Merge remote-tracking branch 'tls/development' into development

Merge Mbed TLS at f790a6cbee into Mbed Crypto.

Resolve conflicts by performing the following:
    - Reject changes to README.md
    - Don't add crypto as a submodule
    - Remove test/ssl_cert_test from programs/Makefile
    - Add cipher.nist_kw test to tests/CMakeLists.txt
    - Reject removal of crypto-specific all.sh tests
    - Reject update to SSL-specific portion of component_test_valgrind
      in all.sh
    - Reject addition of ssl-opt.sh testing to component_test_m32_o1 in
      all.sh

* tls/development: (87 commits)
  Call mbedtls_cipher_free() to reset a cipher context
  Don't call mbedtls_cipher_setkey twice
  Update crypto submodule
  Minor fixes in get certificate policies oid test
  Add certificate policy oid x509 extension
  cpp_dummy_build: Add missing header psa_util.h
  Clarify comment mangled by an earlier refactoring
  Add an "out-of-box" component
  Run ssl-opt.sh on 32-bit runtime
  Don't use debug level 1 for informational messages
  Skip uncritical unsupported extensions
  Give credit to OSS-Fuzz for #2404
  all.sh: remove component_test_new_ecdh_context
  Remove crypto-only related components from all.sh
  Remove ssl_cert_test sample app
  Make CRT callback tests more robust
  Rename constant in client2.c
  Document and test flags in x509_verify
  Fix style issues and a typo
  Fix a rebase error
  ...

tests/CMakeLists.txt

@@ -97,6 +97,7 @@ add_test_suite(cipher cipher.chachapoly)
 add_test_suite(cipher cipher.des)
 add_test_suite(cipher cipher.gcm)
 add_test_suite(cipher cipher.misc)
+add_test_suite(cipher cipher.nist_kw)
 add_test_suite(cipher cipher.null)
 add_test_suite(cipher cipher.padding)
 add_test_suite(cmac)

tests/data_files/Makefile

@@ -153,7 +153,7 @@ test-int-ca3-badsign.crt: test-int-ca3.crt
 all_final += test-int-ca3-badsign.crt
 server10_int3-bs.pem: server10.crt test-int-ca3-badsign.crt
 	cat server10.crt test-int-ca3-badsign.crt > $@
-all_final += server10-bs_int3-bs.pem
+all_final += server10_int3-bs.pem
 
 rsa_pkcs1_2048_public.pem: server8.key
 	$(OPENSSL)  rsa -in $< -outform PEM -RSAPublicKey_out -out $@

tests/scripts/all.sh

@@ -549,6 +549,17 @@ component_check_doxygen_warnings () {
 #### Build and test many configurations and targets
 ################################################################
 
+component_test_default_out_of_box () {
+    msg "build: make, default config (out-of-box)" # ~1min
+    make
+
+    msg "test: main suites make, default config (out-of-box)" # ~10s
+    make test
+
+    msg "selftest: make, default config (out-of-box)" # ~10s
+    programs/test/selftest
+}
+
 component_test_default_cmake_gcc_asan () {
     msg "build: cmake, gcc, ASan" # ~ 1 min 50s
     CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
@@ -797,6 +808,9 @@ component_test_m32_o1 () {
     # Build again with -O1, to compile in the i386 specific inline assembly
     msg "build: i386, make, gcc -O1 (ASan build)" # ~ 30s
     scripts/config.pl full
+    scripts/config.pl unset MBEDTLS_MEMORY_BACKTRACE
+    scripts/config.pl unset MBEDTLS_MEMORY_BUFFER_ALLOC_C
+    scripts/config.pl unset MBEDTLS_MEMORY_DEBUG
     make CC=gcc CFLAGS='-O1 -Werror -Wall -Wextra -m32 -fsanitize=address'
 
     msg "test: i386, make, gcc -O1 (ASan build)"
@@ -1061,6 +1075,9 @@ component_test_zeroize () {
     unset gdb_disable_aslr
 }
 
+support_check_python_files () {
+    type pylint3 >/dev/null 2>/dev/null
+}
 component_check_python_files () {
     msg "Lint: Python scripts"
     record_status tests/scripts/check-python-files.sh

tests/scripts/check-files.py

@@ -19,14 +19,23 @@ import codecs
 import sys
 
 
-class IssueTracker(object):
-    """Base class for issue tracking. Issues should inherit from this and
-    overwrite either issue_with_line if they check the file line by line, or
-    overwrite check_file_for_issue if they check the file as a whole."""
+class FileIssueTracker(object):
+    """Base class for file-wide issue tracking.
+
+    To implement a checker that processes a file as a whole, inherit from
+    this class and implement `check_file_for_issue` and define ``heading``.
+
+    ``files_exemptions``: files whose name ends with a string in this set
+     will not be checked.
+
+    ``heading``: human-readable description of the issue
+    """
+
+    files_exemptions = frozenset()
+    # heading must be defined in derived classes.
+    # pylint: disable=no-member
 
     def __init__(self):
-        self.heading = ""
-        self.files_exemptions = []
         self.files_with_issues = {}
 
     def should_check_file(self, filepath):
@@ -35,23 +44,14 @@ class IssueTracker(object):
                 return False
         return True
 
-    def issue_with_line(self, line):
-        raise NotImplementedError
-
     def check_file_for_issue(self, filepath):
-        with open(filepath, "rb") as f:
-            for i, line in enumerate(iter(f.readline, b"")):
-                self.check_file_line(filepath, line, i + 1)
+        raise NotImplementedError
 
     def record_issue(self, filepath, line_number):
         if filepath not in self.files_with_issues.keys():
             self.files_with_issues[filepath] = []
         self.files_with_issues[filepath].append(line_number)
 
-    def check_file_line(self, filepath, line, line_number):
-        if self.issue_with_line(line):
-            self.record_issue(filepath, line_number)
-
     def output_file_issues(self, logger):
         if self.files_with_issues.values():
             logger.info(self.heading)
@@ -64,24 +64,44 @@ class IssueTracker(object):
                     logger.info(filename)
             logger.info("")
 
+class LineIssueTracker(FileIssueTracker):
+    """Base class for line-by-line issue tracking.
 
