yuzu-mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-mirror/mbedtls.git synced 2025-12-06 07:12:32 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity
26773 commits 89 branches 205 tags 114 MiB
Commit graph

9545 commits

Author SHA1 Message Date
Dave Rodgman 04a334af55 Make const-time test not depend on internal knowledge of mbedtls_ct_condition_t 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-07-31 12:48:33 +01:00
Janos Follath 2f04582d37 Move MBEDTLS_ECP_WITH_MPI_UINT to mbedtls_config.h 
There is a precedent for having bigger and less mature options in
mbedtls_config.h (MBEDTLS_USE_PSA_CRYPTO) for an extended period.
Having this option in mbedtls_config.h is simpler and more robust.

Signed-off-by: Janos Follath <janos.follath@arm.com>
 2023-07-31 10:57:16 +01:00
Valerio Setti f5051efa81 test: properly size output buffer in key_agreement_fail() 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-07-31 11:35:48 +02:00
Janos Follath f3135af159 Use config.py in all new bignum tests 
This previous test is correct, as it is using make. Switch to using
config.py for robustness and consistency.

Signed-off-by: Janos Follath <janos.follath@arm.com>
 2023-07-31 10:07:57 +01:00
Janos Follath 82823b2fe8 Fix new bignum tests 
These tests weren't working, because they use CMake and can't pass
options with CFLAGS directly. This could be mitigated by adding a CMake
option, but using config.py is less invasive and it is what we normally
use for setting build options anyway.

Signed-off-by: Janos Follath <janos.follath@arm.com>
 2023-07-31 10:01:47 +01:00
Xiaokang Qian d0657b0015 ecp_mod_p448 has been moved to ecp_mod_p_generic_raw, remove here 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2023-07-31 06:46:28 +00:00
Xiaokang Qian e25597dad7 Make ecp_mode_xxx functions depend on the new macro 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2023-07-31 06:46:28 +00:00
Dave Rodgman 2b174abd86 code style 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-07-28 18:29:41 +01:00
Dave Rodgman 2d28c46055 Fix asm Memsan workaround 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-07-28 18:24:22 +01:00
Gowtham Suresh Kumar 6f1977bf20 Use variables for selecting compilers 
The latest and earliest clang/GCC compilers are now used through
variables instead of symlinks and also the all.sh script is updated
to support options for overriding the default values.

Signed-off-by: Gowtham Suresh Kumar <gowtham.sureshkumar@arm.com>
 2023-07-28 17:04:47 +01:00
Gowtham Suresh Kumar 1e829a403f Use compgen to gather components in all.sh 
Signed-off-by: Gowtham Suresh Kumar <gowtham.sureshkumar@arm.com>
 2023-07-28 16:41:21 +01:00
Gowtham Suresh Kumar 8d45ec8b97 Remove test_clang_opt check 
The component functions in all.sh will be listed using
compgen instead of sed so this check is not needed.

Signed-off-by: Gowtham Suresh Kumar <gowtham.sureshkumar@arm.com>
 2023-07-28 16:36:25 +01:00
Valerio Setti 1eacae865e test: check exported length against proper MAX_SIZE 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-07-28 17:29:48 +02:00
Dave Rodgman fa5a4bbb02 Improve mbedtls_ct_memmove_left w.r.t. const-flow tests 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-07-28 16:13:52 +01:00
Dave Rodgman 8de3482507 Fix false-positive non-const-time errors in test 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-07-28 15:10:00 +01:00
Kusumit Ghoderao be55b7e45a Add test cases for 16 byte and empty password 
Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>
 2023-07-27 21:22:26 +05:30
Waleed Elmelegy d7bdbbeb0a Improve naming of mimimum RSA key size generation configurations 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2023-07-27 14:50:09 +00:00
Tom Cosgrove 0540fe74e3 Fix code style 
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
 2023-07-27 14:17:27 +01:00
Janos Follath e0fa7ec4db
Merge pull request #7988 from gabor-mezei-arm/7598_add_32bit_test_component 
Add 32bit test component for ecp with new bignum interface
 2023-07-27 13:00:04 +00:00
Agathiyan Bragadeesh 763b353f2f Replace TEST_ASSERT("message" == 0) with TEST_FAIL 
Signed-off-by: Agathiyan Bragadeesh <agathiyan.bragadeesh2@arm.com>
 2023-07-27 13:52:31 +01:00
Waleed Elmelegy 3d158f0c28 Adapt tests to work on all possible minimum RSA key sizes 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2023-07-27 11:03:35 +00:00
Waleed Elmelegy ab5707185a Add a minimum rsa key size config to psa config 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2023-07-27 11:00:03 +00:00
Waleed Elmelegy 76336c3e4d Enforce minimum key size when generating RSA key size 
Add configuration to enforce minimum size when
generating a RSA key, it's default value is 1024
bits since this the minimum secure value currently
but it can be any value greater than or equal 128
bits. Tests were modifed to accommodate for this
change.

Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2023-07-27 10:58:25 +00:00
Valerio Setti 3a96227706 generate_psa_tests: remove checks for DH's LEGACY symbols 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-07-27 11:01:33 +02:00
Valerio Setti 27602c32a2 test: accelerate all KEY_PAIR symbols in accel FFDH component 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-07-27 09:15:34 +02:00
Valerio Setti a55f042636 psa: replace DH_KEY_PAIR_LEGACY with new symbols 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-07-27 09:15:34 +02:00
Gilles Peskine 51ed3139d1
Merge pull request #7909 from mpg/dh-generate-psa-tests 
Enable DH in generate_psa_tests.py
 2023-07-26 17:46:09 +00:00
Gowtham Suresh Kumar 186731b22a Fix warnings from clang-16 
Running clang-16 on mbedtls reports warnings of type "-Wstrict-prototypes".
This patch fixes these warnings by adding void to functions with no
arguments. The generate_test_code.py is modified to insert void into test
functions with no arguments in *.function files.

Signed-off-by: Gowtham Suresh Kumar <gowtham.sureshkumar@arm.com>
 2023-07-26 17:11:51 +01:00
Gowtham Suresh Kumar a12baf8c5f Update test scripts to use latest/earliest compilers 
The Ubuntu 16.04 and 22.04 docker images have been updated with
earliest and latest versions of gcc and clang respectively.
This patch adds the necessary component and support functions
required for the CI to run these compilers.

For FreeBSD we invoke the function by name so a condition is added
to disable the existing test_clang_opt function for linux.

Signed-off-by: Gowtham Suresh Kumar <gowtham.sureshkumar@arm.com>
 2023-07-26 16:51:45 +01:00
Gabor Mezei e256cc1552
Add 32bit test component for ecp with new bignum interface 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2023-07-26 17:35:44 +02:00
Gilles Peskine bb07377458
Merge pull request #7935 from AgathiyanB/add-enum-casts 
Add type casts for integer and enum types
 2023-07-26 11:27:27 +02:00
Manuel Pégourié-Gonnard c154a043bb Fix dependencies for DH (and RSA) key pairs 
- RSA was missing the MBEDTLS_ prefix.
- DH needs the same temporary fix (prefix + suffix) for now.
- hack_dependencies_not_implemented() needs to ignore MBEDTLS_PSA_WANT
dependencies.

