Commit graph

24003 commits

Author SHA1 Message Date
David Horstmann
f01de145bd Add tests for mbedtls_oid_get_numeric_string()
Signed-off-by: David Horstmann <david.horstmann@arm.com>
2023-02-15 11:45:51 +00:00
Andrzej Kurek
72082dc28e Improve tests/scripts/depends.py code
As suggested by gilles-peskine-arm.

Co-authored-by: Gilles Peskine <gilles.peskine@arm.com>
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2023-02-15 05:20:33 -05:00
Pengyu Lv
10f41444a0 Fix CI failure
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-02-15 16:58:09 +08:00
Jerry Yu
64e5d4a2cd Replace error output with target pragma if possible
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-02-15 11:58:48 +08:00
Jerry Yu
35f2b26fd8 move cpu modifier flags check to source file
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-02-15 11:58:48 +08:00
Pengyu Lv
c36743f4e0 Only check files known to git
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-02-15 10:20:40 +08:00
Gilles Peskine
edc6ae9578
Merge pull request #7090 from paul-elliott-arm/fix_iar_warnings_dev
Fix IAR Warnings
2023-02-14 20:01:00 +01:00
Gilles Peskine
c5e2a4fe67
Merge pull request #6937 from valeriosetti/issue6886
Add test for PK parsing of keys using compressed points
2023-02-14 19:54:29 +01:00
Gilles Peskine
4386cf188d Changelog entry for pacifying clang -Wdocumentation about \retval
Fixes #6960

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-02-14 19:26:56 +01:00
Gilles Peskine
ed73355d2e Make \retval commands non-empty
Pacify Clang >=15 which complained:
```
include/psa/crypto.h:91:23: error: empty paragraph passed to '\retval' command [-Werror,-Wdocumentation]
 * \retval #PSA_SUCCESS
   ~~~~~~~~~~~~~~~~~~~^
```

This commit performs the following systematic replacement:
```
perl -i -0777 -p -e 's/([\\@])(retval +\S+)\n(?! *\*? *([^\n \\*\/]|\\[cp]\b))/$1$2 ${1}emptydescription\n/g' $(git ls-files '*.[hc]' '*.function' '*.jinja')
```
i.e. add an `\emptydescription` argument to `\retval` commands (or
`@retval`, which we don't normally used) that are followed by a single word,
unless the next line looks like it contains text which would be the
description.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-02-14 19:21:09 +01:00
Gilles Peskine
8ea7d85851 Define a workaround for empty \retval description
Since Clang 15, `clang -Wdocumentation` warns about an empty description in
a Doxygen `\retval` command:

```
include/psa/crypto.h:91:23: error: empty paragraph passed to '\retval' command [-Werror,-Wdocumentation]
 * \retval #PSA_SUCCESS
   ~~~~~~~~~~~~~~~~~~~^
```

Ideally `\retval` directives should have a description that describes the
precise meaning of the return value, but we commonly use an empty
description when the return value is a status code and the status code's
description is sufficient documentation.

As a workaround, define a Doxygen command `\emptydescription` that we can
use to make the description source code non-empty, without changing the
appearance. Using the command will be done in a subsequent commit.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-02-14 19:15:40 +01:00
David Horstmann
c7f700c795 Fix incorrect printing of OIDs
The first 2 components of an OID are combined together into the same
subidentifier via the formula:

subidentifier = (component1 * 40) + component2

The current code extracts component1 and component2 using division and
modulo as one would expect. However, there is a subtlety in the
specification[1]:

>This packing of the first two object identifier components recognizes
>that only three values are allocated from the root node, and at most
>39 subsequent values from nodes reached by X = 0 and X = 1.

If the root node (component1) is 2, the subsequent node (component2)
may be greater than 38. For example, the following are real OIDs:
* 2.40.0.25, UPU standard S25
* 2.49.0.0.826.0, Met Office
* 2.999, Allocated example OID

This has 2 implications that the current parsing code does not take
account of:
1. The second component may be > 39, so (subidentifier % 40) is not
correct in all circumstances.
2. The first subidentifier (containing the first 2 components) may be
more than one byte long. Currently we assume it is just 1 byte.

Improve parsing code to deal with these cases correctly.