-class PermissionIssueTracker(IssueTracker):
+    To implement a checker that processes files line by line, inherit from
+    this class and implement `line_with_issue`.
+    """
 
-    def __init__(self):
-        super().__init__()
-        self.heading = "Incorrect permissions:"
+    def issue_with_line(self, line, filepath):
+        raise NotImplementedError
+
+    def check_file_line(self, filepath, line, line_number):
+        if self.issue_with_line(line, filepath):
+            self.record_issue(filepath, line_number)
 
     def check_file_for_issue(self, filepath):
-        if not (os.access(filepath, os.X_OK) ==
-                filepath.endswith((".sh", ".pl", ".py"))):
+        with open(filepath, "rb") as f:
+            for i, line in enumerate(iter(f.readline, b"")):
+                self.check_file_line(filepath, line, i + 1)
+
+class PermissionIssueTracker(FileIssueTracker):
+    """Track files with bad permissions.
+
+    Files that are not executable scripts must not be executable."""
+
+    heading = "Incorrect permissions:"
+
+    def check_file_for_issue(self, filepath):
+        is_executable = os.access(filepath, os.X_OK)
+        should_be_executable = filepath.endswith((".sh", ".pl", ".py"))
+        if is_executable != should_be_executable:
             self.files_with_issues[filepath] = None
 
 
-class EndOfFileNewlineIssueTracker(IssueTracker):
+class EndOfFileNewlineIssueTracker(FileIssueTracker):
+    """Track files that end with an incomplete line
+    (no newline character at the end of the last line)."""
 
-    def __init__(self):
-        super().__init__()
-        self.heading = "Missing newline at end of file:"
+    heading = "Missing newline at end of file:"
 
     def check_file_for_issue(self, filepath):
         with open(filepath, "rb") as f:
@@ -89,11 +109,11 @@ class EndOfFileNewlineIssueTracker(IssueTracker):
                 self.files_with_issues[filepath] = None
 
 
-class Utf8BomIssueTracker(IssueTracker):
+class Utf8BomIssueTracker(FileIssueTracker):
+    """Track files that start with a UTF-8 BOM.
+    Files should be ASCII or UTF-8. Valid UTF-8 does not start with a BOM."""
 
-    def __init__(self):
-        super().__init__()
-        self.heading = "UTF-8 BOM present:"
+    heading = "UTF-8 BOM present:"
 
     def check_file_for_issue(self, filepath):
         with open(filepath, "rb") as f:
@@ -101,79 +121,76 @@ class Utf8BomIssueTracker(IssueTracker):
                 self.files_with_issues[filepath] = None
 
 
-class LineEndingIssueTracker(IssueTracker):
+class LineEndingIssueTracker(LineIssueTracker):
+    """Track files with non-Unix line endings (i.e. files with CR)."""
 
-    def __init__(self):
-        super().__init__()
-        self.heading = "Non Unix line endings:"
+    heading = "Non Unix line endings:"
 
-    def issue_with_line(self, line):
+    def issue_with_line(self, line, _filepath):
         return b"\r" in line
 
 
-class TrailingWhitespaceIssueTracker(IssueTracker):
+class TrailingWhitespaceIssueTracker(LineIssueTracker):
+    """Track lines with trailing whitespace."""
 
-    def __init__(self):
-        super().__init__()
-        self.heading = "Trailing whitespace:"
-        self.files_exemptions = [".md"]
+    heading = "Trailing whitespace:"
+    files_exemptions = frozenset(".md")
 
-    def issue_with_line(self, line):
+    def issue_with_line(self, line, _filepath):
         return line.rstrip(b"\r\n") != line.rstrip()
 
 
-class TabIssueTracker(IssueTracker):
+class TabIssueTracker(LineIssueTracker):
+    """Track lines with tabs."""
 
-    def __init__(self):
-        super().__init__()
-        self.heading = "Tabs present:"
-        self.files_exemptions = [
-            "Makefile", "generate_visualc_files.pl"
-        ]
+    heading = "Tabs present:"
+    files_exemptions = frozenset([
+        "Makefile",
+        "generate_visualc_files.pl",
+    ])
 
-    def issue_with_line(self, line):
+    def issue_with_line(self, line, _filepath):
         return b"\t" in line
 
 
-class MergeArtifactIssueTracker(IssueTracker):
+class MergeArtifactIssueTracker(LineIssueTracker):
+    """Track lines with merge artifacts.
+    These are leftovers from a ``git merge`` that wasn't fully edited."""
 
-    def __init__(self):
-        super().__init__()
-        self.heading = "Merge artifact:"
+    heading = "Merge artifact:"
 
-    def issue_with_line(self, filepath, line):
+    def issue_with_line(self, line, _filepath):
         # Detect leftover git conflict markers.
         if line.startswith(b'<<<<<<< ') or line.startswith(b'>>>>>>> '):
             return True
         if line.startswith(b'||||||| '): # from merge.conflictStyle=diff3
             return True
         if line.rstrip(b'\r\n') == b'=======' and \
-           not filepath.endswith('.md'):
+           not _filepath.endswith('.md'):
             return True
         return False
 
-    def check_file_line(self, filepath, line, line_number):
-        if self.issue_with_line(filepath, line):
-            self.record_issue(filepath, line_number)
+class TodoIssueTracker(LineIssueTracker):
+    """Track lines containing ``TODO``."""
 
-class TodoIssueTracker(IssueTracker):
+    heading = "TODO present:"
+    files_exemptions = frozenset([
+        os.path.basename(__file__),
+        "benchmark.c",
+        "pull_request_template.md",
+    ])
 
-    def __init__(self):
-        super().__init__()
-        self.heading = "TODO present:"
-        self.files_exemptions = [
-            os.path.basename(__file__),
-            "benchmark.c",
-            "pull_request_template.md",
-        ]
-
-    def issue_with_line(self, line):
+    def issue_with_line(self, line, _filepath):
         return b"todo" in line.lower()
 
 
 class IntegrityChecker(object):
+    """Sanity-check files under the current directory."""
 
     def __init__(self, log_file):
+        """Instantiate the sanity checker.
+        Check files under the current directory.
+        Write a report of issues to log_file."""
         self.check_repo_path()
         self.logger = None
         self.setup_logger(log_file)
@@ -197,7 +214,8 @@ class IntegrityChecker(object):
             TodoIssueTracker(),
         ]
 
-    def check_repo_path(self):
+    @staticmethod
+    def check_repo_path():
         if not all(os.path.isdir(d) for d in ["include", "library", "tests"]):
             raise Exception("Must be run from Mbed TLS root")
 

tests/scripts/check-python-files.sh

@@ -9,10 +9,4 @@
 # Run 'pylint' on Python files for programming errors and helps enforcing
 # PEP8 coding standards.
 
