Werner Lewis
b33dacdb50
Fix parsing of special chars in X509 DN values
...
Use escape mechanism defined in RFC 1779 when parsing commas and other
special characters in X509 DN values. Resolves failures when generating
a certificate with a CSR containing a comma in subject value.
Fixes #769 .
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
2022-06-27 11:19:50 +01:00
Ronald Cron
cf600bc07c
Comment fixes
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-06-27 09:28:49 +02:00
Ronald Cron
e7b9b6b380
tls13: Add checks of overread check failures
...
In Certificate message parsing tests with
invalid vector lengths, add checks that the
parsing failed on the expected overread check.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-06-27 09:28:49 +02:00
Ronald Cron
e3dac4aaa1
tls13: Add Certificate msg parsing tests with invalid vector lengths
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-06-27 09:28:42 +02:00
Ronald Cron
21a1b2d374
Enable "Sending app data" SSL unit tests for TLS 1.3
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-06-24 12:06:46 +02:00
Manuel Pégourié-Gonnard
93a7f7d7f8
Merge pull request #5954 from wernerlewis/x509_next_merged
...
Add mbedtls_x509_dn_get_next function
2022-06-24 09:59:22 +02:00
Werner Lewis
3e5585b45d
Replace TEST_ASSERT macro uses
...
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
2022-06-23 15:12:10 +01:00
Werner Lewis
ac80a66395
Reduce buffer sizes to expected size
...
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
2022-06-23 15:11:50 +01:00
Przemek Stekiel
0c9e74bd55
Remove mbedtls_psa_hkdf_expand() and mbedtls_psa_hkdf_extract() tests
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-06-21 07:22:33 +02:00
Gilles Peskine
e0469b5908
Merge pull request #931 from AndrzejKurek/clihlo_cookie_pxy_fix
...
Add a client hello cookie_len overflow test
2022-06-20 19:35:54 +02:00
Gilles Peskine
76851ae3a6
Add warnings to test code and data about storage format stability
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-06-20 19:10:35 +02:00
Gilles Peskine
36aeb7f163
Merge pull request #5834 from mprse/HKDF_1
...
HKDF 1: PSA: implement HKDF_Expand and HKDF_Extract algorithms
2022-06-20 15:27:46 +02:00
Werner Lewis
12657cdcc6
Remove binary int use
...
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
2022-06-20 11:57:35 +01:00
Werner Lewis
90c46c376b
Use consistent test case names
...
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
2022-06-20 11:53:17 +01:00
Werner Lewis
b3acb053fb
Add mbedtls_x509_dn_get_next function
...
Allow iteration through relative DNs when X509 name contains multi-
value RDNs.
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
2022-06-17 16:40:55 +01:00
Dave Rodgman
eb8570f174
Fix missing newline
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2022-06-17 14:59:36 +01:00
Dave Rodgman
5cab9dafb7
fix whitespace
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2022-06-17 13:48:29 +01:00
Dave Rodgman
57080461f7
Add test-case for checking curve order
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2022-06-17 13:42:40 +01:00
Tuvshinzaya Erdenekhuu
8988e23690
Add missing break
...
In ''int execute_tests( int argc , const char ** argv )'' function,
switch case is missing break statement.
Signed-off-by: Tuvshinzaya Erdenekhuu <tuvshinzaya.erdenekhuu@arm.com>
2022-06-17 10:55:42 +01:00
Gilles Peskine
6194053feb
ASN.1: test that we can parse what we can write
...
In asn1_write tests, when there's a parsing function corresponding to the
write function, call it and check that it can parse what we wrote.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-06-15 21:17:25 +02:00
Gilles Peskine
b7e215f6bc
Fix copypasta in test data
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-06-15 21:16:42 +02:00
Andrzej Kurek
ca35f5bed0
test_suite_ssl: Use a zero fragment offset in a test with a too short record
...
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-06-15 07:19:40 -04:00
Przemek Stekiel
6c9fd61565
exercise_key_agreement_key: add special handling for HKDF_EXPAND
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-06-14 14:41:42 +02:00
Gilles Peskine
2c2730a372
ASN.1 write tests: test with larger buffer
...
Test with the output buffer size up to *and including* the expected output
size plus one. `... < expected->len + 1` was evidently a mistake.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-06-10 20:15:44 +02:00
Gilles Peskine
321a08944b
Fix bug whereby 0 was written as 0200 rather than 020100
...
