Eventually we want it to be enabled by default
when TLS 1.3 is enabled but currently the
feature is on development thus it should not be
enabled by default.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
Normally we need all the combinations, unique combinations make sense
only if the operation is commutative.
No changes to generated tests.
Signed-off-by: Janos Follath <janos.follath@arm.com>
The class BaseTarget served two purposes:
- track test cases and target files for generation
- provide an abstract base class for individual test groups
Splitting these allows decoupling these two and to have further common
superclasses across targets.
No intended change in generated test cases.
Signed-off-by: Janos Follath <janos.follath@arm.com>
Add a test case that would fail if all line comments were parsed before
block comments, and a test case that would fail if all block comments were
parsed before line comments.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
The value of the first sent signature algorithm is overwritten.
This test forces only a single algorithm to be sent and then
validates that the client received such algorithm.
04 03 is the expected value for SECP256R1_SHA256.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
Now when operation holds pointer to dynamically allocated buffer for password key we can't do copy of the operation object in test instead we need to re-initialize operation object after error.
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
Looking for the .data file doesn't work in out-of-tree builds. Use the
.datax file instead. `make clean` removes all .datax files, so this resolves
the issue of executables not present on the current branch being left behind
after a branch change followed by a `make clean`.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
When x is the most negative value of a two's complement type,
`(unsigned_type)(-x)` has undefined behavior, whereas `-(unsigned_type)x`
has well-defined behavior and does what was intended.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Although negative zero is officially unsupported, we've had bugs related to
it in the past. So do test functions with a negative zero input.
There will likely be cases where we don't want to accept negative zero as if
it was valid, because it's too hard to handle. We'll add exceptions on a
case by case basis.
For the functions that are currently tested by the generated tests, the new
test cases pass.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
The bignum module does not officially support "negative zero" (an
mbedtls_mpi object with s=-1 and all limbs zero). However, we have a
history of bugs where a function that should produce an official
zero (with s=1), produces a negative zero in some circumstances. So it's
good to check that the bignum functions are robust when passed a negative
zero as input. And for that, we need a way to construct a negative zero
from test case arguments.
There are checks that functions don't produce negative zeros as output in
the test suite. Skip those checks if there's a negative zero input: we
don't want functions to _create_ negative zeros, but we don't mind if
they _propagate_ negative zeros.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
This is to ensure that the MbedTLS based implementation of EC-JPAKE
is compatible with the PSA crypto one
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
The already existing "x509_csr_check()" function is extended in order
to support/test also CSR's extensions. The test is performed by
adding an extended key usage.
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
Add fields to mbedtls_ssl_context
Add write early data indication function
Add check whether write early data indication
Add early data option to ssl_client2
Add test cases for early data
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
Fix error in memory allocation in test code, which was triggering an
error in test_memory_buffer_allocator.
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
A core MPI must have at least 1 limb. We can no longer test with 0 limbs,
and we don't need to anyway, so don't try.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
This way static analyzers have a chance of knowing we don't expect the
bignum functions to support empty inputs. As things are, Coverity keeps
complaining about it.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Instead of corrupting the public key part of the message,
corrupt the proof part. A proof is conceptually similar to a signature,
and changing anything in it should make it invalid with
a high probability.
Also, instead of shifting data, perform a bitflip.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
The PSA_CRYPTO_C is excluded from typo check for the following
false negative report:
```
> include/mbedtls/check_config.h:329: 'PSA_CRYPTO_C' looks like a typo. It
was not found in any macros or any enums. If this is not a typo, put //no-
check-names after it.
|
329 | * Note: ECJPAKE_C depends on MD_C || PSA_CRYPTO_C. */
| ^^^^^^^^^^^^
```
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
This macro is expected to be defined out of the library, and there
is no definition in the library. Thus it needs to be excluded from
typo check.
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
Typos of PSA macro and enum names are not checked by check_names.py.
This commit extend the check list to include PSA_XXX references.
The words should be macro/enum names defined as public_macros,
internal_macros, private_macros and enums. This commit alse extend
the scope of enums to include those are defined in library/*.c.
A new type of macros "private", which are defined in library/*.c was
also added.
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
Add component_test_psa_config_accel_ecdh to all.sh to test key agreement driver wrapper with libtestdriver1.
Signed-off-by: Aditya Deshpande <aditya.deshpande@arm.com>
Looking for executables causes problems with leftover compiled test
suites from other branches when we forget to run make clean before
switching branches. Using the .data files is more robust as most of them
are tracked, so will be removed when switching branches.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
For the benefit of auto-formatting tools, move from the '$placeholder'
templating syntax to a new syntax of the form:
__MBEDTLS_TEST_TEMPLATE__PLACEHOLDER
This change allows the test code template to be almost entirely valid C.
Signed-off-by: David Horstmann <david.horstmann@arm.com>
Windows tests are failing pkcs7 verification due to differnt line
endings. Therefore, add make instuctions for building the data
files with Windows EOF instead. As a result, regenerate other data
files so that verification works.
Add these CRLF EOF files to the exception in check_files to ignore
the line endings.
Signed-off-by: Nick Child <nick.child@ibm.com>
Legacy Bignum is excluded as it doesn't get regular extensions like new
ones.
Each slot uses comments of their respective filetype. Since .data files
don't have a syntax for comments, dummy test cases are used. (These test
cases will never be executed and no noise will be added to tests.)
Signed-off-by: Janos Follath <janos.follath@arm.com>
I ran into a sequence where the assertion `stats[8] > 0` failed for the
range 1..272 with 100 iterations.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Turn mpi_fill_random_internal() into mbedtls_mpi_core_fill_random(). It
had basically the right code except for how X is passed to the function.
Write unit tests.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
* component_test_tls13_with_padding: just explicitly sets some options that
are identical with full.
* component_test_tls13_with_ecp_restartable: redundant since TLS 1.3 doesn't
have any support for restartable ECC.
* component_test_tls13_with_everest: not useful since TLS 1.3 doesn't call
ECDH directly, it just relies on the PSA abstraction.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
component_build_psa_accel_alg_ecdsa is subsumed by
component_test_psa_crypto_config_accel_ecdsa, which has the same
configuration and additionally runs the unit tests.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
MBEDTLS_TEST_HOOKS is not supposed to change the behavior of the library, so
it's generally good to have it on in functional tests.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
This patch updates the tests `mpi_mod_raw_cond_swap()` &
`mpi_mod_raw_cond_assign()` to use a non-zero modulus
when invoking `mbedtls_mpi_mod_modulus_setup()`
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
This patch addresses more review comments, and fixes
a circular depedency in the `mbedtls_mpi_mod_modulus_setup()`.
