mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-02-20 03:39:58 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
31,631 Commits 172 Branches 263 Tags
Commit Graph

6485 Commits

Author SHA1 Message Date
Gilles Peskine
1d25a0a810 Refactoring: extract rsa_test_e 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-02-15 11:19:27 +01:00
Manuel Pégourié-Gonnard
59d63b2106
Merge pull request #8582 from yanrayw/issue/8167/PK_parse_write_OID_dependency 
PK parse and PK write: add dependency check with OID
 2024-02-15 08:34:14 +00:00
Yanray Wang
e9954bb9d5 test_suite_pk.function: add correct dependency 
In valid_parameters_pkwrite, we first parse a public key then test
with mbedtls_pk_write_xxx functions. So valid_parameters_pkwrite
should depend on both MBEDTLS_PK_WRITE_C and MBEDTLS_PK_PARSE_C.

Signed-off-by: Yanray Wang <yanray.wang@arm.com>
 2024-02-14 15:56:02 +00:00
Gilles Peskine
3ea9450463
Merge pull request #8734 from valeriosetti/issue8564 
Add test for driver-only HMAC
 2024-02-14 13:43:40 +00:00
Tom Cosgrove
1c0b1bffee
Merge pull request #8779 from gilles-peskine-arm/rsa-bitlen-fix 
Fix mbedtls_pk_get_bitlen for a key size that is not a multiple of 8
 2024-02-14 11:18:25 +00:00
Valerio Setti
3a4f2040b3 test_suite_psa_crypto: fix some test descriptions 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-02-14 06:44:31 +01:00
Valerio Setti
c1b93751b3 test_suite_pem: add more test cases for encrypted PEM buffers 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-02-14 06:44:28 +01:00
Valerio Setti
095e1ac71c pem: check data padding in DES/AES decrypted buffers 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-02-14 06:44:07 +01:00
Manuel Pégourié-Gonnard
e6c80bc6e5
Merge pull request #8755 from ronald-cron-arm/tls13-client-early-data-status 
TLS 1.3: Refine and test client early data status
 2024-02-13 20:36:42 +00:00
Gilles Peskine
34955677e5 Don't exercise if the algorithm is not supported 
Parsing a key and importing it into PSA may result in a policy that
specifies an algorithm that is not included in the build. This happens if
the key type is supported, but not the algorithm, e.g. in a build with
MBEDTLS_ECP_C but not MBEDTLS_ECDSA_C.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-02-12 19:31:55 +01:00
Gilles Peskine
1d33876d37 Fix some preprocessor guards 
Fix the build in some configurations.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-02-12 19:07:45 +01:00
Gilles Peskine
74860ddec2 Don't define pk_sign_verify in configurations where it's unused 
In some configurations (e.g. ECDH but no ECDSA or RSA), the PK module is
useful but cannot perform any signatures. Then modern GCC complains:

```
../source/tests/suites/test_suite_pk.function: In function ‘test_pk_sign_verify’:
../source/tests/suites/test_suite_pk.function:1136:12: error: array subscript 0 is outside array bounds of ‘unsigned char[0]’ [-Werror=array-bounds]
../source/tests/suites/test_suite_pk.function:1094:19: note: while referencing sig’
…
```

This fixes test-ref-configs.pl with a modern GCC (specifically with
config-thread.h).

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-02-12 19:07:45 +01:00
Gilles Peskine
157679c0d5 mbedtls_pk_import_into_psa: positive tests with pkparse output 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-02-12 17:32:44 +01:00
Gilles Peskine
10e9c412c0 mbedtls_pk_import_into_psa: negative tests for different ECC curve 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-02-12 17:32:44 +01:00
Gilles Peskine
fc3d866ad2 mbedtls_pk_import_into_psa: implement and test 
Implement mbedtls_pk_import_into_psa for all PK types except RSA_ALT.
This covers importing a key pair, importing a public key and importing
the public part of a key pair.

Test mbedtls_pk_import_into_psa() with the output of
mbedtls_pk_get_psa_attributes(). Also unit-test mbedtls_pk_import_into_psa()
on its own to get extra coverage, mostly for negative cases.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-02-12 17:32:44 +01:00
Gilles Peskine
069cec1737 Also check the RSA length for public keys 
Do for public keys what
"Fix mbedtls_pk_get_bitlen() for RSA with non-byte-aligned sizes"
did for key pairs.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-02-12 16:59:17 +01:00
Gilles Peskine
34a074af37 Add missing dependency on PEM 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-02-12 11:24:10 +01:00
Gilles Peskine
92fb604139 Fix mbedtls_pk_get_bitlen() for RSA with non-byte-aligned sizes 
Add non-regression tests. Update some test functions to not assume that
byte_length == bit_length / 8.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-02-12 11:24:08 +01:00
Gilles Peskine
19f1adfc69 New function mbedtls_rsa_get_bitlen() 
Document, implement and test mbedtls_rsa_get_bitlen().

