:07:50 +02:00
Waleed Elmelegy
6d2c5d5f5c
Adjust cipher tests to new requirement of specifying padding mode
...
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
2023-09-18 17:41:25 +01:00
Gilles Peskine
9099d3fd76
Refactoring: create mbedtls_test_ssl_prepare_record_mac()
...
No semantic change.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-09-18 17:21:15 +02:00
Gilles Peskine
68ec3ccc7c
Add missing cleanup
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-09-18 14:35:52 +02:00
Gilles Peskine
ac5fabed25
Refactoring: prepare to create mbedtls_test_ssl_prepare_record_mac()
...
No semantic change.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-09-18 14:35:42 +02:00
Gilles Peskine
a3237efefb
Move testing of mbedtls_ssl_decrypt_buf to a new test suite
...
test_suite_ssl is huge and needs splitting.
Create a new test suite focused on mbedtls_ssl_decrypt_buf(), which is a
complicated function that needs more thorough testing with malformed inputs.
At this point, we are only doing negative testing with CBC-non-ETM test
suites. This needs to grow.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-09-18 14:23:13 +02:00
Gilles Peskine
67c86e626b
Merge pull request #7961 from gilles-peskine-arm/psa_crypto_config-in-full
...
Enable MBEDTLS_PSA_CRYPTO_CONFIG in the full config
2023-09-18 08:13:12 +00:00
Gilles Peskine
8a7fb2d799
Merge pull request #1055 from waleed-elmelegy-arm/add-new-pkcs12-pbe2-ext-fun
...
Add new pkcs12 pbe2 ext fun
2023-09-15 18:43:03 +02:00
Gilles Peskine
0ddffb6de2
Merge pull request #7210 from sergio-nsk/patch-2
...
Fix llvm error: variable 'default_iv_length' and other may be used uninitialized
2023-09-13 16:38:55 +02:00
Gilles Peskine
3cea3efc25
Merge pull request #8025 from AgathiyanB/accept-numericoid-hexstring-x509
...
Accept numericoid hexstring x509
2023-09-13 08:54:33 +00:00
Dave Rodgman
da0bb9fae8
Merge pull request #8034 from gilles-peskine-arm/bump_version-doc_mainpage
...
Update capitalization of "Mbed" and fix bump_version.sh
2023-09-13 08:41:20 +00:00
Gilles Peskine
e820c0abc8
Update spelling "mbed TLS" to "Mbed TLS"
...
The official spelling of the trade mark changed from all-lowercase "mbed"
to normal proper noun capitalization "Mbed" a few years ago. We've been
using the new spelling in new text but still have the old spelling in a
lot of text. This commit updates most occurrences of "mbed TLS":
```
sed -i -e 's/mbed TLS/Mbed TLS/g' $(git ls-files ':!ChangeLog' ':!tests/data_files/**' ':!tests/suites/*.data' ':!programs/x509/*' ':!configs/tfm*')
```
Justification for the omissions:
* `ChangeLog`: historical text.
* `test/data_files/**`, `tests/suites/*.data`, `programs/x509/*`: many
occurrences are significant names in certificates and such. Changing
the spelling would invalidate many signatures and tests.
* `configs/tfm*`: this is an imported file. We'll follow the upstream
updates.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-09-12 19:18:17 +02:00
Waleed Elmelegy
57d09b72ef
Return back to modifying input parameters in pkcs12_parse_pbe_params
...
Return back to modifying input parameters in pkcs12_parse_pbe_params
to avoid change in behaviour.
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
2023-09-12 14:05:10 +01:00
Waleed Elmelegy
a7d206fce6
Check set_padding has been called in mbedtls_cipher_finish
...
Check set_padding has been called in mbedtls_cipher_finish
in modes that require padding.
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
2023-09-12 13:39:36 +01:00
Paul Elliott
45b6e5e69f
Prevent potential use of uninitialised data in pkcs7 tests
...
Move the initialisation of the pkcs7 object to before the first possible
test failure, otherwise failure in those tests could result in an
uninitialised pointer being free'd. Found by coverity.
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2023-09-12 11:58:21 +01:00
Dave Rodgman
49d7223036
Fix test under memsan
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-09-12 11:03:23 +01:00
Dave Rodgman
70e022b024
code style
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-09-12 09:29:13 +01:00
Manuel Pégourié-Gonnard
0509b5878c
Fix INVALID vs NOT_SUPPORTED issue in test suite
...
This fixes the last remaining failure.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-09-12 09:50:17 +02:00
Dave Rodgman
140d5c77d0
Add single-bit difference tests
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-09-11 19:10:05 +01:00
Waleed Elmelegy
e1cb35b719
Add new mbedtls_pkcs12_pbe_ext function to replace old function
...
Add new mbedtls_pkcs12_pbe_ext function to replace
old mbedtls_pkcs12_pbe function that have security
issues.
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
2023-09-08 16:51:26 +01:00
Gilles Peskine
31d49cd57f
Merge pull request #1053 from waleed-elmelegy-arm/Improve-and-test-mbedtls_pkcs12_pbe
...
Improve & test legacy mbedtls_pkcs12_pbe
2023-09-08 13:08:05 +02:00
Waleed Elmelegy
1f59ee078f
Add correct dependencies to pkcs12 tests
...
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
2023-09-07 17:59:35 +01:00
Waleed Elmelegy
096017023d
Fix identation error in pkcs12 tests
...
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
2023-09-07 17:48:40 +01:00
David Horstmann
8ece2e9712
Fix incorrect test dependencies in pkwrite tests
...
These should rely in MBEDTLS_PEM_{PARSE,WRITE}_C where applicable, not
MBEDTLS_BASE64_C.
Signed-off-by: David Horstmann <david.horstmann@arm.com>
2023-09-07 17:43:12 +01:00
Waleed Elmelegy
75b9eb36b4
Change pkcs12 test comparison macro to the new macro
...
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
2023-09-07 17:02:37 +01:00
Waleed Elmelegy
8317e91b1e
Change pkcs12 test allocation macros to the new macros
...
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
2023-09-07 15:46:58 +01:00
Yanray Wang
4f4822c553
Revert "des: add CIPHER_ENCRYPT_ONLY dependency for test cases"
...
