yuzu-mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-mirror/mbedtls.git synced 2025-12-06 07:12:32 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity
20381 commits 89 branches 205 tags 114 MiB
Commit graph

6804 commits

Author SHA1 Message Date
Werner Lewis acd01e58a3 Use ASN1 UTC tags for dates before 2000 
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
 2022-06-01 16:24:28 +01:00
Jerry Yu f2d32e6c3d fix tls13_only test fail 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-06-01 18:05:18 +08:00
Thomas Daubney 3ff4fc6997 Add test data 
Add two test cases for accessor test. One test where desired
ext type is presentent and the other of when the ext type is
not present.

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
 2022-06-01 10:23:50 +01:00
Thomas Daubney bd5466ab7e Add test for accessor 
Add test logic for accessor.

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
 2022-06-01 10:23:50 +01:00
Jerry Yu 7bf3358a2d Remove duplicated tests 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-06-01 16:55:17 +08:00
Jerry Yu 1443537da3 fix test fail when WANT_READ/WRITE returned 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-06-01 15:53:31 +08:00
XiaokangQian f4f0f6961a Enable requires_openssl_tls1_3 in sni test cases 
Change-Id: I71fbabe0b2ff80d5f1f15ae7df2b048503ccf965
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-06-01 00:42:27 +00:00
XiaokangQian ac41edfc5e Enable requires_gnutls_tls1_3 in sni test cases 
Change-Id: Iea18f4e6a6b4c6b90612b43a5bcd396cdd506335
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-05-31 13:22:13 +00:00
Jerry Yu 66537f40b6 fix certificate request fail 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-05-31 19:53:05 +08:00
Jerry Yu 1e7c438b67 remove tls1.3 dependancy 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-05-31 19:51:38 +08:00
Gilles Peskine 09858ae664
Merge pull request #5813 from mprse/deprecate_mbedtls_cipher_setup_psa 
Deprecate mbedtls_cipher_setup_psa()
 2022-05-31 10:56:52 +02:00
XiaokangQian 2ccd97b8ef Change test case name to sni 
Change-Id: I8f6e68deab71cc49741cbdf233cf876e29683db9
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-05-31 08:30:17 +00:00
Jerry Yu 66adf3155c Update comments 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-05-31 15:23:29 +08:00
Jerry Yu df0a71a0b0 Add handshake version test 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-05-31 15:06:04 +08:00
Jerry Yu b3d86de3ea fix hanshake wrapup fail 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-05-31 15:06:04 +08:00
Jerry Yu df65b66003 Add handshake over test 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-05-31 15:06:04 +08:00
Jerry Yu 85e5c81c37 fix check test cases fail 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-05-31 15:06:04 +08:00
Jerry Yu d9d049d180 revert dbg config 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-05-31 15:06:04 +08:00
Jerry Yu d8c57feaf9 Add moving state test for TLS1.3 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-05-31 15:06:04 +08:00
Jerry Yu 023ff7acb1 Move dependes_on of move handshakes state 
Prepare share move_handshake_state function with
TLSv1.3

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-05-31 15:06:04 +08:00
XiaokangQian d5d5b60c07 Add comprehensive test cases for TLS1.3 server side 
Change-Id: I544cb12b3ffe5edd7d59fa54342ca7db5b5c8a2a
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-05-31 02:51:26 +00:00
XiaokangQian f2a942073e Fix SNI test failure 
Change-Id: Id3fce36af9bc52cac858b473168451945aa974f4
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-05-30 08:07:16 +00:00
XiaokangQian 40a3523eb7 Add support of server name extension to server side 
Change-Id: Iccf5017e306ba6ead2e1026a29f397ead084cc4d
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-05-30 08:07:16 +00:00
XiaokangQian 9a4e1dd8a6 Add back openssl client auth test 
Change-Id: Iea3b70381c3851102c542d1c55c0303bc3a14a92
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-05-26 00:58:11 +00:00
XiaokangQian aca9048b5f Change base on review 
Fix comments
Add test cases for client authentication with empty certificate