-if `hash pylint > /dev/null 2>&1`; then
-    pylint -j 2 tests/scripts/generate_test_code.py --rcfile .pylint
-    pylint -j 2 tests/scripts/test_generate_test_code.py --rcfile .pylint
-    pylint -j 2 tests/scripts/mbedtls_test.py --rcfile .pylint
-else
-    echo "$0: WARNING: 'pylint' not found! Skipping checks on Python files."
-fi
+pylint3 -j 2 scripts/*.py tests/scripts/*.py

tests/scripts/generate_test_code.py

@@ -238,7 +238,7 @@ class FileWrapper(io.FileIO, object):
         if hasattr(parent, '__next__'):
             line = parent.__next__()  # Python 3
         else:
-            line = parent.next()  # Python 2
+            line = parent.next()  # Python 2 # pylint: disable=no-member
         if line is not None:
             self._line_no += 1
             # Convert byte array to string with correct encoding and

tests/scripts/mbedtls_test.py

@@ -37,7 +37,8 @@ https://github.com/ARMmbed/greentea
 import re
 import os
 import binascii
-from mbed_host_tests import BaseHostTest, event_callback
+
+from mbed_host_tests import BaseHostTest, event_callback # pylint: disable=import-error
 
 
 class TestDataParserError(Exception):

tests/scripts/test_generate_test_code.py

@@ -22,7 +22,7 @@
 Unit tests for generate_test_code.py
 """
 
-
+# pylint: disable=wrong-import-order
 try:
     # Python 2
     from StringIO import StringIO
@@ -36,6 +36,7 @@ try:
 except ImportError:
     # Python 3
     from unittest.mock import patch
+# pylint: enable=wrong-import-order
 from generate_test_code import gen_dependencies, gen_dependencies_one_line
 from generate_test_code import gen_function_wrapper, gen_dispatch
 from generate_test_code import parse_until_pattern, GeneratorInputError
@@ -336,6 +337,7 @@ class StringIOWrapper(StringIO, object):
         :param length:
         :return:
         """
+        # pylint: disable=unused-argument
         line = super(StringIOWrapper, self).readline()
         if line is not None:
             self.line_no += 1

tests/suites/test_suite_cipher.function

@@ -1011,6 +1011,23 @@ void auth_crypt_tv( int cipher_id, data_t * key, data_t * iv,
     TEST_ASSERT( memcmp( output, clear->x, clear->len ) == 0 );
 
     /* then encrypt the clear->x and make sure we get the same ciphertext and tag->x */
+    mbedtls_cipher_free( &ctx );
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+    if( use_psa == 1 )
+    {
+        TEST_ASSERT( 0 == mbedtls_cipher_setup_psa( &ctx,
+                              mbedtls_cipher_info_from_type( cipher_id ),
+                              tag->len ) );
+    }
+    else
+#endif
+    {
+        TEST_ASSERT( 0 == mbedtls_cipher_setup( &ctx,
+                              mbedtls_cipher_info_from_type( cipher_id ) ) );
+    }
+    TEST_ASSERT( 0 == mbedtls_cipher_setkey( &ctx, key->x, 8 * key->len,
+                                             MBEDTLS_ENCRYPT ) );
+
     memset( output, 0xFF, sizeof( output ) );
     outlen = 0;
 
@@ -1023,7 +1040,7 @@ void auth_crypt_tv( int cipher_id, data_t * key, data_t * iv,
                                output_tag, tag->len );
     TEST_ASSERT( ret == 0 );
 
-    TEST_ASSERT( outlen == clear->len );
+    TEST_ASSERT( outlen == cipher->len );
     TEST_ASSERT( memcmp( output, cipher->x, cipher->len ) == 0 );
     TEST_ASSERT( memcmp( output_tag, tag->x, tag->len ) == 0 );
 