0200 is not just non-DER, it's completely invalid, since there has to be a
sign bit.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-06-10 20:13:33 +02:00
Gilles Peskine
c9a30fba74
Add MPI write tests when the MPI object has a leading zero limb
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-06-10 20:13:07 +02:00
Gilles Peskine
0ab804a794
Fix mismatch between test data and test description
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-06-10 20:12:25 +02:00
Gilles Peskine
d8579b7673
Uncomment mbedtls_asn1_write_mpi tests with leading 1 bit
...
mbedtls_asn1_write_mpi() correctly handles the sign bit, so there's no
reason not to test that it's handled correctly.
Fix copypasta in test data that was commented out.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-06-10 20:10:37 +02:00
Gilles Peskine
ae25bb043c
Fix null pointer dereference in mpi_mod_int(0, 2)
...
Fix a null pointer dereference when performing some operations on zero
represented with 0 limbs: mbedtls_mpi_mod_int() dividing by 2, or
mbedtls_mpi_write_string() in base 2.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-06-09 19:32:46 +02:00
Andrzej Kurek
ed4d217874
Add missing test dependencies for cookie parsing
...
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-06-08 11:57:57 -04:00
Andrzej Kurek
078e9bcda6
Add the mbedtls prefix to ssl_check_dtls_clihlo_cookie
...
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-06-08 11:47:33 -04:00
Dave Rodgman
11930699f1
Merge pull request #5827 from wernerlewis/time_utc
...
Use ASN1 UTC tags for dates before 2000
2022-06-08 13:54:19 +01:00
Paul Elliott
5f2bc754d6
Merge pull request #5792 from yuhaoth/pr/add-tls13-moving-state-tests
...
Pr/add-tls13-moving-state-tests
2022-06-08 13:39:52 +01:00
Przemek Stekiel
b088a900f4
test_suite_psa_crypto_storage_format: disable KA(ECDH,HKDF_EXTRACT/EXPAND...) test cases
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-06-07 15:34:18 +02:00
Ronald Cron
00e5eaad62
test: ssl: Remove more TLS 1.2 dependencies in handshake state tests
...
That way the concerned tests are also run in the
TLS 1.3 only configuration where a TLS 1.3
handshake is performed.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-06-07 11:14:01 +02:00
Ronald Cron
bdddaef9bb
test: ssl: Enable client authentication in handshake state tests
...
The endpoint initialization function was setting up
a certificate but the client certificate was not
used because client authentication was not enabled
(not enabled in the default SSL server configuration).
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-06-07 11:13:49 +02:00
Dave Rodgman
4b55a89327
Merge pull request #5887 from tom-daubney-arm/mbedtls_x509_crt_ext_types_accessor
...
Add accessor for x509 certificate extension types
2022-06-06 21:51:38 +01:00
Andrzej Kurek
cfb01948c8
Add cookie parsing tests to test_suite_ssl
...
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-06-06 15:29:15 -04:00
Thomas Daubney
5c9c2ce86d
Add correct test dependencies
...
Functions called within the test mean that MBEDTLS_X509_CRT_PARSE_C
is a test dependency and so is declared in this commit.
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
2022-06-06 16:36:43 +01:00
Thomas Daubney
a5f39e0ec2
Move accessor definition
...
Move the definition of the accessor so that it is not defined
within the MBEDTLS_X509_CRT_WRITE_C guards. Thus remove the
dependency from the test and test cases.
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
2022-06-06 15:42:32 +01:00
Przemek Stekiel
66867731aa
derive_output tests: fix output key length to be consistent with teh description
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-06-06 11:26:02 +02:00
Przemek Stekiel
cde3f783f5
Make info valid only after secret for HKDF-EXPAND + adapt tests
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-06-06 11:26:02 +02:00
Przemek Stekiel
0586f4c4ea
Make salt mandatory for HKDF-EXTRACT + adapt tests
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-06-06 11:25:43 +02:00
Jerry Yu
6994e3e0c2
fix various issues
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-06-06 11:50:49 +08:00
Przemek Stekiel
0e99391afe
derive_output test: fix output key bit length
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-06-03 16:18:15 +02:00
Przemek Stekiel
3e8249cde0
Add PSA_WANT_ALG_HKDF_EXPAND, PSA_WANT_ALG_HKDF_EXTRACT, adapt code and dependencies
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-06-03 16:18:15 +02:00
Przemek Stekiel
f0f0bd068b
test_suite_psa_crypto_metadata: add test cases for the HKDF-Extract/Expand algorithms
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-06-03 16:18:15 +02:00
Werner Lewis
acd01e58a3
Use ASN1 UTC tags for dates before 2000
...
