10822 Commits

Author SHA1 Message Date
Ryan Everett
1d5fa22f9d Fix pkcs5 aes test data
Remove the keyLength parameter from the AES-256 tests.
Add MBEDTLS_CIPHER_PADDING_PKCS7 to the dependencies.

Signed-off-by: Ryan Everett <ryan.everett@arm.com>
2024-02-05 16:45:38 +00:00
Ryan Everett
9ae32704b6 Add missing dependencies for pkparse tests
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
2024-02-05 16:44:16 +00:00
Valerio Setti
1792bb44a0 test_suite_psa_crypto_util: add more test cases
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-02-05 17:34:49 +01:00
Valerio Setti
110126110d test_suite_psa_util: use more generic symbols for test case dependencies
Use PSA_VENDOR_ECC_MAX_CURVE_BITS instead of a specific curve since
what we care about is only bit-size not the curve itself.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-02-05 16:24:18 +01:00
Valerio Setti
091bdc416d psa_util: enhance checks on leading zeros in convert_der_to_raw_single_int()
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-02-05 16:18:04 +01:00
Manuel Pégourié-Gonnard
32c28cebb4
Merge pull request from valeriosetti/issue7964
Remove all internal functions from public headers
2024-02-05 15:09:15 +00:00
Valerio Setti
bec1d842ac psa_util: convert_der_to_raw_single_int() accepts also all zero integers
These values are not mathematically valid as signature, but as
for what it concerns with ECDSA conversion functions, 0 values
in DER format should be translated to 0 values in raw format.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-02-05 15:50:02 +01:00
Valerio Setti
8334d00772 psa_util: improve check of raw_len in mbedtls_ecdsa_raw_to_der()
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-02-05 15:35:26 +01:00
Janos Follath
747bedb0b0
Merge pull request from ivq/gcm_ad_len_check
Add back restriction on AD length of GCM
2024-02-05 13:33:58 +00:00
Valerio Setti
954ef4bbd5 psa_util: improve convert_raw_to_der_single_int()
Allow the function to support DER buffers than what it is nominally
required by the provided coordinates. In other words let's ignore
padding zeros in the raw number.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-02-05 12:06:46 +01:00
Valerio Setti
315e4afc0a psa_util: change parameters order in ECDSA conversion functions
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-02-05 10:09:15 +01:00
Valerio Setti
45c33ed41e test_suite_rsa: fix data for "extra integer outside the SEQUENCE"
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-02-05 09:04:10 +01:00
Paul Elliott
098e2d82cd Revert accidental formatting change
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2024-02-02 17:59:26 +00:00
Paul Elliott
ac61cee2fd Restore mutex lock for mbedtls_test_set_step()
This function is called externally from several tests, so still requires
a mutex lock. Add an internal function to reset the step, for use in
functions where the mutex is already held.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2024-02-02 17:53:38 +00:00
Dave Rodgman
12285c5c7c Add calls to BLOCK_CIPHER_PSA_INIT / BLOCK_CIPHER_PSA_DONE
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2024-02-02 17:52:41 +00:00
Ronald Cron
ae2d81c314 tests: tls13: Run early data test only in TLS 1.3 only config
Temporary workaround to not run the early data test
in Windows-2013 where there is an issue with
mbedtls_vsnprintf().

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-02-02 17:31:20 +01:00
Jerry Yu
f57d14bed4 Ignore early data app msg before 2nd client hello
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-02-02 17:31:20 +01:00
Ronald Cron
2995d35ac3 tls13: srv: Deprotect and discard early data records
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-02-02 17:31:20 +01:00
Jerry Yu
064dd2b870 Adjust check order
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2024-02-02 17:31:20 +01:00
Valerio Setti
f15e13ead7 test_suite_x509parse: remove useless include of rsa.h
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-02-02 16:44:22 +01:00
Gilles Peskine
d078386287 Smoke tests for mbedtls_pk_get_psa_attributes after parsing
We'll test more fully by adding a call to mbedtls_pk_import_into_psa() once
that function is implemented.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-02-02 13:22:23 +01:00
Gilles Peskine
cb3b4cae0a Fix handling of ECC public keys under MBEDTLS_PK_USE_PSA_EC_DATA
The test code to construct test keys and the implementation had matching
errors: both assumed that there was a PSA public key object. Fix this.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-02-02 13:22:23 +01:00
Valerio Setti
c9dd8611f8 test_suite_psa_crypto_util: add missing new line at the end of file
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-02-02 12:34:06 +01:00
Valerio Setti
684d78fcfa test_suite_rsa: improve key parsing tests for extra data
2 scenarios are taken into account:
- syntactically valid extra data inside the SEQUENCE
- extra data outside the SEQUENCE
A single integer is used as extra data in both cases.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-02-02 12:30:16 +01:00
Valerio Setti
c701cb2835 test_suite_rsa: improve rsa_key_write_incremental()
Output buffer is tested from being 1 single byte up to twice
what it is strictly required to contain the output data.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-02-02 11:10:04 +01:00
Valerio Setti
5922cb9309 pkparse: keep legacy PK error codes when RSA key parsing fails
This helps in reverting the changes to test_suite_x509parse.data
when the RSA key parsing fails.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-02-02 09:21:25 +01:00
Gilles Peskine
591e83d139 Add missing implied usage
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-02-01 21:33:44 +01:00
Gilles Peskine
a1a7b08057 Fix typo in dependency
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-02-01 21:32:29 +01:00
Gilles Peskine
793920c1ff mbedtls_pk_get_psa_attributes: opaque: require specified usage
In the MBEDTLS_PK_OPAQUE, have mbedtls_pk_get_psa_attributes() require the
specified usage to be enabled for the specified key. Otherwise the following
call to mbedtls_pk_import_into_psa() is unlikely to result in a key with a
useful policy, so the call to mbedtls_pk_get_psa_attributes() was probably
an error.