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
This patch addresses review comments with regards to style of
`mbedtls_mpi_mod_modulus_setup/free()`.
It also removes a test check which was triggering a use-after-free.
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
This patch updates the `mpi_mod_setup()` test suite
to check for incosistencies in the montgomery constant
data's lifecycle.
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
Ensure MBEDTLS_SSL_DTLS_CONNECTION_ID and MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT
are unset when MBEDTLS_SSL_PROTO_DTLS is not set in tls13-only tests.
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
Also remove compat tests from reference component as results from this run are not included in outcome file.
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
Ensure MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT is unset where
MBEDTLS_SSL_DTLS_CONNECTION_ID is unset.
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
Use a dictionary to specify optional parameters for each task.
If the task is not specified then all tasks are executed.
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
curves.pl, depends-hashes.pl, key-exchanges.pl and depends-pkalgs.pl are now superseded by depends.py.
Update all references to them accordingly.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
It's not needed as a feature. It gets reenabled automatically in
build_info.h like pk_write and pk_parse, but that's an implementation
detail.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
In the PSK exchange modes extension declare first
PSK ephemeral if we support both PSK ephemeral
and PSK. This is aligned with our implementation
giving precedence to PSK ephemeral over pure PSK
and improve compatibility with GnuTLS.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
This patch moves the following tests to test_suite_bignum_core:
* `mbedtls_mpi_core_get_mont_r2_unsafe_neg()`
* `mbedtls_mpi_core_get_mont_r2_unsafe()`
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
This patch adds the test for the method calculating the RR. The input/expected
data are generated manually using the following Python3 snippet:
~~~~~
import math
title="mpi_get_montgomery_constant_unsafe"
tt = title + " #{}"
in_data = [ "0f", ... ]
def limb_no(number, bil=64):
return int(math.ceil(int.bit_length(number)/(bil * 1.0)))
def calc_rr(number, bil=64 ):
return '{:x}'.format(pow(pow(2, limb_no(number, bil) * bil), 2, number))
def calc_rr_str(number, prefix=""):
rr64 = calc_rr(number)
rr32 = calc_rr(number, bil=32)
return '{}:"{:x}":"{}":"{}"'.format(prefix,number, rr32, rr64)
print("\n\n".join(["{}\n{}".format(tt.format(in_data.index(v)+1), calc_rr_str(int(v,base=16), title)) for v in in_data]))
~~~~~
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
Simplify TLS 1.3 dependencies taking into
account that
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
implies that MBEDTLS_SSL_PROTO_TLS1_3 is
defined.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
Remove requires_key_exchange_with_cert_in_tls12_enabled
and use `requires_any_configs_enabled` directly instead.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
Introduce and use
MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED to
guard TLS code (both 1.2 and 1.3) specific
to handshakes involving PSKs.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
Introduce and use
MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED to
guard TLS code (both TLS 1.2 and 1.3) specific
to handshakes involving certificates.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
Use MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED
instead of MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED to guard
code specific to one of the TLS 1.3 key exchange mode with
PSK.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
Use MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
instead of MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED to guard
code specific to the TLS 1.3 ephemeral key exchange mode.
Use it also for the dependencies of TLS 1.3 only tests
relying on ephemeral key exchange mode, but for
tests in tls13-kex-modes.sh where the change is done
later using all
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_.*ENABLED macros.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
Add TLS 1.3 specific configuration options
to enable/disable the support for TLS 1.3
key exchange modes.
These configurations are introduced to
move away from the aforementioned
enablement/disablement based on
MBEDTLS_KEY_EXCHANGE_xxx_ENABLED options
that relate to group of TLS 1.2
ciphersuites.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
Although our build scripts support that, it's annoying, because it makes
"test_suite_XXX" ambiguous between "all the data for
test_suite_XXX.function" and "just test_suite_XXX.data".
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
It just got renamed, and it's also not the most canonical example since it's
a somewhat deprecated interface. Make a different module the example.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Align the name of the bignum test suite with the source module (which was
renamed from mpi.c to bignum.c in the PolarSSL 1.x days). This also brings
it into line with the test suites for the low-level bignum interfaces.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Many bignum tests have multiple calculated result values, so return
these as a list, rather than formatting as a string.
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
Separate file is added for classes used to generate cases for tests
in bignum_core.function. Common elements of the BignumOperation class
are added to classes in a new common file, for use across files.
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
Test cases for mpi_core_add_if, mpi_core_mla, mpi_core_sub,
mpi_core_montmul are not copied into new files, these are generated in
subsequent commits.
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
ASSERT_ALLOC calculates the size itself, and the parameter indicates number of elements.
```
mbedtls_calloc( sizeof( *( pointer ) ), ( length ) );
```
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
When building SHA512 without SHA384,
there are some code paths that resulted
in unused variables or usage of undefined code.
This commit fixes that.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
The test coverage reduction introduced in
dc25cee lowered the coverage of hash tests
due to intertwining dependencies.
This commit introduces a new class for building
a domain using both the complementary
and exclusive classes.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
Disable exclusive jobs that run with a single
config disabled. A lot more bugs should be found by running jobs with only one config
of a family enabled.
This will also lessen the burden on the CI.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
Remove old and add new dependencies.
Introduce a way to handle non-trivial problems
stemming from exclusive group testing.
Exclude SHA256 and SHA512, as these are tested
in SHA224 and SHA384 jobs, respectively.
Change config.h to mbedtls_config.h).
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
Most of the tests (including those using endpoint_init functions) parse
certificates that require MBEDTLS_SHA256_C to be present.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
Add a domain for cipher base algorithms (block permutations and stream
ciphers), a domain for block cipher chaining modes and a domain for
block cipher padding modes.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
Start each job from the full config minus some memory management
settings and the job-specific settings.
The original content of config.h no longer influences the
configurations used for the jobs (but it still influences what jobs
may run, in that the set of jobs is partly built by parsing #define
and //#define lines in config.h).
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
Unify curves.pl, key-exchanges.pl, depends-pkalgs.pl and
depends-hashes.pl into a single, newly-written script.
For curves, key exchanges and hashes, in addition to testing
all-but-one settings in the group like the old scripts, also run the
tests with a single option in the group.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
Since https://github.com/Mbed-TLS/mbedtls/pull/6141 it can "fall back"
to PSA when MD is not available (but will use MD if available, to
preserve backwards compatibility).
