yuzu-mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-mirror/mbedtls.git synced 2025-12-06 07:12:32 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity
26051 commits 89 branches 205 tags 114 MiB
Commit graph

9293 commits

Author SHA1 Message Date
Gilles Peskine f292b9de82 Fix pastapasta 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-05-03 14:49:21 +02:00
Gilles Peskine 3c96e0fe70 typo 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-05-03 14:49:21 +02:00
Gilles Peskine 55ad28a9e7 Document a known issue with testing of mbedtls_x509_crt_parse_path 
The parse_path tests are known to fail when compiled for a 32-btt architecture
and run via qemu-user on Linux on a 64-bit host. This is due to a known
bug in Qemu: https://gitlab.com/qemu-project/qemu/-/issues/263

Document this, and add test cases to parse the files involved to confirm
that the problem is only with parse_path.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-05-03 14:49:21 +02:00
Gilles Peskine 1e5fec6a79 Improve testing of mbedtls_x509_crt_parse_file 
Check the number of certificates found, as was done in the test of
mbedtls_x509_crt_parse_path().

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-05-03 14:49:18 +02:00
Kusumit Ghoderao 056f0c5047 Make output_byte return not_supported for pbkdf2 
As output functionality is not added yet return PSA_SUCCESS for
now if inputs are passed correctly. If input validation fails
operation is aborted and output_bytes will return PSA_ERROR_BAD_STATE

Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>
 2023-05-03 17:33:27 +05:30
Manuel Pégourié-Gonnard f57273c817
Merge pull request #7496 from valeriosetti/issue7480 
Fix test gap in PK write: private (opaque) -> public
 2023-05-03 12:39:49 +02:00
Kusumit Ghoderao 7c05c00988 Add test cases for pbkdf2 input functions 
Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>
 2023-05-03 14:20:37 +05:30
Gilles Peskine d3ca5e5897
Merge pull request #7328 from mprse/ec-jpake-fix1 
Fix the JPAKE driver interface for user+peer
 2023-05-02 20:42:25 +02:00
Gilles Peskine c70d9eab8a
Merge pull request #7412 from silabs-Kusumit/PBKDF2_implementation 
PBKDF2: Implement input_integer
 2023-05-02 20:41:23 +02:00
Valerio Setti 9a855f21aa test: check for exact length of returned pub key 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-05-02 15:45:39 +02:00
Valerio Setti f5451717af test: optimize code for pk_write_public_from_private() 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-05-02 15:45:39 +02:00
Valerio Setti 84554e9830 test: use better naming for the newly introduced test function 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-05-02 15:45:39 +02:00
Valerio Setti 8820b57b6e test: fix makefile for ec_pub.[der/pem] generation 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-05-02 15:45:39 +02:00
Valerio Setti d860a79029 test: fix wrong private key file 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-05-02 15:45:39 +02:00
Valerio Setti 1751341b68 test: add test function for public key derivation starting from private one 
Data test cases are also included in the commit.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-05-02 15:45:39 +02:00
Valerio Setti c8b7865612 test: align ec_pub public keyfile with its ec_prv.sec1 counterpart 
This change affects:
- both PEM and DER files, since they contain the same public key
  only in different formats
- "ec_pub.comp.pem" since it's the same as "ec_pub.pem" but in
  compressed format

The makefile was also updated accordingly to reflect these
dependencies.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-05-02 15:45:39 +02:00
Manuel Pégourié-Gonnard f317df98ea
Merge pull request #7461 from valeriosetti/issue7460-part1 
Fixing USE_PSA_INIT/DONE in SSL/X509/PK test suites
 2023-05-02 10:44:13 +02:00
Kusumit Ghoderao d60dfc0e43 Add test for parse_binary_string 
Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>
 2023-05-02 10:47:50 +05:30
Andrzej Kurek 6f400a376e Disallow leading zeroes when parsing IPv4 addresses 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2023-05-01 06:23:42 -04:00
Gilles Peskine 14d6b1124b
Merge pull request #7419 from yuhaoth/test/random-time-test-fail 
Workaround random `test_suite_platform` fail in time test
 2023-04-28 13:17:31 +02:00
Valerio Setti 7c0f91be10 test: use define for initializing ssl_message_queue struct 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-04-28 12:20:34 +02:00
Przemek Stekiel 6d85afa0cc Fix naming: FFDH key -> DH key and fix guard in psa_validate_key_type_and_size_for_key_generation 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-04-28 11:42:17 +02:00
Valerio Setti 00a256f7b2 test: fix USE_PSA_INIT position in test_suite_ssl 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-04-28 09:37:35 +02:00
Kusumit Ghoderao 0f2f996b92 change binary_string_parser for big-endian input 
Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>
 2023-04-28 10:07:10 +05:30
Dave Rodgman e93c90e881
Merge pull request #7433 from oberon-microsystems/fix-psa-aead-chacha20-test-dependency 2023-04-27 19:13:53 +01:00
Kusumit-Silabs b6ad6823f0
Update tests/suites/test_suite_psa_crypto.function 
Co-authored-by: Gilles Peskine <gilles.peskine@arm.com>
Signed-off-by: Kusumit-Silabs <89393006+silabs-Kusumit@users.noreply.github.com>
 2023-04-27 22:42:19 +05:30
Kusumit Ghoderao af0225e4de change binary_string_parser for big-endian input 
Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>
 2023-04-27 20:06:58 +05:30
Kusumit Ghoderao c6fdf1b683 Add tests with INPUT_INTEGER as key_type_arg 
Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>
 2023-04-27 17:03:20 +05:30
Kusumit Ghoderao 12e0b4b452 Use key_type_arg for determining input method 
Remove input_types_arg variable in test function
Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>
 2023-04-27 16:58:23 +05:30
Przemek Stekiel 4c0da51ee7 mbedtls_test_psa_exported_key_sanity_check: check for length equality for DH keys 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-04-27 13:04:20 +02:00
Przemek Stekiel 2c9fc07cc4 Fix FFDH tests dependencies 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-04-27 12:41:32 +02:00
Przemek Stekiel 2e7c33d530 Use import_with_data for testing FFDH invalid key length 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-04-27 12:31:42 +02:00
Paul Elliott 16648be171 Add Curve 448 tests 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2023-04-26 22:23:27 +01:00
Gilles Peskine b70c4e07d0 Adjust code style for pointer types and casts 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-04-26 19:59:28 +02:00
Gilles Peskine 2986accd20 typo 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-04-26 19:57:50 +02:00
Gilles Peskine 578613322a Add test cases with a question mark 
The test framework used to treat them specially (but no longer does). Add
these test cases as non-regression for how the test framework allows "?"
and especially "??" (which I think in the very distant path needed special
handling because the test data was embedded in a .c file, and thus ?? could
be interpreted as the prefix of a trigraph).

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-04-26 19:50:57 +02:00
Gilles Peskine 9a75131da1 Fix wrong comment 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-04-26 19:40:02 +02:00
Gilles Peskine 5472242b67 Explain the format argument expected by the test functions 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-04-26 19:40:02 +02:00
Gilles Peskine fa83a7ec1e Fix typos in test descriptions 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-04-26 19:40:02 +02:00
Gilles Peskine 8b32d20c50 Test the line number returned by parse_test_data 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-04-26 19:40:02 +02:00
Gilles Peskine 7768a8e0a6 Remove string hack for mbedtls_mpi_mod_int testing 
Now that the test framework can pass arbitrary values of type
mbedtls_mpi_sint, just do that.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-04-26 19:40:02 +02:00
Gilles Peskine 6f5082bf4d Allow more signed integer types in test function arguments 
Now that the C code supports the full range of intmax_t, allow any size of
signed integer type in the .data file parser.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-04-26 19:40:02 +02:00
Gilles Peskine 872948cc72 Support larger integer test arguments: C part 
Change the type of signed integer arguments from int32_t to intmax_t.
This allows the C code to work with test function arguments with a range
larger than int32_t. A subsequent commit will change the .datax generator
to support larger types.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-04-26 19:40:02 +02:00
Gilles Peskine 4ea4ad082b parse_function_arguments: stricter type parsing 
Use normalization the equality comparisons instead of loose regular
expressions to determine the type of an argument of a test function.

Now declarations are parsed in a stricter way: there can't be ignored junk
at the beginning or at the end. For example, `long long unsigned int x`
was accepted as a test function argument (but not `long long unsigned x`),
although this was misleading since the value was truncated to the range of
int. Now only recognized types are accepted.

The new code is slightly looser in that it accepts `char const*` as well as
`const char*`.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-04-26 19:40:02 +02:00
Gilles Peskine 47e2e8817d Support (void) as an argument list of a test function 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-04-26 19:40:02 +02:00
Gilles Peskine 096f0ca7e5 parse_function_arguments: extract per-argument function 
Internal refactoring only, no behavior change.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-04-26 19:40:02 +02:00
Gilles Peskine 400cde607b parse_function_arguments: make local_vars a list 
Internal refactoring only, no behavior change.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-04-26 19:40:02 +02:00
Gilles Peskine b3c2eaf00f Support different types in the parameter store 
The test framework stores size_t and int32_t values in the parameter store
by converting them all to int. This is ok in practice, since we assume int
covers int32_t and we don't have test data larger than 2GB. But it's
confusing and error-prone. So make the parameter store a union, which allows
size_t values not to be potentially truncated and makes the code a little
clearer.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-04-26 19:40:02 +02:00
Gilles Peskine 5226eb5cd3 Simplify parsing of integers in .datax files 
In the .datax parser, since we're calling strtol() anyway, rely on it for
verification. This makes the .datax parser very slightly more
liberal (leading spaces and '+' are now accepted), and changes the
interpretation of numbers with leading zeros to octal.

Before, an argument like :0123: was parsed as decimal, but an argument like
:0123+1: was parsed as a C expression and hence the leading zero marked an
octal representation. Now, a leading zero is always interpreted according to
C syntax, namely indicating octal. There are no nonzero integer constants
with a leading zero in a .data file, so this does not affect existing test
cases.

In the .datax generator, allow negative arguments to be 'int' (before, they
were systematically treated as 'exp' even though they didn't need to be).

In the .datax parser, validate the range of integer constants. They have to
fit in int32_t. In the .datax generator, use 'exp' instead of 'int' for
integer constants that are out of range.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-04-26 19:40:02 +02:00
Gilles Peskine a9946952b4 Exercise string parsing in the test framework 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-04-26 19:40:02 +02:00
Gilles Peskine 1a24895bfd Simplify string escapes 
Treat backslash as a universal escape character: "\n" is a newline,
backslash escapes any non-alphanumeric character.

This affects some test cases that had "\," standing for backslash-comma.
With the new uniform treatment of backslashes, this needs to be "\\,".

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-04-26 19:39:54 +02:00
Gilles Peskine ca25deee12 Factor get_function_info out of gen_from_test_data 
No intended behavior change. This commit is mainly to satisfy pylint, which
complains that gen_from_test_data now has too many variables. But it's a
good thing anyway to make the function a little more readable.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-04-26 19:38:41 +02:00
Gilles Peskine 8542f5c81f Add line number to a few error messages 
This is just a quick improvement, not meant to tackle the problem as a
whole.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-04-26 19:38:40 +02:00
Gilles Peskine bc3db2e30a printf testing: exercise integer parsing in the test framework 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-04-26 19:38:40 +02:00
Gilles Peskine 187932639b Remove stdint.h substitute for older MSVC 
We now require at least Visual Studio 2013, which has stdint.h per
 https://learn.microsoft.com/en-us/previous-versions/visualstudio/visual-studio-2013/y4hta57s(v=vs.120)
so the workaround to define C99 types on pre-C99 MSVC is no longer needed.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-04-26 19:38:40 +02:00
Gilles Peskine 6c607e5a55 Remove declarations of the nonstandard function strcasecmp 
It is no longer used.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-04-26 19:38:40 +02:00
Gilles Peskine 017f0b7369 Stop supporting non-canonical case in mpi_write_string test data 
We're using the non-standard function strcasecmp() just so that the case
of digits beyond 9 can be different in the library and in the test data.
Use matching case in the test data, and use a standard function for the
comparison.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-04-26 19:38:40 +02:00
David Horstmann 9643575d92 Limit OIDs to 128 components 
The longest OID known by oid-info.com is 34 components[1], so 128
should be plenty and will limit the potential for attacks.

[1] http://oid-info.com/get/1.3.6.1.4.1.1248.1.1.2.1.3.21.69.112.115.111.110.32.83.116.121.108.117.115.32.80.114.111.32.52.57.48.48

Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2023-04-26 11:50:14 +01:00
Janos Follath 91a618375a
Merge pull request #7427 from minosgalanakis/ecp/7258_ecp_mod_p256K1_add_test_cases 
ECP: Add Unit Tests for secp256k1
 2023-04-26 08:52:24 +01:00
Przemek Stekiel 654bef0be0 Fix typos, comments, style, optimize macros 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-04-26 09:07:20 +02:00
Przemek Stekiel 1702d5a1f4 test driver: add support for FFDH key agreement 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-04-26 09:07:20 +02:00
Przemek Stekiel 7cf26dfca3 Add sanity check for FFDH key excercise 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-04-26 09:07:20 +02:00
Przemek Stekiel 9e65a81ef8 Remove redundant test case (PSA_ALG_FFDH key agreement is now supported) 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-04-26 09:04:32 +02:00
Przemek Stekiel b231c9dd23 Add FFDH key agreement tests 
Tests were generated using the python script. Please find code below:

"""
generate_ffdh_key_agreement_tests.py
Script to generate test vectors for FFDH key agreement.

Example usage:
generate_ffdh_key_agreement_tests.py
"""

import os
import sys
import random

DHM_RFC7919_FFDHE2048_P_BIN = bytes([                \
     0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \
     0xAD, 0xF8, 0x54, 0x58, 0xA2, 0xBB, 0x4A, 0x9A, \
     0xAF, 0xDC, 0x56, 0x20, 0x27, 0x3D, 0x3C, 0xF1, \
     0xD8, 0xB9, 0xC5, 0x83, 0xCE, 0x2D, 0x36, 0x95, \
     0xA9, 0xE1, 0x36, 0x41, 0x14, 0x64, 0x33, 0xFB, \
     0xCC, 0x93, 0x9D, 0xCE, 0x24, 0x9B, 0x3E, 0xF9, \
     0x7D, 0x2F, 0xE3, 0x63, 0x63, 0x0C, 0x75, 0xD8, \
     0xF6, 0x81, 0xB2, 0x02, 0xAE, 0xC4, 0x61, 0x7A, \
     0xD3, 0xDF, 0x1E, 0xD5, 0xD5, 0xFD, 0x65, 0x61, \
     0x24, 0x33, 0xF5, 0x1F, 0x5F, 0x06, 0x6E, 0xD0, \
     0x85, 0x63, 0x65, 0x55, 0x3D, 0xED, 0x1A, 0xF3, \
     0xB5, 0x57, 0x13, 0x5E, 0x7F, 0x57, 0xC9, 0x35, \
     0x98, 0x4F, 0x0C, 0x70, 0xE0, 0xE6, 0x8B, 0x77, \
     0xE2, 0xA6, 0x89, 0xDA, 0xF3, 0xEF, 0xE8, 0x72, \
     0x1D, 0xF1, 0x58, 0xA1, 0x36, 0xAD, 0xE7, 0x35, \
     0x30, 0xAC, 0xCA, 0x4F, 0x48, 0x3A, 0x79, 0x7A, \
     0xBC, 0x0A, 0xB1, 0x82, 0xB3, 0x24, 0xFB, 0x61, \
     0xD1, 0x08, 0xA9, 0x4B, 0xB2, 0xC8, 0xE3, 0xFB, \
     0xB9, 0x6A, 0xDA, 0xB7, 0x60, 0xD7, 0xF4, 0x68, \
     0x1D, 0x4F, 0x42, 0xA3, 0xDE, 0x39, 0x4D, 0xF4, \
     0xAE, 0x56, 0xED, 0xE7, 0x63, 0x72, 0xBB, 0x19, \
     0x0B, 0x07, 0xA7, 0xC8, 0xEE, 0x0A, 0x6D, 0x70, \
     0x9E, 0x02, 0xFC, 0xE1, 0xCD, 0xF7, 0xE2, 0xEC, \
     0xC0, 0x34, 0x04, 0xCD, 0x28, 0x34, 0x2F, 0x61, \
     0x91, 0x72, 0xFE, 0x9C, 0xE9, 0x85, 0x83, 0xFF, \
     0x8E, 0x4F, 0x12, 0x32, 0xEE, 0xF2, 0x81, 0x83, \
     0xC3, 0xFE, 0x3B, 0x1B, 0x4C, 0x6F, 0xAD, 0x73, \
     0x3B, 0xB5, 0xFC, 0xBC, 0x2E, 0xC2, 0x20, 0x05, \
     0xC5, 0x8E, 0xF1, 0x83, 0x7D, 0x16, 0x83, 0xB2, \
     0xC6, 0xF3, 0x4A, 0x26, 0xC1, 0xB2, 0xEF, 0xFA, \
     0x88, 0x6B, 0x42, 0x38, 0x61, 0x28, 0x5C, 0x97, \
     0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ])

DHM_RFC7919_FFDHE2048_G_BIN = bytes([ 0x02 ])

