91 Commits

Author SHA1 Message Date
Manuel Pégourié-Gonnard
07018f97d2 Make legacy_or_psa.h public.
As a public header, it should no longer include common.h, just use
build_info.h which is what we actually need anyway.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-09-16 12:02:48 +02:00
Manuel Pégourié-Gonnard
0777ec1625
Merge pull request #6109 from superna9999/6100-crash-in-test-suite-x509write
Crash in test suite x509write config full no seedfile
2022-09-01 11:18:30 +02:00
Przemek Stekiel
76b753bbb7 Change the dependencies in pem.c to xxx_BASED_ON_USE_PSA and related files
This is done to be able to bild test_psa_crypto_config_accel_hash component where MD5 is only available accelerated (PSA_WANT_ALG_MD5 is enabled and MBEDTLS_MD5_C is disabled) but MBEDTLS_USE_PSA_CRYPTO is disabled.
So the build should not attempt to enable pem_pbkdf1.

Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-08-19 10:15:56 +02:00
Przemek Stekiel
050819c19e test_suite_x509write: Move MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA dependency for x509_crt_check to .function file
mbedtls_x509write_crt_set_subject_key_identifier() requires MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA

Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-08-19 10:15:56 +02:00
Przemek Stekiel
f8087e5ffd x509_crt_check: remove MBEDTLS_SHA1_C dependency from .function file (already handed in .data file)
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-08-19 10:15:56 +02:00
Przemek Stekiel
d34f8c36b8 x509 tests: adjust dependencies
*** Comparing before-default -> after-default ***
   x509parse: total 723; skipped  26 ->  26
   x509write: total  41; skipped   8 ->   8

*** Comparing before-full -> after-full ***
   x509parse: total 723; skipped  25 ->  25
   x509write: total  41; skipped   0 ->   0

Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-08-19 10:15:56 +02:00
Neil Armstrong
a97f1ac5f9 Initialize mbedtls_x509write_csr struct before USE_PSA_INIT(), mbedtls_x509write_csr_free() will crash if uninitialized
When USE_PSA_INIT() failed because lack of seedfile, mbedtls_x509write_csr_free()
crashed when called on an unitialized mbedtls_x509write_csr struct.

This moves mbedtls_x509write_csr_init before calling USE_PSA_INIT(),
which could probably fail, and uses the same flow in x509_csr_check()
and x509_csr_check_opaque().

Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-08-08 13:54:47 +02:00
Gilles Peskine
f860f3742b
Merge pull request #6070 from wernerlewis/bignum_test_radix
Remove radix argument from bignum test functions
2022-08-05 11:01:07 +02:00
Werner Lewis
19b4cd893c Remove radix arg from mbedtls_test_read_mpi
All uses have radix argument removed, using script.

Signed-off-by: Werner Lewis <werner.lewis@arm.com>
2022-08-01 15:05:24 +01:00
Przemek Stekiel
54a544600f test_suite_x509write: use psa_hash_compute() instead mbedtls_md()
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-08-01 16:03:17 +02:00
Manuel Pégourié-Gonnard
abac037a7b Migrate from old inline to new actual function.
This is mostly:

    sed -i 's/mbedtls_psa_translate_md/mbedtls_hash_info_psa_from_md/' \
    library/*.c tests/suites/*.function

This should be good for code size as the old inline function was used
from 10 translation units inside the library, so we have 10 copies at
least.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-07-18 21:28:38 +02:00
Werner Lewis
acd01e58a3 Use ASN1 UTC tags for dates before 2000
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
2022-06-01 16:24:28 +01:00
Neil Armstrong
95974974d2 Update mbedtls_pk_wrap_as_opaque() usage in PK & X509write tests
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-04-28 13:27:59 +02:00
Neil Armstrong
e6ed23cb90 Fix typo in x509_crt_check() comment
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-04-22 09:44:04 +02:00
Neil Armstrong
6ce6dd9bd7 Add Test generating certificates using an opaque EC key
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-04-13 10:32:03 +02:00
Neil Armstrong
98f899c7a5 Test generating certificates using an opaque RSA key
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-04-13 10:31:38 +02:00
Manuel Pégourié-Gonnard
706f6bae27
Merge pull request #5518 from superna9999/5274-ecdsa-signing
PK: ECDSA signing
2022-03-21 09:57:57 +01:00
Neil Armstrong
c23d2e3ef1 Wrap unused declaration in #if/#endif when USE_PSA is set in x509_csr_check()
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-03-18 15:31:59 +01:00
Neil Armstrong
5b32038ff0 Alternative CSR checks in x509_csr_check when USE_PSA_CRYPTO
The X509write x509_csr_check reference file depends on
mbedtls_test_rnd_pseudo_rand being used to match the pre-generated data.
This calls x509_crt_verifycsr() like in x509_csr_check_opaque() when
MBEDTLS_USE_PSA_CRYPTO is defined.