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
This has been the case since
https://github.com/Mbed-TLS/mbedtls/pull/6065 which forgot to update the
documentation, and also is_builtin_calling_md(), so update those.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
Break down the DER-encoded ASN.1 test data into its structure in a
comment and explain it, to make it easier to understand where the data
came from and how it is corrupted.
Signed-off-by: David Horstmann <david.horstmann@arm.com>
The second argument is the number of elements of the type the first
argument is pointing to, so we shouldn't be using sizeof there.
This was resulting in overly large allocations.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
The test data was invalid because it had the extra 4-byte prefix for HSS.
Regenerate it (which produces completely new signatures since it is
randomized).
Rearrange the reproduction instructions for the second test case so that it
shows more clearly how to generate a second signature with the same private
key.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Remove SHA256 dependencies from tests, fix incorrect boolean logic in
check_config, and change depends_hashes.pl to disable LMS in one test
Signed-off-by: Raef Coles <raef.coles@arm.com>
We're not strictly required to abort, but at least to leave the context
is an invalid state. For "late" functions like input() and output(),
calling abort() is the easiest way to do that. Do it systematically for
input() and output() by using a wrapper. psa_pake_get_implicit_key() was
already doing it. For "early" function, we can just leave the operation
in its current state which is already invalid.
Restore previous tests about that. Not adding systematic tests, though,
just test the two functions that are the most important, and more likely
to return errors.
Since we now abort in more cases, we need to make sure we don't
invalidate the operation that's going to be re-used later in the test.
For that reason, use a copy of the operation for calls to input() and
output() that are expected to return errors.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
Also, the error code changed from INSUFFICIENT_MEMORY to INVALID_DATA.
Temporarily remove a test about aborting the operation on error.
Auto-abort will be re-introduced in the next commit in a more systematic
way.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
MBEDTLS_SSL_TICKET_C depends now on: MBEDTLS_GCM_C || MBEDTLS_CCM_C || MBEDTLS_CHACHAPOLY_C.
All features are disabled in this config.
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
Change function name to ssl_session_set_hostname()
Remove hostname_len
Change hostname to c_string
Update test cases to multi session tickets
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
PSA crypto currently needs MBEDTLS_PK_PARSE_C to parse RSA keys to do almost
anything with them (import, get attributes, export public from private, any
cryptographic operations). Force it on, for symmetry with what we're doing
for MBEDTLS_PK_WRITE_C. Fixes#6409.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Disable non-crypto features that can't be called through the PSA API, as
well as algorithms that have no PSA interface.
This serves as a non-regression test for #6408 and #6409.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
In verbose mode, the full output of each failing suite is printed out,
which for some suites runs in the 1000s of lines. If you didn't redirect
output to a file, this is a lot to scroll and can make it hard to
quickly identify which test suites failed.
So, let's print out that information at the end. This is useful
information for starting to figure out what went wrong.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
Test functions must now take a char* argument rather than data_t*. This does
not affect existing test data.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
This is done to have LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305 defined in libtestdriver1.
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
Introduce a unit test to test mbedtls_x509_get_name() and add a testcase
with a corrupt DER-encoded name that causes mbedtls_x509_get_name() to
have to cleanup things it is allocated. If it fails to do this, a memory
leak is detected under Asan builds.
Signed-off-by: David Horstmann <david.horstmann@arm.com>
The format used by the mbedtls_ecjpake_xxx() APIs and that defined by
the PSA Crypto PAKE extension are quite different; the former is
tailored to the needs of TLS while the later is quite generic and plain.
Previously we only addressed some part of this impedance mismatch: the
different number of I/O rounds, but failed to address the part where the
legacy API adds some extras (length bytes, ECParameters) that shouldn't
be present in the PSA Crypto version. See comments in the code.
Add some length testing as well; would have caught the issue.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
Use mbedtls_test_read_mpi_core() to read the test data. Among other
benefits, X and Y are now allocated to their exact size, so analyzers (Asan,
Valgrind, Coverity, ...) have a chance of complaining if the tested function
overflows the buffer.
Remove TEST_CF_PUBLIC calls which are no longer necessary.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
When testing a function that is supposed to be constant-flow, we declare the
inputs as constant-flow secrets with TEST_CF_SECRET. The result of such a
function is itself a constant-flow secret, so it can't be tested with
comparison operators.
In TEST_EQUAL, TEST_LE_U and TEST_LE_S, declare the values to be compared as
public. This way, test code doesn't need to explicitly declare results as
public if they're only used by one of these macros.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
This comment (which used to be attached to the implementation, and should
not have been moved to the header file) is incorrect: the library function
mbedtls_mpi_read_string preserves leading zeros as desired, but does not
create a zero-limb object for an empty string.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
The length in bytes is used with the 'len' prefix and
the length in limbs is used with the 'limbs' prefix.
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
Both functions are calling mbedtls_cipher_auth_[encrypt/decrypt]_ext() functions. These functions are guarded with MBEDTLS_CIPHER_MODE_AEAD || MBEDTLS_NIST_KW_C flags - make it consistent.
As a result ssl_server2 won't build now with MBEDTLS_SSL_SESSION_TICKETS enabled (mbedtls_cipher_auth_[encrypt/decrypt]_ext() functions not available).
Mark MBEDTLS_SSL_SESSION_TICKETS as dependent on MBEDTLS_CIPHER_MODE_AEAD || MBEDTLS_NIST_KW_C and disable MBEDTLS_SSL_SESSION_TICKETS in stream cipher only build.
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
Instead of fully validating beforehand
signature algorithms with regards to the
private key, do minimum validation and then
just try to compute the signature. If it
fails try another reasonable algorithm if any.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
When selecting the server certificate based on
the signature algorithms supported by the client,
check the signature algorithms as close as possible
to the way they are checked to compute the
signature for the server to prove it possesses
the private key associated to the certificate.
That way we minimize the odds of selecting a
certificate for which the server will not be
able to compute the signature to prove it
possesses the private key associated to the
certificate.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
Stating from the default config means a few things are implicitly
excluded; starting from the full config makes it all fully explicit.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
CMakeLists.txt was calling generate_psa_tests.py and siblings to list the
generated test data files with a --directory option, intended the output to
be this argument textually. This used to work, but no longer does, because
the --directory argument is relative to the current directory when the
Python script is invoked, and the script now shows an absolute path.