While at it, make the code currently used for ECC more generic, so that
it's ready to be used for RSA and DH in the near future.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-07-26 09:34:30 +02:00
Manuel Pégourié-Gonnard afe4b79114 Enable DH in generate_psa_tests.py 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-07-26 09:32:42 +02:00
Paul Elliott f1c032adba
Merge pull request #7902 from valeriosetti/issue7772 
Define PSA_WANT_xxx_KEY_PAIR_yyy step 2/RSA
 2023-07-25 17:13:43 +01:00
Agathiyan Bragadeesh 93a859341b Remove remaining redundant casts 
Signed-off-by: Agathiyan Bragadeesh <agathiyan.bragadeesh2@arm.com>
 2023-07-25 12:28:59 +01:00
Agathiyan Bragadeesh d298b76421 Remove redundant casts 
Signed-off-by: Agathiyan Bragadeesh <agathiyan.bragadeesh2@arm.com>
 2023-07-25 11:33:00 +01:00
Valerio Setti 19fec5487d test: remove GENPRIME dependency when RSA_KEY_PAIR_GENERATE 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-07-25 12:31:50 +02:00
Waleed Elmelegy f3fafc3645 Fix CI errors related pkcs5_pbe changes 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2023-07-24 11:45:46 +01:00
Yanray Wang 21127f7095 code_size_compare: add logging module and tweak prompt message 
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
 2023-07-24 18:07:12 +08:00
Agathiyan Bragadeesh 8dc913899d Fix server1.crt.der in makefile 
Signed-off-by: Agathiyan Bragadeesh <agathiyan.bragadeesh2@arm.com>
 2023-07-24 10:44:00 +01:00
Agathiyan Bragadeesh 3dd3ae219e Remove trailing backslash 
Signed-off-by: Agathiyan Bragadeesh <agathiyan.bragadeesh2@arm.com>
 2023-07-21 17:07:00 +01:00
Gilles Peskine 5647d06be8
Merge pull request #7518 from gilles-peskine-arm/psa_inject_entropy-file-stability 
Fix and test MBEDTLS_PSA_INJECT_ENTROPY
 2023-07-21 17:37:15 +02:00
Gilles Peskine 2387bdab0f
Merge pull request #1038 from Mbed-TLS/development 
Merge development into development-restricted
 2023-07-21 15:40:36 +02:00
Tom Cosgrove e4e9e7da58 For tests, rename TEST_BUFFERS_EQUAL() to TEST_MEMORY_COMPARE() 
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
 2023-07-21 11:45:25 +01:00
Tom Cosgrove a45d902822 Rename the length argument to TEST_CALLOC() to be the more accurate item_count 
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
 2023-07-21 11:36:11 +01:00
Tom Cosgrove 05b2a87ea0 For tests, rename TEST_CALLOC_OR_FAIL() to just TEST_CALLOC() 
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
 2023-07-21 11:32:25 +01:00
Ronald Cron 87f62850f3
Merge pull request #7893 from ronald-cron-arm/misc-from-psa-crypto 
Miscellaneous fixes resulting from the work on PSA-Crypto
 2023-07-21 10:54:41 +02:00
Tom Cosgrove 412a813ad4 For tests, rename ASSERT_ALLOC_WEAK() to TEST_CALLOC_OR_SKIP() 
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
 2023-07-20 16:55:14 +01:00
Gilles Peskine c723e86e56 Fix copypasta in function documentation 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-07-20 17:54:19 +02:00
Tom Cosgrove f9ffd11e7a For tests, rename ASSERT_ALLOC() to TEST_CALLOC_OR_FAIL() 
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
 2023-07-20 16:51:21 +01:00
Tom Cosgrove 65cd8519f7 For tests, rename ASSERT_COMPARE() to TEST_BUFFERS_EQUAL() 
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
 2023-07-20 16:51:15 +01:00
Manuel Pégourié-Gonnard c844c1a771
Merge pull request #7546 from mpg/align-psa-md-identifiers 
Align psa md identifiers
 2023-07-20 11:34:28 +02:00
Ronald Cron 7612d8c049 all.sh: Use consistently CONFIG_TEST_DRIVER_H 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2023-07-20 10:20:55 +02:00
Ronald Cron 6b49b55d6d all.sh: Use consistently CRYPTO_CONFIG_H 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2023-07-20 10:02:59 +02:00
Ronald Cron 7a93ac5308 all.sh: Use consistently CONFIG_H 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2023-07-20 10:02:32 +02:00
Dave Rodgman 8e8e6b9be3
Merge pull request #7934 from AgathiyanB/move-declarations-to-top 
Move declarations to top of functions
 2023-07-19 15:25:27 +01:00
Waleed Elmelegy 708d78f80b Improve & test legacy mbedtls_pkcs5_pbe2 
* Prevent pkcs5_pbe2 encryption when PKCS7 padding has been
  disabled since this not part of the specs.
* Allow decryption when PKCS7 padding is disabled for legacy
  reasons, However, invalid padding is not checked.
* Add tests to check these scenarios. Test data has been
  reused but with changing padding data in last block to
  check for valid/invalid padding.
* Document new behaviour, known limitations and possible
  security concerns.

Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2023-07-19 14:01:35 +01:00
Dave Rodgman 5f65acb02b
Merge pull request #7859 from gilles-peskine-arm/mbedtls_mpi-smaller 
Reduce the size of mbedtls_mpi
 2023-07-18 16:48:37 +01:00
Agathiyan Bragadeesh dc28a5a105 Rename ASSERT_FALSE to TEST_FAIL 
Signed-off-by: Agathiyan Bragadeesh <agathiyan.bragadeesh2@arm.com>
 2023-07-18 11:45:28 +01:00
Agathiyan Bragadeesh ebb40bc336 Add ASSERT_FALSE macro for tests 
Signed-off-by: Agathiyan Bragadeesh <agathiyan.bragadeesh2@arm.com>
 2023-07-18 11:38:04 +01:00
Manuel Pégourié-Gonnard 828b3acd6b
Merge pull request #7848 from valeriosetti/issue7749 
driver-only ECC: EPCf.TLS testing
 2023-07-18 10:33:21 +02:00
Agathiyan Bragadeesh 2d310deace Add cast in test macros.h 
Signed-off-by: Agathiyan Bragadeesh <agathiyan.bragadeesh2@arm.com>
 2023-07-17 18:27:03 +01:00
Tom Cosgrove 08b04b11ff
Merge pull request #7923 from gabor-mezei-arm/7598_fix_clone_of_ecp_module 
[Bignum] Fixes for the ecp module cloning
 2023-07-17 15:28:18 +01:00
Agathiyan Bragadeesh 2f017a8356 Add enum casts in ssl_helpers.c 
Signed-off-by: Agathiyan Bragadeesh <agathiyan.bragadeesh2@arm.com>
 2023-07-17 15:14:42 +01:00
Agathiyan Bragadeesh be3ad4aed3 Add type casts in psa_exercise_key 
Signed-off-by: Agathiyan Bragadeesh <agathiyan.bragadeesh2@arm.com>
 2023-07-17 15:14:42 +01:00
Agathiyan Bragadeesh 932126525a Move declarations to top in ssl_helpers.c 
Signed-off-by: Agathiyan Bragadeesh <agathiyan.bragadeesh2@arm.com>
 2023-07-17 12:21:06 +01:00
Ronald Cron e501d0e71e Add change log and non-regression test 
Add change log and non-regression test
for CCM* with no tag not supported in
CCM only configuration.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2023-07-17 11:53:20 +02:00
Ronald Cron 2e3795dc3c tests: Fix header inclusion 
When building tests, the path of the library
directory is part of the possible paths for
the includes thus no need to construct it
manually when including headers.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2023-07-17 11:52:32 +02:00
Gilles Peskine b366fe955d
Merge pull request #7478 from yuhaoth/pr/add-script-for-generating-cert-macros 
Add script for generating cert macros
 2023-07-17 11:13:07 +02:00
Gilles Peskine d8c4549246
Merge pull request #7432 from oberon-microsystems/fix-test-ecjpake-to-pms-dependency 
Fix derive_ecjpake_to_pms dependency in PSA crypto test
 2023-07-17 11:05:40 +02:00
Gabor Mezei f0021d495a
Update test function dependencies 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2023-07-14 14:43:27 +02:00
Gabor Mezei 92ce4c2cbf
Fix ecp variant check 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2023-07-14 14:43:22 +02:00
Paul Elliott 3c22366695
Merge pull request #7863 from valeriosetti/issue7790 
PK: parse: fix disparity with private Montgomery keys
 2023-07-11 18:02:12 +01:00
Dave Rodgman 84eaefa43e Use designated initializers for mbedtls_mpi 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-07-11 16:02:46 +01:00
Paul Elliott 88f34e3348
Merge pull request #7703 from gabor-mezei-arm/7598_clone_the_eco_module 
[Bignum] Clone the ECP module
 2023-07-11 15:00:01 +01:00
Valerio Setti 42796e25cf generate_psa_tests: fix automatically generated tests for RSA 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-07-11 14:06:00 +02:00
Valerio Setti acab57b6b4 test: replace RSA_KEY_PAIR_LEGACY with proper symbols 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-07-11 14:06:00 +02:00
Valerio Setti b2bcedbf9a library: replace MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_LEGACY 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-07-11 14:06:00 +02:00
Valerio Setti 1e6063c8ee test: set MBEDTLS_ECP_DP dependency also for Montgomery curves 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-07-11 11:28:22 +02:00
Valerio Setti d476faa595 test: add more tests for Montgomery's invalid masks 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-07-11 11:28:22 +02:00
Valerio Setti aed87994da test: verify that Montgomery keys can be fixed on parsing 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-07-11 11:28:22 +02:00
Valerio Setti 4a09dcc6f6 test: replace ECP_DP_CURVE25519_ENABLED with PSA_WANT_ECC_MONTGOMERY_255 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-07-11 11:28:22 +02:00
Valerio Setti ef80d11c1f test: add proper key requirements in X25519 key parsing tests 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-07-11 11:28:22 +02:00
Valerio Setti 5f54020d1a analyze_outcomes: do not skip test about wrong Montgomery private key 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-07-11 11:28:22 +02:00