DHM_RFC7919_FFDHE3072_P_BIN = bytes([                \
     0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \
     0xAD, 0xF8, 0x54, 0x58, 0xA2, 0xBB, 0x4A, 0x9A, \
     0xAF, 0xDC, 0x56, 0x20, 0x27, 0x3D, 0x3C, 0xF1, \
     0xD8, 0xB9, 0xC5, 0x83, 0xCE, 0x2D, 0x36, 0x95, \
     0xA9, 0xE1, 0x36, 0x41, 0x14, 0x64, 0x33, 0xFB, \
     0xCC, 0x93, 0x9D, 0xCE, 0x24, 0x9B, 0x3E, 0xF9, \
     0x7D, 0x2F, 0xE3, 0x63, 0x63, 0x0C, 0x75, 0xD8, \
     0xF6, 0x81, 0xB2, 0x02, 0xAE, 0xC4, 0x61, 0x7A, \
     0xD3, 0xDF, 0x1E, 0xD5, 0xD5, 0xFD, 0x65, 0x61, \
     0x24, 0x33, 0xF5, 0x1F, 0x5F, 0x06, 0x6E, 0xD0, \
     0x85, 0x63, 0x65, 0x55, 0x3D, 0xED, 0x1A, 0xF3, \
     0xB5, 0x57, 0x13, 0x5E, 0x7F, 0x57, 0xC9, 0x35, \
     0x98, 0x4F, 0x0C, 0x70, 0xE0, 0xE6, 0x8B, 0x77, \
     0xE2, 0xA6, 0x89, 0xDA, 0xF3, 0xEF, 0xE8, 0x72, \
     0x1D, 0xF1, 0x58, 0xA1, 0x36, 0xAD, 0xE7, 0x35, \
     0x30, 0xAC, 0xCA, 0x4F, 0x48, 0x3A, 0x79, 0x7A, \
     0xBC, 0x0A, 0xB1, 0x82, 0xB3, 0x24, 0xFB, 0x61, \
     0xD1, 0x08, 0xA9, 0x4B, 0xB2, 0xC8, 0xE3, 0xFB, \
     0xB9, 0x6A, 0xDA, 0xB7, 0x60, 0xD7, 0xF4, 0x68, \
     0x1D, 0x4F, 0x42, 0xA3, 0xDE, 0x39, 0x4D, 0xF4, \
     0xAE, 0x56, 0xED, 0xE7, 0x63, 0x72, 0xBB, 0x19, \
     0x0B, 0x07, 0xA7, 0xC8, 0xEE, 0x0A, 0x6D, 0x70, \
     0x9E, 0x02, 0xFC, 0xE1, 0xCD, 0xF7, 0xE2, 0xEC, \
     0xC0, 0x34, 0x04, 0xCD, 0x28, 0x34, 0x2F, 0x61, \
     0x91, 0x72, 0xFE, 0x9C, 0xE9, 0x85, 0x83, 0xFF, \
     0x8E, 0x4F, 0x12, 0x32, 0xEE, 0xF2, 0x81, 0x83, \
     0xC3, 0xFE, 0x3B, 0x1B, 0x4C, 0x6F, 0xAD, 0x73, \
     0x3B, 0xB5, 0xFC, 0xBC, 0x2E, 0xC2, 0x20, 0x05, \
     0xC5, 0x8E, 0xF1, 0x83, 0x7D, 0x16, 0x83, 0xB2, \
     0xC6, 0xF3, 0x4A, 0x26, 0xC1, 0xB2, 0xEF, 0xFA, \
     0x88, 0x6B, 0x42, 0x38, 0x61, 0x1F, 0xCF, 0xDC, \
     0xDE, 0x35, 0x5B, 0x3B, 0x65, 0x19, 0x03, 0x5B, \
     0xBC, 0x34, 0xF4, 0xDE, 0xF9, 0x9C, 0x02, 0x38, \
     0x61, 0xB4, 0x6F, 0xC9, 0xD6, 0xE6, 0xC9, 0x07, \
     0x7A, 0xD9, 0x1D, 0x26, 0x91, 0xF7, 0xF7, 0xEE, \
     0x59, 0x8C, 0xB0, 0xFA, 0xC1, 0x86, 0xD9, 0x1C, \
     0xAE, 0xFE, 0x13, 0x09, 0x85, 0x13, 0x92, 0x70, \
     0xB4, 0x13, 0x0C, 0x93, 0xBC, 0x43, 0x79, 0x44, \
     0xF4, 0xFD, 0x44, 0x52, 0xE2, 0xD7, 0x4D, 0xD3, \
     0x64, 0xF2, 0xE2, 0x1E, 0x71, 0xF5, 0x4B, 0xFF, \
     0x5C, 0xAE, 0x82, 0xAB, 0x9C, 0x9D, 0xF6, 0x9E, \
     0xE8, 0x6D, 0x2B, 0xC5, 0x22, 0x36, 0x3A, 0x0D, \
     0xAB, 0xC5, 0x21, 0x97, 0x9B, 0x0D, 0xEA, 0xDA, \
     0x1D, 0xBF, 0x9A, 0x42, 0xD5, 0xC4, 0x48, 0x4E, \
     0x0A, 0xBC, 0xD0, 0x6B, 0xFA, 0x53, 0xDD, 0xEF, \
     0x3C, 0x1B, 0x20, 0xEE, 0x3F, 0xD5, 0x9D, 0x7C, \
     0x25, 0xE4, 0x1D, 0x2B, 0x66, 0xC6, 0x2E, 0x37, \
     0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ])

DHM_RFC7919_FFDHE3072_G_BIN = bytes([ 0x02 ])

DHM_RFC7919_FFDHE4096_P_BIN = bytes([                \
     0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \
     0xAD, 0xF8, 0x54, 0x58, 0xA2, 0xBB, 0x4A, 0x9A, \
     0xAF, 0xDC, 0x56, 0x20, 0x27, 0x3D, 0x3C, 0xF1, \
     0xD8, 0xB9, 0xC5, 0x83, 0xCE, 0x2D, 0x36, 0x95, \
     0xA9, 0xE1, 0x36, 0x41, 0x14, 0x64, 0x33, 0xFB, \
     0xCC, 0x93, 0x9D, 0xCE, 0x24, 0x9B, 0x3E, 0xF9, \
     0x7D, 0x2F, 0xE3, 0x63, 0x63, 0x0C, 0x75, 0xD8, \
     0xF6, 0x81, 0xB2, 0x02, 0xAE, 0xC4, 0x61, 0x7A, \
     0xD3, 0xDF, 0x1E, 0xD5, 0xD5, 0xFD, 0x65, 0x61, \
     0x24, 0x33, 0xF5, 0x1F, 0x5F, 0x06, 0x6E, 0xD0, \
     0x85, 0x63, 0x65, 0x55, 0x3D, 0xED, 0x1A, 0xF3, \
     0xB5, 0x57, 0x13, 0x5E, 0x7F, 0x57, 0xC9, 0x35, \
     0x98, 0x4F, 0x0C, 0x70, 0xE0, 0xE6, 0x8B, 0x77, \
     0xE2, 0xA6, 0x89, 0xDA, 0xF3, 0xEF, 0xE8, 0x72, \
     0x1D, 0xF1, 0x58, 0xA1, 0x36, 0xAD, 0xE7, 0x35, \
     0x30, 0xAC, 0xCA, 0x4F, 0x48, 0x3A, 0x79, 0x7A, \
     0xBC, 0x0A, 0xB1, 0x82, 0xB3, 0x24, 0xFB, 0x61, \
     0xD1, 0x08, 0xA9, 0x4B, 0xB2, 0xC8, 0xE3, 0xFB, \
     0xB9, 0x6A, 0xDA, 0xB7, 0x60, 0xD7, 0xF4, 0x68, \
     0x1D, 0x4F, 0x42, 0xA3, 0xDE, 0x39, 0x4D, 0xF4, \
     0xAE, 0x56, 0xED, 0xE7, 0x63, 0x72, 0xBB, 0x19, \
     0x0B, 0x07, 0xA7, 0xC8, 0xEE, 0x0A, 0x6D, 0x70, \
     0x9E, 0x02, 0xFC, 0xE1, 0xCD, 0xF7, 0xE2, 0xEC, \
     0xC0, 0x34, 0x04, 0xCD, 0x28, 0x34, 0x2F, 0x61, \
     0x91, 0x72, 0xFE, 0x9C, 0xE9, 0x85, 0x83, 0xFF, \
     0x8E, 0x4F, 0x12, 0x32, 0xEE, 0xF2, 0x81, 0x83, \
     0xC3, 0xFE, 0x3B, 0x1B, 0x4C, 0x6F, 0xAD, 0x73, \
     0x3B, 0xB5, 0xFC, 0xBC, 0x2E, 0xC2, 0x20, 0x05, \
     0xC5, 0x8E, 0xF1, 0x83, 0x7D, 0x16, 0x83, 0xB2, \
     0xC6, 0xF3, 0x4A, 0x26, 0xC1, 0xB2, 0xEF, 0xFA, \
     0x88, 0x6B, 0x42, 0x38, 0x61, 0x1F, 0xCF, 0xDC, \
     0xDE, 0x35, 0x5B, 0x3B, 0x65, 0x19, 0x03, 0x5B, \
     0xBC, 0x34, 0xF4, 0xDE, 0xF9, 0x9C, 0x02, 0x38, \
     0x61, 0xB4, 0x6F, 0xC9, 0xD6, 0xE6, 0xC9, 0x07, \
     0x7A, 0xD9, 0x1D, 0x26, 0x91, 0xF7, 0xF7, 0xEE, \
     0x59, 0x8C, 0xB0, 0xFA, 0xC1, 0x86, 0xD9, 0x1C, \
     0xAE, 0xFE, 0x13, 0x09, 0x85, 0x13, 0x92, 0x70, \
     0xB4, 0x13, 0x0C, 0x93, 0xBC, 0x43, 0x79, 0x44, \
     0xF4, 0xFD, 0x44, 0x52, 0xE2, 0xD7, 0x4D, 0xD3, \
     0x64, 0xF2, 0xE2, 0x1E, 0x71, 0xF5, 0x4B, 0xFF, \
     0x5C, 0xAE, 0x82, 0xAB, 0x9C, 0x9D, 0xF6, 0x9E, \
     0xE8, 0x6D, 0x2B, 0xC5, 0x22, 0x36, 0x3A, 0x0D, \
     0xAB, 0xC5, 0x21, 0x97, 0x9B, 0x0D, 0xEA, 0xDA, \
     0x1D, 0xBF, 0x9A, 0x42, 0xD5, 0xC4, 0x48, 0x4E, \
     0x0A, 0xBC, 0xD0, 0x6B, 0xFA, 0x53, 0xDD, 0xEF, \
     0x3C, 0x1B, 0x20, 0xEE, 0x3F, 0xD5, 0x9D, 0x7C, \
     0x25, 0xE4, 0x1D, 0x2B, 0x66, 0x9E, 0x1E, 0xF1, \
     0x6E, 0x6F, 0x52, 0xC3, 0x16, 0x4D, 0xF4, 0xFB, \
     0x79, 0x30, 0xE9, 0xE4, 0xE5, 0x88, 0x57, 0xB6, \
     0xAC, 0x7D, 0x5F, 0x42, 0xD6, 0x9F, 0x6D, 0x18, \
     0x77, 0x63, 0xCF, 0x1D, 0x55, 0x03, 0x40, 0x04, \
     0x87, 0xF5, 0x5B, 0xA5, 0x7E, 0x31, 0xCC, 0x7A, \
     0x71, 0x35, 0xC8, 0x86, 0xEF, 0xB4, 0x31, 0x8A, \
     0xED, 0x6A, 0x1E, 0x01, 0x2D, 0x9E, 0x68, 0x32, \
     0xA9, 0x07, 0x60, 0x0A, 0x91, 0x81, 0x30, 0xC4, \
     0x6D, 0xC7, 0x78, 0xF9, 0x71, 0xAD, 0x00, 0x38, \
     0x09, 0x29, 0x99, 0xA3, 0x33, 0xCB, 0x8B, 0x7A, \
     0x1A, 0x1D, 0xB9, 0x3D, 0x71, 0x40, 0x00, 0x3C, \
     0x2A, 0x4E, 0xCE, 0xA9, 0xF9, 0x8D, 0x0A, 0xCC, \
     0x0A, 0x82, 0x91, 0xCD, 0xCE, 0xC9, 0x7D, 0xCF, \
     0x8E, 0xC9, 0xB5, 0x5A, 0x7F, 0x88, 0xA4, 0x6B, \
     0x4D, 0xB5, 0xA8, 0x51, 0xF4, 0x41, 0x82, 0xE1, \
     0xC6, 0x8A, 0x00, 0x7E, 0x5E, 0x65, 0x5F, 0x6A, \
     0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ])

DHM_RFC7919_FFDHE4096_G_BIN = bytes([ 0x02 ])

DHM_RFC7919_FFDHE6144_P_BIN = bytes([                \
     0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \
     0xAD, 0xF8, 0x54, 0x58, 0xA2, 0xBB, 0x4A, 0x9A, \
     0xAF, 0xDC, 0x56, 0x20, 0x27, 0x3D, 0x3C, 0xF1, \
     0xD8, 0xB9, 0xC5, 0x83, 0xCE, 0x2D, 0x36, 0x95, \
     0xA9, 0xE1, 0x36, 0x41, 0x14, 0x64, 0x33, 0xFB, \
     0xCC, 0x93, 0x9D, 0xCE, 0x24, 0x9B, 0x3E, 0xF9, \
     0x7D, 0x2F, 0xE3, 0x63, 0x63, 0x0C, 0x75, 0xD8, \
     0xF6, 0x81, 0xB2, 0x02, 0xAE, 0xC4, 0x61, 0x7A, \
     0xD3, 0xDF, 0x1E, 0xD5, 0xD5, 0xFD, 0x65, 0x61, \
     0x24, 0x33, 0xF5, 0x1F, 0x5F, 0x06, 0x6E, 0xD0, \
     0x85, 0x63, 0x65, 0x55, 0x3D, 0xED, 0x1A, 0xF3, \
     0xB5, 0x57, 0x13, 0x5E, 0x7F, 0x57, 0xC9, 0x35, \
     0x98, 0x4F, 0x0C, 0x70, 0xE0, 0xE6, 0x8B, 0x77, \
     0xE2, 0xA6, 0x89, 0xDA, 0xF3, 0xEF, 0xE8, 0x72, \
     0x1D, 0xF1, 0x58, 0xA1, 0x36, 0xAD, 0xE7, 0x35, \
     0x30, 0xAC, 0xCA, 0x4F, 0x48, 0x3A, 0x79, 0x7A, \
     0xBC, 0x0A, 0xB1, 0x82, 0xB3, 0x24, 0xFB, 0x61, \
     0xD1, 0x08, 0xA9, 0x4B, 0xB2, 0xC8, 0xE3, 0xFB, \
     0xB9, 0x6A, 0xDA, 0xB7, 0x60, 0xD7, 0xF4, 0x68, \
     0x1D, 0x4F, 0x42, 0xA3, 0xDE, 0x39, 0x4D, 0xF4, \
     0xAE, 0x56, 0xED, 0xE7, 0x63, 0x72, 0xBB, 0x19, \
     0x0B, 0x07, 0xA7, 0xC8, 0xEE, 0x0A, 0x6D, 0x70, \
     0x9E, 0x02, 0xFC, 0xE1, 0xCD, 0xF7, 0xE2, 0xEC, \
     0xC0, 0x34, 0x04, 0xCD, 0x28, 0x34, 0x2F, 0x61, \
     0x91, 0x72, 0xFE, 0x9C, 0xE9, 0x85, 0x83, 0xFF, \
     0x8E, 0x4F, 0x12, 0x32, 0xEE, 0xF2, 0x81, 0x83, \
     0xC3, 0xFE, 0x3B, 0x1B, 0x4C, 0x6F, 0xAD, 0x73, \
     0x3B, 0xB5, 0xFC, 0xBC, 0x2E, 0xC2, 0x20, 0x05, \
     0xC5, 0x8E, 0xF1, 0x83, 0x7D, 0x16, 0x83, 0xB2, \
     0xC6, 0xF3, 0x4A, 0x26, 0xC1, 0xB2, 0xEF, 0xFA, \
     0x88, 0x6B, 0x42, 0x38, 0x61, 0x1F, 0xCF, 0xDC, \
     0xDE, 0x35, 0x5B, 0x3B, 0x65, 0x19, 0x03, 0x5B, \
     0xBC, 0x34, 0xF4, 0xDE, 0xF9, 0x9C, 0x02, 0x38, \
     0x61, 0xB4, 0x6F, 0xC9, 0xD6, 0xE6, 0xC9, 0x07, \
     0x7A, 0xD9, 0x1D, 0x26, 0x91, 0xF7, 0xF7, 0xEE, \
     0x59, 0x8C, 0xB0, 0xFA, 0xC1, 0x86, 0xD9, 0x1C, \
     0xAE, 0xFE, 0x13, 0x09, 0x85, 0x13, 0x92, 0x70, \
     0xB4, 0x13, 0x0C, 0x93, 0xBC, 0x43, 0x79, 0x44, \
     0xF4, 0xFD, 0x44, 0x52, 0xE2, 0xD7, 0x4D, 0xD3, \
     0x64, 0xF2, 0xE2, 0x1E, 0x71, 0xF5, 0x4B, 0xFF, \
     0x5C, 0xAE, 0x82, 0xAB, 0x9C, 0x9D, 0xF6, 0x9E, \
     0xE8, 0x6D, 0x2B, 0xC5, 0x22, 0x36, 0x3A, 0x0D, \
     0xAB, 0xC5, 0x21, 0x97, 0x9B, 0x0D, 0xEA, 0xDA, \
     0x1D, 0xBF, 0x9A, 0x42, 0xD5, 0xC4, 0x48, 0x4E, \
     0x0A, 0xBC, 0xD0, 0x6B, 0xFA, 0x53, 0xDD, 0xEF, \
     0x3C, 0x1B, 0x20, 0xEE, 0x3F, 0xD5, 0x9D, 0x7C, \
     0x25, 0xE4, 0x1D, 0x2B, 0x66, 0x9E, 0x1E, 0xF1, \
     0x6E, 0x6F, 0x52, 0xC3, 0x16, 0x4D, 0xF4, 0xFB, \
     0x79, 0x30, 0xE9, 0xE4, 0xE5, 0x88, 0x57, 0xB6, \
     0xAC, 0x7D, 0x5F, 0x42, 0xD6, 0x9F, 0x6D, 0x18, \
     0x77, 0x63, 0xCF, 0x1D, 0x55, 0x03, 0x40, 0x04, \
     0x87, 0xF5, 0x5B, 0xA5, 0x7E, 0x31, 0xCC, 0x7A, \
     0x71, 0x35, 0xC8, 0x86, 0xEF, 0xB4, 0x31, 0x8A, \
     0xED, 0x6A, 0x1E, 0x01, 0x2D, 0x9E, 0x68, 0x32, \
     0xA9, 0x07, 0x60, 0x0A, 0x91, 0x81, 0x30, 0xC4, \
     0x6D, 0xC7, 0x78, 0xF9, 0x71, 0xAD, 0x00, 0x38, \
     0x09, 0x29, 0x99, 0xA3, 0x33, 0xCB, 0x8B, 0x7A, \
     0x1A, 0x1D, 0xB9, 0x3D, 0x71, 0x40, 0x00, 0x3C, \
     0x2A, 0x4E, 0xCE, 0xA9, 0xF9, 0x8D, 0x0A, 0xCC, \
     0x0A, 0x82, 0x91, 0xCD, 0xCE, 0xC9, 0x7D, 0xCF, \
     0x8E, 0xC9, 0xB5, 0x5A, 0x7F, 0x88, 0xA4, 0x6B, \
     0x4D, 0xB5, 0xA8, 0x51, 0xF4, 0x41, 0x82, 0xE1, \
     0xC6, 0x8A, 0x00, 0x7E, 0x5E, 0x0D, 0xD9, 0x02, \
     0x0B, 0xFD, 0x64, 0xB6, 0x45, 0x03, 0x6C, 0x7A, \
     0x4E, 0x67, 0x7D, 0x2C, 0x38, 0x53, 0x2A, 0x3A, \
     0x23, 0xBA, 0x44, 0x42, 0xCA, 0xF5, 0x3E, 0xA6, \
     0x3B, 0xB4, 0x54, 0x32, 0x9B, 0x76, 0x24, 0xC8, \
     0x91, 0x7B, 0xDD, 0x64, 0xB1, 0xC0, 0xFD, 0x4C, \
     0xB3, 0x8E, 0x8C, 0x33, 0x4C, 0x70, 0x1C, 0x3A, \
     0xCD, 0xAD, 0x06, 0x57, 0xFC, 0xCF, 0xEC, 0x71, \
     0x9B, 0x1F, 0x5C, 0x3E, 0x4E, 0x46, 0x04, 0x1F, \
     0x38, 0x81, 0x47, 0xFB, 0x4C, 0xFD, 0xB4, 0x77, \
     0xA5, 0x24, 0x71, 0xF7, 0xA9, 0xA9, 0x69, 0x10, \
     0xB8, 0x55, 0x32, 0x2E, 0xDB, 0x63, 0x40, 0xD8, \
     0xA0, 0x0E, 0xF0, 0x92, 0x35, 0x05, 0x11, 0xE3, \
     0x0A, 0xBE, 0xC1, 0xFF, 0xF9, 0xE3, 0xA2, 0x6E, \
     0x7F, 0xB2, 0x9F, 0x8C, 0x18, 0x30, 0x23, 0xC3, \
     0x58, 0x7E, 0x38, 0xDA, 0x00, 0x77, 0xD9, 0xB4, \
     0x76, 0x3E, 0x4E, 0x4B, 0x94, 0xB2, 0xBB, 0xC1, \
     0x94, 0xC6, 0x65, 0x1E, 0x77, 0xCA, 0xF9, 0x92, \
     0xEE, 0xAA, 0xC0, 0x23, 0x2A, 0x28, 0x1B, 0xF6, \
     0xB3, 0xA7, 0x39, 0xC1, 0x22, 0x61, 0x16, 0x82, \
     0x0A, 0xE8, 0xDB, 0x58, 0x47, 0xA6, 0x7C, 0xBE, \
     0xF9, 0xC9, 0x09, 0x1B, 0x46, 0x2D, 0x53, 0x8C, \
     0xD7, 0x2B, 0x03, 0x74, 0x6A, 0xE7, 0x7F, 0x5E, \
     0x62, 0x29, 0x2C, 0x31, 0x15, 0x62, 0xA8, 0x46, \
     0x50, 0x5D, 0xC8, 0x2D, 0xB8, 0x54, 0x33, 0x8A, \
     0xE4, 0x9F, 0x52, 0x35, 0xC9, 0x5B, 0x91, 0x17, \
     0x8C, 0xCF, 0x2D, 0xD5, 0xCA, 0xCE, 0xF4, 0x03, \
     0xEC, 0x9D, 0x18, 0x10, 0xC6, 0x27, 0x2B, 0x04, \
     0x5B, 0x3B, 0x71, 0xF9, 0xDC, 0x6B, 0x80, 0xD6, \
     0x3F, 0xDD, 0x4A, 0x8E, 0x9A, 0xDB, 0x1E, 0x69, \
     0x62, 0xA6, 0x95, 0x26, 0xD4, 0x31, 0x61, 0xC1, \
     0xA4, 0x1D, 0x57, 0x0D, 0x79, 0x38, 0xDA, 0xD4, \
     0xA4, 0x0E, 0x32, 0x9C, 0xD0, 0xE4, 0x0E, 0x65, \
     0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ])