CMakeLists.txt now completely ignores the directory part of the listed data
file paths and builds its own. The base_xxx_files variables now contain
actual base names, without a "suites/" prefix. This makes it more robust
with respect to the behavior of the Python script, but it will break if
we put data files in multiple different directories one day.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
When pylint runs in parallel, it loses the ability to detect duplicated code
across modules. Duplicated code is usually a bad thing, so give pylint the
opportunity to let us know.
This makes pylint slightly slower, but going from 2 threads to 1 does not
make it anywhere close to twice as slow. On my machine, with Python 3.5,
pylint -j2 takes about 12s while single-threaded pylint takes about 16s
of wall clock time.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
We had 4 identical copies of the check_repo_path function. Replace them by a
single copy in the build_tree module where it naturally belongs.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
mbedtls_vsnprintf replacement works like mbedtls_snprintf replacement, so
copy the requirements for MBEDTLS_PLATFORM_VSNPRINTF_ALT.
(MBEDTLS_PLATFORM_xxx_MACRO shouldn't require MBEDTLS_PLATFORM_C, but that's
a separate preexisting problem which I do not try address at this time.)
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
We have Python code both for test code generation
(tests/scripts/generate_test_code.py) and now for test data generation.
Avoid the ambiguous expression "test generation".
This commit renames the Python module and adjusts all references to it. A
subsequent commit will adjust the documentation.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Previous changes used the docstring of the test_generation module,
which does not inform a user about the script.
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
As a public header, it should no longer include common.h, just use
build_info.h which is what we actually need anyway.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
Don't look for MBED keywords on the autogenerated
psa_crypto_driver_wrappers.c file. This is needed since the naming of
constants is dependent on the driver json and the naming conventions
used through the library is stuck at a place where it does not swing
either way ( mbedtls_ / psa_).
Signed-off-by: Archana <archana.madhavan@silabs.com>
Signed-off-by: Asfandyar Orakzai <asfandyar.orakzai@silabs.com>
jsonschema is added to the ci scripts and Dockerfile
Signed-off-by: Archana <archana.madhavan@silabs.com>
Signed-off-by: Asfandyar Orakzai <asfandyar.orakzai@silabs.com>
(1) Add in driver jsons.
(2) Improve Python scripts to take JSON file directory and template
directory paths as arguments.
(3) Add in file augment template files to template common functionality
(4) render tempplates for Header files, ID generation and key
management.
(5) Changed driver ID nomenclature to be in synch with function names.
Signed-off-by: Archana <archana.madhavan@silabs.com>
Signed-off-by: Asfandyar Orakzai <asfandyar.orakzai@silabs.com>
Initializing return status variables to CORRUPTION_DETECTED is a second line
of defense in library code in case there's a code path where we forget to
assign to the variable. This isn't useful in test code. In any case, here,
we might as well define the variable at the point of use.
This fixes a build error in configurations with MBEDTLS_ERROR_C and
MBEDTLS_PSA_CRYPTO_C both disabled, because then mbedtls/error.h isn't
included so MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED isn't defined.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
We used to include platform.h only when MBEDTLS_PLATFORM_C was enabled, and
to define ad hoc replacements for mbedtls_xxx functions on a case-by-case
basis when MBEDTLS_PLATFORM_C was disabled. The only reason for this
complication was to allow building individual source modules without copying
platform.h. This is not something we support or recommend anymore, so get
rid of the complication: include platform.h unconditionally.
There should be no change in behavior since just including the header should
not change the behavior of a program.
This commit replaces most occurrences of conditional inclusion of
platform.h, using the following code:
```
perl -i -0777 -pe 's!#if.*\n#include "mbedtls/platform.h"\n(#else.*\n(#define (mbedtls|MBEDTLS)_.*\n|#include <(stdarg|stddef|stdio|stdlib|string|time)\.h>\n)*)?#endif.*!#include "mbedtls/platform.h"!mg' $(git grep -l '#include "mbedtls/platform.h"')
```
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
In response to feedback[1], we can reuse much of the functions in
similar test cases by specifying some additional parameters.
Specifically, test cases which probe the functionality of
`mbedtls_pkcs7_parse_der` have all been merged into one test function.
Additionally, all test cases which examine the
`mbedtls_pkcs7_signed_data_verify` and `mbedtls_pkcs7_signed_hash_verify`
functions have been merged into two test functions (one for single and one
for multiple signers).
[1] https://github.com/Mbed-TLS/mbedtls/pull/3431#discussion_r953686780
Signed-off-by: Nick Child <nick.child@ibm.com>
Wrapper function for itertools.combinations_with_replacement, with
explicit cast due to imprecise typing with older versions of mypy.
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
The DTLS 1.2 CID specification has been published as RFC 9146. This PR updates the implementation to match the RFC content.
Signed-off-by: Hannes Tschofenig <hannes.tschofenig@arm.com>
BaseTarget-derived targets are now added to TestGenerator.targets in
initialization. This reduces repeated code in generate_xxx_tests.py
scripts which use this framework.
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
Make `mbedtls_pkcs7_signed_hash_verify` loop over all signatures in the
PKCS7 structure and return success if any of them verify successfully.
Signed-off-by: Nick Child <nick.child@ibm.com>
Rather than only parsing/verifying one SignerInfo in the SignerInfos
field of the PKCS7 stucture, allow the ability to parse and verify more
than one signature. Verification will return success if any of the signatures
produce a match.
Signed-off-by: Daniel Axtens <dja@axtens.net>
Signed-off-by: Nick Child <nick.child@ibm.com>
Fixes include removing PEM dependency for greater
coverage when PEM config is not set and defining
test dependencies at the appropriate level.
Signed-off-by: Nick Child <nick.child@ibm.com>
CI was failing due to the return value of mbedtls_md being ignored.
If this function does fail, return early and propogate the md error.
Signed-off-by: Nick Child <nick.child@ibm.com>
OpenSSL provides APIs to generate only the signted data
format PKCS7 i.e. without content type OID. This patch
adds support to parse the data correctly even if formatted
only as signed data
Signed-off-by: Nayna Jain <nayna@linux.ibm.com>
PKCS7 signing format is used by OpenPOWER Key Management, which is
using mbedtls as its crypto library.
This patch adds the limited support of pkcs7 parser and verification
to the mbedtls. The limitations are:
* Only signed data is supported.
* CRLs are not currently handled.
* Single signer is supported.
