yuzu-mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-mirror/mbedtls.git synced 2025-12-06 07:12:32 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity
24924 commits 89 branches 205 tags 114 MiB
Commit graph

8841 commits

Author SHA1 Message Date
valerio 32f2ac9a18 test: proper positioning of USE_PSA_INIT + added missing exit labels 
Signed-off-by: valerio <valerio.setti@nordicsemi.no>
 2023-04-24 13:47:18 +02:00
Valerio Setti 285dae83dd test: fix USE_PSA_INIT/DONE for SSL test suite 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-04-24 13:47:18 +02:00
Valerio Setti 569c171015 test: fix USE_PSA_INIT/DONE for x509 test suite 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-04-24 13:47:18 +02:00
Valerio Setti b79f7db9b0 test: fix USE_PSA_INIT/DONE for PK test suite 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-04-24 13:47:18 +02:00
Manuel Pégourié-Gonnard feb941a77a
Merge pull request #7465 from valeriosetti/issue7460-part3 
Check remaning dependencies on ECP in PK module
 2023-04-24 13:06:09 +02:00
Manuel Pégourié-Gonnard 0281d7630b
Merge pull request #7449 from valeriosetti/issue7446 
Clean up & improve PK write test functions
 2023-04-24 13:05:16 +02:00
valerio 0b0486452c improve syms.sh script for external dependencies analysis 
It is now possible to analyze also modules and not only
x509 and tls libraries.

Signed-off-by: valerio <valerio.setti@nordicsemi.no>
 2023-04-24 10:34:08 +02:00
Valerio Setti bf974b9b1c test_suite_pkwrite: replace memcpy with memmove 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-04-24 10:26:24 +02:00
Valerio Setti 547b3a4ab5 fix typos 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-04-24 10:24:37 +02:00
Valerio Setti 7bacaf859a fix new line difference in Windows 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-04-24 08:53:00 +02:00
Pengyu Lv c34b9ac18c cert_audit: Clarify the abstraction of Auditor 
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
 2023-04-23 14:57:30 +08:00
Pengyu Lv 28fe957239 cert_audit: Add simple parser of suite data file 
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
 2023-04-23 13:56:25 +08:00
Gilles Peskine 935a987b2b
Merge pull request #7436 from AndrzejKurek/x509-verify-san-ip 
x509 SAN IP parsing
 2023-04-21 22:00:58 +02:00
Dave Rodgman bbf881053d Document undefined case. Clarify test code. 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-04-21 12:54:40 +01:00
Pengyu Lv 2d487217cd cert_audit: Improve the method to find tests folder 
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
 2023-04-21 12:41:24 +08:00
Pengyu Lv a228cbcecc cert_audit: Add data-files and suite-data-files options 
The commit adds '--data-files' and '--suite-data-files'
options so that we could pass names for the two types
of files separately. Additionally, the commit improves
the documentation in the script.

Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
 2023-04-21 11:59:25 +08:00
Pengyu Lv fcda6d4f51 cert_audit: Enable logging module 
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
 2023-04-21 11:04:07 +08:00
Dave Rodgman 678e63007c Remove test-case for all-zero 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-04-20 12:28:59 +01:00
Jerry Yu ad2091d9c2 fix grammar issues 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-04-20 10:01:42 +08:00
Dave Rodgman d54cb83584 Fix tests 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-04-19 18:46:17 +01:00
Dave Rodgman fe8a8cd100 Size/perf optimisation for mbedtls_mpi_core_clz 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-04-19 17:59:12 +01:00
Kusumit Ghoderao 7415539173 Fix code style 
Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>
 2023-04-19 21:00:27 +05:30
Kusumit Ghoderao 3b27a7f6bf Fix hex_string converter 
Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>
 2023-04-19 17:20:25 +05:30
Kusumit Ghoderao a14ae5a0c9 Fix input_integer testing 
Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>
 2023-04-19 14:16:26 +05:30
Pengyu Lv ad30679d9e cert_audit: Reuse generate_test_code.FileWrapper 
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
 2023-04-19 15:07:03 +08:00
Pengyu Lv 7a344dde0f New implementation for generate_test_code.FileWrapper 
We get some performance benefit from the Buffered I/O.

Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
 2023-04-19 15:03:20 +08:00
Jerry Yu d3c7d538f1 Improve comments about the time_delay test. 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-04-19 14:07:59 +08:00
Minos Galanakis 357b9e1342 test_suite_ecp: Refactored ecp_mod_p224k1 to alignt with ecp_mod_p192k1 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2023-04-18 14:13:20 +01:00
Minos Galanakis e5dab975c6 ecp_curves: Added unit-tests for secp224k1 
This patch introduces basic unit-testing for the `ecp_mod_p224k1()`.

The method is exposed through the ecp_invasive interface, and
the standard testing data is being provided by the python framework.

Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2023-04-18 14:13:20 +01:00
Andrzej Kurek af04f6307f Add an IPv4 mapped IPv6 test 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2023-04-18 07:26:59 -04:00
Janos Follath 3c3b94a31b
Merge pull request #7424 from gabor-mezei-arm/7256_unit_tests_for_p192k1 
Add unit tests for ecp_mod_p192k1()
 2023-04-18 12:19:40 +01:00
Valerio Setti 2280895784 test: properly check written PEM buffer len 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-04-18 12:59:06 +02:00
Valerio Setti 232a006a46 test: fix extension in DER test files 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-04-18 12:53:19 +02:00
Manuel Pégourié-Gonnard 1b59e76a8f
Merge pull request #7431 from valeriosetti/issue7404 
driver-only: ECP.PSA starter
 2023-04-18 11:56:16 +02:00
Valerio Setti 15cac17da5 test: fix dependencies in DER and PEM tests 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-04-18 11:32:58 +02:00
Valerio Setti c9cb5324b7 test: specify input file type through enum 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-04-18 11:20:36 +02:00
Jerry Yu ed9b9a7579 Add warning to reserve the reason 
The test has some issues we can not avoid. Put
it in code to avoid it is re-inroduced again

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-04-18 17:09:03 +08:00
Valerio Setti 8b7d4323da test: add Makefile target for the generated DER files 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-04-18 11:08:44 +02:00
Jerry Yu d1190a5af3 Update comments and remove delay seconds test 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-04-18 17:01:50 +08:00
Pengyu Lv 8e6794ad56 cert_audit: Code refinement 
This commit is a collection of code refinements
from review comments.

Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
 2023-04-18 17:00:47 +08:00
Valerio Setti 3401b306ab test: use proper macros for checks 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-04-18 10:42:53 +02:00
Pengyu Lv f8e5e059c5 cert_audit: Improve documentation 
This commit is a collection of improving the documentation in the
script:

  * Restore uppercase in the license header.
  * Reword the script description.
  * Reword the docstring of AuditData.fill_validity_duration
  * Rename AuditData.filename to *.location

Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
 2023-04-18 16:24:02 +08:00
Jerry Yu 4852bb823f remove time delay tests 
See #1517. They often failed on the CI.