Valerio Setti 0a92121716 test: test of Montgomery keys with uncorrect bits whenever PK_HAVE_ECC_KEYS 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-07-11 11:28:22 +02:00
Gilles Peskine b387fcf59b Adapt names (curves -> groups) in a separately added test case 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-07-11 09:19:13 +02:00
Gilles Peskine 6aca2c9613
Merge pull request #7716 from mpg/psa-util-internal 
Split psa_util.h between internal and public
 2023-07-10 18:33:23 +02:00
Gilles Peskine d9f0c76f9e
Merge pull request #7879 from tgonzalezorlandoarm/development 
tests/test_suite_pem: Augment DES test cases with AES: PEM
 2023-07-10 18:28:01 +02:00
Dave Rodgman f3e488ec40
Merge pull request #7216 from lpy4105/issue/6840/add-getters-for-some-fields 
Add getters for some fields
 2023-07-10 17:14:11 +01:00
Andrzej Kurek bdb41dd46d Add missing resource deallocation in tests 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2023-07-10 08:09:50 -04:00
Manuel Pégourié-Gonnard f614bde912
Merge pull request #7656 from mprse/ffdh_tls13_v2_drivers 
FFDH 4: driver-only parity testing - with TLS 1.3
 2023-07-10 13:08:47 +02:00
Dave Rodgman e183ecef3d
Merge pull request #7136 from yanrayw/5692-record-compatsh-test-cases 
Record the outcome of each test case in compat.sh
 2023-07-10 12:08:32 +01:00
Manuel Pégourié-Gonnard 5c41ae867b
Merge pull request #7887 from ronald-cron-arm/fix-hrr-in-psk-kem 
tls13: server: Fix spurious HRR
 2023-07-10 09:58:13 +02:00
Valerio Setti ee3a4d0d38 debug: replace occurence of ECP_LIGHT with PK_HAVE_ECC_KEYS 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-07-10 09:13:57 +02:00
Valerio Setti 6f0441d11e tls: replace occurencies of ECP_LIGHT with PK_HAVE_ECC_KEYS 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-07-10 09:13:57 +02:00
Valerio Setti 0085c2e486 test: fix message's text 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-07-10 09:10:20 +02:00
Valerio Setti 16b70f2b1a test: enabled ssl-opt testing in no_ecp_at_all components 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-07-10 09:10:20 +02:00
Valerio Setti 887f823deb test: re-enable TLS and key exchanges in no_ecp_at_all component 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-07-10 09:10:20 +02:00
Pengyu Lv 5cbb93ef14 Add test for cache timeout getter 
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
 2023-07-10 13:25:24 +08:00
Pengyu Lv db6143364a Add test for endpoint getter 
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
 2023-07-10 11:33:23 +08:00
Pengyu Lv 30e0870937 Add test for hostname getter 
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
 2023-07-10 11:33:23 +08:00
Dave Rodgman 7dbd2bf90c
Merge pull request #7441 from gilles-peskine-arm/mbedtls_x509_crt_parse_path-qemu-bug 
More mbedtls_x509_crt_parse_path() tests, and note qemu-user bug when 32-bit code run on 64-bit host
 2023-07-07 19:15:31 +01:00
Paul Elliott 2dfe7993af
Merge pull request #6914 from davidhorstmann-arm/cmake-pass-through-config-defines 
Pass `MBEDTLS_CONFIG_FILE` defines through cmake
 2023-07-07 17:01:57 +01:00
Manuel Pégourié-Gonnard 461d59b2f8
Merge pull request #7858 from mprse/ffdh_tls13_v2_f 
Make use of FFDH keys in TLS 1.3 - follow-up
 2023-07-07 16:19:35 +02:00
Dave Rodgman 8abb3497ad
Merge branch 'development' into mbedtls_x509_crt_parse_path-qemu-bug 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-07-07 15:11:35 +01:00
Ronald Cron 8a74f07c2a tls13: server: Fix spurious HRR 
If the server during a TLS 1.3 handshake selects
the PSK key exchange mode, it does not matter
if it did not find in the key share extension
a key share for a group it supports. Such a
key share is used and necessary only in the
case of the ephemeral or PSK ephemeral key
exchange mode. This is a possible scenario in
the case of a server that supports only the PSK
key exchange mode and a client that also
supports a key exchange mode with ephemeral keys.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2023-07-07 15:53:12 +02:00
Andrzej Kurek 34ccd8d0b6 Test x509 csr SAN DN and RFC822 generation 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2023-07-07 08:18:43 -04:00
Manuel Pégourié-Gonnard 9967f11066
Merge pull request #7810 from valeriosetti/issue7771 
Define PSA_WANT_xxx_KEY_PAIR_yyy step 2/ECC
 2023-07-07 10:22:47 +02:00
Agathiyan Bragadeesh 77b0d645f5 Add gitignore anchors to denote generated files 
These anchors encapsulate gitignore patterns which typically ignore
files generated, so that scripts can be used to comment and uncomment
these patterns for releases when we need the generated files in the
repository.

