mbedtls

mirror of https://github.com/yuzu-mirror/mbedtls.git synced 2025-12-06 07:12:32 +01:00

Author	SHA1	Message	Date
Minos Galanakis	37f4cb6d0e	ecp_curves: Minor rework for p384 This patch adjusts formatting, documentation and testing. Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>	2023-03-21 15:46:50 +00:00
Minos Galanakis	619385d8bc	test_suite_ecp: Added ecp_mod_p384_raw() test case. Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>	2023-03-21 15:45:17 +00:00
Manuel Pégourié-Gonnard	8965b65bd8	Remove now-spurious dependencies Now that HMAC-DRBG can use driver, so can deterministic ECDSA Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2023-03-21 16:42:06 +01:00
Manuel Pégourié-Gonnard	91cc8bbc87	Enable ECDSA-det in driver-only hashes component Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2023-03-21 16:42:06 +01:00
Manuel Pégourié-Gonnard	d111fbdad1	Enable HMAC-DRBG in driver-only hashes component Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2023-03-21 16:42:05 +01:00
Manuel Pégourié-Gonnard	fbaf4e98d8	Enable PKCS7 in driver-only hashes component Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2023-03-21 16:42:05 +01:00
Manuel Pégourié-Gonnard	0d1921c4c2	Enable HKDF in driver-only hashes test Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2023-03-21 16:42:05 +01:00
Paul Elliott	f1eb5e2a04	Merge branch 'development-restricted' into mbedtls-3.4.0rc0-pr Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2023-03-21 15:35:17 +00:00
Manuel Pégourié-Gonnard	161dca63c3	Fix typos & improve wording in comments Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2023-03-21 16:29:31 +01:00
Manuel Pégourié-Gonnard	7d381f517a	MD: use MD_CAN in test suite and check for parity Split the part the varies between driver/built-in builds to a separate file for convenience. Fix analyze_outcomes.py to be able to exclude specific data files and not just a whole family at once. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2023-03-21 16:29:31 +01:00
Manuel Pégourié-Gonnard	7224086ebc	Remove legacy_or_psa.h Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2023-03-21 16:29:31 +01:00
Manuel Pégourié-Gonnard	23fc437037	SSL: fix test failures 1. Change USE_PSA_CRYPTO_INIT/DONE to MD_OR_USE. 2. Add missing occurrences - some of these were already necessary in principle (in one form or another) but where missing and this was not detected so far as `psa_hash` doesn't complain in case of a missing init, but now MD makes it visible. 3. Add missing include in ssl_test_lib.h. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2023-03-21 16:29:31 +01:00
Manuel Pégourié-Gonnard	bef824d394	SSL: use MD_CAN macros Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2023-03-21 16:29:31 +01:00
Manuel Pégourié-Gonnard	33a13028e5	X.509: fix test failures Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2023-03-21 16:28:00 +01:00
Manuel Pégourié-Gonnard	a946489efd	X.509: use MD_CAN macros Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2023-03-21 16:28:00 +01:00
Manuel Pégourié-Gonnard	fa99afa2bc	PK: fix test failures Introduce MD_OR_USE_PSA_INIT/DONE. This will likely be used everywhere in X.509 and SSL/TLS, but most places in PK only need USE_PSA_INIT/DONE. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2023-03-21 16:28:00 +01:00
Manuel Pégourié-Gonnard	0b8095d96a	PK: use MD_CAN macros sed -i -f md.sed tests/suites/test_suite_pk{,parse,write}.* Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2023-03-21 16:28:00 +01:00
Manuel Pégourié-Gonnard	ebef58d301	OID + misc crypto: use MD_CAN and fix failures After this, only PK, X.509 and TLS remain to be done. Deterministic uses HMAC-DRBG which uses MD, so it needs crypto_init() when using a driver-only hash. Also, remove a special-purpose macro that's no longer needed. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2023-03-21 16:28:00 +01:00
Manuel Pégourié-Gonnard	1d3bf24555	test_suite_psa_crypto: use PSA_WANT Could use MD_CAN, as both are equivalent when MBEDTLS_PSA_CRYPTO_C is defined, but using PSA_WANT is preferable in a PSA context. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2023-03-21 16:28:00 +01:00
Manuel Pégourié-Gonnard	a5f04621bd	PKCS5: use MD_CAN macros sed -i -f md.sed library/pkcs5.c tests/suites/test_suite_pkcs5* include/mbedtls/pkcs5.h Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2023-03-21 16:28:00 +01:00
Manuel Pégourié-Gonnard	49e67f814f	PKCS5: always use MD As a consequence, MD_C is now enabled in component accel_hash_use_psa. Fix guards in X.509 info function to avoid this causing a failure now. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2023-03-21 16:28:00 +01:00
Manuel Pégourié-Gonnard	c1f10441e0	RSA: use MD_CAN macros sed -i -f md.sed library/rsa.c tests/suites/test_suite_rsa* include/mbedtls/rsa.h tests/suites/test_suite_pkcs1_v* Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2023-03-21 16:28:00 +01:00
Manuel Pégourié-Gonnard	fb8d90a2db	RSA: always use MD light Note: already auto-enabled in build_info.h Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2023-03-21 16:28:00 +01:00
Manuel Pégourié-Gonnard	52d02a85d3	PEM: use MD_CAN macros sed -i -f md.sed library/pem.c tests/suites/test_suite_pem* include/mbedtls/pem.h Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2023-03-21 16:28:00 +01:00
Manuel Pégourié-Gonnard	1c2008fa37	PEM: always use MD light Note: PEM_PARSE already auto-enables MD_LIGHT in build_info.h Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2023-03-21 16:28:00 +01:00
Manuel Pégourié-Gonnard	0baad53ac9	PKCS12: use MD_CAN macros sed -i -f md.sed library/pkcs12.c tests/suites/test_suite_pkcs12.* include/mbedtls/pkcs12.h with md.sed as before. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2023-03-21 16:28:00 +01:00
Manuel Pégourié-Gonnard	be97afe5d4	PKCS12: always use MD light Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2023-03-21 16:28:00 +01:00
Manuel Pégourié-Gonnard	b2eb1f7456	ECJPAKE: use MD_CAN macros sed -i -f md.sed \ library/ecjpake.c \ include/medtls/ecjpake.h \ tests/suites/test_suite_ecjpake.* With md.sed as follows: s/\bMBEDTLS_HAS_ALG_MD5_VIA_MD_OR_PSA_BASED_ON_USE_PSA\b/MBEDTLS_MD_CAN_MD5/g s/\bMBEDTLS_HAS_ALG_RIPEMD160_VIA_MD_OR_PSA_BASED_ON_USE_PSA\b/MBEDTLS_MD_CAN_RIPEMD160/g s/\bMBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA_BASED_ON_USE_PSA\b/MBEDTLS_MD_CAN_SHA1/g s/\bMBEDTLS_HAS_ALG_SHA_224_VIA_MD_OR_PSA_BASED_ON_USE_PSA\b/MBEDTLS_MD_CAN_SHA224/g s/\bMBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA\b/MBEDTLS_MD_CAN_SHA256/g s/\bMBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA\b/MBEDTLS_MD_CAN_SHA384/g s/\bMBEDTLS_HAS_ALG_SHA_512_VIA_MD_OR_PSA_BASED_ON_USE_PSA\b/MBEDTLS_MD_CAN_SHA512/g s/\bMBEDTLS_HAS_ALG_MD5_VIA_MD_OR_PSA\b/MBEDTLS_MD_CAN_MD5/g s/\bMBEDTLS_HAS_ALG_RIPEMD160_VIA_MD_OR_PSA\b/MBEDTLS_MD_CAN_RIPEMD160/g s/\bMBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA\b/MBEDTLS_MD_CAN_SHA1/g s/\bMBEDTLS_HAS_ALG_SHA_224_VIA_MD_OR_PSA\b/MBEDTLS_MD_CAN_SHA224/g s/\bMBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA\b/MBEDTLS_MD_CAN_SHA256/g s/\bMBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA\b/MBEDTLS_MD_CAN_SHA384/g s/\bMBEDTLS_HAS_ALG_SHA_512_VIA_MD_OR_PSA\b/MBEDTLS_MD_CAN_SHA512/g s/\bMBEDTLS_HAS_ALG_MD5_VIA_LOWLEVEL_OR_PSA\b/MBEDTLS_MD_CAN_MD5/g s/\bMBEDTLS_HAS_ALG_RIPEMD160_VIA_LOWLEVEL_OR_PSA\b/MBEDTLS_MD_CAN_RIPEMD160/g s/\bMBEDTLS_HAS_ALG_SHA_1_VIA_LOWLEVEL_OR_PSA\b/MBEDTLS_MD_CAN_SHA1/g s/\bMBEDTLS_HAS_ALG_SHA_224_VIA_LOWLEVEL_OR_PSA\b/MBEDTLS_MD_CAN_SHA224/g s/\bMBEDTLS_HAS_ALG_SHA_256_VIA_LOWLEVEL_OR_PSA\b/MBEDTLS_MD_CAN_SHA256/g s/\bMBEDTLS_HAS_ALG_SHA_384_VIA_LOWLEVEL_OR_PSA\b/MBEDTLS_MD_CAN_SHA384/g s/\bMBEDTLS_HAS_ALG_SHA_512_VIA_LOWLEVEL_OR_PSA\b/MBEDTLS_MD_CAN_SHA512/g s/\bMBEDTLS_MD5_C\b/MBEDTLS_MD_CAN_MD5/g s/\bMBEDTLS_RIPEMD160_C\b/MBEDTLS_MD_CAN_RIPEMD160/g s/\bMBEDTLS_SHA1_C\b/MBEDTLS_MD_CAN_SHA1/g s/\bMBEDTLS_SHA224_C\b/MBEDTLS_MD_CAN_SHA224/g s/\bMBEDTLS_SHA256_C\b/MBEDTLS_MD_CAN_SHA256/g s/\bMBEDTLS_SHA384_C\b/MBEDTLS_MD_CAN_SHA384/g s/\bMBEDTLS_SHA512_C\b/MBEDTLS_MD_CAN_SHA512/g Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2023-03-21 16:28:00 +01:00
Manuel Pégourié-Gonnard	41bc8b6b1e	ECJPAKE: always use MD light This enables access to all available hashes, instead of the previous situation where you had to choose by including MD_C or not. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2023-03-21 16:28:00 +01:00
Manuel Pégourié-Gonnard	ffcda5679a	Make MD_PSA_INIT/DONE available to all suites Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2023-03-21 16:28:00 +01:00
Manuel Pégourié-Gonnard	e0e161b54a	Merge pull request #7296 from valeriosetti/issue7253-part1 driver-only ECDH: enable ECDH-based TLS 1.2 key exchanges -- part 1	2023-03-21 16:09:02 +01:00
Dave Rodgman	3543806026	Merge pull request #7190 from yanrayw/6197_rsa_get_padding_hashID RSA: provide interface to retrieve padding mode and hash_id	2023-03-20 18:34:53 +00:00
Dave Rodgman	d3b6e92967	Merge pull request #997 from gilles-peskine-arm/aesni-intrinsics Implement AESNI with intrinsics	2023-03-20 18:20:51 +00:00
Valerio Setti	fdea36d137	test_suite_ssl: remove redundant ECDH dependencies when the key exchange is specified Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-03-20 14:02:07 +01:00
Valerio Setti	2f8eb62946	ssl-opt: remove leftover debug commands and fix comment Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-03-20 14:02:07 +01:00
Valerio Setti	866aa187e8	ecdh: solve disparities in accelerated ECDH vs reference Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-03-20 14:02:07 +01:00
Valerio Setti	6ba247c236	ssl-opt: solve errors in ECDH reference tests Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-03-20 14:00:51 +01:00
Valerio Setti	53a5844abc	test: enable ECDH key exchanges for driver coverage tests Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-03-20 14:00:51 +01:00
Manuel Pégourié-Gonnard	4ebe2a7372	Merge pull request #7300 from valeriosetti/issue7281 Driver only EC JPAKE: re-enable the EC J-PAKE key exchange and get test parity	2023-03-20 09:54:47 +01:00
Manuel Pégourié-Gonnard	e91aadaeed	Merge pull request #7299 from valeriosetti/issue7280 Driver only EC JPAKE: enable ssl-opt.sh and get test parity	2023-03-20 09:51:11 +01:00
Manuel Pégourié-Gonnard	c9ef476431	Merge pull request #7192 from joerchan/psa-update-mbedtls psa_crypto: Fix psa_key_derivation_output_key ECC without builtin keys	2023-03-20 09:47:07 +01:00
Manuel Pégourié-Gonnard	14c194aae9	Merge pull request #7271 from mpg/use-md-light Use md light	2023-03-20 09:01:16 +01:00
Manuel Pégourié-Gonnard	0f60d09aa8	Add a test with all of ECC accelerated Note that ECC key derivation is not using drivers yet, as we don't have driver support for cooked key derivation acceleration, see https://github.com/Mbed-TLS/mbedtls/pull/5451 and follow-ups. So, we still need MBEDTLS_ECP_C enabled at least for this, and probably in several other places for now. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2023-03-17 15:23:17 +01:00
Yanray Wang	69bc8403eb	rsa_tests: use TEST_EQUAL instead of TEST_ASSERT Signed-off-by: Yanray Wang <yanray.wang@arm.com>	2023-03-17 20:33:08 +08:00
Yanray Wang	e05a21f084	rsa: add a test to check default padding mode and hash_id Signed-off-by: Yanray Wang <yanray.wang@arm.com>	2023-03-17 20:09:20 +08:00
Yanray Wang	15d3df7aec	rsa: add positive test cases for getter functions Signed-off-by: Yanray Wang <yanray.wang@arm.com>	2023-03-17 19:49:04 +08:00
Yanray Wang	d41684e8bc	rsa.c: rename getter function of hash_id Signed-off-by: Yanray Wang <yanray.wang@arm.com>	2023-03-17 18:57:42 +08:00
Dave Rodgman	0e2b06a1ce	Merge pull request #7083 from KloolK/record-size-limit/parsing Add parsing for Record Size Limit extension in TLS 1.3	2023-03-17 10:18:34 +00:00
Paul Elliott	9f02a4177b	Merge pull request #7009 from mprse/csr_write_san Added ability to include the SubjectAltName extension to a CSR - v.2	2023-03-17 10:07:27 +00:00
Manuel Pégourié-Gonnard	0d957d3a83	Merge pull request #7275 from valeriosetti/issue7255 Driver-only EC JPAKE: starter	2023-03-17 10:01:38 +01:00
Manuel Pégourié-Gonnard	6ea8d3414f	Fix a comment Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2023-03-17 09:43:50 +01:00
Manuel Pégourié-Gonnard	1b5ffc63cc	Avoid double definition of MD_LIGHT Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2023-03-17 09:43:28 +01:00
Manuel Pégourié-Gonnard	8316209c02	Use MD_LIGHT rather than md5.h in pem.c But, for now, still guard things with MBEDTLS_MD5_C, as md.c can only compute MD5 hashes when MBEDTLS_MD5_C is defined. We'll change the guards once that has changed. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2023-03-17 09:43:27 +01:00
Manuel Pégourié-Gonnard	ec000c1a00	Merge pull request #7242 from mpg/md-dispatch-psa Implement MD dispatch to PSA	2023-03-17 09:42:40 +01:00