This reverts commit 3c565275c4
.
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-09-07 18:00:25 +08:00
Yanray Wang
9b811658a8
Merge remote-tracking branch 'origin/development' into support_cipher_encrypt_only
2023-09-07 16:18:00 +08:00
Waleed Elmelegy
15de809e1a
Improve pkcs12 pbe tests
...
* Simplify pkcs12 tests to use algo parameters instead of asn1 buffers.
* Fix output buffers allocation size.
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
2023-09-05 16:34:55 +01:00
Waleed Elmelegy
255db80910
Improve & test legacy mbedtls_pkcs12_pbe
...
* Prevent pkcs12_pbe encryption when PKCS7 padding has been
disabled since this not part of the specs.
* Allow decryption when PKCS7 padding is disabled for legacy
reasons, However, invalid padding is not checked.
* Document new behaviour, known limitations and possible
security concerns.
* Add tests to check these scenarios. Test data has been
generated by the below code using OpenSSL as a reference:
#include <openssl/pkcs12.h>
#include <openssl/evp.h>
#include <openssl/des.h>
#include <openssl/asn1.h>
#include "crypto/asn1.h"
#include <string.h>
int main()
{
char pass[] = "\xBB\xBB\xBB\xBB\xBB\xBB\xBB\xBB\xBB";
unsigned char salt[] = "\xCC\xCC\xCC\xCC\xCC\xCC\xCC\xCC\xCC";
unsigned char plaintext[] = "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA";
unsigned char *ciphertext = NULL;
int iter = 10;
X509_ALGOR *alg = X509_ALGOR_new();
int ciphertext_len = 0;
int alg_nid = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;
alg->parameter = ASN1_TYPE_new();
struct asn1_object_st * aobj;
PKCS5_pbe_set0_algor(alg, alg_nid, iter,
salt, sizeof(salt)-1);
aobj = alg->algorithm;
printf("\"30%.2X", 2 + aobj->length + alg->parameter->value.asn1_string->length);
printf("06%.2X", aobj->length);
for (int i = 0; i < aobj->length; i++) {
printf("%.2X", aobj->data[i]);
}
for (int i = 0; i < alg->parameter->value.asn1_string->length; i++) {
printf("%.2X", alg->parameter->value.asn1_string->data[i]);
}
printf("\":\"");
for (int i = 0; i < sizeof(pass)-1; i++) {
printf("%.2X", pass[i] & 0xFF);
}
printf("\":\"");
for (int i = 0; i < sizeof(plaintext)-1; i++) {
printf("%.2X", plaintext[i]);
}
printf("\":");
printf("0");
printf(":\"");
unsigned char * res = PKCS12_pbe_crypt(alg, pass, sizeof(pass)-1, plaintext, sizeof(plaintext)-1, &ciphertext, &ciphertext_len, 1);
if (res == NULL)
printf("Encryption failed!\n");
for (int i = 0; i < ciphertext_len; i++) {
printf("%.2X", res[i]);
}
printf("\"\n");
return 0;
}
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
#
2023-09-05 15:45:55 +01:00
Kusumit Ghoderao
94d319065a
Set input cost as 1 for psa_key_exercise test
...
Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>
2023-09-05 19:30:22 +05:30
Kusumit Ghoderao
7c61ffcc44
Rename parse_binary_string function
...
Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>
2023-09-05 19:29:47 +05:30
Agathiyan Bragadeesh
4ce9ac8463
Add round trip tests for x509 RDNs
...
Signed-off-by: Agathiyan Bragadeesh <agathiyan.bragadeesh2@arm.com>
2023-09-04 16:18:26 +01:00
Gilles Peskine
1a7d387072
Merge pull request #1041 from waleed-elmelegy-arm/add-new-pkcs5-pbe2-ext-fun
...
Add new pkcs5 pbe2 ext fun
2023-09-04 15:33:42 +02:00
Tom Cosgrove
351a391011
Fix incorrect use of mbedtls_platform_zeroize() in tests
...
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2023-09-02 19:22:45 +01:00
Yanray Wang
3c565275c4
des: add CIPHER_ENCRYPT_ONLY dependency for test cases
...
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-09-01 17:35:58 +08:00
Yanray Wang
ba473b1c82
camellia: add CIPHER_ENCRYPT_ONLY dependency for DECRYPT test cases
...
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-09-01 17:35:58 +08:00
Yanray Wang
702c220809
aria: add CIPHER_ENCRYPT_ONLY dependency for DECRYPT test cases
...
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-09-01 17:35:58 +08:00
Yanray Wang
85c3023c60
AES-ECB: add CIPHER_ENCRYPT_ONLY dependency for DECRYPT test cases
...
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-09-01 17:35:58 +08:00
Paul Elliott
6ebe7d2e3a
Merge pull request #8095 from davidhorstmann-arm/initialize-struct-get-other-name
...
Coverity fix: Set `type_id` in `x509_get_other_name()`
2023-08-31 16:26:00 +00:00
Paul Elliott
b5d97156e4
Merge pull request #7857 from minosgalanakis/bugifx/address_curve_bits
...
[BigNum] test_suite_ecp: Fixed curve bit-length.
2023-08-31 13:14:11 +00:00
Gilles Peskine
f7632382cc
Merge pull request #8130 from davidhorstmann-arm/fix-unnecessary-include-prefixes
...
Fix unnecessary header prefixes in tests
2023-08-31 08:57:26 +00:00
Dave Rodgman
dbddb00158
Ensure mbedtls_sha3_finish zeroizes the context
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-08-30 18:43:23 +01:00
Gilles Peskine
03e9dea30b
Merge remote-tracking branch 'development' into psa_crypto_config-in-full
...
Conflicts:
* `include/psa/crypto_sizes.h`: the addition of the `u` suffix in this branch
conflicts with the rework of the calculation of `PSA_HASH_MAX_SIZE` and
`PSA_HMAC_MAX_HASH_BLOCK_SIZE` in `development`. Use the new definitions
from `development`, and add the `u` suffix to the relevant constants.
2023-08-30 18:32:57 +02:00
David Horstmann
22ec2aefa9
Fix unnecessary header prefixes in tests
...
Remove unnecessary "../library" prefix from test suite includes. This
makes the tests repo-agnostic between the mbedtls and psa-crypto repos.
