mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-01-31 00:32:50 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
28,421 Commits 170 Branches 263 Tags
Commit Graph

5858 Commits

Author SHA1 Message Date
Yanray Wang
079b3bb97b test_suite_asn1parse.data: remove {} in test data description 
In analyze_outcomes.py, if a test case passes in reference_test but
not in driver_test, we log the key by key.format in python.
However, this causes error because of the grammar {} in python
string format. So removing {} to avoid KeyError for
    sys.stderr.write((fmt + '\n').format(*args, **kwargs))

Signed-off-by: Yanray Wang <yanray.wang@arm.com>
 2023-09-26 17:15:52 +08:00
Yanray Wang
61f96608cc test_suite_pk: add extra dependency for pk_psa_sign 
pk_psa_sign is guarded by MBEDTLS_TEST_PK_PSA_SIGN which is set under:
 - The build has PK_[PARSE/WRITE]_C for RSA or ECDSA signature.
 - The build has built-in ECC and ECDSA signature.

Signed-off-by: Yanray Wang <yanray.wang@arm.com>
 2023-09-26 17:15:52 +08:00
Gilles Peskine
5f573f8301 Fix broken test with MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER 
When testing the lifecycle of a transient key, it doesn't make much sense to
try psa_open_key: that expects a persistent key and the lookup takes a
different path. The error from psa_open_key is also different depending on
whether MBEDTLS_PSA_CRYPTO_STORAGE_C is enabled.

To check that the key ownership is taken into account, try to access the
same key id with a different owner without expecting that this is a
persistent key. Just call psa_get_key_attributes, which works fine for a
transient key.

This fixes a test failure when MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER is
enabled and MBEDTLS_PSA_CRYPTO_STORAGE_C is disabled.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-09-26 17:15:52 +08:00
Gilles Peskine
7f420faf03 parse_attribute_value_hex_der_encoded: clean up length validation 
Separate the fits-in-buffer check (*data_length <= data_size) from the
we-think-it's-a-sensible-size check (*data_length <=
MBEDTLS_X509_MAX_DN_NAME_SIZE).

This requires using an intermediate buffer for the DER data, since its
maximum sensible size has to be larger than the maximum sensible size for
the payload, due to the overhead of the ASN.1 tag+length.

Remove test cases focusing on the DER length since the implementation no
longer has a threshold for it.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-09-25 19:59:31 +02:00
Gilles Peskine
26dd764dc3 parse_attribute_value_hex_der_encoded test case fixups 
Fix the expected output in some test cases.

Add a few more test cases to exercise both a payload length around 256 bytes
and a DER length around 256 bytes, since both are placed in a 256-byte
buffer (value of MBEDTLS_X509_MAX_DN_NAME_SIZE).

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-09-25 19:59:31 +02:00
Gilles Peskine
c94500b56b Add may-fail mode to mbedtls_x509_string_to_names output tests 
Due to differing validations amongst X.509 library functions, there are
inputs that mbedtls_x509_string_to_names() accepts, but it produces output
that some library functions can't parse. Accept this for now. Do call the
functions, even when we don't care about their return code: we're ok with
returning errors, but not with e.g. a buffer overflow.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-09-25 19:59:31 +02:00
Gilles Peskine
aa01a038b5 Fix indentation 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-09-25 19:59:31 +02:00
Gilles Peskine
70a93407ce More test cases for parse_attribute_value_der_encoded 
In particular, "X509 String to Names: long hexstring (DER=258 bytes, too long)"
causes a buffer overflow in parse_attribute_value_der_encoded().

