yuzu-emu/mbedtls
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
19504 commits 1 branch 0 tags 94 MiB
Commit graph

6466 commits

Author SHA1 Message Date
Przemyslaw Stekiel
aeaa4f0651 Code optimization 
- fix codding style
- fix comments and descriptions
- add helper function for montgomery curve
- move N-2 calculation outside the loop
- fix access to <data> bytes: *data[x] -> (*data)[x]

Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-02-22 13:35:27 +01:00
Przemyslaw Stekiel
f6c2c87492 Fix ECC derivation tests 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-02-22 13:35:27 +01:00
Przemyslaw Stekiel
7b6e61a132 Add test vectors for ECC key excercise 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-02-22 13:35:26 +01:00
Przemyslaw Stekiel
50fcc535e5 Add Weierstrass curve/bits consistancy check + negative test vectors 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-02-22 13:35:26 +01:00
Przemyslaw Stekiel
02cf12ff92 Enable tests for Montgomery curves 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-02-22 13:35:26 +01:00
Przemyslaw Stekiel
8590f3b5ff Enable related test vectors 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-02-22 13:35:26 +01:00
Przemyslaw Stekiel
696b120650 Add tests for ECC key derivation 
Test code and test vectors are taken from PR #5218

Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-02-22 13:35:26 +01:00
Przemyslaw Stekiel
ab80c0cd6c test_psa_compliance.py: checkout fix-pr-5139 tag 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-02-22 13:35:26 +01:00
Neil Armstrong
66a479f8fb Add Cipher Decrypt Fail multi-part case 
Make `PSA symetric decrypt: CCM*-no-tag, input too short (15 bytes)`
depend on MBEDTLS_CCM_C otherwise the multi-part test fails on
the missing CCM* instead on the input length validity for CCM*.

Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-02-22 10:56:18 +01:00
Neil Armstrong
d8dba4e0aa Add Cipher Encrypt Fail multi-part case 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-02-22 10:56:18 +01:00
Neil Armstrong
3ee335dbe3 Add Cipher Encrypt multi-part case 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-02-22 10:56:18 +01:00
Neil Armstrong
752d811015 Add AEAD Key Policy check multi-part cases 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-02-22 10:56:18 +01:00
Neil Armstrong
78aeaf8ad7 Add Cipher Key Policy check one-shot cases 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-02-22 10:56:18 +01:00
Neil Armstrong
3af9b97a29 Add Multipart Message authentication Compute & Verify cases 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-02-22 10:56:18 +01:00
Neil Armstrong
ca30a00aad Add Multipart Hash Compute & Compare tests 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-02-22 10:56:18 +01:00
Neil Armstrong
55a1be1f48 Add Multipart Hash Compare fail tests 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-02-22 10:56:18 +01:00
Neil Armstrong
161ec5c368 Add Multipart Hash Compute fail tests 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-02-22 10:56:18 +01:00
Neil Armstrong
edb20865c7 Add One-Shot Hash setup test 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-02-22 10:56:18 +01:00
Jerry Yu
ccb005e35f fix missing feedback address 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-02-22 17:38:34 +08:00
Przemyslaw Stekiel
d9fa99917e Extend test coverage for transparent driver decryption. 
Encryption is not deterministic and can not be verified by a know-answer test.
Encryption is already verified via encrypt-decrypt test.

Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-02-22 09:36:35 +01:00
Jerry Yu
819f29730a fix various issues in ssl-opt 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-02-22 10:17:58 +08:00
Jerry Yu
2124d05e06 Add sha384 and sha512 case 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-02-22 10:17:58 +08:00
Jerry Yu
d66409ae92 Add non support sig alg check and test 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-02-22 10:17:58 +08:00
Jerry Yu
562a0fddf0 Add client version check 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-02-22 10:17:58 +08:00
Jerry Yu
6c3d821ff1 update ssl-opt test cases 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-02-22 10:17:58 +08:00
Jerry Yu
46b53b9920 remove duplicate test 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-02-22 10:17:58 +08:00
Jerry Yu
4bfa22aeb3 remove useless config option 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-02-22 10:17:58 +08:00
Jerry Yu
42ea733fdc remove RSA not found test 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-02-22 10:17:58 +08:00
Jerry Yu
7db5b8f68c add rsa_pss_rsae_sha256 write support 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-02-22 10:17:58 +08:00
Jerry Yu
37987ddd0f Add test cases 
Add test cases for different sig algs.
Known issue is rsa_pss_rsae_sha256 fail

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-02-22 10:17:58 +08:00
Jerry Yu
ca133a34c5 Change state machine 
Skip CertificateVerfiy if empty certificate or no
CertificateRequest received.

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-02-22 10:17:58 +08:00
Jerry Yu
22abd06cd0 Add rsa key check 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-02-22 10:17:58 +08:00
Jerry Yu
aa6214a571 add empty client certificate tests 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-02-22 10:17:58 +08:00
Jerry Yu
c19884f487 change expect exit value 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-02-22 10:17:58 +08:00
Jerry Yu
25e0ddcf47 Add client certificate file 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-02-22 10:17:58 +08:00
Jerry Yu
200b47b8f5 Add more tests for CertificateRequest 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-02-22 10:17:58 +08:00
Jerry Yu
960bc28bcc Add tests for no middlebox mode 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-02-22 10:17:57 +08:00
Ronald Cron
4579a972bf
Merge pull request #5426 from gilles-peskine-arm/ssl-get-version-3.1 
Add accessors to mbedtls_ssl_context: user data, version
ABI-API-checking fails which was expected as this PR adds a new field in mbedtls_ssl_context and mbedtls_ssl_config.
 2022-02-21 17:03:24 +01:00
Manuel Pégourié-Gonnard
e3a2dd787e
Merge pull request #5521 from AndrzejKurek/rsa-pss-use-psa 
Make RSA-PSS verification use PSA with MBEDTLS_USE_PSA_CRYPTO
 2022-02-21 16:58:57 +01:00
Gabor Mezei
4fded1359a
Use PSA_INIT() 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2022-02-21 15:47:24 +01:00
Gabor Mezei
c5efb8e58b
Use PSA error code 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2022-02-21 15:46:38 +01:00
Gabor Mezei
5d7d201b87
Update test 
Testing the hash length in this context is not applicable because there is no way
to specify it when calling mbedtls_psa_hkdf_extract.
Change to test invalid `alg` parameter.

Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2022-02-21 15:46:33 +01:00
Gabor Mezei
ebc9368173
typo 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2022-02-21 15:44:51 +01:00
Gabor Mezei
298a2d6109
Use ASSERT_ALLOC 
Change the calloc functions to ASSERT_ALLOC to check the
return value of calloc as well.

Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2022-02-21 15:43:52 +01:00
Gabor Mezei
62bf024025
Make the mbedtls_psa_hkdf_extract function more PSA compatible 
Change the return value to `psa_status_t`.
Add `prk_size` and `prk_len` parameters.

Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2022-02-21 15:42:57 +01:00
Gabor Mezei
73cb6f54de
Add tests for mbedtls_psa_hkdf_extrct 
The tests are based on the the test of mbedtls_hkdf_extract.

Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2022-02-21 15:41:42 +01:00
Gilles Peskine
860429f8af Add version number debug check to the GnuTLS interop test as well 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-02-21 15:14:02 +01:00
Gilles Peskine
49d7ddf7f3 Serializing a context does not save the user data 
The user data is typically a pointer to a data structure or a handle which
may no longer be valid after the session is restored. If the user data needs
to be preserved, let the application do it. This way, it is a conscious
decision for the application to save/restore either the pointer/handle
itself or the object it refers to.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-02-21 15:14:01 +01:00
Gilles Peskine
80dae04f24 Make user_data fields private 
Add accessor functions.

Add unit tests for the accessor functions.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-02-21 15:14:01 +01:00
Gilles Peskine
c63a1e0e15 Fix mbedtls_ssl_get_version() for TLSv1.3 
Test it in ssl-opt.sh.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-02-21 15:14:01 +01:00
Gilles Peskine
1255b0de98 Positive unit testing for SSL context version functions 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-02-21 15:14:01 +01:00
Paul Elliott
436b72690d
Merge pull request #5362 from yuhaoth/pr/enable-tls13-only-build 
TLS1.3:Enable tls13 only build
 2022-02-21 11:22:37 +00:00
Thomas Daubney
4901978308 Modifies data files to match new test function name 
This commit alters the relevant .data files
such that the new function name change of check_iv
to iv_len_validity is relfected there.

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
 2022-02-21 09:57:51 +00:00
Tom Cosgrove
f3ebd90a1c SECLIB-667: Accelerate SHA-256 with A64 crypto extensions 
Provide an additional pair of #defines, MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT
and MBEDTLS_SHA256_USE_A64_CRYPTO_ONLY. At most one of them may be
specified. If used, it is necessary to compile with -march=armv8-a+crypto.

The MBEDTLS_SHA256_PROCESS_ALT and MBEDTLS_SHA256_ALT mechanisms
continue to work, and are mutually exclusive with A64_CRYPTO.

There should be minimal code size impact if no A64_CRYPTO option is set.

Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
 2022-02-21 08:37:26 +00:00
Manuel Pégourié-Gonnard
9b545c04f7
Merge pull request #5520 from gabor-mezei-arm/5402_implement_hkdf_expand_based_on_psa_hmac 
HKDF 1b: Implement Expand in TLS 1.3 based on PSA HMAC
 2022-02-21 09:30:31 +01:00
Jerry Yu
baa4934e7b Add check tests 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-02-21 09:06:00 +08:00
Jerry Yu
53d23e2c95 Guards tls_prf functions with TLS1_2 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-02-21 09:06:00 +08:00
Jerry Yu
6331909d12 remove ifndef guard 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-02-21 09:06:00 +08:00
Jerry Yu
81d5e1feca fix various issues 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-02-21 09:06:00 +08:00
Jerry Yu
da5af22015 tls13_only: add tls13_only test component 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-02-21 09:06:00 +08:00
Jerry Yu
ab08290c09 tls13_only: skip tls12 tests. 
TLS1.2 test depends on MBEDTLS_SSL_PROTO_TLS1_2. Skip
them if it is not set

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-02-21 09:06:00 +08:00
Jerry Yu
8a497205cc tls13_only: tls 1.3 suite pass 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-02-21 09:06:00 +08:00
Jerry Yu
c10f6b4735 tls13_only: simple test pass 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-02-21 09:06:00 +08:00
Thomas Daubney
5dcbc4d326 Changes name of iv_check to iv_len_validity 
Commit changes name of check_iv to
iv_len_validity as this seems to better describe
its functionality.

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
 2022-02-17 21:30:25 +00:00
Thomas Daubney
0bd08e7ac0 Initialise buffer before use 
Commit initialises buf before it is used.

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
 2022-02-17 21:30:25 +00:00
Gabor Mezei
cbe5ba500a
Add tests for mbedtls_psa_hkdf_expand 
Add test cases which test psa_import_key and psa_mac_sign_setup
function call if they return error.

Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2022-02-17 17:01:49 +01:00
Thomas Daubney
3a066ec999 Initialise iv buffer before use 
Commit initialises the iv buffer before
it is passed to mbedtls_cipher_set_iv().

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
 2022-02-17 14:00:06 +00:00
Gabor Mezei
8e3602569b
Typo 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2022-02-17 11:50:02 +01:00
Manuel Pégourié-Gonnard
4fa604cc3b
Merge pull request #5511 from SiliconLabs/feature/PSEC-3195-PSA-test-suites-NOT-using-UID-0 
feat: Update test_suite_psa_its to NOT use UID=0
 2022-02-17 11:49:33 +01:00
Manuel Pégourié-Gonnard
3d1f8b9c00
Merge pull request #5532 from ronald-cron-arm/tls13_and_use_psa_crypto 
Make TLS 1.3 compatible with MBEDTLS_USE_PSA_CRYPTO
 2022-02-16 17:33:47 +01:00
Andrzej Kurek
32048a6d92 pk_verify_ext: introduce more tests for signature length mismatches 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-02-16 06:17:00 -05:00
Gabor Mezei
d917081b8b
Typo 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2022-02-15 16:25:27 +01:00
Gabor Mezei
7381242748
Use PSA_INIT() 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2022-02-15 16:24:58 +01:00
Andrzej Kurek
8666df6f18 Add signature length mismatch handling when using PSA in pk_verify_ext 
Introduce a regression test for that too.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-02-15 08:23:02 -05:00
Ronald Cron
a7a1deabf8
Merge pull request #5393 from gilles-peskine-arm/opt-testcases-outcomes-fix 
Fix test suite name reporting of opt-testcases/tls13-compat.sh
 2022-02-15 13:53:10 +01:00
Andrzej Kurek
853ad7bfcf Use macros in tests for PSA init/deinit routines 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-02-15 07:13:03 -05:00
lhuang04
86cacac91a Port ALPN support for tls13 client from tls13-prototype 
Summary:
Port ALPN implementation of tls13 client from
[tls13-prototype](https://github.com/hannestschofenig/mbedtls/blob/tls13-prototype/library/ssl_tls13_client.c#L1124).