DHM_RFC7919_FFDHE6144_G_BIN = bytes([ 0x02 ])

DHM_RFC7919_FFDHE8192_P_BIN = bytes([                \
     0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \
     0xAD, 0xF8, 0x54, 0x58, 0xA2, 0xBB, 0x4A, 0x9A, \
     0xAF, 0xDC, 0x56, 0x20, 0x27, 0x3D, 0x3C, 0xF1, \
     0xD8, 0xB9, 0xC5, 0x83, 0xCE, 0x2D, 0x36, 0x95, \
     0xA9, 0xE1, 0x36, 0x41, 0x14, 0x64, 0x33, 0xFB, \
     0xCC, 0x93, 0x9D, 0xCE, 0x24, 0x9B, 0x3E, 0xF9, \
     0x7D, 0x2F, 0xE3, 0x63, 0x63, 0x0C, 0x75, 0xD8, \
     0xF6, 0x81, 0xB2, 0x02, 0xAE, 0xC4, 0x61, 0x7A, \
     0xD3, 0xDF, 0x1E, 0xD5, 0xD5, 0xFD, 0x65, 0x61, \
     0x24, 0x33, 0xF5, 0x1F, 0x5F, 0x06, 0x6E, 0xD0, \
     0x85, 0x63, 0x65, 0x55, 0x3D, 0xED, 0x1A, 0xF3, \
     0xB5, 0x57, 0x13, 0x5E, 0x7F, 0x57, 0xC9, 0x35, \
     0x98, 0x4F, 0x0C, 0x70, 0xE0, 0xE6, 0x8B, 0x77, \
     0xE2, 0xA6, 0x89, 0xDA, 0xF3, 0xEF, 0xE8, 0x72, \
     0x1D, 0xF1, 0x58, 0xA1, 0x36, 0xAD, 0xE7, 0x35, \
     0x30, 0xAC, 0xCA, 0x4F, 0x48, 0x3A, 0x79, 0x7A, \
     0xBC, 0x0A, 0xB1, 0x82, 0xB3, 0x24, 0xFB, 0x61, \
     0xD1, 0x08, 0xA9, 0x4B, 0xB2, 0xC8, 0xE3, 0xFB, \
     0xB9, 0x6A, 0xDA, 0xB7, 0x60, 0xD7, 0xF4, 0x68, \
     0x1D, 0x4F, 0x42, 0xA3, 0xDE, 0x39, 0x4D, 0xF4, \
     0xAE, 0x56, 0xED, 0xE7, 0x63, 0x72, 0xBB, 0x19, \
     0x0B, 0x07, 0xA7, 0xC8, 0xEE, 0x0A, 0x6D, 0x70, \
     0x9E, 0x02, 0xFC, 0xE1, 0xCD, 0xF7, 0xE2, 0xEC, \
     0xC0, 0x34, 0x04, 0xCD, 0x28, 0x34, 0x2F, 0x61, \
     0x91, 0x72, 0xFE, 0x9C, 0xE9, 0x85, 0x83, 0xFF, \
     0x8E, 0x4F, 0x12, 0x32, 0xEE, 0xF2, 0x81, 0x83, \
     0xC3, 0xFE, 0x3B, 0x1B, 0x4C, 0x6F, 0xAD, 0x73, \
     0x3B, 0xB5, 0xFC, 0xBC, 0x2E, 0xC2, 0x20, 0x05, \
     0xC5, 0x8E, 0xF1, 0x83, 0x7D, 0x16, 0x83, 0xB2, \
     0xC6, 0xF3, 0x4A, 0x26, 0xC1, 0xB2, 0xEF, 0xFA, \
     0x88, 0x6B, 0x42, 0x38, 0x61, 0x1F, 0xCF, 0xDC, \
     0xDE, 0x35, 0x5B, 0x3B, 0x65, 0x19, 0x03, 0x5B, \
     0xBC, 0x34, 0xF4, 0xDE, 0xF9, 0x9C, 0x02, 0x38, \
     0x61, 0xB4, 0x6F, 0xC9, 0xD6, 0xE6, 0xC9, 0x07, \
     0x7A, 0xD9, 0x1D, 0x26, 0x91, 0xF7, 0xF7, 0xEE, \
     0x59, 0x8C, 0xB0, 0xFA, 0xC1, 0x86, 0xD9, 0x1C, \
     0xAE, 0xFE, 0x13, 0x09, 0x85, 0x13, 0x92, 0x70, \
     0xB4, 0x13, 0x0C, 0x93, 0xBC, 0x43, 0x79, 0x44, \
     0xF4, 0xFD, 0x44, 0x52, 0xE2, 0xD7, 0x4D, 0xD3, \
     0x64, 0xF2, 0xE2, 0x1E, 0x71, 0xF5, 0x4B, 0xFF, \
     0x5C, 0xAE, 0x82, 0xAB, 0x9C, 0x9D, 0xF6, 0x9E, \
     0xE8, 0x6D, 0x2B, 0xC5, 0x22, 0x36, 0x3A, 0x0D, \
     0xAB, 0xC5, 0x21, 0x97, 0x9B, 0x0D, 0xEA, 0xDA, \
     0x1D, 0xBF, 0x9A, 0x42, 0xD5, 0xC4, 0x48, 0x4E, \
     0x0A, 0xBC, 0xD0, 0x6B, 0xFA, 0x53, 0xDD, 0xEF, \
     0x3C, 0x1B, 0x20, 0xEE, 0x3F, 0xD5, 0x9D, 0x7C, \
     0x25, 0xE4, 0x1D, 0x2B, 0x66, 0x9E, 0x1E, 0xF1, \
     0x6E, 0x6F, 0x52, 0xC3, 0x16, 0x4D, 0xF4, 0xFB, \
     0x79, 0x30, 0xE9, 0xE4, 0xE5, 0x88, 0x57, 0xB6, \
     0xAC, 0x7D, 0x5F, 0x42, 0xD6, 0x9F, 0x6D, 0x18, \
     0x77, 0x63, 0xCF, 0x1D, 0x55, 0x03, 0x40, 0x04, \
     0x87, 0xF5, 0x5B, 0xA5, 0x7E, 0x31, 0xCC, 0x7A, \
     0x71, 0x35, 0xC8, 0x86, 0xEF, 0xB4, 0x31, 0x8A, \
     0xED, 0x6A, 0x1E, 0x01, 0x2D, 0x9E, 0x68, 0x32, \
     0xA9, 0x07, 0x60, 0x0A, 0x91, 0x81, 0x30, 0xC4, \
     0x6D, 0xC7, 0x78, 0xF9, 0x71, 0xAD, 0x00, 0x38, \
     0x09, 0x29, 0x99, 0xA3, 0x33, 0xCB, 0x8B, 0x7A, \
     0x1A, 0x1D, 0xB9, 0x3D, 0x71, 0x40, 0x00, 0x3C, \
     0x2A, 0x4E, 0xCE, 0xA9, 0xF9, 0x8D, 0x0A, 0xCC, \
     0x0A, 0x82, 0x91, 0xCD, 0xCE, 0xC9, 0x7D, 0xCF, \
     0x8E, 0xC9, 0xB5, 0x5A, 0x7F, 0x88, 0xA4, 0x6B, \
     0x4D, 0xB5, 0xA8, 0x51, 0xF4, 0x41, 0x82, 0xE1, \
     0xC6, 0x8A, 0x00, 0x7E, 0x5E, 0x0D, 0xD9, 0x02, \
     0x0B, 0xFD, 0x64, 0xB6, 0x45, 0x03, 0x6C, 0x7A, \
     0x4E, 0x67, 0x7D, 0x2C, 0x38, 0x53, 0x2A, 0x3A, \
     0x23, 0xBA, 0x44, 0x42, 0xCA, 0xF5, 0x3E, 0xA6, \
     0x3B, 0xB4, 0x54, 0x32, 0x9B, 0x76, 0x24, 0xC8, \
     0x91, 0x7B, 0xDD, 0x64, 0xB1, 0xC0, 0xFD, 0x4C, \
     0xB3, 0x8E, 0x8C, 0x33, 0x4C, 0x70, 0x1C, 0x3A, \
     0xCD, 0xAD, 0x06, 0x57, 0xFC, 0xCF, 0xEC, 0x71, \
     0x9B, 0x1F, 0x5C, 0x3E, 0x4E, 0x46, 0x04, 0x1F, \
     0x38, 0x81, 0x47, 0xFB, 0x4C, 0xFD, 0xB4, 0x77, \
     0xA5, 0x24, 0x71, 0xF7, 0xA9, 0xA9, 0x69, 0x10, \
     0xB8, 0x55, 0x32, 0x2E, 0xDB, 0x63, 0x40, 0xD8, \
     0xA0, 0x0E, 0xF0, 0x92, 0x35, 0x05, 0x11, 0xE3, \
     0x0A, 0xBE, 0xC1, 0xFF, 0xF9, 0xE3, 0xA2, 0x6E, \
     0x7F, 0xB2, 0x9F, 0x8C, 0x18, 0x30, 0x23, 0xC3, \
     0x58, 0x7E, 0x38, 0xDA, 0x00, 0x77, 0xD9, 0xB4, \
     0x76, 0x3E, 0x4E, 0x4B, 0x94, 0xB2, 0xBB, 0xC1, \
     0x94, 0xC6, 0x65, 0x1E, 0x77, 0xCA, 0xF9, 0x92, \
     0xEE, 0xAA, 0xC0, 0x23, 0x2A, 0x28, 0x1B, 0xF6, \
     0xB3, 0xA7, 0x39, 0xC1, 0x22, 0x61, 0x16, 0x82, \
     0x0A, 0xE8, 0xDB, 0x58, 0x47, 0xA6, 0x7C, 0xBE, \
     0xF9, 0xC9, 0x09, 0x1B, 0x46, 0x2D, 0x53, 0x8C, \
     0xD7, 0x2B, 0x03, 0x74, 0x6A, 0xE7, 0x7F, 0x5E, \
     0x62, 0x29, 0x2C, 0x31, 0x15, 0x62, 0xA8, 0x46, \
     0x50, 0x5D, 0xC8, 0x2D, 0xB8, 0x54, 0x33, 0x8A, \
     0xE4, 0x9F, 0x52, 0x35, 0xC9, 0x5B, 0x91, 0x17, \
     0x8C, 0xCF, 0x2D, 0xD5, 0xCA, 0xCE, 0xF4, 0x03, \
     0xEC, 0x9D, 0x18, 0x10, 0xC6, 0x27, 0x2B, 0x04, \
     0x5B, 0x3B, 0x71, 0xF9, 0xDC, 0x6B, 0x80, 0xD6, \
     0x3F, 0xDD, 0x4A, 0x8E, 0x9A, 0xDB, 0x1E, 0x69, \
     0x62, 0xA6, 0x95, 0x26, 0xD4, 0x31, 0x61, 0xC1, \
     0xA4, 0x1D, 0x57, 0x0D, 0x79, 0x38, 0xDA, 0xD4, \
     0xA4, 0x0E, 0x32, 0x9C, 0xCF, 0xF4, 0x6A, 0xAA, \
     0x36, 0xAD, 0x00, 0x4C, 0xF6, 0x00, 0xC8, 0x38, \
     0x1E, 0x42, 0x5A, 0x31, 0xD9, 0x51, 0xAE, 0x64, \
     0xFD, 0xB2, 0x3F, 0xCE, 0xC9, 0x50, 0x9D, 0x43, \
     0x68, 0x7F, 0xEB, 0x69, 0xED, 0xD1, 0xCC, 0x5E, \
     0x0B, 0x8C, 0xC3, 0xBD, 0xF6, 0x4B, 0x10, 0xEF, \
     0x86, 0xB6, 0x31, 0x42, 0xA3, 0xAB, 0x88, 0x29, \
     0x55, 0x5B, 0x2F, 0x74, 0x7C, 0x93, 0x26, 0x65, \
     0xCB, 0x2C, 0x0F, 0x1C, 0xC0, 0x1B, 0xD7, 0x02, \
     0x29, 0x38, 0x88, 0x39, 0xD2, 0xAF, 0x05, 0xE4, \
     0x54, 0x50, 0x4A, 0xC7, 0x8B, 0x75, 0x82, 0x82, \
     0x28, 0x46, 0xC0, 0xBA, 0x35, 0xC3, 0x5F, 0x5C, \
     0x59, 0x16, 0x0C, 0xC0, 0x46, 0xFD, 0x82, 0x51, \
     0x54, 0x1F, 0xC6, 0x8C, 0x9C, 0x86, 0xB0, 0x22, \
     0xBB, 0x70, 0x99, 0x87, 0x6A, 0x46, 0x0E, 0x74, \
     0x51, 0xA8, 0xA9, 0x31, 0x09, 0x70, 0x3F, 0xEE, \
     0x1C, 0x21, 0x7E, 0x6C, 0x38, 0x26, 0xE5, 0x2C, \
     0x51, 0xAA, 0x69, 0x1E, 0x0E, 0x42, 0x3C, 0xFC, \
     0x99, 0xE9, 0xE3, 0x16, 0x50, 0xC1, 0x21, 0x7B, \
     0x62, 0x48, 0x16, 0xCD, 0xAD, 0x9A, 0x95, 0xF9, \
     0xD5, 0xB8, 0x01, 0x94, 0x88, 0xD9, 0xC0, 0xA0, \
     0xA1, 0xFE, 0x30, 0x75, 0xA5, 0x77, 0xE2, 0x31, \
     0x83, 0xF8, 0x1D, 0x4A, 0x3F, 0x2F, 0xA4, 0x57, \
     0x1E, 0xFC, 0x8C, 0xE0, 0xBA, 0x8A, 0x4F, 0xE8, \
     0xB6, 0x85, 0x5D, 0xFE, 0x72, 0xB0, 0xA6, 0x6E, \
     0xDE, 0xD2, 0xFB, 0xAB, 0xFB, 0xE5, 0x8A, 0x30, \
     0xFA, 0xFA, 0xBE, 0x1C, 0x5D, 0x71, 0xA8, 0x7E, \
     0x2F, 0x74, 0x1E, 0xF8, 0xC1, 0xFE, 0x86, 0xFE, \
     0xA6, 0xBB, 0xFD, 0xE5, 0x30, 0x67, 0x7F, 0x0D, \
     0x97, 0xD1, 0x1D, 0x49, 0xF7, 0xA8, 0x44, 0x3D, \
     0x08, 0x22, 0xE5, 0x06, 0xA9, 0xF4, 0x61, 0x4E, \
     0x01, 0x1E, 0x2A, 0x94, 0x83, 0x8F, 0xF8, 0x8C, \
     0xD6, 0x8C, 0x8B, 0xB7, 0xC5, 0xC6, 0x42, 0x4C, \
     0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ])

DHM_RFC7919_FFDHE8192_G_BIN = bytes([ 0x02 ])

def generate_ffdh_key_agreement_test_vectors(P, G):
    K_B = int.to_bytes(0, 4, "big")
    P_size = (P.bit_length() + 7) // 8
    while(K_B[0] == 0):
        X = random.randint(2, P-2)
        Y = random.randint(2, P-2)
        GX = pow(G, X, P)
        GY = pow(G, Y, P)
        K = pow(GY, X, P)
        K_B = int.to_bytes(K, P_size, "big")

    print("----- FFDH KA Test Vector: Key Size {} (K without leading zeros) -----".format(P_size))
    print("P:  " + hex(P))
    print("G:  " + hex(G))
    print("X:  " + hex(X))
    print("GX: " + hex(GX))
    print("GY: " + hex(GY))
    print("K:  " + hex(K))
    print("----------------------------------------------------------------------")