Signed-off-by: David Horstmann <david.horstmann@arm.com>
2023-08-30 15:34:34 +01:00
Waleed Elmelegy
21d7d85af7
Fix mbedtls_pkcs5_pbes test function failure
...
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
2023-08-30 13:12:09 +01:00
Dave Rodgman
730bbee226
Merge remote-tracking branch 'origin/development' into update-restricted-2023-08-30
2023-08-30 11:22:00 +01:00
Dave Rodgman
29bf911058
Merge pull request #7839 from daverodgman/psa-sha3
...
SHA-3 via PSA
2023-08-30 08:51:36 +00:00
Gilles Peskine
a878b663cf
Merge pull request #8090 from silabs-Kusumit/PBKDF2_higher_cost_tests
...
PBKDF2: tests with higher input costs
2023-08-29 14:00:17 +00:00
Waleed Elmelegy
79b6e26b1b
Improve mbedtls_pkcs5_pbes2_ext function test data
...
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
2023-08-29 14:55:03 +01:00
Agathiyan Bragadeesh
733766bc71
Remove trailing whitespace in data file.
...
Signed-off-by: Agathiyan Bragadeesh <agathiyan.bragadeesh2@arm.com>
2023-08-23 15:44:52 +01:00
Agathiyan Bragadeesh
de84f9d67a
Add test for rejecting empty AttributeValue
...
Signed-off-by: Agathiyan Bragadeesh <agathiyan.bragadeesh2@arm.com>
2023-08-23 11:44:04 +01:00
Gilles Peskine
e65bba4dd2
Merge pull request #7803 from gilles-peskine-arm/psa-low-hash-mac-size
...
Start testing the PSA built-in drivers: hashes
2023-08-22 11:19:41 +00:00
Agathiyan Bragadeesh
ea3e83f36a
Amend test in test_suite_x509write
...
Needed since we now reject escaped null hexpairs in strings
Signed-off-by: Agathiyan Bragadeesh <agathiyan.bragadeesh2@arm.com>
2023-08-22 10:39:56 +01:00
Agathiyan Bragadeesh
01e9392c3f
Add malformatted DER test for string_to_names
...
Signed-off-by: Agathiyan Bragadeesh <agathiyan.bragadeesh2@arm.com>
2023-08-22 10:39:56 +01:00
Agathiyan Bragadeesh
cab79188ca
Remove redundant tests in test_suite_x509write
...
Signed-off-by: Agathiyan Bragadeesh <agathiyan.bragadeesh2@arm.com>
2023-08-22 10:39:56 +01:00
Agathiyan Bragadeesh
a0ba8aab2e
Add test for non ascii x509 subject name
...
Signed-off-by: Agathiyan Bragadeesh <agathiyan.bragadeesh2@arm.com>
2023-08-22 10:39:56 +01:00
Agathiyan Bragadeesh
a953f8ab36
Remove duplicate test in test_suite_x509write
...
The test for outputing a hexstring representation is actually
testing dn_gets, and is tested in test_suite_x509parse.
Signed-off-by: Agathiyan Bragadeesh <agathiyan.bragadeesh2@arm.com>
2023-08-22 10:39:56 +01:00
Agathiyan Bragadeesh
957ca0595d
Accept short name/ber encoded data in DNs
...
Signed-off-by: Agathiyan Bragadeesh <agathiyan.bragadeesh2@arm.com>
2023-08-22 10:39:56 +01:00
Agathiyan Bragadeesh
afdb187bbc
Add more comprehensive string to name tests
...
Signed-off-by: Agathiyan Bragadeesh <agathiyan.bragadeesh2@arm.com>
2023-08-22 10:39:56 +01:00
Agathiyan Bragadeesh
e59dedbce2
Add test reject null characters in string to names
...
Signed-off-by: Agathiyan Bragadeesh <agathiyan.bragadeesh2@arm.com>
2023-08-22 10:39:56 +01:00
Agathiyan Bragadeesh
5ca9848513
Reword test in test_suite_x509write
...
Signed-off-by: Agathiyan Bragadeesh <agathiyan.bragadeesh2@arm.com>
2023-08-22 10:39:56 +01:00
Agathiyan Bragadeesh
47cc76f070
Update x509 test for numericoid/hexstring output
...
Signed-off-by: Agathiyan Bragadeesh <agathiyan.bragadeesh2@arm.com>
2023-08-22 10:39:56 +01:00
Agathiyan Bragadeesh
ef299d6735
Add more tests for RFC 4514
...
Signed-off-by: Agathiyan Bragadeesh <agathiyan.bragadeesh2@arm.com>
2023-08-22 10:39:56 +01:00
Agathiyan Bragadeesh
404b4bb9ab
Add x509 tests for upper and lowercase hexpairs
...
Signed-off-by: Agathiyan Bragadeesh <agathiyan.bragadeesh2@arm.com>
2023-08-22 10:39:56 +01:00
Agathiyan Bragadeesh
dba8a641fe
Add and update tests for x509write and x509parse
...
Due to change in handling non-ascii characters, existing tests had to be
updated to handle the new implementation. New tests and certificates
are added to test the escaping functionality in edge cases.
Signed-off-by: Agathiyan Bragadeesh <agathiyan.bragadeesh2@arm.com>
2023-08-22 10:39:52 +01:00
Agathiyan Bragadeesh
ef2decbe4a
Escape hexpairs characters RFC 4514
...
Converts none ascii to escaped hexpairs in mbedtls_x509_dn_gets and
interprets hexpairs in mbedtls_x509_string_to_names.
Signed-off-by: Agathiyan Bragadeesh <agathiyan.bragadeesh2@arm.com>
2023-08-22 10:38:16 +01:00
Agathiyan Bragadeesh
48513b8639
Escape special characters RFC 4514
...
This escapes special characters according to RFC 4514 in
mbedtls_x509_dn_gets and de-escapes in mbedtls_x509_string_to_names.
This commit does not handle hexpairs.
Signed-off-by: Agathiyan Bragadeesh <agathiyan.bragadeesh2@arm.com>
2023-08-22 10:38:16 +01:00
Gilles Peskine
6d14c2b858
Remove dead code
...
