Make `PSA symetric decrypt: CCM*-no-tag, input too short (15 bytes)`
depend on MBEDTLS_CCM_C otherwise the multi-part test fails on
the missing CCM* instead on the input length validity for CCM*.
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
Encryption is not deterministic and can not be verified by a know-answer test.
Encryption is already verified via encrypt-decrypt test.
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
Add accessors to mbedtls_ssl_context: user data, version
ABI-API-checking fails which was expected as this PR adds a new field in mbedtls_ssl_context and mbedtls_ssl_config.
Testing the hash length in this context is not applicable because there is no way
to specify it when calling mbedtls_psa_hkdf_extract.
Change to test invalid `alg` parameter.
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
The user data is typically a pointer to a data structure or a handle which
may no longer be valid after the session is restored. If the user data needs
to be preserved, let the application do it. This way, it is a conscious
decision for the application to save/restore either the pointer/handle
itself or the object it refers to.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
This commit alters the relevant .data files
such that the new function name change of check_iv
to iv_len_validity is relfected there.
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
Provide an additional pair of #defines, MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT
and MBEDTLS_SHA256_USE_A64_CRYPTO_ONLY. At most one of them may be
specified. If used, it is necessary to compile with -march=armv8-a+crypto.
The MBEDTLS_SHA256_PROCESS_ALT and MBEDTLS_SHA256_ALT mechanisms
continue to work, and are mutually exclusive with A64_CRYPTO.
There should be minimal code size impact if no A64_CRYPTO option is set.
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
Commit changes name of check_iv to
iv_len_validity as this seems to better describe
its functionality.
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
Duplicate a test case but with a different expected error
due to error translation to and from PSA.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
Currently all cases were negative, so the block that exercised
mbedtls_pem_get_der() would never be reached.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
The race condition mentioned in the previous commit
"Stop CMake out of source tests running on 16.04"
has also been observed with test_cmake_as_subdirectory and can presumably
happen with test_cmake_as_package and test_cmake_as_package_install as well.
So skip all of these components on Ubuntu 16.04.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
When working with block cipher modes like GCM(PSA_ALG_IS_AEAD_ON_BLOCK_CIPHER),
aead_multipart_internal_func() should calculate the offset in output buffer
based on output_length, not using the offset of the input buffer(part_offset).
Signed-off-by: Mircea Udrea <mircea.udrea@silexinsight.com>
Move reset transcript for hrr to generic
Reset SHA256 or SHA384 other than both
Rename message layer reset
Add check log for hrr parse successfully
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
We keep forgetting to register new test suites in tests/CMakeLists.txt. To
fix this problem once and for all, remove the need for manual registration.
The following test suites were missing:
test_suite_cipher.aria
test_suite_psa_crypto_driver_wrappers
test_suite_psa_crypto_generate_key.generated
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
If no key is loaded in a slot, say "none", not "invalid PK".
When listing two key types, use punctuation that's visibly a sequence
separator (",").
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Run some of the test configs twice, enabling MBEDTLS_USE_PSA_CRYPTO
and MBEDTLS_PSA_CRYPTO_C in one of the runs.
Add relevant comments in these configs.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
The implementation was silently overwriting the IV length to 12
even though the caller passed a different value.
Change the behavior to signal that a different length is not supported.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
The implementation was silently overwriting the IV length to 12
even though the caller passed a different value.
Change the behavior to signal that a different length is not supported.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
Add a positive test case where both the client and the server require
authentication and both use a non-CA self-signed certificate.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
psa_aead_encrypt_setup() and psa_aead_decrypt_setup() were returning
PSA_ERROR_INVALID_ARGUMENT, while the same failed checks were producing
PSA_ERROR_NOT_SUPPORTED if they happened in psa_aead_encrypt() or
psa_aead_decrypt().
The PSA Crypto API 1.1 spec will specify PSA_ERROR_INVALID_ARGUMENT
in the case that the supplied algorithm is not an AEAD one.
Also move these shared checks to a helper function, to reduce code
duplication and ensure that the functions remain in sync.