Gilles Peskine	28e4dc1e39	Fix use of arithmetic on void* Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2023-03-16 21:39:47 +01:00
Janos Follath	c18cd0c8e6	Merge pull request #7230 from gabor-mezei-arm/6850_Secp256r1_fast_reduction Extract Secp256r1 fast reduction from the prototype	2023-03-16 19:43:25 +00:00
Dave Rodgman	4a060ffa59	Merge pull request #7303 from daverodgman/msan_bzero_testcase Add tests that cover msan explicit_bzero issue	2023-03-16 17:55:19 +00:00
Paul Elliott	646ee7ec2e	Fix CI build after repo merge conflict After merging the driver only ECDSA work, a conflict arose between that and the previous work re-ordering the ciphersuite preference list. We can remove the breaking requirement on this test, as this requirement is now auto-detected when the server5 crt is used in the server's command line. Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2023-03-16 17:10:34 +00:00
Valerio Setti	943f8ddf81	test: remove leftovers from debug sessions Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-03-16 16:47:17 +01:00
Gilles Peskine	844f65dc65	Explicitly test AES contexts with different alignments Don't leave it up to chance. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2023-03-16 14:54:48 +01:00
Dave Rodgman	0a3c72df02	Add explanatory comment Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-03-16 13:43:32 +00:00
Gilles Peskine	5fcdf49f0e	Move copy-context testing to an auxiliary function This is in preparation for running it multiple times with different alignments. This commit also fixes the fact that we weren't calling mbedtls_aes_free() on the context (we still aren't if the test fails). It's not an issue except possibly in some ALT implementations. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2023-03-16 14:42:39 +01:00
Gilles Peskine	f99ec202d7	AES context copy test: have one for each key size Don't use all-bytes zero as a string, it's harder to debug. This commit uses the test vectors from FIPS 197 appendix C. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2023-03-16 14:27:40 +01:00
Gilles Peskine	d50cfddfd7	AES context copy test: clean up Don't use hexcmp to compare binary data. Improve readability. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2023-03-16 14:25:58 +01:00
Dave Rodgman	680dbd46ae	Merge pull request #7270 from DemiMarie/oid-fix Fix segfault in mbedtls_oid_get_numeric_string	2023-03-16 12:21:36 +00:00
Dave Rodgman	5d2024333b	Fix missing line ending Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-03-16 12:14:51 +00:00
Dave Rodgman	ecd649205d	Add tests that cover msan explicit_bzero issue Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-03-16 12:02:15 +00:00
Manuel Pégourié-Gonnard	ec31f2917f	Systematically call PSA_INIT for MD tests All tests that call md_setup() or compute a hash of a HMAC may now need it in some builds. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2023-03-16 09:48:20 +01:00
Manuel Pégourié-Gonnard	9f132b7c9c	Clarify real/dummy def of PSA_INIT/DONE Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2023-03-16 09:48:20 +01:00
Manuel Pégourié-Gonnard	54e3c6593e	Fix failures in signature accel test The test driver library tries to only build what's necessary, but must use the same PSA_WANT macros as the main library. So, for things that are not needed, it undefines MBEDTLS_PSA_BUILTIN_xxx and defines MBEDTLS_PSA_ACCEL_xxx, unless the ACCEL symbol was defined on the command line, in which case it undefines it and defineds BUILTIN instead. This negation happens in crypto_config_test_driver_extension.h and reflects the fact that what we want accelerated in the main library is what we want built-in in the driver library (and vice versa if we want to minimize the size of the driver library). So, the ACCEL symbols in inside the test driver library (while it's being built, not those on the command line) are a bit of a white lie: they don't actually mean "there's an accelerator for this" but instead "I won't include a built-in for this even though the corresponding PSA_WANT symbol is defined". This was quite harmless until MD started making dispatch decisions based on the ACCEL symbols: when it tries to dispatch to an accelerator that doesn't actually exist, things tend to go badly. The minimal fix for this is to change how we enable extra hashes in the test driver library: by defining the ACCEL symbol on the command line, in the build we'll end up with the BUILTIN symbol (and implementation!) and no ACCEL symbol, which is exactly what we want. Long version: https://arm-ce.slack.com/archives/GTM3SM1K5/p1675071671707599 Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2023-03-16 09:46:51 +01:00
Manuel Pégourié-Gonnard	7dc8b95849	Fix failures in builds without PSA_CRYPTO_C Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2023-03-16 09:46:51 +01:00
Manuel Pégourié-Gonnard	9b14639342	Dispatch according to init status. We shouldn't dispatch to PSA when drivers have not been initialized yet. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2023-03-16 09:46:51 +01:00
Manuel Pégourié-Gonnard	7abdf7eee5	Add utility function to check for drivers init This will be used in the next commit. While at it, move driver initialization before RNG init - this will be handy when the entropy module wants to use drivers for hashes. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2023-03-16 09:46:51 +01:00
Yanray Wang	f56181a105	ssl_helpers.c: add mbedtls_test prefix for tweak_tls13_certificate* Signed-off-by: Yanray Wang <yanray.wang@arm.com>	2023-03-16 14:59:38 +08:00
Yanray Wang	b088bfc453	ssl_helpers.c: add mbedtls_test_ssl prefix for *_exchange_data Signed-off-by: Yanray Wang <yanray.wang@arm.com>	2023-03-16 14:59:38 +08:00
Yanray Wang	5f86a42813	ssl_helpers.c: add mbedtls_test prefix for mbedtls_mock_socket_init Signed-off-by: Yanray Wang <yanray.wang@arm.com>	2023-03-16 14:59:38 +08:00
Yanray Wang	5e22a929b3	ssl_helpers.c: change prefix and move *queue_peek_info to static Signed-off-by: Yanray Wang <yanray.wang@arm.com>	2023-03-16 14:59:38 +08:00
Yanray Wang	f6f71902b7	ssl_helpers.c: change prefix and move *certificate_free to static Signed-off-by: Yanray Wang <yanray.wang@arm.com>	2023-03-16 14:59:30 +08:00
Yanray Wang	ead70c8d05	ssl_helpers.c: move some internal functions to static Signed-off-by: Yanray Wang <yanray.wang@arm.com>	2023-03-16 14:51:16 +08:00
Valerio Setti	fea765ba17	test: enable ec-jpake key exchanges in driver coverage analysis Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-03-16 07:45:23 +01:00
Demi Marie Obenour	889534a4d2	Fix segfault in mbedtls_oid_get_numeric_string When passed an empty OID, mbedtls_oid_get_numeric_string would read one byte from the zero-sized buffer and return an error code that depends on its value. This is demonstrated by the test suite changes, which check that an OID with length zero and an invalid buffer pointer does not cause Mbed TLS to segfault. Also check that second and subsequent subidentifiers are terminated, and add a test case for that. Furthermore, stop relying on integer division by 40, use the same loop for both the first and subsequent subidentifiers, and add additional tests. Signed-off-by: Demi Marie Obenour <demiobenour@gmail.com>	2023-03-16 01:06:41 -04:00
Yanray Wang	25b766f08d	ssl_helpers.c: move #define Directive to header file Signed-off-by: Yanray Wang <yanray.wang@arm.com>	2023-03-16 11:49:53 +08:00
Yanray Wang	d19894fb4d	ssl_helpers.c: unify code format between source file and header file Signed-off-by: Yanray Wang <yanray.wang@arm.com>	2023-03-16 11:49:53 +08:00
Valerio Setti	d8c2800f58	ecjpake: add ssl-opt tests for driver coverage analysis Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-03-15 19:09:35 +01:00
Gilles Peskine	2a44ac245f	Merge pull request #7217 from lpy4105/issue/6840/add-cache-entry-removal-api ssl_cache: Add cache entry removal api	2023-03-15 15:38:06 +01:00
Jerry Yu	02d684061b	Adjust time delay tests to fix fails Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-03-15 19:00:50 +08:00
Gilles Peskine	8d60574b7b	Merge pull request #6500 from yanrayw/split-TLS-connection-func-into-ssl_helpers Move TLS connection helper code from test_suite_ssl.function to ssl_helpers.c	2023-03-15 10:50:03 +01:00
Yanray Wang	ac36115355	test_suite_rsa.function: remove redundant test cases Signed-off-by: Yanray Wang <yanray.wang@arm.com>	2023-03-15 16:55:36 +08:00
Yanray Wang	097147540d	test_suite_rsa.function: add tests Signed-off-by: Yanray Wang <yanray.wang@arm.com>	2023-03-15 16:42:58 +08:00
Manuel Pégourié-Gonnard	18336dace2	Merge pull request #7196 from mprse/ecjpake-driver-dispatch-peer-user EC J-PAKE: partial fix for role vs user+peer	2023-03-15 09:37:30 +01:00
Valerio Setti	d8fb0af7dd	crypto_config_test_driver_extension: small reshape of guard symbols Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-03-14 19:38:32 +01:00
Przemek Stekiel	c0e6250ff9	Fix documentation and tests Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2023-03-14 11:49:36 +01:00
Manuel Pégourié-Gonnard	2a13cfd2b0	Merge pull request #7243 from valeriosetti/issue7148 driver-only ECDH: enable ssl-opt.sh with parity	2023-03-14 11:07:56 +01:00
Yanray Wang	af727a28c9	ssl_helpers.c: improve code readability Signed-off-by: Yanray Wang <yanray.wang@arm.com>	2023-03-14 17:43:37 +08:00
Gilles Peskine	215ecd0439	Merge pull request #7252 from daverodgman/enable_pkcs7 Enable PKCS 7	2023-03-14 10:39:50 +01:00
Gilles Peskine	8128037017	Merge pull request #7163 from lpy4105/issue/all_sh-do-not-list-unsupported-cases all.sh: Do not list unsupported cases	2023-03-14 10:34:04 +01:00
Jerry Yu	e7ea823d43	remove extra spaces Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-03-14 17:33:42 +08:00
Manuel Pégourié-Gonnard	ca3e32aaa8	Merge pull request #7207 from valeriosetti/issue7140 Handle output consistently in analyze_outcomes.py	2023-03-14 09:43:45 +01:00
Jan Bruckner	151f64283f	Add parsing for Record Size Limit extension in TLS 1.3 Fixes #7007 Signed-off-by: Jan Bruckner <jan@janbruckner.de>	2023-03-14 08:41:25 +01:00
Jerry Yu	1f7dd8df9b	fix random fails Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-03-14 13:12:08 +08:00
Paul Elliott	e4622a3436	Merge remote-tracking branch 'development/development' into development-restricted Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2023-03-13 17:49:32 +00:00
Valerio Setti	3951d1bcce	analyze_outcomes: symplify log functions Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-03-13 18:37:34 +01:00
Przemek Stekiel	fde112830f	Code optimizations and documentation fixes Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2023-03-13 16:28:27 +01:00
Valerio Setti	d0fffc56c3	analyze_outcomes: add coverage test for ecjpake Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-03-13 16:08:03 +01:00
Valerio Setti	60976169f6	libtestdriver: add EC support when only ECJPAKE is accelarated Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-03-13 16:07:30 +01:00
Valerio Setti	a9c9deccb9	ecjpake: add tests for driver coverage analysis Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-03-13 16:05:49 +01:00
Valerio Setti	e7f896d73f	fix extra whitespaces Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-03-13 13:55:28 +01:00
Dave Rodgman	6c9cea8feb	Merge pull request #7260 from daverodgman/test-macro-cleanup Remove duplicate test macros	2023-03-13 11:34:38 +00:00
Valerio Setti	80318d2775	ssl-opt: automatically detect requirements when using certs in dir-maxpath Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-03-13 12:26:42 +01:00
Yanray Wang	3463435ec5	ssl_helpers.c: fix review comments and improve code readability Signed-off-by: Yanray Wang <yanray.wang@arm.com>	2023-03-13 19:20:42 +08:00
Yanray Wang	5ba709c449	Move #define Directive into ssl_helpers.h Signed-off-by: Yanray Wang <yanray.wang@arm.com>	2023-03-13 19:20:42 +08:00
Yanray Wang	09a6f7e14f	Move TEST_AVAILABLE_ECC into ssl_helpers.h Signed-off-by: Yanray Wang <yanray.wang@arm.com>	2023-03-13 19:20:42 +08:00
Yanray Wang	1db628f254	Move ECJPAKE_TEST_SET_PASSWORD into ssl_helpers.h Signed-off-by: Yanray Wang <yanray.wang@arm.com>	2023-03-13 19:20:42 +08:00
Yanray Wang	a8f445e60f	Fix issue of conversion from size_t to int ssl_helpers.c is treated with W3 warning level in MSVC complier. So that it's reported as error for warning of conversion from size_t to int. This change fixes all this type of warning seen in Microsoft Visual Studio 12.0. Besides, some potential problems of type conversion are also handled. Signed-off-by: Yanray Wang <yanray.wang@arm.com>	2023-03-13 19:20:42 +08:00
Yanray Wang	e64b40520d	Fix build error in CI about test_fail_if_psa_leaking During test of component build_arm_linux_gnueabi_gcc_arm5vte and build_arm_none_eabi_gcc_m0plus. It fails with - error: implicit declaration of function ‘test_fail_if_psa_leaking’ It happens because test_fail_if_psa_leaking is defined in helpers.function. This block of code is not converted into C code while compiling ssl_helpers.c. The function has been moved to psa_crypto_helpers.c in order to fix this build error. Signed-off-by: Yanray Wang <yanray.wang@arm.com>	2023-03-13 19:20:42 +08:00