tests/suites/test_suite_cipher.nist_kw.data

@@ -0,0 +1,271 @@
+KW AES-128 wrap rfc 3394
+depends_on:MBEDTLS_AES_C:MBEDTLS_NIST_KW_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_KW:"000102030405060708090A0B0C0D0E0F":"":"":"1FA68B0A8112B447AEF34BD8FB5A7B829D3E862371D2CFE5":"":"":"00112233445566778899AABBCCDDEEFF":0
+
+KW AES-192 wrap rfc 3394
+depends_on:MBEDTLS_AES_C:MBEDTLS_NIST_KW_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_KW:"000102030405060708090A0B0C0D0E0F1011121314151617":"":"":"96778B25AE6CA435F92B5B97C050AED2468AB8A17AD84E5D":"":"":"00112233445566778899AABBCCDDEEFF":0
+
+KW AES-256 wrap rfc 3394
+depends_on:MBEDTLS_AES_C:MBEDTLS_NIST_KW_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_KW:"000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F":"":"":"A8F9BC1612C68B3FF6E6F4FBE30E71E4769C8B80A32CB8958CD5D17D6B254DA1":"":"":"00112233445566778899AABBCCDDEEFF0001020304050607":0
+
+KW AES-256 wrap rfc 3394
+depends_on:MBEDTLS_AES_C:MBEDTLS_NIST_KW_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_KW:"000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F":"":"":"64E8C3F9CE0F5BA263E9777905818A2A93C8191E7D6E8AE7":"":"":"00112233445566778899AABBCCDDEEFF":0
+
+KWP AES-192 RFC 5649
+depends_on:MBEDTLS_AES_C:MBEDTLS_NIST_KW_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_KWP:"5840df6e29b02af1ab493b705bf16ea1ae8338f4dcc176a8"::"":"":"138bdeaa9b8fa7fc61f97742e72248ee5ae6ae5360d1ae6a5f54f373fa543b6a":"":"":"c37b7e6492584340bed12207808941155068f738":0
+
+KWP AES-192 RFC 5649
+depends_on:MBEDTLS_AES_C:MBEDTLS_NIST_KW_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_KWP:"5840df6e29b02af1ab493b705bf16ea1ae8338f4dcc176a8"::"":"":"138bdeaa9b8fa7fc61f97742e72248ee5ae6ae5360d1ae6a5f54f373fa543b6a":"":"":"c37b7e6492584340bed12207808941155068f738":0
+
+KWP AES-128 1 byte input
+depends_on:MBEDTLS_AES_C:MBEDTLS_NIST_KW_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_KWP:"00000000000000000000000000000000"::"":"":"A9D2D4394815D53F2799ABD7E51D2C8B":"":"":"00":0
+
+KWP AES-128 2 byte input
+depends_on:MBEDTLS_AES_C:MBEDTLS_NIST_KW_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_KWP:"00000000000000000000000000000000"::"":"":"36D0CA197F638BF478D022C7E543B699":"":"":"0001":0
+
+KWP AES-128 3 byte input
+depends_on:MBEDTLS_AES_C:MBEDTLS_NIST_KW_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_KWP:"00000000000000000000000000000000"::"":"":"DAB4EE2853E1C44C5E553E644143902B":"":"":"000102":0
+
+KWP AES-128 4 byte input
+depends_on:MBEDTLS_AES_C:MBEDTLS_NIST_KW_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_KWP:"00000000000000000000000000000000"::"":"":"446C037F831092B147C372616357BF7D":"":"":"00010203":0
+
+KWP AES-128 5 byte input
+depends_on:MBEDTLS_AES_C:MBEDTLS_NIST_KW_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_KWP:"00000000000000000000000000000000"::"":"":"9ED0AF6457B82E0DDADBD2240A303D74":"":"":"0001020304":0
+
+KWP AES-128 6 byte input
+depends_on:MBEDTLS_AES_C:MBEDTLS_NIST_KW_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_KWP:"00000000000000000000000000000000"::"":"":"D863A8CE0DF301A564945259B4F74E7D":"":"":"000102030405":0
+
+KWP AES-128 7 byte input
+depends_on:MBEDTLS_AES_C:MBEDTLS_NIST_KW_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_KWP:"00000000000000000000000000000000"::"":"":"E8387E5456242B0C30BE77FC1FF0C1FD":"":"":"00010203040506":0
+
+KWP AES-128 8 byte input
+depends_on:MBEDTLS_AES_C:MBEDTLS_NIST_KW_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_KWP:"00000000000000000000000000000000"::"":"":"01FF4C430CDF3D2D815B0972B23D7C35":"":"":"0001020304050607":0
+
+KWP AES-128 9 byte input
+depends_on:MBEDTLS_AES_C:MBEDTLS_NIST_KW_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_KWP:"00000000000000000000000000000000"::"":"":"C06E2163E0CC845B348E012AC9413DEEE40C8C3B030A3681":"":"":"000102030405060708":0
+
+KWP AES-128 10 byte input
+depends_on:MBEDTLS_AES_C:MBEDTLS_NIST_KW_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_KWP:"00000000000000000000000000000000"::"":"":"3DFD2F643C38B07E121C77C2CA0EF82DA742B0989B6D848E":"":"":"00010203040506070809":0
+
+KWP AES-128 11 byte input
+depends_on:MBEDTLS_AES_C:MBEDTLS_NIST_KW_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_KWP:"00000000000000000000000000000000"::"":"":"AFAEF390634E21E754FD09F55A4EDD918A1D23ECA9B76F2B":"":"":"000102030405060708090A":0
+
+KWP AES-128 12 byte input
+depends_on:MBEDTLS_AES_C:MBEDTLS_NIST_KW_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_KWP:"00000000000000000000000000000000"::"":"":"A42D14C830F64F0A73570BFA7FDF8DDDD5E3AD3065A09FB0":"":"":"000102030405060708090A0B":0
+
+KWP AES-128 13 byte input
+depends_on:MBEDTLS_AES_C:MBEDTLS_NIST_KW_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_KWP:"00000000000000000000000000000000"::"":"":"83F23527625FC643942279D090C1B61D10FC978B54D778CD":"":"":"000102030405060708090A0B0C":0
+
+KWP AES-128 14 byte input
+depends_on:MBEDTLS_AES_C:MBEDTLS_NIST_KW_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_KWP:"00000000000000000000000000000000"::"":"":"E073C30E0DAC595F9FD28A0CB9E53945B26D1E1DE4E66D04":"":"":"000102030405060708090A0B0C0D":0
+
+KWP AES-128 15 byte input
+depends_on:MBEDTLS_AES_C:MBEDTLS_NIST_KW_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_KWP:"00000000000000000000000000000000"::"":"":"64E3C2F7E0F7CB297C6B8C4CAF665F9F0A3F7082D2522635":"":"":"000102030405060708090A0B0C0D0E":0
+
+KWP AES-128 16 byte input
+depends_on:MBEDTLS_AES_C:MBEDTLS_NIST_KW_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_KWP:"00000000000000000000000000000000"::"":"":"8F5982C7D265A0A40FC81D2326429A0A65BCD1368F0E16CB":"":"":"000102030405060708090A0B0C0D0E0F":0
+
+KWP AES-128 17 byte input
+depends_on:MBEDTLS_AES_C:MBEDTLS_NIST_KW_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_KWP:"00000000000000000000000000000000"::"":"":"E29EC6664BCBA00986DD9845F8C4B26472BFDDF98522E537B5D23D5D2A8D02C5":"":"":"000102030405060708090A0B0C0D0E0F10":0
+
+KWP AES-128 18 byte input
+depends_on:MBEDTLS_AES_C:MBEDTLS_NIST_KW_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_KWP:"00000000000000000000000000000000"::"":"":"9451ABCA0B9756A183F8C9ADA834E1AD2400B693C33624E59F26C35AC1586E2B":"":"":"000102030405060708090A0B0C0D0E0F1011":0
+
+KWP AES-128 19 byte input
+depends_on:MBEDTLS_AES_C:MBEDTLS_NIST_KW_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_KWP:"00000000000000000000000000000000"::"":"":"F03CB49A65FD3EF8FC83C52F029A3D73667D5B84DB429C38436619ED8320D12E":"":"":"000102030405060708090A0B0C0D0E0F101112":0
