This commit add support to detect if openssl used for testing
supports static ECDH key exchange. Skip the ciphersutes if
openssl doesn't support them.
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
Previously calling get_num_ops more than once would have ended up with ops
getting double counted, and not calling inbetween completes would have ended up
with ops getting missed. Fix this by moving this to where the work is actually
done, and add tests for double calls to get_num_ops().
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
See docs/architecture/psa-migration/md-cipher-dispatch.md
Regarding testing, the no_md component was never very useful, as that's
not something people are likely to want to do: it was mostly useful as
executable documentation of what depends on MD. It's going to be even
less useful when more and more modules auto-enable MD_LIGHT or even
MD_C. So, recycle it to test the build with only MD_LIGHT, which is
something that might happen in practice, and is necessary to ensure that
the division is consistent.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
It was already marked as internal use only, and no longer used
internally. Also, it won't work when we dispatch to PSA.
Remove it before the MD_LIGHT split to avoid a corner case: it's
technically a hashing function, no HMAC or extra metadata, but we still
don't want it in MD_LIGHT really.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
Comment originated from original version of this code, and the newer comment
which was added when it was pulled into a seperate function covers all cases.
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
We do not need to expect to fail, running another complete in either sign or
verify after successful completion should also return BAD_STATE.
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
If an error occurs, calling any function on the same operation should return
PSA_ERROR_BAD_STATE, and we were not honouring that for all errors. Add extra
failure tests to try and ratify this.
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
For sign and verify, the pointer passed in to the hash is not guaranteed to
remain valid inbetween calls, thus we need to store the hash in the
operation. Added a test to ensure this is the case.
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
Test for not having determnistic ECDSA was also being run when no ECDSA, and
this fails earlier. Fixed this and added a specific test for no ECDSA. Also
fixed (swapped) incorrect test descriptions.
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
Test for unsupported deterministic ECDSA was originally passing due to
incorrect code, fixing the code unfortunately broke the test.
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
Only 2 options were really possible anyway - complete in 1 op, or somewhere
between 2 and max ops. Anything else we cannot test due to implementation
specifics.
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
Make sure the number of ops is tested in the interruptible failure tests,
should they get through the interruptible loop part.
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
Ensure that num_ops is cleared when manual abort is called, but obviously not
when an operation just completes, and test this.
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
These tests check for failures, but can only fail where SIZE_MAX
exceeds some limit (UINT_MAX or UINT32_MAX) and do not fail
in this way otherwise - so guards are needed.
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
The only remaining occurrences of TEST_ASSERT are now pointer comparison,
to NULL or to a reference md_info. That is, the output of the following
command is empty:
grep TEST_ASSERT tests/suites/test_suite_md.function |
egrep -v '= NULL|== md_info|md_info =='
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
Since PSK cipher suites do not allow client certificate verification,
PSK test cases should be executed under VERIFY=NO. SUB_VERIFIES is
used to constrain verification option for PSK tests.
With aforementioned change, the latter check of
$VERIFY=YES && $TYPE!=PSK is redundant so it's removed.
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
The contentInfo field of PKCS7 Signed Data structures can
optionally contain the content of the signature. Per RFC 2315
it can also contain any of the PKCS7 data types. Add test and
comments making it clear that the current implementation
only supports the DATA content type and the data must be empty.
Return codes should be clear whether content was invalid or
unsupported.
Identification and fix provided by:
- Demi Marie Obenour <demiobenour@gmail.com>
- Dave Rodgman <dave.rodgman@arm.com>
Signed-off-by: Nick Child <nick.child@ibm.com>
With the introduction of PSK_TESTS,
- Either `compat.sh -V NO` or `compat.sh -V YES` runs the PSK tests
- `compat.sh` or `compat.sh -V "NO YES"` runs PSK tests only once
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
There is no need to provide CA file in PSK. Thus VERIFY is
meaningless for PSK. This change omits the arguments passed to
the client and server for $VERIFY=YES.
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
If the digest algorithm is not compiled into Mbedtls,
then any pkcs7 structure which uses this algorithm
should fail with MBEDTLS_ERR_PKCS7_INVALID_ALG.
Add test for this case.
Signed-off-by: Nick Child <nick.child@ibm.com>
MbedTLS CI uses python v3.5, f strings are not supported
until v3.6 . Remove f string's from generate_pkcs7_tests.py.
