Commit graph

73 commits

Author SHA1 Message Date
Valerio Setti
e581e140cc oid/pkparse: add missing guards for PKCS[5/12] functions when !CIPHER_C
This commit also updates test_suite_pkparse.data file adding
MBEDTLS_CIPHER_C dependencies whenever PKCS[5/12] is used.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-12-29 16:35:58 +01:00
Gilles Peskine
67fb0e2662 Merge remote-tracking branch 'dev' into fix-MBEDTLS_HAS_MD5_VIA_LOWLEVEL_OR_PSA
Conflicts:
* tests/suites/test_suite_pkparse.data: the dependencies of
  "Parse EC Key #3 (SEC1 PEM encrypted)" were updated on both branches
  (development: ECP curve; this branch: MD5 hash).
2023-10-26 17:44:17 +02:00
Gilles Peskine
010f035cdf Renaming all MBEDTLS_HAVE for curves to MBEDTLS_ECP_HAVE
Fix test cases that were merged concurrently to
db6b4db7a0.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-10-04 12:27:14 +02:00
Minos Galanakis
1a3ad265cc Merge branch 'development-restricted' into mbedtls-3.5.0rc0-pr
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
2023-10-03 21:57:51 +01:00
Valerio Setti
db6b4db7a0 Renaming all MBEDTLS_HAVE for curves to MBEDTLS_ECP_HAVE
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-09-25 17:39:41 +02:00
Valerio Setti
6d809cc969 lib/test: use new internal helpers in library's code and tests
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-09-25 17:39:41 +02:00
Waleed Elmelegy
9d4d8ebaf2 Add PKCS5/12 dependecies to pkparse tests
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
2023-09-21 08:45:56 +01:00
Waleed Elmelegy
15bcf38e88 Add test pkparse test dependencies
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
2023-09-20 20:02:16 +01:00
Waleed Elmelegy
1db5cdaf57 Add tests to test pkcs8 parsing of encrypted keys
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
2023-09-20 19:29:02 +01:00
Gilles Peskine
1bdd76e950 Update old dependency to MBEDTLS_MD_CAN
This is a follow-up to 0b8095d96a. Some test
cases had a typo in the old dependency
name (MBEDTLS_HAS_MD5_VIA_LOWLEVEL_OR_PSA instead of
MBEDTLS_HAS_ALG_MD5_VIA_LOWLEVEL_OR_PSA) which caused us to miss them.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-08-03 11:54:34 +02:00
Valerio Setti
1e6063c8ee test: set MBEDTLS_ECP_DP dependency also for Montgomery curves
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-07-11 11:28:22 +02:00
Valerio Setti
d476faa595 test: add more tests for Montgomery's invalid masks
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-07-11 11:28:22 +02:00
Valerio Setti
aed87994da test: verify that Montgomery keys can be fixed on parsing
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-07-11 11:28:22 +02:00
Valerio Setti
4a09dcc6f6 test: replace ECP_DP_CURVE25519_ENABLED with PSA_WANT_ECC_MONTGOMERY_255
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-07-11 11:28:22 +02:00
Valerio Setti
ef80d11c1f test: add proper key requirements in X25519 key parsing tests
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-07-11 11:28:22 +02:00
Valerio Setti
0a92121716 test: test of Montgomery keys with uncorrect bits whenever PK_HAVE_ECC_KEYS
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-07-11 11:28:22 +02:00
Valerio Setti
4b3c02b626 test: remove duplicate PK_HAVE_ECC_KEYS dependency in pkparse suite
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-06-21 11:23:06 +02:00
Valerio Setti
545a0d643f test: replace occurencies of ECP_LIGHT with PK_HAVE_ECC_KEYS
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-06-19 19:24:05 +02:00
Valerio Setti
addeee4531 mbedtls_config: add new MBEDTLS_PK_PARSE_EC_COMPRESSED symbol
This includes also:
- auto enabling ECP_LIGHT when MBEDTLS_PK_PARSE_EC_COMPRESSED is
  defined
- replacing ECP_LIGHT guards with PK_PARSE_EC_COMPRESSED in pkparse
- disabling PK_PARSE_EC_COMPRESSED in tests with accelarated EC curves
  (it get disabled also in the reference components because we want
  to achieve test parity)
- remove skipped checks in analyze_outcomes.py

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-06-16 16:03:46 +02:00
Valerio Setti
aecd32c90a pk: let PK_PARSE_EC_EXTENDED auto-enable ECP_LIGHT
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-06-16 16:03:46 +02:00
Tom Cosgrove
6edf8b8c7b
Merge pull request #7451 from yanrayw/7376_aes_128bit_only
Introduce config option of 128-bit key only in AES calculation
2023-06-15 10:35:32 +01:00
Valerio Setti
ed25edb1a2 test_suite_pkparse: fix failure
When the key is imported into an ecp_keypair structure it is read
by means of mbedtls_mpi_read_binary_le() and then checked with
mbedtls_ecp_check_privkey() which returns error (as expected).