Signed-off-by: Agathiyan Bragadeesh <agabra02@e127300.arm.com>
 2023-07-06 17:58:18 +01:00
Agathiyan Bragadeesh 3e1e2e1f78 Add dependency MBEDTLS_ECP_NIST_OPTIM for ECP test 
For tests running the ecp_fast_mod with MBEDTLS_ECP_DP_SECPXXXR1 the
dependency MBEDTLS_ECP_NIST_OPTIM has been added as this gives the
curves the optimised reduction function that ecp_fast_mod tests.

Signed-off-by: Agathiyan Bragadeesh <agabra02@e127300.arm.com>
 2023-07-06 15:40:19 +01:00
Tomás González 3719f9ec91 tests/test_suite_pem: Augment DES test cases with AES: PEM 
A few negative test cases in test_suite_pem.data rely on DES
(“invalid iv”, “malformed”). DES is deprecated.
Construct similar test cases using AES.

Signed-off-by: Tomás González <tomasagustin.gonzalezorlando@arm.com>
 2023-07-06 14:21:23 +01:00
Manuel Pégourié-Gonnard a30c5cfc66 Use minimal include in test_suite_random 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-07-06 12:47:29 +02:00
Manuel Pégourié-Gonnard d55d66f5ec Fix missing includes 
Some files relied on psa_util.h to provide the includes they need.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-07-06 12:47:28 +02:00
Manuel Pégourié-Gonnard 801d5b441d Remove unnecessary (and harmful) include 
Besides being unnecessary, it was causing problem when build SSL test
programs, which include this header, then in turn trying to include the
internal header from library, which didn't work.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-07-06 12:47:26 +02:00
Manuel Pégourié-Gonnard 2be8c63af7 Create psa_util_internal.h 
Most functions in psa_util.h are going to end up there (except those
that can be static in one file), but I wanted to have separate commits
for file creation and moving code around, so for now the new file's
pretty empty but that will change in the next few commits.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-07-06 12:42:33 +02:00
Przemek Stekiel 615cbcdbdf Provide additional comments for claryfication 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-07-06 12:16:39 +02:00
Gabor Mezei 2a7bcaf8af
Use only MBEDTLS_ECP_WITH_MPI_UINT to switch between the ecp variants 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2023-07-06 10:37:51 +02:00
Jerry Yu ba3eee7211 Add indent 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-07-06 10:16:15 +08:00
Jerry Yu 4d31022d90 Add missed intermediate file 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-07-06 10:16:14 +08:00
Jerry Yu c5b2e284fa Remove workaround code 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-07-06 10:16:10 +08:00
Jerry Yu 99a82dd043 fix python lint fails 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-07-06 10:13:46 +08:00
Jerry Yu 2ef2e78837 Add commands for test_certs.h 
And update target file