Yanray Wang	b458b8c0ec	Fix build errors in CMake tests/src/ssl_helpers.c depends on functions defined in library/.c. If it's complied as an OBJECT with other c files, cmake complains undefined reference in link stage under programs/. Therefore, tests/src/test_helpers/ is created to hold c files with dependency of library/.c. Besides, tests/src/test_helper/*.c is separated into another OBJECT, mbedtls_test_helpers, as sources to build all test suite executables. In addition, everest header directory is included in case MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED is enabled. Signed-off-by: Yanray Wang <yanray.wang@arm.com>	2023-03-13 19:20:42 +08:00
Yanray Wang	1fca4de942	ssl_helpers.c: remove duplicate comments for some functions Signed-off-by: Yanray Wang <yanray.wang@arm.com>	2023-03-13 19:20:42 +08:00
Yanray Wang	4d07d1c394	Resolve build errors for ssl_helpers.c and test_suite_ssl.c Since we move many functions from test_suite_ssl.function to ssl_helpers.c in commit 8e2bbdd. This causes various of build errors. This commit fixes all the build errors by - including header files - providing function definition - adding guards for typedef statements and functions Signed-off-by: Yanray Wang <yanray.wang@arm.com>	2023-03-13 19:20:42 +08:00
Yanray Wang	e6afd919dd	Move TLS connection related functions to ssl_helpers.c Some functions are renamed in commit d51d285. This change moves all those functions which are used to set up a TLS connection from test_suite_ssl.function into ssl_helpers.c. Signed-off-by: Yanray Wang <yanray.wang@arm.com>	2023-03-13 19:20:42 +08:00
Yanray Wang	d577a68325	Improve code readability for test_suite_ssl.function Signed-off-by: Yanray Wang <yanray.wang@arm.com>	2023-03-13 19:15:53 +08:00
Yanray Wang	bd29683c90	Rewrap the lines to fit code standard in test_suite_ssl.function As the typedef statements and functions are renamed in commit de3caee and commit d51d285 respectively. This commit aims to align code lines to fit code standard and improve code readability. Signed-off-by: Yanray Wang <yanray.wang@arm.com>	2023-03-13 19:15:53 +08:00
Yanray Wang	f7b62353cb	Rename the functions which are used to set up TLS connection Signed-off-by: Yanray Wang <yanray.wang@arm.com>	2023-03-13 19:15:53 +08:00
Yanray Wang	55a6619135	Move the renamed typedef statements to ssl_helpers.h With this change, the renamed typedef statements (commit de3caee) are moved from test_suite_ssl.function into ssl_helpers.h Signed-off-by: Yanray Wang <yanray.wang@arm.com>	2023-03-13 19:15:53 +08:00
Yanray Wang	9ef0dce9e3	Rename the typedef statements which are used for TLS connection Signed-off-by: Yanray Wang <yanray.wang@arm.com>	2023-03-13 19:15:53 +08:00
Yanray Wang	47907a4bb4	Create ssl_helpers.c to hold functions of TLS connection test_suite_ssl.function contains many functions that are used to set up a TLS connection. To reduce its file size, those functions would be moved to ssl_helpers.c under tests/src. As the start of this implementation, some necessary header files are moved in advance. Signed-off-by: Yanray Wang <yanray.wang@arm.com>	2023-03-13 19:15:53 +08:00
Valerio Setti	77588e9451	ssl-opt: uniformize requirements in tests Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-03-13 12:00:10 +01:00
Dave Rodgman	756b028511	Merge pull request #7171 from daverodgman/pr5527 Fix undefined behavior in ssl_read if buf parameter is NULL	2023-03-13 10:46:29 +00:00
Jerry Yu	c5b48a6f04	Add time test with delay Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-03-13 15:25:44 +08:00
Pengyu Lv	62ed1aa316	ssl-opt: Add test for cache entry removal Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>	2023-03-13 09:28:17 +08:00
Przemek Stekiel	18cd6c908c	Use local macros for j-pake slient/server strings Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2023-03-12 16:59:28 +01:00
Przemek Stekiel	aa1834254e	Fix code style Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2023-03-12 16:59:28 +01:00
Przemek Stekiel	09104b8712	rework psa_pake_set_role to be consistent with requirements and adapt tests Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2023-03-12 16:59:28 +01:00
Przemek Stekiel	f15d335f5b	ecjpake_setup: clean up handling of errors Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2023-03-12 16:59:28 +01:00
Dave Rodgman	8e528ece74	Disable test under MBEDTLS_MEMORY_BUFFER_ALLOC_C This test allocates too much memory to work when the alternative memory allocator is used. Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-03-12 13:30:56 +00:00
Dave Rodgman	45bed94406	Add parse failure test when MBEDTLS_RSA_C not set Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-03-12 10:01:02 +00:00
Dave Rodgman	651fb529f9	Make pkcs7_parse test not depend on MBEDTLS_RSA_C Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-03-12 10:00:44 +00:00
Dave Rodgman	4fa8590b62	Fix test dependency Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-03-12 09:34:08 +00:00
Dave Rodgman	f8565b3c2b	Add more PKCS #7 tests with expired cert Add test which uses an expired cert but is otherwise OK, which passes if and only if MBEDTLS_HAVE_TIME_DATE is not set. Add similar test which verifies against a different data file, which must fail regardless of MBEDTLS_HAVE_TIME_DATE. Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-03-11 10:26:39 +00:00
Dave Rodgman	2e8442565a	Add PKCS #7 test files using expired cert Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-03-11 10:24:30 +00:00
Dave Rodgman	cc77fe8e52	Fix PKCS #7 tests when MBEDTLS_HAVE_TIME_DATE unset Ensure that verification of an expired cert still fails, but update the test to handle the different error code. Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-03-11 09:46:13 +00:00
Dave Rodgman	d51b1c5666	Remove duplicate test macros Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-03-10 17:44:08 +00:00
Dave Rodgman	ca43e0d0ac	Fix test file extension Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-03-10 13:06:01 +00:00
Dave Rodgman	f2f2dbcfd7	Add test case for PKCS7 file with zero signers The test file was created by manually modifying tests/data_files/pkcs7_data_without_cert_signed.der, using ASN.1 JavaScript decoder https://lapo.it/asn1js/ Changes made: The SignerInfos set was truncated to zero length. All the parent sequences, sets, etc were then adjusted for their new reduced length. Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-03-10 12:52:00 +00:00
Dave Rodgman	ac447837d3	Merge pull request #7206 from xkqian/test_memory_management_in_pkcs7 Test memory management in pkcs7	2023-03-10 11:29:50 +00:00
Przemek Stekiel	f3ae020c37	Use user/peer instead role in jpake driver-wrapper tests Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2023-03-10 09:18:03 +01:00
Przemek Stekiel	af94c13b2c	Add tests for user/peer input getters Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2023-03-10 09:18:03 +01:00
Przemek Stekiel	0c946e9aa9	Addapt jpake tests and add cases for set_user, set_peer Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2023-03-10 09:18:03 +01:00
Gilles Peskine	4da92832b0	Merge pull request #7117 from valeriosetti/issue6862 driver-only ECDSA: enable ECDSA-based TLS 1.2 key exchanges	2023-03-09 20:49:44 +01:00
Gilles Peskine	a25203c5f9	Merge pull request #7208 from paul-elliott-arm/interruptible_sign_hash_new_verify_tests Interruptible_{sign\|verify}_hash: Add public key verification tests	2023-03-09 20:48:13 +01:00
Dave Rodgman	bf4016e5d5	Merge pull request #6567 from mprse/ecjpake-driver-dispatch	2023-03-09 19:23:05 +00:00
Dave Rodgman	8657e3280a	Add corrupt PKCS #7 test files Generated by running "make <filename>" and commiting the result. Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-03-09 15:59:15 +00:00
valerio	2bf85e349d	ssl-opt: enable test for accelerated ECDH + USE_PSA Signed-off-by: valerio <valerio.setti@nordicsemi.no>	2023-03-09 16:39:07 +01:00
valerio	f27472b128	ssl-opt: enable test and fix failures for reference ECDH + USE_PSA" Signed-off-by: valerio <valerio.setti@nordicsemi.no>	2023-03-09 16:20:38 +01:00
Przemek Stekiel	b8eaf635ba	Remove MBEDTLS_SHA256_C from PSA_WANT_ALG_JPAKE config and adapt test dependencies Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2023-03-09 12:14:26 +01:00
Manuel Pégourié-Gonnard	913d9bb921	Merge pull request #7162 from valeriosetti/issue7055 Legacy MBEDTLS_PK_PARSE_C and MBEDTLS_PK_WRITE_C dependencies in test_suite_psa_crypto	2023-03-08 17:07:19 +01:00
Valerio Setti	1470ce3eba	fix typos Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-03-08 16:50:12 +01:00
Valerio Setti	2f081473b6	test: fix disparities in test_suite_ssl Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-03-08 16:47:28 +01:00
Valerio Setti	f84b7d5c21	test: enable ECDSA based key exchanges in driver coverage tests Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-03-08 16:47:28 +01:00
Manuel Pégourié-Gonnard	289e5baa83	Merge pull request #7082 from valeriosetti/issue6861 driver-only ECDSA: add ssl-opt.sh testing with testing parity	2023-03-08 16:45:38 +01:00
Gabor Mezei	eb591ff94d	Add test generation for ecp_mod_p256_raw Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2023-03-08 14:12:20 +01:00
Gabor Mezei	ab6ac91a0a	Extract Secp256r1 from the prototype Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2023-03-08 14:09:50 +01:00
Valerio Setti	c0e7da55c5	test: removing remaning dependencies of PK_WRITE/PK_PARSE from test_suite_psa_crypto suites Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-03-08 11:03:09 +01:00
Valerio Setti	f9bc5b75f1	test: remove dependencies on PK_WRITE and PK_PARSE from test_suite_psa_crypto suites Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-03-08 11:03:09 +01:00
Valerio Setti	ccfad9ae0e	ssl-opt: remove remaining redundant dependencies There were some dependencies that are now automatically satisfied by the detect_required_features() function. After this check there should be no redundant requirement for: - requires_pk_alg "ECDSA" - requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_ECDSA_CERT - requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-03-08 10:25:05 +01:00
Valerio Setti	3b2c02821e	ssl-opt: return to previous debug level in test This was a leftover from some debug activity that unfortunately ended up in previous commits. Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-03-08 10:22:29 +01:00
Gilles Peskine	a2fc399f57	Merge pull request #6829 from AndrzejKurek/unify-psa-errors Unify PSA to Mbed TLS error translation	2023-03-07 19:55:44 +01:00
Gilles Peskine	30fc999f43	Merge pull request #7164 from oberon-microsystems/fix-test-exported-length-edwards Fix expected export length for Edwards curves in test suite.	2023-03-07 19:53:48 +01:00
Valerio Setti	213c4eae3a	ssl-opt: enhance comment for get_tls_version() function Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-03-07 19:29:57 +01:00
Janos Follath	fe780a3c4b	Merge pull request #7184 from gabor-mezei-arm/6349_Secp224r1_fast_reduction Extract Secp224r1 fast reduction from the prototype	2023-03-07 10:57:58 +00:00
Xiaokang Qian	c96d2de569	Update corrupted char for pkcs7 corrupt signer info cases Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>	2023-03-07 10:35:47 +00:00
Przemek Stekiel	4aa99403f4	Fix configuration for accelerated jpake Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2023-03-07 10:50:09 +01:00
Xiaokang Qian	d2988adb31	Add rsa dependencies for pkcs7 corrupt signer info cases Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>	2023-03-07 08:38:58 +00:00
Xiaokang Qian	9c703d80ca	Add fuzz bad cases for signer info 1 and 2 Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>	2023-03-07 08:38:58 +00:00
Xiaokang Qian	8993a14567	Add unexpected tag cases for signer info 1 and 2 Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>	2023-03-07 08:38:58 +00:00
Xiaokang Qian	e8c696ffd1	Add invalid size test case for signer info[2](The third one) Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>	2023-03-07 08:38:58 +00:00
Xiaokang Qian	72b4bcac03	Add invalid size test case for signer info 1(the second one) Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>	2023-03-07 08:38:55 +00:00
Manuel Pégourié-Gonnard	a5ffa93e43	Merge pull request #7142 from mpg/driver-only-ecdh-starter Driver-only ECDH starter	2023-03-07 09:14:38 +01:00
Paul Elliott	8c092052bd	Add public key verification tests Add public key verification tests, and alter test intent comments to make it obvious that verify_hash_interruptible can do public keys as well as private and keypairs. Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2023-03-06 17:49:14 +00:00
