yuzu-emu/mbedtls
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
28640 commits 1 branch 0 tags 94 MiB
Commit graph

10290 commits

Author SHA1 Message Date
Paul Elliott
3bda79ba9f Move initialisation in test to before first test 
Calling mbedtls_cipher_free() on a context that was not initialised
is dangerous, and this could happen if the first test in
check_set_padding() failed.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2023-10-18 15:09:09 +01:00
Valerio Setti
2cff82069e analyze_outcomes: add new_section() method to the Results class 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-10-18 14:36:47 +02:00
Valerio Setti
39d4b9d15b analyze_outcomes: fix format interpolation errors 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-10-18 14:30:03 +02:00
Matthias Schulz
ab4082290e Added parameters to add callback function to handle unsupported extensions. Similar to how the callback functions work when parsing certificates. Also added new test cases. 
Signed-off-by: Matthias Schulz <mschulz@hilscher.com>
 2023-10-18 13:20:59 +02:00
Gilles Peskine
0ea1b8fe8c
Merge pull request #7982 from gilles-peskine-arm/sample_program_demo_scripts-3.4 
Run sample program demo scripts in all.sh
 2023-10-18 10:03:52 +00:00
Pengyu Lv
ed5e4e86a5 Merge branch 'development' into issue/6935/ticket_flags-kex-mode-determination 2023-10-18 18:03:07 +08:00
Jerry Yu
b47b2990d6 fix various issues 
- fix wrong typo
- remove redundant check
- remove psk mode tests

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-10-18 15:50:35 +08:00
Manuel Pégourié-Gonnard
c6d633ffbc
Merge pull request #8297 from valeriosetti/issue8064 
Change accel_aead component to full config
 2023-10-18 07:15:59 +00:00
Manuel Pégourié-Gonnard
2e37d7b238
Merge pull request #8121 from gilles-peskine-arm/ssl-test-no-legacy 
Remove GNUTLS_LEGACY and OPENSSL_LEGACY
 2023-10-18 07:13:12 +00:00
Jerry Yu
2f3f968033 fix wrong typo and indent issue 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-10-18 15:07:10 +08:00
Jerry Yu
ca3790d653 Add server9-bad-saltlen generate command 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-10-18 15:07:09 +08:00
Valerio Setti
735794c745 analyze_outcomes: fix missing format for args/kwargs 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-10-18 08:05:15 +02:00
Gilles Peskine
bbd92917d8 Close file on error path 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-10-17 18:12:31 +02:00
Gilles Peskine
d681ffdb54 Use modern macros for calloc in test code 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-10-17 18:12:31 +02:00
Gilles Peskine
bb7d92c4b2 Remove redundant null check 
crl_file is a test argument and can't be null. Besides the code above
already assumes that it's non-null.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-10-17 17:26:44 +02:00
Gilles Peskine
21e46b39cc Fix missing initializations on some error paths 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-10-17 17:09:28 +02:00
Matthias Schulz
0ca58e3c10 Added testcase with certificate that contains extensions with critical fields. 
Signed-off-by: Matthias Schulz <mschulz@hilscher.com>
 2023-10-17 13:12:32 +02:00
Valerio Setti
781c23416e analyze_oucomes: do not return Results instance passed as parameter 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-10-17 13:07:10 +02:00
Valerio Setti
8070dbec6b analyze_outcomes: keep print_line() method non-static 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-10-17 12:40:42 +02:00
Valerio Setti
f6f64cfd81 analyze_outcomes: code style improvement 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-10-17 12:28:26 +02:00
Valerio Setti
8d178be66e analyze_outcomes: fix return value in case of test failure 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-10-17 12:23:55 +02:00
Valerio Setti
2f00b7a5da cipher: reset MBEDTLS_CIPHER_HAVE_AEAD to MBEDTLS_CIPHER_MODE_AEAD 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-10-17 11:43:34 +02:00
Valerio Setti
9a4273099c all.sh: fix comment 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-10-17 11:40:42 +02:00
Valerio Setti
40314fcc75 analyze_outcomes: fix newlines 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-10-17 11:34:31 +02:00
Valerio Setti
f075e47bc1 analyze_outcomes: reset name of TestLog to Results 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-10-17 11:33:21 +02:00
Valerio Setti
3f33989762 analyze_outcomes: use a single TestLog instance and do not delay output 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-10-17 11:32:23 +02:00
Valerio Setti
fb2750e98e analyze_outcomes: exit immediately in case of invalid task 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-10-17 10:57:53 +02:00
Valerio Setti
5329ff06b9 analyze_outcomes: print task list directly to stdout 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-10-17 09:44:36 +02:00
Yanray Wang
4b6595aa83 Merge remote-tracking branch 'origin/development' into support_cipher_encrypt_only 2023-10-17 11:13:00 +08:00
Dave Rodgman
41bc798d7c Tidy-up 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-10-16 14:04:21 +01:00
Dave Rodgman
f3803a1f71 Cleanup validation interface 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-10-16 13:47:15 +01:00
Valerio Setti
9fc1f24331 md: restore md.h includes in source files directly using its elements 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-10-16 14:39:38 +02:00
Valerio Setti
b0c618e147 analyze_outcomes: minor improvements 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-10-16 14:19:49 +02:00
Dave Rodgman
f2ea08ae50 Improve test for clang presence 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-10-16 11:37:28 +01:00
Yanray Wang
aa01ee303a Merge remote-tracking branch 'origin/development' into support_cipher_encrypt_only 2023-10-16 17:38:32 +08:00
Valerio Setti
dcee98730b cipher_wrap: add VIA_LEGACY_OR_USE_PSA to new internal symbols 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-10-16 11:35:57 +02:00
Valerio Setti
596ef6c0b1 cipher: reset MBEDTLS_CIPHER_HAVE_AEAD_LEGACY to previous naming 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-10-16 11:26:08 +02:00
Dave Rodgman
d35b188a5c Make component_build_aes_aesce_armcc silent 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-10-16 10:25:30 +01:00
Valerio Setti
0521633559 cipher: fix guards in mbedtls_cipher_auth_[encrypt/decrypt]_ext() 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-10-16 11:22:21 +02:00
Pengyu Lv
132261345d all.sh: revert changes in test_m32* 
AESNI for x86 (32-bit) have been tested in
a seperate component, we don't need to test
twice.

Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
 2023-10-16 14:03:29 +08:00
Dave Rodgman
37801d714b Invert no_hwcap variable 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-10-13 16:06:55 +01:00
Dave Rodgman
cc88ccdda1 Include existing Makefile 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-10-13 12:25:23 +01:00
Dave Rodgman
768bc143ad Fix hwcap test for CI 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-10-13 10:15:55 +01:00
Dave Rodgman
ab0cff5b4e Require asm/hwcap.h for testing 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-10-13 09:32:04 +01:00
Dave Rodgman
4b779bef9e
Merge branch 'development' into more-aes-checks 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-10-12 16:17:10 +01:00
Valerio Setti
db1ca8fc33 cipher: keep MBEDTLS_CIPHER_HAVE symbols private 
This commit also improve the usage of these new symbols in
cipher_wrap code

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-10-12 10:39:54 +02:00
Valerio Setti
aaef0bc172 analyze_outcomes: improve logging system 
- the script now only terminates in case of hard faults
- each task is assigned a log
   - this log tracks messages, warning and errors
   - when task completes, errors and warnings are listed and
     messages are appended to the main log
- on exit the main log is printed and the proper return value
  is returned

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-10-12 09:16:40 +02:00
Jerry Yu
bd4dd81606 fix test fail when ecp disabled 
Gnutls-cli send ecp algorithm as key share algorithm
and we do not known how to change that.

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-10-12 15:02:01 +08:00
Jerry Yu
bc57e86390 Add early data disable tests 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-10-12 15:02:01 +08:00
Jerry Yu
e649cecb43 Add data file for early data input 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-10-12 15:02:01 +08:00
Jerry Yu
34e9516cb6 Add unit test for max_early_data_size of ticket 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-10-12 15:00:26 +08:00
Dave Rodgman
f4b415c369 Test instructions built/not built 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-10-11 16:11:42 +01:00
Dave Rodgman
c20d899266 Adjust messages in all.sh 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-10-11 15:01:35 +01:00
Dave Rodgman
b0d9830373
Merge branch 'development' into sha-armce-thumb2 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-10-11 13:53:41 +01:00
Valerio Setti
02a634decd md: remove unnecessary inclusions of mbedtls/md.h 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-10-11 13:15:58 +02:00
Valerio Setti
a797ce3ed2 test: use full config in test_psa_crypto_config_accel_cipher 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-10-11 13:10:34 +02:00
Valerio Setti
e7bac17b5d test: keep SSL_TICKET_C and SSL_CONTEXT_SERIALIZATION enabled 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-10-11 13:10:34 +02:00
Valerio Setti
3f02bb7a96 test: use full config in accelerated AEAD test 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-10-11 13:10:34 +02:00
Dave Rodgman
d680d4fbf9 SHA256 renaming - fix some missed things 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-10-11 11:05:22 +01:00
Dave Rodgman
be7915aa6c Revert renaming of SHA512 options 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-10-11 10:59:05 +01:00
Ronald Cron
a89d2ba132
Merge pull request #8327 from ronald-cron-arm/adapt-psa-crypto-repo-name 
Adapt to new PSA Crypto repo name
 2023-10-11 06:45:30 +00:00
Pengyu Lv
64cca2f3ea all.sh: Re-enable MBEDTLS_AESNI_C in some components 
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
 2023-10-11 12:05:58 +08:00
Dave Rodgman
5b89c55bb8 Rename MBEDTLS_SHAxxx_USE_ARMV8_yyy to MBEDTLS_SHAxxx_USE_ARMV8_A_yyy 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-10-10 15:14:57 +01:00
Dave Rodgman
94a634db96 Rename A64 config options 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-10-10 12:59:29 +01:00
Valerio Setti
dfd7ca6344 analyze_outcomes: rename some variables for better readability 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-10-09 16:53:02 +02:00
Ronald Cron
fea6606f98
Merge pull request #8296 from ronald-cron-arm/remove-redundant-test-component 
Remove redundant test component
 2023-10-09 10:29:20 +00:00
Ronald Cron
070e8652d5 Adapt to new PSA Crypto repo name 
Patterns I looked for:
grep -i "psa-crypto"
grep -i "psa.*crypto.*repo"
grep -i "psa.*crypto.*root"

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2023-10-09 10:26:18 +02:00
Dave Rodgman
866b3a1886
Merge pull request #8323 from tom-daubney-arm/fix_mbedtls_styling_docs 
Correct styling of Mbed TLS in documentation
 2023-10-06 19:10:10 +00:00
Thomas Daubney
540324cd21 Correct styling of Mbed TLS in documentation 
Several bits of documentation were incorrectly styling Mbed TLS
as MbedTLS.