Adjust the existing test cases accordingly and add a few negative test
cases.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-02-01 21:31:27 +01:00
Gilles Peskine
e45d51f7b5 Clearer variable names
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-02-01 20:53:11 +01:00
Gilles Peskine
e2a77f21ea Use PSA_INIT with test that requires PSA
USE_PSA_INIT is for test code that doesn't use PSA functions when
USE_PSA_CRYPTO is disabled.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-02-01 20:53:04 +01:00
Gilles Peskine
2e54854d16 Copypasta
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-02-01 20:53:04 +01:00
Gilles Peskine
ae2668be97 Don't use mbedtls_pk_ec in our own code
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-02-01 20:53:04 +01:00
Gilles Peskine
7e353ba37a Create auxiliary function for repeated code
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-02-01 20:46:19 +01:00
Gilles Peskine
19411635a5 Test enrollment algorithm for the non-OPAQUE case
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-02-01 20:42:28 +01:00
Ronald Cron
38dbab9f8d tests: ssl: Adjust early data test
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-02-01 20:10:41 +01:00
Ronald Cron
78a38f607c tls13: srv: Do not use early_data_status
Due to the scope reduction for
mbedtls_ssl_read_early_data(), on
server as early data state variable
we now only need a flag in the
handshake context indicating if
the server has accepted early data
or not.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-02-01 20:10:35 +01:00
Valerio Setti
56cfe2fab6 test_suite_rsa: improve rsa_parse_write_pkcs1_key() and rsa_key_write_incremental()
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-02-01 17:53:26 +01:00
Valerio Setti
201e643509 rsa: simplify mbedtls_rsa_parse_pubkey() input parameters
In this way mbedtls_rsa_parse_pubkey() and mbedtls_rsa_parse_key()
input parameter list is the same.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-02-01 17:19:37 +01:00
Valerio Setti
135ebde273 rsa: rename parse/write functions in order to follow the standard format
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-02-01 17:00:29 +01:00
Jerry Yu
579bd4d46b Update early data test
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-02-01 16:40:47 +01:00
Jerry Yu
192e0f9b1d ssl_server2: Add read early data support
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-02-01 16:40:47 +01:00
Valerio Setti
3ecb395fb9 test_suite_psa_crypto_util: fix tests for 0-length and one 0x00 byte for r and s
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-02-01 15:26:24 +01:00
Dave Rodgman
ba8e9addd9 Fix test dependencies
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2024-02-01 13:54:46 +00:00
Paul Elliott
0b2835d1fd Fix accidental copy paste mistake
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2024-02-01 13:27:04 +00:00
Ronald Cron
11cc41265b
Merge pull request from ronald-cron-arm/tls13-ticket-and-early-data-unit-test
Add TLS 1.3 ticket and early data unit tests
2024-02-01 13:15:55 +00:00
Paul Elliott
ae942ece47 Fix style issues
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2024-02-01 12:44:01 +00:00
Paul Elliott
24e9a32c83 Refactor to help future other implementations
Improve the definition of mbedtls_test_thread_t to assist adding future
threading implementations, when they happen.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2024-02-01 12:26:23 +00:00
Dave Rodgman
6823247376 Fix compile warning in tests
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2024-01-31 15:59:06 +00:00
Paul Elliott
9efc60298f Fix code style issues
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2024-01-31 15:33:23 +00:00