Manuel Pégourié-Gonnard	86393db84d	Revert local experiment. This was never meant to be committed here. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2023-03-06 16:19:05 +01:00
Valerio Setti	23e50b9042	ssl-opt: remove redundant ECDSA dependencies in TLS1.3 tests Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-03-06 14:48:39 +01:00
Manuel Pégourié-Gonnard	07d92620d4	Fix some message strings and comments in all.sh Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2023-03-06 13:38:55 +01:00
Manuel Pégourié-Gonnard	0d1f5be688	Add comment about shared config function Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2023-03-06 13:35:21 +01:00
Valerio Setti	5d8d1a7f60	analyze_outcomes: print all output on stderr Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-03-06 11:08:17 +01:00
Manuel Pégourié-Gonnard	228a30d16c	Merge pull request #7120 from mpg/md-light Define "MD light" subset of MD	2023-03-06 11:02:19 +01:00
Dave Rodgman	4693fd9e9e	Merge pull request #7173 from daverodgman/zeroize-platform Use platform-provided secure zeroization	2023-03-06 09:16:12 +00:00
Stephan Koch	6eb73113b1	Fix codestyle with uncrustify. Signed-off-by: Stephan Koch <koch@oberon.ch>	2023-03-03 17:48:40 +01:00
Dave Rodgman	45cef61fa4	Merge branch 'development' into md-light Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-03-03 14:28:13 +00:00
Dave Rodgman	1f39a62ce6	Merge pull request #7151 from gilles-peskine-arm/psa-headers-alt Allow alternative names for overridable PSA headers	2023-03-03 12:37:51 +00:00
Przemek Stekiel	5a49d3cce3	Replace mbedtls_x509_san_node with mbedtls_x509_subject_alternative_name Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2023-03-03 12:58:11 +01:00
Przemek Stekiel	8e83d3aaa9	Add tests for writting SAN to CSR Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2023-03-03 12:58:05 +01:00
Dave Rodgman	e11c1ceac9	Merge pull request #7200 from paul-elliott-arm/interruptible_sign_hash_fail_tests Enable all keys for interruptible op fail tests	2023-03-03 11:51:57 +00:00
Andrzej Kurek	8a045ce5e6	Unify PSA to Mbed TLS error translation Move all error translation utilities to psa_util.c. Introduce macros and functions to avoid having a local copy of the error translating function in each place. Identify overlapping errors and introduce a generic function. Provide a single macro for all error translations (unless one file needs a couple of different ones). Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2023-03-03 05:23:44 -05:00
Dave Rodgman	05b80a4eee	Merge pull request #6201 from gilles-peskine-arm/tls13_only-renegotiation Disable MBEDTLS_SSL_RENEGOTIATION in TLS-1.3-only builds	2023-03-03 09:56:51 +00:00
Dave Rodgman	e965c3c4bd	Merge pull request #7197 from daverodgman/armclang-sha-warning Enable -Werror in all.sh for armclang	2023-03-03 09:01:41 +00:00
Jerry Yu	9a12df022e	Add tests for time rountine Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-03-03 15:31:28 +08:00
Valerio Setti	194e2bdb6a	fix typos Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-03-02 17:18:10 +01:00
Paul Elliott	ddbc6ed6cd	Enable all keys for interruptible op fail tests Due to a misunderstanding about the purpose of the test, I had limited this to ECC keys only, however this defeats the purpose of the test, and left gaps in test coverage. Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2023-03-02 16:03:43 +00:00
Dave Rodgman	0fddf829d5	Add more detailed comment Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-03-02 15:32:12 +00:00
Gilles Peskine	57897b8d6a	Merge pull request #6493 from AndrzejKurek/pymod Use `config.py` as a module in `depends.py`	2023-03-02 15:38:47 +01:00
Dave Rodgman	1c232a8311	Enable -Werror for armclang Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-03-02 13:39:04 +00:00
Dave Rodgman	2f386c55ff	Disable MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT for armclang Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-03-02 13:38:33 +00:00
Gilles Peskine	136d25c416	Explicitly disable all DTLS options in tls13-only.h This makes no difference when starting from the default configuration. It allows tls13-only.h to be used with other base configurations such as `full`. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2023-03-01 19:49:58 +01:00
Gilles Peskine	7d3186d18a	Disable MBEDTLS_SSL_RENEGOTIATION in tls13-only configuration There's no renegotiation in TLS 1.3, so this option should have no effect. Insist on having it disabled, to avoid the risk of accidentally having different behavior in TLS 1.3 if the option is enabled (as happened in https://github.com/Mbed-TLS/mbedtls/issues/6200). Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2023-03-01 19:47:23 +01:00
Dave Rodgman	f4385faa6f	Merge pull request #7188 from paul-elliott-arm/interruptible_sign_hash_complete_after_start_fail Interruptible {sign\|verify} hash - Call complete() after start() failure.	2023-03-01 17:18:08 +00:00
Paul Elliott	42585f678b	Merge pull request #7176 from paul-elliott-arm/interruptible_sign_hash_verify_test_improvements Interruptible {sign\|verify} hash verification test improvements	2023-03-01 15:00:45 +00:00
Paul Elliott	ebf2e38662	Merge pull request #7177 from paul-elliott-arm/interruptible_sign_hash_improve_num_ops_testing Interruptible sign hash improve num ops testing	2023-03-01 14:59:44 +00:00
Paul Elliott	de7c31e082	Improve comment wording Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2023-03-01 14:43:52 +00:00
Przemek Stekiel	f5dcb8886a	Rework pake input getters tests Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2023-03-01 12:28:21 +01:00
Gilles Peskine	1eae11565d	Merge pull request #6949 from bensze01/replace_pkcs7_fuzzer_tests Replace fuzzer-generated PKCS #7 memory management tests	2023-03-01 10:46:22 +01:00
Pengyu Lv	c6298ad46a	Use parentheses to avoid executing the output Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>	2023-03-01 10:31:29 +08:00
Pengyu Lv	c2b1864ceb	Revert "Check if the license server is available for armcc" This reverts commit `55c4fa4f41`. After discussion, We decided not to check the availability of the license server for the impacts on CI and user usages. Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>	2023-03-01 10:25:08 +08:00
Paul Elliott	7c17308253	Add num_ops tests to sign and verify interruptible hash This is the only test usable for non-deterministic ECDSA, thus needs this code path testing as well. Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2023-02-28 17:23:29 +00:00
Paul Elliott	8359c14c14	Add hash corruption test to interruptible verify test Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2023-02-28 17:23:29 +00:00
Paul Elliott	c1e0400bac	Add test to check not calling get_num_ops() Make sure that not calling get_num_ops() inbetweeen calls to complete() does not mean that ops get lost (Regression test for previous fix). Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2023-02-28 17:20:14 +00:00
Paul Elliott	9e8819f356	Move 'change max_ops' test into ops tests Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2023-02-28 17:20:14 +00:00
Paul Elliott	5770224ef3	Rename max ops tests to ops tests Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2023-02-28 17:20:14 +00:00
Gilles Peskine	7e677fa2c5	Merge pull request #6389 from gilles-peskine-arm/ecdsa-use-psa-without-pkwrite Remove pkwrite dependency in pk using PSA for ECDSA	2023-02-28 18:17:16 +01:00
Gilles Peskine	b52b788e55	Merge pull request #6895 from yuhaoth/pr/add-aes-with-armv8-crypto-extension Add AES with armv8 crypto extension	2023-02-28 18:16:37 +01:00
Paul Elliott	587e780812	Test calling complete() after {sign\|verify}_hash_start fails Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2023-02-28 17:13:39 +00:00
Gilles Peskine	e4616830b3	Merge pull request #7137 from lpy4105/issue/1785/ssl-test-script-fail compat.sh: Skip static ECDH cases if unsupported in openssl	2023-02-28 18:11:39 +01:00
Dave Rodgman	17152df58d	Merge pull request #7175 from paul-elliott-arm/interruptible_sign_hash_test_comments Interruptible sign hash test comments	2023-02-28 17:09:43 +00:00
Gilles Peskine	ebb63420cc	Merge pull request #7124 from oberon-microsystems/fix-test-output-length-on-success-only Fix test to check output length on PSA_SUCCESS only	2023-02-28 18:09:33 +01:00
Bence Szépkúti	35d674a6ee	Replace usage of echo -e in pkcs7 data Makefile This use of the shell builtin is not portable. Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>	2023-02-28 17:01:21 +01:00
Dave Rodgman	ffb4dc38c8	Merge pull request #7183 from paul-elliott-arm/interruptible_sign_hash_test_max_ops_0 Interruptible {sign\|verify} hash : Change max_ops=min tests to use a value of zero.	2023-02-28 15:56:01 +00:00
Bence Szépkúti	4a2fff6369	Fix expected error code This was overlooked during the rebase. Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>	2023-02-28 16:40:27 +01:00
Gabor Mezei	804cfd32ea	Follow the naming convention Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2023-02-27 16:50:09 +01:00
Paul Elliott	ac2251dad1	Merge pull request #7076 from mprse/parse_RFC822_name Add parsing of x509 RFC822 name + test	2023-02-27 14:16:13 +00:00
Paul Elliott	cd7e8bce03	Change max_ops=min tests to use zero Zero is the minimum value defined by the spec, just because the internal implementation treats zero and one as the same thing does not mean that other implementations will also do so. Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2023-02-27 12:21:36 +00:00
Stephan Koch	5819d2c141	Feedback from Arm: guarantee that output_length <= output_size even on error, to reduce the risk that a missing error check escalates into a buffer overflow in the application code Signed-off-by: Stephan Koch <koch@oberon.ch>	2023-02-27 11:49:13 +01:00
oberon-sk	10c0f770ce	asymmetric_encrypt: check output length only if return code is PSA_SUCCESS. Signed-off-by: Stephan Koch <koch@oberon.ch>	2023-02-27 11:48:51 +01:00
Paul Elliott	c2033502f5	Give edge case tests a better name Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2023-02-26 18:47:58 +00:00
Paul Elliott	c7f6882995	Add comments to each test case to show intent Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2023-02-26 18:47:58 +00:00
Dave Rodgman	21dfce7a5c	Add tests Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-02-25 17:10:38 +00:00
Dave Rodgman	a4e8fb0041	Add tests Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-02-24 15:57:30 +00:00
Bence Szépkúti	248971348b	Replace fuzzer-generated PKCS7 regression tests This commit adds well-formed reproducers for the memory management issues fixed in the following commits: `290f01b3f5` `e7f8c616d0` `f7641544ea` Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>	2023-02-24 15:31:03 +01:00
Ronald Cron	7dc4130210	Improve GnuTLS client priority for resumption basic check Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2023-02-24 12:10:09 +01:00
Pengyu Lv	55c4fa4f41	Check if the license server is available for armcc Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>	2023-02-24 18:31:50 +08:00
Przemek Stekiel	6f2d1f419a	Further pake tests optimizations Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2023-02-24 10:22:47 +01:00
Pengyu Lv	df07003c49	all.sh: add support function for build_armcc With this change, "--list-components" will not list "build_armcc" on the system which is not installed with Arm Compilers. Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>	2023-02-24 16:03:31 +08:00
Pengyu Lv	51b5f00a43	all.sh: Skip build_mingw correctly If i686-w64-mingw32-gcc is not installed, then build_mingw should be unsupported. Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>	2023-02-24 15:38:52 +08:00
Manuel Pégourié-Gonnard	623c73b46d	Remove config.py call on now-internal option It turns out config.py wouldn't complain, but it's still confusing. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2023-02-23 20:36:05 +01:00
Przemek Stekiel	083745e097	Fix code style Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2023-02-23 17:28:23 +01:00
Gilles Peskine	df6e84a447	Test the PSA alternative header configuration macros Test that MBEDTLS_PSA_CRYPTO_PLATFORM_FILE and MBEDTLS_PSA_CRYPTO_STRUCT_FILE can be set to files in a directory that comes after the standard directory in the include file search path. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2023-02-23 17:18:33 +01:00
Przemek Stekiel	bdc21e623e	Disable MBEDTLS_PSA_CRYPTO_SE_C is ecdsa psa builds Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2023-02-23 17:12:19 +01:00
Valerio Setti	1af76d119d	ssl-opt: automatically detect requirements from the specified certificates This moslty focus on tests using "server5*" cerificate. Several cases are taken into account depending on: - TLS version (1.2 or 1.3) - server or client roles Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-02-23 16:55:59 +01:00