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
 2023-10-06 17:07:24 +01:00
Valerio Setti
49c835e5ec test_suite_pkcs12: fix typo in test case description 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-10-06 11:25:08 +02:00
Gilles Peskine
c760019dd5 Note about the lack of Windows support 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-10-05 17:23:58 +02:00
Gilles Peskine
ca26082ab7 Print a notice if chdir fails 
Fixes -Wunused-result warning.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-10-05 17:23:49 +02:00
Gilles Peskine
21bff21575 Support running unit tests from another directory 
When running a test suite, try to change to the directory containing the
executable. This allows running a test suite from any directory, and still
allow it to access its .datax file as well as data files (generally in
tests/data_files) used by individual test cases.

Only implemented on Unix-like systems and on Windows.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-10-05 17:19:14 +02:00
Dave Rodgman
cd65400c48 Add tests for runtime detection 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-10-05 09:40:07 +01:00
Minos Galanakis
4855fdf887 Revert "Auto-generated files for v3.5.0" 
This reverts commit 591416f32b.

Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2023-10-05 00:17:21 +01:00
Dave Rodgman
9ed1853093 require clang 4 for testing 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-10-05 00:06:47 +01:00
Dave Rodgman
d9e8083d26 Add tests for SHA256 on ARMCE for thumb, arm and aarch64 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-10-04 17:17:46 +01:00
Dave Rodgman
a7127eb67c tidy up 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-10-04 13:38:41 +01:00
Dave Rodgman
7a8a2490e5 Tidy-up 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-10-04 13:14:20 +01:00
Dave Rodgman
b1107aeee1 Tidy up bash syntax 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-10-04 12:30:23 +01:00
Dave Rodgman
54ada8bae8 Improve docs 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-10-04 11:55:25 +01:00
Dave Rodgman
28e38d8e12 Use lower-case for local variables 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-10-04 11:50:30 +01:00
Gilles Peskine
35b49c4d7d Ignore tests of built-in interfaces for driver-only testing parity 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-10-04 12:28:41 +02:00
Gilles Peskine
010f035cdf Renaming all MBEDTLS_HAVE for curves to MBEDTLS_ECP_HAVE 
Fix test cases that were merged concurrently to
db6b4db7a0.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-10-04 12:27:14 +02:00
Minos Galanakis
591416f32b Auto-generated files for v3.5.0 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2023-10-04 00:55:02 +01:00
Minos Galanakis
31ca313efa Bump version to 3.5.0 
```
./scripts/bump_version.sh --version 3.5.0
```

Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2023-10-03 22:02:18 +01:00
Minos Galanakis
1a3ad265cc Merge branch 'development-restricted' into mbedtls-3.5.0rc0-pr 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2023-10-03 21:57:51 +01:00
Dave Rodgman
3cde6a2be2 Improve naming 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-10-03 16:02:56 +01:00
Dave Rodgman
4243610c15 Use make to generate the test command 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-10-03 15:47:05 +01:00
Minos Galanakis
3974b17631 check-generated-files: Added psa_crypto_driver_wrappers_no_static.c file 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2023-10-03 11:47:03 +01:00
Ronald Cron
466286a14a Remove redundant test component 
In the full configuration MBEDTLS_TEST_HOOKS is
enabled thus the configurations in
test_full_cmake_gcc_asan_new_bignum and
test_full_cmake_gcc_asan_new_bignum_test_hooks
are the same. Keep the component that runs more
tests.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2023-10-03 12:44:15 +02:00
Dave Rodgman
43a5ce8c7f rename function 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-10-02 17:09:37 +01:00
Dave Rodgman
920343aaf7 Separate out a resuable option cross-product test function 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-10-01 19:06:09 +01:00
Dave Rodgman
184c0af06e Remove not-needed edge-case 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-10-01 13:43:02 +01:00
Dave Rodgman
8a64fb82a8 Simplify makefile generation; don't use -j 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-10-01 13:31:31 +01:00
Dave Rodgman
86cc70871c fix make issue 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-09-29 22:32:04 +01:00
Dave Rodgman
aea01c9455 Use make to parellise tests 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-09-29 18:54:49 +01:00
Dave Rodgman
9728562192 Improve test speed 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-09-29 18:27:04 +01:00
Dave Rodgman
573dfc167a Add testing for MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-09-29 16:27:29 +01:00
Dave Rodgman
745af9f47b Extend testing of aes.o options 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-09-29 16:22:23 +01:00
Dave Rodgman
b51f3da354
Merge pull request #8264 from mpg/follow-up-8075 
Follow up to 8075
 2023-09-28 17:32:12 +00:00
Gilles Peskine
42f8d5f0c9
Merge pull request #8261 from Mbed-TLS/fix-cmake-header-include 
Add CMake include path for generated header
 2023-09-28 15:16:15 +00:00
Manuel Pégourié-Gonnard
3b2357cdca Remove components that partially accelerate ECC keys 
These are build-only components so this was never supported for sure.

Let's stick to what's really tested for now, and expand later (with
proper testing!) if there's demand for more flexibility.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-09-28 16:56:12 +02:00
Manuel Pégourié-Gonnard
680b48e6b5 Update list of ECC key types in user-config-for-test.h 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-09-28 16:52:44 +02:00
David Horstmann
f868d6f4e8 Remove spurious comments 
Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2023-09-28 14:01:25 +01:00
David Horstmann
6c979856c3 Remove generated files in all cmake_as_x tests 
Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2023-09-28 11:30:43 +01:00
David Horstmann
862abe2d0f Fix lowercase comment start 
Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2023-09-28 11:28:20 +01:00
Manuel Pégourié-Gonnard
c0c9b23b23 Test only what's support with partial curves accel 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-09-28 10:19:19 +02:00
Manuel Pégourié-Gonnard
faea919365 Fix typo: weiErstrass 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-09-28 10:19:16 +02:00
Manuel Pégourié-Gonnard
6be64f7d5b Use lowercase for local variables 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-09-28 10:19:16 +02:00
Manuel Pégourié-Gonnard
5aab46b91e Remove now-redundant tests 
These were temporaries to avoid unwanted use of low-level modules. Now
that we have test components with those modules fully disabled (replaced
with drivers), we no longer need these tests - which were out of date
too.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-09-28 08:53:05 +02:00
Manuel Pégourié-Gonnard
eda7086bdd Auto-enable ACCEL macros for p256-m driver 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-09-28 08:53:05 +02:00
Manuel Pégourié-Gonnard
f07ce3b8ff Don't extend support for deprecated functions 
Restore guards from the previous release, instead of the new, more
permissive guards.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-09-28 08:51:51 +02:00
Gilles Peskine
7f288566c3
Merge pull request #8260 from gilles-peskine-arm/crypto_spe-include-fix 
Fix include path to psa/crypto_spe.h
 2023-09-27 18:10:16 +00:00
David Horstmann
9f48fff467 Ensure tests will fail if CMake generation fails 
Remove the in-source-tree generated files before running CMake.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2023-09-27 16:35:15 +01:00
Dave Rodgman
0fc86b2ddf
Merge pull request #8075 from valeriosetti/issue8016 
driver-only ECC: curve acceleration macros
 2023-09-27 14:39:02 +00:00
Gilles Peskine
c1bedfe184 Put crypto_spe.h on the include search path where needed 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-09-27 16:23:41 +02:00
Manuel Pégourié-Gonnard
f7dc6cfef1 Document limitation on "mixed" builds 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-09-27 10:34:52 +02:00
Yanray Wang
89c88bb44b analyze_outcomes: fix incorrect use of Results.log() 
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
 2023-09-27 10:35:09 +08:00
Manuel Pégourié-Gonnard
5c21036d19 Add build with only some ECC key types accelerated 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-09-26 12:03:10 +02:00
Manuel Pégourié-Gonnard
561bce6b16 Add build with some curves accelerated but not all 
I chose to divide along the lines of Weierstrass vs other curve shapes
(currently just Montgomery), mainly because it's the first thing that
came to mind.

It happened to reveal an issue in the logic for when (deterministic)
ECDSA and ECJPAKE are built-in, which this commit is also fixing.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-09-26 11:36:13 +02:00
Yanray Wang
5c0c858026 analyze_outcomes: ignore asn1parse and asn1write in result analysis 
By default, we disable ASN1_[PARSE/WRITE]_C in common_tfm_config.
In fact, this is what happens for accelerated p256m driver, which
means all asn1[parse/write] tests are skipped in driver_accel test.
However, those two macros are automatically enabled for built-in
ECDSA via PSA, which means all asn1[parse/write] tests are passed
in tfm_config test.
This commit simply ignores the whole asn1[parse/write] test suite
when analyzing between driver and reference.

Signed-off-by: Yanray Wang <yanray.wang@arm.com>
 2023-09-26 17:16:00 +08:00
Yanray Wang
0e319ae577 analyze_outcomes: escape {} in string format for test description 
{} are valid characters in test description, but they're not escaped
properly in python string format(). To resolve the bug of KeyError
when it tries to log test description which contains {}, we replace
{XXX} format with {{XXX}} in order to escape {} in python string
format() properly.

In addition, the calls to Results.log() are also handled to avoid
similar potential problems.

Signed-off-by: Yanray Wang <yanray.wang@arm.com>
 2023-09-26 17:16:00 +08:00
Yanray Wang
ffbdd33f04 Revert "test_suite_asn1parse.data: remove {} in test data description" 
This reverts commit 929311e9a7c092b54a05d84bc74daa8efdb07422.

Signed-off-by: Yanray Wang <yanray.wang@arm.com>
 2023-09-26 17:15:56 +08:00
Yanray Wang
079b3bb97b test_suite_asn1parse.data: remove {} in test data description 
In analyze_outcomes.py, if a test case passes in reference_test but
not in driver_test, we log the key by key.format in python.
However, this causes error because of the grammar {} in python
string format. So removing {} to avoid KeyError for
    sys.stderr.write((fmt + '\n').format(*args, **kwargs))

Signed-off-by: Yanray Wang <yanray.wang@arm.com>
 2023-09-26 17:15:52 +08:00
Yanray Wang
61f96608cc test_suite_pk: add extra dependency for pk_psa_sign 
pk_psa_sign is guarded by MBEDTLS_TEST_PK_PSA_SIGN which is set under:
 - The build has PK_[PARSE/WRITE]_C for RSA or ECDSA signature.
 - The build has built-in ECC and ECDSA signature.