Signed-off-by: Daniel Axtens <dja@axtens.net>
Signed-off-by: Eric Richter <erichte@linux.ibm.com>
Signed-off-by: Nayna Jain <nayna@linux.ibm.com>
Especially for a sequence of similar lines of test code, or where the result of
an expression is being compared to a short integer (especially 0 or 1).
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
When generating combinations of values, `itertools.combinations` will
not allow inputs to be repeated. This is replaced so that cases where
input values match are generated, i.e. ("0", "0").
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
Other programs/*/Makefile are only created by CMake, but programs/fuzz has
its own Makefile in the repository. Fixes#6247.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Test certs were originally generated with an old version of Mbed TLS
that used printableString where we now use utf8string (e.g., in the
organizationName). Otherwise the certs are identical.
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
Version of pylint used in CI does not recognize abstract subclasses of
BaseTarget, so disable warning in these abstract classes.
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
Spec values are now always used for test data, and conversion to
internal representation is done in the test function.
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
Previous implementation mixed the test case generation and the
recursive generation calls together. A separate method is added to
generate test cases for the current class' test function. This reduces
the need to override generate_tests().
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
The unit tests were created by capturing runs of the existing function during
execution of existing unit tests.
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
The test cases use the following MPI values:
0 1 fffe ffffffff 100000000 20000000000000 ffffffffffffffff
10000000000000000 1234567890abcdef0 fffffffffffffffffefefefefefefefe
100000000000000000000000000000000 1234567890abcdef01234567890abcdef0
ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff
1234567890abcdef01234567890abcdef01234567890abcdef01234567890abcdef0
4df72d07b4b71c8dacb6cffa954f8d88254b6277099308baf003fab73227f34029643b5a263f66e0d3c3fa297ef71755efd53b8fb6cb812c6bbf7bcf179298bd9947c4c8b14324140a2c0f5fad7958a69050a987a6096e9f055fb38edf0c5889eca4a0cfa99b45fbdeee4c696b328ddceae4723945901ec025076b12b
and the following scalars. The .data files include two sets of results (final
accumulator and carry) for the cases sizeof(mbedtls_mpi_uint) == 4 or 8.
0 3 fe ff ffff 10000 ffffffff 100000000 7f7f7f7f7f7f7f7f 8000000000000000
fffffffffffffffe
The lines in the .data file were generated by the following script
#!/usr/bin/env perl
#
# mpi-test-core-mla.pl - generate/run MPI tests in Perl for mbedtls_mpi_core_mla()
#
use strict;
use warnings;
use Math::BigInt;
use sort 'stable';
my @mla_mpis = qw(
0 1 fffe ffffffff 100000000 20000000000000 ffffffffffffffff
10000000000000000 1234567890abcdef0 fffffffffffffffffefefefefefefefe
100000000000000000000000000000000 1234567890abcdef01234567890abcdef0
ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff
1234567890abcdef01234567890abcdef01234567890abcdef01234567890abcdef0
4df72d07b4b71c8dacb6cffa954f8d88254b6277099308baf003fab73227f34029643b5a263f66e0d3c3fa297ef71755efd53b8fb6cb812c6bbf7bcf179298bd9947c4c8b14324140a2c0f5fad7958a69050a987a6096e9f055fb38edf0c5889eca4a0cfa99b45fbdeee4c696b328ddceae4723945901ec025076b12b
);
my @mla_scalars = qw(
0 3 fe ff ffff 10000 ffffffff 100000000 7f7f7f7f7f7f7f7f 8000000000000000
fffffffffffffffe
);
my @mla_full_mpis = qw(
0 1 3 f fe ff 100 ff00 fffe ffff 10000
fffffffe ffffffff 100000000 1f7f7f7f7f7f7f
8000000000000000 fefefefefefefefe fffffffffffffffe ffffffffffffffff
10000000000000000 1234567890abcdef0
fffffffffffffffffefefefefefefefe fffffffffffffffffffffffffffffffe ffffffffffffffffffffffffffffffff
100000000000000000000000000000000 1234567890abcdef01234567890abcdef0
fffffffffffffffffffffffffffffffffffffffffffffffffefefefefefefefe
fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffe
ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff
10000000000000000000000000000000000000000000000000000000000000000
1234567890abcdef01234567890abcdef01234567890abcdef01234567890abcdef0
4df72d07b4b71c8dacb6cffa954f8d88254b6277099308baf003fab73227f34029643b5a263f66e0d3c3fa297ef71755efd53b8fb6cb812c6bbf7bcf179298bd9947c4c8b14324140a2c0f5fad7958a69050a987a6096e9f055fb38edf0c5889eca4a0cfa99b45fbdeee4c696b328ddceae4723945901ec025076b12b
);
my @mla_full_scalars = qw(
0 1 3 f fe ff 100 ff00 fffe ffff 10000
fffffffe ffffffff 100000000
8000000000000000 fefefefefefefefe fffffffffffffffe ffffffffffffffff
);
generate_tests();
sub generate_tests {
generate_mbedtls_mpi_core_mla();
}
sub generate_mbedtls_mpi_core_mla {
my $sub_name = (caller(0))[3]; # e.g. main::generate_mbedtls_mpi_sub_mpi
my ($ignore, $test_name) = split("main::generate_", $sub_name);
my @cases = ();