    K_B = int.to_bytes(0xFFFFFFFF, 4, "big")
    while(K_B[0] != 0):
        X = random.randint(2, P-2)
        Y = random.randint(2, P-2)
        GX = pow(G, X, P)
        GY = pow(G, Y, P)
        K = pow(GY, X, P)
        K_B = int.to_bytes(K, P_size, "big")

    print("----- FFDH KA Test Vector: Key Size {} (K with leading zeros) -----".format(P_size))
    print("P:  " + hex(P))
    print("G:  " + hex(G))
    print("X:  " + hex(X))
    print("GX: " + hex(GX))
    print("GY: " + hex(GY))
    print("K:  " + hex(K))
    print("-------------------------------------------------------------------")

def main():
    P = int.from_bytes( DHM_RFC7919_FFDHE2048_P_BIN, "big" )
    G = int.from_bytes( DHM_RFC7919_FFDHE2048_G_BIN, "big" )
    generate_ffdh_key_agreement_test_vectors(P, G)

    P = int.from_bytes( DHM_RFC7919_FFDHE3072_P_BIN, "big" )
    G = int.from_bytes( DHM_RFC7919_FFDHE3072_G_BIN, "big" )
    generate_ffdh_key_agreement_test_vectors(P, G)

    P = int.from_bytes( DHM_RFC7919_FFDHE4096_P_BIN, "big" )
    G = int.from_bytes( DHM_RFC7919_FFDHE4096_G_BIN, "big" )
    generate_ffdh_key_agreement_test_vectors(P, G)

    P = int.from_bytes( DHM_RFC7919_FFDHE6144_P_BIN, "big" )
    G = int.from_bytes( DHM_RFC7919_FFDHE6144_G_BIN, "big" )
    generate_ffdh_key_agreement_test_vectors(P, G)

    P = int.from_bytes( DHM_RFC7919_FFDHE8192_P_BIN, "big" )
    G = int.from_bytes( DHM_RFC7919_FFDHE8192_G_BIN, "big" )
    generate_ffdh_key_agreement_test_vectors(P, G)

if __name__ == "__main__":
    main()

Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-04-26 09:04:32 +02:00
Przemek Stekiel 564eb5864b Add FFDH key generation tests 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-04-26 09:04:32 +02:00
Przemek Stekiel 44babc04dc Add import/export FFDH key tests 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-04-26 09:04:32 +02:00
Przemek Stekiel 1d9c2b63d9 Adapt import/export test for FFDH 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-04-26 09:04:32 +02:00
Tom Cosgrove 10f40916eb
Merge pull request #7462 from daverodgman/clz_size_opt 
clz size/perf optimisation
 2023-04-26 07:06:30 +01:00
Dave Rodgman 4f30a6aa59 Remove undesirable test 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-04-25 18:07:29 +01:00
Dave Rodgman 2e863ecde9 Remove unnecessary if to save 16 bytes 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-04-25 17:40:49 +01:00
Przemek Stekiel d14e04ea72 Use ASSERT_COMPARE for comapring buffers 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-04-25 14:31:28 +02:00
Minos Galanakis 4dfed0a186 test_suite_ecp: Refactored ecp_mod_p256k1 to alignt with ecp_mod_p192k1 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2023-04-25 13:30:59 +01:00
Minos Galanakis 9c2c81f996 ecp_curves: Renamed ecp_mod_p256k1 -> mbedtls_ecp_mod_p256k1 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2023-04-25 13:30:59 +01:00
Minos Galanakis d6751dcd8b ecp_curves: Added unit-tests for secp256k1 
This patch introduces basic unit-testing for the `ecp_mod_p256k1()`.

The method is exposed through the ecp_invasive interface, and
the standard testing data is being provided by the python framework.

Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2023-04-25 13:30:59 +01:00
Minos Galanakis cfb5a5fade bignum_core_test_suite: Added mpi_core_shift_l() 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2023-04-25 12:23:34 +01:00
Pengyu Lv 1d4cc917ce cert_audit: Reword the options and their descriptions 
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
 2023-04-25 15:17:19 +08:00
Pengyu Lv 1381598aa3 cert_audit: Check the version of cryptography 
The script requires cryptography >= 35.0.0, we
need to check the version and provide meaningful
error message when the package version was too
old.

Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
 2023-04-25 14:55:38 +08:00
Valerio Setti 14bfdbf908 test: update guards also for pkwrite and pkparse 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-04-24 13:53:21 +02:00
Valerio Setti 8bb93bb44c test: fix max value in test_mx32 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-04-24 13:47:18 +02:00
valerio e50831c639 test: minor fix for non-initialized variable 
Signed-off-by: valerio <valerio.setti@nordicsemi.no>
 2023-04-24 13:47:18 +02:00
valerio 32f2ac9a18 test: proper positioning of USE_PSA_INIT + added missing exit labels 
Signed-off-by: valerio <valerio.setti@nordicsemi.no>
 2023-04-24 13:47:18 +02:00
Valerio Setti 285dae83dd test: fix USE_PSA_INIT/DONE for SSL test suite 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-04-24 13:47:18 +02:00
Valerio Setti 569c171015 test: fix USE_PSA_INIT/DONE for x509 test suite 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-04-24 13:47:18 +02:00
Valerio Setti b79f7db9b0 test: fix USE_PSA_INIT/DONE for PK test suite 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-04-24 13:47:18 +02:00
Manuel Pégourié-Gonnard feb941a77a
Merge pull request #7465 from valeriosetti/issue7460-part3 
Check remaning dependencies on ECP in PK module
 2023-04-24 13:06:09 +02:00
Manuel Pégourié-Gonnard 0281d7630b
Merge pull request #7449 from valeriosetti/issue7446 
Clean up & improve PK write test functions
 2023-04-24 13:05:16 +02:00
valerio 0b0486452c improve syms.sh script for external dependencies analysis 
It is now possible to analyze also modules and not only
x509 and tls libraries.

Signed-off-by: valerio <valerio.setti@nordicsemi.no>
 2023-04-24 10:34:08 +02:00
Valerio Setti bf974b9b1c test_suite_pkwrite: replace memcpy with memmove 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-04-24 10:26:24 +02:00
Valerio Setti 547b3a4ab5 fix typos 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-04-24 10:24:37 +02:00
Valerio Setti 7bacaf859a fix new line difference in Windows 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-04-24 08:53:00 +02:00
Pengyu Lv c34b9ac18c cert_audit: Clarify the abstraction of Auditor 
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
 2023-04-23 14:57:30 +08:00
Pengyu Lv 28fe957239 cert_audit: Add simple parser of suite data file 
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
 2023-04-23 13:56:25 +08:00
Gilles Peskine 935a987b2b
Merge pull request #7436 from AndrzejKurek/x509-verify-san-ip 
x509 SAN IP parsing
 2023-04-21 22:00:58 +02:00
Dave Rodgman bbf881053d Document undefined case. Clarify test code. 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-04-21 12:54:40 +01:00
Pengyu Lv 2d487217cd cert_audit: Improve the method to find tests folder 
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
 2023-04-21 12:41:24 +08:00
Pengyu Lv a228cbcecc cert_audit: Add data-files and suite-data-files options 
The commit adds '--data-files' and '--suite-data-files'
options so that we could pass names for the two types
of files separately. Additionally, the commit improves
the documentation in the script.

Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
 2023-04-21 11:59:25 +08:00
Pengyu Lv fcda6d4f51 cert_audit: Enable logging module 
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
 2023-04-21 11:04:07 +08:00
Dave Rodgman 678e63007c Remove test-case for all-zero 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-04-20 12:28:59 +01:00
Jerry Yu ad2091d9c2 fix grammar issues 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-04-20 10:01:42 +08:00
Dave Rodgman d54cb83584 Fix tests 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-04-19 18:46:17 +01:00
Dave Rodgman fe8a8cd100 Size/perf optimisation for mbedtls_mpi_core_clz 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-04-19 17:59:12 +01:00
Kusumit Ghoderao 7415539173 Fix code style 
Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>
 2023-04-19 21:00:27 +05:30
Kusumit Ghoderao 3b27a7f6bf Fix hex_string converter 
Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>
 2023-04-19 17:20:25 +05:30
Kusumit Ghoderao a14ae5a0c9 Fix input_integer testing 
Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>
 2023-04-19 14:16:26 +05:30
Pengyu Lv ad30679d9e cert_audit: Reuse generate_test_code.FileWrapper 
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
 2023-04-19 15:07:03 +08:00
Pengyu Lv 7a344dde0f New implementation for generate_test_code.FileWrapper 
We get some performance benefit from the Buffered I/O.

Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
 2023-04-19 15:03:20 +08:00
Jerry Yu d3c7d538f1 Improve comments about the time_delay test. 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-04-19 14:07:59 +08:00
Minos Galanakis 357b9e1342 test_suite_ecp: Refactored ecp_mod_p224k1 to alignt with ecp_mod_p192k1 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2023-04-18 14:13:20 +01:00
Minos Galanakis e5dab975c6 ecp_curves: Added unit-tests for secp224k1 
This patch introduces basic unit-testing for the `ecp_mod_p224k1()`.

The method is exposed through the ecp_invasive interface, and
the standard testing data is being provided by the python framework.

Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2023-04-18 14:13:20 +01:00
Andrzej Kurek af04f6307f Add an IPv4 mapped IPv6 test 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2023-04-18 07:26:59 -04:00
Janos Follath 3c3b94a31b
Merge pull request #7424 from gabor-mezei-arm/7256_unit_tests_for_p192k1 
Add unit tests for ecp_mod_p192k1()
 2023-04-18 12:19:40 +01:00
Valerio Setti 2280895784 test: properly check written PEM buffer len 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-04-18 12:59:06 +02:00
Valerio Setti 232a006a46 test: fix extension in DER test files 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-04-18 12:53:19 +02:00
Manuel Pégourié-Gonnard 1b59e76a8f
Merge pull request #7431 from valeriosetti/issue7404 
driver-only: ECP.PSA starter
 2023-04-18 11:56:16 +02:00
Valerio Setti 15cac17da5 test: fix dependencies in DER and PEM tests 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-04-18 11:32:58 +02:00
Valerio Setti c9cb5324b7 test: specify input file type through enum 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-04-18 11:20:36 +02:00
Jerry Yu ed9b9a7579 Add warning to reserve the reason 
The test has some issues we can not avoid. Put
it in code to avoid it is re-inroduced again

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-04-18 17:09:03 +08:00
Valerio Setti 8b7d4323da test: add Makefile target for the generated DER files 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-04-18 11:08:44 +02:00
Jerry Yu d1190a5af3 Update comments and remove delay seconds test 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-04-18 17:01:50 +08:00
Pengyu Lv 8e6794ad56 cert_audit: Code refinement 
This commit is a collection of code refinements
from review comments.

Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
 2023-04-18 17:00:47 +08:00
Valerio Setti 3401b306ab test: use proper macros for checks 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-04-18 10:42:53 +02:00
Pengyu Lv f8e5e059c5 cert_audit: Improve documentation 
This commit is a collection of improving the documentation in the
script:

  * Restore uppercase in the license header.
  * Reword the script description.
  * Reword the docstring of AuditData.fill_validity_duration
  * Rename AuditData.filename to *.location

Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
 2023-04-18 16:24:02 +08:00
Jerry Yu 4852bb823f remove time delay tests 
See #1517. They often failed on the CI.

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-04-18 15:02:21 +08:00
Valerio Setti 28567abf4f test: add DER file format for pkwrite tests 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-04-17 18:43:55 +02:00
Valerio Setti c60bc5e700 test: add support for DER format in pkwrite tests 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-04-17 18:43:06 +02:00
Valerio Setti 8959095e87 test: memory footprint optimization for pkwrite tests 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-04-17 17:34:42 +02:00
Paul Elliott 4359badbb2
Merge pull request #7331 from mprse/ec-jpake-fix2 
PSA PAKE: Check input_length against PSA_PAKE_INPUT_SIZE() in psa_pake_input
 2023-04-17 16:31:09 +01:00
Valerio Setti 2dbc3066c7 test: remove useless ECP_LIGHT guard in psa_exercise_key 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-04-17 12:03:48 +02:00
Valerio Setti e618cb0a0b test: add coverage's analysis framework for accel EC algs w/o ECP 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-04-17 12:03:48 +02:00
Jerry Yu 2f1e85f47e fix comments issues 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-04-17 16:53:37 +08:00
Manuel Pégourié-Gonnard 6942cc3da7
Merge pull request #7410 from valeriosetti/issue7390 
Define (private) "light" subset of ECP
 2023-04-14 13:24:06 +02:00
Dave Rodgman f33c7e3344 Code style 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-04-13 15:34:43 +01:00
Dave Rodgman 9145dc46ed Ensure variables initialised 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-04-13 15:00:07 +01:00
Dave Rodgman c07df36f9e More fixes for big-endian 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-04-13 14:54:12 +01:00
Andrzej Kurek 06969fc3a0 Introduce a test for a sw implementation of inet_pton 
Create a bypass define to simulate platforms
without AF_INET6.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2023-04-13 09:20:15 -04:00
Andrzej Kurek fe050815c8 Introduce an additional test for IPV4 parsing 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2023-04-13 09:20:05 -04:00
Andrzej Kurek e404612580 Replace old macro in test_suite_x509parse 
MD_CAN_SHAXXX should be now used.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2023-04-13 09:19:58 -04:00
Dave Rodgman b169671c50 Tidy-up 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-04-13 13:46:46 +01:00
Dave Rodgman df2d5b1ca1 Fix compile error 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-04-13 13:41:09 +01:00
Dave Rodgman 0a05e703db Tidy-up 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-04-13 13:19:40 +01:00
Dave Rodgman 9dc8b6a6a2 Test fixes for big-endian 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-04-13 12:53:35 +01:00
Gabor Mezei 00c9c7a81b
Remove unneeded limb variables 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2023-04-13 13:13:14 +02:00
Gabor Mezei b70f5f1881
Add checks to guarantee positive input parameters 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2023-04-13 13:12:00 +02:00
Gabor Mezei b86ead3cb2
Add generated tests for ecp_mod_p192k1 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2023-04-13 12:47:59 +02:00
Pengyu Lv 7725c1d2a9 cert_audit: Output line/argument number for *.data files 
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
 2023-04-13 15:55:30 +08:00
Pengyu Lv 57240958ed cert_audit: Make FILE as positional argument 
Make FILE as positional argument so that we can
pass multiple files to the script. This commit
also contains some help message improvements.

Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
 2023-04-13 15:46:14 +08:00
Janos Follath 6d3ec55849
Merge pull request #7329 from minosgalanakis/ecp/unify_test_cases 
ecp: Unify test cases
 2023-04-12 13:23:16 +01:00
Minos Galanakis 6d2ee70e75 test_suite_ecp: Removed MBEDTLS_ECP_DP_SECP_GENERIC_ENABLED dependency. 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2023-04-12 09:44:02 +01:00
Mukesh Bharsakle b17f6a211d Updating makefile to document key generation 
Signed-off-by: Mukesh Bharsakle <bharsaklemukesh975@gmail.com>
 2023-04-12 00:05:45 +01:00
Stephan Koch 25c739baf7 Fix PSA AEAD ChaCha20 test dependency. 
Signed-off-by: Stephan Koch <koch@oberon.ch>
 2023-04-11 17:54:31 +02:00
Valerio Setti 9cea093700 test: resolve remaining disparities in test_suite_ssl 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-04-11 16:19:11 +02:00
Glenn Strauss 7bd00e0708 use MBEDTLS_PK_CAN_ECDSA_SOME 
instead of MBEDTLS_ECDSA_C in test data dependencies

Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
 2023-04-11 08:29:43 -04:00
Glenn Strauss 700ffa0744 use MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA 
instead of MBEDTLS_SHA256_C in test data dependencies

Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
 2023-04-11 08:29:42 -04:00
Glenn Strauss 6f545acfaf Add mbedtls_x509_crt_parse_cn_inet_pton() tests 
Extended from https://github.com/Mbed-TLS/mbedtls/pull/2906
contributed by Eugene K <eugene.kobyakov@netfoundry.io>

Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
 2023-04-11 08:29:42 -04:00
Eugene K 3208b0b391 add IP SAN tests changes per mbedTLS standards 
Signed-off-by: Eugene K <eugene.kobyakov@netfoundry.io>
 2023-04-11 08:29:42 -04:00
Valerio Setti a9aafd4807 test: revert undesired debug change in ssl-opt 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-04-11 12:30:45 +02:00
Valerio Setti 0c477d32e2 test: include also test_suite_ecp for the coverage analysis 
Only some test cases are skipped for which ECP_C is mandatory,
but the other ones are included.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-04-11 11:33:50 +02:00
Valerio Setti 6c496a1553 solve disparities for ECP_LIGHT between ref/accel 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-04-11 11:33:50 +02:00
Valerio Setti 5278986d2d psa: fix ECP guards for key derivation 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-04-11 11:33:50 +02:00
Valerio Setti d49cbc1493 test: fix remaining failures in test due to the ECP_LIGHT symbol 
Changes in test_suite_psa_crypto are to enforce the dependency
on ECP_C which is mandatory for some key's derivation.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-04-11 11:33:50 +02:00
Valerio Setti 29b395c854 test: let test_psa_crypto_config_accel_all_ec_algs_use_psa use ECP_LIGHT 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-04-11 11:33:50 +02:00
Manuel Pégourié-Gonnard 6a327a5fdc
Merge pull request #7393 from valeriosetti/issue7389 
PK tests: use PSA to generate keypairs when USE_PSA is enabled
 2023-04-11 11:27:14 +02:00
Pengyu Lv 3179232211 cert_audit: Disable pylint error for importing cryptography 
This is to make CI happy. The script requires cryptography
>= 35.0.0, which is only available for Python >= 3.6. But
both ubuntu-16.04 and Travis CI are using Python 3.5.x.

Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
 2023-04-11 16:30:54 +08:00
Gilles Peskine 02c52a08cd
Merge pull request #7287 from yanrayw/7285-followup-of-PR6500 
6500 follow-up: enhancements to the new ssl_helpers test module
 2023-04-11 09:31:37 +02:00
Valerio Setti 7816c24f2d test: fix guards position in test_suite_pk 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-04-11 09:16:24 +02:00
Valerio Setti b3f20da313 test: fix error handling in the new pk_genkey_ec() function 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-04-11 09:16:24 +02:00
Valerio Setti 12a063abb7 test: use proper macros for PSA init/done 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-04-11 09:16:24 +02:00
Valerio Setti 0b304421d8 ecp: revert changes to ECP module and related tests/programs 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-04-11 09:16:24 +02:00
Valerio Setti b6891b13f6 pk: add alternate function for keypair generation using PSA 
Instead of using the legacy mbedtls_ecp_gen_keypair() which makes
use of ECP's math, when USE_PSA_CRYPTO is enabled then the new
function pk_genkey_ec() is used in test_suite_pk.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-04-11 09:16:24 +02:00
Manuel Pégourié-Gonnard b16a50eeab
Merge pull request #7392 from valeriosetti/issue7388 
PK: use PSA to complete public key when USE_PSA is enabled
 2023-04-11 09:09:06 +02:00
Pengyu Lv cb8fc3275a cert_audit: Fill validity dates in AuditData constructor 
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
 2023-04-11 15:05:29 +08:00
Jerry Yu c9c3e62b3e workaround the assert fail with tollerance 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-04-11 14:08:23 +08:00
Pengyu Lv ebf011f43e cert_audit: Introduce not-[before|after] option 
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
 2023-04-11 14:07:50 +08:00
Jerry Yu fce8577f73 try to reproduce random assert fail 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-04-11 14:07:38 +08:00
Mukesh Bharsakle 1a4cc5e92c updating test-ca.key to use AES instead of DES 
Signed-off-by: Mukesh Bharsakle <bharsaklemukesh975@gmail.com>
 2023-04-10 14:05:42 +01:00
Pengyu Lv 30f2683d18 cert_audit: Parse more information from test suite data file 
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
 2023-04-07 18:04:07 +08:00
Manuel Pégourié-Gonnard f740767c00
Merge pull request #7391 from valeriosetti/issue7387 
PK: don't use mbedtls_ecp_check_pub_priv() when USE_PSA is enabled
 2023-04-07 10:17:18 +02:00
Valerio Setti 3fddf250dc test: use proper macros for PSA init/done 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-04-07 08:45:34 +02:00
Valerio Setti 34f6755b34 pkparse: add new function for deriving public key from private using PSA 
Instead of using the legacy mbedtls_ecp_mul() function which makes use of
ECP's math, this commit adds a new function named pk_derive_public_key()
which implements the same behavior using PSA functions.
The flow is simple:
- import the private key into PSA
- export its public part

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-04-07 08:45:34 +02:00
Minos Galanakis 92278dc407 test_suite_ecp: Updated dependency macros for ecp_raw_generic. 
This patch introduces a new local hash define of
`MBEDTLS_ECP_DP_SECP_GENERIC_ENABLED` to replace the
removed curve specific macros, introduced in upstream.

Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2023-04-06 16:27:44 +01:00
Minos Galanakis 1358648f77 test_suite_ecp: Introduced ecp_mod_p_generic_raw 
This patch replaces similiarly structured test functions
for:

* MBEDTLS_ECP_DP_SECP192R1
* MBEDTLS_ECP_DP_SECP224R1
* MBEDTLS_ECP_DP_SECP256R1
* MBEDTLS_ECP_DP_SECP384R1
* MBEDTLS_ECP_DP_BP512R1R1

with a more generic version, which adjusts the parameters, based on the `curve_id` field,
provided by the testing data.

The python test framework has been updated to provide that extra field.

Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2023-04-06 16:27:12 +01:00
Dave Rodgman 0b3de6fcec
Merge pull request #7288 from ronald-cron-arm/tls13-server-version-negotiation 
TLS: TLS 1.2 / 1.3 version negotiation on server side
 2023-04-06 16:26:19 +01:00
Kusumit Ghoderao 02326d5083 Test key_derivation_input_integer function 
Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>
 2023-04-06 17:47:59 +05:30
Ronald Cron 8c1ce223eb tests: ssl: Restore !MBEDTLS_SSL_PROTO_TLS1_3 dependency 
Restore the dependency on !MBEDTLS_SSL_PROTO_TLS1_3
of the DTLS fragmentation tests. That way the test
is not run on Windows 2013 (as in development) where
there is an issue with MBEDTLS_PRINTF_SIZET when
running those tests. I will address this issue in a
separate PR.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2023-04-06 13:20:40 +02:00
Ronald Cron c564938180 Add downgrade protection mechanism 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2023-04-06 10:32:05 +02:00
Ronald Cron 1a353ea4b8 ssl-opt.sh: Improve description of server negotiation tests 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2023-04-06 10:26:18 +02:00
Ronald Cron d120bd646c ssl-opt.sh: Add version selection by the server tests 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2023-04-06 10:26:18 +02:00
Ronald Cron 50ae84ed97 ssl-opt.sh: Remove some unnecessary forcing of TLS 1.3 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2023-04-06 10:26:18 +02:00
Ronald Cron 097ba146e7 tls: srv: Set hybrid TLS 1.2/1.3 as default configuration 
Set hybrid TLS 1.2/1.3 as default server
configuration if both TLS 1.2 and TLS 1.3
are enabled at build time.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2023-04-06 10:26:18 +02:00
Ronald Cron 43263c045a tests: ssl: Extend move to handshake state tests 
Extend move to handshake state tests to reach
most of TLS 1.2 and 1.3 handshake states.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2023-04-06 10:26:18 +02:00
Ronald Cron 3b35455a69 tls: srv: Allow server hybrid TLS 1.2 and 1.3 configuration 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2023-04-06 10:26:18 +02:00
Ronald Cron f95d169d60 ssl-opt.sh: Force TLS 1.2 on TLS 1.2 specific tests 
Force TLS 1.2 on TLS 1.2 specific tests in
preparation of TLS 1.3 being the default
protocol version when both TLS 1.2 and
TLS 1.3 are enabled.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2023-04-06 10:26:17 +02:00
Ronald Cron fd4c6afcb4 ssl-opt.sh: Force TLS 1.2 version 
Force TLS 1.2 version on tests related to
MBEDTLS_SSL_ASYNC_PRIVATE, CA callback and
MBEDTLS_SSL_MAX_FRAGMENT_LENGTH. Those
SSL options are not supported in TLS 1.3
for the time being. Thus force TLS 1.2
version in preparation of TLS 1.3 being
the default protocol version when both
TLS 1.2 and TLS 1.3 are enabled.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2023-04-06 10:26:17 +02:00
Ronald Cron 92dca39196 ssl-opt.sh: Extend scope of some tests to TLS 1.3 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2023-04-06 10:26:17 +02:00
Ronald Cron 0aa1b8843f ssl-opt.sh: Remove unnecessary explicit MBEDTLS_SSL_PROTO_TLS1_2 dep 
Remove unnecessary explicit MBEDTLS_SSL_PROTO_TLS1_2
dependency if TLS 1.2 version is forced or a TLS 1.2
cipher suite is forced (as TLS 1.2 cipher suites are
available if and only if TLS 1.2 is enabled and
cipher suite availability is check automatically).

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2023-04-06 10:26:17 +02:00
Ronald Cron 65f9029741 ssl-opt.sh: Remove unnecessary TLS 1.3 forcing on client side 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2023-04-06 10:26:17 +02:00
Ronald Cron c341ad717e ssl-opt.sh: Remove dummy TLS 1.3 kex modes tests 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2023-04-06 10:26:17 +02:00
Ronald Cron ea8a1ea17a tests: ssl: Add some missing dependencies 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2023-04-06 10:26:17 +02:00
Ronald Cron a697a71a14 tests: ssl: Move min/max TLS version setting to endpoint init 
Move min/max TLS version setting to endpoint init
where it fits better: before the call to
mbedtls_ssl_setup() and available for all tests
not only those calling perform_handshake().

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2023-04-06 10:26:17 +02:00
Pengyu Lv 45e32033db cert_audit: Support audit on test suite data files 
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
 2023-04-06 14:33:41 +08:00
Pengyu Lv 7f6933a227 cert_audit: Initial script for auditing expiry date 
We introduce the script to audit the expiry date of X509 files
(i.e. crt/crl/csr files) in tests/data_files/ folder.

This commit add basic classes and the framework for auditing
and "-a" option to list all valid crt/crl/csr files it found.

Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
 2023-04-06 13:38:56 +08:00
Minos Galanakis 00bd8925a7 bignum: Removed merge scaffolding. 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2023-04-05 16:13:11 +01:00
Przemek Stekiel 39dbe23845 Release memory for subject alt name in test 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-04-04 17:48:28 +02:00
Przemek Stekiel 79354c3c4d Use MBEDTLS_MD_CAN_SHA1 macro as test dependency 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-04-04 17:48:28 +02:00
Przemek Stekiel 09720e2228 Remove redundant test cases 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-04-04 17:48:28 +02:00
Przemek Stekiel 019842119d Adapt test for authority_key_id (parsing subject alt name) 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-04-04 17:48:28 +02:00
Przemek Stekiel 75653b1df0 Add indication of extension error while parsing authority/subject key id 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-04-04 17:48:28 +02:00
Przemek Stekiel 6ec839a1f9 x509_get_authority_key_id: add length check + test 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-04-04 17:48:28 +02:00
Przemek Stekiel 8661fed943 Fix tests dependencies 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-04-04 17:48:28 +02:00
Przemek Stekiel 240cbe4040 Remove generation of authorityKeyId_subjectKeyId.crt from makefile 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-04-04 17:48:28 +02:00
Przemek Stekiel 9a511c5bdf Rename back mbedtls_x509_parse_general_name->mbedtls_x509_parse_subject_alt_name 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-04-04 17:48:28 +02:00
toth92g 9085cff438 Removing obsolete test after merging and correcting missing macro 
Signed-off-by: toth92g <toth92g@gmail.com>
 2023-04-04 17:48:28 +02:00
toth92g 8d435a0c8b Renaming x509_get_subject_alt_name to x509_get_general_names and mbedtls_x509_parse_subject_alt_name to mbedtls_x509_parse_general_name so they can be used not only to collect subject alt name, but the V3 authority cert issuer that is also GeneralName type. 
Also updated the x509_get_general_names function to be able to parse rfc822Names

Test are also updated according these changes.

Signed-off-by: toth92g <toth92g@gmail.com>
 2023-04-04 17:48:28 +02:00
toth92g 5042b104c2 - Removing obsolete test files (DER strings are used instead of them to minimize resource usage) 
- Renaming test functions to match the naming conventions

Signed-off-by: toth92g <toth92g@gmail.com>
 2023-04-04 17:48:28 +02:00
toth92g 357b297b16 Correcting tests: 
- Wrong condition was checked (ref_ret != 0 instead of ref_ret == 0)
- tags were not checked (nor lengths)
- Using ASSERT_COMPARE where possible

Signed-off-by: toth92g <toth92g@gmail.com>
 2023-04-04 17:48:27 +02:00
toth92g 2d2fb3a5a7 Correting findings: Using DER format instead of PEM while testing to minimize the resource usage. Comparation of byte arrays in test are now done via the dedicated ASSERT_COMPARE test macro for better understanding 
Signed-off-by: toth92g <toth92g@gmail.com>
 2023-04-04 17:48:27 +02:00
toth92g 0e2e2d6841 x509parse tests used only last 16 bits of the return values. They are updated to check the whole 32 bit value 
Signed-off-by: toth92g <toth92g@gmail.com>
 2023-04-04 17:48:27 +02:00
toth92g 3c2243c6d5 Replacing hard-coded literals with macros of the library in the new x509parse tests 
Signed-off-by: toth92g <toth92g@gmail.com>
 2023-04-04 17:48:27 +02:00
toth92g 27f9e7815c Adding openssl configuration file and command to Makefile to be able to reproduce the certificate for testing Authority and Subject Key Id fields 
Increasing heap memory size of SSL_Client2 and SSL_Server2, because the original value is not enough to handle some certificates. The AuthorityKeyId and SubjectKeyId are also parsed now increasing the size of some certificates

Signed-off-by: toth92g <toth92g@gmail.com>
 2023-04-04 17:48:27 +02:00
toth92g a41954d0cf Extracting SubjectKeyId and AuthorityKeyId in case of x509 V3 extensions. Updating mbedtls_x509_crt_free function to also free the new dynamic elements (issuer field of AuthorityKeyId). 
A few tests are also added which test the feature with a correct certificate and multiple ones with erroneous ASN1 tags.

Signed-off-by: toth92g <toth92g@gmail.com>
 2023-04-04 17:48:27 +02:00
Dave Rodgman 56f59d749c
Merge pull request #7394 from mprse/fix_pkcs7_test_alloc 
Fix memory allocations in pkcs7_verify test
 2023-04-04 15:46:59 +01:00
Janos Follath 13c73de6de
Merge pull request #6233 from tom-cosgrove-arm/issue-6226-core-mul 
Bignum: extract core_mul from the prototype
 2023-04-04 13:36:22 +01:00
Ronald Cron 219f978097
Merge pull request #7059 from ronald-cron-arm/psa-crypto-misc 
PSA cryptography miscellaneous
 2023-04-04 10:54:03 +02:00
Valerio Setti 98680fc2ed ecp: revert changes to ECP module and test suite 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-04-04 10:22:59 +02:00
Przemek Stekiel 9735be5ef3 Fix memory allocations in pkcs7_verify test 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-04-04 09:07:10 +02:00
Manuel Pégourié-Gonnard 86d5d4bf31
Merge pull request #7103 from valeriosetti/issue6622 
Some MAX_SIZE macros are too small when PSA ECC is accelerated
 2023-04-03 16:23:27 +02:00
Valerio Setti 0fe1ee27e5 pk: add an alternative function for checking private/public key pairs 
Instead of using the legacy mbedtls_ecp_check_pub_priv() function which
was based on ECP math, we add a new option named eckey_check_pair_psa()
which takes advantage of PSA.
Of course, this is available when MBEDTLS_USE_PSA_CRYPTO in enabled.

Tests were also fixed accordingly.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-04-03 15:00:21 +02:00
Gabor Mezei f8b55d6358
Fix code style issues 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2023-04-03 14:13:46 +02:00
Valerio Setti c6ecdad42d test: disable all RSA algs and fix tests 
All RSA associated algs are now forcedly disabled both on library
and driver sides.
Some PSA driver tests required to be fixed because they were just
requiring for not having the built-in version, but they didn't check
if the driver one was present (kind of assuming that RSA was always
supported on the driver side).

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-04-03 08:26:35 +02:00
Dave Rodgman dd48c6e3df
Merge pull request #7385 from daverodgman/timing_alignment 
Fix cast alignment warning in timing.c
 2023-03-31 19:48:34 +01:00
Dave Rodgman d43b42ebfa Whitespace fix 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-03-31 18:04:34 +01:00
Dave Rodgman 4ffc9d80f7 Test that setting reset actually does something 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-03-31 17:07:26 +01:00
Gabor Mezei 87223ab1ce
Add generated test for core_mul 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2023-03-31 16:17:06 +02:00
Tom Cosgrove e16a945421
Add unit tests for mbedtls_mpi_core_mul() 
The test cases use the following MPI values.

The .data file only includes those (a, b) values where a <= b; the test code
does a * b and b * a.

    0 1 80 ff 100 fffe ffff 10000 ffffffff 100000000
    20000000000000 7f7f7f7f7f7f7f7f 8000000000000000 ffffffffffffffff
    10000000000000000 10000000000000001 1234567890abcdef0
    fffffffffffffffffefefefefefefefe 100000000000000000000000000000000
    1234567890abcdef01234567890abcdef0
    ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff
    1234567890abcdef01234567890abcdef01234567890abcdef01234567890abcdef0
    4df72d07b4b71c8dacb6cffa954f8d88254b6277099308baf003fab73227f34029643b5a263f66e0d3c3fa297ef71755efd53b8fb6cb812c6bbf7bcf179298bd9947c4c8b14324140a2c0f5fad7958a69050a987a6096e9f055fb38edf0c5889eca4a0cfa99b45fbdeee4c696b328ddceae4723945901ec025076b12b

The lines in the .data file were generated by the following script

```
    #!/usr/bin/env perl
    #
    # mpi-test-core-mul.pl - generate MPI tests in Perl for mbedtls_mpi_core_mul()
    #
    use strict;
    use warnings;
    use Math::BigInt;
    use sort 'stable';

    my $echo = 0;

    my @mul_mpis = qw(
        0 1 80 ff 100 fffe ffff 10000 ffffffff 100000000
        20000000000000 7f7f7f7f7f7f7f7f 8000000000000000 ffffffffffffffff
        10000000000000000 10000000000000001 1234567890abcdef0 fffffffffffffffffefefefefefefefe
        100000000000000000000000000000000 1234567890abcdef01234567890abcdef0
        ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff
        1234567890abcdef01234567890abcdef01234567890abcdef01234567890abcdef0
        4df72d07b4b71c8dacb6cffa954f8d88254b6277099308baf003fab73227f34029643b5a263f66e0d3c3fa297ef71755efd53b8fb6cb812c6bbf7bcf179298bd9947c4c8b14324140a2c0f5fad7958a69050a987a6096e9f055fb38edf0c5889eca4a0cfa99b45fbdeee4c696b328ddceae4723945901ec025076b12b
    );

    generate_tests();

    sub generate_tests {
        generate_mbedtls_mpi_core_mul();
    }

    sub generate_mbedtls_mpi_core_mul {

        my $sub_name = (caller(0))[3];      # e.g. main::generate_mbedtls_mpi_sub_mpi
        my ($ignore, $test_name) = split("main::generate_", $sub_name);

        my @cases = ();

        for my $ah (@mul_mpis) {
            for my $bh (@mul_mpis) {

                my $a = Math::BigInt->from_hex($ah);
                my $b = Math::BigInt->from_hex($bh);
                next if $a > $b;		# don't need to repeat test cases

                my $r = $a * $b;
                my $rh = $r->to_hex();

                my $desc = "$test_name #NUMBER: 0x$ah * 0x$bh = 0x$rh";
                my $case = output($test_name, str($ah), str($bh), str($rh));

                push(@cases, [$case, $desc]);
            }
        }

        output_cases("", @cases);
    }

    sub output_cases {

        my ($explain, @cases) = @_;

        my $count = 1;
        for my $c (@cases) {

            my ($case, $desc, $dep) = @$c;
            $desc =~ s/NUMBER/$count/; $count++;
            if (defined($explain) && $desc =~ /EXPLAIN/) {
                $desc =~ s/EXPLAIN/$explain/;
                $explain = "";
            }

            my $depends = "";
            $depends = "depends_on:$dep\n" if defined($dep) && length($dep);

            print <<EOF;

    $desc
    $depends$case
    EOF
        }
    }

    sub output {
        return join(":", @_);
    }

    sub str {
        return '"' . $_[0] . '"';
    }
```

Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2023-03-31 16:16:05 +02:00
Dave Rodgman b8f5ba826b
Merge pull request #6891 from yuhaoth/pr/add-milliseconds-platform-function 
Add milliseconds platform time function
 2023-03-31 11:47:37 +01:00
Ronald Cron 32a432af95 all.sh: Fix test component name 
The component_test_psa_crypto_drivers was
renamed component_test_psa_crypto_builtin_keys
in a previous commit. This was misleading as
the goal of the component is not to test
the builtin keys but to run the PSA unit
tests with the test drivers doing the
cryptographic operations.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2023-03-31 09:07:57 +02:00
Ronald Cron e6e6b75ad3 psa: Remove MBEDTLS_PSA_CRYPTO_DRIVERS configuration option 
The support for the PSA crypto driver interface
is not optional anymore as the implementation of
the PSA cryptography interface has been restructured
around the PSA crypto driver interface (see
psa-crypto-implementation-structure.md). There is
thus no purpose for the configuration options
MBEDTLS_PSA_CRYPTO_DRIVERS anymore.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2023-03-31 09:07:54 +02:00
Paul Elliott 03d557db35
Merge pull request #6900 from AndrzejKurek/san-dirname 
Add support for directoryName subjectAltName
 2023-03-30 18:37:26 +01:00
Janos Follath 54118a1720
Merge pull request #7352 from gabor-mezei-arm/6349_fix_merge 
Remove obsolete ecp_fix_negative function
 2023-03-30 14:48:13 +01:00
Manuel Pégourié-Gonnard 99771a3593
Merge pull request #7336 from yanrayw/6500-gitignore-fix 
fix: ignore *.o under tests/src/test_helpers
 2023-03-30 09:20:13 +02:00
Manuel Pégourié-Gonnard 1640682a53
Merge pull request #7334 from valeriosetti/analyze_outcomes_improvement 
Improve analyze_outcomes.py script
 2023-03-30 09:17:39 +02:00
Andrzej Kurek 303704ef4a Remove unnecessary tabs 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2023-03-29 11:41:34 -04:00
Andrzej Kurek 43d7131c14 Fix rfc822name test arguments 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2023-03-29 11:41:32 -04:00
Andrzej Kurek 532b8d41af Move an x509 malformation test 
Now, that the errors are not silently ignored
anymore, instead of expecting a <malformed>
tag in parsed data, the test case returns
an error.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2023-03-29 11:40:36 -04:00
Andrzej Kurek d90376ef46 Add a test for a malformed directoryname sequence 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2023-03-29 11:38:45 -04:00
Andrzej Kurek d348632a6a Switch from PEM to DER format for new x509 directoryname test 
This simplifies generating malformed data and doesn't require
the PEM support for tests.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2023-03-29 11:03:01 -04:00
Andrzej Kurek 151d85d82c Introduce a test for a malformed directoryname SAN 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2023-03-29 11:03:01 -04:00
Andrzej Kurek d40c2b65a6 Introduce proper memory management for SANs 
DirectoryName parsing performs allocation that has to be handled.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2023-03-29 11:03:01 -04:00
Andrzej Kurek 4a4f1ec8e9 Add the original certificate to be malformed for x509 tests 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2023-03-29 11:03:01 -04:00
Andrzej Kurek e12b01d31b Add support for directoryName subjectAltName 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2023-03-29 11:03:01 -04:00
Valerio Setti 846118b98d test: remove old component errouneously reintroduced during rebase 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-03-29 13:46:59 +02:00
Valerio Setti f109c66d73 Use proper log function 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-03-29 11:15:44 +02:00
Valerio Setti 22992a04f1 Fix function description 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-03-29 11:15:28 +02:00
Valerio Setti 5aab43f1cd test: fix/improve comments in all.sh 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-03-29 10:42:07 +02:00
Valerio Setti 1f1420df36 test: fix text output 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-03-29 10:28:39 +02:00
Valerio Setti d0c644db69 test: minor refactoring 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-03-29 10:28:39 +02:00
Valerio Setti ee97a1ef47 test: improve comments and code in newly added helper function 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-03-29 10:28:39 +02:00
Valerio Setti e4758aa34b test: add a companion test for another curve (x25519) and fix issues 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-03-29 10:28:06 +02:00
Valerio Setti 1a6d96f59e test: use full config as test starting point and solve issues 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-03-29 10:28:06 +02:00
Valerio Setti 659aa686c8 test: use BUILTIN symbols in as weierstrass key derivation guard 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-03-29 10:27:18 +02:00
Valerio Setti 3ebecc9513 test: disable proper key exchanges while testing accel EC algs 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-03-29 10:27:18 +02:00
Valerio Setti 5360886ad3 test: minor fixes to all.sh 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-03-29 10:27:18 +02:00
Valerio Setti a532983e56 test: add legacy dependency for weierstrass key derivation 
Weierstrass key derivation still depends on ECP_C (no driver dispatch
yet), so the legacy dependency is still mandatory here.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-03-29 10:27:18 +02:00
Valerio Setti b7e9544194 test: add specific test with only accel EC curves and algs 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-03-29 10:27:18 +02:00
Gabor Mezei df9c029dd5
Remove obsolete ecp_fix_negative function 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2023-03-28 18:43:07 +02:00
Valerio Setti b76672dd52 test: fix wrong accelerated SHA1 symbol 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-03-28 16:26:48 +02:00
Valerio Setti 6d687b98cf test: simplify comment in test_psa_crypto_config_accel_all_ec_algs_use_psa() 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-03-28 16:26:48 +02:00
Valerio Setti c762797856 test: removing test with all accel EC algs without USE_PSA 
We keep tests without USE_PSA for single accel components (i.e.
ECDH, ECDSA, ECJPAKE), but when testing for all 3 accelerated
at the same time we use USE_PSA for better test coverage.
However for this purpose there is already the:

component_test_psa_crypto_config_[reference/accel]_all_ec_algs_use_psa()

so we can delete this extra component.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-03-28 16:26:48 +02:00
Valerio Setti 4fa6d0bb88 test: moving accel ECJPAKE test close to accel ECDH and ECDSA ones 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-03-28 16:26:48 +02:00
Valerio Setti 77bdff1963 test: improve comment in the added test 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-03-28 16:26:48 +02:00
Valerio Setti 2495cdbcc2 test: remove unused tasks in analyze_outcomes.py 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-03-28 16:26:47 +02:00
Valerio Setti 44b178ca60 test: fix erroneous changes in all.sh 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-03-28 16:26:47 +02:00
Valerio Setti 6f820cccb8 test: fix comments in test_psa_crypto_config_accel_ecc() 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-03-28 16:26:47 +02:00
Valerio Setti 1c3de61ba8 test: remove previous tests for accelerated ECDSA/ECDH/ECJPAKE coverage analysis 
All these EC based algs are now tested all at once in
test_psa_crypto_config_[accel/reference]_all_ec_algs_use_psa()
functions.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-03-28 16:26:47 +02:00
Valerio Setti 42d5f1959f test: add a test with all EC based algs accelerated 
Actually this adds both the accelerated test as well as the
reference. Both of them are used to evaluate the driver's
coverage with analyze_outcomes.py script.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-03-28 16:26:47 +02:00
Janos Follath 0f5086847c
Merge pull request #7343 from minosgalanakis/ecp/sec-384-update-test-macro-deps 
ecp: Updated ecp384 depedency macro
 2023-03-28 15:04:10 +01:00
Paul Elliott f04848cc3b Revert "Add generated files" 
This reverts commit df2b5da57f.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2023-03-27 21:20:52 +01:00
Minos Galanakis 37bdd93730 ecp_mod_p224_raw: Added MBEDTLS_ECP_DP_SECP224R1_ENABLED as a dependency 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2023-03-27 18:19:22 +01:00
Paul Elliott d01a3bca05 Merge tag 'v3.4.0' into mbedtls-3.4.0_mergeback 
Mbed TLS 3.4.0
 2023-03-27 18:09:49 +01:00
Janos Follath 445c3bfcac
Merge pull request #7222 from minosgalanakis/bignum/6851_extract_Secp384r1_fast_reduction 
Bignum:  Extract secp384r1 fast reduction from the prototype
 2023-03-27 16:56:30 +01:00
Yanray Wang 5663e74f91 tests/.gitignore: ignore *.o under tests/src/test_helpers 
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
 2023-03-24 18:03:48 +08:00
Manuel Pégourié-Gonnard 5a51d0d789 Fix depends.py failure with correct TLS 1.2 deps 
TLS 1.2 has never been able to work with only SHA-512, it just happened
to pass previously because the declared dependencies were too lax.
(Probably related to the fact that in the past we didn't distinguish
between SHA-512 and SHA-384 in dependencies.)

So, just disable all of TLS in SHA-512-only builds. While at it, tune
build_info.h to make this easier - it already had partial support for
disabling TLS 1.2 or TLS 1.3 in an easier way, but not both of them at
the same time.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-03-24 10:43:40 +01:00
Manuel Pégourié-Gonnard c584c27426 Disable built-in SHA-256 in accel_hash too 
Now that Entropy doesn't need it any more, we can have driver-only
SHA-256 (and 224 with it) in the non-USE_PSA component too.

This reveals a missing PSA_INIT in a PK test using SHA-256.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-03-24 10:43:40 +01:00
Manuel Pégourié-Gonnard e9319772b3 Fix failures in test_suite_random 
Appeared after the dependencies were changed to use MD_CAN.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-03-24 10:43:40 +01:00
Manuel Pégourié-Gonnard 33783b4646 Manually fix two remaining instances of old macros 
Unless I missed something, all remaining instance of all macros are in
files where it makes sense to use these. I went over the output of:

    git grep -c -E 'MBEDTLS_(MD5|RIPEMD160|SHA[0-9]*)_C'

and I think all the files listed fall into one of the following
acceptable categories:

- documentation and historical documents: Changelog, docs/**/*.md
- config files and related: mbedtls_config.h, configs/*.h,
  check_config.h, config_psa.h, etc.
- scripts that build/modify configs: all.sh, depends.py,
  set_psa_test_dependencies.py, etc.
- implementation of MD or PSA or related: md.h, psa_util.h, etc. and
  corresponding test suites
- implementation of hashes: md5.c, sha256.h, etc. and corresponding test
  suites
- two example programs using a low-level hash API: hash/hello.c,
  pkey/ecdsa.c
- test/benchmark.c, test/selftest.c: actually want our built-in
  implementations
- a function in test_suite_psa_crypto_storage_format that is
  specifically for checking if the hash is built in.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-03-24 10:43:40 +01:00
Manuel Pégourié-Gonnard 93302422fd Fix instances of old feature macros being used 
sed -i -f md.sed include/mbedtls/ssl.h library/hmac_drbg.c programs/pkey/*.c programs/x509/*.c tests/scripts/generate_pkcs7_tests.py tests/suites/test_suite_random.data

Then manually revert programs/pkey/ecdsa.c as it's using a low-level
hash API.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-03-24 10:43:40 +01:00
Manuel Pégourié-Gonnard 66300d6f40 Force SHA-256 for entropy in libtestdriver1 
We only enable SHA-256, so let's use that.

Previously the entropy module was deciding which hash to use based on
MBEDTLS_xxx_C feature macros, and since only SHA256_C was defined in
config_test_driver.h, it used that and things worked.

However since entropy was changed to use MD light, and
MBEDTLS_MD_CAN_xxx feature macros, we had an issue: when building
libtestdriver1 with its default config, MBEDTLS_PSA_ACCEL_ALG_SHA_512 is
defined even though there's no actual accelerator in the build. (This is
done so that PSA_WANT_ALG_SHA_512 can remain defined in order to match
the application's config, while not defining
MBEDTLS_PSA_BUILTIN_ALG_SHA_512 in order to only include what we need in
the build of libtestdriver1.) This will cause MD to dispatch to PSA in
order to take advantage of the accelerator, which will then fail because
there is no accelerator not builtin for this hash.

In the long-term, perhaps it would be best to address the root of the
issue: defining MBEDTLS_PSA_ACCEL_ALG_SHA_512 in a build that doesn't
actually have a SHA-512 accelerator is a lie. But that would require
significant changes in libtestdriver1. So for now, just fix the most
obvious symptom (picking a non-supported hash in entropy.h) by forcing
the choice of hash to match what's in the libtestdriver1 config.

Note: if the copy of entropy module in libtestdriver1 doesn't work,
we'll get a failure when calling libtestdriver1_psa_crypto_init(), which
we do, from mbedtls_test_transparent_init(), indirectly called by our
psa_crypto_init() which will then fail.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-03-24 10:43:40 +01:00
Manuel Pégourié-Gonnard 5d0d641332 Test entropy.c with driver-only hashes 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-03-24 10:43:40 +01:00
Manuel Pégourié-Gonnard 2334d3a9b1 Fix driver_wrappers test 
These were assuming that psa_crypto_init() doesn't call hashes, which is
not always correct.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-03-24 10:43:40 +01:00
Manuel Pégourié-Gonnard 5cd4b6403b Use MD-light in entropy.c 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-03-24 10:43:40 +01:00
Valerio Setti a266332189 test: improve analyze_outcomes.py script 
Allow the script to also execute the tests needed for the following
analysis. It doesn't affect the previous usage of this script:

- if the output file is already present, then only the analysis
  is performed
- if the outfile does not exists, then tests are also executed
  before doing the analysis

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-03-24 09:31:38 +01:00
Przemek Stekiel 038a3a6b95 Extend j-pake input getters tests for user and peer 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-03-23 13:37:18 +01:00
Przemek Stekiel b175b146a2 Remove driver_pake_get_role function 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-03-23 13:37:18 +01:00
Przemek Stekiel 43af7c8a8a Adapt pake tests 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-03-23 13:37:18 +01:00
Manuel Pégourié-Gonnard ac6db4d649
Merge pull request #7317 from mpg/lift-exclusions 
Lift exclusions from driver-only hash component
 2023-03-23 12:01:01 +01:00
Paul Elliott df2b5da57f Add generated files 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2023-03-23 10:58:43 +00:00
Paul Elliott db67e99bbf Bump library, libcrypto and libx509 versions 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2023-03-23 10:57:39 +00:00
Przemek Stekiel 69aba90e5b Add tests case for step with different buffer size 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-03-23 08:06:09 +01:00
Valerio Setti 4059aba353 accelerated ecdh: re-enable TLS 1.3 key exchanges and fix guards in check_config 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-03-22 10:48:34 +01:00
Valerio Setti 13ce40323f test_suite_ssl: remove redundant dependencies when the key exchange is specified 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-03-22 10:40:05 +01:00
Valerio Setti 7a2f39692a ecdhe: solve disparities in accelerated ECDHE vs reference 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-03-22 10:37:45 +01:00
Valerio Setti a81130f159 test: enable ECDHE key exchanges for driver coverage tests 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-03-22 10:36:59 +01:00
Minos Galanakis 37f4cb6d0e ecp_curves: Minor rework for p384 
This patch adjusts formatting, documentation and testing.

Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2023-03-21 15:46:50 +00:00
Minos Galanakis 619385d8bc test_suite_ecp: Added ecp_mod_p384_raw() test case. 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2023-03-21 15:45:17 +00:00
Manuel Pégourié-Gonnard 8965b65bd8 Remove now-spurious dependencies 
Now that HMAC-DRBG can use driver, so can deterministic ECDSA

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-03-21 16:42:06 +01:00
Manuel Pégourié-Gonnard 91cc8bbc87 Enable ECDSA-det in driver-only hashes component 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-03-21 16:42:06 +01:00
Manuel Pégourié-Gonnard d111fbdad1 Enable HMAC-DRBG in driver-only hashes component 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-03-21 16:42:05 +01:00
Manuel Pégourié-Gonnard fbaf4e98d8 Enable PKCS7 in driver-only hashes component 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-03-21 16:42:05 +01:00
Manuel Pégourié-Gonnard 0d1921c4c2 Enable HKDF in driver-only hashes test 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-03-21 16:42:05 +01:00
Paul Elliott f1eb5e2a04 Merge branch 'development-restricted' into mbedtls-3.4.0rc0-pr 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2023-03-21 15:35:17 +00:00
Manuel Pégourié-Gonnard 161dca63c3 Fix typos & improve wording in comments 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-03-21 16:29:31 +01:00
Manuel Pégourié-Gonnard 7d381f517a MD: use MD_CAN in test suite and check for parity 
Split the part the varies between driver/built-in builds to a separate
file for convenience. Fix analyze_outcomes.py to be able to exclude
specific data files and not just a whole family at once.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-03-21 16:29:31 +01:00
Manuel Pégourié-Gonnard 7224086ebc Remove legacy_or_psa.h 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-03-21 16:29:31 +01:00
Manuel Pégourié-Gonnard 23fc437037 SSL: fix test failures 
1. Change USE_PSA_CRYPTO_INIT/DONE to MD_OR_USE.

2. Add missing occurrences - some of these were already necessary in
principle (in one form or another) but where missing and this was not
detected so far as `psa_hash` doesn't complain in case of a missing
init, but now MD makes it visible.

3. Add missing include in ssl_test_lib.h.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-03-21 16:29:31 +01:00
Manuel Pégourié-Gonnard bef824d394 SSL: use MD_CAN macros 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-03-21 16:29:31 +01:00
Manuel Pégourié-Gonnard 33a13028e5 X.509: fix test failures 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-03-21 16:28:00 +01:00
Manuel Pégourié-Gonnard a946489efd X.509: use MD_CAN macros 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-03-21 16:28:00 +01:00
Manuel Pégourié-Gonnard fa99afa2bc PK: fix test failures 
Introduce MD_OR_USE_PSA_INIT/DONE. This will likely be used everywhere
in X.509 and SSL/TLS, but most places in PK only need USE_PSA_INIT/DONE.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-03-21 16:28:00 +01:00
Manuel Pégourié-Gonnard 0b8095d96a PK: use MD_CAN macros 
sed -i -f md.sed tests/suites/test_suite_pk{,parse,write}.*

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-03-21 16:28:00 +01:00
Manuel Pégourié-Gonnard ebef58d301 OID + misc crypto: use MD_CAN and fix failures 
After this, only PK, X.509 and TLS remain to be done.

Deterministic uses HMAC-DRBG which uses MD, so it needs crypto_init()
when using a driver-only hash.

Also, remove a special-purpose macro that's no longer needed.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-03-21 16:28:00 +01:00
Manuel Pégourié-Gonnard 1d3bf24555 test_suite_psa_crypto: use PSA_WANT 
Could use MD_CAN, as both are equivalent when MBEDTLS_PSA_CRYPTO_C is
defined, but using PSA_WANT is preferable in a PSA context.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-03-21 16:28:00 +01:00
Manuel Pégourié-Gonnard a5f04621bd PKCS5: use MD_CAN macros 
sed -i -f md.sed library/pkcs5.c tests/suites/test_suite_pkcs5* include/mbedtls/pkcs5.h

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-03-21 16:28:00 +01:00
Manuel Pégourié-Gonnard 49e67f814f PKCS5: always use MD 
As a consequence, MD_C is now enabled in component accel_hash_use_psa.