Signed-off-by: Yanray Wang <yanray.wang@arm.com>
 2023-09-26 17:15:52 +08:00
Yanray Wang
73bb231878 all.sh: remove not needed #define in common_tfm_config 
Since we have removed PK_C, PK_[WRITE/PARSE]_C, there is no need to
define PK related configurations again. Therefore we removed them
in common_tfm_config to make a simpler.

Signed-off-by: Yanray Wang <yanray.wang@arm.com>
 2023-09-26 17:15:52 +08:00
Yanray Wang
4eaf5adda9 all.sh: remove define MD_C in common_tfm_config 
We have set MBEDTLS_MD_C in tfm_mbedcrypto_config_profile_medium.h
so there is no need to enable it again.

Signed-off-by: Yanray Wang <yanray.wang@arm.com>
 2023-09-26 17:15:52 +08:00
Yanray Wang
382966d1a7 all.sh: fix a comment in common_tfm_config 
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
 2023-09-26 17:15:52 +08:00
Yanray Wang
7050504bdc all.sh: simplify common_tfm_config 
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
 2023-09-26 17:15:52 +08:00
Gilles Peskine
5baf66755c Keep the list in alphabetical order 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-09-26 17:15:52 +08:00
Gilles Peskine
eaa1c5619a Update location of TFM config files 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-09-26 17:15:52 +08:00
Gilles Peskine
5f573f8301 Fix broken test with MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER 
When testing the lifecycle of a transient key, it doesn't make much sense to
try psa_open_key: that expects a persistent key and the lookup takes a
different path. The error from psa_open_key is also different depending on
whether MBEDTLS_PSA_CRYPTO_STORAGE_C is enabled.

To check that the key ownership is taken into account, try to access the
same key id with a different owner without expecting that this is a
persistent key. Just call psa_get_key_attributes, which works fine for a
transient key.

This fixes a test failure when MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER is
enabled and MBEDTLS_PSA_CRYPTO_STORAGE_C is disabled.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-09-26 17:15:52 +08:00
Yanray Wang
0c98f9f842 test-ref-configs: test config-tfm.h 
Tweak some configurations based on TF-M config in order to get a
successful build and test.

Signed-off-by: Yanray Wang <yanray.wang@arm.com>
 2023-09-26 17:15:52 +08:00
Xiaokang Qian
fe9666b8c0 Change the extension type of the file psa_crypto_driver_wrapper 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2023-09-26 09:09:20 +00:00
Gilles Peskine
7f420faf03 parse_attribute_value_hex_der_encoded: clean up length validation 
Separate the fits-in-buffer check (*data_length <= data_size) from the
we-think-it's-a-sensible-size check (*data_length <=
MBEDTLS_X509_MAX_DN_NAME_SIZE).

This requires using an intermediate buffer for the DER data, since its
maximum sensible size has to be larger than the maximum sensible size for
the payload, due to the overhead of the ASN.1 tag+length.

Remove test cases focusing on the DER length since the implementation no
longer has a threshold for it.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-09-25 19:59:31 +02:00
Gilles Peskine
26dd764dc3 parse_attribute_value_hex_der_encoded test case fixups 
Fix the expected output in some test cases.

Add a few more test cases to exercise both a payload length around 256 bytes
and a DER length around 256 bytes, since both are placed in a 256-byte
buffer (value of MBEDTLS_X509_MAX_DN_NAME_SIZE).

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-09-25 19:59:31 +02:00
Gilles Peskine
c94500b56b Add may-fail mode to mbedtls_x509_string_to_names output tests 
Due to differing validations amongst X.509 library functions, there are
inputs that mbedtls_x509_string_to_names() accepts, but it produces output
that some library functions can't parse. Accept this for now. Do call the
functions, even when we don't care about their return code: we're ok with
returning errors, but not with e.g. a buffer overflow.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-09-25 19:59:31 +02:00
Gilles Peskine
aa01a038b5 Fix indentation 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-09-25 19:59:31 +02:00
Gilles Peskine
70a93407ce More test cases for parse_attribute_value_der_encoded 
In particular, "X509 String to Names: long hexstring (DER=258 bytes, too long)"
causes a buffer overflow in parse_attribute_value_der_encoded().

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-09-25 19:59:31 +02:00
Gilles Peskine
1c7223bda2 Use modern test macros for ease of debugging 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-09-25 19:59:31 +02:00
Dave Rodgman
6da7872aa2
Merge pull request #1083 from gilles-peskine-arm/development-restricted-merge-20230925 
Merge development into development-restricted
 2023-09-25 18:16:01 +01:00
Manuel Pégourié-Gonnard
3c4f344e9a Declare P-256 as accelerated in p256-m test 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-09-25 17:39:41 +02:00
Manuel Pégourié-Gonnard
85ff5e6b88 Fix another rebasing mistake 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-09-25 17:39:41 +02:00
Manuel Pégourié-Gonnard
0d54a2e496 Fix rebasing mistake 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-09-25 17:39:41 +02:00
Manuel Pégourié-Gonnard
5a7523e42d Declare curves as accelerated in all.sh when needed 
Before this PR, the tests passed without this, but they shouldn't have.
Accelerators need to declare what curves they support, and if no curve
is declared as accelerated, the built-in implementations of algs and key
types need to be enabled.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-09-25 17:39:41 +02:00
Manuel Pégourié-Gonnard
a6aecd0e3b Remove components that are no longer needed 
Those components were introduced in #7103, resolving #6622: Some PSA
ECC size macros are too small when the largest accelerated curve is
larger than the largest built-in curve.

At that point, it was not possible yet to omit all built-in curves,
so we made these components that had only one (small) curve built-in and
all the others accelerated.

Now that it's possible to disable all ECC built-ins, and we have tests
doing that, we don't need that kind of fiddling any more.

Note: these component disabled RSA in order to make sure max key size
macros were not taken from RSA. We have test components with all of ECC
accelerated and RSA disabled
(component_test_psa_crypto_config_accel_ecc_no_bignum and
component_test_psa_crypto_config_accel_ecc_ffdh_no_bignum), making the
"all curves except one" components really redundant.

Note: removing them was one of the items in #7757.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-09-25 17:39:41 +02:00
Valerio Setti
4ca250b873 test: fix comment 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-09-25 17:39:41 +02:00
Valerio Setti
bbf86afdeb test_suite_psa_crypto: fix curve dependency in test 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-09-25 17:39:41 +02:00
Valerio Setti
db6b4db7a0 Renaming all MBEDTLS_HAVE for curves to MBEDTLS_ECP_HAVE 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-09-25 17:39:41 +02:00
Valerio Setti
0a342c9512 test: fix comments and functions' naming 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-09-25 17:39:41 +02:00
Valerio Setti
cf29c5d9d5 ssl: don't require MBEDTLS_ECP_DP with TLS1.3 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-09-25 17:39:41 +02:00
Valerio Setti
482a0b957f test: fix remaining disparities and remove debug leftovers 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-09-25 17:39:41 +02:00
Valerio Setti
872462dfa9 test: fix test accelerating all curves keeping only 1 builtin 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-09-25 17:39:41 +02:00
Valerio Setti
6d809cc969 lib/test: use new internal helpers in library's code and tests 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-09-25 17:39:41 +02:00
Valerio Setti
b2fd673ec8 test: fix test which are using accelerated ECC/DH keys 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-09-25 17:39:40 +02:00
Gilles Peskine
ffe590d197
Merge pull request #1058 from waleed-elmelegy-arm/check-set_padding-is-called 
Check set_padding has been called in mbedtls_cipher_finish
 2023-09-25 17:12:36 +02:00
Gilles Peskine
ca1e605b9c Merge remote-tracking branch 'upstream-public/development' into development-restricted-merge-20230925 
Conflicts:
* `include/mbedtls/build_info.h`: a new fragment to auto-enable
  `MBEDTLS_CIPHER_PADDING_PKCS7` was added in
  c9f4040f7f in `development-restricted`.
  In `development`, this section of the file has moved to
  `include/mbedtls/config_adjust_legacy_crypto.h`.
* `library/bignum.c`: function name change in `development-restricted` vs
  comment change in development. The comment change in `development` is not
  really relevant, so just take the line from `development-restricted`.
 2023-09-25 16:16:26 +02:00
Simon Butcher
bcb6cfb13d Fix the tests build with mingw for the new Win32 APIs 
Add missing library dependency of bcrypt to the tests Makefile

Signed-off-by: Simon Butcher <simon.butcher@arm.com>
 2023-09-25 14:12:20 +01:00
Dave Rodgman
025bed9eb7
Merge pull request #1076 from daverodgman/more-ct 
Use CT module more consistently
 2023-09-25 11:50:10 +01:00
Manuel Pégourié-Gonnard
4fe1e8762d Fix SHA-3 dependencies in test_suite_md 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-09-25 10:05:23 +02:00
Manuel Pégourié-Gonnard
e47c53eeab Fix SHA-3 in accel tests that need it 
Components that accelerate an algorithm that uses hashing internally
(such as deterministic ECDSA and RSA-PSS) need the hash algorithms
available in libtestdriver1.

Previously, the omission of SHA-3 in
tests/include/test/drivers/crypto_config_test_driver_extension.h meant
it was enabled in libtestdriver1 when not requesting its acceleration,
and disabled when requesting it. Adding it in a previous commit fixed
the components that asked it accelerated, but broke the component that
didn't ask for it but still needed it.

Fix those components by explicitly requesting SHA-3 as we already do for
the other hash algorithms that are require for the same reason.