+
+KWP AES-128 20 byte input
+depends_on:MBEDTLS_AES_C:MBEDTLS_NIST_KW_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_KWP:"00000000000000000000000000000000"::"":"":"759524B855037849812D62979A18F24D3E672C2663DEA9204BA5A639FB7DB292":"":"":"000102030405060708090A0B0C0D0E0F10111213":0
+
+KWP AES-128 21 byte input
+depends_on:MBEDTLS_AES_C:MBEDTLS_NIST_KW_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_KWP:"00000000000000000000000000000000"::"":"":"F352B8228FBFA0769C2E3858D7451FA603E9B751CFE780ED0F93C850C7870259":"":"":"000102030405060708090A0B0C0D0E0F1011121314":0
+
+KWP AES-128 22 byte input
+depends_on:MBEDTLS_AES_C:MBEDTLS_NIST_KW_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_KWP:"00000000000000000000000000000000"::"":"":"3491F4C8D916A1BC3824D1478EC746BE8C837415017ED52A1ABC30FB14DDE825":"":"":"000102030405060708090A0B0C0D0E0F101112131415":0
+
+KWP AES-128 23 byte input
+depends_on:MBEDTLS_AES_C:MBEDTLS_NIST_KW_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_KWP:"00000000000000000000000000000000"::"":"":"0E6E35C5B9D706C2FF2C4C6CFCF254849879D6C1CB577E0A73BB12CBC7AC9740":"":"":"000102030405060708090A0B0C0D0E0F10111213141516":0
+
+KWP AES-128 24 byte input
+depends_on:MBEDTLS_AES_C:MBEDTLS_NIST_KW_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_KWP:"00000000000000000000000000000000"::"":"":"E7DB580663B113B57489E1107F2DCAF7CF80629E7CE1839E1ED044ECD0299E79":"":"":"000102030405060708090A0B0C0D0E0F1011121314151617":0
+
+KWP AES-128 25 byte input
+depends_on:MBEDTLS_AES_C:MBEDTLS_NIST_KW_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_KWP:"00000000000000000000000000000000"::"":"":"883500DB91747BAD8C5E122ED2338F3BCB6B43064F5DA9D1303E165815EC8CC4C5BFD31AEAE1B6A3":"":"":"000102030405060708090A0B0C0D0E0F101112131415161718":0
+
+KWP AES-128 26 byte input
+depends_on:MBEDTLS_AES_C:MBEDTLS_NIST_KW_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_KWP:"00000000000000000000000000000000"::"":"":"24099AAAD4F19BF614ECC35DA9E3646F73AAFAA9C46975D4B56D72A332AF7EC4850B8294D94B7E1A":"":"":"000102030405060708090A0B0C0D0E0F10111213141516171819":0
+
+KWP AES-128 27 byte input
+depends_on:MBEDTLS_AES_C:MBEDTLS_NIST_KW_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_KWP:"00000000000000000000000000000000"::"":"":"C24F8CCE3425AC9638145A0DAC28B59368583FF3A7AAD85FBE1AEAAB5D23C0B128A1F9BC575B785A":"":"":"000102030405060708090A0B0C0D0E0F101112131415161718191A":0
+
+KWP AES-128 28 byte input
+depends_on:MBEDTLS_AES_C:MBEDTLS_NIST_KW_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_KWP:"00000000000000000000000000000000"::"":"":"EFD0BC7612331A98F2D68F86E606717197BF57E35114234C675D40E9462ACF00DE7860C0F38677F7":"":"":"000102030405060708090A0B0C0D0E0F101112131415161718191A1B":0
+
+KW AES-128 wrap CAVS 17.4 COUNT 0 PLEN 16
+depends_on:MBEDTLS_AES_C:MBEDTLS_NIST_KW_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_KW:"7575da3a93607cc2bfd8cec7aadfd9a6":"":"":"031f6bd7e61e643df68594816f64caa3f56fabea2548f5fb":"":"":"42136d3c384a3eeac95a066fd28fed3f":0
+
+KW AES-128 wrap CAVS 17.4 COUNT 0 PLEN 16
+depends_on:MBEDTLS_AES_C:MBEDTLS_NIST_KW_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_KW:"7575da3a93607cc2bfd8cec7aadfd9a7":"":"":"031f6bd7e61e643df68594816f64cbb3f56fabea2548f5fb":"":"FAIL":"":0
+
+KW AES-128 wrap CAVS 17.4 COUNT 0 PLEN 32
+depends_on:MBEDTLS_AES_C:MBEDTLS_NIST_KW_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_KW:"e5d058e7f1c22c016c4e1cc9b26b9f8f":"":"":"60b9f8ac797c56e01e9b5f84d65816a980777869f67991a0e6dc19b8cd75c9b54db4a38456bbd6f3":"":"":"7f604e9b8d39d3c91e193fe6f196c1e3da6211a7c9a33b8873b64b138d1803e4":0
+
+KW AES-128 wrap CAVS 17.4 COUNT 0 PLEN 24
+depends_on:MBEDTLS_AES_C:MBEDTLS_NIST_KW_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_KW:"67ae4270bcdd31e8326b7e7f94c80276":"":"":"96cec0e3272a21faa550a857957aa38ce3c1cf06f0dd9f5b5c5c422cef6c69a1":"":"":"57e748b62fbc37ba25e904ee973d01b136cf7c1d0c8c5c87":0
+
+KW AES-192 wrap CAVS 17.4 COUNT 0 PLEN 16
+depends_on:MBEDTLS_AES_C:MBEDTLS_NIST_KW_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_KW:"a6a3f6d509811859238fc569b5664605f7a73c475a691a8f":"":"":"57d7a4b4e85ffdcb7788b9b666cb63303dd2c5d0f11b1bbb":"":"":"8484e414b091f8a9f72cfd13087ddec1":0
+
+KW AES-192 wrap CAVS 17.4 COUNT 0 PLEN 32
+depends_on:MBEDTLS_AES_C:MBEDTLS_NIST_KW_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_KW:"3686e50dd602f84024570f545bbf618362bef80d45472436":"":"":"c7d5a1a5dfeb7327acbb94767d74cc2afc622ffd01f854d7d3e2b6f75ca7e8f441a0c0bad3d26ee2":"":"":"d780d69b45483b682d311ccaaadcfa3a1cecf1f05dbe2ebc71e6d3fa979f3de8":0
+
+KW AES-192 wrap CAVS 17.4 COUNT 0 PLEN 24
+depends_on:MBEDTLS_AES_C:MBEDTLS_NIST_KW_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_KW:"0a833412e7aa1384ff26866dc9c551bf60413c17e847d317":"":"":"3a7efd629305bf1d61360ed6ff8ec7d059e8af3e5104c29729adb55d1bb94f7e":"":"":"f734760cc0fa3bbfb271277d4f29a48ddecda733d610fa42":0
+
+KW AES-256 wrap CAVS 17.4 COUNT 0 PLEN 16
+depends_on:MBEDTLS_AES_C:MBEDTLS_NIST_KW_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_KW:"f59782f1dceb0544a8da06b34969b9212b55ce6dcbdd0975a33f4b3f88b538da":"":"":"2e63946ea3c090902fa1558375fdb2907742ac74e39403fc":"":"":"73d33060b5f9f2eb5785c0703ddfa704":0
+
+KW AES-256 wrap CAVS 17.4 COUNT 0 PLEN 32
+depends_on:MBEDTLS_AES_C:MBEDTLS_NIST_KW_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_KW:"8b54e6bc3d20e823d96343dc776c0db10c51708ceecc9a38a14beb4ca5b8b221":"":"":"b13eeb7619fab818f1519266516ceb82abc0e699a7153cf26edcb8aeb879f4c011da906841fc5956":"":"":"d6192635c620dee3054e0963396b260af5c6f02695a5205f159541b4bc584bac":0
+
+KW AES-256 wrap CAVS 17.4 COUNT 0 PLEN 24
+depends_on:MBEDTLS_AES_C:MBEDTLS_NIST_KW_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_KW:"112ad41b4856c7254a9848d30fdd78335b039a48a8962c4d1cb78eabd5dad788":"":"":"ba8a259a471b787dd5d540ec25d43d87200fdadc6d1f05d916584fa9f6cbf512":"":"":"1b20bf1990b065d798e1b32264ad50a8747492ba09a04dd1":0
+
+KWP AES-128 wrap CAVS 17.4 COUNT 0 PLEN 1
+depends_on:MBEDTLS_AES_C:MBEDTLS_NIST_KW_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_KWP:"6decf10a1caf8e3b80c7a4be8c9c84e8":"":"":"01a7d657fc4a5b216f261cca4d052c2b":"":"":"49":0
+
+KWP AES-128 wrap CAVS 17.4 COUNT 0 PLEN 8
+depends_on:MBEDTLS_AES_C:MBEDTLS_NIST_KW_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_KWP:"a8e06da625a65b25cf5030826830b661":"":"":"b6f967616dd8d772e9fea295a456dba7":"":"":"43acff293120dd5d":0