Valerio Setti	3f2309fea6	ssl-opt: remove redundant requires_config_enabled when force_ciphersuite is set Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-02-23 13:47:30 +01:00
Manuel Pégourié-Gonnard	0d4152186d	Make MBEDTLS_MD_LIGHT private for now. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2023-02-23 13:02:13 +01:00
Ronald Cron	1aa6e8d6e9	Restore same PSK length enforcement Restore same PSK length enforcement in conf_psk and set_hs_psk, whether the negotiated protocol is TLS 1.2 or TLS 1.3. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2023-02-23 09:48:50 +01:00
Valerio Setti	d1f991c879	ssl-opt: fix required configs in ECDSA related tests Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-02-23 09:31:41 +01:00
Pengyu Lv	9e7bb2a92c	Update some comments Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>	2023-02-23 16:03:56 +08:00
Przemek Stekiel	d59d2a4dee	Optimize pake tests Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2023-02-23 07:30:40 +01:00
Janos Follath	406b9172ad	Merge pull request #7044 from minosgalanakis/bignum/6342_add_named_moduli_setup Bignum: Add named moduli setup	2023-02-22 12:14:33 +00:00
Valerio Setti	6445912d9c	test: enable ssl-opt in test_psa_crypto_config_[accel/reference]_ecdsa_use_psa Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-02-22 12:35:16 +01:00
Przemek Stekiel	51a677bb30	Remove support for pake opaque driver Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2023-02-22 11:30:32 +01:00
Przemek Stekiel	80a8849903	Adapt conditional compilation flags for jpake alg Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2023-02-22 11:30:32 +01:00
Przemek Stekiel	6b64862ef7	Documentation fixes and code adaptation Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2023-02-22 11:30:32 +01:00
Przemek Stekiel	251e86ae3f	Adapt names to more suitable and fix conditional compilation flags Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2023-02-22 11:30:32 +01:00
Przemek Stekiel	b45b8ce474	Disable MBEDTLS_PSA_CRYPTO_SE_C is hash psa builds Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2023-02-22 11:30:32 +01:00
Przemek Stekiel	3e784d8981	PSA crypto pake: call abort on each failure Adapt driver hook counters in pake driver test. Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2023-02-22 11:30:32 +01:00
Przemek Stekiel	a48cf500d7	mbedtls_test_transparent_pake_abort: call driver/build-in impl even when status is forced This is done to solve the problem with memory leak when pake abort status is forced. In this case the driver/build-in abort function was not executed. After failure core clears the operation object and no successive abort call is possible. Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2023-02-22 11:30:32 +01:00
Przemek Stekiel	f62b3bb087	Optimization of pake core functions Adapt pake test (passing NULL buffers is not allowed). Passing the null buffer to psa_pake_output results in a hard fault. Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2023-02-22 11:30:32 +01:00
Przemek Stekiel	9dd2440c95	Change pake input: key_lifetime -> key attributes In the future key attributes will be available for opaque driver via psa_crypto_driver_pake_get_password_key(). Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com> Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2023-02-22 11:30:32 +01:00
Przemek Stekiel	dde6a910bb	Optimize out psa_pake_computation_stage_t Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2023-02-22 11:30:32 +01:00
Przemek Stekiel	ca8d2b2589	Add get-data functions for inputs + tests Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2023-02-22 11:30:32 +01:00
Przemek Stekiel	7b730175b3	Simplify psa_pake_computation_stage_s structure Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2023-02-22 11:30:32 +01:00
Przemek Stekiel	b09c487546	Combine core pake computation stage(step,sequence,state) into single driver step Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2023-02-22 11:30:31 +01:00
Przemek Stekiel	9a5b812aa8	Cleanup the code Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2023-02-22 11:30:31 +01:00
Przemek Stekiel	fcd70e250f	Adapt pake driver wrapper tests for the new design Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2023-02-22 11:30:31 +01:00
Przemek Stekiel	e12ed36a6c	Move JPAKE state machine logic from driver to core - Add `alg` and `computation_stage` to `psa_pake_operation_s`. Now when logic is moved to core information about `alg` is required. `computation_stage` is a structure that provides a union of computation stages for pake algorithms. - Move the jpake operation logic from driver to core. This requires changing driver entry points for `psa_pake_output`/`psa_pake_input` functions and adding a `computation_stage` parameter. I'm not sure if this solution is correct. Now the driver can check the current computation stage and perform some action. For jpake drivers `step` parameter is now not used, but I think it needs to stay as it might be needed for other pake algorithms. - Removed test that seems to be redundant as we can't be sure that operation is aborted after failure. Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2023-02-22 11:30:31 +01:00
Przemek Stekiel	3f9dbac83f	Adapt ake driver tests to the new design Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2023-02-22 11:30:31 +01:00
Przemek Stekiel	95629ab4ae	Add forced status for pake setup Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2023-02-22 11:30:31 +01:00
Przemek Stekiel	c6b954686b	Adapt test_suite_psa_crypto_pake test for the new design Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2023-02-22 11:30:31 +01:00
Przemek Stekiel	51eac53b93	Divide pake operation into two phases collecting inputs and computation. Functions that only set inputs do not have driver entry points. Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2023-02-22 11:25:30 +01:00
Przemek Stekiel	0c78180ee5	mbedtls_psa_pake_get_implicit_key: move psa_key_derivation_input_bytes call to upper layer Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2023-02-22 11:25:30 +01:00
Przemek Stekiel	7658a0768b	Add pake driver wrapper tests Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com> Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2023-02-22 11:25:30 +01:00
Przemek Stekiel	061a016c65	Add ALG_TLS12_PRF, TLS12_PSK_TO_MS, LG_TLS12_ECJPAKE_TO_PMS support to test driver extensions Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2023-02-22 11:25:30 +01:00
Przemek Stekiel	6a9785f061	Add pake.h to test driver header Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2023-02-22 11:25:30 +01:00
Przemek Stekiel	03790029a6	Add test components to test accelerated pake and fallback Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2023-02-22 11:25:30 +01:00
Przemek Stekiel	d3da040f34	Add test driver impl for pake Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2023-02-22 11:25:30 +01:00
Pengyu Lv	07d5085fcf	Skip ECDH ciphersuites for O->m pair The mechanism of detecting unsupported ciphersuites for OpenSSL client doesn't work on a modern OpenSSL. At least, it fails on Travis CI which is installed with OpenSSL 1.1.1f. So we need to skip ECDH cipher- suites for O->m. Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>	2023-02-22 12:18:48 +08:00
Pengyu Lv	a64c277588	compat.sh: Skip all ECDH_ ciphersuites Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>	2023-02-22 10:19:40 +08:00
Gilles Peskine	ffb92b0789	Merge pull request #7105 from davidhorstmann-arm/fix-oid-printing-bug Fix bugs in OID to string conversion	2023-02-21 23:16:44 +01:00
Paul Elliott	48c591cb56	Fix warning with GCC 12 Fix warning about variable being used uninitialised. Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2023-02-21 16:31:56 +00:00
Gilles Peskine	250a5ac4cb	Merge pull request #7095 from paul-elliott-arm/interruptible_sign_hash_codestyle Implement PSA interruptible sign/verify hash	2023-02-21 15:13:34 +01:00
Ronald Cron	d89360b87b	Fix and improve documentation, comments and logs Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2023-02-21 14:57:25 +01:00
Manuel Pégourié-Gonnard	d1c001aff7	Fix some dependencies in test_suite_psa_crypto Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2023-02-21 13:37:17 +01:00
Przemek Stekiel	a006f8c17b	Adapt dependencies for parsing rfc822Name test Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2023-02-21 13:36:56 +01:00
Manuel Pégourié-Gonnard	e91bcf31b6	Add comparison of accel_ecdh_use_psa against ref With temporary exclusions to be lifted as follow-ups. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2023-02-21 13:07:19 +01:00
Dave Rodgman	e42cedf256	Merge pull request #7077 from daverodgman/pkcs7-fixes-dm-rebased Pkcs7 fixes	2023-02-21 11:53:30 +00:00
Manuel Pégourié-Gonnard	59a2b8fd57	Add component accel_ecdh_use_psa Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2023-02-21 12:42:31 +01:00
Manuel Pégourié-Gonnard	e3095e7cb0	Add comments to accel_ecdh component Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2023-02-21 12:19:06 +01:00
Gabor Mezei	f65a059a64	Add test generation for ecp_mod_p224_raw Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2023-02-21 11:40:27 +01:00
Gabor Mezei	66f88a9d22	Extract Secp224r1 from the prototype Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2023-02-21 11:32:29 +01:00
Pengyu Lv	5e780df3e3	Only use standard cipher name Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>	2023-02-21 14:19:27 +08:00
David Horstmann	a4fad2ba67	Correct error code in test_suite_x509parse.data Signed-off-by: David Horstmann <david.horstmann@arm.com>	2023-02-20 14:57:47 +00:00
Dave Rodgman	716163e824	Improve allocation bounds in testing Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-02-20 14:46:51 +00:00
David Horstmann	5b5a0b618c	Change error codes to more appropriate codes The more precise error codes are borrowed from the ASN1 module. Signed-off-by: David Horstmann <david.horstmann@arm.com>	2023-02-20 14:24:12 +00:00
Przemek Stekiel	5b9e4168cf	Add rfc822Name support in mbedtls_x509_info_subject_alt_name + adapt test Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2023-02-20 15:09:50 +01:00
Przemek Stekiel	608e3efc47	Add test for parsing SAN: rfc822Name Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2023-02-20 15:09:50 +01:00
Minos Galanakis	a30afe2216	ecp_curves: Minor refactoring. This patch introduces the following changes: * Documentation for `mbedtls_ecp_modulus_setup()` moved to `ecp_invasive.h`. * Added invalid modulus selector `MBEDTLS_ECP_MOD_NONE`. * Adjusted negative tests to use invalid selectors. * Reworded documentation. Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>	2023-02-20 13:53:06 +00:00
Minos Galanakis	36f7c0e69b	test_suite_ecp: Added .data for `ecp_setup_test()` Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>	2023-02-20 13:51:49 +00:00
Minos Galanakis	9a1d02d738	test_suite_ecp: Added test for `mbedtls_ecp_modulus_setup()` Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>	2023-02-20 13:51:48 +00:00
Janos Follath	ec718afb41	Merge pull request #7051 from gabor-mezei-arm/6376_Secp521r1_fast_reduction Add a raw entry point to Secp521r1 fast reduction	2023-02-20 13:03:12 +00:00
Manuel Pégourié-Gonnard	9e04b5bcfc	Disable MD-light in accel_hash_use_psa Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2023-02-20 12:53:23 +01:00
Ronald Cron	4bb6773640	tls13: Apply same preference rules for ciphersuites as for TLS 1.2 Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2023-02-20 11:42:19 +01:00
Ronald Cron	b18c67af5f	tls13: ssl-opt.sh: Add test of default crypto algo Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2023-02-20 11:42:19 +01:00
Ronald Cron	0a1c504156	tls13: Fix session resumption with 384 bits PSKs MBEDTLS_PSK_MAX_LEN main purpose is to determine a miximum size for the TLS 1.2 pre-master secret. This is not relevant to TLS 1.3 thus disable in TLS 1.3 case the check against MBEDTLS_PSK_MAX_LEN when setting during the handshake the PSK through mbedtls_ssl_set_hs_psk(). This fixes the session resumption with 384 bits PSKs when MBEDTLS_PSK_MAX_LEN is smaller than that. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2023-02-20 11:42:19 +01:00
Ronald Cron	25e9ec61f0	tls13: server: Select preferred cipher suite Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2023-02-20 11:42:19 +01:00
Manuel Pégourié-Gonnard	718eb4f190	Merge pull request #7025 from AndrzejKurek/uri_san Add the uniformResourceIdentifier subtype for the subjectAltName	2023-02-20 11:29:59 +01:00
Pengyu Lv	1c0e4c013a	compat.sh: skip static ECDH cases if unsupported in openssl This commit add support to detect if openssl used for testing supports static ECDH key exchange. Skip the ciphersutes if openssl doesn't support them. Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>	2023-02-20 18:05:21 +08:00