Change-Id: Id8a741ddd997ca92e36832f26088eb0e67830ad8
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-05-26 00:47:11 +00:00
XiaokangQian c3017f620f Remove useless guards and refine checking 
Change-Id: I9cd3073826fc65c203e479d83bed72331ff8963d
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-05-26 00:47:10 +00:00
XiaokangQian 189ded2b07 Remove coordinate functions and change state machine in server side 
Change-Id: Id4abf78f493e77afc289409db691c9c61acde1d2
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-05-26 00:46:13 +00:00
Paul Elliott 8fba70f66c
Merge pull request #5749 from yuhaoth/pr/add-tls13-finished-message-and-wrapup 
TLS 1.3: Add Finished Message and wrapup
 2022-05-25 12:02:06 +01:00
Jerry Yu 5491f857d2 skip openssl client auth test 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-05-23 22:36:16 +08:00
Jerry Yu 090378c685 change exit code of cli auth test 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-05-23 21:03:52 +08:00
Manuel Pégourié-Gonnard 69e348db85
Merge pull request #5833 from superna9999/5826-create-mbedtls-pk-can-do-psa 
Permissions 1: create `mbedtls_pk_can_do_ext()`
 2022-05-23 10:58:32 +02:00
Jerry Yu 7eaadae941 fix no x509 info fail. 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-05-23 16:17:25 +08:00
Neil Armstrong c661ff51c9 Fix pk_can_do_ext tests with non-opaque keys 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-05-20 09:49:04 +02:00
Neil Armstrong 5c5b116a49 Add pk_can_do_ext test for non-opaque keys 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-05-19 18:07:53 +02:00
Paul Elliott 4283a6b121
Merge pull request #5736 from gilles-peskine-arm/psa-raw_key_agreement-buffer_too_small 
Make psa_raw_key_agreement return BUFFER_TOO_SMALL
 2022-05-19 16:06:02 +01:00
Przemek Stekiel 476d9c45b8 Use MBEDTLS_TEST_DEPRECATED only in tests 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-05-19 14:11:06 +02:00
Przemek Stekiel fcdd023ba6 derive_output tests: add invalid input secret test for HKDF-Expand 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-05-19 10:28:58 +02:00
Manuel Pégourié-Gonnard 6ab65e28cf
Merge pull request #5842 from mprse/decrypt_tests 
RSA decrypt 2: TLS 1.2 integration testing
 2022-05-18 12:58:50 +02:00
Jerry Yu 36becb1b81 update hrr tests 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-05-18 09:58:48 +08:00
Jerry Yu a7abc5eaa8 fix ci test fails 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-05-18 09:58:48 +08:00
Jerry Yu 155493d4f5 fix openssl test fail. 
different version openssl client return
different output. remove string check
to workaround it

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-05-18 09:58:48 +08:00
Jerry Yu 6622049bcc test:add state check 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-05-18 09:58:48 +08:00
Jerry Yu 4d8567fa9e fix various issues 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-05-18 09:58:48 +08:00
Gilles Peskine 42ed963c72 Update PSA compliance test branch 
Update to a branch with a fix for the test case
"expected error for psa_raw_key_agreement - Small buffer size"
since we just fixed the corresponding bug.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-05-17 17:23:09 +02:00
Paul Elliott a478441517
Merge pull request #5748 from yuhaoth/pr/add-tls13-write-certificate-and-verify 
TLS1.3:Add Certificate and CertificateVerify message on Server Side
 2022-05-17 15:47:36 +01:00
Neil Armstrong 8eb0afb726 Remove duplicate pk_can_do_ext test 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-05-17 14:58:11 +02:00
Neil Armstrong 408f6a60a3 Add usage parameter to mbedtls_pk_can_do_ext() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-05-17 14:23:20 +02:00
Neil Armstrong 434d4eb74f Remove invalid comments in pk_can_do_ext() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-05-17 11:58:22 +02:00
Gilles Peskine 7be11a790d Use TEST_LE_U in some places where it applies 
Systematically replace "TEST_ASSERT( $x <= $y )" by "TEST_LE_U( $x, $y )" in
test_suite_psa_crypto. In this file, all occurrences of this pattern are
size_t so unsigned.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-05-16 19:37:53 +02:00
Gilles Peskine d1465429a2 New test helper macros TEST_LE_U, TEST_LE_S 
Test assertions for integer comparisons that display the compared values on
failure. Similar to TEST_EQUAL.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-05-16 19:33:11 +02:00
Gilles Peskine 3ff25443c8 Separate the validation of the size macros and of the function 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-05-16 19:33:11 +02:00
Gilles Peskine d4a258a08f Improve PSA_RAW_KEY_AGREEMENT_OUTPUT_SIZE validation 
We want to check:
1. actual output <= PSA_RAW_KEY_AGREEMENT_OUTPUT_SIZE (the output fits
   if the caller uses the key-specific buffer size macro)
2. actual output <= PSA_RAW_KEY_AGREEMENT_OUTPUT_MAX_SIZE (the output fits
   if the caller uses the generic buffer size macro)
3. PSA_RAW_KEY_AGREEMENT_OUTPUT_SIZE <= PSA_RAW_KEY_AGREEMENT_OUTPUT_MAX_SIZE
   (consistency in the calculation)

