Commit Graph

5444 Commits

Author SHA1 Message Date
pespacek
55dfd8bb0a BUGFIX: PSA test vectors use UID 1 instead of 0.
Test vector to test rejection of uid = 0 was added.

Signed-off-by: pespacek <peter.spacek@silabs.com>
2022-02-16 15:48:40 +01:00
pespacek
ecaca12612 TEST: added psa_its_set expected failure test
Signed-off-by: pespacek <peter.spacek@silabs.com>
2022-02-16 15:48:00 +01:00
Ronald Cron
97f188289d
Merge pull request #5502 from AndrzejKurek/backport-2-18-import-opaque-driver-wrappers
Backport 2.28 - Add tests for an opaque import in the driver wrappers
2022-02-07 11:14:02 +01:00
Manuel Pégourié-Gonnard
8b8760885e
Merge pull request #5465 from gilles-peskine-arm/cmake-test-suite-enumeration-2.28
Backport 2.28: CMake: generate the list of test suites automatically
2022-02-07 09:48:24 +01:00
Andrzej Kurek
d0c6a84dca Test driver: keep variable declarations first
Followed by hook calls, and sanity checks last.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-02-04 09:14:39 -05:00
Andrzej Kurek
28a7c06281 Test drivers: rename import call source to driver location
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-02-04 09:14:39 -05:00
Andrzej Kurek
981a0ceeee Formatting and documentation fixes
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-02-04 09:14:39 -05:00
Andrzej Kurek
96c8f9e89d Add tests for import hooks in the driver wrappers
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-02-04 09:14:39 -05:00
Gilles Peskine
d4c5c3d231 Remove obsolete calls to if_build_succeeded
This is now a no-op.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-02-04 00:37:49 +01:00
Gilles Peskine
fdddb9de8f Remove obsolete variable restoration or unset at the end of a component
This is no longer useful now that components run in a subshell.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-02-04 00:36:23 +01:00
Gilles Peskine
717d55edbe Remove obsolete cd at the end of a component
This is no longer useful now that components run in a subshell.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-02-04 00:36:14 +01:00
Gilles Peskine
ca9cfcaed9 Stop CMake out of source tests running on 16.04 (continued)
The race condition mentioned in the previous commit
"Stop CMake out of source tests running on 16.04"
has also been observed with test_cmake_as_subdirectory on 3.1 and can
presumably happen on 2.28 as well. So skip it on Ubuntu 16.04 as well.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-02-04 00:35:14 +01:00
Manuel Pégourié-Gonnard
349a059f5f
Merge pull request #5461 from gilles-peskine-arm/ssl-opt-self-signed-positive-2.28
Backport 2.28: Add positive test case with self-signed certificates
2022-02-03 11:33:59 +01:00
Manuel Pégourié-Gonnard
ca664c74a6
Merge pull request #5255 from AndrzejKurek/chacha-iv-len-16-fixes-2.x
Backport 2.28: Return an error from `mbedtls_cipher_set_iv` for an invalid IV length with ChaCha20 and ChaCha20+Poly
2022-02-03 11:31:34 +01:00
Andrzej Kurek
19d6ab0fb8 Enable testing with PSA for config-mini-tls1_1
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-01-27 11:01:24 -05:00
Andrzej Kurek
19e83fa3a5 Restructure test-ref-configs to test with USE_PSA_CRYPTO turned on
Run some of the test configs twice, enabling MBEDTLS_USE_PSA_CRYPTO
and MBEDTLS_PSA_CRYPTO_C in one of the runs.
Add relevant comments in these configs.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-01-26 07:45:43 -05:00
Andrzej Kurek
e001596d83 Add missing MBEDTLS_ASN1_WRITE_C dependency in test_suite_psa_crypto
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-01-26 07:45:43 -05:00
Andrzej Kurek
c60cc1d7be Add missing dependency on MBEDTLS_GCM_C in cipher tests
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-01-26 07:45:43 -05:00
Andrzej Kurek
53ad763848 Mark unused variable in tests for cases with reduced configs
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-01-26 07:45:43 -05:00
Gilles Peskine
3df1dae6c0 CMake: generate the list of test suites automatically
We keep forgetting to register new test suites in tests/CMakeLists.txt. To
fix this problem once and for all, remove the need for manual registration.