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-09-25 19:59:31 +02:00
Gilles Peskine
1c7223bda2 Use modern test macros for ease of debugging 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-09-25 19:59:31 +02:00
Dave Rodgman
6da7872aa2
Merge pull request #1083 from gilles-peskine-arm/development-restricted-merge-20230925 
Merge development into development-restricted
 2023-09-25 18:16:01 +01:00
Valerio Setti
bbf86afdeb test_suite_psa_crypto: fix curve dependency in test 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-09-25 17:39:41 +02:00
Valerio Setti
db6b4db7a0 Renaming all MBEDTLS_HAVE for curves to MBEDTLS_ECP_HAVE 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-09-25 17:39:41 +02:00
Valerio Setti
6d809cc969 lib/test: use new internal helpers in library's code and tests 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-09-25 17:39:41 +02:00
Gilles Peskine
ffe590d197
Merge pull request #1058 from waleed-elmelegy-arm/check-set_padding-is-called 
Check set_padding has been called in mbedtls_cipher_finish
 2023-09-25 17:12:36 +02:00
Gilles Peskine
ca1e605b9c Merge remote-tracking branch 'upstream-public/development' into development-restricted-merge-20230925 
Conflicts:
* `include/mbedtls/build_info.h`: a new fragment to auto-enable
  `MBEDTLS_CIPHER_PADDING_PKCS7` was added in
  c9f4040f7f3356293e90c58d11f6567def641e08 in `development-restricted`.
  In `development`, this section of the file has moved to
  `include/mbedtls/config_adjust_legacy_crypto.h`.
* `library/bignum.c`: function name change in `development-restricted` vs
  comment change in development. The comment change in `development` is not
  really relevant, so just take the line from `development-restricted`.
 2023-09-25 16:16:26 +02:00
Dave Rodgman
025bed9eb7
Merge pull request #1076 from daverodgman/more-ct 
Use CT module more consistently
 2023-09-25 11:50:10 +01:00
Manuel Pégourié-Gonnard
4fe1e8762d Fix SHA-3 dependencies in test_suite_md 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-09-25 10:05:23 +02:00
Manuel Pégourié-Gonnard
f4ceb16813 Fix dependencies for SHA-3 MD dispatch tests 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-09-24 09:48:46 +02:00
Gilles Peskine
ae3cda9541
Merge pull request #8092 from silabs-Kusumit/PBKDF2_output_key 
PBKDF2: test output_key
 2023-09-22 18:01:06 +00:00
Gilles Peskine
18e1d11cfe
Merge pull request #1049 from waleed-elmelegy-arm/Switch-pkparse-to-mbedtls_pkcs5_pbe2_ext 
Switch pkparse to use new pkcs5/12 pbe functions
 2023-09-22 18:06:50 +02:00
Dave Rodgman
9fc868012c Fix test error 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-09-22 10:56:13 +01:00
Gilles Peskine
193f94276e
Merge pull request #1071 from gilles-peskine-arm/ssl_decrypt_stream_short_buffer 
Fix buffer overread in mbedtls_ssl_decrypt_buf with stream cipher
 2023-09-22 11:43:03 +02:00
Dave Rodgman
fbe74a9e51 Add mbedtls_ct_error_if, with tests 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-09-22 09:58:25 +01:00
Dave Rodgman
9d0869140b Remove tests for mbedtls_ct_int_if 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-09-21 21:54:08 +01:00
Dave Rodgman
f1915f623d Improve testing for mbedtls_ct_int_if 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-09-21 19:22:59 +01:00
Dave Rodgman
cc3c670670 Fix compiler cast warning 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-09-21 16:33:26 +01:00
Waleed Elmelegy
3643947a1e Add correct dependencies for AES-192/256 cipher tests 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2023-09-21 16:22:15 +01:00
Waleed Elmelegy
38202a2b18 Improve pkparse test dependencies and changelog 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2023-09-21 15:21:10 +01:00
Waleed Elmelegy
f4e665101d Add more tests to check setting padding mode 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2023-09-21 14:04:35 +01:00
Dave Rodgman
93b3228d42 Add tests for mbedtls_ct_error_if 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-09-21 13:50:51 +01:00
Waleed Elmelegy
556a0790f6 Fix code style in pkparse tests 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2023-09-21 09:19:56 +01:00
Waleed Elmelegy
9d4d8ebaf2 Add PKCS5/12 dependecies to pkparse tests 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2023-09-21 08:45:56 +01:00
Pengyu Lv
9d87a38976 test_suite_ssl: improve variable naming in ssl_set_hostname_twice 
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
 2023-09-21 10:32:12 +08:00
Waleed Elmelegy
15bcf38e88 Add test pkparse test dependencies 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2023-09-20 20:02:16 +01:00
Waleed Elmelegy
1db5cdaf57 Add tests to test pkcs8 parsing of encrypted keys 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2023-09-20 19:29:02 +01:00
Waleed Elmelegy
d527896b7e Switch pkparse to use new mbedtls_pkcs12_pbe_ext function 
Switch pkparse to use new mbedtls_pkcs12_pbe_ext function
and deprecate mbedtls_pkcs12_pbe function.

Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2023-09-20 19:29:02 +01:00
Waleed Elmelegy
c9f4040f7f Switch pkparse to use new mbedtls_pkcs5_pbes2_ext function 
Switch pkparse to use new mbedtls_pkcs5_pbes2_ext function
and deprecate mbedtls_pkcs5_pbes2 function.

Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2023-09-20 19:28:28 +01:00
Manuel Pégourié-Gonnard
5edb942708
Merge pull request #8041 from mpg/tfm-p256m 
Test TF-M config with p256-m driver
 2023-09-20 16:09:56 +00:00
Dave Rodgman
143f5f7c68 Add mbedtls_ct_bool_if and mbedtls_ct_bool_if_else_0 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-09-19 21:52:13 +01:00
Dave Rodgman
1cfc43c77b Rename mbedtls_ct_bool_xor to mbedtls_ct_bool_ne 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-09-19 18:39:33 +01:00
Dave Rodgman
6568f60358 Simplify mbedtls_ct_memcmp_partial test 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-09-19 17:48:24 +01:00
Dave Rodgman
2c9f86b3b6 Add docs for mbedtls_ct_memcmp_partial test 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-09-19 17:48:13 +01:00
Dave Rodgman
28bc1ab923 Use exact bounds for allocations in mbedtls_ct_memcmp_partial test 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-09-19 17:34:57 +01:00
Dave Rodgman
ba600b2fd9 Remove expected param from mbedtls_ct_memcmp_partial test 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-09-19 17:26:13 +01:00
Waleed Elmelegy
071b69f47b Add correct dependency to DES3 test 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2023-09-19 11:24:49 +01:00
Dave Rodgman
771ac65b0c Add tests for mbedtls_ct_memcmp_partial 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-09-19 09:10:59 +01:00
Gilles Peskine
d2e004e401 Test mbedtls_ssl_decrypt_buf(): stream cipher, negative cases 
Test mbedtls_ssl_decrypt_buf() with a null cipher (the only type of stream
cipher we support). Test the good case (to make sure the test code
constructs the input correctly), test with an invalid MAC, and test with a
shortened input.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-09-18 19:07:50 +02:00
Waleed Elmelegy
6d2c5d5f5c Adjust cipher tests to new requirement of specifying padding mode 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2023-09-18 17:41:25 +01:00
Gilles Peskine
9099d3fd76 Refactoring: create mbedtls_test_ssl_prepare_record_mac() 
No semantic change.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-09-18 17:21:15 +02:00
Gilles Peskine
68ec3ccc7c Add missing cleanup 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-09-18 14:35:52 +02:00