Do explain why we don't test a smaller buffer in addition to testing the
nominal size and a larger buffer.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-08-22 09:59:50 +02:00
Gilles Peskine
c9187c5866
New test suite for the low-level hash interface
...
Some basic test coverage for now:
* Nominal operation.
* Larger output buffer.
* Clone an operation and use it after the original operation stops.
Generate test data automatically. For the time being, only do that for
hashes that Python supports natively. Supporting all algorithms is future
work.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-08-22 09:59:42 +02:00
Gilles Peskine
796bc2b8f9
Merge pull request #7486 from AndrzejKurek/calloc-also-zeroizes
...
Document mbedtls_calloc zeroization
2023-08-21 15:47:21 +00:00
Janos Follath
e220d258fd
Merge pull request #8086 from yanesca/remove-new-bignum
...
Remove new bignum when not needed
2023-08-21 10:59:41 +00:00
Gilles Peskine
ead1766b5f
Fix PBKDF2 with empty salt segment on platforms where malloc(0)=NULL
...
"Fix PBKDF2 with empty salt on platforms where malloc(0)=NULL" took care of
making an empty salt work. But it didn't fix the case of an empty salt
segment followed by a non-empty salt segment, which still invoked memcpy
with a potentially null pointer as the source. This commit fixes that case,
and also simplifies the logic in the function a little.
Test data obtained with:
```
pip3 install cryptodome
python3 -c 'import sys; from Crypto.Hash import SHA256; from Crypto.Protocol.KDF import PBKDF2; cost = int(sys.argv[1], 0); salt = bytes.fromhex(sys.argv[2]); password = bytes.fromhex(sys.argv[3]); n = int(sys.argv[4], 0); print(PBKDF2(password=password, salt=salt, dkLen=n, count=cost, hmac_hash_module=SHA256).hex())' 1 "" "706173737764" 64
```
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-08-20 22:05:16 +02:00
David Horstmann
cfae6a1ae9
Fix incorrect detection of HardwareModuleName
...
The hardware module name otherName SAN contains 2 OIDs:
OtherName ::= SEQUENCE {
type-id OBJECT IDENTIFIER,
value [0] EXPLICIT ANY DEFINED BY type-id }
HardwareModuleName ::= SEQUENCE {
hwType OBJECT IDENTIFIER,
hwSerialNum OCTET STRING }
The first, type-id, is the one that identifies the otherName as a
HardwareModuleName. The second, hwType, identifies the type of hardware.
This change fixes 2 issues:
1. We were erroneously trying to identify HardwareModuleNames by looking
at hwType, not type-id.
2. We accidentally inverted the check so that we were checking that
hwType did NOT match HardwareModuleName.
This fix ensures that type-id is correctly checked to make sure that it
matches the OID for HardwareModuleName.
Signed-off-by: David Horstmann <david.horstmann@arm.com>
2023-08-18 19:31:39 +01:00
Kusumit Ghoderao
8eb55891ad
Add tests in derive_key for pbkdf2
...
Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>
2023-08-18 22:04:31 +05:30
Kusumit Ghoderao
1dd596541b
Add tests in derive_key_type for pbkdf2
...
Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>
2023-08-18 22:04:31 +05:30
Kusumit Ghoderao
1fe806a1a0
Add tests in derive_key_export for pbkdf2
...
Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>
2023-08-18 22:04:31 +05:30
Kusumit Ghoderao
e8f6a0d791
Add tests for derive_key_exercise for pbkdf2
...
Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>
2023-08-18 22:04:31 +05:30
Kusumit Ghoderao
ac7a04ac15
Move parse_binary_string function to psa_crypto_helpers
...
Add test code for pbkdf2 in psa_exercise_key
Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>
2023-08-18 22:04:16 +05:30
Kusumit Ghoderao
5cad47df8a
Modify test description
...
The test data was generated using the python script.
PBKDF2_AES_CMAC_PRF_128 test vectors are generated using PyCryptodome library:
https://github.com/Legrandin/pycryptodome
Steps to generate test vectors:
1. pip install pycryptodome
2. Use the python script below to generate Derived key (see description for details):
Example usage:
pbkdf2_cmac.py <password> <salt> <number_of_iterations> <derived_key_len>
derive_output.py 4a30314e4d45 54687265616437333563383762344f70656e54687265616444656d6f 16384 16
password : 4a30314e4d45
salt : 54687265616437333563383762344f70656e54687265616444656d6f
input cost : 16384
derived key len : 16
output : 8b27beed7e7a4dd6c53138c879a8e33c
"""
from Crypto.Protocol.KDF import PBKDF2
from Crypto.Hash import CMAC
from Crypto.Cipher import AES
import sys
def main():
#check args
if len(sys.argv) != 5:
print("Invalid number of arguments. Expected: <password> <salt> <input_cost> <derived_key_len>")
return
password = bytes.fromhex(sys.argv[1])
salt = bytes.fromhex(sys.argv[2])
iterations = int(sys.argv[3])
dklen = int(sys.argv[4])
# If password is not 16 bytes then we need to use CMAC to derive the password
if len(password) != 16:
zeros = bytes.fromhex("00000000000000000000000000000000")
cobj_pass = CMAC.new(zeros, msg=password, ciphermod=AES, mac_len=16)
passwd = bytes.fromhex(cobj_pass.hexdigest())
else:
passwd = password
cmac_prf = lambda p,s: CMAC.new(p, s, ciphermod=AES, mac_len=16).digest()
actual_output = PBKDF2(passwd, salt=salt, dkLen=dklen, count=iterations, prf=cmac_prf)
print('password : ' + password.hex())
print('salt : ' + salt.hex())
print('input cost : ' + str(iterations))
print('derived key len : ' + str(dklen))
print('output : ' + actual_output.hex())
if __name__ == "__main__":
main()
"""
Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>
2023-08-18 12:49:07 +05:30
Gilles Peskine
73936868b8
Merge remote-tracking branch 'development' into psa_crypto_config-in-full
...
Conflicts:
* tests/scripts/all.sh: component_test_crypto_full_no_cipher was removed
in the development branch.
2023-08-17 19:46:34 +02:00
Kusumit Ghoderao
e4d634cd87
Add tests with higher input costs for pbkdf2
...
Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>
2023-08-17 21:16:14 +05:30
Janos Follath
f2334b7b39
Remove new bignum when not needed
...
New bignum modules are only needed when the new ecp_curves module is
present. Remove them when they are not needed to save code size.
Signed-off-by: Janos Follath <janos.follath@arm.com>
2023-08-17 14:36:59 +01:00
Waleed Elmelegy
4a0a989913
Fix unused parameters warnings when MBEDTLS_CIPHER_PADDING_PKCS7 is disabled
...
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
2023-08-17 14:20:58 +01:00
Waleed Elmelegy
87bc1e1cda
Fix heap overflow issue in pkcs5_pbes2 testing functions
...
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
2023-08-17 14:20:58 +01:00
Waleed Elmelegy
5d3f315478
Add new mbedtls_pkcs5_pbe2_ext function
...
Add new mbedtls_pkcs5_pbe2_ext function to replace old
function with possible security issues.
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
2023-08-17 14:20:58 +01:00
Gilles Peskine
294be94922
Merge pull request #7818 from silabs-Kusumit/PBKDF2_cmac_implementation
...
PBKDF2 CMAC implementation
2023-08-17 11:15:16 +00:00
Gilles Peskine
d370f93898
Merge pull request #7898 from AndrzejKurek/csr-rfc822-dn
...
OPC UA - add support for RFC822 and DirectoryName SubjectAltNames when generating CSR's
2023-08-16 09:19:46 +00:00
Kusumit Ghoderao
6c104b9b3b
Modify derive output test cases and add actual output
...
Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>
2023-08-16 11:47:24 +05:30
Paul Elliott
6da3d83f33
Fix resource leak in test failure case
...
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2023-08-11 16:28:06 +01:00
Manuel Pégourié-Gonnard
26b7c93d9d
Merge pull request #7992 from valeriosetti/issue7755
...
driver-only ECC: BN.x509 testing
2023-08-10 19:41:09 +00:00
Manuel Pégourié-Gonnard
54da1a69a2
Merge pull request #7578 from daverodgman/safer-ct5
...
Improve constant-time interface
2023-08-10 16:57:39 +00:00
Tom Cosgrove
e7700a7d0a
Merge pull request #7936 from AgathiyanB/assert-false-macro
...
Add TEST_FAIL macro for tests
2023-08-10 15:01:34 +00:00
Valerio Setti
3580f448eb
test: solve test disparities for x509[parse/write] suites
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-08-10 14:50:43 +02:00
Dave Rodgman
ac69b45486
Document and test mbedtls_ct_size_if_else_0
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-08-10 12:18:13 +01:00
Dave Rodgman
98ddc01a7c
Rename ...if0 to ...else_0
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-08-10 12:11:31 +01:00
Dave Rodgman
b7825ceb3e
Rename uint->bool operators to reflect input types
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-08-10 11:58:18 +01:00
Valerio Setti
c5d85e5ead
test: remove BIGNUM dependencies from pk[parse/write] suites
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-08-10 06:43:23 +02:00
Janos Follath
115784bd3f
Merge pull request #1040 from waleed-elmelegy-arm/development-restricted
...
Improve & test legacy mbedtls_pkcs5_pbe2
2023-08-09 09:43:23 +01:00
Gilles Peskine
a79256472c
Merge pull request #7788 from marekjansta/fix-x509-ec-algorithm-identifier
...
Fixed x509 certificate generation to conform to RFCs when using ECC key
2023-08-07 19:14:54 +00:00
Minos Galanakis
2cae936107
test_suite_ecp: Moved curve bitlenth check after quasi reduction.
...
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
2023-08-07 16:49:22 +01:00
Minos Galanakis
831a2e6369
test_suite_ecp: Fixed curve bit-length.
...
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
2023-08-07 16:45:54 +01:00
Dave Rodgman
953f2a4780
Merge pull request #7892 from AgathiyanB/fix-coverage-MBEDTLS_ECP_NIST_OPTIM-disabled
...
Add dependency MBEDTLS_ECP_NIST_OPTIM for ECP test
2023-08-07 14:37:08 +00:00
Dave Rodgman
4dd89310e9
Update w.r.t. test macro name changes from #6253
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-08-07 11:49:12 +01:00
Dave Rodgman
c98f8d996a
Merge branch 'development' into safer-ct5
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-08-07 11:47:35 +01:00
Dave Rodgman
2ec9892f24
Merge pull request #6253 from tom-cosgrove-arm/rename-assert_compare-to-test_assert_compare
...
Rename test macros `ASSERT_COMPARE()`, `ASSERT_ALLOC()` and `ASSERT_ALLOC_WEAK()`
2023-08-04 13:45:10 +00:00
Dave Rodgman
003a5e1ca7
Merge pull request #1046 from Mbed-TLS/merge_3.4.1
...
Merge 3.4.1
2023-08-03 18:23:37 +01:00
Dave Rodgman
a0fc9987da
Merge branch 'development' into merge_3.4.1
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-08-03 15:56:59 +01:00
Dave Rodgman
6f80ac4979
Merge pull request #7864 from waleed-elmelegy-arm/enforce-min-RSA-key-size
...
Enforce minimum key size when generating RSA key size
2023-08-03 12:57:52 +00:00
Gilles Peskine
6919546ddf
Update more test dependencies when using test-ca.key
...
Those test cases aren't actually executed due to another typo which is
beyond the scope of this commit and will be resolved in
https://github.com/Mbed-TLS/mbedtls/pull/8029 . But update DES to AES anyway.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-08-03 12:02:14 +02:00
Gilles Peskine
46712c644e
Add missing PSA init
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-08-03 11:54:49 +02:00
Gilles Peskine
1bdd76e950
Update old dependency to MBEDTLS_MD_CAN
...
This is a follow-up to 0b8095d96a
. Some test
cases had a typo in the old dependency
name (MBEDTLS_HAS_MD5_VIA_LOWLEVEL_OR_PSA instead of
MBEDTLS_HAS_ALG_MD5_VIA_LOWLEVEL_OR_PSA) which caused us to miss them.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-08-03 11:54:34 +02:00
Waleed Elmelegy
d4e7fe09b3
Change tests to work on different MBEDTLS_RSA_GEN_KEY_MIN_BITS configs
...