Test Plan:

Reviewers:

Subscribers:

Tasks:

Tags:
Signed-off-by: lhuang04 <lhuang04@fb.com>
 2022-02-14 08:03:32 -08:00
Ronald Cron
135427cb35 Run TLS 1.3 tests when MBEDTLS_USE_PSA_CRYPTO is enabled 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-02-11 16:10:44 +01:00
Gilles Peskine
bebeae9428
Merge pull request #5504 from gstrauss/mbedtls_pem_get_der 
Add accessor to get der from mbedtls_pem_context
 2022-02-10 23:56:57 +01:00
Gabor Mezei
b35759ded8
Add tests for mbedtls_psa_hkdf_expand 
The tests are based on the test of mbedtls_hkdf_expand.

Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2022-02-10 10:57:24 +01:00
Glenn Strauss
e328245618 Add test case use of mbedtls_ssl_ticket_rotate 
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
 2022-02-09 14:33:16 -05:00
Andrzej Kurek
7db1b78fff Make RSA-PSS verification use PSA with MBEDTLS_USE_PSA_CRYPTO 
Duplicate a test case but with a different expected error
due to error translation to and from PSA.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-02-09 14:13:44 -05:00
Gabor Mezei
748ab4ae77
Use ASSERT_ALLOC 
Change the calloc functions to ASSERT_ALLOC to check the
return value of calloc as well.

Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2022-02-09 16:31:48 +01:00
Ronald Cron
6ca6faa67e
Merge pull request #5080 from xffbai/add-tls13-read-certificate-request 
add tls1_3 read certificate request
 2022-02-09 09:51:55 +01:00
Manuel Pégourié-Gonnard
1df23b903f Check the result of PEM decoding 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-02-08 14:53:50 -05:00
Manuel Pégourié-Gonnard
33ab075f45 Add success case for pem_read testing 
Currently all cases were negative, so the block that exercised
mbedtls_pem_get_der() would never be reached.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-02-08 14:53:50 -05:00
Glenn Strauss
72bd4e4d6a Add accessor to get buf from mbedtls_pem_context 
Co-authored-by: Gilles Peskine <gilles.peskine@arm.com>
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
 2022-02-08 14:53:46 -05:00
pespacek
443c78eb83 BUGFIX: PSA test vectors use UID 1 instead of 0. 
Test vector to test rejection of uid = 0 was added.

Signed-off-by: pespacek <peter.spacek@silabs.com>
 2022-02-08 15:19:26 +01:00
pespacek
d62e906b1c TEST: added psa_its_set expected failure test 
Signed-off-by: pespacek <peter.spacek@silabs.com>
 2022-02-08 15:19:26 +01:00
Manuel Pégourié-Gonnard
45c5768a74
Merge pull request #5434 from mprse/tls_use_psa 
TLS Cipher: use PSA crypto
 2022-02-08 10:27:25 +01:00
Ronald Cron
6a0b1ef27e
Merge pull request #5282 from AndrzejKurek/import-opaque-driver-wrappers 
Add tests for an opaque import in the driver wrappers
 2022-02-07 11:14:43 +01:00
Manuel Pégourié-Gonnard
d81e774083
Merge pull request #5463 from gilles-peskine-arm/cmake-test-suite-enumeration 
CMake: generate the list of test suites automatically
 2022-02-07 09:48:23 +01:00
Gilles Peskine
827dbd9d35 Remove obsolete calls to if_build_succeeded 
This is now a no-op.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-02-04 00:32:58 +01:00
Gilles Peskine
c1247c0cbb Remove obsolete variable restoration or unset at the end of a component 
This is no longer useful now that components run in a subshell.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-02-04 00:32:58 +01:00
Gilles Peskine
3bc3409edf Remove obsolete cd at the end of a component 
This is no longer useful now that components run in a subshell.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-02-04 00:32:58 +01:00
Gilles Peskine
a300099246 Stop CMake out of source tests running on 16.04 (continued) 
The race condition mentioned in the previous commit
"Stop CMake out of source tests running on 16.04"
has also been observed with test_cmake_as_subdirectory and can presumably
happen with test_cmake_as_package and test_cmake_as_package_install as well.
So skip all of these components on Ubuntu 16.04.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-02-04 00:32:58 +01:00
Andrzej Kurek
59469d7c64 Test driver: keep variable declarations first 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-02-03 10:30:30 -05:00
Andrzej Kurek
ba4cadef14 Test drivers: rename import call source to driver location 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-02-03 10:27:01 -05:00
Andrzej Kurek
333e0fac1d Formatting and documentation fixes 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-02-03 09:42:47 -05:00
Przemyslaw Stekiel
5648d577a4 Optimize psa_cipher_encrypt_helper() 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-02-03 14:55:24 +01:00
Przemyslaw Stekiel
8c010eb467 Fix comments, code style, remove debug code 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-02-03 14:55:24 +01:00
Manuel Pégourié-Gonnard
6f20595b6e
Merge pull request #5462 from gilles-peskine-arm/ssl-test-pkey-message-clarity 
Clarify key types message from ssl_client2 and ssl_server2
 2022-02-03 11:33:03 +01:00
Przemyslaw Stekiel
d66387f8fa Init psa status to PSA_ERROR_CORRUPTION_DETECTED 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-02-03 09:16:41 +01:00
Przemyslaw Stekiel
f4facef9ba Adapt ssl_decrypt_non_etm_cbc() test for psa crypto and remove redundant test cases 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-02-03 09:16:41 +01:00
Przemyslaw Stekiel
dbd4882cd5 test_driver_rsa.c: Fix comment 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-02-02 11:42:18 +01:00
Przemyslaw Stekiel
4576b91148 Compact the argument lists 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-02-02 11:10:46 +01:00
Manuel Pégourié-Gonnard
1ab2d6966c
Merge pull request #5385 from AndrzejKurek/use-psa-crypto-reduced-configs 
Resolve problems with reduced configs using USE_PSA_CRYPTO
 2022-02-02 10:20:26 +01:00
Przemyslaw Stekiel
77aec8d181 Rename ssl_psa_status_to_mbedtls->psa_ssl_status_to_mbedtls 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-01-31 20:22:53 +01:00
Przemyslaw Stekiel
89dad93a78 Rename psa_status_to_mbedtls->ssl_psa_status_to_mbedtls and add conversion for PSA_ERROR_INVALID_SIGNATURE 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-01-31 15:39:24 +01:00
Przemyslaw Stekiel
2cb59df939 ssl-opt.sh: remove cipher context assertions (redundant when psa crypto is enabled) 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-01-31 15:39:24 +01:00
Przemyslaw Stekiel
4a36dd3da6 ssl test ssl_decrypt_non_etm_cbc(): add missing ret check 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-01-31 15:38:29 +01:00
Przemyslaw Stekiel
f4ca3f0e52 ssl test build_transforms(): in psa mode distinguish encrypt/decrypt keys 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-01-31 15:38:29 +01:00
Przemyslaw Stekiel
f57b45660d Rename tls_mbedtls_cipher_to_psa() to be consistent with function naming convention. 
New function name:  mbedtls_ssl_cipher_to_psa().

Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-01-31 15:38:29 +01:00
Przemyslaw Stekiel
f4b3f087ae test_suite_ssl.data: remove redundant test cases(short tag + GCM) 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-01-31 15:38:29 +01:00
Przemyslaw Stekiel
5b2de0c35c test_suite_ssl.data: remove redundant test cases 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-01-31 15:38:29 +01:00
Przemyslaw Stekiel
93cf4eea67 Adapt test_suite_ssl for psa crypto 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-01-31 15:38:29 +01:00
Mircea Udrea
657ff4fd09 Fix AEAD multipart incorrect offset in test_suite_psa_crypto.function 
When working with block cipher modes like GCM(PSA_ALG_IS_AEAD_ON_BLOCK_CIPHER),
aead_multipart_internal_func() should calculate the offset in output buffer
based on output_length, not using the offset of the input buffer(part_offset).

Signed-off-by: Mircea Udrea <mircea.udrea@silexinsight.com>
 2022-01-31 13:51:56 +01:00
XiaokangQian
a909061c2a Refine HRR parse successfully message in test cases 
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-01-27 03:48:27 +00:00
XiaokangQian
7bae3b616c Add more ciphersuites into test cases for hrr 
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-01-26 10:53:15 +00:00
XiaokangQian
355e09ae9d Change code base on comments 
Change functions name
Change some comments
Improve hrr test case for gnutls

Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-01-26 10:53:15 +00:00
XiaokangQian
78b1fa7e81 Update code base on comments 
Move reset transcript for hrr to generic
Reset SHA256 or SHA384 other than both
Rename message layer reset
Add check log for hrr parse successfully

Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-01-26 10:53:15 +00:00
XiaokangQian
6db08dd2cb Change ssl-opt.sh to make hrr tests pass 
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-01-26 10:51:13 +00:00
XiaokangQian
0b56a8f85c Replace curve_list with group_list and add update test scripts 
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-01-26 10:51:13 +00:00
Xiaofei Bai
69fcd39774 Update CertificateRequest tests and the parsing function 
Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com>
 2022-01-26 09:32:29 +00:00
Xiaofei Bai
5d8598e090 update certificate request tests 
Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com>
 2022-01-26 09:31:54 +00:00
Gilles Peskine
a18fb9d9ac Fix string/regexp backslash escapes 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-01-25 23:24:34 +01:00
Gilles Peskine
cd55fe02ef Remove accidental use of a feature that doesn't exist in CMake 3.5 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-01-25 23:13:49 +01:00
Gilles Peskine
29080e8e6a CMake: generate the list of test suites automatically 
We keep forgetting to register new test suites in tests/CMakeLists.txt. To
fix this problem once and for all, remove the need for manual registration.

The following test suites were missing:
  test_suite_cipher.aria
  test_suite_psa_crypto_driver_wrappers
  test_suite_psa_crypto_generate_key.generated

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-01-25 22:36:12 +01:00
Gilles Peskine
05bf89da34 Clarify key types message from ssl_client2 and ssl_server2 
If no key is loaded in a slot, say "none", not "invalid PK".

When listing two key types, use punctuation that's visibly a sequence
separator (",").