Paul Elliott	f8e5b56ad8	Fix get_num_ops internal code. Previously calling get_num_ops more than once would have ended up with ops getting double counted, and not calling inbetween completes would have ended up with ops getting missed. Fix this by moving this to where the work is actually done, and add tests for double calls to get_num_ops(). Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2023-02-19 18:55:10 +00:00
oberon-sk	f7a824b961	Add check, if the algorithm supports psa_sign_hash() before running the test. Signed-off-by: Stephan Koch <koch@oberon.ch>	2023-02-17 11:26:51 +01:00
oberon-sk	6d50173d9c	Handle Edwards curves similar to Montgomery curves wrt key export length. Signed-off-by: Stephan Koch <koch@oberon.ch>	2023-02-17 11:19:20 +01:00
Manuel Pégourié-Gonnard	b9b630d628	Define "light" subset of MD See docs/architecture/psa-migration/md-cipher-dispatch.md Regarding testing, the no_md component was never very useful, as that's not something people are likely to want to do: it was mostly useful as executable documentation of what depends on MD. It's going to be even less useful when more and more modules auto-enable MD_LIGHT or even MD_C. So, recycle it to test the build with only MD_LIGHT, which is something that might happen in practice, and is necessary to ensure that the division is consistent. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2023-02-16 22:30:06 +01:00
Manuel Pégourié-Gonnard	ba2412fd21	Remove internal function md_process() It was already marked as internal use only, and no longer used internally. Also, it won't work when we dispatch to PSA. Remove it before the MD_LIGHT split to avoid a corner case: it's technically a hashing function, no HMAC or extra metadata, but we still don't want it in MD_LIGHT really. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2023-02-16 18:44:46 +01:00
Dave Rodgman	d652dce9ea	Add failing test case (invalid signature) for zero-length data Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-02-16 16:39:34 +00:00
Dave Rodgman	c5874db5b0	Add test-case for signature over zero-length data Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-02-16 16:14:46 +00:00
Paul Elliott	0af1b5367b	Remove some abbrevations from test descriptions. Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2023-02-16 12:15:39 +00:00
Paul Elliott	96b89b208a	Add comment to indicate non-PSA spec assertion. Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2023-02-16 12:15:39 +00:00
Paul Elliott	f1743e2440	Add verify call to max ops tests Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2023-02-16 12:15:39 +00:00
Paul Elliott	c86d45e8a1	Remove spurious incorrect comment Comment originated from original version of this code, and the newer comment which was added when it was pulled into a seperate function covers all cases. Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2023-02-15 23:34:29 +00:00
Paul Elliott	efebad0d67	Run extra complete in failure tests regardless. We do not need to expect to fail, running another complete in either sign or verify after successful completion should also return BAD_STATE. Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2023-02-15 23:34:29 +00:00
Paul Elliott	01885fa5e5	Fix include guards on auxiliary test function. Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2023-02-15 23:34:29 +00:00
Paul Elliott	a4cb909fcd	Add max ops tests Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2023-02-15 23:34:29 +00:00
Paul Elliott	76d671ad73	Split state tests into two functions Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2023-02-15 23:34:29 +00:00
Paul Elliott	b830b35fb1	Shorten test descriptions. Also mark some tests as being deterministic ECDSA where this was lacking. Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2023-02-15 23:34:29 +00:00
Paul Elliott	1243f93cca	Fix build fails with non ECDSA / restartable builds Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2023-02-15 23:34:29 +00:00
Paul Elliott	6f60037589	Move {min\|max}_complete choice logic into function Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2023-02-15 23:34:29 +00:00
Paul Elliott	c9774411d4	Ensure that operation is put into error state if error occurs If an error occurs, calling any function on the same operation should return PSA_ERROR_BAD_STATE, and we were not honouring that for all errors. Add extra failure tests to try and ratify this. Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2023-02-15 23:34:29 +00:00
Paul Elliott	f9c91a7fb5	Store the hash, rather than the pointer For sign and verify, the pointer passed in to the hash is not guaranteed to remain valid inbetween calls, thus we need to store the hash in the operation. Added a test to ensure this is the case. Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2023-02-15 23:34:29 +00:00
Paul Elliott	0e9d6bd3f8	Replace MBEDTLS_ECP_DP_SECP384R1_ENABLED With more appropriate PSA_WANT_ECC_SECP_R1_384 Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2023-02-15 23:34:29 +00:00
Paul Elliott	813f9cdcbb	Non ECDSA algorithms should return not supported Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2023-02-15 23:34:29 +00:00
Paul Elliott	ab7c5c8550	Change incorrect define for MAX_OPS_UNLIMITED Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2023-02-15 23:34:29 +00:00
Paul Elliott	cb23311bd0	Fix incorrect test dependencies part 2 Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2023-02-15 23:34:29 +00:00
Paul Elliott	c4e2be86ef	Fix incorrect test dependancies Test for not having determnistic ECDSA was also being run when no ECDSA, and this fails earlier. Fixed this and added a specific test for no ECDSA. Also fixed (swapped) incorrect test descriptions. Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2023-02-15 23:34:29 +00:00
Paul Elliott	62dfb95993	Fix broken negative test Test for unsupported deterministic ECDSA was originally passing due to incorrect code, fixing the code unfortunately broke the test. Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2023-02-15 23:34:29 +00:00
Paul Elliott	97ac7d9090	Calculate min/max completes rather than passing in to test Only 2 options were really possible anyway - complete in 1 op, or somewhere between 2 and max ops. Anything else we cannot test due to implementation specifics. Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2023-02-15 23:34:29 +00:00
Paul Elliott	334d726d40	Ensure ops are tested on successful 'fail' tests Make sure the number of ops is tested in the interruptible failure tests, should they get through the interruptible loop part. Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2023-02-15 23:34:29 +00:00
Paul Elliott	edfc883568	Change test loops over to do...while Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2023-02-15 23:34:29 +00:00
Paul Elliott	59ad9457b6	Add {sign/verify}_hash_abort_internal Ensure that num_ops is cleared when manual abort is called, but obviously not when an operation just completes, and test this. Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2023-02-15 23:34:29 +00:00
Paul Elliott	20a360679b	Add State tests Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2023-02-15 23:34:29 +00:00
Paul Elliott	0c68335a42	Convert tests to configurable max_ops Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2023-02-15 23:34:29 +00:00
Paul Elliott	4cec2f60dc	Add interruptible to psa_op_fail tests Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2023-02-15 23:34:29 +00:00
Paul Elliott	9100797cb3	Negative tests Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2023-02-15 23:34:29 +00:00
Paul Elliott	712d512007	Basic tests Sign Hash, Verify Hash and Sign and Verify Hash. Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2023-02-15 23:34:29 +00:00
Gabor Mezei	555b1f7e44	Add check for test Check the bit length of the output of ecp_mod_p521_raw. Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2023-02-15 18:19:09 +01:00
Gabor Mezei	cf228706cd	Restrict input parameter size for ecp_mod_p521_raw The imput mpi parameter must have twice as many limbs as the modulus. Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2023-02-15 18:19:08 +01:00
Gabor Mezei	b62ad5d569	Rename function to follow naming convention Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2023-02-15 18:13:48 +01:00
Gabor Mezei	d8f67b975b	Add test generation for ecp_mod_p521_raw Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2023-02-15 18:13:48 +01:00
Gilles Peskine	e2a9f86755	Merge pull request #6971 from gabor-mezei-arm/6026_Secp192r1_fast_reduction Extract Secp192r1 fast reduction from the prototype	2023-02-15 16:22:36 +01:00
David Horstmann	895eb7c9b5	Add testcases for overlong encoding of OIDs Signed-off-by: David Horstmann <david.horstmann@arm.com>	2023-02-15 12:09:41 +00:00
David Horstmann	f01de145bd	Add tests for mbedtls_oid_get_numeric_string() Signed-off-by: David Horstmann <david.horstmann@arm.com>	2023-02-15 11:45:51 +00:00
Andrzej Kurek	72082dc28e	Improve tests/scripts/depends.py code As suggested by gilles-peskine-arm. Co-authored-by: Gilles Peskine <gilles.peskine@arm.com> Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2023-02-15 05:20:33 -05:00
Gilles Peskine	c5e2a4fe67	Merge pull request #6937 from valeriosetti/issue6886 Add test for PK parsing of keys using compressed points	2023-02-14 19:54:29 +01:00
Andrzej Kurek	570a0f808b	Move to DER certificates for new x509 tests Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2023-02-14 05:52:49 -05:00
Dave Rodgman	319a5675db	Merge pull request #7084 from daverodgman/sizemax-uintmax Assume SIZE_MAX >= INT_MAX, UINT_MAX	2023-02-14 10:06:22 +00:00
Andrzej Kurek	4077372b98	Fix SHA requirement for SAN URI tests Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2023-02-13 10:18:17 -05:00
Andrzej Kurek	7a05fab716	Added the uniformResourceIdentifier subtype for the subjectAltName. Co-authored-by: Hannes Tschofenig <hannes.tschofenig@arm.com> Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2023-02-13 10:03:07 -05:00
Valerio Setti	1b08d421a7	test: fix: replace CAN_ECDSA_SOME with CAN_ECDSA_SIGN+CAN_ECDSA_VERIFY when both are needed Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-02-13 15:35:37 +01:00
Valerio Setti	16f02e0196	test: adjust include after PK_CAN_ECDSA_SOME was moved Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-02-13 15:35:37 +01:00
Valerio Setti	d928aeb9ac	test_suite_ssl: use new macros for ECDSA capabilities Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-02-13 15:35:37 +01:00
Valerio Setti	ed02bb1f95	test_suite_debug: replace ECDSA_C with new ECDSA macros Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-02-13 15:35:37 +01:00
Valerio Setti	5dc6867f7e	test: don't skip debug and ssl suites in test parity for driver only ECDSA Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-02-13 15:35:37 +01:00
Manuel Pégourié-Gonnard	d3d8c852a0	Merge pull request #6997 from valeriosetti/issue6858 driver-only ECDSA: get testing parity in X.509	2023-02-13 15:30:06 +01:00
Gabor Mezei	23d4b8baee	Add check for test Check the bit length of the output of p192_raw. Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2023-02-13 14:13:33 +01:00
Gabor Mezei	a9d82dd0a2	Keep the description in one place, just refer it Delete the duplicated file description and refer to the original one in generate_bignum_tests.py. Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2023-02-13 14:10:23 +01:00
Valerio Setti	178b5bdddf	pk: move MBEDTLS_PK_CAN_ECDSA_SOME macro to pk.h and fix tests Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-02-13 11:15:06 +01:00
Valerio Setti	a119cb64ef	test: remove redundant ECDSA_C dependencies from test_suite_x509parse.data Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-02-13 09:54:49 +01:00
Manuel Pégourié-Gonnard	daa65956c3	Merge pull request #7046 from mpg/cleanup-md-tests Clean up MD tests	2023-02-13 09:51:28 +01:00
Janos Follath	1e4abae73e	Merge pull request #7048 from KloolK/record-size-limit/extend-test-framework Extend test framework for Record Size Limit Extension	2023-02-13 08:17:12 +00:00
Dave Rodgman	641288bc1e	Restore test guards Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-02-11 22:02:04 +00:00
Dave Rodgman	91e832168f	Restore more test guards Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-02-11 20:07:43 +00:00
Dave Rodgman	a476363042	Restore more test guards Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-02-11 18:36:23 +00:00
Dave Rodgman	d26d7445b8	Restore guards on a couple of tests These tests check for failures, but can only fail where SIZE_MAX exceeds some limit (UINT_MAX or UINT32_MAX) and do not fail in this way otherwise - so guards are needed. Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-02-11 17:22:03 +00:00
Dave Rodgman	4a5c9ee7f2	Remove redundant SIZE_MAX guards Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-02-10 16:03:44 +00:00
Valerio Setti	25fd51f4af	test: add missing include in test_suite_x509parse Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-02-10 15:21:40 +01:00