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
2023-08-02 16:59:59 +00:00
Gilles Peskine
a824f8bc91
Update test dependencies when using test-ca.key
...
"tests/data_files/test-ca.key" is now encrypted using AES instead of DES.
Update test dependencies accordingly. This fixes `depends.py cipher_id`.
This is a partial cherry-pick of 1a4cc5e92c
(done manually because the context on the same line is different).
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-08-02 16:38:21 +02:00
Kusumit Ghoderao
6eff0b2258
Remove test vector
...
Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>
2023-08-02 17:22:49 +05:30
Gilles Peskine
550d147078
Bump version to 3.4.1
...
```
./scripts/bump_version.sh --version 3.4.1
```
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-08-02 12:50:23 +02:00
Gilles Peskine
267bee9be8
Merge pull request #7903 from valeriosetti/issue7773
...
Define PSA_WANT_xxx_KEY_PAIR_yyy step 2/DH
2023-08-02 10:16:44 +00:00
Gilles Peskine
50745e7e35
Update failing unit tests to use the moved data files
...
After upgrading certificates, some parsing unit tests are failing because
the new certificates have a different expiry date, by design. Switch those
test cases to using the moved copy of the old data (as we did in a more
systematic way in the development branch).
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-08-02 12:12:53 +02:00
Bence Szépkúti
895074e3f9
Merge pull request #8002 from valeriosetti/issue7904
...
PSA maximum size macro definitions should take support into account
2023-08-02 05:57:28 +00:00
Dave Rodgman
926d8da47e
Fix test dependency
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-07-31 17:28:26 +01:00
Dave Rodgman
378280e57f
Revert "Move constant_flow.h into the main library"
...
This reverts commit fd78c34e23
.
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-07-31 17:22:55 +01:00
Dave Rodgman
fd78c34e23
Move constant_flow.h into the main library
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-07-31 12:48:33 +01:00
Dave Rodgman
04a334af55
Make const-time test not depend on internal knowledge of mbedtls_ct_condition_t
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-07-31 12:48:33 +01:00
Valerio Setti
f5051efa81
test: properly size output buffer in key_agreement_fail()
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-07-31 11:35:48 +02:00
Xiaokang Qian
d0657b0015
ecp_mod_p448 has been moved to ecp_mod_p_generic_raw, remove here
...
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2023-07-31 06:46:28 +00:00
Xiaokang Qian
e25597dad7
Make ecp_mode_xxx functions depend on the new macro
...
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2023-07-31 06:46:28 +00:00
Dave Rodgman
c2ad3ad62a
Fix error in test vectors
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-07-28 16:44:18 +01:00
Valerio Setti
1eacae865e
test: check exported length against proper MAX_SIZE
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-07-28 17:29:48 +02:00
Dave Rodgman
fa5a4bbb02
Improve mbedtls_ct_memmove_left w.r.t. const-flow tests
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-07-28 16:13:52 +01:00
Dave Rodgman
8de3482507
Fix false-positive non-const-time errors in test
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-07-28 15:10:00 +01:00
Kusumit Ghoderao
be55b7e45a
Add test cases for 16 byte and empty password
...
Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>
2023-07-27 21:22:26 +05:30
Dave Rodgman
a0f81e8ef8
Add OID tests for HMAC-xxx
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-07-27 16:02:42 +01:00
Waleed Elmelegy
d7bdbbeb0a
Improve naming of mimimum RSA key size generation configurations
...
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
2023-07-27 14:50:09 +00:00
Tom Cosgrove
0540fe74e3
Fix code style
...
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2023-07-27 14:17:27 +01:00
Agathiyan Bragadeesh
763b353f2f
Replace TEST_ASSERT("message" == 0) with TEST_FAIL
...
Signed-off-by: Agathiyan Bragadeesh <agathiyan.bragadeesh2@arm.com>
2023-07-27 13:52:31 +01:00
Dave Rodgman
5c60382201
code style
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-07-27 13:28:41 +01:00
Dave Rodgman
d2c9f6d256
Strengthen psa_mac_verify testing
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-07-27 13:00:02 +01:00
Dave Rodgman
0c38385858
Use psa_mac_compare in tests; add some HMAC edge-cases
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-07-27 12:54:09 +01:00
Waleed Elmelegy
3d158f0c28
Adapt tests to work on all possible minimum RSA key sizes
...
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
2023-07-27 11:03:35 +00:00
Waleed Elmelegy
ab5707185a
Add a minimum rsa key size config to psa config
...
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
2023-07-27 11:00:03 +00:00
Waleed Elmelegy
76336c3e4d
Enforce minimum key size when generating RSA key size
...
Add configuration to enforce minimum size when
generating a RSA key, it's default value is 1024
bits since this the minimum secure value currently
but it can be any value greater than or equal 128
bits. Tests were modifed to accommodate for this
change.
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
2023-07-27 10:58:25 +00:00
Valerio Setti
a55f042636
psa: replace DH_KEY_PAIR_LEGACY with new symbols
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-07-27 09:15:34 +02:00
Dave Rodgman
44fae4908d
Add PSA HMAC MD5 test
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-07-26 18:45:19 +01:00
Dave Rodgman
faff45c917
Add HMAC tests for other digest algorithms
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-07-26 18:13:58 +01:00
Dave Rodgman
fe5adfe547
Add HMAC test-cases for SHA3
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-07-26 17:58:48 +01:00
Gilles Peskine
6b9017045f
Don't call psa_crypto_init with uninitialized local contexts (entropy)
...
psa_crypto_init can fail, and if it does we'll try calling free() on the
local variable, which is uninitialized. This commit fixes memory corruption
when a test fails.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-07-26 18:43:39 +02:00
Dave Rodgman
e3268afb11
Add PSA SHA3 tests for hash_verify and multipart
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-07-25 17:33:55 +01:00
Paul Elliott
f1c032adba
Merge pull request #7902 from valeriosetti/issue7772
...
Define PSA_WANT_xxx_KEY_PAIR_yyy step 2/RSA
2023-07-25 17:13:43 +01:00
Valerio Setti
19fec5487d
test: remove GENPRIME dependency when RSA_KEY_PAIR_GENERATE
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-07-25 12:31:50 +02:00
Dave Rodgman
cad28ae77a
Merge remote-tracking branch 'origin/development' into psa-sha3
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-07-24 15:51:13 +01:00
Waleed Elmelegy
f3fafc3645
Fix CI errors related pkcs5_pbe changes
...