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-07-06 10:13:46 +08:00
Jerry Yu 5811869311 Add test_certs.h generate script 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-07-06 10:13:46 +08:00
Jerry Yu fa0c3995c4 Move certs/keys data to seperate file 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-07-06 10:13:46 +08:00
Gabor Mezei 6db604711d
Add a new test component to test the new bignum interface with TEST_HOOKS 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2023-07-05 16:54:20 +02:00
Dave Rodgman 3d0c8255aa
Merge pull request #7825 from daverodgman/cipher_wrap_size 
Cipher wrap size improvement
 2023-07-05 15:45:48 +01:00
David Horstmann 969c145f34 Use CONFIG_H variable rather than config file name 
Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2023-07-05 14:12:13 +01:00
David Horstmann 20550e3d59 all.sh component to test cmake custom config file 
Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2023-07-05 14:12:13 +01:00
Andrzej Kurek 026235c4ec Disable msan errors on null allocation in all.sh 
Such error was raised in platform tests,
and it's a valid test case.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2023-07-05 08:32:43 -04:00
Przemek Stekiel 565353ef71 Cleanup the code 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-07-05 11:07:07 +02:00
Przemek Stekiel 7ac93bea8c Adapt names: dh -> xxdh 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-07-05 09:26:26 +02:00
Przemek Stekiel 45255e4c71 Adapt names (curves -> groups) 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-07-05 09:26:26 +02:00
Przemek Stekiel 6f199859b6 Adapt handshake fields to ffdh 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-07-05 09:25:00 +02:00
Przemek Stekiel 84f4ff1dd3 Minor adaptations after ffdh was enabled for tls1.3 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-07-05 09:12:08 +02:00
Przemek Stekiel 85b644262d Add ffdh accel vs reference check to analyze_outcomes.py 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-07-04 12:35:54 +02:00
Przemek Stekiel 01c248c00b Enable TLS1.3 in FFDH alg build with drivers and add reference config(without drivers) 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-07-04 12:35:54 +02:00
Kusumit Ghoderao 7333ed3efa Add max iterations test case for cmac 
Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>
 2023-07-04 15:17:03 +05:30
Kusumit Ghoderao d80183864a Add test case for zero input cost 
Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>
 2023-07-04 15:17:02 +05:30
Kusumit Ghoderao 671320633c Add test cases for key and plain inputs 
Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>
 2023-07-04 15:17:02 +05:30
Kusumit Ghoderao 9d4c74f25c Add test cases for output validation of pbkdf2 cmac 
PBKDF2_AES_CMAC_PRF_128 test vectors are generated using PyCryptodome library:
https://github.com/Legrandin/pycryptodome

Steps to generate test vectors:
1. pip install pycryptodome
2. Use the python script below to generate Derived key (see description for details):

Example usage:
pbkdf2_cmac.py <password> <salt> <number_of_iterations> <derived_key_len>
derive_ms.py 4a30314e4d45 54687265616437333563383762344f70656e54687265616444656d6f 16384 16

password         : 4a30314e4d45
salt             : 54687265616437333563383762344f70656e54687265616444656d6f
input cost       : 16384
derived key len  : 16
output           : 8b27beed7e7a4dd6c53138c879a8e33c

"""
from Crypto.Protocol.KDF import PBKDF2
from Crypto.Hash import CMAC
from Crypto.Cipher import AES
import sys

def main():
    #check args
    if len(sys.argv) != 5:
        print("Invalid number of arguments. Expected: <password> <salt> <input_cost> <derived_key_len>")
        return

    password    = bytes.fromhex(sys.argv[1])
    salt        = bytes.fromhex(sys.argv[2])
    iterations  = int(sys.argv[3])
    dklen       = int(sys.argv[4])