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
In the outcome file, report each test case in the file it's in, rather than
reporting them all from ssl-opt. This is more informative and matches what
check_test_cases.py does.
This fixes a bug whereby test cases from opt-testcases/* were not detected
as having run on the CI, because analyze_outcomes.py (which uses
check_test_cases.py) expects them in the containing file whereas they were
reported in ssl-opt.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Update the fork of the compliance test suite, and remove the multipart
AEAD tests from the expected failures list.
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
Fix library references, tests and programs.
Testing is performed in the already present all.sh test.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
Jinja2 rev 2.10.1 is required for the driver wrappers code gen.
The same is set up in the bionic docker file.
Signed-off-by: Archana <archana.madhavan@silabs.com>
Pylint errors are fixed.
The Python script is improved to take default arguments when not
passed (eg invoked from root of the tree)
check-generated-files.sh and CMakeLists.sh updated.
Signed-off-by: Archana <archana.madhavan@silabs.com>
Extend PSA AEAD testing by adding CCM and ChaChaPoly.
Add more combinations of functions to test the API.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
Running `generate_ssl_debug_helpers.py` generates both
`ssl_debug_helpers_generated.c` and `ssl_debug_helpers_generated.h`.
List the `.h` file as well as the `.c` file in `check-generated-files.sh` so
that `check-generated-files.sh -u` will complain if it isn't up to date.
List it in `Makefile` and `CMakeLists.txt` so that parallel builds know when
to wait until the `.h` file is present. In `Makefile`, declare the `.c` file
as depending on the `.h` file for order. This way, a dependency for either
will wait until the `.h` file is present, and since the `.h` file is
generated after the `.c` file, this guarantees that the `.c` file is
present.
This fixes random failures of `make -j` from a fresh checkout.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Expected output generated by OpenSSL (see below) apart from the case
where both password and salt are either NULL or zero length, as OpenSSL
does not support this. For these test cases we have had to use our own
output as that which is expected. Code to generate test cases is as
follows:
#include <openssl/pkcs12.h>
#include <openssl/evp.h>
#include <string.h>
int Keygen_Uni( const char * test_name, unsigned char *pass, int
passlen, unsigned char *salt,
int saltlen, int id, int iter, int n,
unsigned char *out, const EVP_MD
*md_type )
{
size_t index;
printf( "%s\n", test_name );
int ret = PKCS12_key_gen_uni( pass, passlen, salt, saltlen, id, iter,
n, out, md_type );
if( ret != 1 )
{
printf( "Key generation returned %d\n", ret );
}
else
{
for( index = 0; index < n; ++index )
{
printf( "%02x", out[index] );
}
printf( "\n" );
}
printf( "\n" );
}
int main(void)
{
unsigned char out_buf[48];
unsigned char pass[64];
int pass_len;
unsigned char salt[64];
int salt_len;
/* If ID=1, then the pseudorandom bits being produced are to be used
as key material for performing encryption or decryption.
If ID=2, then the pseudorandom bits being produced are to be
used as an IV (Initial Value) for encryption or decryption.
If ID=3, then the pseudorandom bits being produced are
to be used as an integrity key for MACing.