We were only testing (1) and (2). Test (3) as well. (1) and (3) together
imply (2) so there's no need to test (2).

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-05-16 19:33:11 +02:00
Gilles Peskine 992bee8b6e Test psa_raw_key_agreement with a larger/smaller buffer 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-05-16 19:33:11 +02:00
Przemek Stekiel 8da6da3da2 ssl-opt.sh: add test of RSA Opaque keys with TLS 1.2 server for decryption 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-05-16 14:37:50 +02:00
Gilles Peskine 9b7e29663f
Merge pull request #4211 from ccawley2011/mingw 
Fix compilation with MinGW32
 2022-05-16 12:30:37 +02:00
Przemek Stekiel e58ca8bb5e Add MBEDTLS_TEST_DEPRECATED dependency 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-05-13 15:48:41 +02:00
Jerry Yu b89125b81a Add test without server certificate 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-05-13 15:50:04 +08:00
Przemek Stekiel 61922d1328 Fix mbedtls_cipher_setup_psa() dependencies in tests 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-05-12 13:51:51 +02:00
Manuel Pégourié-Gonnard 1cd4f6a873
Merge pull request #5794 from mprse/cipher_dep 
Fix undeclared dependencies: CIPHER
 2022-05-12 13:09:04 +02:00
Manuel Pégourié-Gonnard 4014a0408e
Merge pull request #5617 from gilles-peskine-arm/chacha20-rfc7539-test-vector 
PSA: ChaCha20: add RFC 7539 test vector with counter=1
 2022-05-12 12:34:20 +02:00
Neil Armstrong ce1d2397d2 Add tests for mbedtls_pk_can_do_ext() in test_suite_pktest_suite_pk 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-05-12 11:53:02 +02:00
Przemek Stekiel da5f483ad8 all.sh: Fix order of CIPHER dependencies 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-05-12 10:42:20 +02:00
Przemek Stekiel 179d74831f all.sh: add build/test config crypto_full minus CIPHER 
Dependency list:

- ['MBEDTLS_CIPHER_C']
- ['MBEDTLS_CMAC_C', 'MBEDTLS_NIST_KW_C', 'MBEDTLS_PKCS12_C', 'MBEDTLS_PKCS5_C', 'MBEDTLS_CCM_C', 'MBEDTLS_GCM_C', 'MBEDTLS_PSA_CRYPTO_C']
- ['MBEDTLS_PSA_CRYPTO_SE_C', 'MBEDTLS_PSA_CRYPTO_STORAGE_C', 'MBEDTLS_USE_PSA_CRYPTO']

Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-05-12 10:42:20 +02:00
Przemek Stekiel 10f3a601b4 all.sh: add build/test config full minus CIPHER 
Dependency list:
- ['MBEDTLS_CIPHER_C']
- ['MBEDTLS_CMAC_C', 'MBEDTLS_NIST_KW_C', 'MBEDTLS_PKCS12_C', 'MBEDTLS_PKCS5_C', 'MBEDTLS_CCM_C', 'MBEDTLS_GCM_C', 'MBEDTLS_PSA_CRYPTO_C', 'MBEDTLS_SSL_TLS_C', 'MBEDTLS_SSL_TICKET_C']
- ['MBEDTLS_PSA_CRYPTO_SE_C', 'MBEDTLS_PSA_CRYPTO_STORAGE_C', 'MBEDTLS_SSL_PROTO_TLS1_3', 'MBEDTLS_SSL_CLI_C', 'MBEDTLS_SSL_SRV_C', 'MBEDTLS_SSL_DTLS_ANTI_REPLAY', 'MBEDTLS_SSL_DTLS_CONNECTION_ID', 'MBEDTLS_USE_PSA_CRYPTO']

Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-05-12 10:42:20 +02:00
Jerry Yu c450566b85 Update client auth tests 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-05-12 14:44:59 +08:00
Jerry Yu c8bdbf72d3 test:add state check for certificate and verify 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-05-12 14:44:59 +08:00
Dave Rodgman 3009a97e00 Minor spelling / grammar improvements 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2022-05-11 21:25:54 +01:00
Andrzej Kurek 5c65c5781f Fix additional misspellings found by codespell 
Remaining hits seem to be hex data, certificates,
and other miscellaneous exceptions.
List generated by running codespell -w -L 
keypair,Keypair,KeyPair,keyPair,ciph,nd

Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-05-11 21:25:54 +01:00
Shaun Case 8b0ecbccf4 Redo of PR#5345. Fixed spelling and typographical errors found by CodeSpell. 
Signed-off-by: Shaun Case <warmsocks@gmail.com>
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2022-05-11 21:25:51 +01:00
Przemek Stekiel 398c503f6f generate_psa_tests.py: adapt OpFail test generator for HKDF-Exract/Expand algs 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-05-11 14:05:40 +02:00
Przemek Stekiel 6786a87ccd derive_output tests: add capacity HKDF-Extract/Expand tests 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-05-11 12:40:21 +02:00
Przemek Stekiel 2849e0e4d5 derive_output tests: add negative HKDF-Extract/Expand tests 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-05-11 12:38:01 +02:00
Przemek Stekiel e1036fbe90 derive_output tests: add positive HKDF-Extract/Expand tests 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-05-11 12:34:53 +02:00
Przemek Stekiel ead1bb9987 derive_output test: Adapt for HKDF-Extract/Expand algs 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-05-11 12:22:57 +02:00
Manuel Pégourié-Gonnard 5479f5321a
Merge pull request #5772 from superna9999/5762-rsa-decrypt-pk 
RSA decrypt 1a: PK
 2022-05-11 11:01:01 +02:00
Neil Armstrong 814562afaa Switch last TEST_ASSERT() in TEST_EQUAL() in pk_wrap_rsa_decrypt_test_vec() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-05-11 09:29:57 +02:00
Paul Elliott d1a954d243
Merge pull request #5707 from yuhaoth/pr/add-tls13-write-hello-retry-request 
TLS1.3: Add  HelloRetryRequest Write
 2022-05-10 17:25:33 +01:00
Cameron Cawley ea5496ceb3 Fix compilation with MinGW32 
Signed-off-by: Cameron Cawley <ccawley2011@gmail.com>
 2022-05-10 13:46:09 +01:00
Manuel Pégourié-Gonnard 42650260a9
Merge pull request #5783 from mprse/md_dep_v3 
Fix undeclared dependencies: MD
 2022-05-10 10:41:32 +02:00
Manuel Pégourié-Gonnard 9bbb7bacae
Merge pull request #5791 from superna9999/5788-unify-non-opaque-and-opaque-psks 
Unify non-opaque and opaque PSKs
 2022-05-09 10:15:16 +02:00
Jerry Yu ede50ea891 move hrr tests 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-05-09 15:49:09 +08:00
Jerry Yu 23f7a6fc5c share write_body between HRR and ServerHello 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-05-09 15:49:01 +08:00
Jerry Yu cb03677f85 add hrr test 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-05-09 15:48:59 +08:00
XiaokangQian a987e1d2f8 Change state machine after encrypted extension and update cases 
Change-Id: Ie84a2d52a08538afb8f6096af0c054bd55ed66cb
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-05-07 01:37:04 +00:00
XiaokangQian 45c22201b3 Update test cases and encrypted extension state set 
Change-Id: Ie1acd10b61cefa9414169b276a0c5c5ff2f9eb79
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-05-07 01:37:04 +00:00
XiaokangQian 2f150e184f Update status and add test cases for client certificate request 
Change-Id: If9b9672540d2b427496b7297aa484b8bcfeb75c5
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-05-07 01:37:04 +00:00
Ronald Cron 25b1f5d2b7
Merge pull request #5545 from xffbai/tls13-write-enc-ext 
TLS1.3: add writing encrypted extensions on server side.
 2022-05-06 13:54:45 +02:00
Przemek Stekiel d3ba7367c9 component_test_crypto_full_no_md: fix order of disabled features 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-05-06 11:41:56 +02:00
Przemek Stekiel fe2367af26 all.sh: add build/test config crypto_full minus MD 
Dependeny list:
- ['MBEDTLS_MD_C']
- ['MBEDTLS_ECJPAKE_C', 'MBEDTLS_PKCS5_C', 'MBEDTLS_PKCS12_C', 'MBEDTLS_PKCS1_V15', 'MBEDTLS_PKCS1_V21', 'MBEDTLS_HKDF_C', 'MBEDTLS_HMAC_DRBG_C', 'MBEDTLS_PK_C']
- ['MBEDTLS_ECDSA_DETERMINISTIC', 'MBEDTLS_PK_PARSE_C', 'MBEDTLS_PK_WRITE_C', 'MBEDTLS_RSA_C']

Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-05-05 12:09:03 +02:00
Przemek Stekiel 1068c224a4 Adapt generated psa no_supported tests for HMAC 
Remove no_supported HMAC generate/import tests when !PSA_KEY_TYPE_HMAC as HMAC key creation works regardless of PSA_WANT_KEY_TYPE_HMAC.

Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-05-05 12:09:03 +02:00
Przemek Stekiel cd204992f2 Fix dependencies in tests 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-05-05 12:09:03 +02:00
Werner Lewis e59a531455 Fix memcpy() UB in mbedtls_asn1_named_data() 
Removes a case in mbedtls_asn1_named_data() where memcpy() could be
called with a null pointer and zero length. A test case is added for
this code path, to catch the undefined behavior when running tests with
UBSan.

Signed-off-by: Werner Lewis <werner.lewis@arm.com>
 2022-05-04 11:45:06 +01:00
Neil Armstrong cd05f0b9e5 Drop skip PMS generation for opaque XXX-PSK now Opaque PSA key is always present when MBEDTLS_USE_PSA_CRYPTO selected 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-05-04 11:08:41 +02:00
Neil Armstrong 4c3b4e079c Initialize & free PSA in test_multiple_psks() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-05-04 11:08:41 +02:00
Jerry Yu 7c0da07445 Update state check 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-05-03 15:08:54 +08:00
Neil Armstrong b32ae72e27 Add PK Opaque RSA decrypt tests 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-05-02 09:14:58 +02:00
Manuel Pégourié-Gonnard 068a13d909
Merge pull request #5771 from superna9999/5761-rsa-decrypt-rework-pk-wrap-as-opaque 
RSA decrypt 0: Rework `mbedtls_pk_wrap_as_opaque()`
 2022-05-02 09:06:49 +02:00
Manuel Pégourié-Gonnard 67397fa4fd
Merge pull request #5704 from mprse/mixed_psk_2cx 
Mixed PSK 2a, 2b, 2c: enable client/server support opaque RSA-PSK, ECDHE-PSK, DHE-PSK
 2022-04-29 10:47:16 +02:00
Gilles Peskine 310294f06a
Merge pull request #5759 from tom-daubney-arm/correct_x509_flag_parse_tests 
Set flag to proper value in x509 parse tests
 2022-04-28 18:27:36 +02:00
Gilles Peskine 2b5d898eb4
Merge pull request #5644 from gilles-peskine-arm/psa-storage-format-test-exercise 
PSA storage format: exercise key
 2022-04-28 18:20:02 +02:00
Gilles Peskine 038108388a
Merge pull request #5654 from gilles-peskine-arm/psa-crypto-config-file 
Support alternative MBEDTLS_PSA_CRYPTO_CONFIG_FILE
 2022-04-28 18:17:50 +02:00
Gilles Peskine 4098083ed4
Merge pull request #5745 from superna9999/5712-pk-opaque-rsa-pss-sign-tls 
RSA-PSS sign 2: TLS 1.3 integration testing
 2022-04-28 18:16:44 +02:00
Neil Armstrong 95974974d2 Update mbedtls_pk_wrap_as_opaque() usage in PK & X509write tests 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-04-28 13:27:59 +02:00