    # If password is not 16 bytes then we need to use CMAC to derive the password
    if len(password) != 16:
        zeros     = bytes.fromhex("00000000000000000000000000000000")
        cobj_pass = CMAC.new(zeros, msg=password, ciphermod=AES, mac_len=16)
        passwd    = bytes.fromhex(cobj_pass.hexdigest())
    else:
        passwd = password

    cmac_prf = lambda p,s: CMAC.new(p, s, ciphermod=AES, mac_len=16).digest()

    actual_output = PBKDF2(passwd, salt=salt, dkLen=dklen, count=iterations, prf=cmac_prf)

    print('password         : ' + password.hex())
    print('salt             : ' + salt.hex())
    print('input cost       : ' + str(iterations))
    print('derived key len  : ' + str(dklen))
    print('output           : ' + actual_output.hex())

if __name__ == "__main__":
    main()
"""

Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>
 2023-07-04 15:17:01 +05:30
Kusumit Ghoderao 1d3fca21b1 Add test cases for input validation of pbkdf2 cmac 
Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>
 2023-07-04 15:17:01 +05:30
Pengyu Lv b687c03183 Fix the command for server9-sha*.crt 
The new command could generate
parse_input/server9-sha*.crt correctly.

Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
 2023-07-04 17:30:21 +08:00
Pengyu Lv 49c56e651d Add target for parse_input/cert_example_multi_nocn.crt 
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
 2023-07-04 17:30:21 +08:00
Pengyu Lv 19e949e644 Fix typo and long line format 
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
 2023-07-04 17:30:21 +08:00
Pengyu Lv 736d2bb715 Update crl-rsa-pss-*.pem manually 
The rules will be in a seperate PR.

Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
 2023-07-04 17:30:21 +08:00
Jerry Yu 59f392cd4d upgrade server9-bad-saltlen.crt 
Upgrade scripts
```python
import subprocess
from asn1crypto import pem, x509,core

output_filename="server9-bad-saltlen.crt"
tmp_filename="server9-bad-saltlen.crt.tmp"
tmp1_filename="server9-bad-saltlen.crt.tmp1"

subprocess.check_call(rf''' openssl x509 -req -extfile server5.crt.openssl.v3_ext \
        -passin "pass:PolarSSLTest" -CA test-ca.crt -CAkey test-ca.key \
        -set_serial 24 -days 3650 \
        -sigopt rsa_padding_mode:pss -sigopt rsa_pss_saltlen:max \
        -sigopt rsa_mgf1_md:sha256 -sha256 \
        -in server9.csr -out {output_filename}
''',shell=True)

with open(output_filename,'rb') as f:
    _,_,der_bytes=pem.unarmor(f.read())
    target_certificate=x509.Certificate.load(der_bytes)

with open(tmp_filename,'wb') as f:
    f.write(target_certificate['tbs_certificate'].dump())

subprocess.check_call(rf'openssl dgst -sign test-ca.key -passin "pass:PolarSSLTest" \
                        -sigopt rsa_padding_mode:pss -sigopt rsa_pss_saltlen:32 \
                        -sigopt rsa_mgf1_md:sha256 -out {tmp1_filename} {tmp_filename}',
                        shell=True)

with open(tmp1_filename,'rb') as f:
    signature_value= core.OctetBitString(f.read())

with open(output_filename,'wb') as f:
    target_certificate['signature_value']=signature_value
    f.write(pem.armor('CERTIFICATE',target_certificate.dump()))
```

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-07-04 17:30:21 +08:00
Pengyu Lv 4ad45c01b9 Update server9*.crt 
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
 2023-07-04 17:30:21 +08:00
Pengyu Lv 8c40c573b2 Add server9-bad-{mgfhash,saltlen}.crt 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
 2023-07-04 17:30:21 +08:00
Pengyu Lv b5ac935e44 Add rules to generate server9*.crt 
Except for server9-bad-saltlen.crt and
server9-bad-mgfhash.crt.

Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
 2023-07-04 17:30:21 +08:00
Jerry Yu 4ca9520582 Update server1-nospace.crt 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-07-04 17:30:21 +08:00