[1] Rec. ITU-T X.690 (02/2021), 8.19.4

Signed-off-by: David Horstmann <david.horstmann@arm.com>
2023-02-14 17:00:25 +00:00
Gabor Mezei
0b4b8e3c5e
Update documentation
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2023-02-14 16:36:38 +01:00
Andrzej Kurek
570a0f808b Move to DER certificates for new x509 tests
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2023-02-14 05:52:49 -05:00
Dave Rodgman
319a5675db
Merge pull request #7084 from daverodgman/sizemax-uintmax
Assume SIZE_MAX >= INT_MAX, UINT_MAX
2023-02-14 10:06:22 +00:00
Manuel Pégourié-Gonnard
6b9503a32d
Merge pull request #7064 from valeriosetti/issue6860
driver-only ECDSA: get testing parity in SSL
2023-02-14 09:31:07 +01:00
Ronald Cron
70341c17b7
Merge pull request #6773 from yanrayw/6675-change-early_secrets-to-local
TLS 1.3: Key Generation: Change tls13_early_secrets to local variable
2023-02-14 09:03:32 +01:00
Pengyu Lv
e19b51bc53 Improve readability
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-02-14 10:29:53 +08:00
Paul Elliott
1748de160a Fix IAR Warnings
IAR was warning that conditional execution could bypass initialisation of
variables, although those same variables were not used uninitialised.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2023-02-13 15:35:35 +00:00
Gabor Mezei
a264831cff
Update documentation and add comments
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2023-02-13 16:29:05 +01:00
Andrzej Kurek
3e8f65a7e2 Add a changelog entry for URI SAN parsing
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2023-02-13 10:21:20 -05:00
Andrzej Kurek
50836c4dfb Fix a comment in x509_crt.h
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2023-02-13 10:21:14 -05:00
Andrzej Kurek
4077372b98 Fix SHA requirement for SAN URI tests
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2023-02-13 10:18:17 -05:00
Andrzej Kurek
7a05fab716 Added the uniformResourceIdentifier subtype for the subjectAltName.
Co-authored-by: Hannes Tschofenig <hannes.tschofenig@arm.com>
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2023-02-13 10:03:07 -05:00
Valerio Setti
1b08d421a7 test: fix: replace CAN_ECDSA_SOME with CAN_ECDSA_SIGN+CAN_ECDSA_VERIFY when both are needed
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-02-13 15:35:37 +01:00
Valerio Setti
16f02e0196 test: adjust include after PK_CAN_ECDSA_SOME was moved
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-02-13 15:35:37 +01:00
Valerio Setti
d928aeb9ac test_suite_ssl: use new macros for ECDSA capabilities
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-02-13 15:35:37 +01:00
Valerio Setti
ed02bb1f95 test_suite_debug: replace ECDSA_C with new ECDSA macros
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-02-13 15:35:37 +01:00
Valerio Setti
5dc6867f7e test: don't skip debug and ssl suites in test parity for driver only ECDSA
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-02-13 15:35:37 +01:00
Manuel Pégourié-Gonnard
d3d8c852a0
Merge pull request #6997 from valeriosetti/issue6858
driver-only ECDSA: get testing parity in X.509
2023-02-13 15:30:06 +01:00
Gabor Mezei
5c9f401e47
Add more test cases
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2023-02-13 14:15:08 +01:00
Gabor Mezei
23d4b8baee
Add check for test
Check the bit length of the output of p192_raw.

Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2023-02-13 14:13:33 +01:00
Gabor Mezei
a9d82dd0a2
Keep the description in one place, just refer it
Delete the duplicated file description and refer to the original one
in generate_bignum_tests.py.

Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2023-02-13 14:10:23 +01:00
Valerio Setti
178b5bdddf pk: move MBEDTLS_PK_CAN_ECDSA_SOME macro to pk.h and fix tests
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-02-13 11:15:06 +01:00
Jerry Yu
b2783f66b5 fix typo issue
The error message is wrong

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-02-13 18:03:25 +08:00
Valerio Setti
a119cb64ef test: remove redundant ECDSA_C dependencies from test_suite_x509parse.data
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-02-13 09:54:49 +01:00
Manuel Pégourié-Gonnard
daa65956c3
Merge pull request #7046 from mpg/cleanup-md-tests
Clean up MD tests
2023-02-13 09:51:28 +01:00
Janos Follath
1e4abae73e
Merge pull request #7048 from KloolK/record-size-limit/extend-test-framework
Extend test framework for Record Size Limit Extension
2023-02-13 08:17:12 +00:00
Gilles Peskine
a9d39c42e9
Merge pull request #7085 from sergio-nsk/patch-1
Fix unreachable code compiler warning in psa_crypto_driver_wrappers.c
2023-02-12 23:56:32 +01:00
Dave Rodgman
641288bc1e Restore test guards
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-02-11 22:02:04 +00:00
Dave Rodgman
91e832168f Restore more test guards
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-02-11 20:07:43 +00:00
Dave Rodgman
a476363042 Restore more test guards
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-02-11 18:36:23 +00:00
Dave Rodgman
d26d7445b8 Restore guards on a couple of tests
These tests check for failures, but can only fail where SIZE_MAX
exceeds some limit (UINT_MAX or UINT32_MAX) and do not fail
in this way otherwise - so guards are needed.

Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-02-11 17:22:03 +00:00
Sergey
c36c14c7af
Update psa_crypto_driver_wrappers.c.jinja
Signed-off-by: Sergey <sergio_nsk@yahoo.de>
2023-02-10 14:14:00 -07:00
Dave Rodgman
ab1f3c153a
Merge pull request #7081 from tom-cosgrove-arm/dont-use-lstrlenW 2023-02-10 20:50:07 +00:00
Dave Rodgman
54647737f6 Add checks to selftest
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-02-10 16:16:17 +00:00
Dave Rodgman
4a5c9ee7f2 Remove redundant SIZE_MAX guards
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-02-10 16:03:44 +00:00
Dave Rodgman
37296a413a Document SIZE_MAX requirement in README.md
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-02-10 15:39:22 +00:00
Valerio Setti
78f79d323d ecp: add documentation for compressed points limitations
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-02-10 16:32:58 +01:00
Valerio Setti
25fd51f4af test: add missing include in test_suite_x509parse
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-02-10 15:21:40 +01:00