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
2022-06-01 16:24:28 +01:00
Jerry Yu
f2d32e6c3d
fix tls13_only test fail
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-06-01 18:05:18 +08:00
Thomas Daubney
3ff4fc6997
Add test data
...
Add two test cases for accessor test. One test where desired
ext type is presentent and the other of when the ext type is
not present.
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
2022-06-01 10:23:50 +01:00
Thomas Daubney
bd5466ab7e
Add test for accessor
...
Add test logic for accessor.
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
2022-06-01 10:23:50 +01:00
Jerry Yu
7bf3358a2d
Remove duplicated tests
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-06-01 16:55:17 +08:00
Jerry Yu
1443537da3
fix test fail when WANT_READ/WRITE returned
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-06-01 15:53:31 +08:00
Jerry Yu
66537f40b6
fix certificate request fail
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-05-31 19:53:05 +08:00
Jerry Yu
1e7c438b67
remove tls1.3 dependancy
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-05-31 19:51:38 +08:00
Gilles Peskine
09858ae664
Merge pull request #5813 from mprse/deprecate_mbedtls_cipher_setup_psa
...
Deprecate mbedtls_cipher_setup_psa()
2022-05-31 10:56:52 +02:00
Jerry Yu
66adf3155c
Update comments
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-05-31 15:23:29 +08:00
Jerry Yu
df0a71a0b0
Add handshake version test
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-05-31 15:06:04 +08:00
Jerry Yu
b3d86de3ea
fix hanshake wrapup fail
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-05-31 15:06:04 +08:00
Jerry Yu
df65b66003
Add handshake over test
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-05-31 15:06:04 +08:00
Jerry Yu
85e5c81c37
fix check test cases fail
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-05-31 15:06:04 +08:00
Jerry Yu
d9d049d180
revert dbg config
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-05-31 15:06:04 +08:00
Jerry Yu
d8c57feaf9
Add moving state test for TLS1.3
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-05-31 15:06:04 +08:00
Jerry Yu
023ff7acb1
Move dependes_on of move handshakes state
...
Prepare share move_handshake_state function with
TLSv1.3
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-05-31 15:06:04 +08:00
Manuel Pégourié-Gonnard
69e348db85
Merge pull request #5833 from superna9999/5826-create-mbedtls-pk-can-do-psa
...
Permissions 1: create `mbedtls_pk_can_do_ext()`
2022-05-23 10:58:32 +02:00
Neil Armstrong
c661ff51c9
Fix pk_can_do_ext tests with non-opaque keys
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-05-20 09:49:04 +02:00
Neil Armstrong
5c5b116a49
Add pk_can_do_ext test for non-opaque keys
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-05-19 18:07:53 +02:00
Przemek Stekiel
476d9c45b8
Use MBEDTLS_TEST_DEPRECATED only in tests
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-05-19 14:11:06 +02:00
Przemek Stekiel
fcdd023ba6
derive_output tests: add invalid input secret test for HKDF-Expand
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-05-19 10:28:58 +02:00
Neil Armstrong
8eb0afb726
Remove duplicate pk_can_do_ext test
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-05-17 14:58:11 +02:00
Neil Armstrong
408f6a60a3
Add usage parameter to mbedtls_pk_can_do_ext()
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-05-17 14:23:20 +02:00
Neil Armstrong
434d4eb74f
Remove invalid comments in pk_can_do_ext()
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-05-17 11:58:22 +02:00
Gilles Peskine
7be11a790d
Use TEST_LE_U in some places where it applies
...
Systematically replace "TEST_ASSERT( $x <= $y )" by "TEST_LE_U( $x, $y )" in
test_suite_psa_crypto. In this file, all occurrences of this pattern are
size_t so unsigned.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-05-16 19:37:53 +02:00
Gilles Peskine
3ff25443c8
Separate the validation of the size macros and of the function
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-05-16 19:33:11 +02:00
Gilles Peskine
d4a258a08f
Improve PSA_RAW_KEY_AGREEMENT_OUTPUT_SIZE validation
...