Manuel Pégourié-Gonnard ad47487e25
Merge pull request #5742 from superna9999/5669-review-test-incompatible-psa 
Fixup or re-enable tests with Use PSA
 2022-04-28 09:57:13 +02:00
Neil Armstrong 98136b14e0 Fixup and update comment of disabled USE_PSA_CRYPTO test check in all.sh 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-04-27 10:00:42 +02:00
Neil Armstrong 1c9eb722fd Update PSA specific comment in pk_rsa_verify_ext_test_vec() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-04-25 14:38:18 +02:00
Jerry Yu cef55dbd6a ssl-opt: add state check 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-04-25 19:41:47 +08:00
Ronald Cron eecd0d2fc3
Merge pull request #5679 from yuhaoth/pr/add-tls13-write-server-hello 2022-04-25 09:28:40 +02:00
Ronald Cron a828f4d89c
Merge pull request #5684 from tom-daubney-arm/M-AEAD_decrypt_driver_dispatch_test 
M aead decrypt driver dispatch test
The internal CI "merge TLS testing" ran successfully, CI is OK.
 2022-04-23 12:10:21 +02:00
Neil Armstrong 882e02ea7a Move and fixup check_test_requires_psa_disabled() into check_test_cases() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-04-22 16:53:07 +02:00
Neil Armstrong 6e6967f6a0 Reorganize PSA INVALID_PADDING handling for test #5 in pk_rsa_verify_ext_test_vec() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-04-22 16:46:24 +02:00
Gilles Peskine eef30bcea1
Merge pull request #5755 from mpg/ecdsa-range-test 
Expand negative coverage of ECDSA verification
 2022-04-22 16:43:44 +02:00
Jerry Yu 955ddd75a3 fix various issues 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-04-22 22:27:33 +08:00
Przemek Stekiel 85d46fe6cf ssl-opt.sh: add tests for clent/server psa opaque dhe-psk key exchange 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-04-22 14:54:33 +02:00
Przemek Stekiel b6a0503dda ssl-opt.sh: add tests for clent/server psa opaque ecdhe-psk key exchange 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-04-22 14:53:55 +02:00
Przemek Stekiel b270b56372 ssl-opt.sh: add tests for server psa opaque rsa-psk key exchange 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-04-22 14:52:28 +02:00
Przemek Stekiel 8e0495e0f4 ssl-opt.sh: add tests for client psa opaque rsa-psk key exchange 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-04-22 14:52:28 +02:00
Manuel Pégourié-Gonnard 60d83f0126
Merge pull request #5710 from superna9999/5627-pk-opaque-rsa-x509 
RSA sign 3a: X.509 integration testing
 2022-04-22 14:29:23 +02:00
Thomas Daubney 7d063f6467 Adds comments for clarification 
Adds two comments to clarify 1) why an offset is used
in the call to psa_aead_verify() and 2) why the test of
.hits_finish is always 0 in this test case.