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
2023-07-24 11:45:46 +01:00
Gilles Peskine
5fd88b7f75
Simplify the logic in a test
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-07-21 17:50:49 +02:00
Gilles Peskine
9d5952dba8
Fix some dependencies on symmetric crypto in some TLS 1.3 tests
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-07-21 17:50:49 +02:00
Gilles Peskine
5647d06be8
Merge pull request #7518 from gilles-peskine-arm/psa_inject_entropy-file-stability
...
Fix and test MBEDTLS_PSA_INJECT_ENTROPY
2023-07-21 17:37:15 +02:00
Gilles Peskine
2387bdab0f
Merge pull request #1038 from Mbed-TLS/development
...
Merge development into development-restricted
2023-07-21 15:40:36 +02:00
Tom Cosgrove
e4e9e7da58
For tests, rename TEST_BUFFERS_EQUAL() to TEST_MEMORY_COMPARE()
...
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2023-07-21 11:45:25 +01:00
Tom Cosgrove
05b2a87ea0
For tests, rename TEST_CALLOC_OR_FAIL() to just TEST_CALLOC()
...
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2023-07-21 11:32:25 +01:00
Ronald Cron
87f62850f3
Merge pull request #7893 from ronald-cron-arm/misc-from-psa-crypto
...
Miscellaneous fixes resulting from the work on PSA-Crypto
2023-07-21 10:54:41 +02:00
Tom Cosgrove
412a813ad4
For tests, rename ASSERT_ALLOC_WEAK() to TEST_CALLOC_OR_SKIP()
...
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2023-07-20 16:55:14 +01:00
Gilles Peskine
c723e86e56
Fix copypasta in function documentation
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-07-20 17:54:19 +02:00
Tom Cosgrove
f9ffd11e7a
For tests, rename ASSERT_ALLOC() to TEST_CALLOC_OR_FAIL()
...
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2023-07-20 16:51:21 +01:00
Tom Cosgrove
65cd8519f7
For tests, rename ASSERT_COMPARE() to TEST_BUFFERS_EQUAL()
...
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2023-07-20 16:51:15 +01:00
Manuel Pégourié-Gonnard
c844c1a771
Merge pull request #7546 from mpg/align-psa-md-identifiers
...
Align psa md identifiers
2023-07-20 11:34:28 +02:00
Waleed Elmelegy
708d78f80b
Improve & test legacy mbedtls_pkcs5_pbe2
...
* Prevent pkcs5_pbe2 encryption when PKCS7 padding has been
disabled since this not part of the specs.
* Allow decryption when PKCS7 padding is disabled for legacy
reasons, However, invalid padding is not checked.
* Add tests to check these scenarios. Test data has been
reused but with changing padding data in last block to
check for valid/invalid padding.
* Document new behaviour, known limitations and possible
security concerns.
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
2023-07-19 14:01:35 +01:00
Dave Rodgman
5f65acb02b
Merge pull request #7859 from gilles-peskine-arm/mbedtls_mpi-smaller
...
Reduce the size of mbedtls_mpi
2023-07-18 16:48:37 +01:00
Agathiyan Bragadeesh
dc28a5a105
Rename ASSERT_FALSE to TEST_FAIL
...
Signed-off-by: Agathiyan Bragadeesh <agathiyan.bragadeesh2@arm.com>
2023-07-18 11:45:28 +01:00
Agathiyan Bragadeesh
ebb40bc336
Add ASSERT_FALSE macro for tests
...
Signed-off-by: Agathiyan Bragadeesh <agathiyan.bragadeesh2@arm.com>
2023-07-18 11:38:04 +01:00
Manuel Pégourié-Gonnard
828b3acd6b
Merge pull request #7848 from valeriosetti/issue7749
...
driver-only ECC: EPCf.TLS testing
2023-07-18 10:33:21 +02:00
Tom Cosgrove
08b04b11ff
Merge pull request #7923 from gabor-mezei-arm/7598_fix_clone_of_ecp_module
...
[Bignum] Fixes for the ecp module cloning
2023-07-17 15:28:18 +01:00
Ronald Cron
2e3795dc3c
tests: Fix header inclusion
...
When building tests, the path of the library
directory is part of the possible paths for
the includes thus no need to construct it
manually when including headers.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2023-07-17 11:52:32 +02:00
Gilles Peskine
d8c4549246
Merge pull request #7432 from oberon-microsystems/fix-test-ecjpake-to-pms-dependency
...
Fix derive_ecjpake_to_pms dependency in PSA crypto test
2023-07-17 11:05:40 +02:00
Gabor Mezei
f0021d495a
Update test function dependencies
...
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2023-07-14 14:43:27 +02:00
Gabor Mezei
92ce4c2cbf
Fix ecp variant check
...
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2023-07-14 14:43:22 +02:00
Paul Elliott
3c22366695
Merge pull request #7863 from valeriosetti/issue7790
...
PK: parse: fix disparity with private Montgomery keys
2023-07-11 18:02:12 +01:00
Dave Rodgman
84eaefa43e
Use designated initializers for mbedtls_mpi
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-07-11 16:02:46 +01:00
Paul Elliott
88f34e3348
Merge pull request #7703 from gabor-mezei-arm/7598_clone_the_eco_module
...
[Bignum] Clone the ECP module
2023-07-11 15:00:01 +01:00
Valerio Setti
acab57b6b4
test: replace RSA_KEY_PAIR_LEGACY with proper symbols
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-07-11 14:06:00 +02:00
Valerio Setti
1e6063c8ee
test: set MBEDTLS_ECP_DP dependency also for Montgomery curves
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-07-11 11:28:22 +02:00
Valerio Setti
d476faa595
test: add more tests for Montgomery's invalid masks
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-07-11 11:28:22 +02:00
Valerio Setti
aed87994da
test: verify that Montgomery keys can be fixed on parsing
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-07-11 11:28:22 +02:00
Valerio Setti
4a09dcc6f6
test: replace ECP_DP_CURVE25519_ENABLED with PSA_WANT_ECC_MONTGOMERY_255
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-07-11 11:28:22 +02:00
Valerio Setti
ef80d11c1f
test: add proper key requirements in X25519 key parsing tests
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-07-11 11:28:22 +02:00
Valerio Setti
0a92121716
test: test of Montgomery keys with uncorrect bits whenever PK_HAVE_ECC_KEYS
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-07-11 11:28:22 +02:00
Gilles Peskine
6aca2c9613
Merge pull request #7716 from mpg/psa-util-internal
...