We want to check:
1. actual output <= PSA_RAW_KEY_AGREEMENT_OUTPUT_SIZE (the output fits
if the caller uses the key-specific buffer size macro)
2. actual output <= PSA_RAW_KEY_AGREEMENT_OUTPUT_MAX_SIZE (the output fits
if the caller uses the generic buffer size macro)
3. PSA_RAW_KEY_AGREEMENT_OUTPUT_SIZE <= PSA_RAW_KEY_AGREEMENT_OUTPUT_MAX_SIZE
(consistency in the calculation)
We were only testing (1) and (2). Test (3) as well. (1) and (3) together
imply (2) so there's no need to test (2).
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-05-16 19:33:11 +02:00
Gilles Peskine
992bee8b6e
Test psa_raw_key_agreement with a larger/smaller buffer
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-05-16 19:33:11 +02:00
Gilles Peskine
9b7e29663f
Merge pull request #4211 from ccawley2011/mingw
...
Fix compilation with MinGW32
2022-05-16 12:30:37 +02:00
Przemek Stekiel
e58ca8bb5e
Add MBEDTLS_TEST_DEPRECATED dependency
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-05-13 15:48:41 +02:00
Przemek Stekiel
61922d1328
Fix mbedtls_cipher_setup_psa() dependencies in tests
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-05-12 13:51:51 +02:00
Manuel Pégourié-Gonnard
4014a0408e
Merge pull request #5617 from gilles-peskine-arm/chacha20-rfc7539-test-vector
...
PSA: ChaCha20: add RFC 7539 test vector with counter=1
2022-05-12 12:34:20 +02:00
Neil Armstrong
ce1d2397d2
Add tests for mbedtls_pk_can_do_ext() in test_suite_pktest_suite_pk
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-05-12 11:53:02 +02:00
Dave Rodgman
3009a97e00
Minor spelling / grammar improvements
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2022-05-11 21:25:54 +01:00
Andrzej Kurek
5c65c5781f
Fix additional misspellings found by codespell
...
Remaining hits seem to be hex data, certificates,
and other miscellaneous exceptions.
List generated by running codespell -w -L
keypair,Keypair,KeyPair,keyPair,ciph,nd
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-05-11 21:25:54 +01:00
Shaun Case
8b0ecbccf4
Redo of PR#5345. Fixed spelling and typographical errors found by CodeSpell.
...
Signed-off-by: Shaun Case <warmsocks@gmail.com>
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2022-05-11 21:25:51 +01:00
Przemek Stekiel
6786a87ccd
derive_output tests: add capacity HKDF-Extract/Expand tests
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-05-11 12:40:21 +02:00
Przemek Stekiel
2849e0e4d5
derive_output tests: add negative HKDF-Extract/Expand tests
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-05-11 12:38:01 +02:00
Przemek Stekiel
e1036fbe90
derive_output tests: add positive HKDF-Extract/Expand tests
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-05-11 12:34:53 +02:00
Przemek Stekiel
ead1bb9987
derive_output test: Adapt for HKDF-Extract/Expand algs
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-05-11 12:22:57 +02:00
Manuel Pégourié-Gonnard
5479f5321a
Merge pull request #5772 from superna9999/5762-rsa-decrypt-pk
...
RSA decrypt 1a: PK
2022-05-11 11:01:01 +02:00
Neil Armstrong
814562afaa
Switch last TEST_ASSERT() in TEST_EQUAL() in pk_wrap_rsa_decrypt_test_vec()
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-05-11 09:29:57 +02:00
Cameron Cawley
ea5496ceb3
Fix compilation with MinGW32
...
Signed-off-by: Cameron Cawley <ccawley2011@gmail.com>
2022-05-10 13:46:09 +01:00
Manuel Pégourié-Gonnard
42650260a9
Merge pull request #5783 from mprse/md_dep_v3
...
Fix undeclared dependencies: MD
2022-05-10 10:41:32 +02:00
Manuel Pégourié-Gonnard
9bbb7bacae
Merge pull request #5791 from superna9999/5788-unify-non-opaque-and-opaque-psks
...