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-04-18 15:02:21 +08:00
Valerio Setti 28567abf4f test: add DER file format for pkwrite tests 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-04-17 18:43:55 +02:00
Valerio Setti c60bc5e700 test: add support for DER format in pkwrite tests 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-04-17 18:43:06 +02:00
Valerio Setti 8959095e87 test: memory footprint optimization for pkwrite tests 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-04-17 17:34:42 +02:00
Paul Elliott 4359badbb2
Merge pull request #7331 from mprse/ec-jpake-fix2 
PSA PAKE: Check input_length against PSA_PAKE_INPUT_SIZE() in psa_pake_input
 2023-04-17 16:31:09 +01:00
Valerio Setti 2dbc3066c7 test: remove useless ECP_LIGHT guard in psa_exercise_key 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-04-17 12:03:48 +02:00
Valerio Setti e618cb0a0b test: add coverage's analysis framework for accel EC algs w/o ECP 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-04-17 12:03:48 +02:00
Jerry Yu 2f1e85f47e fix comments issues 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-04-17 16:53:37 +08:00
Manuel Pégourié-Gonnard 6942cc3da7
Merge pull request #7410 from valeriosetti/issue7390 
Define (private) "light" subset of ECP
 2023-04-14 13:24:06 +02:00
Dave Rodgman f33c7e3344 Code style 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-04-13 15:34:43 +01:00
Dave Rodgman 9145dc46ed Ensure variables initialised 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-04-13 15:00:07 +01:00
Dave Rodgman c07df36f9e More fixes for big-endian 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-04-13 14:54:12 +01:00
Andrzej Kurek 06969fc3a0 Introduce a test for a sw implementation of inet_pton 
Create a bypass define to simulate platforms
without AF_INET6.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2023-04-13 09:20:15 -04:00
Andrzej Kurek fe050815c8 Introduce an additional test for IPV4 parsing 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2023-04-13 09:20:05 -04:00
Andrzej Kurek e404612580 Replace old macro in test_suite_x509parse 
MD_CAN_SHAXXX should be now used.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2023-04-13 09:19:58 -04:00
Dave Rodgman b169671c50 Tidy-up 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-04-13 13:46:46 +01:00
Dave Rodgman df2d5b1ca1 Fix compile error 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-04-13 13:41:09 +01:00
Dave Rodgman 0a05e703db Tidy-up 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-04-13 13:19:40 +01:00
Dave Rodgman 9dc8b6a6a2 Test fixes for big-endian 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-04-13 12:53:35 +01:00
Gabor Mezei 00c9c7a81b
Remove unneeded limb variables 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2023-04-13 13:13:14 +02:00
Gabor Mezei b70f5f1881
Add checks to guarantee positive input parameters 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2023-04-13 13:12:00 +02:00
Gabor Mezei b86ead3cb2
Add generated tests for ecp_mod_p192k1 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2023-04-13 12:47:59 +02:00
Pengyu Lv 7725c1d2a9 cert_audit: Output line/argument number for *.data files 
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
 2023-04-13 15:55:30 +08:00
Pengyu Lv 57240958ed cert_audit: Make FILE as positional argument 
Make FILE as positional argument so that we can
pass multiple files to the script. This commit
also contains some help message improvements.

Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
 2023-04-13 15:46:14 +08:00
Janos Follath 6d3ec55849
Merge pull request #7329 from minosgalanakis/ecp/unify_test_cases 
ecp: Unify test cases
 2023-04-12 13:23:16 +01:00
Minos Galanakis 6d2ee70e75 test_suite_ecp: Removed MBEDTLS_ECP_DP_SECP_GENERIC_ENABLED dependency. 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2023-04-12 09:44:02 +01:00
Stephan Koch 25c739baf7 Fix PSA AEAD ChaCha20 test dependency. 
Signed-off-by: Stephan Koch <koch@oberon.ch>
 2023-04-11 17:54:31 +02:00
Valerio Setti 9cea093700 test: resolve remaining disparities in test_suite_ssl 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-04-11 16:19:11 +02:00
Glenn Strauss 7bd00e0708 use MBEDTLS_PK_CAN_ECDSA_SOME 
instead of MBEDTLS_ECDSA_C in test data dependencies

Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
 2023-04-11 08:29:43 -04:00
Glenn Strauss 700ffa0744 use MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA 
instead of MBEDTLS_SHA256_C in test data dependencies

Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
 2023-04-11 08:29:42 -04:00
Glenn Strauss 6f545acfaf Add mbedtls_x509_crt_parse_cn_inet_pton() tests 
Extended from https://github.com/Mbed-TLS/mbedtls/pull/2906
contributed by Eugene K <eugene.kobyakov@netfoundry.io>

Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
 2023-04-11 08:29:42 -04:00
Eugene K 3208b0b391 add IP SAN tests changes per mbedTLS standards 
Signed-off-by: Eugene K <eugene.kobyakov@netfoundry.io>
 2023-04-11 08:29:42 -04:00
Valerio Setti a9aafd4807 test: revert undesired debug change in ssl-opt 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-04-11 12:30:45 +02:00
Valerio Setti 0c477d32e2 test: include also test_suite_ecp for the coverage analysis 
Only some test cases are skipped for which ECP_C is mandatory,
but the other ones are included.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-04-11 11:33:50 +02:00
Valerio Setti 6c496a1553 solve disparities for ECP_LIGHT between ref/accel 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-04-11 11:33:50 +02:00
Valerio Setti 5278986d2d psa: fix ECP guards for key derivation 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-04-11 11:33:50 +02:00
Valerio Setti d49cbc1493 test: fix remaining failures in test due to the ECP_LIGHT symbol 
Changes in test_suite_psa_crypto are to enforce the dependency
on ECP_C which is mandatory for some key's derivation.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-04-11 11:33:50 +02:00
Valerio Setti 29b395c854 test: let test_psa_crypto_config_accel_all_ec_algs_use_psa use ECP_LIGHT 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-04-11 11:33:50 +02:00
Manuel Pégourié-Gonnard 6a327a5fdc
Merge pull request #7393 from valeriosetti/issue7389 
PK tests: use PSA to generate keypairs when USE_PSA is enabled
 2023-04-11 11:27:14 +02:00
Pengyu Lv 3179232211 cert_audit: Disable pylint error for importing cryptography 
This is to make CI happy. The script requires cryptography
>= 35.0.0, which is only available for Python >= 3.6. But
both ubuntu-16.04 and Travis CI are using Python 3.5.x.

Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
 2023-04-11 16:30:54 +08:00
Gilles Peskine 02c52a08cd
Merge pull request #7287 from yanrayw/7285-followup-of-PR6500 
6500 follow-up: enhancements to the new ssl_helpers test module
 2023-04-11 09:31:37 +02:00
Valerio Setti 7816c24f2d test: fix guards position in test_suite_pk 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-04-11 09:16:24 +02:00
Valerio Setti b3f20da313 test: fix error handling in the new pk_genkey_ec() function 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-04-11 09:16:24 +02:00
Valerio Setti 12a063abb7 test: use proper macros for PSA init/done 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-04-11 09:16:24 +02:00
Valerio Setti 0b304421d8 ecp: revert changes to ECP module and related tests/programs 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-04-11 09:16:24 +02:00
Valerio Setti b6891b13f6 pk: add alternate function for keypair generation using PSA 
Instead of using the legacy mbedtls_ecp_gen_keypair() which makes
use of ECP's math, when USE_PSA_CRYPTO is enabled then the new
function pk_genkey_ec() is used in test_suite_pk.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-04-11 09:16:24 +02:00
Manuel Pégourié-Gonnard b16a50eeab
Merge pull request #7392 from valeriosetti/issue7388 
PK: use PSA to complete public key when USE_PSA is enabled
 2023-04-11 09:09:06 +02:00
Pengyu Lv cb8fc3275a cert_audit: Fill validity dates in AuditData constructor 
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
 2023-04-11 15:05:29 +08:00
Jerry Yu c9c3e62b3e workaround the assert fail with tollerance 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-04-11 14:08:23 +08:00
Pengyu Lv ebf011f43e cert_audit: Introduce not-[before|after] option 
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
 2023-04-11 14:07:50 +08:00
Jerry Yu fce8577f73 try to reproduce random assert fail 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-04-11 14:07:38 +08:00
Pengyu Lv 30f2683d18 cert_audit: Parse more information from test suite data file 
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
 2023-04-07 18:04:07 +08:00
Manuel Pégourié-Gonnard f740767c00
Merge pull request #7391 from valeriosetti/issue7387 
PK: don't use mbedtls_ecp_check_pub_priv() when USE_PSA is enabled
 2023-04-07 10:17:18 +02:00
Valerio Setti 3fddf250dc test: use proper macros for PSA init/done 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-04-07 08:45:34 +02:00
Valerio Setti 34f6755b34 pkparse: add new function for deriving public key from private using PSA 
Instead of using the legacy mbedtls_ecp_mul() function which makes use of
ECP's math, this commit adds a new function named pk_derive_public_key()
which implements the same behavior using PSA functions.
The flow is simple:
- import the private key into PSA
- export its public part

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-04-07 08:45:34 +02:00
Minos Galanakis 92278dc407 test_suite_ecp: Updated dependency macros for ecp_raw_generic. 
This patch introduces a new local hash define of
`MBEDTLS_ECP_DP_SECP_GENERIC_ENABLED` to replace the
removed curve specific macros, introduced in upstream.

Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2023-04-06 16:27:44 +01:00
Minos Galanakis 1358648f77 test_suite_ecp: Introduced ecp_mod_p_generic_raw 
This patch replaces similiarly structured test functions
for:

* MBEDTLS_ECP_DP_SECP192R1
* MBEDTLS_ECP_DP_SECP224R1
* MBEDTLS_ECP_DP_SECP256R1
* MBEDTLS_ECP_DP_SECP384R1
* MBEDTLS_ECP_DP_BP512R1R1

with a more generic version, which adjusts the parameters, based on the `curve_id` field,
provided by the testing data.

The python test framework has been updated to provide that extra field.

Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2023-04-06 16:27:12 +01:00
Dave Rodgman 0b3de6fcec
Merge pull request #7288 from ronald-cron-arm/tls13-server-version-negotiation 
TLS: TLS 1.2 / 1.3 version negotiation on server side
 2023-04-06 16:26:19 +01:00
Kusumit Ghoderao 02326d5083 Test key_derivation_input_integer function 
Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>
 2023-04-06 17:47:59 +05:30
Ronald Cron 8c1ce223eb tests: ssl: Restore !MBEDTLS_SSL_PROTO_TLS1_3 dependency 
Restore the dependency on !MBEDTLS_SSL_PROTO_TLS1_3
of the DTLS fragmentation tests. That way the test
is not run on Windows 2013 (as in development) where
there is an issue with MBEDTLS_PRINTF_SIZET when
running those tests. I will address this issue in a
separate PR.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2023-04-06 13:20:40 +02:00
Ronald Cron c564938180 Add downgrade protection mechanism 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2023-04-06 10:32:05 +02:00
Ronald Cron 1a353ea4b8 ssl-opt.sh: Improve description of server negotiation tests 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2023-04-06 10:26:18 +02:00
Ronald Cron d120bd646c ssl-opt.sh: Add version selection by the server tests 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2023-04-06 10:26:18 +02:00
Ronald Cron 50ae84ed97 ssl-opt.sh: Remove some unnecessary forcing of TLS 1.3 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2023-04-06 10:26:18 +02:00
Ronald Cron 097ba146e7 tls: srv: Set hybrid TLS 1.2/1.3 as default configuration 
Set hybrid TLS 1.2/1.3 as default server
configuration if both TLS 1.2 and TLS 1.3
are enabled at build time.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2023-04-06 10:26:18 +02:00
Ronald Cron 43263c045a tests: ssl: Extend move to handshake state tests 
Extend move to handshake state tests to reach
most of TLS 1.2 and 1.3 handshake states.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2023-04-06 10:26:18 +02:00
Ronald Cron 3b35455a69 tls: srv: Allow server hybrid TLS 1.2 and 1.3 configuration 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2023-04-06 10:26:18 +02:00
Ronald Cron f95d169d60 ssl-opt.sh: Force TLS 1.2 on TLS 1.2 specific tests 
Force TLS 1.2 on TLS 1.2 specific tests in
preparation of TLS 1.3 being the default
protocol version when both TLS 1.2 and
TLS 1.3 are enabled.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2023-04-06 10:26:17 +02:00
Ronald Cron fd4c6afcb4 ssl-opt.sh: Force TLS 1.2 version 
Force TLS 1.2 version on tests related to
MBEDTLS_SSL_ASYNC_PRIVATE, CA callback and
MBEDTLS_SSL_MAX_FRAGMENT_LENGTH. Those
SSL options are not supported in TLS 1.3
for the time being. Thus force TLS 1.2
version in preparation of TLS 1.3 being
the default protocol version when both
TLS 1.2 and TLS 1.3 are enabled.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2023-04-06 10:26:17 +02:00
Ronald Cron 92dca39196 ssl-opt.sh: Extend scope of some tests to TLS 1.3 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2023-04-06 10:26:17 +02:00
Ronald Cron 0aa1b8843f ssl-opt.sh: Remove unnecessary explicit MBEDTLS_SSL_PROTO_TLS1_2 dep 
Remove unnecessary explicit MBEDTLS_SSL_PROTO_TLS1_2
dependency if TLS 1.2 version is forced or a TLS 1.2
cipher suite is forced (as TLS 1.2 cipher suites are
available if and only if TLS 1.2 is enabled and
cipher suite availability is check automatically).