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-01-25 17:50:25 +01:00
Gilles Peskine
c6753a6c90
Merge pull request #5363 from AndrzejKurek/clarify-testing-set-nonce-set-lengths 
PSA AEAD: extend testing of set_nonce + set_lengths
 2022-01-25 17:02:26 +01:00
Manuel Pégourié-Gonnard
24479b3185
Merge pull request #5395 from gilles-peskine-arm/ssl-opt-self-signed-positive 
Add positive test case with self-signed certificates
 2022-01-25 12:53:56 +01:00
Manuel Pégourié-Gonnard
fcca7cfa97
Merge pull request #5428 from gstrauss/mbedtls_ssl_ciphersuite 
Add accessors for ciphersuite info
 2022-01-24 11:13:31 +01:00
Manuel Pégourié-Gonnard
ff743a7f38
Merge pull request #5425 from gabor-mezei-arm/5181_tls_cipher_extend_testing_of_tickets 
TLS Cipher 1a: extend testing of tickets
 2022-01-24 10:25:29 +01:00
Glenn Strauss
6eef56392a Add tests for accessors for ciphersuite info 
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
 2022-01-23 08:37:02 -05:00
Gilles Peskine
6d6d93ea4a
Merge pull request #5350 from AndrzejKurek/psa-aead-invalid-tag-lengths-setup 
Detect invalid tag lengths in psa_aead_setup
 2022-01-21 21:46:37 +01:00
Gilles Peskine
c191addc8b
Merge pull request #5267 from mprse/mac_multipart 
Extend driver dispatch tests for MAC multipart
 2022-01-21 21:46:25 +01:00
Gilles Peskine
fe271b9c92
Merge pull request #5253 from AndrzejKurek/chacha-iv-len-16-fixes 
Return an error from `mbedtls_cipher_set_iv` for an invalid IV length with ChaCha20 and ChaCha20+Poly
 2022-01-21 21:46:08 +01:00
Przemyslaw Stekiel
daaf38b178 Remove multipart part from mac_verify test case 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-01-21 09:37:49 +01:00
Przemyslaw Stekiel
6ec59f817f Add mac_verify_multipart test case + test data 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-01-21 09:37:49 +01:00
Przemyslaw Stekiel
1af1983352 Remove multipart part from mac_sign test case 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-01-21 09:37:49 +01:00
Przemyslaw Stekiel
f47b8d39a4 Add mac_sign_multipart test case + test data 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-01-21 09:37:49 +01:00
Andrzej Kurek
f881601c91 Detect invalid tag lengths in psa_aead_setup 
Read tag lengths from the driver and validate against preset values.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-01-20 07:40:12 -05:00
Andrzej Kurek
031df4a93a Clarify test descriptions 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-01-19 12:44:49 -05:00
Andrzej Kurek
e5f94fb556 PSA AEAD: test long plaintext lengths for psa_set_lengths 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-01-19 12:36:50 -05:00
Andrzej Kurek
1e8e1745a8 PSA AEAD: test more combinations of set_nonce and set_lengths 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-01-19 12:36:50 -05:00
Andrzej Kurek
a2ce72e5bf Test calling psa_aead_set_lengths and set_nonce in various order 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-01-19 12:36:50 -05:00
Andrzej Kurek
01005b90b5 Restructure test-ref-configs to test with USE_PSA_CRYPTO turned on 
Run some of the test configs twice, enabling MBEDTLS_USE_PSA_CRYPTO
and MBEDTLS_PSA_CRYPTO_C in one of the runs.
Add relevant comments in these configs.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-01-19 12:34:41 -05:00
Andrzej Kurek
77b8e098f9 Add missing MBEDTLS_ASN1_WRITE_C dependency in test_suite_psa_crypto 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-01-19 12:34:23 -05:00
Andrzej Kurek
ad2b8b5c3c Fix a dependence in chacha cipher test suite 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-01-19 07:35:27 -05:00
Andrzej Kurek
ee8b57ffa6 Add missing dependency on MBEDTLS_GCM_C in cipher tests 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-01-19 07:08:27 -05:00
Andrzej Kurek
57d2f13ebc Mark unused variable in tests for cases with reduced configs 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-01-19 07:08:27 -05:00
Manuel Pégourié-Gonnard
d2da19b8eb
Merge pull request #5380 from AndrzejKurek/key-id-encodes-owner-psa-fixes 
Make KEY_ID_ENCODES_OWNER compatible with USE_PSA_CRYPTO
 2022-01-18 09:16:25 +01:00
Manuel Pégourié-Gonnard
a15503fcdd
Merge pull request #5344 from AndrzejKurek/psa-aead-more-generate-nonce-combinations 
PSA AEAD: test more combinations of generate_nonce and set_lengths
 2022-01-17 13:12:04 +01:00
Ronald Cron
188ed19456
Merge pull request #5351 from yuhaoth/pr/remove-duplicate-supported_group_ext 
Remove duplicate function for writing supported_groups extension
 2022-01-17 09:13:14 +01:00
Andrzej Kurek
b9fbc11e2c Dynamically allocate iv in dec_empty_buf tests 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-01-14 16:31:54 +01:00
Andrzej Kurek
8be8e4a524 Add a missing test case to ChaCha20 tests - decrypt empty buffer 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-01-14 16:31:54 +01:00
Andrzej Kurek
63439eda62 Return an error for IV lengths other than 12 with ChaCha20+Poly1305 
The implementation was silently overwriting the IV length to 12
even though the caller passed a different value.
Change the behavior to signal that a different length is not supported.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-01-14 16:31:54 +01:00
Andrzej Kurek
33ca6af8a3 Return an error for IV lengths other than 12 with ChaCha20 
The implementation was silently overwriting the IV length to 12
even though the caller passed a different value.
Change the behavior to signal that a different length is not supported.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-01-14 16:31:54 +01:00
Gabor Mezei
6e5aae63f8
Add tests for ticket_aead option 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2022-01-12 16:29:58 +01:00
Przemyslaw Stekiel
2ce7c9c5dc test_driver_rsa.c: fix include file name 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-01-10 12:55:06 +01:00
Przemyslaw Stekiel
2d18c7e9bf Move driver asymetric encrypt/decript declarations to asym.h 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-01-10 12:55:06 +01:00
Przemyslaw Stekiel
0c8e0d0c30 driver tests: fix duplicated test names 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-01-10 12:55:06 +01:00
Przemyslaw Stekiel
0a875ef2d7 Add driver PSA_ALG_RSA_OAEP tests for asymmetric encrypt/decrypt 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-01-10 12:55:06 +01:00
Przemyslaw Stekiel
eed991bf4e Add driver dispatch tests for RSA message verify 
Tested algs:
PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256)
PSA_ALG_RSA_PSS(PSA_ALG_SHA_256)
PSA_ALG_RSA_PSS_ANY_SALT(PSA_ALG_SHA_256)

Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-01-10 12:55:06 +01:00
Przemyslaw Stekiel
66ed8d680f Add driver dispatch tests for RSA message sign 
Tested algs:
PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256)

Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-01-10 12:55:06 +01:00
Przemyslaw Stekiel
d06e927325 Add driver dispatch tests for RSA hash verify 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-01-10 12:55:06 +01:00
Przemyslaw Stekiel
9b52a15872 Add driver dispatch tests for RSA hash sign 
Tested key types:
PSA_ALG_RSA_PKCS1V15_SIGN_RAW
PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256)

Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-01-10 12:55:06 +01:00
Przemyslaw Stekiel
de13365cf6 test_suite_psa_crypto_driver_wrappers.function: trim trailing whitespace 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-01-10 12:55:06 +01:00
Przemyslaw Stekiel
06a9fee67d Add driver tests for asymmetric encrypt/decrypt 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-01-10 12:55:06 +01:00
Przemyslaw Stekiel
71284eabdb psa_asymmetric_decrypt: add test driver impl 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-01-10 12:55:06 +01:00
Przemyslaw Stekiel
b6a6650a64 psa_asymmetric_encrypt: add test driver impl 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-01-10 12:55:05 +01:00
Gilles Peskine
e1cc60eca9 Add positive test case with self-signed certificates 
Add a positive test case where both the client and the server require
authentication and both use a non-CA self-signed certificate.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-01-07 23:10:56 +01:00
Bence Szépkúti
08f34656cb Return the same error in multipart and single shot AEAD 
psa_aead_encrypt_setup() and psa_aead_decrypt_setup() were returning
PSA_ERROR_INVALID_ARGUMENT, while the same failed checks were producing
PSA_ERROR_NOT_SUPPORTED if they happened in psa_aead_encrypt() or
psa_aead_decrypt().