for my $ah (@mla_mpis) {
for my $bh (@mla_mpis) {
for my $ch (@mla_scalars) {
# a += b * c (c is scalar)
# a_len >= b_len. need carry out.
my $a = Math::BigInt->from_hex($ah);
my $b = Math::BigInt->from_hex($bh);
my $c = Math::BigInt->from_hex($ch);
my $max = ($a > $b) ? $a : $b;
my $bound4 = bound_mpi4($max);
my $bound8 = bound_mpi8($max);
my $r = $a + $b * $c;
my ($r4, $cy4) = ($r->copy(), 0);
my ($r8, $cy8) = ($r->copy(), 0);
($cy4, $r4) = $r4->bdiv($bound4);
($cy8, $r8) = $r8->bdiv($bound8);
my $rh4 = $r4->to_hex();
my $rh8 = $r8->to_hex();
my $cyh4 = $cy4->to_hex();
my $cyh8 = $cy8->to_hex();
# If the scalar c is too big for 1 x 4-byte MPI, we can only run this test on a system with 8-byte MPIs
my $depends = mpi4s($c) > 1 ? "MBEDTLS_HAVE_INT64" : "";
my $desc = "$test_name #NUMBER: 0x$ah + 0x$bh * 0x$ch = (0x$rh4, carry 0x$cyh4)/(0x$rh8, carry 0x$cyh8)EXPLAIN";
my $case = output($test_name, str($ah), str($bh), str($ch), str($rh4), str($cyh4), str($rh8), str($cyh8));
push(@cases, [$case, $desc, $depends]);
}
}
}
output_cases(" (for when sizeof(mbedtls_mpi_uint) == 4/8)", @cases);
}
sub output_cases {
my ($explain, @cases) = @_;
my $count = 1;
for my $c (@cases) {
my ($case, $desc, $dep) = @$c;
$desc =~ s/NUMBER/$count/; $count++;
if (defined($explain) && $desc =~ /EXPLAIN/) {
$desc =~ s/EXPLAIN/$explain/;
$explain = "";
}
my $depends = "";
$depends = "depends_on:$dep\n" if defined($dep) && length($dep);
print <<EOF;
$desc
$depends$case
EOF
}
}
# The first number (a power of 2) that won't fit in the number of MPIs
# needed for the given number
sub bound_mpi4 {
my $one = Math::BigInt->new(1); # blsft modifies caller
return $one->blsft(bits_mpi4($_[0]));
}
sub bound_mpi8 {
my $one = Math::BigInt->new(1); # blsft modifies caller
return $one->blsft(bits_mpi8($_[0]));
}
# How many bits (a multiple of 32) needed to store the specified number
# when using 4-byte MPIs
sub bits_mpi4 {
return 32 * mpi4s($_[0]);
}
# How many bits (a multiple of 64) needed to store the specified number
# when using 8-byte MPIs
sub bits_mpi8 {
return 64 * mpi8s($_[0]);
}
# How many 4-byte MPIs needed to store the specified number
sub mpi4s {
my ($n) = @_;
my $h = $n->to_hex();
return int((length($h) + 7) / 8);
}
# How many 8-byte MPIs needed to store the specified number
sub mpi8s {
my ($n) = @_;
my $h = $n->to_hex();
return int((length($h) + 15) / 16);
}
sub output {
#run_test(@_);
return join(":", @_);
}
sub str {
return '"' . $_[0] . '"';
}
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
The test cases use the following MPI values.
The .data file includes two results, for the cases when
sizeof(mbedtls_mpi_uint) == 4 or 8.
0 1 3 f fe ff 100 ff00 fffe ffff 10000
fffffffe ffffffff 100000000 1f7f7f7f7f7f7f
8000000000000000 fefefefefefefefe fffffffffffffffe ffffffffffffffff
10000000000000000 1234567890abcdef0
fffffffffffffffffefefefefefefefe fffffffffffffffffffffffffffffffe
ffffffffffffffffffffffffffffffff 100000000000000000000000000000000
1234567890abcdef01234567890abcdef0
fffffffffffffffffffffffffffffffffffffffffffffffffefefefefefefefe
fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffe
ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff
10000000000000000000000000000000000000000000000000000000000000000
1234567890abcdef01234567890abcdef01234567890abcdef01234567890abcdef0
4df72d07b4b71c8dacb6cffa954f8d88254b6277099308baf003fab73227f34029643b5a263f66e0d3c3fa297ef71755efd53b8fb6cb812c6bbf7bcf179298bd9947c4c8b14324140a2c0f5fad7958a69050a987a6096e9f055fb38edf0c5889eca4a0cfa99b45fbdeee4c696b328ddceae4723945901ec025076b12b
The lines in the .data file were generated by the following script
#!/usr/bin/env perl
#
# mpi-test-core-sub.pl - generate/run MPI tests in Perl for mbedtls_mpi_core_sub()
#
use strict;
use warnings;
use Math::BigInt;
use sort 'stable';
my @sub_mpis = qw(
0 1 3 f fe ff 100 ff00 fffe ffff 10000
fffffffe ffffffff 100000000 1f7f7f7f7f7f7f
8000000000000000 fefefefefefefefe fffffffffffffffe ffffffffffffffff
10000000000000000 1234567890abcdef0
fffffffffffffffffefefefefefefefe fffffffffffffffffffffffffffffffe ffffffffffffffffffffffffffffffff
100000000000000000000000000000000 1234567890abcdef01234567890abcdef0
fffffffffffffffffffffffffffffffffffffffffffffffffefefefefefefefe
fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffe
ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff
10000000000000000000000000000000000000000000000000000000000000000
1234567890abcdef01234567890abcdef01234567890abcdef01234567890abcdef0
4df72d07b4b71c8dacb6cffa954f8d88254b6277099308baf003fab73227f34029643b5a263f66e0d3c3fa297ef71755efd53b8fb6cb812c6bbf7bcf179298bd9947c4c8b14324140a2c0f5fad7958a69050a987a6096e9f055fb38edf0c5889eca4a0cfa99b45fbdeee4c696b328ddceae4723945901ec025076b12b
);
generate_tests();
sub generate_tests {
generate_mbedtls_mpi_core_sub();
}
sub generate_mbedtls_mpi_core_sub {
my $sub_name = (caller(0))[3]; # e.g. main::generate_mbedtls_mpi_sub_mpi
my ($ignore, $test_name) = split("main::generate_", $sub_name);
my @cases = ();
for my $ah (@sub_mpis) {
for my $bh (@sub_mpis) {
my $a = Math::BigInt->from_hex($ah);
my $b = Math::BigInt->from_hex($bh);
my ($rh4, $rh8, $carry);
if ($a >= $b) {
my $r = $a - $b;
$rh4 = $rh8 = $r->to_hex();
$carry = 0;
} else {
my $r4 = bound_mpi4($b) + $a - $b;
my $r8 = bound_mpi8($b) + $a - $b;
$rh4 = $r4->to_hex();
$rh8 = $r8->to_hex();
$carry = 1;
}
my $desc = "$test_name #NUMBER: 0x$ah - 0x$bh = 0x$rh4/${rh8}EXPLAIN, carry ${carry}";
my $case = output($test_name, str($ah), str($bh), str($rh4), str($rh8), $carry);
push(@cases, [$case, $desc]);
}
}
output_cases(" (for when sizeof(mbedtls_mpi_uint) == 4/8)", @cases);
}
sub output_cases {
my ($explain, @cases) = @_;
my $count = 1;
for my $c (@cases) {
my ($case, $desc, $dep) = @$c;
$desc =~ s/NUMBER/$count/; $count++;
if (defined($explain) && $desc =~ /EXPLAIN/) {
$desc =~ s/EXPLAIN/$explain/;
$explain = "";
}
my $depends = "";
$depends = "depends_on:$dep\n" if defined($dep) && length($dep);
print <<EOF;
$desc
$depends$case
EOF
}
}
# The first number (a power of 2) that won't fit in the number of MPIs
# needed for the given number
sub bound_mpi4 {
my $one = Math::BigInt->new(1); # blsft modifies caller
return $one->blsft(bits_mpi4($_[0]));
}
sub bound_mpi8 {
my $one = Math::BigInt->new(1); # blsft modifies caller
return $one->blsft(bits_mpi8($_[0]));
}
# How many bits (a multiple of 32) needed to store the specified number
# when using 4-byte MPIs
sub bits_mpi4 {
return 32 * mpi4s($_[0]);
}
# How many bits (a multiple of 64) needed to store the specified number
# when using 8-byte MPIs
sub bits_mpi8 {
return 64 * mpi8s($_[0]);
}
# How many 4-byte MPIs needed to store the specified number
sub mpi4s {
my ($n) = @_;
my $h = $n->to_hex();
return int((length($h) + 7) / 8);
}
# How many 8-byte MPIs needed to store the specified number
sub mpi8s {
my ($n) = @_;
my $h = $n->to_hex();
return int((length($h) + 15) / 16);
}
sub output {
return join(":", @_);
}
sub str {
return '"' . $_[0] . '"';
}
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
The test cases use the following MPI values.
