yuzu-mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-mirror/mbedtls.git synced 2026-03-06 05:24:08 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity
29018 commits 89 branches 205 tags 114 MiB
Commit graph

5933 commits

Author SHA1 Message Date
Gilles Peskine d078386287 Smoke tests for mbedtls_pk_get_psa_attributes after parsing 
We'll test more fully by adding a call to mbedtls_pk_import_into_psa() once
that function is implemented.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-02-02 13:22:23 +01:00
Gilles Peskine cb3b4cae0a Fix handling of ECC public keys under MBEDTLS_PK_USE_PSA_EC_DATA 
The test code to construct test keys and the implementation had matching
errors: both assumed that there was a PSA public key object. Fix this.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-02-02 13:22:23 +01:00
Gilles Peskine 591e83d139 Add missing implied usage 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-02-01 21:33:44 +01:00
Gilles Peskine a1a7b08057 Fix typo in dependency 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-02-01 21:32:29 +01:00
Gilles Peskine 793920c1ff mbedtls_pk_get_psa_attributes: opaque: require specified usage 
In the MBEDTLS_PK_OPAQUE, have mbedtls_pk_get_psa_attributes() require the
specified usage to be enabled for the specified key. Otherwise the following
call to mbedtls_pk_import_into_psa() is unlikely to result in a key with a
useful policy, so the call to mbedtls_pk_get_psa_attributes() was probably
an error.

Adjust the existing test cases accordingly and add a few negative test
cases.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-02-01 21:31:27 +01:00
Gilles Peskine e45d51f7b5 Clearer variable names 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-02-01 20:53:11 +01:00
Gilles Peskine e2a77f21ea Use PSA_INIT with test that requires PSA 
USE_PSA_INIT is for test code that doesn't use PSA functions when
USE_PSA_CRYPTO is disabled.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-02-01 20:53:04 +01:00
Gilles Peskine 2e54854d16 Copypasta 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-02-01 20:53:04 +01:00
Gilles Peskine ae2668be97 Don't use mbedtls_pk_ec in our own code 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-02-01 20:53:04 +01:00
Gilles Peskine 7e353ba37a Create auxiliary function for repeated code 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-02-01 20:46:19 +01:00
Gilles Peskine 19411635a5 Test enrollment algorithm for the non-OPAQUE case 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-02-01 20:42:28 +01:00
Gilles Peskine 03aa9bc226 Switch pk_setup_for_type() to return MBEDTLS_ERR_xxx 
Use mbedtls return codes rather than a boolean "has test not failed?".

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-01-30 11:18:42 +01:00
Gilles Peskine 3da3c0a000 Always call psa_crypto_init when testing mbedtls_pk_get_psa_attributes 
mbedtls_pk_get_psa_attributes() actually works without having initialized
the PSA subsystem, because it doesn't call any non-client PSA API functions.
But the function is only useful in conjunction with the PSA API: it's
meant to be followed by importing a key with the resulting attributes. We
don't advertize it to work without an up-and-running PSA subsystem, and
there's no need to test it without an up-and-running PSA subsystem as we
were (accidentally) doing.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-01-30 10:22:29 +01:00
Gilles Peskine f8c2cd1489 Update preprocessor guard comment 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-01-30 10:18:36 +01:00
Gilles Peskine 77faddf93b Depend on legacy RSA key generation for test code 
In principle the RSA tests shouldn't depend on RSA key generation: they just
need to operate on RSA keys. However they do need some method of creating an
RSA key, and we're currently doing random generation. So depend on what the
test code needs.

Depend on the legacy RSA interface, since driver-only RSA isn't currently
supported in the PK module.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-01-24 22:14:32 +01:00
Gilles Peskine 2bd4ddc8e0 Implement pick-a-curve when ECP_LIGHT is disabled 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-01-24 22:10:50 +01:00
Gilles Peskine 00f3085163 Missing dependency for MBEDTLS_PK_ECDSA 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-01-23 20:25:34 +01:00
Gilles Peskine f3dbc98d96 mbedtls_pk_get_psa_attributes: support MBEDTLS_PK_USE_PSA_EC_DATA 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-01-23 20:09:38 +01:00
Gilles Peskine 758d8c7631 mbedtls_pk_get_psa_attributes: support MBEDTLS_PK_OPAQUE 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-01-23 20:09:38 +01:00
Gilles Peskine 94e3a873ce mbedtls_pk_get_psa_attributes: test bad usage value 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-01-23 20:09:38 +01:00
Gilles Peskine ace7c7721e mbedtls_pk_get_psa_attributes: ECC support 
Add code and unit tests for MBEDTLS_PK_ECxxx in
mbedtls_pk_get_psa_attributes().

This commit only supports built-in ECC (MBEDTLS_ECP_C). A subsequent commit
will handle driver-only ECC.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-01-23 20:09:38 +01:00
Gilles Peskine 6ea18361df mbedtls_pk_get_psa_attributes: RSA support 
Add code and unit tests for MBEDTLS_PK_RSA in mbedtls_pk_get_psa_attributes().