The PSA Crypto API 1.1 spec will specify PSA_ERROR_INVALID_ARGUMENT
in the case that the supplied algorithm is not an AEAD one.

Also move these shared checks to a helper function, to reduce code
duplication and ensure that the functions remain in sync.

Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
 2022-01-07 19:36:07 +01:00
Gilles Peskine
7e09105192 New option to list all test cases 
Occasionally useful for diagnosing issues with test reports.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-01-07 18:34:12 +01:00
Gilles Peskine
686c292e8a Move collect_available_test_cases to check_test_cases.py 
No behavior change.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-01-07 18:34:12 +01:00
Gilles Peskine
5eb2b02862 Report correct test suite names for opt-testcases/* in outcome file 
In the outcome file, report each test case in the file it's in, rather than
reporting them all from ssl-opt. This is more informative and matches what
check_test_cases.py does.

This fixes a bug whereby test cases from opt-testcases/* were not detected
as having run on the CI, because analyze_outcomes.py (which uses
check_test_cases.py) expects them in the containing file whereas they were
reported in ssl-opt.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-01-07 18:34:12 +01:00
Gilles Peskine
2baaf60c5d Don't error out if no opt-testcases/*.sh is found 
This can happen in an insufficiently populated out-of-tree build.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-01-07 15:46:12 +01:00
Bence Szépkúti
bac671cd23 Fix the multipart AEAD compliance tests 
Update the fork of the compliance test suite, and remove the multipart
AEAD tests from the expected failures list.

Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
 2022-01-06 15:46:17 +01:00
Andrzej Kurek
dc137252a1 Add tests for an opaque import in the driver wrappers 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-01-03 14:26:50 +01:00
Andrzej Kurek
03e01461ad Make KEY_ID_ENCODES_OWNER compatible with USE_PSA_CRYPTO 
Fix library references, tests and programs.
Testing is performed in the already present all.sh test.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-01-03 12:53:24 +01:00
Max Fillinger
0bb38336a5 Add function to get md info from md context 
Signed-off-by: Max Fillinger <max@max-fillinger.net>
 2021-12-28 16:32:00 +01:00
Jerry Yu
136320ba0b fix ci fail 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2021-12-21 17:09:00 +08:00
Archana
947cf611f2
Jinja2 prerequisite set up on the docker 
Jinja2 rev 2.10.1 is required for the driver wrappers code gen.
The same is set up in the bionic docker file.

Signed-off-by: Archana <archana.madhavan@silabs.com>
 2021-12-18 13:29:10 +05:30
Archana
6f21e45b78
Fix Pylint errors and improve Python script 
Pylint errors are fixed.
The Python script is improved to take default arguments when not
passed (eg invoked from root of the tree)

check-generated-files.sh and CMakeLists.sh updated.

Signed-off-by: Archana <archana.madhavan@silabs.com>
 2021-12-18 13:28:59 +05:30
Dave Rodgman
77d778eee2
Merge branch 'development' into mbedtls-3.1.0_merge_into_release 2021-12-17 10:01:53 +00:00
Dave Rodgman
b8c3301b80 Revert "Add generated files" 
This reverts commit 4e62cbc322.
 2021-12-17 09:44:04 +00:00
Andrzej Kurek
ad83752811 PSA AEAD: test more combinations of generate_nonce and set_lengths 
Extend PSA AEAD testing by adding CCM and ChaChaPoly.
Add more combinations of functions to test the API.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2021-12-15 15:30:29 +01:00
Gilles Peskine
ccbc318fc5 Remove generation of ssl_debug_helpers_generated.h 
It's now under version control and meant to be updated manually.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-12-15 12:55:37 +01:00
Ronald Cron
4e62cbc322 Add generated files 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2021-12-15 09:02:53 +01:00
Ronald Cron
17b1e2f6c3 Bump version to 3.1.0 
Executed ./scripts/bump_version.sh --version 3.1.0 --so-crypto 11 --so-tls 17
+ fix of build_info.h

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2021-12-15 09:02:53 +01:00
Ronald Cron
8188d19b0e Merge branch 'development-restricted' into mbedtls-3.1.0rc-pr 2021-12-14 10:58:18 +01:00
Gilles Peskine
12e27d4c5b List ssl_debug_helpers_generated.h in generated files 
Running `generate_ssl_debug_helpers.py` generates both
`ssl_debug_helpers_generated.c` and `ssl_debug_helpers_generated.h`.

List the `.h` file as well as the `.c` file in `check-generated-files.sh` so
that `check-generated-files.sh -u` will complain if it isn't up to date.

List it in `Makefile` and `CMakeLists.txt` so that parallel builds know when
to wait until the `.h` file is present. In `Makefile`, declare the `.c` file
as depending on the `.h` file for order. This way, a dependency for either
will wait until the `.h` file is present, and since the `.h` file is
generated after the `.c` file, this guarantees that the `.c` file is
present.

