mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-02-19 09:40:29 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
30,750 Commits 172 Branches 263 Tags
Commit Graph

11206 Commits

Author SHA1 Message Date
Valerio Setti
dfc1915d39 test_suite_pk: modify pk_genkey() in order to use predefined keys 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-04-17 05:28:36 +02:00
Valerio Setti
8b3a272f93 test-data: add predefined RSA and EC keys 
Automatically generated with the following bash script:

```
LIST="secp521r1 brainpoolP512r1 secp384r1 brainpoolP384r1 secp256r1 secp256k1
    brainpoolP256r1 secp224r1 secp224k1 secp192r1 secp192k1 x25519 x448"

for item in $LIST; do
    ./programs/pkey/gen_key type=ec ec_curve=$item filename="tests/data_files/ec_$item.der" format=der
done

LIST="1024 1026 1028 1030 2048 4096"

for item in $LIST; do
    ./programs/pkey/gen_key type=rsa rsa_keysize=$item filename="tests/data_files/rsa_$item.der" format=der
done
```

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-04-17 05:28:36 +02:00
Ronald Cron
cfb9f4d7b2 ssl-opt.sh: Fix some test dependencies 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-04-12 13:37:23 +02:00
Ronald Cron
561181c235 Use latest installed OpenSSL 3 as OPENSSL_NEXT 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-04-12 13:37:23 +02:00
Ronald Cron
b3cdd4b60f ssl-opt.sh: Adapt tests to OpenSSL 3 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-04-12 13:37:23 +02:00
Ronald Cron
0e711e1ac0 Add RSA key certificates 
Add RSA key certificates using SHA256
instead of SHA1 for the signature
algorithm. Those are needed for some
TLS 1.3 compatibility tests with OpenSSL 3
to avoid having to enable in OpenSSL 3
the support for the deprecated SHA-1 based
signature algorithms.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-04-12 13:37:22 +02:00
Manuel Pégourié-Gonnard
48395bc88c compat.sh: properly skip unsupported DTLS 1.2 
Skipping DTLS 1.2 with old versions was already done, but now properly
test support only once and use the results.

Note that historically, this script's policy was that it's the user's
job to find the right value of -e (EXCLUDE) for their version for
OpenSSL & config. Now it's a weird mix of that and the script doing some
detection and skipping.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2024-04-11 10:21:43 +02:00
Manuel Pégourié-Gonnard
848825436d compat.sh: properly report skipped tests 
Don't just silently continue.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2024-04-11 09:56:24 +02:00
Gilles Peskine
79d25877ff
Merge pull request #9009 from mpg/fix-wrong-dep-test-case-3.6 
[Backport 3.6]   Fix wrong dependencies in test cases + follow-up
 2024-04-09 11:34:10 +00:00
Ronald Cron
6a8e4eb8d1 all.sh: Use full instead of default as the base for the new component 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-04-05 14:16:32 +02:00
Ronald Cron
f02af2d1c5 tests: ssl: Fix dependencies of SRV TLS 1.3 session serialization tests 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-04-05 14:16:32 +02:00
Ronald Cron
54a9b11bb5 ssl-opt.sh: Add tests where tickets are ignored 
Add tests where we explicitely check that
tickets are ignored on client side when
the support is not enabled.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-04-05 14:16:32 +02:00
Norbert Fabritius
c93fc86517 ssl-opt.sh: Add missing MBEDTLS_SSL_SESSION_TICKETS dependencies 
Signed-off-by: Norbert Fabritius <norbert.fabritius@esrlabs.com>
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-04-05 14:16:32 +02:00
Norbert Fabritius
06d9934b85 all.sh: Add component testing default minus session tickets 
Signed-off-by: Norbert Fabritius <norbert.fabritius@esrlabs.com>
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-04-05 14:16:32 +02:00
Ronald Cron
094f55333d tests: ssl: Fix dependencies of TLS 1.3 session serialization tests 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-04-05 14:16:32 +02:00
Ronald Cron
346b81877d tests: ssl: Add hostname checks in session serialization tests 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-04-05 14:16:31 +02:00
Ronald Cron
1fb585492d tests: ssl: Remove redundant test 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-04-05 14:16:31 +02:00
Ronald Cron
819636994e tests: ssl: Fix session field guards 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-04-05 14:16:31 +02:00
Bence Szépkúti
4ee6ddca86
Merge pull request #9004 from valeriosetti/issue8903-backport 
[Backport 3.6] Test gap: mbedtls_pk_check_pair with MBEDTLS_PK_OPAQUE
 2024-04-04 13:44:31 +00:00
Manuel Pégourié-Gonnard
87747c7a82 Fix closing comment to match opening guard 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2024-04-04 12:57:07 +02:00
Manuel Pégourié-Gonnard
5aa6a64b17 Fix style of preprocessor expression 
We use logical '&&' everywhere, let's be consistent.