The .data file only includes those (a, b) values where a <= b, and gives the
sum unconditionally; the test code exercises a >= b and cond == 0 using these
values. The .data file gives two values for the carry out, which are for when
sizeof(mbedtls_mpi_uint) == 4 or 8.
0 1 3 f fe ff 100 ff00 fffe ffff 10000
fffffffe ffffffff 100000000 1f7f7f7f7f7f7f
8000000000000000 fefefefefefefefe fffffffffffffffe ffffffffffffffff
10000000000000000 1234567890abcdef0
fffffffffffffffffefefefefefefefe fffffffffffffffffffffffffffffffe
ffffffffffffffffffffffffffffffff 100000000000000000000000000000000
1234567890abcdef01234567890abcdef0
fffffffffffffffffffffffffffffffffffffffffffffffffefefefefefefefe
fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffe
ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff
10000000000000000000000000000000000000000000000000000000000000000
1234567890abcdef01234567890abcdef01234567890abcdef01234567890abcdef0
4df72d07b4b71c8dacb6cffa954f8d88254b6277099308baf003fab73227f34029643b5a263f66e0d3c3fa297ef71755efd53b8fb6cb812c6bbf7bcf179298bd9947c4c8b14324140a2c0f5fad7958a69050a987a6096e9f055fb38edf0c5889eca4a0cfa99b45fbdeee4c696b328ddceae4723945901ec025076b12b
The lines in the .data file were generated by the following script
```
#!/usr/bin/env perl
#
# mpi-test-core-add-if.pl - generate MPI tests in Perl for mbedtls_mpi_core_add_if()
#
use strict;
use warnings;
use Math::BigInt;
use sort 'stable';
my @add_mpis = qw(
0 1 3 f fe ff 100 ff00 fffe ffff 10000
fffffffe ffffffff 100000000 1f7f7f7f7f7f7f
8000000000000000 fefefefefefefefe fffffffffffffffe ffffffffffffffff
10000000000000000 1234567890abcdef0
fffffffffffffffffefefefefefefefe fffffffffffffffffffffffffffffffe ffffffffffffffffffffffffffffffff
100000000000000000000000000000000 1234567890abcdef01234567890abcdef0
fffffffffffffffffffffffffffffffffffffffffffffffffefefefefefefefe
fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffe
ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff
10000000000000000000000000000000000000000000000000000000000000000
1234567890abcdef01234567890abcdef01234567890abcdef01234567890abcdef0
4df72d07b4b71c8dacb6cffa954f8d88254b6277099308baf003fab73227f34029643b5a263f66e0d3c3fa297ef71755efd53b8fb6cb812c6bbf7bcf179298bd9947c4c8b14324140a2c0f5fad7958a69050a987a6096e9f055fb38edf0c5889eca4a0cfa99b45fbdeee4c696b328ddceae4723945901ec025076b12b
);
generate_tests();
sub generate_tests {
generate_mbedtls_mpi_core_add_if();
}
sub generate_mbedtls_mpi_core_add_if {
my $sub_name = (caller(0))[3]; # e.g. main::generate_mbedtls_mpi_add_mpi
my ($ignore, $test_name) = split("main::generate_", $sub_name);
my @cases = ();
for my $ah (@add_mpis) {
for my $bh (@add_mpis) {
my $a = Math::BigInt->from_hex($ah);
my $b = Math::BigInt->from_hex($bh);
next if $a > $b; # don't need to repeat test cases
# $b is the larger (or equal) of the two numbers. That's the number of limbs
# we'll be using.
my $bound4 = bound_mpi4($b);
my $bound8 = bound_mpi8($b);
my $r = $a + $b;
my ($r4, $carry4) = ($r->copy(), 0);
my ($r8, $carry8) = ($r->copy(), 0);
($carry4, $r4) = $r4->bdiv($bound4);
($carry8, $r8) = $r8->bdiv($bound8);
my $rh4 = $r4->to_hex();
my $rh8 = $r8->to_hex();
my $desc = "$test_name #NUMBER: 0x$ah + 0x$bh = (0x$rh4, carry $carry4)/(0x$rh8, carry $carry8)EXPLAIN";
my $case = output($test_name, str($ah), str($bh), str($rh4), $carry4, str($rh8), $carry8);
push(@cases, [$case, $desc]);
}
}
output_cases(" (for when sizeof(mbedtls_mpi_uint) == 4/8)", @cases);
}
sub output_cases {
my ($explain, @cases) = @_;
my $count = 1;
for my $c (@cases) {
my ($case, $desc, $dep) = @$c;
$desc =~ s/NUMBER/$count/; $count++;
if (defined($explain) && $desc =~ /EXPLAIN/) {
$desc =~ s/EXPLAIN/$explain/;
$explain = "";
}
my $depends = "";
$depends = "depends_on:$dep\n" if defined($dep) && length($dep);
print <<EOF;
$desc
$depends$case
EOF
}
}
# The first number (a power of 2) that won't fit in the number of MPIs
# needed for the given number
sub bound_mpi4 {
my $one = Math::BigInt->new(1); # blsft modifies caller
return $one->blsft(bits_mpi4($_[0]));
}
sub bound_mpi8 {
my $one = Math::BigInt->new(1); # blsft modifies caller
return $one->blsft(bits_mpi8($_[0]));
}
# How many bits (a multiple of 32) needed to store the specified number
# when using 4-byte MPIs
sub bits_mpi4 {
return 32 * mpi4s($_[0]);
}
# How many bits (a multiple of 64) needed to store the specified number
# when using 8-byte MPIs
sub bits_mpi8 {
return 64 * mpi8s($_[0]);
}
# How many 4-byte MPIs needed to store the specified number
sub mpi4s {
my ($n) = @_;
my $h = $n->to_hex();
return int((length($h) + 7) / 8);
}
# How many 8-byte MPIs needed to store the specified number
sub mpi8s {
my ($n) = @_;
my $h = $n->to_hex();
return int((length($h) + 15) / 16);
}
sub output {
return join(":", @_);
}
sub str {
return '"' . $_[0] . '"';
}
```
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
PSK hash alg of server is sha256. If client send only
tls-aes-256-gcm-384, there is no valid ciphersuite
available, handshake should be abort.