Gilles Peskine	3196ceb2fb	Merge pull request #7052 from yanrayw/7008-compatsh-disable-VERIFY-for-PSK compat.sh: remove VERIFY and duplicate test cases for PSK	2023-02-10 15:07:27 +01:00
Gilles Peskine	b009559c8f	Merge pull request #7049 from KloolK/typos Fix typos	2023-02-10 15:07:07 +01:00
Gilles Peskine	b8531c4b0b	Merge pull request #6882 from AndrzejKurek/x509_san_parsing_testing-dev X.509: Fix bug in SAN parsing and enhance negative testing	2023-02-10 15:05:32 +01:00
Dave Rodgman	a22749e749	Merge pull request #6816 from nick-child-ibm/pkcs7_coverage Pkcs7 coverage	2023-02-10 12:55:29 +00:00
Ronald Cron	834e65d47f	Merge pull request #6499 from xkqian/tls13_write_end_of_early_data Tls13 write end of early data	2023-02-10 11:08:22 +01:00
Manuel Pégourié-Gonnard	2189fda914	Use TEST_EQUAL in one more place in test_suite_md The only remaining occurrences of TEST_ASSERT are now pointer comparison, to NULL or to a reference md_info. That is, the output of the following command is empty: grep TEST_ASSERT tests/suites/test_suite_md.function \| egrep -v '= NULL\|== md_info\|md_info ==' Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2023-02-09 09:18:22 +01:00
Manuel Pégourié-Gonnard	a9a1b21ca9	Use ASSERT_COMPARE in test_suite_md Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2023-02-09 09:15:50 +01:00
Dave Rodgman	4f70b3cdb4	Fix pylint warning Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-02-08 16:40:40 +00:00
Nick Child	c7c94df715	pkcs7/test: Format generate test script Adhere to syntax and format recommendations from check-python-files.py Signed-off-by: Nick Child <nick.child@ibm.com>	2023-02-08 15:38:48 +00:00
Valerio Setti	00a6c6fcbe	test: fix for using proper sign/verify macros Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-02-08 13:52:31 +01:00
Valerio Setti	40df83509b	all.sh: fix comment for test_psa_crypto_config_accel_ecdsa_use_psa Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-02-08 13:52:31 +01:00
Valerio Setti	fcc6933a53	test: fix disparities in x509parse and x509write suites Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-02-08 13:52:31 +01:00
Valerio Setti	b9dc2513c1	test: add SHA1 to the supported algs in accelerated ECDSA Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-02-08 13:52:31 +01:00
Valerio Setti	c8801b7ef1	test: x509: remove disparities in driver only testing for ECDSA Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-02-08 13:52:31 +01:00
Valerio Setti	683a432a7f	fix code style Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-02-08 13:39:10 +01:00
Valerio Setti	a1e3e3a28f	test: pk: keep PK_WRITE_C only in RSA tests Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-02-08 13:39:10 +01:00
Gilles Peskine	be9e2a1634	The pk_psa_sign test function needs pk_write Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2023-02-08 13:39:10 +01:00
Manuel Pégourié-Gonnard	9cb1aa21c4	Merge pull request #6970 from valeriosetti/issue6857 driver-only ECDSA: get testing parity in PK	2023-02-08 13:33:15 +01:00
Xiaokang Qian	0de0d863b6	Rebase code to restore reco-delay and fix some style issues Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>	2023-02-08 07:41:42 +00:00
Yanray Wang	303829709d	compat.sh: simplify code of iterating on VERIFY for PSK tests Since PSK cipher suites do not allow client certificate verification, PSK test cases should be executed under VERIFY=NO. SUB_VERIFIES is used to constrain verification option for PSK tests. With aforementioned change, the latter check of $VERIFY=YES && $TYPE!=PSK is redundant so it's removed. Signed-off-by: Yanray Wang <yanray.wang@arm.com>	2023-02-08 14:58:35 +08:00
Xiaokang Qian	57a138d5c3	Update message log for end of early data test cases Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>	2023-02-08 05:44:00 +00:00
Xiaokang Qian	7ed30e59af	Fix the issue that gnutls server doesn't support packet Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>	2023-02-08 05:44:00 +00:00
Xiaokang Qian	94dd1dd6fa	Update test case to indicate parsing of end of early data Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>	2023-02-08 05:43:59 +00:00
Xiaokang Qian	125afcb060	Add end-of-early-data write Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>	2023-02-08 05:43:58 +00:00
Nick Child	3dafc6c3b3	pkcs7: Drop support for signature in contentInfo of signed data The contentInfo field of PKCS7 Signed Data structures can optionally contain the content of the signature. Per RFC 2315 it can also contain any of the PKCS7 data types. Add test and comments making it clear that the current implementation only supports the DATA content type and the data must be empty. Return codes should be clear whether content was invalid or unsupported. Identification and fix provided by: - Demi Marie Obenour <demiobenour@gmail.com> - Dave Rodgman <dave.rodgman@arm.com> Signed-off-by: Nick Child <nick.child@ibm.com>	2023-02-07 20:04:52 +00:00
Andrzej Kurek	7dcdc132d5	Change SHA256_C to HAS_ALG_SHA256_VIA[..] in x509 tests This way these tests won't be skipped in a configuration with a driver. Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2023-02-07 05:24:34 -05:00
Hanno Becker	5d82c3b99c	X.509: Improve negative testing for SubjectAltName parsing Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2023-02-07 05:10:29 -05:00
Hanno Becker	db305ff42e	X.509: Improve negative testing for SubjectAltName parsing Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2023-02-07 05:10:29 -05:00
Gilles Peskine	a0c806aac1	Merge pull request #7003 from lpy4105/issue/do-not-run-x86-tests-on-arm64 all.sh: test_m32_xx is not supported on arm64 host	2023-02-07 10:26:10 +01:00
Jerry Yu	e51eddce38	disable aesce when ASM not available Change-Id: Icd53a620cc3aed437b0e0e022ca5a36f29caeea1 Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-02-07 17:11:53 +08:00
Yanray Wang	3f9961bfca	compat.sh: remove G_CLIENT_PRIO as it's not used Signed-off-by: Yanray Wang <yanray.wang@arm.com>	2023-02-07 16:36:51 +08:00
Yanray Wang	a89c4d51f7	compat.sh: display "no" even if $VERIFY=YES for PSK test cases Signed-off-by: Yanray Wang <yanray.wang@arm.com>	2023-02-07 16:36:51 +08:00
Yanray Wang	5d646e705d	compat.sh: do not filter PSK ciphersuites for GnuTLS if $VERIFY=YES Signed-off-by: Yanray Wang <yanray.wang@arm.com>	2023-02-07 16:36:51 +08:00
Yanray Wang	c66a46f734	compat.sh: remove check_openssl_server_bug As there is no $VERIFY for PSK test cases, check_openssl_server_bug is not functional in compat.sh. Signed-off-by: Yanray Wang <yanray.wang@arm.com>	2023-02-07 16:36:51 +08:00
Yanray Wang	35c0eadf0f	compat.sh: avoid running duplicate test cases for PSK With the introduction of PSK_TESTS, - Either `compat.sh -V NO` or `compat.sh -V YES` runs the PSK tests - `compat.sh` or `compat.sh -V "NO YES"` runs PSK tests only once Signed-off-by: Yanray Wang <yanray.wang@arm.com>	2023-02-07 16:36:51 +08:00
Yanray Wang	dae7057e1f	compat.sh: ignore $VERIFY in PSK TYPE There is no need to provide CA file in PSK. Thus VERIFY is meaningless for PSK. This change omits the arguments passed to the client and server for $VERIFY=YES. Signed-off-by: Yanray Wang <yanray.wang@arm.com>	2023-02-07 16:36:20 +08:00
Valerio Setti	bf74f52920	test: add a comment specifying why restartable cannot be tested Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-02-07 08:02:23 +01:00
Valerio Setti	4836374088	test: ECDSA driver only: fixing disparities in tests Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-02-07 08:02:23 +01:00
Valerio Setti	4e0278d710	test: ECDSA driver only: disable ECP_RESTARTABLE This is not yet supported in driver only implementation Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-02-07 08:02:23 +01:00
Valerio Setti	4e26df99aa	test: ECDSA driver_only: verify disparities in PK Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-02-07 08:02:23 +01:00
Jan Bruckner	1aabe5c4d7	Fix typos Signed-off-by: Jan Bruckner <jan@janbruckner.de>	2023-02-06 12:54:53 +01:00
Jan Bruckner	aa31b19395	Extend test framework for Record Size Limit Extension Fixes #7006 Signed-off-by: Jan Bruckner <jan@janbruckner.de>	2023-02-06 12:54:29 +01:00
Manuel Pégourié-Gonnard	cced3521cb	Fix style in test_suite_md.function Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2023-02-06 12:37:02 +01:00
Andrzej Kurek	81cf5ad347	Improve tests/scripts/depends.py code As suggested by gilles-peskine-arm. Co-authored-by: Gilles Peskine <gilles.peskine@arm.com> Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2023-02-06 10:48:43 +01:00
Nick Child	50886c25f3	pkcs7/test: Add test for parsing a disabled algorithm If the digest algorithm is not compiled into Mbedtls, then any pkcs7 structure which uses this algorithm should fail with MBEDTLS_ERR_PKCS7_INVALID_ALG. Add test for this case. Signed-off-by: Nick Child <nick.child@ibm.com>	2023-02-03 20:33:12 +00:00
Nick Child	6291cc2444	pkcs7/test: Remove f strings in generator script MbedTLS CI uses python v3.5, f strings are not supported until v3.6 . Remove f string's from generate_pkcs7_tests.py. Signed-off-by: Nick Child <nick.child@ibm.com>	2023-02-03 20:33:12 +00:00
Gilles Peskine	0cfb08ddf1	Merge pull request #6922 from mprse/csr_v3 Parsing v3 extensions from a CSR - v.2	2023-02-03 16:41:11 +01:00
Manuel Pégourié-Gonnard	f5e2331f8a	Use TEST_EQUAL when applicable in test_suite_md Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2023-02-03 12:51:03 +01:00
Manuel Pégourié-Gonnard	b707bedca4	Avoid unnecessary copy in test_suite_md Also avoids buffer with an arbitrary size while at it. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2023-02-03 12:32:41 +01:00
Manuel Pégourié-Gonnard	4ba98f5350	Use MBEDTLS_MD_MAX_SIZE in test_suite_md Not only was the size of 100 arbitrary, it's also not great for testing: using MBEDTLS_MD_MAX_SIZE will get us an ASan error if it ever is too small. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2023-02-03 12:25:53 +01:00
Manuel Pégourié-Gonnard	c90514ee11	Use MD type not string to in MD test data For all test that want to use a hash, identify it by its numerical type rather than a string. The motivation is that when we isolate the MD-light subset from the larger MD, it won't have support for string identifiers. Do the change for all tests, not just those that will exercise functions in MD-light, for the sake of uniformity and because numerical identifiers just feel better. Note: mbedtls_md_info_from_string is still tested in md_info(). Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2023-02-03 12:13:10 +01:00
Gilles Peskine	753ad17a41	Merge pull request #6982 from aditya-deshpande-arm/check-files-characters check_files.py: Allow specific Box Drawing characters to be used	2023-02-03 11:46:06 +01:00
Gilles Peskine	e2db23d741	Merge pull request #6902 from yanrayw/6651-enable-cipher-suite-names-consistent compat.sh: report and filter cipher suite names consistently	2023-02-03 11:38:31 +01:00
Manuel Pégourié-Gonnard	bae8d2ae13	Merge pull request #7028 from daverodgman/sizeof-brackets Fix use of sizeof without brackets	2023-02-03 10:29:56 +01:00
Manuel Pégourié-Gonnard	d56def5c30	Merge pull request #6946 from valeriosetti/issue6856 driver-only ECDSA: fix testing disparities in ecp, random, se_driver_hal	2023-02-03 08:51:04 +01:00
Yanray Wang	131ec931eb	Remove the additional dot in output of compat.sh Signed-off-by: Yanray Wang <yanray.wang@arm.com>	2023-02-03 12:13:04 +08:00
Dave Rodgman	6dd757a8ba	Fix use of sizeof without brackets Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-02-02 12:40:50 +00:00
Valerio Setti	00c1ccb08c	depends.py: fix typo and slightly reorganized code Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-02-02 11:33:31 +01:00
Aditya Deshpande	ebb2269f68	Allow whole Box Drawings range Signed-off-by: Aditya Deshpande <aditya.deshpande@arm.com>	2023-02-01 13:30:26 +00:00
Pengyu Lv	c92df3ba59	all.sh: test_m32_xx is not supported on arm64 host test_m32_xxx tests are x86 specific, but the support function only identifies a 64-bit system. So the tests will be run on arm64 host and cause a test failure. This change restricts those tests to amd64/x86_64 only. Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>	2023-02-01 10:50:50 +08:00
Gabor Mezei	2038ce976e	Rename function to follow naming convention Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2023-01-31 14:40:05 +01:00
Gabor Mezei	95ecaaf56d	Add test generation support for the ecp module Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2023-01-31 14:40:05 +01:00
Gabor Mezei	51ec06aa51	Add test function for ecp_mod_p192_raw Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2023-01-31 14:40:05 +01:00
Gilles Peskine	470f10cfc5	Merge pull request #6941 from gabor-mezei-arm/6375_quasi-reduction_function Add function to fix quasi-reduction	2023-01-31 11:25:25 +01:00