This fixes random failures of `make -j` from a fresh checkout.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-12-14 00:19:47 +01:00
Gilles Peskine
a5c18512b9
Merge pull request #5155 from paul-elliott-arm/pcks12_fix 
Fixes for pkcs12 with NULL and/or zero length password
 2021-12-13 14:52:36 +01:00
Paul Elliott
6e7deb1d55 Add expected output for tests 
Expected output generated by OpenSSL (see below) apart from the case
where both password and salt are either NULL or zero length, as OpenSSL
does not support this. For these test cases we have had to use our own
output as that which is expected. Code to generate test cases is as
follows:

 #include <openssl/pkcs12.h>
 #include <openssl/evp.h>
 #include <string.h>

int Keygen_Uni( const char * test_name, unsigned char *pass, int
    passlen, unsigned char *salt,
                    int saltlen, int id, int iter, int n,
                                    unsigned char *out, const EVP_MD
                                    *md_type )
{
   size_t index;

   printf( "%s\n", test_name );

   int ret = PKCS12_key_gen_uni( pass, passlen, salt, saltlen, id, iter,
                                        n, out, md_type );

   if( ret != 1 )
   {
         printf( "Key generation returned %d\n", ret );
      }
   else
   {
         for( index = 0; index < n; ++index )
         {
                  printf( "%02x", out[index] );
               }

         printf( "\n" );
      }

   printf( "\n" );

}

int main(void)
{
   unsigned char out_buf[48];
   unsigned char pass[64];
   int pass_len;
   unsigned char salt[64];
   int salt_len;

   /* If ID=1, then the pseudorandom bits being produced are to be used
      as key material for performing encryption or decryption.

            If ID=2, then the pseudorandom bits being produced are to be
            used as an IV (Initial Value) for encryption or decryption.

                  If ID=3, then the pseudorandom bits being produced are
                  to be used as an integrity key for MACing.
                     */

   int id = 1;
   int iter = 3;

   memset( out_buf, 0, sizeof( out_buf ) );
   memset( pass, 0, sizeof( pass ) );
   memset( salt, 0, sizeof( salt ) );

   Keygen_Uni( "Zero length pass and salt", pass, 0, salt, 0, id, iter,
       sizeof(out_buf),
                      out_buf, EVP_md5( ) );

   memset( out_buf, 0, sizeof( out_buf ) );

   Keygen_Uni( "NULL pass and salt", NULL, 0, NULL, 0, id, iter,
       sizeof(out_buf),
                      out_buf, EVP_md5( ) );

   memset( out_buf, 0, sizeof( out_buf ) );

   salt[0] = 0x01;
   salt[1] = 0x23;
   salt[2] = 0x45;
   salt[3] = 0x67;
   salt[4] = 0x89;
   salt[5] = 0xab;
   salt[6] = 0xcd;
   salt[7] = 0xef;

   Keygen_Uni( "Zero length pass", pass, 0, salt, 8, id, iter,
       sizeof(out_buf),
                      out_buf, EVP_md5( ) );

   memset( out_buf, 0, sizeof( out_buf ) );

   Keygen_Uni( "NULL pass", NULL, 0, salt, 8, id, iter, sizeof(out_buf),
                      out_buf, EVP_md5( ) );

   memset( out_buf, 0, sizeof( out_buf ) );
   memset( salt, 0, sizeof( salt ) );

   pass[0] = 0x01;
   pass[1] = 0x23;
   pass[2] = 0x45;
   pass[3] = 0x67;
   pass[4] = 0x89;
   pass[5] = 0xab;
   pass[6] = 0xcd;
   pass[7] = 0xef;

   Keygen_Uni( "Zero length salt", pass, 8, salt, 0, id, iter,
       sizeof(out_buf),
                      out_buf, EVP_md5( ) );

   memset( out_buf, 0, sizeof( out_buf ) );

   Keygen_Uni( "NULL salt", pass, 8, NULL, 0, id, iter, sizeof(out_buf),
                      out_buf, EVP_md5( ) );

   memset( out_buf, 0, sizeof( out_buf ) );

   salt[0] = 0x01;
   salt[1] = 0x23;
   salt[2] = 0x45;
   salt[3] = 0x67;
   salt[4] = 0x89;
   salt[5] = 0xab;
   salt[6] = 0xcd;
   salt[7] = 0xef;

   Keygen_Uni( "Valid pass and salt", pass, 8, salt, 8, id, iter,
       sizeof(out_buf),
                      out_buf, EVP_md5( ) );

   return 0;
}

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2021-12-10 20:53:59 +00:00
paul-elliott-arm
f434994d83
Merge pull request #5303 from yuhaoth/pr/add_list_config_function 
Add list config function
 2021-12-10 18:30:06 +00:00
Ronald Cron
2331fdb280
Merge pull request #5293 from ronald-cron-arm/tls13-mvp-misc 
Miscellaneous final changes for TLS 1.3 MVP release
 2021-12-10 17:46:47 +01:00
Ronald Cron
64bff9f261 tests: data_files: Avoid symbolic links 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2021-12-10 15:09:57 +01:00
Gilles Peskine
dc8ecda46f Don't fail until everything is initialized 
Can't call mbedtls_cipher_free(&invalid_ctx) in cleanup if
mbedtls_cipher_init(&invalid_ctx) hasn't been called.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-12-10 14:28:31 +01:00
Ronald Cron
6f135e1148 Rename MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL to MBEDTLS_SSL_PROTO_TLS1_3 
As we have now a minimal viable implementation of TLS 1.3,
let's remove EXPERIMENTAL from the config option enabling
it.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2021-12-10 13:47:55 +01:00
Jerry Yu
2e8b00172b Beauty source code 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2021-12-10 20:29:02 +08:00
Ronald Cron
0abf07ca2c Make PSA crypto mandatory for TLS 1.3 
As we want to move to PSA for cryptographic operations
let's mandate PSA crypto from the start.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2021-12-10 13:22:21 +01:00
Dave Rodgman
76a2b306ac
Merge pull request #4981 from yuhaoth/pr/add-debug-helpers-generated 
Add debug helpers generated
 2021-12-10 11:56:55 +00:00
Ronald Cron
6b07916e40
Merge pull request #5230 from ronald-cron-arm/tls13_ccs_client 
Add initial support for "Middlebox Compatibility Mode"
 2021-12-10 11:58:05 +01:00
Jerry Yu
d0fcf7f6a0 fix ci fail 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2021-12-10 18:45:51 +08:00
Gilles Peskine
fe051f6aab
Merge pull request #5297 from paul-elliott-arm/test_suite_cipher_returns 
Add checked return to cipher setup in Cipher tests
 2021-12-10 10:39:57 +01:00
Ronald Cron
9eab5a6f11 tests: TLS 1.3: Remove unnecessary test requirement 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2021-12-10 10:27:25 +01:00
Ronald Cron
ae93725ae8 tests: Make compat mode optional in script generating tests 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2021-12-10 10:27:07 +01:00
Jerry Yu
d04fd35c06 Replace configs_enabled check with query_compile_time_config 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2021-12-10 16:31:04 +08:00
Jerry Yu
bc8b22ecc8 fix tls13 test fail 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2021-12-10 15:54:38 +08:00
Jerry Yu
cdcc55f46f update test check strings 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2021-12-10 12:47:02 +08:00
Jerry Yu
e3b3412bc4 Add tests for enum helper 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2021-12-10 12:45:52 +08:00
Jerry Yu
e78ee99624 add enum value to string helpers 
Only add helpers for enum in `ssl.h`.