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2023-04-06 10:26:17 +02:00
Ronald Cron 65f9029741 ssl-opt.sh: Remove unnecessary TLS 1.3 forcing on client side 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2023-04-06 10:26:17 +02:00
Ronald Cron c341ad717e ssl-opt.sh: Remove dummy TLS 1.3 kex modes tests 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2023-04-06 10:26:17 +02:00
Ronald Cron ea8a1ea17a tests: ssl: Add some missing dependencies 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2023-04-06 10:26:17 +02:00
Ronald Cron a697a71a14 tests: ssl: Move min/max TLS version setting to endpoint init 
Move min/max TLS version setting to endpoint init
where it fits better: before the call to
mbedtls_ssl_setup() and available for all tests
not only those calling perform_handshake().

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2023-04-06 10:26:17 +02:00
Pengyu Lv 45e32033db cert_audit: Support audit on test suite data files 
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
 2023-04-06 14:33:41 +08:00
Pengyu Lv 7f6933a227 cert_audit: Initial script for auditing expiry date 
We introduce the script to audit the expiry date of X509 files
(i.e. crt/crl/csr files) in tests/data_files/ folder.

This commit add basic classes and the framework for auditing
and "-a" option to list all valid crt/crl/csr files it found.

Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
 2023-04-06 13:38:56 +08:00
Minos Galanakis 00bd8925a7 bignum: Removed merge scaffolding. 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2023-04-05 16:13:11 +01:00
Przemek Stekiel 39dbe23845 Release memory for subject alt name in test 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-04-04 17:48:28 +02:00
Przemek Stekiel 79354c3c4d Use MBEDTLS_MD_CAN_SHA1 macro as test dependency 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-04-04 17:48:28 +02:00
Przemek Stekiel 09720e2228 Remove redundant test cases 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-04-04 17:48:28 +02:00
Przemek Stekiel 019842119d Adapt test for authority_key_id (parsing subject alt name) 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-04-04 17:48:28 +02:00
Przemek Stekiel 75653b1df0 Add indication of extension error while parsing authority/subject key id 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-04-04 17:48:28 +02:00
Przemek Stekiel 6ec839a1f9 x509_get_authority_key_id: add length check + test 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-04-04 17:48:28 +02:00
Przemek Stekiel 8661fed943 Fix tests dependencies 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-04-04 17:48:28 +02:00
Przemek Stekiel 240cbe4040 Remove generation of authorityKeyId_subjectKeyId.crt from makefile 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-04-04 17:48:28 +02:00
Przemek Stekiel 9a511c5bdf Rename back mbedtls_x509_parse_general_name->mbedtls_x509_parse_subject_alt_name 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-04-04 17:48:28 +02:00
toth92g 9085cff438 Removing obsolete test after merging and correcting missing macro 
Signed-off-by: toth92g <toth92g@gmail.com>
 2023-04-04 17:48:28 +02:00
toth92g 8d435a0c8b Renaming x509_get_subject_alt_name to x509_get_general_names and mbedtls_x509_parse_subject_alt_name to mbedtls_x509_parse_general_name so they can be used not only to collect subject alt name, but the V3 authority cert issuer that is also GeneralName type. 
Also updated the x509_get_general_names function to be able to parse rfc822Names

Test are also updated according these changes.

Signed-off-by: toth92g <toth92g@gmail.com>
 2023-04-04 17:48:28 +02:00
toth92g 5042b104c2 - Removing obsolete test files (DER strings are used instead of them to minimize resource usage) 
- Renaming test functions to match the naming conventions

Signed-off-by: toth92g <toth92g@gmail.com>
 2023-04-04 17:48:28 +02:00
toth92g 357b297b16 Correcting tests: 
- Wrong condition was checked (ref_ret != 0 instead of ref_ret == 0)
- tags were not checked (nor lengths)
- Using ASSERT_COMPARE where possible