Fix guards in X.509 info function to avoid this causing a failure now.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-03-21 16:28:00 +01:00
Manuel Pégourié-Gonnard c1f10441e0 RSA: use MD_CAN macros 
sed -i -f md.sed library/rsa.c tests/suites/test_suite_rsa* include/mbedtls/rsa.h tests/suites/test_suite_pkcs1_v*

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-03-21 16:28:00 +01:00
Manuel Pégourié-Gonnard fb8d90a2db RSA: always use MD light 
Note: already auto-enabled in build_info.h

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-03-21 16:28:00 +01:00
Manuel Pégourié-Gonnard 52d02a85d3 PEM: use MD_CAN macros 
sed -i -f md.sed library/pem.c tests/suites/test_suite_pem* include/mbedtls/pem.h

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-03-21 16:28:00 +01:00
Manuel Pégourié-Gonnard 1c2008fa37 PEM: always use MD light 
Note: PEM_PARSE already auto-enables MD_LIGHT in build_info.h

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-03-21 16:28:00 +01:00
Manuel Pégourié-Gonnard 0baad53ac9 PKCS12: use MD_CAN macros 
sed -i -f md.sed library/pkcs12.c tests/suites/test_suite_pkcs12.* include/mbedtls/pkcs12.h

with md.sed as before.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-03-21 16:28:00 +01:00
Manuel Pégourié-Gonnard be97afe5d4 PKCS12: always use MD light 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-03-21 16:28:00 +01:00
Manuel Pégourié-Gonnard b2eb1f7456 ECJPAKE: use MD_CAN macros 
sed -i -f md.sed \
    library/ecjpake.c \
    include/medtls/ecjpake.h \
    tests/suites/test_suite_ecjpake.*

With md.sed as follows:

s/\bMBEDTLS_HAS_ALG_MD5_VIA_MD_OR_PSA_BASED_ON_USE_PSA\b/MBEDTLS_MD_CAN_MD5/g
s/\bMBEDTLS_HAS_ALG_RIPEMD160_VIA_MD_OR_PSA_BASED_ON_USE_PSA\b/MBEDTLS_MD_CAN_RIPEMD160/g
s/\bMBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA_BASED_ON_USE_PSA\b/MBEDTLS_MD_CAN_SHA1/g
s/\bMBEDTLS_HAS_ALG_SHA_224_VIA_MD_OR_PSA_BASED_ON_USE_PSA\b/MBEDTLS_MD_CAN_SHA224/g
s/\bMBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA\b/MBEDTLS_MD_CAN_SHA256/g
s/\bMBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA\b/MBEDTLS_MD_CAN_SHA384/g
s/\bMBEDTLS_HAS_ALG_SHA_512_VIA_MD_OR_PSA_BASED_ON_USE_PSA\b/MBEDTLS_MD_CAN_SHA512/g

s/\bMBEDTLS_HAS_ALG_MD5_VIA_MD_OR_PSA\b/MBEDTLS_MD_CAN_MD5/g
s/\bMBEDTLS_HAS_ALG_RIPEMD160_VIA_MD_OR_PSA\b/MBEDTLS_MD_CAN_RIPEMD160/g
s/\bMBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA\b/MBEDTLS_MD_CAN_SHA1/g
s/\bMBEDTLS_HAS_ALG_SHA_224_VIA_MD_OR_PSA\b/MBEDTLS_MD_CAN_SHA224/g
s/\bMBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA\b/MBEDTLS_MD_CAN_SHA256/g
s/\bMBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA\b/MBEDTLS_MD_CAN_SHA384/g
s/\bMBEDTLS_HAS_ALG_SHA_512_VIA_MD_OR_PSA\b/MBEDTLS_MD_CAN_SHA512/g

s/\bMBEDTLS_HAS_ALG_MD5_VIA_LOWLEVEL_OR_PSA\b/MBEDTLS_MD_CAN_MD5/g
s/\bMBEDTLS_HAS_ALG_RIPEMD160_VIA_LOWLEVEL_OR_PSA\b/MBEDTLS_MD_CAN_RIPEMD160/g
s/\bMBEDTLS_HAS_ALG_SHA_1_VIA_LOWLEVEL_OR_PSA\b/MBEDTLS_MD_CAN_SHA1/g
s/\bMBEDTLS_HAS_ALG_SHA_224_VIA_LOWLEVEL_OR_PSA\b/MBEDTLS_MD_CAN_SHA224/g
s/\bMBEDTLS_HAS_ALG_SHA_256_VIA_LOWLEVEL_OR_PSA\b/MBEDTLS_MD_CAN_SHA256/g
s/\bMBEDTLS_HAS_ALG_SHA_384_VIA_LOWLEVEL_OR_PSA\b/MBEDTLS_MD_CAN_SHA384/g
s/\bMBEDTLS_HAS_ALG_SHA_512_VIA_LOWLEVEL_OR_PSA\b/MBEDTLS_MD_CAN_SHA512/g

s/\bMBEDTLS_MD5_C\b/MBEDTLS_MD_CAN_MD5/g
s/\bMBEDTLS_RIPEMD160_C\b/MBEDTLS_MD_CAN_RIPEMD160/g
s/\bMBEDTLS_SHA1_C\b/MBEDTLS_MD_CAN_SHA1/g
s/\bMBEDTLS_SHA224_C\b/MBEDTLS_MD_CAN_SHA224/g
s/\bMBEDTLS_SHA256_C\b/MBEDTLS_MD_CAN_SHA256/g
s/\bMBEDTLS_SHA384_C\b/MBEDTLS_MD_CAN_SHA384/g
s/\bMBEDTLS_SHA512_C\b/MBEDTLS_MD_CAN_SHA512/g

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-03-21 16:28:00 +01:00
Manuel Pégourié-Gonnard 41bc8b6b1e ECJPAKE: always use MD light 
This enables access to all available hashes, instead of the previous
situation where you had to choose by including MD_C or not.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-03-21 16:28:00 +01:00
Manuel Pégourié-Gonnard ffcda5679a Make MD_PSA_INIT/DONE available to all suites 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-03-21 16:28:00 +01:00
Manuel Pégourié-Gonnard e0e161b54a
Merge pull request #7296 from valeriosetti/issue7253-part1 
driver-only ECDH: enable ECDH-based TLS 1.2 key exchanges -- part 1
 2023-03-21 16:09:02 +01:00
Dave Rodgman 3543806026
Merge pull request #7190 from yanrayw/6197_rsa_get_padding_hashID 
RSA: provide interface to retrieve padding mode and hash_id
 2023-03-20 18:34:53 +00:00
Dave Rodgman d3b6e92967
Merge pull request #997 from gilles-peskine-arm/aesni-intrinsics 
Implement AESNI with intrinsics
 2023-03-20 18:20:51 +00:00
Valerio Setti fdea36d137 test_suite_ssl: remove redundant ECDH dependencies when the key exchange is specified 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-03-20 14:02:07 +01:00
Valerio Setti 2f8eb62946 ssl-opt: remove leftover debug commands and fix comment 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-03-20 14:02:07 +01:00
Valerio Setti 866aa187e8 ecdh: solve disparities in accelerated ECDH vs reference 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-03-20 14:02:07 +01:00
Valerio Setti 6ba247c236 ssl-opt: solve errors in ECDH reference tests 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-03-20 14:00:51 +01:00
Valerio Setti 53a5844abc test: enable ECDH key exchanges for driver coverage tests 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-03-20 14:00:51 +01:00
Manuel Pégourié-Gonnard 4ebe2a7372
Merge pull request #7300 from valeriosetti/issue7281 
Driver only EC JPAKE: re-enable the EC J-PAKE key exchange and get test parity
 2023-03-20 09:54:47 +01:00
Manuel Pégourié-Gonnard e91aadaeed
Merge pull request #7299 from valeriosetti/issue7280 
Driver only EC JPAKE: enable ssl-opt.sh and get test parity
 2023-03-20 09:51:11 +01:00
Manuel Pégourié-Gonnard c9ef476431
Merge pull request #7192 from joerchan/psa-update-mbedtls 
psa_crypto: Fix psa_key_derivation_output_key ECC without builtin keys
 2023-03-20 09:47:07 +01:00
Manuel Pégourié-Gonnard 14c194aae9
Merge pull request #7271 from mpg/use-md-light 
Use md light
 2023-03-20 09:01:16 +01:00
Manuel Pégourié-Gonnard 0f60d09aa8 Add a test with all of ECC accelerated 
Note that ECC key derivation is not using drivers yet, as we don't have driver support for
cooked key derivation acceleration, see
https://github.com/Mbed-TLS/mbedtls/pull/5451 and follow-ups.

So, we still need MBEDTLS_ECP_C enabled at least for this, and probably
in several other places for now.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-03-17 15:23:17 +01:00
Yanray Wang 69bc8403eb rsa_tests: use TEST_EQUAL instead of TEST_ASSERT 
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
 2023-03-17 20:33:08 +08:00
Yanray Wang e05a21f084 rsa: add a test to check default padding mode and hash_id 
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
 2023-03-17 20:09:20 +08:00
Yanray Wang 15d3df7aec rsa: add positive test cases for getter functions 
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
 2023-03-17 19:49:04 +08:00
Yanray Wang d41684e8bc rsa.c: rename getter function of hash_id 
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
 2023-03-17 18:57:42 +08:00
Dave Rodgman 0e2b06a1ce
Merge pull request #7083 from KloolK/record-size-limit/parsing 
Add parsing for Record Size Limit extension in TLS 1.3
 2023-03-17 10:18:34 +00:00
Paul Elliott 9f02a4177b
Merge pull request #7009 from mprse/csr_write_san 
Added ability to include the SubjectAltName extension to a CSR - v.2
 2023-03-17 10:07:27 +00:00
Manuel Pégourié-Gonnard 0d957d3a83
Merge pull request #7275 from valeriosetti/issue7255 
Driver-only EC JPAKE: starter
 2023-03-17 10:01:38 +01:00
Manuel Pégourié-Gonnard 6ea8d3414f Fix a comment 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-03-17 09:43:50 +01:00
Manuel Pégourié-Gonnard 1b5ffc63cc Avoid double definition of MD_LIGHT 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-03-17 09:43:28 +01:00
Manuel Pégourié-Gonnard 8316209c02 Use MD_LIGHT rather than md5.h in pem.c 
But, for now, still guard things with MBEDTLS_MD5_C, as md.c can only
compute MD5 hashes when MBEDTLS_MD5_C is defined. We'll change the
guards once that has changed.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-03-17 09:43:27 +01:00
Manuel Pégourié-Gonnard ec000c1a00
Merge pull request #7242 from mpg/md-dispatch-psa 
Implement MD dispatch to PSA
 2023-03-17 09:42:40 +01:00
Gilles Peskine 28e4dc1e39 Fix use of arithmetic on void* 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-03-16 21:39:47 +01:00
Janos Follath c18cd0c8e6
Merge pull request #7230 from gabor-mezei-arm/6850_Secp256r1_fast_reduction 
Extract Secp256r1 fast reduction from the prototype
 2023-03-16 19:43:25 +00:00
Dave Rodgman 4a060ffa59
Merge pull request #7303 from daverodgman/msan_bzero_testcase 
Add tests that cover msan explicit_bzero issue
 2023-03-16 17:55:19 +00:00
Paul Elliott 646ee7ec2e Fix CI build after repo merge conflict 
After merging the driver only ECDSA work, a conflict arose between that and
the previous work re-ordering the ciphersuite preference list. We can remove
the breaking requirement on this test, as this requirement is now auto-detected
when the server5 crt is used in the server's command line.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2023-03-16 17:10:34 +00:00
Valerio Setti 943f8ddf81 test: remove leftovers from debug sessions 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-03-16 16:47:17 +01:00
Gilles Peskine 844f65dc65 Explicitly test AES contexts with different alignments 
Don't leave it up to chance.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-03-16 14:54:48 +01:00
Dave Rodgman 0a3c72df02 Add explanatory comment 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-03-16 13:43:32 +00:00
Gilles Peskine 5fcdf49f0e Move copy-context testing to an auxiliary function 
This is in preparation for running it multiple times with different
alignments.

This commit also fixes the fact that we weren't calling mbedtls_aes_free()
on the context (we still aren't if the test fails). It's not an issue except
possibly in some ALT implementations.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-03-16 14:42:39 +01:00
Gilles Peskine f99ec202d7 AES context copy test: have one for each key size 
Don't use all-bytes zero as a string, it's harder to debug.

This commit uses the test vectors from FIPS 197 appendix C.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-03-16 14:27:40 +01:00
Gilles Peskine d50cfddfd7 AES context copy test: clean up 
Don't use hexcmp to compare binary data. Improve readability.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-03-16 14:25:58 +01:00
Dave Rodgman 680dbd46ae
Merge pull request #7270 from DemiMarie/oid-fix 
Fix segfault in mbedtls_oid_get_numeric_string
 2023-03-16 12:21:36 +00:00
Dave Rodgman 5d2024333b Fix missing line ending 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-03-16 12:14:51 +00:00
Dave Rodgman ecd649205d Add tests that cover msan explicit_bzero issue 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-03-16 12:02:15 +00:00
Manuel Pégourié-Gonnard ec31f2917f Systematically call PSA_INIT for MD tests 
All tests that call md_setup() or compute a hash of a HMAC may now need
it in some builds.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-03-16 09:48:20 +01:00
Manuel Pégourié-Gonnard 9f132b7c9c Clarify real/dummy def of PSA_INIT/DONE 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-03-16 09:48:20 +01:00
Manuel Pégourié-Gonnard 54e3c6593e Fix failures in signature accel test 
The test driver library tries to only build what's necessary, but must
use the same PSA_WANT macros as the main library. So, for things that
are not needed, it undefines MBEDTLS_PSA_BUILTIN_xxx and defines
MBEDTLS_PSA_ACCEL_xxx, unless the ACCEL symbol was defined on the
command line, in which case it undefines it and defineds BUILTIN
instead. This negation happens in crypto_config_test_driver_extension.h
and reflects the fact that what we want accelerated in the main library
is what we want built-in in the driver library (and vice versa if we
want to minimize the size of the driver library).

So, the ACCEL symbols in inside the test driver library (while it's
being built, not those on the command line) are a bit of a white lie:
they don't actually mean "there's an accelerator for this" but instead
"I won't include a built-in for this even though the corresponding
PSA_WANT symbol is defined".

This was quite harmless until MD started making dispatch decisions based
on the ACCEL symbols: when it tries to dispatch to an accelerator that
doesn't actually exist, things tend to go badly.

The minimal fix for this is to change how we enable extra hashes in the
test driver library: by defining the ACCEL symbol on the command line,
in the build we'll end up with the BUILTIN symbol (and implementation!)
and no ACCEL symbol, which is exactly what we want.

Long version: https://arm-ce.slack.com/archives/GTM3SM1K5/p1675071671707599

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-03-16 09:46:51 +01:00
Manuel Pégourié-Gonnard 7dc8b95849 Fix failures in builds without PSA_CRYPTO_C 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-03-16 09:46:51 +01:00
Manuel Pégourié-Gonnard 9b14639342 Dispatch according to init status. 
We shouldn't dispatch to PSA when drivers have not been initialized yet.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-03-16 09:46:51 +01:00
Manuel Pégourié-Gonnard 7abdf7eee5 Add utility function to check for drivers init 
This will be used in the next commit.

While at it, move driver initialization before RNG init - this will be
handy when the entropy module wants to use drivers for hashes.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-03-16 09:46:51 +01:00
Yanray Wang f56181a105 ssl_helpers.c: add mbedtls_test prefix for tweak_tls13_certificate* 
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
 2023-03-16 14:59:38 +08:00
Yanray Wang b088bfc453 ssl_helpers.c: add mbedtls_test_ssl prefix for *_exchange_data 
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
 2023-03-16 14:59:38 +08:00
Yanray Wang 5f86a42813 ssl_helpers.c: add mbedtls_test prefix for mbedtls_mock_socket_init 
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
 2023-03-16 14:59:38 +08:00
Yanray Wang 5e22a929b3 ssl_helpers.c: change prefix and move *queue_peek_info to static 
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
 2023-03-16 14:59:38 +08:00
Yanray Wang f6f71902b7 ssl_helpers.c: change prefix and move *certificate_free to static 
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
 2023-03-16 14:59:30 +08:00
Yanray Wang ead70c8d05 ssl_helpers.c: move some internal functions to static 
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
 2023-03-16 14:51:16 +08:00
Valerio Setti fea765ba17 test: enable ec-jpake key exchanges in driver coverage analysis 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-03-16 07:45:23 +01:00
Demi Marie Obenour 889534a4d2 Fix segfault in mbedtls_oid_get_numeric_string 
When passed an empty OID, mbedtls_oid_get_numeric_string would read one
byte from the zero-sized buffer and return an error code that depends on
its value.  This is demonstrated by the test suite changes, which
check that an OID with length zero and an invalid buffer pointer does
not cause Mbed TLS to segfault.

Also check that second and subsequent subidentifiers are terminated, and
add a test case for that.  Furthermore, stop relying on integer division
by 40, use the same loop for both the first and subsequent
subidentifiers, and add additional tests.

Signed-off-by: Demi Marie Obenour <demiobenour@gmail.com>
 2023-03-16 01:06:41 -04:00
Yanray Wang 25b766f08d ssl_helpers.c: move #define Directive to header file 
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
 2023-03-16 11:49:53 +08:00
Yanray Wang d19894fb4d ssl_helpers.c: unify code format between source file and header file 
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
 2023-03-16 11:49:53 +08:00
Valerio Setti d8c2800f58 ecjpake: add ssl-opt tests for driver coverage analysis 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-03-15 19:09:35 +01:00
Gilles Peskine 2a44ac245f
Merge pull request #7217 from lpy4105/issue/6840/add-cache-entry-removal-api 
ssl_cache: Add cache entry removal api
 2023-03-15 15:38:06 +01:00
Jerry Yu 02d684061b Adjust time delay tests to fix fails 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-03-15 19:00:50 +08:00
Gilles Peskine 8d60574b7b
Merge pull request #6500 from yanrayw/split-TLS-connection-func-into-ssl_helpers 
Move TLS connection helper code from test_suite_ssl.function to ssl_helpers.c
 2023-03-15 10:50:03 +01:00
Yanray Wang ac36115355 test_suite_rsa.function: remove redundant test cases 
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
 2023-03-15 16:55:36 +08:00
Yanray Wang 097147540d test_suite_rsa.function: add tests 
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
 2023-03-15 16:42:58 +08:00
Manuel Pégourié-Gonnard 18336dace2
Merge pull request #7196 from mprse/ecjpake-driver-dispatch-peer-user 
EC J-PAKE: partial fix for role vs user+peer
 2023-03-15 09:37:30 +01:00
Valerio Setti d8fb0af7dd crypto_config_test_driver_extension: small reshape of guard symbols 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-03-14 19:38:32 +01:00
Przemek Stekiel c0e6250ff9 Fix documentation and tests 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-03-14 11:49:36 +01:00
Manuel Pégourié-Gonnard 2a13cfd2b0
Merge pull request #7243 from valeriosetti/issue7148 
driver-only ECDH: enable ssl-opt.sh with parity
 2023-03-14 11:07:56 +01:00
Yanray Wang af727a28c9 ssl_helpers.c: improve code readability 
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
 2023-03-14 17:43:37 +08:00
Gilles Peskine 215ecd0439
Merge pull request #7252 from daverodgman/enable_pkcs7 
Enable PKCS 7
 2023-03-14 10:39:50 +01:00
Gilles Peskine 8128037017
Merge pull request #7163 from lpy4105/issue/all_sh-do-not-list-unsupported-cases 
all.sh: Do not list unsupported cases
 2023-03-14 10:34:04 +01:00
Jerry Yu e7ea823d43 remove extra spaces 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-03-14 17:33:42 +08:00
Manuel Pégourié-Gonnard ca3e32aaa8
Merge pull request #7207 from valeriosetti/issue7140 
Handle output consistently in analyze_outcomes.py
 2023-03-14 09:43:45 +01:00
Jan Bruckner 151f64283f Add parsing for Record Size Limit extension in TLS 1.3 
Fixes #7007

Signed-off-by: Jan Bruckner <jan@janbruckner.de>
 2023-03-14 08:41:25 +01:00
Jerry Yu 1f7dd8df9b fix random fails 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-03-14 13:12:08 +08:00
Paul Elliott e4622a3436 Merge remote-tracking branch 'development/development' into development-restricted 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2023-03-13 17:49:32 +00:00
Valerio Setti 3951d1bcce analyze_outcomes: symplify log functions 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-03-13 18:37:34 +01:00
Przemek Stekiel fde112830f Code optimizations and documentation fixes 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-03-13 16:28:27 +01:00
Valerio Setti d0fffc56c3 analyze_outcomes: add coverage test for ecjpake 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-03-13 16:08:03 +01:00
Valerio Setti 60976169f6 libtestdriver: add EC support when only ECJPAKE is accelarated 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-03-13 16:07:30 +01:00
Valerio Setti a9c9deccb9 ecjpake: add tests for driver coverage analysis 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-03-13 16:05:49 +01:00
Valerio Setti e7f896d73f fix extra whitespaces 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-03-13 13:55:28 +01:00
Dave Rodgman 6c9cea8feb
Merge pull request #7260 from daverodgman/test-macro-cleanup 
Remove duplicate test macros
 2023-03-13 11:34:38 +00:00
Valerio Setti 80318d2775 ssl-opt: automatically detect requirements when using certs in dir-maxpath 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-03-13 12:26:42 +01:00
Yanray Wang 3463435ec5 ssl_helpers.c: fix review comments and improve code readability 
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
 2023-03-13 19:20:42 +08:00
Yanray Wang 5ba709c449 Move #define Directive into ssl_helpers.h 
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
 2023-03-13 19:20:42 +08:00
Yanray Wang 09a6f7e14f Move TEST_AVAILABLE_ECC into ssl_helpers.h 
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
 2023-03-13 19:20:42 +08:00
Yanray Wang 1db628f254 Move ECJPAKE_TEST_SET_PASSWORD into ssl_helpers.h 
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
 2023-03-13 19:20:42 +08:00
Yanray Wang a8f445e60f Fix issue of conversion from size_t to int 
ssl_helpers.c is treated with W3 warning level in MSVC complier.
So that it's reported as error for warning of conversion from
size_t to int. This change fixes all this type of warning seen in
Microsoft Visual Studio 12.0. Besides, some potential problems of
type conversion are also handled.