+
+KWP AES-128 wrap CAVS 17.4 COUNT 0 PLEN 9
+depends_on:MBEDTLS_AES_C:MBEDTLS_NIST_KW_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_KWP:"7865e20f3c21659ab4690b629cdf3cc4":"":"":"41eca956d4aa047eb5cf4efe659661e74db6f8c564e23500":"":"":"bd6843d420378dc896":0
+
+KWP AES-128 wrap CAVS 17.4 COUNT 0 PLEN 31
+depends_on:MBEDTLS_AES_C:MBEDTLS_NIST_KW_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_KWP:"be96dc195ec034d616486ed70e97fe83":"":"":"974769b3a7b4d5d32985f87fddf9990631e5610fbfb278387b58b1f48e05c77d2fb7575c5169eb0e":"":"":"85b5437b6335ebba7635903a4493d12a77d9357a9e0dbc013456d85f1d3201":0
+
+KWP AES-192 wrap CAVS 17.4 COUNT 0 PLEN 1
+depends_on:MBEDTLS_AES_C:MBEDTLS_NIST_KW_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_KWP:"9ca11078baebc1597a68ce2fe3fc79a201626575252b8860":"":"":"866bc0ae30e290bb20a0dab31a6e7165":"":"":"76":0
+
+KWP AES-192 wrap CAVS 17.4 COUNT 0 PLEN 8
+depends_on:MBEDTLS_AES_C:MBEDTLS_NIST_KW_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_KWP:"c5029804d28341ca267c9e73afc5f963b14bb604708b43f2":"":"":"15b98046b2a3a49b9c0831c476fc34fb":"":"":"e6eb18a3e969ab5c":0
+
+KWP AES-192 wrap CAVS 17.4 COUNT 0 PLEN 9
+depends_on:MBEDTLS_AES_C:MBEDTLS_NIST_KW_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_KWP:"9464f1af6aabad076661328bcfd15777da16a288a2660009":"":"":"d9b257b400d808a0b0386af3be9154fc7f2fb2d7edc06201":"":"":"431527c3a644c106bb":0
+
+KWP AES-192 wrap CAVS 17.4 COUNT 0 PLEN 31
+depends_on:MBEDTLS_AES_C:MBEDTLS_NIST_KW_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_KWP:"a354ccd6dd97cf40bed840f8137e0cf2e91c00e592104765":"":"":"f018e7c8d6dcdbd20606502b2667439d9049a9a2d5c960af8e9251466d6ff8923fb82432b299f1a4":"":"":"22ccc034c5345550f5bc0114f2951f0fe439ec3ecd8ac1fea8889dd12bfb8e":0
+
+KWP AES-256 wrap CAVS 17.4 COUNT 0 PLEN 1
+depends_on:MBEDTLS_AES_C:MBEDTLS_NIST_KW_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_KWP:"95da2700ca6fd9a52554ee2a8df1386f5b94a1a60ed8a4aef60a8d61ab5f225a":"":"":"06ba7ae6f3248cfdcf267507fa001bc4":"":"":"d1":0
+
+KWP AES-256 wrap CAVS 17.4 COUNT 0 PLEN 8
+depends_on:MBEDTLS_AES_C:MBEDTLS_NIST_KW_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_KWP:"3517f0efa7f0c4d74f91af83ece5e7503bcc5ab82907a6e4b7ed34d87b69ab1d":"":"":"0b06a9b635d50cda9d4210cb3a71f990":"":"":"897e0456b289ad31":0
+
+KWP AES-256 wrap CAVS 17.4 COUNT 0 PLEN 9
+depends_on:MBEDTLS_AES_C:MBEDTLS_NIST_KW_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_KWP:"70da43aac823c6dd37d1109f5b18feb4503c973288989745e2cc1cc21d9570c6":"":"":"d67b5b2ad15c645450e23b5e7b6d682f8ae20e716d470db7":"":"":"edf17d966ed896aee3":0
+
+KWP AES-256 wrap CAVS 17.4 COUNT 0 PLEN 31
+depends_on:MBEDTLS_AES_C:MBEDTLS_NIST_KW_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_KWP:"e9bb7f44c7baafbf392ab912589a2f8db53268106eafb74689bb1833136e6113":"":"":"15b9f06fbc765e5e3d55d6b824616f21921d2a6918ee7bf1406b524274e170b4a78333ca5ee92af5":"":"":"ffe952604834bff899e63658f34246815c91597eb40a21729e0a8a959b61f2":0
+KW AES-128 wrap CAVS 17.4 FAIL COUNT 1 CLEN 48
+depends_on:MBEDTLS_AES_C:MBEDTLS_NIST_KW_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_KW:"5d4899ee66beff1bda1fc717a1ad4c50":"":"":"bb7fd0bce778bd775e4e88d904d26a7134364c53a6c493a0":"":"FAIL":"":0
+
+KW AES-128 wrap CAVS 17.4 FAIL COUNT 1 CLEN 80
+depends_on:MBEDTLS_AES_C:MBEDTLS_NIST_KW_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_KW:"84bc6ce7ee4fd9db512536669d0686da":"":"":"c383db930ffd02c0073ac2cc79ec289e6866bdcc6a135a3b776aa42f14ee04f9cca06ed6c0b22901":"":"FAIL":"":0
+
+KW AES-128 wrap CAVS 17.4 FAIL COUNT 3 CLEN 64
+depends_on:MBEDTLS_AES_C:MBEDTLS_NIST_KW_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_KW:"266b009e911bb55f9aa0661539a6fdd5":"":"":"db9c94e7236ec56982d7ddeb9427c24580bc1fb96db98ab19340e03670045b7a":"":"FAIL":"":0
+
+KW AES-192 wrap CAVS 17.4 FAIL COUNT 3 CLEN 48
+depends_on:MBEDTLS_AES_C:MBEDTLS_NIST_KW_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_KW:"9200a0f688d86c0b6bfd9abeff66341684a373fe3f9a3057":"":"":"5c685c8596e374710fe327bafc45cd09190215fdcc03d010":"":"FAIL":"":0
+
+KW AES-192 wrap CAVS 17.4 FAIL COUNT 1 CLEN 80
+depends_on:MBEDTLS_AES_C:MBEDTLS_NIST_KW_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_KW:"95c9e644559919cace6f93f545dbfe48b130808ed66d0964":"":"":"7b8d1307e992221f6ffdcc7909d972d5f02e92187139cfd77f79345cb998bbdbabedb3ac00a6cdc4":"":"FAIL":"":0
+
+KW AES-192 wrap CAVS 17.4 FAIL COUNT 2 CLEN 64
+depends_on:MBEDTLS_AES_C:MBEDTLS_NIST_KW_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_KW:"e218e9643d5db01b412fcaefafe5eb237d03acfad0a3abaa":"":"":"5eee8fbf6a8ab6ba371f4581982ec61839bf28c0eb913d1f417a284dccd72580":"":"FAIL":"":0
+
+KW AES-256 wrap CAVS 17.4 FAIL COUNT 4 CLEN 48
+depends_on:MBEDTLS_AES_C:MBEDTLS_NIST_KW_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_KW:"08c936b25b567a0aa679c29f201bf8b190327df0c2563e39cee061f149f4d91b":"":"":"e227eb8ae9d239ccd8928adec39c28810ca9b3dc1f366444":"":"FAIL":"":0
+
+KW AES-256 wrap CAVS 17.4 FAIL COUNT 3 CLEN 80
+depends_on:MBEDTLS_AES_C:MBEDTLS_NIST_KW_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_KW:"605b22935f1eee56ba884bc7a869febc159ac306b66fb9767a7cc6ab7068dffa":"":"":"6607f5a64c8f9fd96dc6f9f735b06a193762cdbacfc367e410926c1bfe6dd715490adbad5b9697a6":"":"FAIL":"":0
+
+KW AES-256 wrap CAVS 17.4 FAIL COUNT 3 CLEN 64
+depends_on:MBEDTLS_AES_C:MBEDTLS_NIST_KW_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_KW:"81c93da5baa5157bf700fd38d7d67662670778b690cfbca9fe11e06268b35605":"":"":"875e1ca385586f83d1e23e44ca201006df04e1854e41b933fd607a7383ae1a39":"":"FAIL":"":0
+
+KWP AES-128 wrap CAVS 17.4 FAIL COUNT 1 CLEN 32
+depends_on:MBEDTLS_AES_C:MBEDTLS_NIST_KW_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_128_KWP:"30be7ff51227f0eef786cb7be2482510":"":"":"7f61a0a8b2fe7803f2947d233ec3a255":"":"FAIL":"":0
+
+KWP AES-192 wrap CAVS 17.4 FAIL COUNT 3 CLEN 32
+depends_on:MBEDTLS_AES_C:MBEDTLS_NIST_KW_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_192_KWP:"21fb6600c1d34a74adee67612672593a86cf235421735350":"":"":"56b45c49c3e379b18d9c38b6423db133":"":"FAIL":"":0
+
+KWP AES-256 wrap CAVS 17.4 FAIL COUNT 4 CLEN 32
+depends_on:MBEDTLS_AES_C:MBEDTLS_NIST_KW_C
+auth_crypt_tv:MBEDTLS_CIPHER_AES_256_KWP:"c32cb3e1e41a4b9f4de79989957866f5dd48dba38c22a6ebb80e14c84bdd9534":"":"":"c29b05c2619a58ecc1d239e7a34273cd":"":"FAIL":"":0
+