Signed-off-by: Nick Child <nick.child@ibm.com>
Not only was the size of 100 arbitrary, it's also not great for testing:
using MBEDTLS_MD_MAX_SIZE will get us an ASan error if it ever is too
small.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
For all test that want to use a hash, identify it by its numerical type
rather than a string. The motivation is that when we isolate the
MD-light subset from the larger MD, it won't have support for string
identifiers. Do the change for all tests, not just those that will
exercise functions in MD-light, for the sake of uniformity and because
numerical identifiers just feel better.
Note: mbedtls_md_info_from_string is still tested in md_info().
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
test_m32_xxx tests are x86 specific, but the support
function only identifies a 64-bit system. So the tests
will be run on arm64 host and cause a test failure.
This change restricts those tests to amd64/x86_64
only.
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
Previously, a loop in pkcs7_get_signers_info_set was not
getting covered by tests. This was because when there are
two or less signers, the loop will not execute.
Therefore, add new data files for another signer and use
three signers to generate a new pkcs7 DER file. Add a test
case to make sure that verification is still successfula and
use the test script to create ASN1 errors throoughout the
stucture:
./generate_pkcs7_tests.py ../data_files/pkcs7_data_3_signed.der
This results in the loop being executed.
Signed-off-by: Nick Child <nick.child@ibm.com>
Previously there were two test functions for verify.
One allowed for the verification of one certificate and
the other allowed for verification of two certificates.
Merge these two functions into one function that can take
any number of certificates as an argument.
Signed-off-by: Nick Child <nick.child@ibm.com>
Several PKCS7 invalid ASN1 Tests were failing due to extra
data bytes or incorrect content lengths going unnoticed. Make
the parser aware of possible malformed ASN1 data.
Signed-off-by: Nick Child <nick.child@ibm.com>
Add test calls to raw asn1 data with slight syntatical errors
Increases %branches covered from 70.4% to 87.7%.
Add a script which serves as documentation for how these new test
cases were generated:
./generate_pkcs7_tests.py ../data_files/pkcs7_data_cert_signed_sha256.der
./generate_pkcs7_tests.py ../data_files/pkcs7_data_multiple_signed.der
Signed-off-by: Nick Child <nick.child@ibm.com>
In the future, tests will be added which take in a char buffer
and buflen. Rather than duplicate code, have tests which
read from file and from buffer use the same helper function
Signed-off-by: Nick Child <nick.child@ibm.com>
Add a test to verify a hash which uses a different digest
algorithm than the one specified in the pkcs7.
Signed-off-by: Nick Child <nick.child@ibm.com>
Don't use external programs for string manipulation that the shell can do.
This makes the script a little faster (~10% when testing PSK).
For this commit, I only looked at code run in the innermost loop.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Python has a high startup cost, so go back to invoking it only once per
server start, rather than once per client start. This is a measurable
performance improvement (running time ~*0.5 with PSK, less dramatic with
asymmetric crypto).
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
We can detect PSK based on $TYPE. This allows more flexibility in how cipher
suites are spelled.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Additionally fix the generation of test_csr_v3_all_malformed_extension_ns_cert_bitstream_tag.csr.der which was incorectly malformed.
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
The fix_quasi_reduction function changed to static so checking the
invalid arguments are not needed anymore.
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
Rename the function to 'fix_quasi_reduction' to better suite its functionality.
Also changed the name prefix to suite for the new module.
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
In the python script I didn't use the word TODO because pylint doesn't
like that, but morally it's the same.
I removed the comment about "do we need a subset of compat.sh?" because
it turns out that `ssl-opt.sh` is already exercising all the key
exchanges:
% sed -n 's/.*force_ciphersuite=TLS-\([^ ]*\)-WITH.*/\1/p' tests/ssl-opt.sh | sort -u
DHE-PSK
DHE-RSA
ECDH-ECDSA
ECDHE-ECDSA
ECDHE-PSK
ECDHE-RSA
ECJPAKE
PSK
RSA
RSA-PSK
(the only omission is ECDH-RSA which is not of interest here and does
not actually differ from ECDH-ECDSA). So, we don't need a subset of
compat.sh because we're already getting enough testing from ssl-opt.sh
(not to mention test_suite_ssl).
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
The argument passed to translate_ciphers.py is calculated from $1 in
run_client instead of passed as third argument.