Unify non-opaque and opaque PSKs
2022-05-09 10:15:16 +02:00
Przemek Stekiel
cd204992f2
Fix dependencies in tests
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-05-05 12:09:03 +02:00
Werner Lewis
e59a531455
Fix memcpy() UB in mbedtls_asn1_named_data()
...
Removes a case in mbedtls_asn1_named_data() where memcpy() could be
called with a null pointer and zero length. A test case is added for
this code path, to catch the undefined behavior when running tests with
UBSan.
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
2022-05-04 11:45:06 +01:00
Neil Armstrong
4c3b4e079c
Initialize & free PSA in test_multiple_psks()
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-05-04 11:08:41 +02:00
Neil Armstrong
b32ae72e27
Add PK Opaque RSA decrypt tests
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-05-02 09:14:58 +02:00
Manuel Pégourié-Gonnard
068a13d909
Merge pull request #5771 from superna9999/5761-rsa-decrypt-rework-pk-wrap-as-opaque
...
RSA decrypt 0: Rework `mbedtls_pk_wrap_as_opaque()`
2022-05-02 09:06:49 +02:00
Gilles Peskine
310294f06a
Merge pull request #5759 from tom-daubney-arm/correct_x509_flag_parse_tests
...
Set flag to proper value in x509 parse tests
2022-04-28 18:27:36 +02:00
Gilles Peskine
2b5d898eb4
Merge pull request #5644 from gilles-peskine-arm/psa-storage-format-test-exercise
...
PSA storage format: exercise key
2022-04-28 18:20:02 +02:00
Neil Armstrong
95974974d2
Update mbedtls_pk_wrap_as_opaque() usage in PK & X509write tests
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-04-28 13:27:59 +02:00
Manuel Pégourié-Gonnard
ad47487e25
Merge pull request #5742 from superna9999/5669-review-test-incompatible-psa
...
Fixup or re-enable tests with Use PSA
2022-04-28 09:57:13 +02:00
Neil Armstrong
1c9eb722fd
Update PSA specific comment in pk_rsa_verify_ext_test_vec()
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-04-25 14:38:18 +02:00
Ronald Cron
a828f4d89c
Merge pull request #5684 from tom-daubney-arm/M-AEAD_decrypt_driver_dispatch_test
...
M aead decrypt driver dispatch test
The internal CI "merge TLS testing" ran successfully, CI is OK.
2022-04-23 12:10:21 +02:00
Neil Armstrong
6e6967f6a0
Reorganize PSA INVALID_PADDING handling for test #5 in pk_rsa_verify_ext_test_vec()
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-04-22 16:46:24 +02:00
Gilles Peskine
eef30bcea1
Merge pull request #5755 from mpg/ecdsa-range-test
...
Expand negative coverage of ECDSA verification
2022-04-22 16:43:44 +02:00
Manuel Pégourié-Gonnard
60d83f0126
Merge pull request #5710 from superna9999/5627-pk-opaque-rsa-x509
...
RSA sign 3a: X.509 integration testing
2022-04-22 14:29:23 +02:00
Thomas Daubney
7d063f6467
Adds comments for clarification
...
Adds two comments to clarify 1) why an offset is used
in the call to psa_aead_verify() and 2) why the test of
.hits_finish is always 0 in this test case.
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
2022-04-22 11:36:07 +01:00
Ronald Cron
38b8aa4f63
Merge pull request #5539 from xkqian/add_client_hello_to_server
...
Add client hello into server side
2022-04-22 10:26:00 +02:00
Neil Armstrong
e6ed23cb90
Fix typo in x509_crt_check() comment
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-04-22 09:44:04 +02:00
XiaokangQian
e8ff350698
Update code to align with tls13 coding standard
...
Change-Id: I3c98b7d0db63aecc712a67f4e8da2cb9945c8f17
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-04-22 02:34:40 +00:00
Manuel Pégourié-Gonnard
70701e39b5
Merge pull request #5726 from mprse/mixed_psk_1_v2
...
Mixed PSK 1: Extend PSK-to-MS algorithm in PSA (v.2)
2022-04-21 17:11:52 +02:00
Manuel Pégourié-Gonnard
90c70146b5
Merge pull request #5728 from superna9999/5711-pk-opaque-rsa-pss-sign
...