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
A number of places lacked the necessary dependencies on one of
the used features: MD, key exchange with certificate,
entropy, or ETM.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
The same elements are now also used when MBEDTLS_USE_PSA_CRYPTO
is defined and respective SHA / MD5 defines are missing.
A new set of macros added in #6065 is used to reflect these dependencies.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
The same elements are now also used when MBEDTLS_USE_PSA_CRYPTO
is defined and respective SHA / MD5 defines are missing.
A new set of macros added in #6065 is used to reflect these dependencies.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
TEST_EQUAL(), has the benefit of outputting the values that don't match,
which can make debugging simpler.
Scope:
- Recently added new test functions
- Checks making sure the test case/data is consistent is out of scope
- Only checks where printing the values is likely to be helpful
Signed-off-by: Janos Follath <janos.follath@arm.com>
MBEDTLS_CMAC_C dependency is ivalid.
"PEM read (unknown encryption algorithm)" needs MBEDTLS_CIPHER_MODE_CBC dependency as
otherwise this test is failing in test_when_no_ciphersuites_have_mac configuration
because mbedtls_pem_read_buffer() returns a different error (MBEDTLS_ERR_PEM_FEATURE_UNAVAILABLE).
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
- Improve test descriptions
- Add more test cases with return value of 1
- Remove the mbedtls prefix from the test function
Signed-off-by: Janos Follath <janos.follath@arm.com>
Add tests for a case in ECDSA signing where an invalid public
key is accepted in signature verification.
Test data taken from the OSS-fuzz issue, and additional
generated with python-ecdsa.
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
MBEDTLS_SSL_IANA_TLS_GROUP_SECP192R1 and friends are not members of the mbedtls_ecp_group_id enum
Found by clang's -Wassign-enum
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
This is done to be able to bild test_psa_crypto_config_accel_hash component where MD5 is only available accelerated (PSA_WANT_ALG_MD5 is enabled and MBEDTLS_MD5_C is disabled) but MBEDTLS_USE_PSA_CRYPTO is disabled.
So the build should not attempt to enable pem_pbkdf1.
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
Test cases added to check curve parameters and information for each
curve supported. Expected parameters are taken from references: SEC 2
for NIST, RFC 5639 for Brainpool, and RFC 7748 for curve25519/curve448.
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
- Instead of macros, use direct calculations for array sizes
- Move variable declarations closer to first use
Signed-off-by: Janos Follath <janos.follath@arm.com>
Previously these tests depended on the definition from
inside the MD module, which in turn could be 32 or 64
bytes depending on whether MBEDTLS_SHA512_C was
defined. This is unnecessary, so a constant is itnroduced
instead.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
Previously the whole .function file had a global dependency on
MBEDTLS_SHA1_C. This hasn't been correct for a long time:
- on principle, dependency declarations in .function files are for
compile-time dependencies;
- in practice, a number of test cases do not depend on SHA-1, as they only
use SHA-256 or SHA-512 - those cases should not be skipped in builds
without SHA-1;
- this was "taken advantage of" to skip dependency declarations for
test cases that only depended on SHA-1.
The previous commit removed the global dependency on SHA1_C; as a result
the test cases that actually depend on SHA-1 were not skipped in builds
without SHA-1. This commit fixes that by adding dependency declarations
where they belong: in the .data file.
All cases compute hashes using MD is available, or PSA otherwise; so
MD_OR_PSA is appropriate here.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
sed -i -f md_or_psa_hash.sed \
tests/suites/test_suite_pkcs1_v21.data
tests/suites/test_suite_pk.data
with md_or_psa_hash.sed containing:
s/MBEDTLS_MD5_C/MBEDTLS_HAS_ALG_MD5_VIA_MD_OR_PSA/g
s/MBEDTLS_RIPEMD160_C/MBEDTLS_HAS_ALG_RIPEMD160_VIA_MD_OR_PSA/g
s/MBEDTLS_SHA1_C/MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA/g
s/MBEDTLS_SHA224_C/MBEDTLS_HAS_ALG_SHA_224_VIA_MD_OR_PSA/g
s/MBEDTLS_SHA256_C/MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA/g
s/MBEDTLS_SHA384_C/MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA/g
s/MBEDTLS_SHA512_C/MBEDTLS_HAS_ALG_SHA_512_VIA_MD_OR_PSA/g
(The only lines in pk.data that still had old-style dependencies where
the ones about PKCS1_V21.)
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
Previously MD_C was auto-enabled based on the fact that ALG_RSA_PSS was
requested, but that's no longer the case since the previous commit.
We can fix this in one of two ways: either enable MD_C, or enable all
the PSA_WANT_ALG_SHA_xxx that are needed for test. Go for MD_C because
it's a single line and avoids having to enumerate a list that might grow
in the future.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
Test coverage not there yet, as the entire test_suite_pkcs1_v21 is
skipped so far - dependencies to be adjusted in a future commit.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
Internal macros are not present as symbols, visible or usable outside
the compilation unit and it is safe to allow them to have a name without
namespace prefix.
We also allow them to start with lower case letters as some of our
internal macros already have names like that.
Signed-off-by: Janos Follath <janos.follath@arm.com>