The following test suites were missing:
  test_suite_cipher.aria
  test_suite_psa_crypto_driver_wrappers

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-01-25 23:28:51 +01:00
Gilles Peskine
8c681b7290 Add positive test case with self-signed certificates
Add a positive test case where both the client and the server require
authentication and both use a non-CA self-signed certificate.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-01-25 17:09:19 +01:00
Gilles Peskine
4ed2844405
Merge pull request #5312 from gilles-peskine-arm/add_list_config_function-2.x
Backport 2.x: Add list config function
2021-12-20 22:08:01 +01:00
Dave Rodgman
d41dab39c5 Bump version to 2.28.0
Executed ./scripts/bump_version.sh --version 2.28.0 --so-tls 14

Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2021-12-15 11:55:31 +00:00
Dave Rodgman
08412e2a67 Merge remote-tracking branch 'restricted/development_2.x-restricted' into mbedtls-2.28.0rc0-pr
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2021-12-14 12:52:51 +00:00
Paul Elliott
5752b4b7d0 Add expected output for tests
Expected output generated by OpenSSL (see below) apart from the case
where both password and salt are either NULL or zero length, as OpenSSL
does not support this. For these test cases we have had to use our own
output as that which is expected. Code to generate test cases is as
follows:

 #include <openssl/pkcs12.h>
 #include <openssl/evp.h>
 #include <string.h>

int Keygen_Uni( const char * test_name, unsigned char *pass, int
    passlen, unsigned char *salt,
                    int saltlen, int id, int iter, int n,
                                    unsigned char *out, const EVP_MD
                                    *md_type )
{
   size_t index;

   printf( "%s\n", test_name );

   int ret = PKCS12_key_gen_uni( pass, passlen, salt, saltlen, id, iter,
                                        n, out, md_type );

   if( ret != 1 )
   {
         printf( "Key generation returned %d\n", ret );
      }
   else
   {
         for( index = 0; index < n; ++index )
         {
                  printf( "%02x", out[index] );
               }

         printf( "\n" );
      }

   printf( "\n" );

}

int main(void)
{
   unsigned char out_buf[48];
   unsigned char pass[64];
   int pass_len;
   unsigned char salt[64];
   int salt_len;

   /* If ID=1, then the pseudorandom bits being produced are to be used
      as key material for performing encryption or decryption.

            If ID=2, then the pseudorandom bits being produced are to be
            used as an IV (Initial Value) for encryption or decryption.

                  If ID=3, then the pseudorandom bits being produced are
                  to be used as an integrity key for MACing.
                     */

   int id = 1;
   int iter = 3;

   memset( out_buf, 0, sizeof( out_buf ) );
   memset( pass, 0, sizeof( pass ) );
   memset( salt, 0, sizeof( salt ) );

   Keygen_Uni( "Zero length pass and salt", pass, 0, salt, 0, id, iter,
       sizeof(out_buf),
                      out_buf, EVP_md5( ) );

   memset( out_buf, 0, sizeof( out_buf ) );

   Keygen_Uni( "NULL pass and salt", NULL, 0, NULL, 0, id, iter,
       sizeof(out_buf),
                      out_buf, EVP_md5( ) );

   memset( out_buf, 0, sizeof( out_buf ) );

   salt[0] = 0x01;
   salt[1] = 0x23;
   salt[2] = 0x45;
   salt[3] = 0x67;
   salt[4] = 0x89;
   salt[5] = 0xab;
   salt[6] = 0xcd;
   salt[7] = 0xef;

   Keygen_Uni( "Zero length pass", pass, 0, salt, 8, id, iter,
       sizeof(out_buf),
                      out_buf, EVP_md5( ) );

   memset( out_buf, 0, sizeof( out_buf ) );

   Keygen_Uni( "NULL pass", NULL, 0, salt, 8, id, iter, sizeof(out_buf),
                      out_buf, EVP_md5( ) );

   memset( out_buf, 0, sizeof( out_buf ) );
   memset( salt, 0, sizeof( salt ) );

   pass[0] = 0x01;
   pass[1] = 0x23;
   pass[2] = 0x45;
   pass[3] = 0x67;
   pass[4] = 0x89;
   pass[5] = 0xab;
   pass[6] = 0xcd;
   pass[7] = 0xef;

   Keygen_Uni( "Zero length salt", pass, 8, salt, 0, id, iter,
       sizeof(out_buf),
                      out_buf, EVP_md5( ) );

   memset( out_buf, 0, sizeof( out_buf ) );

   Keygen_Uni( "NULL salt", pass, 8, NULL, 0, id, iter, sizeof(out_buf),
                      out_buf, EVP_md5( ) );

   memset( out_buf, 0, sizeof( out_buf ) );

   salt[0] = 0x01;
   salt[1] = 0x23;
   salt[2] = 0x45;
   salt[3] = 0x67;
   salt[4] = 0x89;
   salt[5] = 0xab;
   salt[6] = 0xcd;
   salt[7] = 0xef;