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
 2022-04-22 11:36:07 +01:00
Jerry Yu 8b9fd374b8 Add P_CLI test to easy debug 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-04-22 16:45:01 +08:00
Jerry Yu abf20c7564 add state check 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-04-22 16:45:01 +08:00
Ronald Cron 38b8aa4f63
Merge pull request #5539 from xkqian/add_client_hello_to_server 
Add client hello into server side
 2022-04-22 10:26:00 +02:00
Neil Armstrong 7f6f672d7e Add Opaque PK test case for TLS 1.3 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-04-22 10:23:10 +02:00
Manuel Pégourié-Gonnard 21f82c7510
Merge pull request #5709 from superna9999/5625-pk-opaque-rsa-tls12 
RSA sign 3b: TLS 1.2 integration testing
 2022-04-22 10:05:43 +02:00
Neil Armstrong e6ed23cb90 Fix typo in x509_crt_check() comment 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-04-22 09:44:04 +02:00
XiaokangQian e8ff350698 Update code to align with tls13 coding standard 
Change-Id: I3c98b7d0db63aecc712a67f4e8da2cb9945c8f17
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-04-22 02:34:40 +00:00
Manuel Pégourié-Gonnard 70701e39b5
Merge pull request #5726 from mprse/mixed_psk_1_v2 
Mixed PSK 1: Extend PSK-to-MS algorithm in PSA (v.2)
 2022-04-21 17:11:52 +02:00
Manuel Pégourié-Gonnard 90c70146b5
Merge pull request #5728 from superna9999/5711-pk-opaque-rsa-pss-sign 
RSA-PSS sign 1: PK
 2022-04-21 17:11:18 +02:00
Gilles Peskine 9d8716c5aa
Merge pull request #5739 from gilles-peskine-arm/depends-curves-positive-only 
Don't test with all-but-one elliptic curves
 2022-04-21 12:34:44 +02:00
Neil Armstrong 843795ad2f Use macro for public key buffer size in pk_psa_wrap_sign_ext() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-04-21 12:23:28 +02:00
Gilles Peskine afbfed9397
Merge pull request #5582 from gilles-peskine-arm/ssl-opt-auto-psk 
Run ssl-opt.sh in more reduced configurations
 2022-04-21 12:03:53 +02:00
Przemek Stekiel 4e47a91d2e Fix indentation issues 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-04-21 11:53:57 +02:00
Przemek Stekiel 4daaa2bd05 derive_output mix-psk test: add more cases for derivation of output key 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-04-21 11:53:57 +02:00
Przemek Stekiel 6aabc473ce derive_output test: remove redundant tests with raw key agreement 
Already handled by input_bytes().
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-04-21 11:53:57 +02:00
Przemek Stekiel e665466a80 derive_output test: add other key type value 11 to handle raw key type 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-04-21 11:53:57 +02:00
Przemek Stekiel c5bd1b8b24 PSA key derivation mix-psk tests: add description for bad state cases 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-04-21 11:53:57 +02:00
Przemek Stekiel 38647defa8 derive_output() test: fix code style 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-04-21 11:53:57 +02:00
Przemek Stekiel cd00d7f724 test PSA key derivation: add positive and negative cases for mixed-psk 
Mix-PSK-to-MS test vectors are generated using python-tls library:
https://github.com/python-tls/tls

Steps to generate test vectors:
1. git clone git@github.com:python-tls/tls.git
2. cd tls
3. python3 setup.py build
4. sudo python3 setup.py install
5. Use the python script below to generate Master Secret (see description for details):

"""
Script to derive MS using mixed PSK to MS algorithm.

Script can be used to generate expected result for mixed PSK to MS tests.

Script uses python tls library:
https://github.com/python-tls/tls

Example usage:
derive_ms.py <secret> <other_secret> <seed> <label> <hash>
derive_ms.py 01020304 ce2fa604b6a3e08fc42eda74ab647adace1168b199ed178dbaae12521d68271d7df56eb56c55878034cf01bd887ba4d7 5bc0b19b4a8b24b07afe7ec65c471e94a7d518fcef06c3574315255c52afe21b5bc0b19b872b9b26508458f03603744d575f463a11ae7f1b090c012606fd3e9f 6d617374657220736563726574 SHA256

secret          : 01020304
other_secret    : ce2fa604b6a3e08fc42eda74ab647adace1168b199ed178dbaae12521d68271d7df56eb56c55878034cf01bd887ba4d7
pms             : 0030ce2fa604b6a3e08fc42eda74ab647adace1168b199ed178dbaae12521d68271d7df56eb56c55878034cf01bd887ba4d7000401020304
seed            : 5bc0b19b4a8b24b07afe7ec65c471e94a7d518fcef06c3574315255c52afe21b5bc0b19b872b9b26508458f03603744d575f463a11ae7f1b090c012606fd3e9f
label           : 6d617374657220736563726574
output          : 168fecea35190f9df34c042f24ecaa5e7825337f2cd82719464df5462f16aae84cb38a65c0d612ca9273f998ad32c05b
"""
from cryptography.hazmat.primitives import hashes
from tls._common.prf import prf
import os
import sys

def build_pms(other_secret: bytes, secret: bytes) -> bytes:
    other_secret_size = len(other_secret).to_bytes(2, byteorder='big')
    secret_size = len(secret).to_bytes(2, byteorder='big')
    return(other_secret_size + other_secret + secret_size + secret)