*/
int id = 1;
int iter = 3;
memset( out_buf, 0, sizeof( out_buf ) );
memset( pass, 0, sizeof( pass ) );
memset( salt, 0, sizeof( salt ) );
Keygen_Uni( "Zero length pass and salt", pass, 0, salt, 0, id, iter,
sizeof(out_buf),
out_buf, EVP_md5( ) );
memset( out_buf, 0, sizeof( out_buf ) );
Keygen_Uni( "NULL pass and salt", NULL, 0, NULL, 0, id, iter,
sizeof(out_buf),
out_buf, EVP_md5( ) );
memset( out_buf, 0, sizeof( out_buf ) );
salt[0] = 0x01;
salt[1] = 0x23;
salt[2] = 0x45;
salt[3] = 0x67;
salt[4] = 0x89;
salt[5] = 0xab;
salt[6] = 0xcd;
salt[7] = 0xef;
Keygen_Uni( "Zero length pass", pass, 0, salt, 8, id, iter,
sizeof(out_buf),
out_buf, EVP_md5( ) );
memset( out_buf, 0, sizeof( out_buf ) );
Keygen_Uni( "NULL pass", NULL, 0, salt, 8, id, iter, sizeof(out_buf),
out_buf, EVP_md5( ) );
memset( out_buf, 0, sizeof( out_buf ) );
memset( salt, 0, sizeof( salt ) );
pass[0] = 0x01;
pass[1] = 0x23;
pass[2] = 0x45;
pass[3] = 0x67;
pass[4] = 0x89;
pass[5] = 0xab;
pass[6] = 0xcd;
pass[7] = 0xef;
Keygen_Uni( "Zero length salt", pass, 8, salt, 0, id, iter,
sizeof(out_buf),
out_buf, EVP_md5( ) );
memset( out_buf, 0, sizeof( out_buf ) );
Keygen_Uni( "NULL salt", pass, 8, NULL, 0, id, iter, sizeof(out_buf),
out_buf, EVP_md5( ) );
memset( out_buf, 0, sizeof( out_buf ) );
salt[0] = 0x01;
salt[1] = 0x23;
salt[2] = 0x45;
salt[3] = 0x67;
salt[4] = 0x89;
salt[5] = 0xab;
salt[6] = 0xcd;
salt[7] = 0xef;
Keygen_Uni( "Valid pass and salt", pass, 8, salt, 8, id, iter,
sizeof(out_buf),
out_buf, EVP_md5( ) );
return 0;
}
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
Can't call mbedtls_cipher_free(&invalid_ctx) in cleanup if
mbedtls_cipher_init(&invalid_ctx) hasn't been called.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
As we have now a minimal viable implementation of TLS 1.3,
let's remove EXPERIMENTAL from the config option enabling
it.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
Run tests with middlebox compatibility enabled but tests
dedicated to middlebox compatibility disabled.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
Add dependencies on built-in hash of signature/
signature verification and asymmetric
encryption/decryption tests. The dependency is
not added for tests based on SHA-256 as SHA-256
is always present when PSA is involved (necessary
to the PSA core) and that way most of PSA signature
/verification tests are still run when PSA hash
operations are accelerated.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
As PSA signatures rely on built-in hash implementations
(cannot take an advantage of an accelerator for the
time being), chose an available built-in hash for
tests exercising a signature key.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
Add ECDSA and RSA signature acceleration testing
with signature capabilitites removed from the
Mbed TLS library.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
The current testing of the PSA configuration is
based on test code located in the library itself.
Remove this code as we are moving to using a
test library instead.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
This commit removes the test_psa_crypto_config_basic
all.sh component that can no longer work without
adapting it to the separately compiled test driver
library. This component is replaced by several
components in the following commits to test various
type of acceleration independently.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
PR #3959 has proven that by adding a prefix
(LIBTESTDRIVER1/libtestdriver1_ in this commit) to
all MBEDTLS/PSA_* and mbedtls/psa_* symbols of a copy
of the Mbed TLS library, we can build a library that
can be linked with the Mbed TLS library.
This commit leverages this to build a PSA test driver
library based on the Mbed TLS library code.
The cryptographic features supported by the test
library are defined by:
. a minimal configuration (in the sense of config.h),
see config_test_driver.h
. PSA_WANT_* and PSA_ACCEL_* defined macros.
The PSA_WANT_* macros have to be the same as the ones
used to build the Mbed TLS library the test driver
library is supposed to be linked to as the PSA_WANT_*
macros are used in the definition of structures and
macros that are shared by the PSA crypto core,
Mbed TLS drivers and the driver test library.
The PSA_ACCEL_* macros are intended to define the
cryptographic features that have to be removed
from the Mbed TLS library and thus supported by the
test library in test scenarios. The PSA_ACCEL_* macros
to build the test library are thus mirrored from the
ones to build the Mbed TLS library by extended the
crypto_config.h: see
crypto_config_test_driver_entension.h.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
Rename test driver entry points to
libtestdriver1_<name of the Mbed TLS entry point>.