   Keygen_Uni( "Valid pass and salt", pass, 8, salt, 8, id, iter,
       sizeof(out_buf),
                      out_buf, EVP_md5( ) );

   return 0;
}

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-12-13 11:15:28 +00:00
Paul Elliott
270a264b78 Simplify Input usage macros
Also ensure they are used in test data rather than values

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-12-13 11:14:45 +00:00
Paul Elliott
73051b4176 Rename (and relabel) pkcs12 test case
Remove surplus _test suffix. Change labeling from Pcks12 to PCKS#12 as
it should be.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-12-13 11:14:45 +00:00
Paul Elliott
8ca8f2d163 Remove incorrect test dependency
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-12-13 11:14:45 +00:00
Paul Elliott
2ab9a7a57a Stop CMake out of source tests running on 16.04
Running the out of source CMake test on Ubuntu 16.04 using more than one
processor (as the CI does) can create a race condition whereby the build
fails to see a generated file, despite that file actually having been
generated. This problem appears to go away with 18.04 or newer, so make
the out of source tests not supported on Ubuntu 16.04

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-12-13 11:14:45 +00:00
Paul Elliott
1a3540afbe Fix missing test dependancies
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-12-13 11:14:45 +00:00
Paul Elliott
13d5a3429a Add PKCS12 tests
Only regression tests for the empty password bugs for now. Further tests
will follow later.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-12-13 11:14:23 +00:00
Jerry Yu
969c01a234 Beauty source code
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-12-10 20:19:05 +01:00
Jerry Yu
cf080ce821 fix ci fail
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-12-10 20:19:05 +01:00
Jerry Yu
bbfa1d8c19 Replace configs_enabled check with query_compile_time_config
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-12-10 20:19:05 +01:00
Gilles Peskine
3fc0d30447 Don't fail until everything is initialized
Can't call mbedtls_cipher_free(&invalid_ctx) in cleanup if
mbedtls_cipher_init(&invalid_ctx) hasn't been called.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-12-10 14:45:41 +01:00
Paul Elliott
68b64cd64c Add checked return to cipher setup
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-12-09 21:37:23 +00:00
Ronald Cron
620cbb9bf5
Merge pull request #5262 from xffbai/code-align-backport2.x
Backport 2.x: Fix (d)tls1_2 into (d)tls12 in version options
2021-12-09 16:26:24 +01:00
Manuel Pégourié-Gonnard
c3319e73db
Merge pull request #5189 from gilles-peskine-arm/struct_reordering_2.x
Backport 2.x: Reorder structure fields to maximize usage of immediate offset access
2021-12-09 12:54:13 +01:00
Gabor Mezei
f554ce21b8
Delete base64_invasive.h due to functions are moved to the constant-time module
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2021-12-08 16:20:27 +01:00
Gabor Mezei
46f79c388d
Move mbedtls_ct_uchar_mask_of_range function to the constant-time module
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2021-12-08 16:19:41 +01:00
Gabor Mezei
7464f37e7b
Rename functions to have suitable name
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2021-12-08 16:19:23 +01:00
Gilles Peskine
1e313165f3
Merge pull request #5258 from gilles-peskine-arm/pip-requirements-2.x
Backport 2.x: In-tree Python package requirements
2021-12-03 17:25:56 +01:00
Xiaofei Bai
f40545d919 Fix (d)tls1_2 into (d)tls12 in version options
Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com>
2021-12-03 08:13:30 +00:00
Gilles Peskine
3f5f7df75b Remove accidental requirement on the worktree content
This made the build impossible since mbedtls isn't available when building
the container.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-12-02 13:19:19 +01:00
Gilles Peskine
ce8ccaf55b Docker: Python requirements are now managed in-tree
Neither mbed-host-tests nor mock are currently used.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-12-02 13:07:58 +01:00
Andrzej Kurek
e6728203d2 Add a missing test case to ChaCha20 tests - decrypt empty buffer
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2021-12-02 09:32:15 +01:00
Andrzej Kurek
d353043380 Return an error for IV lengths other than 12 with ChaCha20+Poly1305
The implementation was silently overwriting the IV length to 12
even though the caller passed a different value.
Change the behavior to signal that a different length is not supported.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2021-12-02 09:31:58 +01:00
Andrzej Kurek
5375fd9a3f Return an error for IV lengths other than 12 with ChaCha20
The implementation was silently overwriting the IV length to 12
even though the caller passed a different value.
Change the behavior to signal that a different length is not supported.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2021-12-02 09:29:49 +01:00
Ronald Cron
bdea4d4d8b psa: Fix and improve comments
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-11-30 14:49:19 +01:00
Ronald Cron
0962370acf all.sh: psa: Add cipher acceleration test component
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-11-30 14:49:19 +01:00