- use mbedtls_ecp_point_write_binary() instead mbedtls_mpi_write_binary().
- add check for ECDH curve type in server's certificate
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
Generate "with implication" and "without implication" usage test cases
separately.
The set of generated test cases is unchanged. The order, and the description
of "with implication" test cases, changes.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Some DTLS reordering tests rely on certificate authentication messages. It
is probably possible to adapt them to rely on different messages, but for
now, skip them in PSK-only builds.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
If MBEDTLS_SSL_EXTENDED_MASTER_SECRET is disabled or the feature is disabled
at runtime, and if client authentication is not used, then calc_verify is not
called, so don't require the corresponding debug trace.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
The message was removed in 6be9cf542f without
a replacement. A failure would cause the test case to fail anyway, so this
negative check is not really useful.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
When doing builds with PSA enabled or with debug traces enabled, convey this
in $MBEDTLS_TEST_CONFIGURATION and in the terminal logs.
This fixes a bug that the outcome file did not distinguish entries from
test cases run in a reference configuration with or without PSA.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
User-visible changes:
* With no argument, configurations are now tested in a deterministic order.
* When given arguments, configurations are now tested in the order given.
* When given arguments, if the same configuration is passed multiple times,
it will now be tested multiple times.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
The PSA Crypto API uses 0 as the initial counter value, but the test vector
in RFC 7539 uses 1. So the unit tests here include an extra leading block.
The expected data for this leading block was calculated with Cryptodome.
#!/usr/bin/env python3
import re
from Cryptodome.Cipher import ChaCha20
key = bytes.fromhex('000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f')
nonce = bytes.fromhex('000000000000004a00000000')
encrypt = lambda pt: ChaCha20.new(key=key, nonce=nonce).encrypt(pt)
# Cryptodome uses counter=0, like PSA Crypto. Prepend a 64-byte input block #0
# so that the plaintext from RFC 7539 starts exactly at block #1.
header = b'The RFC 7539 test vector uses counter=1, but PSA uses counter=0.'
assert(len(header) == 64)
sunscreen = b"Ladies and Gentlemen of the class of '99: If I could offer you only one tip for the future, sunscreen would be it."
plaintext = header + sunscreen
zeros = b'\x00' * len(plaintext)
keystream = encrypt(zeros)
ciphertext = encrypt(plaintext)
print('RFC 7539 §2.4.2')
print('Keystream:')
print(re.sub(r'(..)', r'\1:', keystream[64:].hex()))
print('Ciphertext Subscreen:')
print(re.sub(r'(..)', r'\1 ', ciphertext[64:].hex()))
print('')
print(f"""\
PSA symmetric decrypt: ChaCha20, RFC7539 keystream
depends_on:PSA_WANT_ALG_STREAM_CIPHER:PSA_WANT_KEY_TYPE_CHACHA20
# Keystream from RFC 7539 §2.4.2, with an extra 64-byte output block prepended
# because the test vector starts at counter=1 but our API starts at counter=0.
cipher_decrypt:PSA_ALG_STREAM_CIPHER:PSA_KEY_TYPE_CHACHA20:"{key.hex()}":"{nonce.hex()}":"{zeros.hex()}":"{keystream.hex()}"
PSA symmetric decrypt: ChaCha20, RFC7539 sunscreen
depends_on:PSA_WANT_ALG_STREAM_CIPHER:PSA_WANT_KEY_TYPE_CHACHA20
# Test vector from RFC 7539 §2.4.2, with an extra 64-byte block prepended
# because the test vector starts at counter=1 but our API starts at counter=0.
cipher_decrypt:PSA_ALG_STREAM_CIPHER:PSA_KEY_TYPE_CHACHA20:"{key.hex()}":"{nonce.hex()}":"{ciphertext.hex()}":"{plaintext.hex()}"
""")
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