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2021-12-10 12:43:30 +08:00
Paul Elliott
0cf7e38606 Add checked return to cipher setup 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2021-12-09 18:27:01 +00:00
Paul Elliott
46a6c20d0c Add checked returns to tests without them. 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2021-12-09 18:16:13 +00:00
Gilles Peskine
d5b2a59826
Merge pull request #5047 from paul-elliott-arm/psa-m-aead-ccm 
PSA Multipart AEAD CCM Internal implementation and tests.
 2021-12-09 14:49:42 +01:00
Ronald Cron
a55c5a1152 ssl-opt.sh: TLS 1.3: Add middlebox compatibility tests with GnuTLS 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2021-12-09 13:40:22 +01:00
Ronald Cron
7c0185fa5f ssl-opt.sh: TLS 1.3: Add some missing test dependencies 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2021-12-09 13:40:22 +01:00
Ronald Cron
fdb0e3f381 ssl-opt.sh: TLS 1.3: Run tests with middlebox compatibility enabled 
Run tests with middlebox compatibility enabled but tests
dedicated to middlebox compatibility disabled.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2021-12-09 13:40:22 +01:00
Manuel Pégourié-Gonnard
c38c1f2411
Merge pull request #5268 from gilles-peskine-arm/struct_reordering_3.0 
Reorder structure fields to maximize usage of immediate offset access
 2021-12-09 12:54:09 +01:00
Manuel Pégourié-Gonnard
d7d740eb6e
Merge pull request #5236 from gabor-mezei-arm/4926_base64_move_constant-time_functions 
Move base64 constant-time functions to the new module
 2021-12-09 12:40:18 +01:00
Paul Elliott
37ec16b579 Add explanation for workaround in test code 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2021-12-09 09:44:11 +00:00
Paul Elliott
3938fef25c Indicate set nonce negative test failure reasons 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2021-12-08 20:09:09 +00:00
Ronald Cron
1865585eab
Merge pull request #5212 from yuhaoth/pr/add-tls13-compat-testcases 
TLS1.3 MVP:Add tls13 compat, not supported version , certificaterequest and HRR tests
 2021-12-08 14:56:39 +01:00
Manuel Pégourié-Gonnard
39c2aba920
Merge pull request #849 from ronald-cron-arm/fix-cipher-iv 
Avoid using encryption output buffer to pass generated IV to PSA driver
 2021-12-08 13:30:06 +01:00
Gilles Peskine
392113434a
Merge pull request #5263 from ronald-cron-arm/psa-test-driver_3.x 
Forward port to 3.x: Introduce PSA test driver library to test PSA configuration
 2021-12-07 12:52:20 +01:00
Ronald Cron
27d47713c9 tests: psa: Remove MD2, MD4 and ARC4 related code 
MD2, MD4 and ARC4 are not supported anymore in
3.x.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2021-12-07 09:54:36 +01:00
Jerry Yu
52a6e7ea00 Replace tls1_3 with tls13 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2021-12-06 18:42:47 +08:00
Jerry Yu
2c315a8591 remove unused function 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2021-12-06 18:22:51 +08:00
Jerry Yu
c502dff71c fix TLS1.3 name issue 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2021-12-06 18:22:51 +08:00
Jerry Yu
7918efe99a Refactor to avoid duplicate add_* 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2021-12-06 18:20:43 +08:00
Jerry Yu
882c30da17 Merge CAFILE and Certificate 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2021-12-06 18:20:43 +08:00
Jerry Yu
b4ac8f3c04 fix various issues 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2021-12-06 18:20:43 +08:00
Jerry Yu
dda036d8e0 rename ecdsa_secp*sha* to ecdsa_secp* 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2021-12-06 18:20:43 +08:00
Jerry Yu
7f5e5adfa3 fix pylint fail 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2021-12-06 18:20:43 +08:00
Jerry Yu
55ee769b51 Fix out-of-source build fail 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2021-12-06 18:20:43 +08:00
Jerry Yu
f17a60f147 Add opt-testcases into check list 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2021-12-06 18:20:43 +08:00
Jerry Yu
cdcb683568 Update generate scripts and tls13 test cases 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2021-12-06 18:20:43 +08:00
Jerry Yu
31018adb81 Add tls13 compat tests with bash scripts 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2021-12-06 18:20:43 +08:00
Jerry Yu
c4aa1520a2 tls13_compat_tests:Add generate all option 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2021-12-06 18:20:43 +08:00
Jerry Yu
d64e20de7f fix wrong typo 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2021-12-06 18:20:43 +08:00
Jerry Yu
26fa7dcc4a Remove rsa_pss_rsae_sha256 test from ssl-opt.sh 
It has been covered by tls13 compat tests

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2021-12-06 18:20:43 +08:00
Jerry Yu
29deed4ddb Add rsa_pss_rsae_sha256 into tls13 compat tests 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2021-12-06 18:16:30 +08:00
Jerry Yu
305bfc3dfd Add tls13 compat tests 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2021-12-06 18:16:30 +08:00
Jerry Yu
0f99af8c19 Add keys for tls13 compat tests 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2021-12-06 18:16:30 +08:00
Jerry Yu
8c5559d700 Add HelloRetryRequst tests 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2021-12-06 18:16:30 +08:00
Jerry Yu
936dffd77e Add certificate request check 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2021-12-06 18:16:30 +08:00
Jerry Yu
8f9d7dbfd0 Add unsupported version check 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2021-12-06 18:16:29 +08:00
Ronald Cron
8c8cea25c7
Merge pull request #5166 from xffbai/code-align 
Align the TLS 1.3 code with coding rules
 2021-12-06 10:54:00 +01:00
Ronald Cron
fd25ddbf58 psa: Fix and improve comments 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2021-12-06 07:50:27 +01:00
Ronald Cron
3a8714d5d4 all.sh: psa: Add cipher acceleration test component 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2021-12-06 07:50:27 +01:00