This aligns with the renaming of all Mbed TLS APIs
for the test driver library (that will be put in place
in the following commits) to avoid name conflicts
when linking it with the Mbed TLS library.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
In preparation of the driver test entry points to be
provided by a test driver library, move their prototypes
to tests directory.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
Define test driver entry points that provide an alternative
to Mbed TLS driver entry points only when the PSA configuration
is used. Their purpose is only to test the PSA configuration
thus there is no good reason to use them out of this scope.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
Align RSA/ECP sign/verify hash dispatch with the
corresponding code of the library. The library
code was modified recently but not the test code
one and these modifications ease the following work.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
Add non regression test for invalid usage of
the output buffer in psa_cipher_encrypt().
The output buffer should not be used to pass
the IV to the driver as a local attacker could
be able to control the used IV.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
Add non regression test for invalid usage of
the output buffer in psa_cipher_generate_iv().
The output buffer should not be used to pass
the IV to the driver as a local attacker could
be able to control the used IV.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
Empty the current line if it's entirely inside a comment.
Don't incorrectly end a block comment at the second line if it doesn't
contain `*/`.
Recognize `/*` to start a multiline comment even if it isn't at the start of
the line.
When stripping off comments, consistently strip off `/*` and `*/`.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Use '|'.join([comma-separated list]) rather than r'...|' r'...|'. This way
there's less risk of forgetting a '|'. Pylint will yell if we forget a comma
between list elements.
Use match rather than search + mandatory start anchor for EXCLUSION_LINES.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Make parse_identifiers less complex. Pylint was complaining that it had too
many local variables, and it had a point.
* Lift the constants identifier_regex and exclusion_lines to class
constants (renamed to uppercase because they're constants).
* Lift the per-file loop into a new function parse_identifiers_in_file.
No intended behavior change.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Fix cases like
```
/*short comment*/ /*long
comment */
int mbedtls_foo;
```
where the previous code thought that the second line started outside of a
comment and ended inside of a comment.
I believe that the new code strips comments correctly. It also strips string
literals, just in case.
Fixes#5191.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Running the out of source CMake test on Ubuntu 16.04 using more than one
processor (as the CI does) can create a race condition whereby the build
fails to see a generated file, despite that file actually having been
generated. This problem appears to go away with 18.04 or newer, so make
the out of source tests not supported on Ubuntu 16.04
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
Under gcc11(+) both message and received would cause errors for
potentially being used uninitialised. We fixed many of these issues in
another PR, but this one is only seen under certain configs.
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
Remove useless component in all.sh
Remove use server logs in ssh-opt.sh
Remove useless guards in ssl_client2.c
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
Change client test code to support rsa pss signatures
Add test cases for rsa pss signature in ssl-opt.sh
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
Remove client certificate verify in tests.
Change the layout of structure to fix abi_api check issues.
Add comments of Finished.
Align with the coding styles.
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
Non-regression for the fix in https://github.com/ARMmbed/mbedtls/pull/5126:
libmbedtls and libmbedx509 did not declare their dependencies on libmbedx509
and libmbedcrypto when built with make.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Change debug messag for server finished.
Change name of generate_application_keys.
Remove the client vertificate tests from ssl-opt.sh.
Add test strings for server finished in ssl-opt.sh.
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
The new fork was rebased on top of the upstream master, removing the
need for most of the downstream patches we carried.
On the other hand, the new fork includes a couple of fixes to problems
that were not addressed by the original fork, or were introduced with the
new version of psa-arch-tests.
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
At least twice, we added a classification flag but forgot to test it in the
relevant test functions. Add some protection so that this doesn't happen
again. In each classification category, put a macro xxx_FLAG_MASK_PLUS_ONE
at the end. In the corresponding test function, keep track of the flags that
are tested, and check that their mask is xxx_FLAG_MASK_PLUS_ONE - 1 which is
all the bits of the previous flags set.