Note: this broke test_suite_psa_crypto_storage_format.v0 which is
apparently the only place exercising signatures with SHA-3.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-09-24 09:48:47 +02:00
Manuel Pégourié-Gonnard
f4ceb16813 Fix dependencies for SHA-3 MD dispatch tests 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-09-24 09:48:46 +02:00
Manuel Pégourié-Gonnard
cc21ad441a Add SHA-3 support to libtestdriver1 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-09-24 09:48:45 +02:00
Gilles Peskine
ae3cda9541
Merge pull request #8092 from silabs-Kusumit/PBKDF2_output_key 
PBKDF2: test output_key
 2023-09-22 18:01:06 +00:00
Gilles Peskine
18e1d11cfe
Merge pull request #1049 from waleed-elmelegy-arm/Switch-pkparse-to-mbedtls_pkcs5_pbe2_ext 
Switch pkparse to use new pkcs5/12 pbe functions
 2023-09-22 18:06:50 +02:00
Dave Rodgman
9fc868012c Fix test error 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-09-22 10:56:13 +01:00
Gilles Peskine
193f94276e
Merge pull request #1071 from gilles-peskine-arm/ssl_decrypt_stream_short_buffer 
Fix buffer overread in mbedtls_ssl_decrypt_buf with stream cipher
 2023-09-22 11:43:03 +02:00
Dave Rodgman
fbe74a9e51 Add mbedtls_ct_error_if, with tests 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-09-22 09:58:25 +01:00
Dave Rodgman
9d0869140b Remove tests for mbedtls_ct_int_if 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-09-21 21:54:08 +01:00
Dave Rodgman
f1915f623d Improve testing for mbedtls_ct_int_if 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-09-21 19:22:59 +01:00
Dave Rodgman
cc3c670670 Fix compiler cast warning 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-09-21 16:33:26 +01:00
Waleed Elmelegy
3643947a1e Add correct dependencies for AES-192/256 cipher tests 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2023-09-21 16:22:15 +01:00
Waleed Elmelegy
38202a2b18 Improve pkparse test dependencies and changelog 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2023-09-21 15:21:10 +01:00
Waleed Elmelegy
f4e665101d Add more tests to check setting padding mode 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2023-09-21 14:04:35 +01:00
Dave Rodgman
93b3228d42 Add tests for mbedtls_ct_error_if 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-09-21 13:50:51 +01:00
Waleed Elmelegy
556a0790f6 Fix code style in pkparse tests 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2023-09-21 09:19:56 +01:00
Waleed Elmelegy
9d4d8ebaf2 Add PKCS5/12 dependecies to pkparse tests 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2023-09-21 08:45:56 +01:00
Pengyu Lv
9d87a38976 test_suite_ssl: improve variable naming in ssl_set_hostname_twice 
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
 2023-09-21 10:32:12 +08:00
Gilles Peskine
29d0bfba0d Rename option where concatenated with -D 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-09-20 23:11:33 +02:00
Waleed Elmelegy
15bcf38e88 Add test pkparse test dependencies 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2023-09-20 20:02:16 +01:00
Waleed Elmelegy
1db5cdaf57 Add tests to test pkcs8 parsing of encrypted keys 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2023-09-20 19:29:02 +01:00
Waleed Elmelegy
d527896b7e Switch pkparse to use new mbedtls_pkcs12_pbe_ext function 
Switch pkparse to use new mbedtls_pkcs12_pbe_ext function
and deprecate mbedtls_pkcs12_pbe function.

Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2023-09-20 19:29:02 +01:00
Waleed Elmelegy
c9f4040f7f Switch pkparse to use new mbedtls_pkcs5_pbes2_ext function 
Switch pkparse to use new mbedtls_pkcs5_pbes2_ext function
and deprecate mbedtls_pkcs5_pbes2 function.

Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2023-09-20 19:28:28 +01:00
Manuel Pégourié-Gonnard
5edb942708
Merge pull request #8041 from mpg/tfm-p256m 
Test TF-M config with p256-m driver
 2023-09-20 16:09:56 +00:00
Paul Elliott
5382ba6987
Merge pull request #8230 from gilles-peskine-arm/test_tls1_2_ecjpake_compatibility-avoid-build-race 
Work around a race condition in parallel builds
 2023-09-20 15:53:04 +00:00
Gilles Peskine
edc8456e01 Work around a race condition in parallel builds 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-09-20 15:03:18 +02:00
Gilles Peskine
eda1b1f744
Merge pull request #7921 from valeriosetti/issue7613 
TLS: Clean up ECDSA dependencies
 2023-09-20 12:47:55 +00:00
Dave Rodgman
143f5f7c68 Add mbedtls_ct_bool_if and mbedtls_ct_bool_if_else_0 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-09-19 21:52:13 +01:00
Dave Rodgman
1cfc43c77b Rename mbedtls_ct_bool_xor to mbedtls_ct_bool_ne 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-09-19 18:39:33 +01:00
Dave Rodgman
986006e567 Make TEST_CALLOC_NONNULL more robust 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-09-19 18:30:25 +01:00
Dave Rodgman
6568f60358 Simplify mbedtls_ct_memcmp_partial test 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-09-19 17:48:24 +01:00
Dave Rodgman
2c9f86b3b6 Add docs for mbedtls_ct_memcmp_partial test 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-09-19 17:48:13 +01:00
Dave Rodgman
28bc1ab923 Use exact bounds for allocations in mbedtls_ct_memcmp_partial test 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-09-19 17:34:57 +01:00
Dave Rodgman
a328635305 Introduce TEST_CALLOC_NONNULL 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-09-19 17:34:39 +01:00
Dave Rodgman
ba600b2fd9 Remove expected param from mbedtls_ct_memcmp_partial test 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-09-19 17:26:13 +01:00
Waleed Elmelegy
071b69f47b Add correct dependency to DES3 test 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2023-09-19 11:24:49 +01:00
Dave Rodgman
771ac65b0c Add tests for mbedtls_ct_memcmp_partial 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-09-19 09:10:59 +01:00
Gilles Peskine
d2e004e401 Test mbedtls_ssl_decrypt_buf(): stream cipher, negative cases 
Test mbedtls_ssl_decrypt_buf() with a null cipher (the only type of stream
cipher we support). Test the good case (to make sure the test code
constructs the input correctly), test with an invalid MAC, and test with a
shortened input.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-09-18 19:07:50 +02:00
Waleed Elmelegy
6d2c5d5f5c Adjust cipher tests to new requirement of specifying padding mode 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2023-09-18 17:41:25 +01:00
Gilles Peskine
9099d3fd76 Refactoring: create mbedtls_test_ssl_prepare_record_mac() 
No semantic change.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-09-18 17:21:15 +02:00
Gilles Peskine
bd50d5baec
Merge pull request #8177 from gilles-peskine-arm/generated-files-off-in-release 
Generated files off in release
 2023-09-18 14:11:58 +00:00
Gilles Peskine
68ec3ccc7c Add missing cleanup 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-09-18 14:35:52 +02:00
Gilles Peskine
ac5fabed25 Refactoring: prepare to create mbedtls_test_ssl_prepare_record_mac() 
No semantic change.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-09-18 14:35:42 +02:00
Gilles Peskine
a3237efefb Move testing of mbedtls_ssl_decrypt_buf to a new test suite 
test_suite_ssl is huge and needs splitting.

Create a new test suite focused on mbedtls_ssl_decrypt_buf(), which is a
complicated function that needs more thorough testing with malformed inputs.
At this point, we are only doing negative testing with CBC-non-ETM test
suites. This needs to grow.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-09-18 14:23:13 +02:00
Manuel Pégourié-Gonnard
f299efdb96 Improve a comment 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-09-18 11:19:04 +02:00
Gilles Peskine
67c86e626b
Merge pull request #7961 from gilles-peskine-arm/psa_crypto_config-in-full 
Enable MBEDTLS_PSA_CRYPTO_CONFIG in the full config
 2023-09-18 08:13:12 +00:00
Manuel Pégourié-Gonnard
f7298cd397 Fix some issues in comments 
Ranging from typos to outdated comment contradicting the code.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-09-18 09:55:24 +02:00
Gilles Peskine
8a7fb2d799
Merge pull request #1055 from waleed-elmelegy-arm/add-new-pkcs12-pbe2-ext-fun 
Add new pkcs12 pbe2 ext fun
 2023-09-15 18:43:03 +02:00
Manuel Pégourié-Gonnard
b95e92cd41
Merge pull request #8076 from valeriosetti/issue8005 
Test with ECC and FFDH accelerated and no bignum
 2023-09-14 09:12:35 +00:00
Gilles Peskine
0ddffb6de2
Merge pull request #7210 from sergio-nsk/patch-2 
Fix llvm error: variable 'default_iv_length' and other may be used uninitialized
 2023-09-13 16:38:55 +02:00
Gilles Peskine
3cea3efc25
Merge pull request #8025 from AgathiyanB/accept-numericoid-hexstring-x509 
Accept numericoid hexstring x509
 2023-09-13 08:54:33 +00:00
Dave Rodgman
da0bb9fae8
Merge pull request #8034 from gilles-peskine-arm/bump_version-doc_mainpage 
Update capitalization of "Mbed" and fix bump_version.sh
 2023-09-13 08:41:20 +00:00
Gilles Peskine
2e38a0d603 More spelling corrections 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-09-12 19:19:31 +02:00
Gilles Peskine
e820c0abc8 Update spelling "mbed TLS" to "Mbed TLS" 
The official spelling of the trade mark changed from all-lowercase "mbed"
to normal proper noun capitalization "Mbed" a few years ago. We've been
using the new spelling in new text but still have the old spelling in a
lot of text. This commit updates most occurrences of "mbed TLS":

```
sed -i -e 's/mbed TLS/Mbed TLS/g' $(git ls-files ':!ChangeLog' ':!tests/data_files/**' ':!tests/suites/*.data' ':!programs/x509/*' ':!configs/tfm*')
```

Justification for the omissions:

* `ChangeLog`: historical text.
* `test/data_files/**`, `tests/suites/*.data`, `programs/x509/*`: many
  occurrences are significant names in certificates and such. Changing
  the spelling would invalidate many signatures and tests.
* `configs/tfm*`: this is an imported file. We'll follow the upstream
  updates.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-09-12 19:18:17 +02:00
Waleed Elmelegy
57d09b72ef Return back to modifying input parameters in pkcs12_parse_pbe_params 
Return back to modifying input parameters in pkcs12_parse_pbe_params
to avoid change in behaviour.

Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2023-09-12 14:05:10 +01:00
Waleed Elmelegy
a7d206fce6 Check set_padding has been called in mbedtls_cipher_finish 
Check set_padding has been called in mbedtls_cipher_finish
in modes that require padding.

Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2023-09-12 13:39:36 +01:00
Paul Elliott
45b6e5e69f Prevent potential use of uninitialised data in pkcs7 tests 
Move the initialisation of the pkcs7 object to before the first possible
test failure, otherwise failure in those tests could result in an
uninitialised pointer being free'd. Found by coverity.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2023-09-12 11:58:21 +01:00
Dave Rodgman
49d7223036 Fix test under memsan 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-09-12 11:03:23 +01:00
Dave Rodgman
70e022b024 code style 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-09-12 09:29:13 +01:00
Manuel Pégourié-Gonnard
e9d97976b2 Update list of ignored tests 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-09-12 09:50:17 +02:00
Manuel Pégourié-Gonnard
96839e7450 Move common things to common function 
These should be shared between ref and accel, for meaningful coverage
comparison.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-09-12 09:50:17 +02:00
Manuel Pégourié-Gonnard
0509b5878c Fix INVALID vs NOT_SUPPORTED issue in test suite 
This fixes the last remaining failure.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-09-12 09:50:17 +02:00
Manuel Pégourié-Gonnard
25b45db3d8 Disable ECP_C in component with p256-m driver 
Builds, but 20 test cases failing in test_suite_psa_crypto, to be
addressed in future commits.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-09-12 09:50:16 +02:00
Dave Rodgman
140d5c77d0 Add single-bit difference tests 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-09-11 19:10:05 +01:00
Yanray Wang
bc7716cddc all.sh: run make clean before make lib in armc6_build_test 
We should run make clean before we build libraries in armc6_build_test.
On the one hand, this makes sure we do have a clean build directory
initially. On the other hand, we can do extra actions after building
the library with armc6_build_test.

Signed-off-by: Yanray Wang <yanray.wang@arm.com>
 2023-09-11 10:11:09 +08:00
Yanray Wang
ef1b04db94 all.sh: make sure CIPHER_ENCRYPT_ONLY is enabled in tests 
grep corresponding mbedtls_xxx_setkey_dec and mbedtls_xxx_decrypt
symbols in cipher_only tests to make sure CIPHER_ENCRYPT_ONLY is
enabled as expected.

Signed-off-by: Yanray Wang <yanray.wang@arm.com>
 2023-09-11 10:11:09 +08:00
Yanray Wang
3caaf0c61e Enable CIPHER_ENCRYPT_ONLY when DES is disabled 
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
 2023-09-11 10:10:44 +08:00
Waleed Elmelegy
e1cb35b719 Add new mbedtls_pkcs12_pbe_ext function to replace old function 
Add new mbedtls_pkcs12_pbe_ext function to replace
old mbedtls_pkcs12_pbe function that have security
issues.

Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2023-09-08 16:51:26 +01:00
Gilles Peskine
0b62b7a21f Allow turning off re-generation of files with make 
In make builds, when GEN_FILES is false (empty), don't try to re-generate
configuration-independent source files, regardless of whether they seem
out of date. This is useful, for example, if you have a source tree where
`make generated_files` has already run and file timestamps reflect the
time the files were copied or extracted, and you are now in an environment
that lacks some of the necessary tools to re-generate the files.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-09-08 16:19:13 +02:00
Gilles Peskine
31d49cd57f
Merge pull request #1053 from waleed-elmelegy-arm/Improve-and-test-mbedtls_pkcs12_pbe 
Improve & test legacy mbedtls_pkcs12_pbe
 2023-09-08 13:08:05 +02:00
Waleed Elmelegy
1f59ee078f Add correct dependencies to pkcs12 tests 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2023-09-07 17:59:35 +01:00
Waleed Elmelegy
096017023d Fix identation error in pkcs12 tests 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2023-09-07 17:48:40 +01:00
David Horstmann
8ece2e9712 Fix incorrect test dependencies in pkwrite tests 
These should rely in MBEDTLS_PEM_{PARSE,WRITE}_C where applicable, not
MBEDTLS_BASE64_C.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2023-09-07 17:43:12 +01:00
Waleed Elmelegy
75b9eb36b4 Change pkcs12 test comparison macro to the new macro 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2023-09-07 17:02:37 +01:00
Waleed Elmelegy
8317e91b1e Change pkcs12 test allocation macros to the new macros 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2023-09-07 15:46:58 +01:00
Yanray Wang
c5944d4a3c all.sh: fix a typo 
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
 2023-09-07 18:00:35 +08:00
Yanray Wang
4f4822c553 Revert "des: add CIPHER_ENCRYPT_ONLY dependency for test cases" 
This reverts commit 3c565275c4.

Signed-off-by: Yanray Wang <yanray.wang@arm.com>
 2023-09-07 18:00:25 +08:00
Yanray Wang
9b811658a8 Merge remote-tracking branch 'origin/development' into support_cipher_encrypt_only 2023-09-07 16:18:00 +08:00
Waleed Elmelegy
15de809e1a Improve pkcs12 pbe tests 
* Simplify pkcs12 tests to use algo parameters instead of asn1 buffers.
* Fix output buffers allocation size.

Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2023-09-05 16:34:55 +01:00
Waleed Elmelegy
255db80910 Improve & test legacy mbedtls_pkcs12_pbe 
* Prevent pkcs12_pbe encryption when PKCS7 padding has been
  disabled since this not part of the specs.
* Allow decryption when PKCS7 padding is disabled for legacy
  reasons, However, invalid padding is not checked.
* Document new behaviour, known limitations and possible
  security concerns.
* Add tests to check these scenarios. Test data has been
  generated by the below code using OpenSSL as a reference:

#include <openssl/pkcs12.h>
#include <openssl/evp.h>
#include <openssl/des.h>
#include <openssl/asn1.h>
#include "crypto/asn1.h"
#include <string.h>

int main()
{
    char pass[] = "\xBB\xBB\xBB\xBB\xBB\xBB\xBB\xBB\xBB";
    unsigned char salt[] = "\xCC\xCC\xCC\xCC\xCC\xCC\xCC\xCC\xCC";
    unsigned char plaintext[] = "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA";
    unsigned char *ciphertext = NULL;
    int iter = 10;
    X509_ALGOR *alg =  X509_ALGOR_new();
    int ciphertext_len = 0;
    int alg_nid = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;
    alg->parameter = ASN1_TYPE_new();
    struct asn1_object_st * aobj;
    PKCS5_pbe_set0_algor(alg, alg_nid, iter,
                         salt, sizeof(salt)-1);

    aobj = alg->algorithm;
    printf("\"30%.2X", 2 + aobj->length + alg->parameter->value.asn1_string->length);
    printf("06%.2X", aobj->length);
    for (int i = 0; i < aobj->length; i++) {
        printf("%.2X", aobj->data[i]);
    }

    for (int i = 0; i < alg->parameter->value.asn1_string->length; i++) {
        printf("%.2X", alg->parameter->value.asn1_string->data[i]);
    }
    printf("\":\"");

    for (int i = 0; i < sizeof(pass)-1; i++) {
        printf("%.2X", pass[i] & 0xFF);
    }
    printf("\":\"");
    for (int i = 0; i < sizeof(plaintext)-1; i++) {
        printf("%.2X", plaintext[i]);
    }
    printf("\":");
    printf("0");
    printf(":\"");

    unsigned char * res = PKCS12_pbe_crypt(alg, pass, sizeof(pass)-1, plaintext, sizeof(plaintext)-1, &ciphertext, &ciphertext_len, 1);

    if (res == NULL)
        printf("Encryption failed!\n");
    for (int i = 0; i < ciphertext_len; i++) {
        printf("%.2X", res[i]);
    }
    printf("\"\n");