tests/suites/test_suite_hkdf.function

@@ -14,12 +14,16 @@ void test_hkdf( int md_alg, char *hex_ikm_string, char *hex_salt_string,
 {
     int ret;
     size_t ikm_len, salt_len, info_len, okm_len;
-    unsigned char ikm[1024] = { '\0' };
-    unsigned char salt[1024] = { '\0' };
-    unsigned char info[1024] = { '\0' };
-    unsigned char expected_okm[1024] = { '\0' };
-    unsigned char okm[1024] = { '\0' };
-    unsigned char okm_string[1000] = { '\0' };
+    unsigned char ikm[128] = { '\0' };
+    unsigned char salt[128] = { '\0' };
+    unsigned char info[128] = { '\0' };
+    unsigned char expected_okm[128] = { '\0' };
+    unsigned char okm[128] = { '\0' };
+    /*
+     * okm_hex is the string representation of okm,
+     * so its size is twice the size of okm, and an extra null-termination.
+     */
+    unsigned char okm_hex[257] = { '\0' };
 
     const mbedtls_md_info_t *md = mbedtls_md_info_from_type( md_alg );
     TEST_ASSERT( md != NULL );
@@ -34,8 +38,8 @@ void test_hkdf( int md_alg, char *hex_ikm_string, char *hex_salt_string,
     TEST_ASSERT( ret == 0 );
 
     // Run hexify on it so that it looks nicer if the assertion fails
-    hexify( okm_string, okm, okm_len );
-    TEST_ASSERT( !strcmp( (char *)okm_string, hex_okm_string ) );
+    hexify( okm_hex, okm, okm_len );
+    TEST_ASSERT( !strcmp( (char *)okm_hex, hex_okm_string ) );
 }
 /* END_CASE */
 

tests/suites/test_suite_mpi.data

@@ -25,6 +25,9 @@ mpi_read_write_string:16:"-20":10:"-32":100:0:0
 Base test mpi_read_write_string #3 (Negative decimal)
 mpi_read_write_string:16:"-23":16:"-23":100:0:0
 