When the key is imported in PSA then it is read using
mbedtls_ecp_read_key() which fixes the errors in the test before
importing. This cause the test itself to fail.

As a consequence I set the dependency to ECP_C because it's the
only case in which the key is imported in an ecp_keypair structure.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-05-23 15:12:07 +02:00
Mukesh Bharsakle
4823d5ff0e
Merge branch 'Mbed-TLS:development' into update-pkparse-tests-to-use-AES 2023-05-10 12:35:19 +01:00
Yanray Wang
ecb6a02fa9 Add AES 128-bit key dependency for tests data
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-05-05 11:21:30 +08:00
Jethro Beekman
0167244be4 Read and write X25519 and X448 private keys
Signed-off-by: Jethro Beekman <jethro@fortanix.com>
Co-authored-by: Gijs Kwakkel <gijs.kwakkel@fortanix.com>
Signed-off-by: Gijs Kwakkel <gijs.kwakkel@fortanix.com>
2023-05-04 13:01:47 +02:00
Valerio Setti
6c496a1553 solve disparities for ECP_LIGHT between ref/accel
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-04-11 11:33:50 +02:00
Mukesh Bharsakle
1a4cc5e92c updating test-ca.key to use AES instead of DES
Signed-off-by: Mukesh Bharsakle <bharsaklemukesh975@gmail.com>
2023-04-10 14:05:42 +01:00
Manuel Pégourié-Gonnard
0b8095d96a PK: use MD_CAN macros
sed -i -f md.sed tests/suites/test_suite_pk{,parse,write}.*

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-03-21 16:28:00 +01:00
Valerio Setti
de7bb5b361 test: add failing check for secp224r1 with compressed format
The test is expected to fail, so we verify that this is really
not suppported

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-01-25 14:02:03 +01:00
Valerio Setti
c60611b986 test: check pkparse with compressed ec
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-01-16 16:27:11 +01:00
Andrzej Kurek
c502210291 Adjust pkparse test dependencies
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-09-02 15:33:20 -04:00
Andrzej Kurek
7bd12c5d5e Remove MD dependency from pkcs12 module
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-09-01 08:57:41 -04:00
Przemek Stekiel
bc0509a36b test_suite_pem, test_suite_pkparse: Adjust dependecies
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-08-19 10:15:56 +02:00
TRodziewicz
75628d51b3 Code review fixes
Reverting some deleted tests and changing the deprecated algo
Deleting deprecated headers from /alt-dummy dir
Corrections to the comments
Removal of deleted functions from compat-2.x.h
Corrections to tests/data_files/Makefile

Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
2021-06-18 12:59:38 +02:00
TRodziewicz
10e8cf5fef Remove MD2, MD4, RC4, Blowfish and XTEA
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
2021-06-16 10:34:25 +02:00
Gilles Peskine
b2827693b5 Remove spurious dependencies on PEM
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-05-31 20:33:15 +02:00
Mateusz Starzyk
6326a8dd37 Fix SHA definitions and their dependencies in library and test suites.
Rework SHA224 and SHA283 documentation.
Define MBEDTLS_SHAxxx_C options in alphabetic order.
Fix SHA224 and SHA384 dependencies in test suites.

Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
2021-05-10 13:51:53 +02:00
Mateusz Starzyk
3352a53475 Modify config option for SHA384.
Although SHA512 is currently required to enable SHA384, this
is expected to change in the future. This commit is an
intermediate step towards fully separating SHA384 and SHA512.

check_config is the only module which enforces that SHA512 is
enabled together with SHA384.

Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
2021-04-28 14:38:37 +02:00
Manuel Pégourié-Gonnard
9bbe328752 Test each failure mode of pk_parse_key_pkcs1_der()
(Only the top-level ones, ie, for each call to eg asn1_get_mpi(), ensure
there's at least one test case that makes this call fail in one way, but don't
test the various ways to make asn1_get_mpi fail - that should be covered
elsewhere.)