Notably using PSA_ALG_DETERMINISTIC_ECDSA() in ecdsa_sign_wrap() makes
this test run without these changes.

Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-03-03 16:44:06 +01:00
Neil Armstrong
5f8328b2f6 Initialize PSA crypto in test_suite_x509write for RSA signing tests
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-03-03 16:39:39 +01:00
Gilles Peskine
20edee7b17 Use mbedtls_test_read_mpi in test suites
Replace calls to mbedtls_mpi_read_string() with a wrapper
mbedtls_test_read_mpi() when reading test data except for the purpose
of testing mbedtls_mpi_read_string() itself. The wrapper lets the test
data control precisely how many limbs the constructed MPI has.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-06-22 12:44:05 +02:00
Manuel Pégourié-Gonnard
84dea01f36 Add RNG params to private key parsing
This is necessary for the case where the public part of an EC keypair
needs to be computed from the private part - either because it was not
included (it's an optional component) or because it was compressed (a
format we can't parse).

This changes the API of two public functions: mbedtls_pk_parse_key() and
mbedtls_pk_parse_keyfile().

Tests and programs have been adapted. Some programs use a non-secure RNG
(from the test library) just to get things to compile and run; in a
future commit this should be improved in order to demonstrate best
practice.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2021-06-17 09:38:38 +02:00
Thomas Daubney
140184d029 Removes mode param from mbedtls_rsa_pkcs1_sign
Commit removes the mode parameter from
mbedtls_rsa_pkcs1_sign and progagates the
change to all relevant parts of the codebase.

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
2021-05-18 18:02:24 +01:00
Thomas Daubney
fa1581ea03 Modifies typedef of mbedtls_pk_rsa_alt_sign_func
This commit modifies the typedef of
mbedtls_pk_rsa_alt_sign_func and propagates the
associated changes throughout the codebase.

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
2021-05-18 12:38:33 +01:00
Thomas Daubney
c7feaf349c Remove mode param from mbedtls_rsa_pkcs1_decrypt
The mode parameter has been removed from the
mbedtls_rsa_pkcs1_decrypt function. The change
has been progagated to all function calls,
including in test suite .function files.

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
2021-05-12 18:43:06 +01:00
Thomas Daubney
99914146a4 Preparatory commit to remove tests
Removed a conditional compilation block
relating to MBEDTLS_PKCS1_V15 in
rsa_pkcs1_verify_raw function that was no
longer relevant.

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
2021-05-12 15:18:20 +01:00
Gilles Peskine
9de97e21fe Make {USE_,}PSA_{INIT,DONE} available in all test suites
Make USE_PSA_INIT() and USE_PSA_DONE() available in all test suites in
all cases, doing nothing if MBEDTLS_USE_PSA_CRYPTO is disabled. Use
those in preference to having explicit
defined(MBEDTLS_USE_PSA_CRYPTO) checks (but there may still be places
left where using the new macros would be better).

Also provide PSA_INIT() by symmetry with PSA_DONE(), functional
whenver MBEDTLS_PSA_CRYPTO_C is enabled, but currently unused.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-02-22 19:08:14 +01:00
Dave Rodgman
6fbff5b557
Merge pull request #3698 from darrenkrahn/development
Mark basic constraints critical as appropriate.
2021-01-17 18:06:18 +00:00
Darren Krahn
9c134cef35 Add build instructions for new test data.
Signed-off-by: Darren Krahn <dkrahn@google.com>
2021-01-13 22:04:45 -08:00
Gilles Peskine
f6be590bf6 Include psa_crypto_helpers.h in helpers.function
Include psa_crypto_helpers.h automatically if MBEDTLS_PSA_CRYPTO_C is
enabled, like helpers.h is included automatically.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-01-06 18:21:18 +01:00
Gilles Peskine
9a4baa1336 Remove unnecessary precautions around #include psa_crypto_helpers.h
psa_crypto_helpers.h no longer defines static functions, so it can be
included anywhere without worrying about unused functions.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-01-06 18:19:17 +01:00
Paul Elliott
557b8d663a Remove Extraneous bytes from buffer post pem write
In order to remove large buffers from the stack, the der data is written
into the same buffer that the pem is eventually written into, however
although the pem data is zero terminated, there is now data left in the
buffer after the zero termination, which can cause
mbedtls_x509_crt_parse to fail to parse the same buffer if passed back
in. Patches also applied to mbedtls_pk_write_pubkey_pem, and
mbedtls_pk_write_key_pem, which use similar methods of writing der data
to the same buffer, and tests modified to hopefully catch any future
regression on this.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2020-12-07 17:29:42 +00:00
Ronald Cron
5425a21fd2 tests: Adapt PSA tests to openless APIs
psa_key_handle_equal() is removed as not used
anymore.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-11-10 16:00:41 +01:00
Ronald Cron
91e9515424 Introduce PSA_KEY_HANDLE_INIT macro
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-11-10 16:00:41 +01:00
Darren Krahn
e560be3ab4 Mark basic constraints critical as appropriate.
Per RFC 5280 4.2.1.9 if the 'cA' field is set to true, the extension
must be marked critical.