def derive_ms(secret: bytes, other_secret: bytes, seed: bytes, label: bytes, hash: hashes.HashAlgorithm) -> bytes:
    return prf(build_pms(other_secret, secret), label, seed, hash, 48)

def main():
    #check args
    if len(sys.argv) != 6:
        print("Invalid number of arguments. Expected: <secret> <other_secret> <seed> <label> <hash>" )
        return
    if sys.argv[5] != 'SHA384' and sys.argv[5] != 'SHA256':
        print("Invalid hash algorithm. Expected: SHA256 or SHA384" )
        return

    secret = bytes.fromhex(sys.argv[1])
    other_secret = bytes.fromhex(sys.argv[2])
    seed = bytes.fromhex(sys.argv[3])
    label = bytes.fromhex(sys.argv[4])
    hash_func = hashes.SHA384() if sys.argv[5] == 'SHA384' else hashes.SHA256()
    pms = build_pms(other_secret, secret)

    actual_output = derive_ms(secret, other_secret, seed, label, hash_func)

    print('secret       : ' + secret.hex())
    print('other_secret : ' + other_secret.hex())
    print('pms          : ' + pms.hex())
    print('seed         : ' + seed.hex())
    print('label        : ' + label.hex())
    print('output       : ' + actual_output.hex())

if __name__ == "__main__":
    main()

Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-04-21 11:41:41 +02:00
Gilles Peskine b29d814169 Use MAX_SIZE macros instead of hard-coding IV/nonce max size 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-04-21 11:33:17 +02:00
Gilles Peskine 5eef11af2c Remove redundant initialization of iv_length 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-04-21 11:33:11 +02:00
Gilles Peskine 286c314ae3 cipher_alg_without_iv: also test multipart decryption 
For multipart encrpytion, call psa_cipher_finish(). This is not actually
necessary for non-pathological implementations of ECB (the only currently
supported IV-less cipher algorithm) because it requires the input to be a
whole number of blocks and non-pathological implementations emit the output
block from update() as soon as an input block is available. But in principle
a driver could delay output and thus require a call to finish().

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-04-21 11:27:17 +02:00
Gilles Peskine 9e38f2c8fd cipher_alg_without_iv: generalized to also do decryption 
Test set_iv/generate_iv after decrypt_setup. Test successful decryption.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-04-21 11:25:00 +02:00
Gilles Peskine 9b9b614a02 cipher_encrypt_alg_without_iv: validate size macros independently 
Validate the size macros directly from the output length in the test data,
rather than using the value returned by the library. This is equivalent
since the value returned by the library is checked to be identical.

Enforce that SIZE() <= MAX_SIZE(), in addition to length <= SIZE(). This is
stronger than the previous code which merely enforced length <= SIZE() and
length <= MAX_SIZE().

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-04-21 11:24:48 +02:00
Neil Armstrong 09030a345c Refine component_check_test_requires_psa_disabled change grep options order for better compatibility 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-04-21 11:17:43 +02:00
Manuel Pégourié-Gonnard ec52893ec3 Improve readability and relevance of values 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-04-21 09:25:23 +02:00
Thomas Daubney 28015e1e44 Set flag to proper value 
Set flag to proper value. Was previously 0xFFFFFFF and has been
corrected to 0xFFFFFFFF.

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
 2022-04-21 08:12:59 +01:00
XiaokangQian 318dc763a6 Fix test failure issue and update code styles 
Change-Id: I0b08da1b083abdb19dc383e6f4b210f66659c109
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-04-20 09:43:51 +00:00
XiaokangQian de33391fa0 Rebase and solve conflicts 
Change-Id: I7f838ff5b607fe5e6b68d74d0edc1def8fc9a744
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-04-20 08:49:42 +00:00
Manuel Pégourié-Gonnard d8d19de1c7 Expand negative coverage of ECDSA verification 
Motivated by CVE-2022-21449, to which we're not vulnerable, but we
didn't have a test for it. Now we do.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-04-20 10:34:22 +02:00
XiaokangQian 3f84d5d0cd Update test cases and fix the test failure 
Change-Id: If93506fc3764d49836b229d51e4ad5b008cc3343
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-04-20 07:45:50 +00:00