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-01-23 20:09:38 +01:00
Gilles Peskine 0b17255da1 Introduce mbedtls_pk_get_psa_attributes 
Follow the specification in https://github.com/Mbed-TLS/mbedtls/pull/8657
as of dd77343381, i.e.
dd77343381/docs/architecture/psa-migration/psa-legacy-bridges.md (api-to-create-a-psa-key-from-a-pk-context)

This commit introduces the function declaration, its documentation, the
definition without the interesting parts and a negative unit test function.
Subsequent commits will add RSA, ECC and PK_OPAQUE support.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-01-23 20:09:38 +01:00
Paul Elliott f149cd1a3a
Merge pull request #8688 from jwinzig-at-hilscher/development 
Fix bug in mbedtls_x509_set_extension
 2024-01-10 16:57:16 +00:00
Jonathan Winzig 315c3ca9e5
Add required dependency to the testcase 
Co-authored-by: Paul Elliott <62069445+paul-elliott-arm@users.noreply.github.com>
Signed-off-by: Jonathan Winzig <jwinzig@hilscher.com>
 2024-01-09 18:31:11 +01:00
Jonathan Winzig 6c9779fabb Remove unneeded testcase 
Signed-off-by: Jonathan Winzig <jwinzig@hilscher.com>
 2024-01-09 17:47:10 +01:00
Jonathan Winzig a72454bc16
Update test-data to use SIZE_MAX 
Co-authored-by: David Horstmann <david.horstmann@arm.com>
Signed-off-by: Jonathan Winzig <jwinzig@hilscher.com>
 2024-01-09 17:39:42 +01:00
Jonathan Winzig c5e77bf4e4
Add missing newline at the end of test_suite_x509write.data 
Signed-off-by: Jonathan Winzig <jwinzig@hilscher.com>
 2024-01-09 16:47:12 +01:00
Tom Cosgrove 3a6059beca
Merge pull request #7455 from KloolK/record-size-limit/comply-with-limit 
Comply with the received Record Size Limit extension
 2024-01-09 15:22:17 +00:00
Jonathan Winzig 2bd2b788cf Add tests for Issue #8687 
Signed-off-by: Jonathan Winzig <jwinzig@hilscher.com>
 2024-01-09 15:19:42 +01:00
Manuel Pégourié-Gonnard 4aad0ff510
Merge pull request #8632 from valeriosetti/issue8598 
[G5] Make block_cipher work with PSA
 2024-01-08 08:07:53 +00:00
Manuel Pégourié-Gonnard 5bad043c06
Merge pull request #8641 from valeriosetti/issue8358 
G3-G4 wrap-up
 2024-01-04 10:48:00 +00:00
Valerio Setti e581e140cc oid/pkparse: add missing guards for PKCS[5/12] functions when !CIPHER_C 
This commit also updates test_suite_pkparse.data file adding
MBEDTLS_CIPHER_C dependencies whenever PKCS[5/12] is used.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-12-29 16:35:58 +01:00
Valerio Setti 160b2bde09 test_suite_cmac: add used key type to all test cases 
This is useful for grepping and skipping disparities in
analyze_outcomes.py.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-12-29 14:07:11 +01:00
Valerio Setti 9a4cc122a7 test_suite_block_cipher.psa: remove misleading initial comment 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-12-28 18:33:17 +01:00
Valerio Setti a69e872001 pkcs[5/12]: add CIPHER_C for [en/de]crypting functions 
This commit also updates corresponding test suites.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-12-21 16:39:04 +01:00
Gilles Peskine 0e6fdc4f1d
Merge pull request #8342 from yanesca/threading_test_pc 
Threading test proof of concept and plan
 2023-12-21 12:08:41 +00:00
Waleed Elmelegy 049cd302ed Refactor record size limit extension handling 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2023-12-20 17:28:31 +00:00
Tomi Fontanilles 9c69348c24 pk test suite: rename the parameter named parameter 
Signed-off-by: Tomi Fontanilles <129057597+tomi-font@users.noreply.github.com>
 2023-12-20 12:59:57 +02:00
Tomi Fontanilles 8174662b64 pk: implement non-PSA mbedtls_pk_sign_ext() 
This makes the function always available with its
its implementation depending on MBEDTLS_USE_PSA_CRYPTO.

Related dependencies and tests are updated as well.

Fixes #7583.

Signed-off-by: Tomi Fontanilles <129057597+tomi-font@users.noreply.github.com>
 2023-12-20 12:59:57 +02:00
Valerio Setti 45c84feacc test_suite_ccm: add missing BLOCK_CIPHER_PSA_[INIT/DONE]() 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-12-20 09:54:39 +01:00
Valerio Setti 689c0f71cb tests: use new CCM/GCM capability macros in tests 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-12-20 09:54:18 +01:00
Paul Elliott 22dbaf05b6 Add AES_PSA_INIT() to thread test case 
Tests were failing when PSA was being used in ctr_drbg_seed() as PSA was
not initialised.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2023-12-18 18:18:04 +00:00
Paul Elliott 445af3c25a Move test dependancies to function file 
Dependancies are determined by code in this case.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2023-12-18 14:49:34 +00:00
Paul Elliott 40f0ec246e Remove requirement for SHA512 from ctr_drbg test 
Set the entropy len prior to doing the test to ensure the outcome is the
same regardless of whether SHA512 or SHA256 is used.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2023-12-18 14:49:34 +00:00
Paul Elliott bb0e48f94f Make number of threads a test argument 
Remove hard coded number of threads.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2023-12-18 14:49:34 +00:00
Paul Elliott fed410f58e Increase entropy buffer sizes 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2023-12-18 14:49:34 +00:00
Paul Elliott 811c600d88 Guard tests correctly 
All guarded options change output, thus failing the test.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2023-12-18 14:49:34 +00:00
Paul Elliott 6a997c9994 Fix code style 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2023-12-18 14:49:34 +00:00
Paul Elliott bda25dd29c Add re-seeding option to test 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2023-12-18 14:49:34 +00:00