RSA-PSS sign 1: PK
2022-04-21 17:11:18 +02:00
Neil Armstrong
843795ad2f
Use macro for public key buffer size in pk_psa_wrap_sign_ext()
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-04-21 12:23:28 +02:00
Przemek Stekiel
4e47a91d2e
Fix indentation issues
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-04-21 11:53:57 +02:00
Przemek Stekiel
4daaa2bd05
derive_output mix-psk test: add more cases for derivation of output key
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-04-21 11:53:57 +02:00
Przemek Stekiel
6aabc473ce
derive_output test: remove redundant tests with raw key agreement
...
Already handled by input_bytes().
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-04-21 11:53:57 +02:00
Przemek Stekiel
e665466a80
derive_output test: add other key type value 11 to handle raw key type
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-04-21 11:53:57 +02:00
Przemek Stekiel
c5bd1b8b24
PSA key derivation mix-psk tests: add description for bad state cases
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-04-21 11:53:57 +02:00
Przemek Stekiel
38647defa8
derive_output() test: fix code style
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-04-21 11:53:57 +02:00
Przemek Stekiel
cd00d7f724
test PSA key derivation: add positive and negative cases for mixed-psk
...
Mix-PSK-to-MS test vectors are generated using python-tls library:
https://github.com/python-tls/tls
Steps to generate test vectors:
1. git clone git@github.com:python-tls/tls.git
2. cd tls
3. python3 setup.py build
4. sudo python3 setup.py install
5. Use the python script below to generate Master Secret (see description for details):
"""
Script to derive MS using mixed PSK to MS algorithm.
Script can be used to generate expected result for mixed PSK to MS tests.
Script uses python tls library:
https://github.com/python-tls/tls
Example usage:
derive_ms.py <secret> <other_secret> <seed> <label> <hash>
derive_ms.py 01020304 ce2fa604b6a3e08fc42eda74ab647adace1168b199ed178dbaae12521d68271d7df56eb56c55878034cf01bd887ba4d7 5bc0b19b4a8b24b07afe7ec65c471e94a7d518fcef06c3574315255c52afe21b5bc0b19b872b9b26508458f03603744d575f463a11ae7f1b090c012606fd3e9f 6d617374657220736563726574 SHA256
secret : 01020304
other_secret : ce2fa604b6a3e08fc42eda74ab647adace1168b199ed178dbaae12521d68271d7df56eb56c55878034cf01bd887ba4d7
pms : 0030ce2fa604b6a3e08fc42eda74ab647adace1168b199ed178dbaae12521d68271d7df56eb56c55878034cf01bd887ba4d7000401020304
seed : 5bc0b19b4a8b24b07afe7ec65c471e94a7d518fcef06c3574315255c52afe21b5bc0b19b872b9b26508458f03603744d575f463a11ae7f1b090c012606fd3e9f
label : 6d617374657220736563726574
output : 168fecea35190f9df34c042f24ecaa5e7825337f2cd82719464df5462f16aae84cb38a65c0d612ca9273f998ad32c05b
"""
from cryptography.hazmat.primitives import hashes
from tls._common.prf import prf
import os
import sys
def build_pms(other_secret: bytes, secret: bytes) -> bytes:
other_secret_size = len(other_secret).to_bytes(2, byteorder='big')
secret_size = len(secret).to_bytes(2, byteorder='big')
return(other_secret_size + other_secret + secret_size + secret)
def derive_ms(secret: bytes, other_secret: bytes, seed: bytes, label: bytes, hash: hashes.HashAlgorithm) -> bytes:
return prf(build_pms(other_secret, secret), label, seed, hash, 48)
def main():
#check args
if len(sys.argv) != 6:
print("Invalid number of arguments. Expected: <secret> <other_secret> <seed> <label> <hash>" )
return
if sys.argv[5] != 'SHA384' and sys.argv[5] != 'SHA256':
print("Invalid hash algorithm. Expected: SHA256 or SHA384" )
return
secret = bytes.fromhex(sys.argv[1])
other_secret = bytes.fromhex(sys.argv[2])
seed = bytes.fromhex(sys.argv[3])
label = bytes.fromhex(sys.argv[4])
hash_func = hashes.SHA384() if sys.argv[5] == 'SHA384' else hashes.SHA256()
pms = build_pms(other_secret, secret)
actual_output = derive_ms(secret, other_secret, seed, label, hash_func)
print('secret : ' + secret.hex())
print('other_secret : ' + other_secret.hex())
print('pms : ' + pms.hex())
print('seed : ' + seed.hex())
print('label : ' + label.hex())
print('output : ' + actual_output.hex())
if __name__ == "__main__":
main()
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-04-21 11:41:41 +02:00
Gilles Peskine
286c314ae3
cipher_alg_without_iv: also test multipart decryption
...