Signed-off-by: Darren Krahn <dkrahn@google.com>
2020-09-21 18:25:35 -07:00
Manuel Pégourié-Gonnard
04b7488411 Fix potential use of uninitialised variable
If any of the TEST_ASSERT()s that are before the call to
mbedtls_pk_warp_as_opaque() failed, when reaching the exit label
psa_destroy_key() would be called with an uninitialized argument.

Found by Clang.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-08-25 10:45:51 +02:00
Manuel Pégourié-Gonnard
8a79b9b68c Fix "unused function" warning in some configs
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-08-24 10:29:30 +02:00
Manuel Pégourié-Gonnard
feb0396d20 Fix memory leak in test_suite_x509write with PSA crypto
The documentation of mbedtls_pk_wrap_as_opaque is quite clear:

 * \param handle    Output: a PSA key handle.
 *                  It's the caller's responsibility to call
 *                  psa_destroy_key() on that handle after calling
 *                  mbedtls_pk_free() on the PK context.

But the test failed to call psa_destroy_key().

While at it, also use PSA_DONE(): it ensures that if we fail to destroy the
key, we'll get an explicit error message about it without the need for
valgrind.

This is a preliminary to adding a valgrind-based test for constant-flow code:
we need to make sure the rest of the tests are fully valgrind-clean, which
they weren't.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-08-20 10:21:32 +02:00
Ronald Cron
6c5bd7fd51 tests: Reformating due to rnd_* renaming
Command to find the files in which lines have gone
larger than 79 characters due to the renaming:

grep '.\{80\}' \
    `git diff-tree --no-commit-id --name-only -r HEAD` \
    | grep "\<mbedtls_test_rnd_"

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-06-12 14:33:08 +02:00
Ronald Cron
351f0eee20 tests: Add mbedtls_test_ prefix to rnd_* symbols
Add mbedtls_test_ prefix to rnd_buf_info and
rnd_pseudo_info types, to rnd_std_rand(),
rnd_zero_rand(), rnd_buffer_rand() and
rnd_pseudo_rand() functions.

Command to change *.function files:
find . -name "*.function" -exec awk -i inplace \
    '{sub(/rnd_(buf_info|pseudo_info|std_rand| \
    zero_rand|buffer_rand|pseudo_rand)/, \
    "mbedtls_test_&")}1' {} \;

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-06-12 14:33:08 +02:00
Gilles Peskine
f4e672ec9e Add missing compilation guards in test suite
Fix the build when MBEDTLS_USE_PSA_CRYPTO is set but
MBEDTLS_X509_CSR_WRITE_C is not.
2020-01-31 14:22:10 +01:00
Hanno Becker
bf2dacb8fe Fix memory leak in CSR test suite on failure 2019-09-06 07:44:37 -04:00
Hanno Becker
2fcdd7446e Fix a memory leak in x509write test suite
This leak wasn't discovered by the CI because the only test in
all.sh exercising the respective path enabled the custom memory
buffer allocator implementations of calloc() and free(), hence
bypassing ASan.
2019-09-06 07:44:37 -04:00
Andres Amaya Garcia
7067f812f8 Add tests for (named) bitstring to suite_asn1write 2019-02-28 09:36:30 +00:00
Andrzej Kurek
2349c4db88 Adapt to the new key allocation mechanism 2019-01-08 09:36:01 -05:00
Andrzej Kurek
967cfd18fd Remove trailing whitespace 2018-11-22 12:05:08 -05:00
Andrzej Kurek
4b11407258 Cosmetic changes
Adjust whitespaces, reduce test dependencies and reduce buffer size passed by 1.
2018-11-22 12:05:08 -05:00
Andrzej Kurek
5f7bad34bb Add CSR write testing using opaque keys
Parse and verify CSR programatically instead of using predetermined data,
to not tamper with randomness in tests.
2018-11-22 12:05:08 -05:00
Mohammad Azim Khan
cf32c45bfd Add missing headers and fix name change issues 2018-08-06 11:40:57 +01:00
Azim Khan
f1aaec9888 Intermediate hexify out change 2018-08-06 11:40:57 +01:00