Now, if we add a flag without testing it, the test
TEST_EQUAL( classification_flags_tested, xxx_FLAG_MASK_PLUS_ONE - 1 )
will fail. It will also fail if we make the set of flag numbers
non-consecutive, which is ok.
This reveals that three algorithm flags had been added but not tested (in
two separate occasions). Also, one key type flag that is no longer used by
the library was still defined but not tested, which is not a test gap but is
inconsistent. It's for DSA, which is relevant to the PSA encoding even if
Mbed TLS doesn't implement it, so keep the flag and do test it.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
The status of signature wildcards with respect to PSA_ALG_IS_HASH_AND_SIGN
is unclear in the specification. A wildcard is usually instantiated with a
specific hash, making the implementation hash-and-sign, but it could also be
instantiated with a non-hash-and-sign algorithm. For the time being, go with
what's currently implemented, which is that they are considered
hash-and-sign.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
The current definition of PSA_ALG_IS_HASH_AND_SIGN includes
PSA_ALG_RSA_PKCS1V15_SIGN_RAW and PSA_ALG_ECDSA_ANY, which don't strictly
follow the hash-and-sign paradigm: the algorithm does not encode a hash
algorithm that is applied prior to the signature step. The definition in
fact encompasses what can be used with psa_sign_hash/psa_verify_hash, so
it's the correct definition for PSA_ALG_IS_SIGN_HASH. Therefore this commit
moves definition of PSA_ALG_IS_HASH_AND_SIGN to PSA_ALG_IS_SIGN_HASH, and
replace the definition of PSA_ALG_IS_HASH_AND_SIGN by a correct one (based
on PSA_ALG_IS_SIGN_HASH, excluding the algorithms where the pre-signature
step isn't to apply the hash encoded in the algorithm).
In the definition of PSA_ALG_SIGN_GET_HASH, keep the condition for a nonzero
output to be PSA_ALG_IS_HASH_AND_SIGN.
Everywhere else in the code base (definition of PSA_ALG_IS_SIGN_MESSAGE, and
every use of PSA_ALG_IS_HASH_AND_SIGN outside of crypto_values.h), we meant
PSA_ALG_IS_SIGN_HASH where we wrote PSA_ALG_IS_HASH_AND_SIGN, so do a
global replacement.
```
git grep -l IS_HASH_AND_SIGN ':!include/psa/crypto_values.h' | xargs perl -i -pe 's/ALG_IS_HASH_AND_SIGN/ALG_IS_SIGN_HASH/g'
```
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Only tested for algorithms for which we support HMAC, since that's all we
use PSA_HASH_BLOCK_LENGTH for at the moment.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
It was unmaintained and untested, and the fear of breaking it was holding us
back. Resolves#4934.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
digits is also a local variable in host_test.function, leading to compilers
complaining about that shadowing the global variable in
test_suite_base64.function.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
This is part of the definition of the encoding, not a choice of test
parameter, so keep it with the test code.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Add unit tests for mask_of_range(), enc_char() and dec_value().
When constant-flow testing is enabled, verify that these functions are
constant-flow.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
The Makefiles already assume that filenames don't contain
special characters anyway, so we don't need to check this
in generate_psa_tests.py.
Signed-off-by: David Horstmann <david.horstmann@arm.com>
Change one occurrence of ${PYTHON} to ${MBEDTLS_PYTHON_EXECUTABLE}
and add implied ${MBEDTLS_PYTHON_EXECUTABLE} to the start of a
different command.
Signed-off-by: David Horstmann <david.horstmann@arm.com>
Explain that the output filename is derived from the -d
argument, so that it's obvious why the CMakefile code
does what it does.
Signed-off-by: David Horstmann <david.horstmann@arm.com>
When DEV_MODE=OFF, link_to_source() was being called with
a full path in the build directory, rather than just a base
name starting at "suites/" as was intended. Fix this by
generating a list of base names and using that for
link_to_source(), then deriving full paths afterwards.
Signed-off-by: David Horstmann <david.horstmann@arm.com>