+Base test mpi_read_write_string #4 (Buffer just fits)
+mpi_read_write_string:16:"-4":4:"-10":4:0:0
+
 Test mpi_read_write_string #1 (Invalid character)
 mpi_read_write_string:10:"a28":0:"":100:MBEDTLS_ERR_MPI_INVALID_CHARACTER:0
 

tests/suites/test_suite_mpi.function

@@ -294,6 +294,8 @@ void mpi_read_write_string( int radix_X, char * input_X, int radix_A,
 
     mbedtls_mpi_init( &X );
 
+    memset( str, '!', sizeof( str ) );
+
     TEST_ASSERT( mbedtls_mpi_read_string( &X, radix_X, input_X ) == result_read );
     if( result_read == 0 )
     {
@@ -301,6 +303,7 @@ void mpi_read_write_string( int radix_X, char * input_X, int radix_A,
         if( result_write == 0 )
         {
             TEST_ASSERT( strcasecmp( str, input_A ) == 0 );
+            TEST_ASSERT( str[len] == '!' );
         }
     }
 

tests/suites/test_suite_oid.data

@@ -6,3 +6,54 @@ oid_get_certificate_policies:"5533445566":""
 
 OID get certificate policy wrong oid - id-ce-authorityKeyIdentifier
 oid_get_certificate_policies:"551D23":""
+
+OID get Ext Key Usage - id-kp-serverAuth
+oid_get_extended_key_usage:"2B06010505070301":"TLS Web Server Authentication"
+
+OID get Ext Key Usage - id-kp-clientAuth
+oid_get_extended_key_usage:"2B06010505070302":"TLS Web Client Authentication"
+
+OID get Ext Key Usage - id-kp-codeSigning
+oid_get_extended_key_usage:"2B06010505070303":"Code Signing"
+
+OID get Ext Key Usage - id-kp-emailProtection
+oid_get_extended_key_usage:"2B06010505070304":"E-mail Protection"
+
+OID get Ext Key Usage - id-kp-timeStamping
+oid_get_extended_key_usage:"2B06010505070308":"Time Stamping"
+
+OID get Ext Key Usage - id-kp-OCSPSigning
+oid_get_extended_key_usage:"2B06010505070309":"OCSP Signing"
+
+OID get Ext Key Usage - id-kp-wisun-fan-device
+oid_get_extended_key_usage:"2B0601040182E42501":"Wi-SUN Alliance Field Area Network (FAN)"
+
+OID get Ext Key Usage invalid oid
+oid_get_extended_key_usage:"5533445566":""
+
+OID get Ext Key Usage wrong oid - id-ce-authorityKeyIdentifier
+oid_get_extended_key_usage:"551D23":""
+
+OID get x509 extension - id-ce-basicConstraints
+oid_get_x509_extension:"551D13":MBEDTLS_OID_X509_EXT_BASIC_CONSTRAINTS
+
+OID get x509 extension - id-ce-keyUsage
+oid_get_x509_extension:"551D0F":MBEDTLS_OID_X509_EXT_KEY_USAGE
+
+OID get x509 extension - id-ce-extKeyUsage
+oid_get_x509_extension:"551D25":MBEDTLS_OID_X509_EXT_EXTENDED_KEY_USAGE
+
+OID get x509 extension - id-ce-subjectAltName
+oid_get_x509_extension:"551D11":MBEDTLS_OID_X509_EXT_SUBJECT_ALT_NAME
+
+OID get x509 extension - id-netscape-certtype
+oid_get_x509_extension:"6086480186F8420101":MBEDTLS_OID_X509_EXT_NS_CERT_TYPE
+
+OID get x509 extension - id-ce-certificatePolicies
+oid_get_x509_extension:"551D20":MBEDTLS_OID_X509_EXT_CERTIFICATE_POLICIES
+
+OID get x509 extension - invalid oid
+oid_get_x509_extension:"5533445566":0
+
+OID get x509 extension - wrong oid - id-ce
+oid_get_x509_extension:"551D":0

tests/suites/test_suite_oid.function

@@ -10,8 +10,8 @@
  * END_DEPENDENCIES
  */
 
-/* BEGIN_CASE depends_on:MBEDTLS_ASN1_WRITE_C*/
-void oid_get_certificate_policies( data_t * oid, char * result_str )
+/* BEGIN_CASE */
+void oid_get_certificate_policies( data_t *oid, char *result_str )
 {
     mbedtls_asn1_buf asn1_buf = { 0, 0, NULL };
     int ret;
@@ -32,3 +32,49 @@ void oid_get_certificate_policies( data_t * oid, char * result_str )
     }
 }
 /* END_CASE */
+
+/* BEGIN_CASE */
+void oid_get_extended_key_usage( data_t *oid, char *result_str )
+{
+    mbedtls_asn1_buf asn1_buf = { 0, 0, NULL };
+    int ret;
+    const char *desc;
+
+    asn1_buf.tag = MBEDTLS_ASN1_OID;
+    asn1_buf.p = oid->x;
+    asn1_buf.len = oid->len;
+
+    ret = mbedtls_oid_get_extended_key_usage( &asn1_buf, &desc );
+    if( strlen( result_str ) == 0 )
+    {
+        TEST_ASSERT( ret == MBEDTLS_ERR_OID_NOT_FOUND );
+    }
+    else
+    {
+        TEST_ASSERT( strcmp( ( char * )desc, result_str ) == 0 );
+    }
+}
+/* END_CASE */
+
+/* BEGIN_CASE */
+void oid_get_x509_extension( data_t *oid, int exp_type )
+{
+    mbedtls_asn1_buf ext_oid = { 0, 0, NULL };
+    int ret;
+    int ext_type;
+
+    ext_oid.tag = MBEDTLS_ASN1_OID;
+    ext_oid.p = oid->x;
+    ext_oid.len = oid->len;
+
+    ret = mbedtls_oid_get_x509_ext_type( &ext_oid, &ext_type );
+    if( exp_type == 0 )
+    {
+        TEST_ASSERT( ret == MBEDTLS_ERR_OID_NOT_FOUND );
+    }
+    else
+    {
+        TEST_ASSERT( ext_type == exp_type );
+    }
+}
+/* END_CASE */