Split psa_util.h between internal and public
2023-07-10 18:33:23 +02:00
Gilles Peskine
d9f0c76f9e
Merge pull request #7879 from tgonzalezorlandoarm/development
...
tests/test_suite_pem: Augment DES test cases with AES: PEM
2023-07-10 18:28:01 +02:00
Dave Rodgman
f3e488ec40
Merge pull request #7216 from lpy4105/issue/6840/add-getters-for-some-fields
...
Add getters for some fields
2023-07-10 17:14:11 +01:00
Andrzej Kurek
bdb41dd46d
Add missing resource deallocation in tests
...
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2023-07-10 08:09:50 -04:00
Manuel Pégourié-Gonnard
f614bde912
Merge pull request #7656 from mprse/ffdh_tls13_v2_drivers
...
FFDH 4: driver-only parity testing - with TLS 1.3
2023-07-10 13:08:47 +02:00
Valerio Setti
ee3a4d0d38
debug: replace occurence of ECP_LIGHT with PK_HAVE_ECC_KEYS
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-07-10 09:13:57 +02:00
Valerio Setti
6f0441d11e
tls: replace occurencies of ECP_LIGHT with PK_HAVE_ECC_KEYS
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-07-10 09:13:57 +02:00
Pengyu Lv
db6143364a
Add test for endpoint getter
...
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-07-10 11:33:23 +08:00
Pengyu Lv
30e0870937
Add test for hostname getter
...
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-07-10 11:33:23 +08:00
Dave Rodgman
7dbd2bf90c
Merge pull request #7441 from gilles-peskine-arm/mbedtls_x509_crt_parse_path-qemu-bug
...
More mbedtls_x509_crt_parse_path() tests, and note qemu-user bug when 32-bit code run on 64-bit host
2023-07-07 19:15:31 +01:00
Manuel Pégourié-Gonnard
461d59b2f8
Merge pull request #7858 from mprse/ffdh_tls13_v2_f
...
Make use of FFDH keys in TLS 1.3 - follow-up
2023-07-07 16:19:35 +02:00
Dave Rodgman
8abb3497ad
Merge branch 'development' into mbedtls_x509_crt_parse_path-qemu-bug
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-07-07 15:11:35 +01:00
Andrzej Kurek
34ccd8d0b6
Test x509 csr SAN DN and RFC822 generation
...
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2023-07-07 08:18:43 -04:00
Manuel Pégourié-Gonnard
9967f11066
Merge pull request #7810 from valeriosetti/issue7771
...
Define PSA_WANT_xxx_KEY_PAIR_yyy step 2/ECC
2023-07-07 10:22:47 +02:00
Agathiyan Bragadeesh
3e1e2e1f78
Add dependency MBEDTLS_ECP_NIST_OPTIM for ECP test
...
For tests running the ecp_fast_mod with MBEDTLS_ECP_DP_SECPXXXR1 the
dependency MBEDTLS_ECP_NIST_OPTIM has been added as this gives the
curves the optimised reduction function that ecp_fast_mod tests.
Signed-off-by: Agathiyan Bragadeesh <agabra02@e127300.arm.com>
2023-07-06 15:40:19 +01:00
Tomás González
3719f9ec91
tests/test_suite_pem: Augment DES test cases with AES: PEM
...
A few negative test cases in test_suite_pem.data rely on DES
(“invalid iv”, “malformed”). DES is deprecated.
Construct similar test cases using AES.
Signed-off-by: Tomás González <tomasagustin.gonzalezorlando@arm.com>
2023-07-06 14:21:23 +01:00
Manuel Pégourié-Gonnard
a30c5cfc66
Use minimal include in test_suite_random
...
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-07-06 12:47:29 +02:00
Manuel Pégourié-Gonnard
d55d66f5ec
Fix missing includes
...
Some files relied on psa_util.h to provide the includes they need.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-07-06 12:47:28 +02:00
Manuel Pégourié-Gonnard
2be8c63af7
Create psa_util_internal.h
...
Most functions in psa_util.h are going to end up there (except those
that can be static in one file), but I wanted to have separate commits
for file creation and moving code around, so for now the new file's
pretty empty but that will change in the next few commits.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-07-06 12:42:33 +02:00
Dave Rodgman
8dda131a0a
Test OID lookup for every hash algorithm
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-07-06 09:52:20 +01:00
Gabor Mezei
2a7bcaf8af
Use only MBEDTLS_ECP_WITH_MPI_UINT
to switch between the ecp variants
...
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2023-07-06 10:37:51 +02:00
Dave Rodgman
6cc1734f3e
Fix test dependency
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-07-05 20:27:45 +01:00
Dave Rodgman
0c2d1afaf3
Fix free before pointers initialised
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-07-05 20:23:09 +01:00
Dave Rodgman
f324a74fab
Add tests for MBEDTLS_MD_SHA3_xxx_VIA_PSA
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-07-05 19:55:15 +01:00
Dave Rodgman
76814b6207
fix missing include
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-07-05 19:38:21 +01:00
Dave Rodgman
c0a0990b6e
Improve testing of md/PSA alg identifier macro conversions
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-07-05 19:17:50 +01:00
Dave Rodgman
7bb7602a66
Add OID tests for SHA-3
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-07-05 19:03:21 +01:00
Dave Rodgman
3d0c8255aa
Merge pull request #7825 from daverodgman/cipher_wrap_size
...
Cipher wrap size improvement
2023-07-05 15:45:48 +01:00
Przemek Stekiel
7ac93bea8c
Adapt names: dh -> xxdh
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-07-05 09:26:26 +02:00
Przemek Stekiel
6f199859b6
Adapt handshake fields to ffdh
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-07-05 09:25:00 +02:00