For multipart encrpytion, call psa_cipher_finish(). This is not actually
necessary for non-pathological implementations of ECB (the only currently
supported IV-less cipher algorithm) because it requires the input to be a
whole number of blocks and non-pathological implementations emit the output
block from update() as soon as an input block is available. But in principle
a driver could delay output and thus require a call to finish().
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-21 11:27:17 +02:00
Gilles Peskine
9e38f2c8fd
cipher_alg_without_iv: generalized to also do decryption
...
Test set_iv/generate_iv after decrypt_setup. Test successful decryption.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-21 11:25:00 +02:00
Gilles Peskine
9b9b614a02
cipher_encrypt_alg_without_iv: validate size macros independently
...
Validate the size macros directly from the output length in the test data,
rather than using the value returned by the library. This is equivalent
since the value returned by the library is checked to be identical.
Enforce that SIZE() <= MAX_SIZE(), in addition to length <= SIZE(). This is
stronger than the previous code which merely enforced length <= SIZE() and
length <= MAX_SIZE().
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-21 11:24:48 +02:00
Manuel Pégourié-Gonnard
ec52893ec3
Improve readability and relevance of values
...
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-04-21 09:25:23 +02:00
Thomas Daubney
28015e1e44
Set flag to proper value
...
Set flag to proper value. Was previously 0xFFFFFFF and has been
corrected to 0xFFFFFFFF.
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
2022-04-21 08:12:59 +01:00
XiaokangQian
de33391fa0
Rebase and solve conflicts
...
Change-Id: I7f838ff5b607fe5e6b68d74d0edc1def8fc9a744
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-04-20 08:49:42 +00:00
Manuel Pégourié-Gonnard
d8d19de1c7
Expand negative coverage of ECDSA verification
...
Motivated by CVE-2022-21449, to which we're not vulnerable, but we
didn't have a test for it. Now we do.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-04-20 10:34:22 +02:00
XiaokangQian
8f9dfe41c0
Fix comments about coding styles and test cases
...
Change-Id: I70ebc05e9dd9fa084d7b0ce724a25464c3425e22
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-04-20 07:45:50 +00:00
XiaokangQian
cfd925f3e8
Fix comments and remove hrr related code
...
Change-Id: Iab1fc5415b3b7f7b5bcb0a41a01f4234cc3497d6
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-04-20 07:45:50 +00:00
Paul Elliott
a2da9c7e45
Merge pull request #5631 from gstrauss/enum-tls-vers
...
Unify internal/external TLS protocol version enums
2022-04-19 17:05:26 +01:00
Gilles Peskine
f4d70b2944
Merge pull request #5608 from AndrzejKurek/raw-key-agreement-fail
...
Add a test for a raw key agreement failure
2022-04-19 14:00:48 +02:00
Neil Armstrong
655725a624
Unify PSA & non-PSA Verify ext RSA #5 test, and handle different return in pk_rsa_verify_ext_test_vec()
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-04-15 12:00:16 +02:00
Gilles Peskine
6e0f80ab94
Don't try to perform operations when driver support is lacking
...
We test some configurations using drivers where the driver doesn't
support certain hash algorithms, but declares that it supports
compound algorithms that use those hashes. Until this is fixed,
in those configurations, don't try to actually perform operations.
The built-in implementation of asymmetric algorithms that use a
hash internally only dispatch to the internal md module, not to
PSA. Until this is supported, don't try to actually perform
operations when the operation is built-in and the hash isn't.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-15 11:10:14 +02:00
Gilles Peskine
09dc05b880
Merge pull request #5635 from gilles-peskine-arm/psa-test-op-fail
...
PSA: systematically test operation failure
2022-04-15 10:52:47 +02:00
Glenn Strauss
59b0d54ba0
Convert tests to use mbedtls_ssl_conf_(min|max)_tls_version()
...