Signed-off-by: toth92g <toth92g@gmail.com>
 2023-04-04 17:48:27 +02:00
toth92g 2d2fb3a5a7 Correting findings: Using DER format instead of PEM while testing to minimize the resource usage. Comparation of byte arrays in test are now done via the dedicated ASSERT_COMPARE test macro for better understanding 
Signed-off-by: toth92g <toth92g@gmail.com>
 2023-04-04 17:48:27 +02:00
toth92g 0e2e2d6841 x509parse tests used only last 16 bits of the return values. They are updated to check the whole 32 bit value 
Signed-off-by: toth92g <toth92g@gmail.com>
 2023-04-04 17:48:27 +02:00
toth92g 3c2243c6d5 Replacing hard-coded literals with macros of the library in the new x509parse tests 
Signed-off-by: toth92g <toth92g@gmail.com>
 2023-04-04 17:48:27 +02:00
toth92g 27f9e7815c Adding openssl configuration file and command to Makefile to be able to reproduce the certificate for testing Authority and Subject Key Id fields 
Increasing heap memory size of SSL_Client2 and SSL_Server2, because the original value is not enough to handle some certificates. The AuthorityKeyId and SubjectKeyId are also parsed now increasing the size of some certificates

Signed-off-by: toth92g <toth92g@gmail.com>
 2023-04-04 17:48:27 +02:00
toth92g a41954d0cf Extracting SubjectKeyId and AuthorityKeyId in case of x509 V3 extensions. Updating mbedtls_x509_crt_free function to also free the new dynamic elements (issuer field of AuthorityKeyId). 
A few tests are also added which test the feature with a correct certificate and multiple ones with erroneous ASN1 tags.

Signed-off-by: toth92g <toth92g@gmail.com>
 2023-04-04 17:48:27 +02:00
Dave Rodgman 56f59d749c
Merge pull request #7394 from mprse/fix_pkcs7_test_alloc 
Fix memory allocations in pkcs7_verify test
 2023-04-04 15:46:59 +01:00
Janos Follath 13c73de6de
Merge pull request #6233 from tom-cosgrove-arm/issue-6226-core-mul 
Bignum: extract core_mul from the prototype
 2023-04-04 13:36:22 +01:00
Ronald Cron 219f978097
Merge pull request #7059 from ronald-cron-arm/psa-crypto-misc 
PSA cryptography miscellaneous
 2023-04-04 10:54:03 +02:00
Valerio Setti 98680fc2ed ecp: revert changes to ECP module and test suite 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-04-04 10:22:59 +02:00
Przemek Stekiel 9735be5ef3 Fix memory allocations in pkcs7_verify test 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-04-04 09:07:10 +02:00
Manuel Pégourié-Gonnard 86d5d4bf31
Merge pull request #7103 from valeriosetti/issue6622 
Some MAX_SIZE macros are too small when PSA ECC is accelerated
 2023-04-03 16:23:27 +02:00
Valerio Setti 0fe1ee27e5 pk: add an alternative function for checking private/public key pairs 
Instead of using the legacy mbedtls_ecp_check_pub_priv() function which
was based on ECP math, we add a new option named eckey_check_pair_psa()
which takes advantage of PSA.
Of course, this is available when MBEDTLS_USE_PSA_CRYPTO in enabled.

Tests were also fixed accordingly.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-04-03 15:00:21 +02:00
Gabor Mezei f8b55d6358
Fix code style issues 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2023-04-03 14:13:46 +02:00
Valerio Setti c6ecdad42d test: disable all RSA algs and fix tests 
All RSA associated algs are now forcedly disabled both on library
and driver sides.
Some PSA driver tests required to be fixed because they were just
requiring for not having the built-in version, but they didn't check
if the driver one was present (kind of assuming that RSA was always
supported on the driver side).

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-04-03 08:26:35 +02:00
Dave Rodgman dd48c6e3df
Merge pull request #7385 from daverodgman/timing_alignment 
Fix cast alignment warning in timing.c
 2023-03-31 19:48:34 +01:00
Dave Rodgman d43b42ebfa Whitespace fix 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-03-31 18:04:34 +01:00
Dave Rodgman 4ffc9d80f7 Test that setting reset actually does something 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-03-31 17:07:26 +01:00