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-02-12 11:23:05 +01:00
Manuel Pégourié-Gonnard
2e2af414d0
Merge pull request #7604 from zvolin/feature/pkcs5-aes 
Add AES encrypted keys support for PKCS5 PBES2
 2024-02-10 08:46:18 +00:00
Gilles Peskine
48b87ebde3 Choose a curve for tests at compile time 
This makes it possible to use the curve in test data.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-02-09 19:31:04 +01:00
Valerio Setti
4ade8ee5b9 test_suite_pem: more tests for ASN.1 parsing after decoding 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-02-09 17:44:07 +01:00
Paul Elliott
54ad01efed Merge remote-tracking branch 'upstream/development' into make_tests_thread_safe 2024-02-09 14:33:58 +00:00
Valerio Setti
010d23f9af test_suite_[pkparse|x509parse]: fix return values of some PEM related error tests 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-02-09 06:42:18 +01:00
Valerio Setti
9de84bd677 rsa: reject buffers with data outside main SEQUENCE when parsing keys 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-02-09 06:42:18 +01:00
Ryan Everett
75e65fe24b Reformat AES encryption test data in pkcs5 tests 
The added comma is needed so that these tests match the regex exceptions
in analyze_outcomes.py.
Moved the Encryption tests so that they are separate to decryption.

Signed-off-by: Ryan Everett <ryan.everett@arm.com>
 2024-02-08 15:44:43 +00:00
Ryan Everett
791fc2e24c Merge remote-tracking branch 'upstream/development' into pkcs5_aes_new 
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
 2024-02-08 14:26:29 +00:00
Janos Follath
7a28738205
Merge pull request #8636 from paul-elliott-arm/new_test_thread_interface 
New test thread interface
 2024-02-08 12:35:40 +00:00
Tom Cosgrove
1dbfc8ad3c
Merge pull request #8790 from paul-elliott-arm/fix_ctr_drbg_comment 
Fix confusing comment in ctr drbg thread test
 2024-02-08 11:11:50 +00:00
Manuel Pégourié-Gonnard
b7307630bb
Merge pull request #8703 from valeriosetti/issue7765-guards-in-asn1 
Conversion function between raw and DER ECDSA signatures (guards in ASN1)
 2024-02-08 08:45:30 +00:00
Manuel Pégourié-Gonnard
7bf1e98f44
Merge pull request #8740 from valeriosetti/issue8647 
Move RSA basic key parsing/writing to rsa.c
 2024-02-08 08:35:42 +00:00
Valerio Setti
1910390b4a psa_util: improve leading zeros check in convert_der_to_raw_single_int() 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-02-07 16:16:58 +01:00
Paul Elliott
bda577bb0b Fix confusing comment in ctr drbg thread test 
Make it clearer where the magic number chosen for entropy_len actually
comes from, and why we chose this value.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2024-02-07 15:13:46 +00:00
Valerio Setti
ef07fa0fc3 test_suite_psa_crypto_util: add more test for raw->der 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-02-07 15:16:45 +01:00
Ryan Everett
a8082c43d5 Add MBEDTLS_CIPHER_C dependencies to new pkparse tests 
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
 2024-02-07 13:31:19 +00:00
Manuel Pégourié-Gonnard
1d7bc1ecdf
Merge pull request #8717 from valeriosetti/issue8030 
PSA FFDH: feature macros for parameters
 2024-02-07 10:06:03 +00:00
Ronald Cron
b3d42fddae tests: write early data: Add HRR scenario 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-02-07 08:06:46 +01:00
Ronald Cron
05600e26f4 tests: write early data: Add "server rejects" scenario 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-02-07 08:06:46 +01:00
Ronald Cron
8fe2b01b52 tests: write early data: Add "not sent" scenario 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-02-07 08:06:46 +01:00
Ronald Cron
2fbbba9c51 tests: ssl: Add write early data unit test 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-02-07 08:06:46 +01:00
Gilles Peskine
f45589b492
Merge pull request #8198 from silabs-Kusumit/kdf_incorrect_initial_capacity 
KDF incorrect initial capacity
 2024-02-06 17:29:43 +00:00
Gilles Peskine
137e0c1a02
Merge pull request #8761 from valeriosetti/issue4681 
Re-introduce enum-like checks from CHECK_PARAMS
 2024-02-06 17:29:38 +00:00
Gilles Peskine
fb7001f15b
Merge pull request #8738 from gilles-peskine-arm/pk_import_into_psa-use_usage 
Implement mbedtls_pk_get_psa_attributes
 2024-02-06 17:28:54 +00:00
David Horstmann
b8dc2453f1 Update buffer start and length in multipart test 
This fixes a test failure in which the buffer was not properly filled.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2024-02-06 17:03:13 +00:00
David Horstmann
30a61f2ec8 Add testcase to fail multipart cipher tests 
Encrypt more than 2 blocks of data, causing both update() calls to
output data as well as the call to finish().

This exposes a test bug where the pointer to a buffer is not updated
as it is filled with data.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2024-02-06 16:55:19 +00:00
Valerio Setti
6269f3baf4 Revert "psa_util: allow larger raw buffers in mbedtls_ecdsa_raw_to_der()" 
This reverts commit d4fc5d9d1c76a6cb978ceb4cc74ec62b111b0007.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-02-06 16:55:18 +01:00
Ronald Cron
2261ab298f tests: early data status: Add HRR scenario 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-02-06 16:43:33 +01:00
Ronald Cron
d6dba675b8 tests: early data status: Add "server rejects" scenario 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-02-06 16:43:33 +01:00
Ronald Cron
265273e8b3 tests: early data status: Add "not sent" scenario 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-02-06 16:43:33 +01:00
Ronald Cron
5c208d7daf tests: ssl: Add scenario param to early data status testing function 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-02-06 16:43:33 +01:00