- the new checks added by the previous commits needed exercising
- existing tests sometimes had wrong descriptions or where passing for the
  wrong reason (eg with the "length mismatch" test, the function actually
failed before reaching the length check)
- while at it, add tests for the rest as well

The valid minimal-size key was generated with:

openssl genrsa 128 2>/dev/null | openssl rsa -outform der 2>/dev/null | xxd -p
2020-02-18 10:31:29 +01:00
Manuel Pégourié-Gonnard
b65370f97d Clean up test function pk_parse_key
- remove incorrect compile-time dependency (the individual cases already have
  correct run-time dependency information)
- remove unused argument
- remove unused stack buffer
- remove useless code block
2020-02-18 10:18:43 +01:00
Manuel Pégourié-Gonnard
86a39bdbc5 Improve readability of test dependencies
- Always put MBEDTLS_SHA512_NO_SHA384 immediately after MBEDTLS_SHA512_C
- Remove duplicate occurrences of MBEDTLS_SHA512_NO_SHA384 on the same line
2020-01-07 10:24:17 +01:00
Manuel Pégourié-Gonnard
6ba5a3fc57 Declare test dependencies on !SHA512_NO_SHA384 2020-01-06 11:40:23 +01:00
Simon Butcher
5f26b11ffa Change test dependencies to RC4 from DES
Some tests were dependent on DES yet actually used RC4. Likely a copy and paste
error. This change fixes them.
2018-07-27 17:15:39 +01:00
Jethro Beekman
d2df936e67 Fix parsing of PKCS#8 encoded Elliptic Curve keys.
The relevant ASN.1 definitions for a PKCS#8 encoded Elliptic Curve key are:

PrivateKeyInfo ::= SEQUENCE {
  version                   Version,
  privateKeyAlgorithm       PrivateKeyAlgorithmIdentifier,
  privateKey                PrivateKey,
  attributes           [0]  IMPLICIT Attributes OPTIONAL
}

AlgorithmIdentifier  ::=  SEQUENCE  {
  algorithm   OBJECT IDENTIFIER,
  parameters  ANY DEFINED BY algorithm OPTIONAL
}

ECParameters ::= CHOICE {
  namedCurve         OBJECT IDENTIFIER
  -- implicitCurve   NULL
  -- specifiedCurve  SpecifiedECDomain
}

ECPrivateKey ::= SEQUENCE {
  version        INTEGER { ecPrivkeyVer1(1) } (ecPrivkeyVer1),
  privateKey     OCTET STRING,
  parameters [0] ECParameters {{ NamedCurve }} OPTIONAL,
  publicKey  [1] BIT STRING OPTIONAL
}

Because of the two optional fields, there are 4 possible variants that need to
be parsed: no optional fields, only parameters, only public key, and both
optional fields. Previously mbedTLS was unable to parse keys with "only
parameters". Also, only "only public key" was tested. There was a test for "no
optional fields", but it was labelled incorrectly as SEC.1 and not run because
of a great renaming mixup.
2018-03-22 18:01:18 -07:00
Jaeden Amero
24b2d6fb6d Merge remote-tracking branch 'upstream-restricted/pr/459' into development-restricted-proposed 2018-03-15 08:24:44 +00:00
Sanne Wouda
bb50113123 Rename test and update dependencies 2018-03-06 23:35:14 +01:00
Sanne Wouda
90da97d587 Add test case found through fuzzing to pkparse test suite 2018-03-06 23:31:12 +01:00
Gilles Peskine
e6844ccf2b Merge branch 'pr_1135' into development-proposed 2018-02-14 17:20:42 +01:00
Antonio Quartulli
8d7d1ea9f6
tests_suite_pkparse: new PKCS8-v2 keys with PRF != SHA1
Extend the pkparse test suite with the newly created keys
encrypted using PKCS#8 with PKCS#5 v2.0 with PRF being
SHA224, 256, 384 and 512.

Signed-off-by: Antonio Quartulli <antonio@openvpn.net>
2018-02-08 17:18:20 +08:00
Ron Eldor
9566ff7913 Fix minor issues raised in PR review
1. Style issues fixes - remove redundant spacing.
2. Remove depency of `MBEDTLS_RSA_C` in `pk_parse_public_keyfile_rsa()`
tests, as the function itself is dependent on it.
2018-02-07 18:59:41 +02:00