Replace use of mbedtls_ssl_conf_(min/max)_version()
(PR feedback from @ronald-cron-arm)
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
2022-04-14 15:40:14 -04:00
Glenn Strauss
39e624ca76
Convert tests to use MBEDTLS_SSL_VERSION_TLS1_*
...
(PR feedback from @ronald-cron-arm)
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
2022-04-14 15:40:14 -04:00
Glenn Strauss
e3af4cb72a
mbedtls_ssl_(read|write)_version using tls_version
...
remove use of MBEDTLS_SSL_MINOR_VERSION_*
remove use of MBEDTLS_SSL_MAJOR_VERSION_*
(only remaining use is in tests/suites/test_suite_ssl.data)
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
2022-04-14 15:40:14 -04:00
Glenn Strauss
60bfe60d0f
mbedtls_ssl_ciphersuite_t min_tls_version,max_tls_version
...
Store the TLS version in tls_version instead of major, minor version num
Note: existing application use which accesses the struct member
(using MBEDTLS_PRIVATE) is not compatible, as the struct is now smaller.
Reduce size of mbedtls_ssl_ciphersuite_t
members are defined using integral types instead of enums in
order to pack structure and reduce memory usage by internal
ciphersuite_definitions[]
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
2022-04-14 15:40:12 -04:00
Glenn Strauss
2dfcea2b9d
mbedtls_ssl_config min_tls_version, max_tls_version
...
Store the TLS version in tls_version instead of major, minor version num
Note: existing application use which accesses the struct member
(using MBEDTLS_PRIVATE) is not compatible on little-endian platforms,
but is compatible on big-endian platforms. For systems supporting
only TLSv1.2, the underlying values are the same (=> 3).
New setter functions are more type-safe,
taking argument as enum mbedtls_ssl_protocol_version:
mbedtls_ssl_conf_max_tls_version()
mbedtls_ssl_conf_min_tls_version()
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
2022-04-14 15:39:43 -04:00
Glenn Strauss
da7851c825
Rename mbedtls_ssl_session minor_ver to tls_version
...
Store the TLS version instead of minor version number in tls_version.
Note: struct member size changed from unsigned char to uint16_t
Due to standard structure padding, the structure size does not change
unless alignment is 1-byte (instead of 2-byte or more)
Note: existing application use which accesses the struct member
(using MBEDTLS_PRIVATE) is compatible on little-endian platforms,
but not compatible on big-endian platforms. The enum values for
the lower byte of MBEDTLS_SSL_VERSION_TLS1_2 and of
MBEDTLS_SSL_VERSION_TLS1_3 matches MBEDTLS_SSL_MINOR_VERSION_3 and
MBEDTLS_SSL_MINOR_VERSION_4, respectively.
Note: care has been taken to preserve serialized session format,
which uses only the lower byte of the TLS version.
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
2022-04-14 15:23:57 -04:00
Glenn Strauss
07c641605e
Rename mbedtls_ssl_transform minor_ver to tls_version
...
Store the TLS version in tls_version instead of minor version number.
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
2022-04-14 15:23:54 -04:00
Glenn Strauss
dff84620a0
Unify internal/external TLS protocol version enums
...
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
2022-04-14 13:45:20 -04:00
Neil Armstrong
06baf04870
Initialize PSA to fix move_handshake_to_state when USE_PSA is enabled
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-04-14 16:21:15 +02:00
Neil Armstrong
537e915a6e
Enable DTLS renegotiation, resize_buffers, _serialize_mfl & renegotiate_mfl tests with PSA
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-04-14 15:40:26 +02:00
Neil Armstrong
181fe694ef
Enable handshake_serialization & handshake_fragmentation tests with PSA
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-04-14 15:39:01 +02:00
Neil Armstrong
993eea3362
Enable app_data_tls & app_data_dtls tests with PSA
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-04-14 15:37:23 +02:00
Neil Armstrong
0739336dd2
Enable mbedtls_endpoint_sanity tests with PSA
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-04-14 15:36:17 +02:00
Andrzej Kurek
83e60eef4d
tests: fix bitflip comment
...
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-04-14 08:51:41 -04:00
Neil Armstrong
999930e447
Add RSA PK Wrapped Sign ext tests
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-04-13 14:55:17 +02:00