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
These tests are not run in development because of the
overlapping !TLS_1_3 requirement and usage of full config.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
The following shell command (requiring GNU grep) looks for algorithms and
key types, as well as IS and GET macros, that lack metadata tests:
```
for x in $(grep -Pho '(?<=^#define )PSA_(ALG|KEY_TYPE)_(?!CATEGORY_|NONE\b|\w+_(BASE|FLAG|MASK|CASE))\w+' include/psa/crypto_values.h include/psa/crypto_extra.h); do grep -qw $x tests/suites/test_suite_psa_crypto_metadata.* || echo $x; done
```
This may have false negatives: it only checks that the constants are
mentioned at least once, not that the tests are written correctly.
This has false positives:
* Types and algorithms that Mbed TLS does not support.
* PSA_ALG_ECDSA_IS_DETERMINISTIC, PSA_ALG_DSA_IS_DETERMINISTIC are peculiar
auxiliary macros that only apply to very specific algorithms and aren't
tested like the other IS macros.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Add PSA_WANT_KEY_TYPE_PASSWORD and PSA_WANT_KEY_TYPE_PASSWORD_HASH to
psa/crypto_config.h, since the types PSA_KEY_TYPE_PASSWORD and
PSA_KEY_TYPE_PASSWORD_HASH are used by ECJPAKE.
The two key types are always enabled, like PSA_KEY_TYPE_DERIVE.
Add the key types to the metadata test suite as well.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Rename NotSupported to KeyTypeNotSupported, because it's only about testing
key management. For algorithms, not-supported is handled by OpFail.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
This PR needs some change logs but there is a follow-up PR (issue #6935) that would change the change logs we would had here thus we will do them all while working on #6935.
Some of the tests use mbedtls_test_cli_key_rsa_der and
mbedtls_test_cli_crt_rsa_der, and these can be used with
specific ciphersuites.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
Move translation of cipher suite names after filter_ciphersuites
so that filter is based on standard cipher suite names.
Furthermore, an additional flag is passed to run_client to
determine the type of translation of cipher suite names.
Therefore, client receives cipher suite names based on
its naming convention but the reporting output is still
the standard cipher suite names.
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
With this commit, translate_ciphers.py would be based on standard
cipher suite names instead of MbedTLS naming convention.
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
Since there is a plan to report and filter all cipher suite names
consistently, cipher suite names in compat.sh are changed to the
standard naming convention.
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
This fixes the issue where excluding a file containing identifiers from checks would cause check_symbols_in_header to fail.
Signed-off-by: Aditya Deshpande <aditya.deshpande@arm.com>
Under Ubuntu-22.04, wait command prints out Terminated message.
Therefore server process is handled with identical ways like other
processes in compat.sh. In addition, PROCESS_ID is renamed as
SRV_PID to improve code readability.
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
Under Ubuntu-22.04, wait command prints out Terminated message
if the process has been killed by kill command. This messes up
the output in compat.sh
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
Now the config dependencies used for ticket_flags
test cases are TLS 1.2 specified. Correct them to
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_*
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
- added 2 new certificates: 1 for testing a serial which is full lenght
and another one for a serial which starts with 0x80
- added also proper Makefile and openssl configuration file to generate
these 2 new certificates
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
Per gnutls anti replay issue, it needs millionsecond time delay for
improve the fail rate.
From test result of #6712, this can improve the fail rate from 4%
to 92%.
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
Reject "weird" characters in text files, especially control characters that
might be escape sequences or that might cause other text to appear garbled
(as in https://trojansource.codes/).
Also reject byte sequences that aren't valid UTF-8.
Accept only ASCII (except most control characters), letters, some non-ASCII
punctuation and some mathematical and technical symbols. This covers
everything that's currently present in Mbed TLS ( §áèéëñóöüłŽ–—’“”…≥).
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
The part "driver: skipped/failed, reference: passed" didn't add any
information, but used up space on the screen and made the output
slightly harder to parse.
OTOH, now that we have multiple analyze_vs_reference tasks, we
should print out which one we're doing, so that that output makes sense
in case of a failure on the CI (which runs all tasks).
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
It's a bit strange for tests/Makefile to clean up in library, but OTOH
it's also tests/Makefile that copies this file there.
Regardless, there was no place that cleaned up this file, and it needs to
be removed somewhere.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
For now, ignore test suites that don't have parity even is they should.
The purpose is just to prepare the infrastructure and map the work.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
This is the basis for future work, we'll want to make sure everything
passes in this component.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