    return 0;
}

Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
#
 2023-09-05 15:45:55 +01:00
Kusumit Ghoderao
94d319065a Set input cost as 1 for psa_key_exercise test 
Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>
 2023-09-05 19:30:22 +05:30
Kusumit Ghoderao
7c61ffcc44 Rename parse_binary_string function 
Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>
 2023-09-05 19:29:47 +05:30
Valerio Setti
5dfaca4af5 all.sh: fix comments 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-09-05 08:48:51 +02:00
Agathiyan Bragadeesh
4ce9ac8463 Add round trip tests for x509 RDNs 
Signed-off-by: Agathiyan Bragadeesh <agathiyan.bragadeesh2@arm.com>
 2023-09-04 16:18:26 +01:00
Gilles Peskine
1a7d387072
Merge pull request #1041 from waleed-elmelegy-arm/add-new-pkcs5-pbe2-ext-fun 
Add new pkcs5 pbe2 ext fun
 2023-09-04 15:33:42 +02:00
Tom Cosgrove
b2fafa5a49 config-wrapper-zeroize-memset.h should be user-config-zeroize-memset.h and not include mbedtls_config.h 
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
 2023-09-02 19:22:45 +01:00
Tom Cosgrove
7eced7d1d2 Move zeroize-as-memset into a config file under tests/ 
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
 2023-09-02 19:22:45 +01:00
Tom Cosgrove
daddf11a30 Add a build to all.sh to check mbedtls_platform_zeroize() calls 
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
 2023-09-02 19:22:45 +01:00
Tom Cosgrove
351a391011 Fix incorrect use of mbedtls_platform_zeroize() in tests 
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
 2023-09-02 19:22:45 +01:00
Dave Rodgman
4f69668558
Merge pull request #8082 from daverodgman/misc-code-size 
Misc code size improvements
 2023-09-02 11:44:31 +00:00
Yanray Wang
782190417c all.sh: ciper_encrypt_only: cover VIA PADLOCK 
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
 2023-09-01 17:46:52 +08:00
Yanray Wang
bf66ef9085 all.sh: ciper_encrypt_only: cover baremetal build for AESCE 
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
 2023-09-01 17:46:24 +08:00
Yanray Wang
207c991d56 all.sh: ciper_encrypt_only: cover AESNI and C Implementation 
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
 2023-09-01 17:43:42 +08:00
Yanray Wang
3c565275c4 des: add CIPHER_ENCRYPT_ONLY dependency for test cases 
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
 2023-09-01 17:35:58 +08:00
Yanray Wang
ba473b1c82 camellia: add CIPHER_ENCRYPT_ONLY dependency for DECRYPT test cases 
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
 2023-09-01 17:35:58 +08:00
Yanray Wang
702c220809 aria: add CIPHER_ENCRYPT_ONLY dependency for DECRYPT test cases 
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
 2023-09-01 17:35:58 +08:00
Yanray Wang
85c3023c60 AES-ECB: add CIPHER_ENCRYPT_ONLY dependency for DECRYPT test cases 
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
 2023-09-01 17:35:58 +08:00
Yanray Wang
a8ac23a758 all.sh: add test case for CIPHER_ENCRYPT_ONLY 
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
 2023-09-01 16:40:11 +08:00
Paul Elliott
6147511bc0
Merge pull request #7955 from davidhorstmann-arm/psa-crypto-script-changes 
Miscellaneous changes to scripts for PSA-Crypto enablement
 2023-08-31 18:19:52 +00:00
Paul Elliott
6ebe7d2e3a
Merge pull request #8095 from davidhorstmann-arm/initialize-struct-get-other-name 
Coverity fix: Set `type_id` in `x509_get_other_name()`
 2023-08-31 16:26:00 +00:00
Paul Elliott
b5d97156e4
Merge pull request #7857 from minosgalanakis/bugifx/address_curve_bits 
[BigNum] test_suite_ecp: Fixed curve bit-length.
 2023-08-31 13:14:11 +00:00
Dave Rodgman
a9a53a05f0 Merge remote-tracking branch 'origin/development' into misc-code-size 2023-08-31 11:53:46 +01:00
Gilles Peskine
f7632382cc
Merge pull request #8130 from davidhorstmann-arm/fix-unnecessary-include-prefixes 
Fix unnecessary header prefixes in tests
 2023-08-31 08:57:26 +00:00
Gilles Peskine
7b2b76a2d4
Merge pull request #7165 from yanrayw/7094-collect-compatsh-test-cases 
check_test_cases.py: support to collect test cases for compat.sh
 2023-08-31 07:30:20 +00:00
Dave Rodgman
dbddb00158 Ensure mbedtls_sha3_finish zeroizes the context 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-08-30 18:43:23 +01:00
Gilles Peskine
03e9dea30b Merge remote-tracking branch 'development' into psa_crypto_config-in-full 
Conflicts:
* `include/psa/crypto_sizes.h`: the addition of the `u` suffix in this branch
  conflicts with the rework of the calculation of `PSA_HASH_MAX_SIZE` and
  `PSA_HMAC_MAX_HASH_BLOCK_SIZE` in `development`. Use the new definitions
  from `development`, and add the `u` suffix to the relevant constants.
 2023-08-30 18:32:57 +02:00
Gilles Peskine
2c40b90598 ssl-opt.sh doesn't actually use OPENSSL_LEGACY: remove unused function 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-08-30 16:38:56 +02:00
David Horstmann
22ec2aefa9 Fix unnecessary header prefixes in tests 
Remove unnecessary "../library" prefix from test suite includes. This
makes the tests repo-agnostic between the mbedtls and psa-crypto repos.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2023-08-30 15:34:34 +01:00
Waleed Elmelegy
21d7d85af7 Fix mbedtls_pkcs5_pbes test function failure 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2023-08-30 13:12:09 +01:00
Yanray Wang
63f0abe226 check_test_cases: add a comment to explain idx in walk_compat_sh 
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
 2023-08-30 18:31:37 +08:00
Dave Rodgman
730bbee226 Merge remote-tracking branch 'origin/development' into update-restricted-2023-08-30 2023-08-30 11:22:00 +01:00
Dave Rodgman
29bf911058
Merge pull request #7839 from daverodgman/psa-sha3 
SHA-3 via PSA
 2023-08-30 08:51:36 +00:00
David Horstmann
8f3ec8ec9d Use '--target' instead of shortened '-t' 
This enables compatibility with older versions of CMake that do not have
the abbreviated switch.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2023-08-30 09:46:20 +01:00
Yanray Wang
ab717b5287 Merge remote-tracking branch 'origin/development' into 7094-collect-compatsh-test-cases 2023-08-30 10:38:28 +08:00
David Horstmann
3ed1871920 Disable pylint error for non-uppercase names 
Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2023-08-29 18:20:19 +01:00
Dave Rodgman
33e1f42307 Fix use of mbedtls_psa_safer_memcmp in test code 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-08-29 18:17:29 +01:00
David Horstmann
9cc6b2f446 Add missing import in test_psa_compliance.py 
Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2023-08-29 17:36:35 +01:00
David Horstmann
fd9264e65b Fix pylint errors 
Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2023-08-29 16:21:15 +01:00
Gilles Peskine
a878b663cf
Merge pull request #8090 from silabs-Kusumit/PBKDF2_higher_cost_tests 
PBKDF2: tests with higher input costs
 2023-08-29 14:00:17 +00:00
David Horstmann
41c316d3b2 Move -B switch into a single argument 
This will prevent CMake from mistaking the build directory for the
source directory

Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2023-08-29 14:57:23 +01:00
Waleed Elmelegy
79b6e26b1b Improve mbedtls_pkcs5_pbes2_ext function test data 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2023-08-29 14:55:03 +01:00
David Horstmann
b48822c816 Appease pylint by renaming variables 
Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2023-08-29 14:12:53 +01:00
David Horstmann
beaee2604f Test PSA compliance: Build only the crypto target 
Use CMake's -t option to build only the crypto target. Parameterize the
crypto target to have the right name depending on whether this is Mbed
TLS or PSA Crypto.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2023-08-29 14:01:52 +01:00
David Horstmann
c69074dcf6 Tidy up reference to Mbed TLS in help message 
Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2023-08-29 13:46:11 +01:00
David Horstmann
2ba89bece6 Disable pylint error in CMake command 
Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2023-08-29 10:37:29 +01:00
David Horstmann
3b8984af5c Remove or qualify references to Mbed TLS 
Either remove exclusive references to Mbed TLS or accompany them with
references to "PSA Crypto".

Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2023-08-29 10:32:26 +01:00
David Horstmann
f757069269 Rename 'mbedtls_dir' -> 'root_dir' 
This makes it more repo-agnostic

Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2023-08-29 10:27:13 +01:00
David Horstmann
98af198a30 Correctly detect presence of the built library 
Use the repo-specific test not just the Mbed TLS specific one.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2023-08-29 10:25:54 +01:00
David Horstmann
58cf7c6c38 Use repo detection functions at start of all.sh 
Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2023-08-29 10:15:05 +01:00
David Horstmann
d02b5f8f56 Separate directory discernment into 2 functions 
Have separate in_mbedtls_repo() and in_psa_crypto_repo() functions

Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2023-08-29 09:55:56 +01:00
Gilles Peskine
1783870681 compat.sh: add --preserve-logs option 
Similar to ssl-opt.sh.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-08-28 17:36:52 +02:00
Dave Rodgman
d395590597
Merge pull request #7579 from daverodgman/safer-ct-asm 
Arm assembly implementation of constant time primitives
 2023-08-28 08:26:29 +00:00
Gilles Peskine
7be571ac85 Remove GNUTLS_LEGACY and OPENSSL_LEGACY 
They aren't used anywhere.

Keep the command line options of all.sh to avoid breaking any wrapper
scripts that people might have.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-08-27 21:51:54 +02:00
Gilles Peskine
e29203be88 Stop using "legacy" OpenSSL and GnuTLS 
None of the tests actually need GNUTLS_LEGACY (3.3.8): GNUTLS (3.4.10)
works.

None of the tests actually need OPENSSL_LEGACY (1.0.1j): OPENSSL (1.0.2g)
works.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-08-27 21:43:00 +02:00
Gilles Peskine
5f5e3886c5 Minor robustness improvement 
Let openssl use any experimental or obsolete cipher that's not in ALL.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-08-27 21:41:31 +02:00
Gilles Peskine
5cb8605d79 ssl-opt.sh doesn't actually use OPENSSL_LEGACY, so remove it 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-08-27 21:40:56 +02:00
Gilles Peskine
8ca2041145
Merge pull request #8074 from tgonzalezorlandoarm/tg/allowlist 
Implement allowlist of test cases that are legitimately not executed
 2023-08-24 18:03:20 +00:00
David Horstmann
0ac57ca6c6 Rename is_psa_crypto -> in_psa_crypto_repo 
(For consistency with all.sh)

Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2023-08-24 15:18:18 +01:00
David Horstmann
7f93d22ad9 Rename psa_crypto_lib_filename to just crypto_lib_filename 
Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2023-08-24 15:18:18 +01:00
David Horstmann
4dcddcfae2 Parameterize out of source build directory 
Use CMake to build the library out-of-source (rather than make)
in tests/scripts/test_psa_compliance.py and add a script argument for
the out-of-source build directory.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2023-08-24 15:18:18 +01:00
David Horstmann
76a7738537 Invert logic for repo detection in all.sh 
Instead of:
    ! in_psa_crypto_repo()
use
    in_mbedtls_repo()

Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2023-08-24 15:18:18 +01:00
David Horstmann
e31014a681 Tweak test_psa_compliance pylint annotations 
Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2023-08-24 15:18:18 +01:00
David Horstmann
1d09184291 Modify test_psa_compliance.py for psa-crypto repo 
Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2023-08-24 15:18:18 +01:00
David Horstmann
9a6c45b436 Make all.sh PSA-crypto-friendly 
Introduce changes needed to run all.sh in the psa-crypto repo. Where
behaviour must differ, detect that we are in the psa-crypto repo by
checking for the 'core' directory.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2023-08-24 15:18:11 +01:00
Tomás González
d43cab3f5c Correct analyze_outcomes identation 
Signed-off-by: Tomás González <tomasagustin.gonzalezorlando@arm.com>
 2023-08-24 09:12:40 +01:00
Agathiyan Bragadeesh
733766bc71 Remove trailing whitespace in data file. 
Signed-off-by: Agathiyan Bragadeesh <agathiyan.bragadeesh2@arm.com>
 2023-08-23 15:44:52 +01:00
Agathiyan Bragadeesh
de84f9d67a Add test for rejecting empty AttributeValue 
Signed-off-by: Agathiyan Bragadeesh <agathiyan.bragadeesh2@arm.com>
 2023-08-23 11:44:04 +01:00
Gilles Peskine
e65bba4dd2
Merge pull request #7803 from gilles-peskine-arm/psa-low-hash-mac-size 
Start testing the PSA built-in drivers: hashes
 2023-08-22 11:19:41 +00:00
Tomás González
a0631446b5 Correct analyze_outcomes.py identation 
Signed-off-by: Tomás González <tomasagustin.gonzalezorlando@arm.com>
 2023-08-22 12:18:04 +01:00
Agathiyan Bragadeesh
ea3e83f36a Amend test in test_suite_x509write 
Needed since we now reject escaped null hexpairs in strings

Signed-off-by: Agathiyan Bragadeesh <agathiyan.bragadeesh2@arm.com>
 2023-08-22 10:39:56 +01:00
Agathiyan Bragadeesh
01e9392c3f Add malformatted DER test for string_to_names 
Signed-off-by: Agathiyan Bragadeesh <agathiyan.bragadeesh2@arm.com>
 2023-08-22 10:39:56 +01:00
Agathiyan Bragadeesh
cab79188ca Remove redundant tests in test_suite_x509write 
Signed-off-by: Agathiyan Bragadeesh <agathiyan.bragadeesh2@arm.com>
 2023-08-22 10:39:56 +01:00
Agathiyan Bragadeesh
a0ba8aab2e Add test for non ascii x509 subject name 
Signed-off-by: Agathiyan Bragadeesh <agathiyan.bragadeesh2@arm.com>
 2023-08-22 10:39:56 +01:00
Agathiyan Bragadeesh
a953f8ab36 Remove duplicate test in test_suite_x509write 
The test for outputing a hexstring representation is actually
testing dn_gets, and is tested in test_suite_x509parse.