Nick Child	a0c15d0fec	pkcs7/test: Add test cases for pkcs7 with 3 signers Previously, a loop in pkcs7_get_signers_info_set was not getting covered by tests. This was because when there are two or less signers, the loop will not execute. Therefore, add new data files for another signer and use three signers to generate a new pkcs7 DER file. Add a test case to make sure that verification is still successfula and use the test script to create ASN1 errors throoughout the stucture: ./generate_pkcs7_tests.py ../data_files/pkcs7_data_3_signed.der This results in the loop being executed. Signed-off-by: Nick Child <nick.child@ibm.com>	2023-01-30 19:30:38 +00:00
Nick Child	951f700909	pkcs7/test: Allocate hash dynamically Rather than using a static array, use the md_info size to allocate dynamically. Signed-off-by: Nick Child <nick.child@ibm.com>	2023-01-30 16:45:04 +00:00
Nick Child	c547447deb	pkcs7/test: Let verify take dynamic number of certs Previously there were two test functions for verify. One allowed for the verification of one certificate and the other allowed for verification of two certificates. Merge these two functions into one function that can take any number of certificates as an argument. Signed-off-by: Nick Child <nick.child@ibm.com>	2023-01-30 16:45:04 +00:00
Nick Child	ec81709516	pkcs7: Ensure all data in asn1 structure is accounted for Several PKCS7 invalid ASN1 Tests were failing due to extra data bytes or incorrect content lengths going unnoticed. Make the parser aware of possible malformed ASN1 data. Signed-off-by: Nick Child <nick.child@ibm.com>	2023-01-30 16:44:58 +00:00
Nick Child	4983ddf747	test/pkcs7: Add more tests for better coverage Add test calls to raw asn1 data with slight syntatical errors Increases %branches covered from 70.4% to 87.7%. Add a script which serves as documentation for how these new test cases were generated: ./generate_pkcs7_tests.py ../data_files/pkcs7_data_cert_signed_sha256.der ./generate_pkcs7_tests.py ../data_files/pkcs7_data_multiple_signed.der Signed-off-by: Nick Child <nick.child@ibm.com>	2023-01-30 15:55:44 +00:00
Nick Child	b781770b3e	test/pkcs7: Add helper function In the future, tests will be added which take in a char buffer and buflen. Rather than duplicate code, have tests which read from file and from buffer use the same helper function Signed-off-by: Nick Child <nick.child@ibm.com>	2023-01-30 15:55:44 +00:00
Nick Child	e8a811650b	test/pkcs7: Add test for expired cert PKCS7 verification should fail if the signing cert is expired. Add test case for this condition. Signed-off-by: Nick Child <nick.child@ibm.com>	2023-01-30 15:55:44 +00:00
Nick Child	ff2746fa56	test/pkcs7: Add test for wrong hash alg Add a test to verify a hash which uses a different digest algorithm than the one specified in the pkcs7. Signed-off-by: Nick Child <nick.child@ibm.com>	2023-01-30 15:55:44 +00:00
Aditya Deshpande	15b6dd0fb4	Modify comments to make them more inclusive Signed-off-by: Aditya Deshpande <aditya.deshpande@arm.com>	2023-01-30 13:46:58 +00:00
Aditya Deshpande	ea637081dd	Allow specific Box Drawing UTF characters that are used in Markdown trees in check_files.py Signed-off-by: Aditya Deshpande <aditya.deshpande@arm.com>	2023-01-30 13:19:32 +00:00
Manuel Pégourié-Gonnard	aae61257d1	Merge pull request #6883 from valeriosetti/issue6843 Improve X.509 cert writing serial number management	2023-01-30 13:08:57 +01:00
Manuel Pégourié-Gonnard	e28397a376	Merge pull request #6938 from aditya-deshpande-arm/check-names-exclusions check_names.py: Compare identifiers in excluded files against symbols parsed by nm	2023-01-30 09:21:58 +01:00
Valerio Setti	18b9b035ad	test: add test for a full length serial of 0xFF Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-01-27 11:47:57 +01:00
Valerio Setti	a87f839113	test: improve error handling in x509_set_serial_check() Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-01-27 11:29:42 +01:00
Manuel Pégourié-Gonnard	169d9e6eb4	Merge pull request #6802 from gilles-peskine-arm/test_suite_psa_crypto_metadata-20221215 Add metadata tests for CCM* and TLS1.2-ECJPAKE-to-PMS	2023-01-27 10:05:00 +01:00
Przemek Stekiel	59f4a18b6f	Fix test dependency SHA1 -> SHA256 Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2023-01-27 07:14:14 +01:00
Gilles Peskine	b82977a429	Merge pull request #6962 from davidhorstmann-arm/fix-check-python-errors Fix check python errors	2023-01-26 21:54:25 +01:00
Gilles Peskine	81505e4a16	Merge pull request #6917 from yanrayw/6658-not-print-Terminated-ubuntu-22.04 Fix the problem of printing "Terminated" in compat.sh under Ubuntu-22.04	2023-01-26 21:53:33 +01:00
Gilles Peskine	b20028b3a3	Avoid using external programs in inner loops Don't use external programs for string manipulation that the shell can do. This makes the script a little faster (~10% when testing PSK). For this commit, I only looked at code run in the innermost loop. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2023-01-26 21:45:45 +01:00
Gilles Peskine	47aab850da	Batch cipher translations to go faster Python has a high startup cost, so go back to invoking it only once per server start, rather than once per client start. This is a measurable performance improvement (running time ~*0.5 with PSK, less dramatic with asymmetric crypto). Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2023-01-26 21:45:45 +01:00
Gilles Peskine	292cd6f4e5	Don't use the cipher suite in check_openssl_server_bug We can detect PSK based on $TYPE. This allows more flexibility in how cipher suites are spelled. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2023-01-26 21:44:26 +01:00
Valerio Setti	af4815c6a4	x509: replace/fix name of new function for setting serial Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-01-26 17:43:09 +01:00
Valerio Setti	fa49a8ecdb	test: fix complementary domain testing for !MBEDTLS_ECP_C Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-01-26 17:16:38 +01:00
Przemek Stekiel	d7992df529	Use input files to parse CSR instead of bytes Additionally fix the generation of test_csr_v3_all_malformed_extension_ns_cert_bitstream_tag.csr.der which was incorectly malformed. Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2023-01-25 16:19:50 +01:00
Valerio Setti	de7bb5b361	test: add failing check for secp224r1 with compressed format The test is expected to fail, so we verify that this is really not suppported Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-01-25 14:02:03 +01:00
Valerio Setti	9cb0f7a423	test: driver-only: fix disparities in random Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-01-25 11:49:11 +01:00
Valerio Setti	3002c99247	test: extend analyze_outcomes.py in order to skip only some test in a suite Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-01-25 11:49:00 +01:00
Valerio Setti	7e57920511	test: driver-only: fix disparities in psa_crypto_se_driver_hal Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-01-25 11:30:46 +01:00
Valerio Setti	4682948c1e	test: driver-only: fix disparities in ECP Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-01-25 11:30:31 +01:00
Przemek Stekiel	94e21e153f	Skip unsupported extensions Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2023-01-25 11:08:32 +01:00
Przemek Stekiel	92cce3fe6d	Use extension .csr.der to indicate format Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2023-01-25 10:33:26 +01:00
Przemek Stekiel	f0e25c72d9	Add missing dependencies for negative tests, remove PEM dependency Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2023-01-25 09:38:01 +01:00
David Horstmann	f0c75796be	Fix a missing type hint warning Signed-off-by: David Horstmann <david.horstmann@arm.com>	2023-01-24 18:53:15 +00:00
Gabor Mezei	86c90fca3e	Rename variables to follow the naming convention Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2023-01-24 14:21:10 +01:00
Gabor Mezei	ee2aff2093	Add check for test input The input for fix_quasi_reduction must be in range 0 <= X < 2N. Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2023-01-24 14:21:05 +01:00
Andrzej Kurek	576803faa2	depends.py: improve expected argument type Requested config option can be either boolean or a string. Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2023-01-24 07:40:42 -05:00
Manuel Pégourié-Gonnard	00d3e96042	Merge pull request #6855 from mpg/driver-only-ecdsa-starter Driver-only ECDSA starter	2023-01-24 13:06:17 +01:00
Przemek Stekiel	160968586b	Add negative test cases and use DER format for CSRs Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2023-01-24 10:57:19 +01:00
Przemek Stekiel	3f948c96e2	Fix typo in test dependencies Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2023-01-24 10:57:19 +01:00
Przemek Stekiel	685d472db3	Adapt expected output of existing tests Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2023-01-24 10:57:19 +01:00
Przemek Stekiel	46a4a4987e	Add tests to very parsing of CSR v3 extensions Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2023-01-24 10:57:19 +01:00
Przemek Stekiel	e7fbbb3fbd	Generate csr files to test v3 extensions Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2023-01-24 10:57:19 +01:00
Manuel Pégourié-Gonnard	4455fd2449	Merge pull request #6531 from AndrzejKurek/depends-py-kex-fixes Depends.py - add exclusive domain tests to key exchange testing	2023-01-24 09:32:05 +01:00
Gabor Mezei	9073f7dd3b	Remove unneeded check The fix_quasi_reduction function changed to static so checking the invalid arguments are not needed anymore. Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2023-01-23 19:05:37 +01:00
Gabor Mezei	e81a2b85c9	Change the fix_quasi_reduction function to static Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2023-01-23 18:58:20 +01:00
Gabor Mezei	aaa1d2a276	Move the quasi reduction fixing function to bignum_mod_raw Rename the function to 'fix_quasi_reduction' to better suite its functionality. Also changed the name prefix to suite for the new module. Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2023-01-23 18:55:57 +01:00
Andrzej Kurek	3b0215d453	depends.py: merge set/unset config option into one function Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2023-01-23 07:19:22 -05:00
Manuel Pégourié-Gonnard	d84902f4ef	Add issue numbers to TODO comments In the python script I didn't use the word TODO because pylint doesn't like that, but morally it's the same. I removed the comment about "do we need a subset of compat.sh?" because it turns out that `ssl-opt.sh` is already exercising all the key exchanges: % sed -n 's/.force_ciphersuite=TLS-$[^ ]$-WITH.*/\1/p' tests/ssl-opt.sh \| sort -u DHE-PSK DHE-RSA ECDH-ECDSA ECDHE-ECDSA ECDHE-PSK ECDHE-RSA ECJPAKE PSK RSA RSA-PSK (the only omission is ECDH-RSA which is not of interest here and does not actually differ from ECDH-ECDSA). So, we don't need a subset of compat.sh because we're already getting enough testing from ssl-opt.sh (not to mention test_suite_ssl). Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2023-01-23 13:03:13 +01:00
Manuel Pégourié-Gonnard	bc19a0b0d8	Fix missing SHA-224 in test driver build Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2023-01-23 12:54:24 +01:00
Manuel Pégourié-Gonnard	5a2e02635a	Improve a few comments & documentation Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2023-01-23 12:51:52 +01:00
Andrzej Kurek	98682b50a4	Remove obsolete comment from depends.py Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2023-01-23 06:16:23 -05:00
Janos Follath	3e0769b598	Merge pull request #6832 from daverodgman/fast-unaligned-ct Improve efficiency of some constant time functions	2023-01-23 10:55:35 +00:00
Dave Rodgman	58c721e894	Add TEST_CF_SECRET to mbedtls_ct_memcpy_if_eq test Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-01-21 11:13:55 +00:00
Dave Rodgman	22b0d1adbf	Test memcmp with differences starting after the first byte Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-01-21 10:29:00 +00:00
Dave Rodgman	95ec58cc12	Remove not-needed stdio include from tests Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-01-20 14:04:48 +00:00
Dave Rodgman	39188c0a2a	Add unit tests for mbedtls_ct_memcmp and mbedtls_ct_memcpy_if_eq Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-01-20 14:04:48 +00:00
Dave Rodgman	1a034dcc20	Add regression test Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-01-20 13:18:05 +00:00
Dave Rodgman	dc3b1540cd	Fix test guards Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-01-20 11:39:00 +00:00
Yanray Wang	60f8eaa3b4	Remove third argument passed to run_client in compat.sh The argument passed to translate_ciphers.py is calculated from $1 in run_client instead of passed as third argument. Signed-off-by: Yanray Wang <yanray.wang@arm.com>	2023-01-20 13:38:30 +08:00
Andrzej Kurek	723b8779f9	Add missing key exchange requirements to test_suite_ssl Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2023-01-19 18:31:00 -05:00

... 8 9 10 11 12 ...

8972 commits