Signed-off-by: Yanray Wang <yanray.wang@arm.com>
 2023-03-13 19:20:42 +08:00
Yanray Wang e64b40520d Fix build error in CI about test_fail_if_psa_leaking 
During test of component build_arm_linux_gnueabi_gcc_arm5vte and
build_arm_none_eabi_gcc_m0plus. It fails with
 - error: implicit declaration of function
   ‘test_fail_if_psa_leaking’

It happens because test_fail_if_psa_leaking is defined in
helpers.function. This block of code is not converted into C code
while compiling ssl_helpers.c. The function has been moved to
psa_crypto_helpers.c in order to fix this build error.

Signed-off-by: Yanray Wang <yanray.wang@arm.com>
 2023-03-13 19:20:42 +08:00
Yanray Wang b458b8c0ec Fix build errors in CMake 
tests/src/ssl_helpers.c depends on functions defined
in library/*.c. If it's complied as an OBJECT with other c files,
cmake complains undefined reference in link stage under programs/.
Therefore, tests/src/test_helpers/ is created to hold c files with
dependency of library/*.c. Besides, tests/src/test_helper/*.c is
separated into another OBJECT, mbedtls_test_helpers, as sources
to build all test suite executables.

In addition, everest header directory is included in case
MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED is enabled.

Signed-off-by: Yanray Wang <yanray.wang@arm.com>
 2023-03-13 19:20:42 +08:00
Yanray Wang 1fca4de942 ssl_helpers.c: remove duplicate comments for some functions 
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
 2023-03-13 19:20:42 +08:00
Yanray Wang 4d07d1c394 Resolve build errors for ssl_helpers.c and test_suite_ssl.c 
Since we move many functions from test_suite_ssl.function to
ssl_helpers.c in commit 8e2bbdd. This causes various of
build errors. This commit fixes all the build errors by
 - including header files
 - providing function definition
 - adding guards for typedef statements and functions

Signed-off-by: Yanray Wang <yanray.wang@arm.com>
 2023-03-13 19:20:42 +08:00
Yanray Wang e6afd919dd Move TLS connection related functions to ssl_helpers.c 
Some functions are renamed in commit d51d285. This change moves all
those functions which are used to set up a TLS connection from
test_suite_ssl.function into ssl_helpers.c.

Signed-off-by: Yanray Wang <yanray.wang@arm.com>
 2023-03-13 19:20:42 +08:00
Yanray Wang d577a68325 Improve code readability for test_suite_ssl.function 
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
 2023-03-13 19:15:53 +08:00
Yanray Wang bd29683c90 Rewrap the lines to fit code standard in test_suite_ssl.function 
As the typedef statements and functions are renamed in commit
de3caee and commit d51d285 respectively. This commit aims
to align code lines to fit code standard and improve code
readability.

Signed-off-by: Yanray Wang <yanray.wang@arm.com>
 2023-03-13 19:15:53 +08:00
Yanray Wang f7b62353cb Rename the functions which are used to set up TLS connection 
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
 2023-03-13 19:15:53 +08:00
Yanray Wang 55a6619135 Move the renamed typedef statements to ssl_helpers.h 
With this change, the renamed typedef statements (commit de3caee)
are moved from test_suite_ssl.function into ssl_helpers.h

Signed-off-by: Yanray Wang <yanray.wang@arm.com>
 2023-03-13 19:15:53 +08:00
Yanray Wang 9ef0dce9e3 Rename the typedef statements which are used for TLS connection 
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
 2023-03-13 19:15:53 +08:00
Yanray Wang 47907a4bb4 Create ssl_helpers.c to hold functions of TLS connection 
test_suite_ssl.function contains many functions that are used to set
up a TLS connection. To reduce its file size, those functions would
be moved to ssl_helpers.c under tests/src. As the start of this
implementation, some necessary header files are moved in advance.

Signed-off-by: Yanray Wang <yanray.wang@arm.com>
 2023-03-13 19:15:53 +08:00
Valerio Setti 77588e9451 ssl-opt: uniformize requirements in tests 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-03-13 12:00:10 +01:00
Dave Rodgman 756b028511
Merge pull request #7171 from daverodgman/pr5527 
Fix undefined behavior in ssl_read if buf parameter is NULL
 2023-03-13 10:46:29 +00:00
Jerry Yu c5b48a6f04 Add time test with delay 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-03-13 15:25:44 +08:00
Pengyu Lv 62ed1aa316 ssl-opt: Add test for cache entry removal 
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
 2023-03-13 09:28:17 +08:00
Przemek Stekiel 18cd6c908c Use local macros for j-pake slient/server strings 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-03-12 16:59:28 +01:00
Przemek Stekiel aa1834254e Fix code style 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-03-12 16:59:28 +01:00
Przemek Stekiel 09104b8712 rework psa_pake_set_role to be consistent with requirements and adapt tests 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-03-12 16:59:28 +01:00
Przemek Stekiel f15d335f5b ecjpake_setup: clean up handling of errors 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-03-12 16:59:28 +01:00
Dave Rodgman 8e528ece74 Disable test under MBEDTLS_MEMORY_BUFFER_ALLOC_C 
This test allocates too much memory to work when the alternative
memory allocator is used.

Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-03-12 13:30:56 +00:00
Dave Rodgman 45bed94406 Add parse failure test when MBEDTLS_RSA_C not set 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-03-12 10:01:02 +00:00
Dave Rodgman 651fb529f9 Make pkcs7_parse test not depend on MBEDTLS_RSA_C 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-03-12 10:00:44 +00:00
Dave Rodgman 4fa8590b62 Fix test dependency 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-03-12 09:34:08 +00:00
Dave Rodgman f8565b3c2b Add more PKCS #7 tests with expired cert 
Add test which uses an expired cert but is otherwise OK, which
passes if and only if MBEDTLS_HAVE_TIME_DATE is not set.

Add similar test which verifies against a different data file,
which must fail regardless of MBEDTLS_HAVE_TIME_DATE.

Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-03-11 10:26:39 +00:00
Dave Rodgman 2e8442565a Add PKCS #7 test files using expired cert 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-03-11 10:24:30 +00:00
Dave Rodgman cc77fe8e52 Fix PKCS #7 tests when MBEDTLS_HAVE_TIME_DATE unset 
Ensure that verification of an expired cert still fails, but
update the test to handle the different error code.

Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-03-11 09:46:13 +00:00
Dave Rodgman d51b1c5666 Remove duplicate test macros 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-03-10 17:44:08 +00:00
Dave Rodgman ca43e0d0ac Fix test file extension 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-03-10 13:06:01 +00:00
Dave Rodgman f2f2dbcfd7 Add test case for PKCS7 file with zero signers 
The test file was created by manually modifying
tests/data_files/pkcs7_data_without_cert_signed.der, using
ASN.1 JavaScript decoder  https://lapo.it/asn1js/

Changes made:
The SignerInfos set was truncated to zero length.
All the parent sequences, sets, etc were then adjusted
for their new reduced length.

Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-03-10 12:52:00 +00:00
Dave Rodgman ac447837d3
Merge pull request #7206 from xkqian/test_memory_management_in_pkcs7 
Test memory management in pkcs7
 2023-03-10 11:29:50 +00:00
Przemek Stekiel f3ae020c37 Use user/peer instead role in jpake driver-wrapper tests 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-03-10 09:18:03 +01:00
Przemek Stekiel af94c13b2c Add tests for user/peer input getters 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-03-10 09:18:03 +01:00
Przemek Stekiel 0c946e9aa9 Addapt jpake tests and add cases for set_user, set_peer 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-03-10 09:18:03 +01:00
Gilles Peskine 4da92832b0
Merge pull request #7117 from valeriosetti/issue6862 
driver-only ECDSA: enable ECDSA-based TLS 1.2 key exchanges
 2023-03-09 20:49:44 +01:00
Gilles Peskine a25203c5f9
Merge pull request #7208 from paul-elliott-arm/interruptible_sign_hash_new_verify_tests 
Interruptible_{sign|verify}_hash: Add public key verification tests
 2023-03-09 20:48:13 +01:00
Dave Rodgman bf4016e5d5
Merge pull request #6567 from mprse/ecjpake-driver-dispatch 2023-03-09 19:23:05 +00:00
Dave Rodgman 8657e3280a Add corrupt PKCS #7 test files 
Generated by running "make <filename>" and commiting the result.

Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-03-09 15:59:15 +00:00
valerio 2bf85e349d ssl-opt: enable test for accelerated ECDH + USE_PSA 
Signed-off-by: valerio <valerio.setti@nordicsemi.no>
 2023-03-09 16:39:07 +01:00
valerio f27472b128 ssl-opt: enable test and fix failures for reference ECDH + USE_PSA" 
Signed-off-by: valerio <valerio.setti@nordicsemi.no>
 2023-03-09 16:20:38 +01:00
Przemek Stekiel b8eaf635ba Remove MBEDTLS_SHA256_C from PSA_WANT_ALG_JPAKE config and adapt test dependencies 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-03-09 12:14:26 +01:00
Manuel Pégourié-Gonnard 913d9bb921
Merge pull request #7162 from valeriosetti/issue7055 
Legacy MBEDTLS_PK_PARSE_C and MBEDTLS_PK_WRITE_C dependencies in test_suite_psa_crypto
 2023-03-08 17:07:19 +01:00
Valerio Setti 1470ce3eba fix typos 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-03-08 16:50:12 +01:00
Valerio Setti 2f081473b6 test: fix disparities in test_suite_ssl 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-03-08 16:47:28 +01:00
Valerio Setti f84b7d5c21 test: enable ECDSA based key exchanges in driver coverage tests 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-03-08 16:47:28 +01:00
Manuel Pégourié-Gonnard 289e5baa83
Merge pull request #7082 from valeriosetti/issue6861 
driver-only ECDSA: add ssl-opt.sh testing with testing parity
 2023-03-08 16:45:38 +01:00
Gabor Mezei eb591ff94d
Add test generation for ecp_mod_p256_raw 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2023-03-08 14:12:20 +01:00
Gabor Mezei ab6ac91a0a
Extract Secp256r1 from the prototype 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2023-03-08 14:09:50 +01:00
Valerio Setti c0e7da55c5 test: removing remaning dependencies of PK_WRITE/PK_PARSE from test_suite_psa_crypto suites 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-03-08 11:03:09 +01:00
Valerio Setti f9bc5b75f1 test: remove dependencies on PK_WRITE and PK_PARSE from test_suite_psa_crypto suites 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-03-08 11:03:09 +01:00
Valerio Setti ccfad9ae0e ssl-opt: remove remaining redundant dependencies 
There were some dependencies that are now automatically satisfied by the
detect_required_features() function.

After this check there should be no redundant requirement for:
- requires_pk_alg "ECDSA"
- requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_ECDSA_CERT
- requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-03-08 10:25:05 +01:00
Valerio Setti 3b2c02821e ssl-opt: return to previous debug level in test 
This was a leftover from some debug activity that unfortunately ended up
in previous commits.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-03-08 10:22:29 +01:00
Gilles Peskine a2fc399f57
Merge pull request #6829 from AndrzejKurek/unify-psa-errors 
Unify PSA to Mbed TLS error translation
 2023-03-07 19:55:44 +01:00
Gilles Peskine 30fc999f43
Merge pull request #7164 from oberon-microsystems/fix-test-exported-length-edwards 
Fix expected export length for Edwards curves in test suite.
 2023-03-07 19:53:48 +01:00
Valerio Setti 213c4eae3a ssl-opt: enhance comment for get_tls_version() function 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-03-07 19:29:57 +01:00
Janos Follath fe780a3c4b
Merge pull request #7184 from gabor-mezei-arm/6349_Secp224r1_fast_reduction 
Extract Secp224r1 fast reduction from the prototype
 2023-03-07 10:57:58 +00:00
Xiaokang Qian c96d2de569 Update corrupted char for pkcs7 corrupt signer info cases 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2023-03-07 10:35:47 +00:00
Przemek Stekiel 4aa99403f4 Fix configuration for accelerated jpake 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-03-07 10:50:09 +01:00
Xiaokang Qian d2988adb31 Add rsa dependencies for pkcs7 corrupt signer info cases 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2023-03-07 08:38:58 +00:00
Xiaokang Qian 9c703d80ca Add fuzz bad cases for signer info 1 and 2 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2023-03-07 08:38:58 +00:00
Xiaokang Qian 8993a14567 Add unexpected tag cases for signer info 1 and 2 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2023-03-07 08:38:58 +00:00
Xiaokang Qian e8c696ffd1 Add invalid size test case for signer info[2](The third one) 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2023-03-07 08:38:58 +00:00
Xiaokang Qian 72b4bcac03 Add invalid size test case for signer info 1(the second one) 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2023-03-07 08:38:55 +00:00
Manuel Pégourié-Gonnard a5ffa93e43
Merge pull request #7142 from mpg/driver-only-ecdh-starter 
Driver-only ECDH starter
 2023-03-07 09:14:38 +01:00
Paul Elliott 8c092052bd Add public key verification tests 
Add public key verification tests, and alter test intent comments to make it
obvious that verify_hash_interruptible can do public keys as well as private
and keypairs.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2023-03-06 17:49:14 +00:00
Manuel Pégourié-Gonnard 86393db84d Revert local experiment. 
This was never meant to be committed here.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-03-06 16:19:05 +01:00
Valerio Setti 23e50b9042 ssl-opt: remove redundant ECDSA dependencies in TLS1.3 tests 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-03-06 14:48:39 +01:00
Manuel Pégourié-Gonnard 07d92620d4 Fix some message strings and comments in all.sh 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-03-06 13:38:55 +01:00
Manuel Pégourié-Gonnard 0d1f5be688 Add comment about shared config function 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-03-06 13:35:21 +01:00
Valerio Setti 5d8d1a7f60 analyze_outcomes: print all output on stderr 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-03-06 11:08:17 +01:00
Manuel Pégourié-Gonnard 228a30d16c
Merge pull request #7120 from mpg/md-light 
Define "MD light" subset of MD
 2023-03-06 11:02:19 +01:00
Dave Rodgman 4693fd9e9e
Merge pull request #7173 from daverodgman/zeroize-platform 
Use platform-provided secure zeroization
 2023-03-06 09:16:12 +00:00
Pol Henarejos 0004a86727
Fix md test with sha3. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2023-03-04 00:22:05 +01:00
Pol Henarejos f61d6c0a2b
Merge branch 'development' into sha3 2023-03-04 00:03:06 +01:00
Stephan Koch 6eb73113b1 Fix codestyle with uncrustify. 
Signed-off-by: Stephan Koch <koch@oberon.ch>
 2023-03-03 17:48:40 +01:00
Dave Rodgman 45cef61fa4
Merge branch 'development' into md-light 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-03-03 14:28:13 +00:00
Dave Rodgman 1f39a62ce6
Merge pull request #7151 from gilles-peskine-arm/psa-headers-alt 
Allow alternative names for overridable PSA headers
 2023-03-03 12:37:51 +00:00
Przemek Stekiel 5a49d3cce3 Replace mbedtls_x509_san_node with mbedtls_x509_subject_alternative_name 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-03-03 12:58:11 +01:00
Przemek Stekiel 8e83d3aaa9 Add tests for writting SAN to CSR 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-03-03 12:58:05 +01:00
Dave Rodgman e11c1ceac9
Merge pull request #7200 from paul-elliott-arm/interruptible_sign_hash_fail_tests 
Enable all keys for interruptible op fail tests
 2023-03-03 11:51:57 +00:00
Andrzej Kurek 8a045ce5e6 Unify PSA to Mbed TLS error translation 
Move all error translation utilities to psa_util.c.
Introduce macros and functions to avoid having
a local copy of the error translating function in
each place.
Identify overlapping errors and introduce a
generic function.
Provide a single macro for all error translations
(unless one file needs a couple of different ones).
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2023-03-03 05:23:44 -05:00
Dave Rodgman 05b80a4eee
Merge pull request #6201 from gilles-peskine-arm/tls13_only-renegotiation 
Disable MBEDTLS_SSL_RENEGOTIATION in TLS-1.3-only builds
 2023-03-03 09:56:51 +00:00
Dave Rodgman e965c3c4bd
Merge pull request #7197 from daverodgman/armclang-sha-warning 
Enable -Werror in all.sh for armclang
 2023-03-03 09:01:41 +00:00
Jerry Yu 9a12df022e Add tests for time rountine 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-03-03 15:31:28 +08:00
Valerio Setti 194e2bdb6a fix typos 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-03-02 17:18:10 +01:00