(Unless I'm mistaken, binary '&' happens to give the same results for
booleans so this wasn't an actual bug, just style/readability issue.)

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2024-04-04 12:57:06 +02:00
Pengyu Lv
3bb89dc935 Fix failures in psa_cryto_driver_wrappers suite 
- "in-driver" test should depend on the present
  of a driver.
- add new counter in key manangement driver test
  hook which counts the calls of generate_key.
- We only care about the hits when processing
  `psa_generate_key`.

Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
 2024-04-04 12:57:06 +02:00
Pengyu Lv
a44cab020e Add missing dependency of fallback test in driver wrappers suite 
To pass a fallback test, we need a dependency on built-in
implementation.

Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
 2024-04-04 12:57:06 +02:00
Pengyu Lv
b13c218b10 Add missing definition of AT_LEAST_ONE_BUILTIN_KDF 
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
 2024-04-04 12:57:05 +02:00
Pengyu Lv
64b6e4dece Fix wrong dependency in psa_crypto_driver_wrappers suite 
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
 2024-04-04 12:57:04 +02:00
Pengyu Lv
a9d3eaf4bb Fix wrong dependency in psa_crypto_pake suite 
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
 2024-04-04 12:57:04 +02:00
Pengyu Lv
f3abbfe735 Fix typo in ssl test suite 
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
 2024-04-04 12:57:04 +02:00
Pengyu Lv
0dfb5bbb31 Correct dependancy on MBEDTLS_X509_INFO for x509parse 
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
 2024-04-04 12:57:04 +02:00
Valerio Setti
b2840b0aac test_suite_pk: add failing check for sign_ext() in pk_psa_wrap_sign_ext() 
If the wrapped key has a PKCS1 v1.5 signature algorithm, then try
to call sign_ext() to perform PSA RSS. Of course this will fail
because it's not supported by the wrapped key.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-04-04 09:42:01 +02:00
Valerio Setti
7e9711ae07 test_suite_pk: test check_pair() also with opaque RSA keys 
check_pair() is not supported by opaque RSA keys, but we want
to be sure that calling this functions fails nicely instead
for crashing.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-04-04 07:02:47 +02:00
minosgalanakis
e146940714
Merge pull request #1216 from Mbed-TLS/mbedtls-3.6.0_mergeback 
Mbedtls 3.6.0 mergeback
 2024-03-28 14:31:03 +00:00
Minos Galanakis
9860056006 Revert "Autogenerated files for 3.6.0" 
This reverts commit e8a6833b2878f1c08b8f96fe35e2812367e32ef3.

Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2024-03-27 17:36:15 +00:00
Minos Galanakis
e8a6833b28 Autogenerated files for 3.6.0 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2024-03-22 16:00:55 +00:00
Minos Galanakis
4492dbd286 Version Bump for 3.6.0 
./scripts/bump_version.sh --version 3.6.0 --so-crypto 16 --so-x509 7  --so-tls 21

Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2024-03-22 11:46:25 +00:00
Manuel Pégourié-Gonnard
611f899c0c
Merge pull request #8957 from valeriosetti/issue8836 
Unify consistency tests for mbedtls_pk_import_into_psa and mbedtls_pk_copy_from_psa
 2024-03-22 08:57:45 +00:00
Manuel Pégourié-Gonnard
e2925efa42
Merge pull request #8967 from ronald-cron-arm/improve-version-selection-tests-titles 
ssl-opt.sh: Improve version selection test titles
 2024-03-22 08:52:39 +00:00
Minos Galanakis
d9d6435bc5 Merge branch 'development-restricted' into mbedtls-3.6.0rc0-pr 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2024-03-21 15:44:11 +00:00
Manuel Pégourié-Gonnard
2107feb7a6
Merge pull request #8586 from lpy4105/issue/fix-fake-case-listed-in-compat_sh 
Fix fake cases listed of compat.sh
 2024-03-21 15:05:11 +00:00
Ronald Cron
35884a4301 ssl-opt.sh: Improve version selection test titles 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-21 09:44:28 +01:00
Valerio Setti
2833050bb6 test_suite_pk: fix guards in pk_psa_sign() 
If the public key is exported with mbedtls_pk_write_pubkey_der()
it should be re-imported with mbedtls_pk_parse_public_key().
Alternative options (when PK_WRITE is not defined), i.e.
mbedtls_ecp_point_write_binary() and mbedtls_rsa_write_pubkey(),
export the key in a different format which cannot be parsed by
pk_parse module so mbedtls_ecp_point_read_binary() and
mbedtls_rsa_parse_pubkey() should be used respectively in this
case.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-03-21 05:24:12 +01:00
Valerio Setti
144c27b0f3 pkwrite: add new internal symbol for the max supported public key DER length 
This is also used in pk_psa_sign() to properly size buffers holding
the public key.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-03-20 17:10:35 +01:00
Valerio Setti
027796c0cc test_suite_pk: uniformly generate RSA and EC keys in pk_psa_sign() 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-03-20 16:55:35 +01:00
Valerio Setti
6fb2586dfd test_suite_pk: fix guards in pk_psa_sign() 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-03-20 16:55:14 +01:00
Valerio Setti
1b533ab205 test_suite_pk: test also RSA OAEP in pk_wrap_rsa_decrypt_test_vec() 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-03-20 15:43:33 +01:00
Valerio Setti
480dfc7ad7 test_suite_pk: fix guards in pk_psa_sign() 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-03-20 12:24:29 +01:00
Valerio Setti
237424b84f test_suite_pk: simplify pk_copy_from_psa_success() 
Use mbedtls_test_key_consistency_psa_pk() to verify that the
generated PK contexts match with the original PSA keys instead
of doing sign/verify and encrypt/decrypt.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-03-20 12:10:38 +01:00
Minos Galanakis
b70f0fd9a9 Merge branch 'development' into 'development-restricted' 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2024-03-19 22:24:40 +00:00
Valerio Setti
f71c060cb2 test_suite_pk: properly size buffers for public keys in pk_psa_sign() 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-03-19 19:35:37 +01:00
Valerio Setti
aa9cc49879 test_suite_pk: test also RSA keys with PKCS1 v2.1 padding mode in pk_psa_sign() 
Previously only only PKCS1 v1.5 was tested.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-03-19 19:03:55 +01:00
Valerio Setti
d971b7834b test_suite_pk: fix RSA issue in pk_psa_sign() when !PK_[PARSE|WRITE]_C are defined 
This bug was not found until now because:
- !PK_[WRITE|PARSE]_C is only tested in component_full_no_pkparse_pkwrite()
- the test only case concerning RSA key had MBEDTLS_PK_WRITE_C as dependency
  so it was not executed in that component.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-03-19 15:55:32 +01:00