Signed-off-by: Agathiyan Bragadeesh <agathiyan.bragadeesh2@arm.com>
 2023-08-22 10:39:56 +01:00
Agathiyan Bragadeesh
957ca0595d Accept short name/ber encoded data in DNs 
Signed-off-by: Agathiyan Bragadeesh <agathiyan.bragadeesh2@arm.com>
 2023-08-22 10:39:56 +01:00
Agathiyan Bragadeesh
afdb187bbc Add more comprehensive string to name tests 
Signed-off-by: Agathiyan Bragadeesh <agathiyan.bragadeesh2@arm.com>
 2023-08-22 10:39:56 +01:00
Agathiyan Bragadeesh
e59dedbce2 Add test reject null characters in string to names 
Signed-off-by: Agathiyan Bragadeesh <agathiyan.bragadeesh2@arm.com>
 2023-08-22 10:39:56 +01:00
Agathiyan Bragadeesh
5ca9848513 Reword test in test_suite_x509write 
Signed-off-by: Agathiyan Bragadeesh <agathiyan.bragadeesh2@arm.com>
 2023-08-22 10:39:56 +01:00
Agathiyan Bragadeesh
47cc76f070 Update x509 test for numericoid/hexstring output 
Signed-off-by: Agathiyan Bragadeesh <agathiyan.bragadeesh2@arm.com>
 2023-08-22 10:39:56 +01:00
Agathiyan Bragadeesh
ef299d6735 Add more tests for RFC 4514 
Signed-off-by: Agathiyan Bragadeesh <agathiyan.bragadeesh2@arm.com>
 2023-08-22 10:39:56 +01:00
Agathiyan Bragadeesh
404b4bb9ab Add x509 tests for upper and lowercase hexpairs 
Signed-off-by: Agathiyan Bragadeesh <agathiyan.bragadeesh2@arm.com>
 2023-08-22 10:39:56 +01:00
Agathiyan Bragadeesh
dba8a641fe Add and update tests for x509write and x509parse 
Due to change in handling non-ascii characters, existing tests had to be
updated to handle the new implementation. New tests and certificates
are added to test the escaping functionality in edge cases.

Signed-off-by: Agathiyan Bragadeesh <agathiyan.bragadeesh2@arm.com>
 2023-08-22 10:39:52 +01:00
Agathiyan Bragadeesh
ef2decbe4a Escape hexpairs characters RFC 4514 
Converts none ascii to escaped hexpairs in mbedtls_x509_dn_gets and
interprets hexpairs in mbedtls_x509_string_to_names.

Signed-off-by: Agathiyan Bragadeesh <agathiyan.bragadeesh2@arm.com>
 2023-08-22 10:38:16 +01:00
Agathiyan Bragadeesh
48513b8639 Escape special characters RFC 4514 
This escapes special characters according to RFC 4514 in
mbedtls_x509_dn_gets and de-escapes in mbedtls_x509_string_to_names.
This commit does not handle hexpairs.

Signed-off-by: Agathiyan Bragadeesh <agathiyan.bragadeesh2@arm.com>
 2023-08-22 10:38:16 +01:00
Tomás González
5022311c9d Tidy up allow list definition 
* Don't break string literals in the allow list definition
 * Comment each test that belongs to the allow list is there.

Signed-off-by: Tomás González <tomasagustin.gonzalezorlando@arm.com>
 2023-08-22 09:54:28 +01:00
Tomás González
7ebb18fbd6 Make non-executed tests that are not in the allow list an error 
* Turn the warnings produced when finding non-executed tests that
   are not in the allow list into errors.

Signed-off-by: Tomás González <tomasagustin.gonzalezorlando@arm.com>
 2023-08-22 09:47:49 +01:00
Gilles Peskine
6d14c2b858 Remove dead code 
Do explain why we don't test a smaller buffer in addition to testing the
nominal size and a larger buffer.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-08-22 09:59:50 +02:00
Gilles Peskine
c9187c5866 New test suite for the low-level hash interface 
Some basic test coverage for now:

* Nominal operation.
* Larger output buffer.
* Clone an operation and use it after the original operation stops.

Generate test data automatically. For the time being, only do that for
hashes that Python supports natively. Supporting all algorithms is future
work.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-08-22 09:59:42 +02:00
Tom Cosgrove
17d5081ffb
Merge pull request #8099 from gilles-peskine-arm/split-config_psa-prepare 
Prepare to split config_psa.h
 2023-08-22 07:30:46 +00:00
Gilles Peskine
fdb722384b Move PSA information and dependency automation into their own module 
This will let us use these features from other modules (yet to be created).

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-08-21 18:32:11 +02:00
Gilles Peskine
796bc2b8f9
Merge pull request #7486 from AndrzejKurek/calloc-also-zeroizes 
Document mbedtls_calloc zeroization
 2023-08-21 15:47:21 +00:00
Gilles Peskine
d686c2a822
Merge pull request #7971 from AgathiyanB/fix-data-files-makefile 
Fix server1.crt.der in tests/data_files/Makefile
 2023-08-21 14:43:07 +00:00
Gilles Peskine
44243e11ff Remove obsolete header inclusions 
Since 3.0.0, mbedtls_config.h (formerly config.h) no longer needs to include
config_psa.h or check_config.h: build_info.h takes care of that.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-08-21 16:10:06 +02:00
Janos Follath
e220d258fd
Merge pull request #8086 from yanesca/remove-new-bignum 
Remove new bignum when not needed
 2023-08-21 10:59:41 +00:00
Gilles Peskine
ead1766b5f Fix PBKDF2 with empty salt segment on platforms where malloc(0)=NULL 
"Fix PBKDF2 with empty salt on platforms where malloc(0)=NULL" took care of
making an empty salt work. But it didn't fix the case of an empty salt
segment followed by a non-empty salt segment, which still invoked memcpy
with a potentially null pointer as the source. This commit fixes that case,
and also simplifies the logic in the function a little.

Test data obtained with:
```
pip3 install cryptodome
python3 -c 'import sys; from Crypto.Hash import SHA256; from Crypto.Protocol.KDF import PBKDF2; cost = int(sys.argv[1], 0); salt = bytes.fromhex(sys.argv[2]); password = bytes.fromhex(sys.argv[3]); n = int(sys.argv[4], 0); print(PBKDF2(password=password, salt=salt, dkLen=n, count=cost, hmac_hash_module=SHA256).hex())' 1 "" "706173737764" 64
```

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-08-20 22:05:16 +02:00
Dave Rodgman
1fdc884ed8
Merge pull request #7384 from yuhaoth/pr/add-aes-accelerator-only-mode 
AES: Add accelerator only mode
 2023-08-18 20:55:44 +00:00
David Horstmann
cfae6a1ae9 Fix incorrect detection of HardwareModuleName 
The hardware module name otherName SAN contains 2 OIDs:

 OtherName ::= SEQUENCE {
      type-id    OBJECT IDENTIFIER,
      value      [0] EXPLICIT ANY DEFINED BY type-id }

 HardwareModuleName ::= SEQUENCE {
                           hwType OBJECT IDENTIFIER,
                           hwSerialNum OCTET STRING }

The first, type-id, is the one that identifies the otherName as a
HardwareModuleName. The second, hwType, identifies the type of hardware.

This change fixes 2 issues:

1. We were erroneously trying to identify HardwareModuleNames by looking
at hwType, not type-id.
2. We accidentally inverted the check so that we were checking that
hwType did NOT match HardwareModuleName.

This fix ensures that type-id is correctly checked to make sure that it
matches the OID for HardwareModuleName.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2023-08-18 19:31:39 +01:00
Kusumit Ghoderao
8eb55891ad Add tests in derive_key for pbkdf2 
Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>
 2023-08-18 22:04:31 +05:30
Kusumit Ghoderao
1dd596541b Add tests in derive_key_type for pbkdf2 
Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>
 2023-08-18 22:04:31 +05:30
Kusumit Ghoderao
1fe806a1a0 Add tests in derive_key_export for pbkdf2 
Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>
 2023-08-18 22:04:31 +05:30
Kusumit Ghoderao
e8f6a0d791 Add tests for derive_key_exercise for pbkdf2 
Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>
 2023-08-18 22:04:31 +05:30
Kusumit Ghoderao
ac7a04ac15 Move parse_binary_string function to psa_crypto_helpers 
Add test code for pbkdf2 in psa_exercise_key

Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>
 2023-08-18 22:04:16 +05:30
Kusumit Ghoderao
5cad47df8a Modify test description 
The test data was generated using the python script.
PBKDF2_AES_CMAC_PRF_128 test vectors are generated using PyCryptodome library:
https://github.com/Legrandin/pycryptodome

Steps to generate test vectors:
1. pip install pycryptodome
2. Use the python script below to generate Derived key (see description for details):

Example usage:
pbkdf2_cmac.py <password> <salt> <number_of_iterations> <derived_key_len>
derive_output.py 4a30314e4d45 54687265616437333563383762344f70656e54687265616444656d6f 16384 16

password         : 4a30314e4d45
salt             : 54687265616437333563383762344f70656e54687265616444656d6f
input cost       : 16384
derived key len  : 16
output           : 8b27beed7e7a4dd6c53138c879a8e33c

"""
from Crypto.Protocol.KDF import PBKDF2
from Crypto.Hash import CMAC
from Crypto.Cipher import AES
import sys

def main():
    #check args
    if len(sys.argv) != 5:
        print("Invalid number of arguments. Expected: <password> <salt> <input_cost> <derived_key_len>")
        return

    password    = bytes.fromhex(sys.argv[1])
    salt        = bytes.fromhex(sys.argv[2])
    iterations  = int(sys.argv[3])
    dklen       = int(sys.argv[4])

    # If password is not 16 bytes then we need to use CMAC to derive the password
    if len(password) != 16:
        zeros     = bytes.fromhex("00000000000000000000000000000000")
        cobj_pass = CMAC.new(zeros, msg=password, ciphermod=AES, mac_len=16)
        passwd    = bytes.fromhex(cobj_pass.hexdigest())
    else:
        passwd = password

    cmac_prf = lambda p,s: CMAC.new(p, s, ciphermod=AES, mac_len=16).digest()

    actual_output = PBKDF2(passwd, salt=salt, dkLen=dklen, count=iterations, prf=cmac_prf)

    print('password         : ' + password.hex())
    print('salt             : ' + salt.hex())
    print('input cost       : ' + str(iterations))
    print('derived key len  : ' + str(dklen))
    print('output           : ' + actual_output.hex())

if __name__ == "__main__":
    main()
"""

Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>
 2023-08-18 12:49:07 +05:30
Bence Szépkúti
505dffd5e3
Merge pull request #7937 from yanrayw/code_size_compare_improvement 
code_size_compare.py: preparation work to show code size changes in PR comment
 2023-08-17 20:59:11 +00:00
Gilles Peskine
73936868b8 Merge remote-tracking branch 'development' into psa_crypto_config-in-full 
Conflicts:
* tests/scripts/all.sh: component_test_crypto_full_no_cipher was removed
  in the development branch.
 2023-08-17 19:46:34 +02:00
Kusumit Ghoderao
e4d634cd87 Add tests with higher input costs for pbkdf2 
Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>
 2023-08-17 21:16:14 +05:30
Gilles Peskine
dbd13c3689
Merge pull request #7662 from lpy4105/issue/renew_cert_2027-01-01 
Updating crt/crl files due to expiry before 2027-01-01
 2023-08-17 15:38:35 +00:00
Janos Follath
f2334b7b39 Remove new bignum when not needed 
New bignum modules are only needed when the new ecp_curves module is
present. Remove them when they are not needed to save code size.

Signed-off-by: Janos Follath <janos.follath@arm.com>
 2023-08-17 14:36:59 +01:00
Waleed Elmelegy
4a0a989913 Fix unused parameters warnings when MBEDTLS_CIPHER_PADDING_PKCS7 is disabled 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2023-08-17 14:20:58 +01:00
Waleed Elmelegy
87bc1e1cda Fix heap overflow issue in pkcs5_pbes2 testing functions 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2023-08-17 14:20:58 +01:00
Waleed Elmelegy
5d3f315478 Add new mbedtls_pkcs5_pbe2_ext function 
Add new mbedtls_pkcs5_pbe2_ext function to replace old
function with possible security issues.

Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2023-08-17 14:20:58 +01:00
Gilles Peskine
294be94922
Merge pull request #7818 from silabs-Kusumit/PBKDF2_cmac_implementation 
PBKDF2 CMAC implementation
 2023-08-17 11:15:16 +00:00
Jerry Yu
f258d17acd remove aesni + padlock - plain c tests 
This test is not valid for padlock depends
on plain c

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-08-17 12:39:00 +08:00
Jerry Yu
bdd96b9adf disable aesni for componets without cpu modifiers 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-08-16 17:34:27 +08:00
Gilles Peskine
d370f93898
Merge pull request #7898 from AndrzejKurek/csr-rfc822-dn 
OPC UA - add support for RFC822 and DirectoryName SubjectAltNames when generating CSR's
 2023-08-16 09:19:46 +00:00
Jerry Yu
506759f5ce fix build fail for via padlock test 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-08-16 17:11:22 +08:00
Jerry Yu
b6d39c2f8c Add aesni test for i386 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-08-16 16:14:02 +08:00
Kusumit Ghoderao
6c104b9b3b Modify derive output test cases and add actual output 
Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>
 2023-08-16 11:47:24 +05:30
Valerio Setti
307810babb analyze_outcomes: add case for "ECC+FFDH w/o BN" 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-08-16 08:01:17 +02:00
Valerio Setti
4e2f244ab4 test: add accelerated and reference test for ECC+FFDH without BN 
Since most of the code in "ECC+FFDH without BN" scenario was shared
with the "ECC without BN" one, I tried to reuse part of the code in
order to avoid duplications.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-08-16 08:01:12 +02:00
Tomás González
358c6c644a Add EdDSA and XTS to the allow list 
As specified in
https://github.com/Mbed-TLS/mbedtls/issues/5390#issuecomment-1669585707
EdDSA and XTS tests are legitimately never executed, so add them to
the allow list.

Signed-off-by: Tomás González <tomasagustin.gonzalezorlando@arm.com>
 2023-08-14 15:46:25 +01:00
Tomás González
b401e113ff Add a flag for requiring full coverage in coverage tests 
Introduce the --require-full-coverage in analyze_outcomes.py so that
when analyze_outcomes.py --require-full-coverage is called, those
tests that are not executed and are not in the allowed list issue an
error instead of a warning.

Note that it is useful to run analyze_outcomes.py on incomplete test
results, so this error mode needs to remain optional in the long
term.

Signed-off-by: Tomás González <tomasagustin.gonzalezorlando@arm.com>
 2023-08-14 15:46:12 +01:00
Tomás González
07bdcc2b0d Add allow list for non-executed test cases 
The allow list explicits which test cases are allowed to not be
executed when testing. This may be, for example, because a feature
is yet to be developed but the test for that feature is already in
our code base.

Signed-off-by: Tomás González <tomasagustin.gonzalezorlando@arm.com>
 2023-08-14 15:46:12 +01:00
Dave Rodgman
a797f152ee
Merge pull request #8067 from paul-elliott-arm/fix_bignum_test_leak 
Fix resource leak in bignum test failure case
 2023-08-14 09:33:13 +01:00
Paul Elliott
6da3d83f33 Fix resource leak in test failure case 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2023-08-11 16:28:06 +01:00
Dave Rodgman
963513dba5
Merge pull request #8008 from valeriosetti/issue7756 
driver-only ECC: BN.TLS testing
 2023-08-11 13:51:36 +00:00
Dave Rodgman
246210e3c4 Test CT asm under valgrind 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-08-11 08:47:38 +01:00
Valerio Setti
36344cecbd ssl-opt: remove redundant requirement for RSA_C 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-08-11 09:37:14 +02:00
Tom Cosgrove
5e678fd4d2
Merge pull request #8050 from gilles-peskine-arm/all.sh-remove-crypto_full_no_cipher 
Remove redundant test component component_test_crypto_full_no_cipher
 2023-08-11 07:28:10 +00:00
Valerio Setti
132240f01a test: use ASAN flags for testing the accelerated TFM configuration 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-08-11 08:33:27 +02:00
Valerio Setti
f01d648677 analyze_outcome: add new check for parity for TFM configuration 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-08-11 08:33:27 +02:00
Valerio Setti
ac6d35f793 test: update components' descriptions 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-08-11 08:33:27 +02:00
Valerio Setti
52ba0e3718 test: improve accelerated TFM configuration test and add reference 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-08-11 08:33:27 +02:00
Valerio Setti
c5c4bd225e test: add component testing TFM configuration and P256M driver 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-08-11 08:33:27 +02:00
Valerio Setti
e0be95e81d analyze_outcomes: skip tests that depend on BIGNUM_C 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-08-11 06:35:23 +02:00
Valerio Setti
4f577f3e51 ssl-opt: add RSA_C requirement when RSA encryption is used in certificate 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-08-11 06:35:23 +02:00
Valerio Setti
18535c352d test: enable TLS, key exchances and ssl-opt teting in ecc_no_bignum() 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-08-11 06:33:52 +02:00
Manuel Pégourié-Gonnard
26b7c93d9d
Merge pull request #7992 from valeriosetti/issue7755 
driver-only ECC: BN.x509 testing
 2023-08-10 19:41:09 +00:00
Manuel Pégourié-Gonnard
54da1a69a2
Merge pull request #7578 from daverodgman/safer-ct5 
Improve constant-time interface
 2023-08-10 16:57:39 +00:00
Tom Cosgrove
e7700a7d0a
Merge pull request #7936 from AgathiyanB/assert-false-macro 
Add TEST_FAIL macro for tests
 2023-08-10 15:01:34 +00:00
Valerio Setti
3580f448eb test: solve test disparities for x509[parse/write] suites 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-08-10 14:50:43 +02:00
Valerio Setti
29c1b4d04a test: enable X509 testing in ecc_no_bignum component 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-08-10 14:50:03 +02:00
Dave Rodgman
ac69b45486 Document and test mbedtls_ct_size_if_else_0 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-08-10 12:18:13 +01:00
Dave Rodgman
98ddc01a7c Rename ...if0 to ...else_0 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-08-10 12:11:31 +01:00
Dave Rodgman
b7825ceb3e Rename uint->bool operators to reflect input types 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-08-10 11:58:18 +01:00
Gilles Peskine
f5a29a5b83 Remove redundant test component 
component_test_crypto_full_no_cipher doesn't bring any extra value given the
existence of component_test_full_no_cipher.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-08-10 12:07:49 +02:00
Valerio Setti
2e0275d2a1 test: use unset-all option in config.py to optimize test code 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-08-10 07:05:47 +02:00
Valerio Setti
a8c655edb0 test: remove redundant code setting MBEDTLS_PSA_CRYPTO_CONFIG 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-08-10 07:05:47 +02:00
Valerio Setti
fe7d96cff7 test: minor optimizations to ecc_no_bignum components 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-08-10 06:43:23 +02:00
Valerio Setti
c5d85e5ead test: remove BIGNUM dependencies from pk[parse/write] suites 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-08-10 06:43:23 +02:00
Valerio Setti
9b3dbcc2e3 analyze_outcomes: skip tests that unavoidably depend on bignum 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-08-10 06:43:23 +02:00
Manuel Pégourié-Gonnard
660bbf2470 test: disable BIGNUM support on the test ecc_no_bignum component 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-08-10 06:43:23 +02:00
Manuel Pégourié-Gonnard
06aebe4995 test: disable FFDH support on the test ecc_no_bignum component 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-08-10 06:43:23 +02:00
Manuel Pégourié-Gonnard
7dccb66d49 test: disable RSA support on the test ecc_no_bignum component 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-08-10 06:43:23 +02:00
Manuel Pégourié-Gonnard
abd00d0be8 test: adding new components for testing and driver coverage analysis without BN 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-08-10 06:43:23 +02:00
Gilles Peskine
b7d577e46b Fix copypasta 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-08-09 19:48:58 +02:00
Gilles Peskine
9b8dead74a Minor readability improvement 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-08-09 19:48:42 +02:00
Paul Elliott
2f12a29cdd
Merge pull request #7896 from AgathiyanB/gitignore-generated-files-toggle 
Add script to toggle ignoring generated files
 2023-08-09 14:54:32 +00:00
Janos Follath
115784bd3f
Merge pull request #1040 from waleed-elmelegy-arm/development-restricted 
Improve & test legacy mbedtls_pkcs5_pbe2
 2023-08-09 09:43:23 +01:00