lib/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-09-11 12:10:46 +03:00
Code Activity
17,571 Commits 174 Branches 272 Tags
2.28-sphinx-versioned-documentation
Commit Graph

3525 Commits

Author SHA1 Message Date
Gilles Peskine
6213a00ec1 Storage format tests: cover algorithms for each key type 
In the generated storage format test cases, cover all supported
algorithms for each key type. This is a step towards exercising
the key with all the algorithms it supports; a subsequent commit
will generate a policy that permits the specified algorithms.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-04-15 16:15:48 +02:00
Gilles Peskine
989c13dece Remove ad hoc is_valid_for_signature method 
Use the new generic is_public method.

Impact on generated cases: there are new HMAC test cases for SIGN_HASH. It
was a bug that these test cases were previously not generated.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-04-15 16:15:44 +02:00
Andrzej Kurek
96bf3d13f3 Add missing MBEDTLS_ECP_C dependency 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-04-15 07:35:16 -04:00
Andrzej Kurek
9cb14d4ce2 tests: fix bitflip comment 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-04-15 07:02:24 -04:00
Andrzej Kurek
ee9488d3f0 Prefer TEST_EQUAL over TEST_ASSERT in test suites 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-04-15 07:02:20 -04:00
Gilles Peskine
6dd489cb15 raw_key_agreement_fail: Add a nominal run 
Ensure that the nominal run works properly, so that it's apparent that the
injected failure is responsible for the failure of the handshake.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-04-15 07:02:16 -04:00
Gilles Peskine
703a88916b Remove redundant empty slot count check 
USE_PSA_DONE() already checks that there are no used key slots.

The call to TEST_ASSERT() wouldn't have worked properly on failure anyway,
since it would jump back to the exit label.

Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-04-15 07:02:11 -04:00
Andrzej Kurek
86029e04b4 Remove RSA & DTLS dependency in raw key agreement test 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-04-15 07:02:00 -04:00
Andrzej Kurek
99f6778b60 Change the bit to flip to guarantee failure 
For weistrass curves the pair is encoded as 0x04 || x || y.
Flipping one of the bits in the first byte should be a sure failure.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-04-15 06:46:06 -04:00
Andrzej Kurek
2582ba3a52 Change the number of expected free key slots 
Development TLS code now uses PSA to generate an
ECDH private key. Although this would not be required
in 2.28 branch, it is backported for compatibility.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-04-15 06:46:03 -04:00
Andrzej Kurek
577939a268 Tests: add missing requirements for the raw key agreement test 
SECP384R1 is needed for the default loaded
certificate.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-04-15 06:45:59 -04:00
Andrzej Kurek
8985e1ff80 Update raw key agreement test dependencies 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-04-15 06:45:55 -04:00
Andrzej Kurek
b4eedf7a23 Test failing raw_key_agreement in ssl mock tests 
Force a bitflip in server key to make the raw key
agreement fail, and then verify that no key slots
are left open at the end. Use a Weierstrass curve
to have a high chance of failure upon encountering
such bitflip.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-04-15 06:45:45 -04:00
Andrzej Kurek
535cd1790b Add a curves argument to mocked ssl tests 
This will be used to force a curve in certain tests
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-04-15 06:12:31 -04:00
Gilles Peskine
a16d8fcee9 Merge pull request #5697 from gilles-peskine-arm/psa-test-op-fail-2.28 
Backport 2.28: PSA: systematically test operation failure
 2022-04-15 10:52:50 +02:00
Andrzej Kurek
263d8f7e61 Remove the dependency on MBEDTLS_HAVE_TIME from MBEDTLS_TIMING_C 
The timing module might include time.h on its own when on
a suitable platform, even if MBEDTLS_HAVE_TIME is disabled.

Co-authored-by: Tom Cosgrove <tom.cosgrove@arm.com>
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-04-08 08:34:41 -04:00
Gilles Peskine
161c5ee5ff Use a plausible input size with asymmetric verification 
Otherwise the error status can be PSA_ERROR_INVALID_SIGNATURE instead of the
expected PSA_ERROR_NOT_SUPPORTED in some configurations. For example, the
RSA verification code currently checks the signature size first whenever
PSA_KEY_TYPE_RSA_PUBLIC_KEY is enabled, and only gets into
algorithm-specific code if this passes, so it returns INVALID_SIGNATURE even
if the specific algorithm is not supported.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-04-05 15:19:16 +02:00
Gilles Peskine
c2fc241e46 Test attempts to use a public key for a private-key operation 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-04-05 15:19:16 +02:00
Gilles Peskine
23cb12ef9f A key agreement algorithm can contain a key derivation 
PSA_ALG_KEY_AGREEMENT(..., kdf) is a valid key derivation algorithm
when kdf is one.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-04-05 15:19:16 +02:00
Gilles Peskine
d096445dfe In NOT_SUPPORTED test case descriptions, show what is not supported 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-04-05 15:19:16 +02:00
Gilles Peskine
35409be6aa Add a few manual test cases 
They're redundant with the automatically generated test cases, but it's
useful to have them when debugging issues with the test code.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-04-05 15:19:16 +02:00
Gilles Peskine
f8b6b503b4 Systematically generate test cases for operation setup failure 
The test suite test_suite_psa_crypto_op_fail now runs a large number
of automatically generated test cases which attempt to perform a
one-shot operation or to set up a multi-part operation with invalid
parameters. The following cases are fully covered (based on the
enumeration of valid algorithms and key types):
* An algorithm is not supported.
* The key type is not compatible with the algorithm (for operations
  that use a key).
* The algorithm is not compatible for the operation.

Some test functions allow the library to return PSA_ERROR_NOT_SUPPORTED
where the test code generator expects PSA_ERROR_INVALID_ARGUMENT or vice
versa. This may be refined in the future.

Some corner cases with algorithms combining a key agreement with a key
derivation are not handled properly. This will be fixed in follow-up
commits.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-04-05 15:19:16 +02:00
Gilles Peskine
a218047245 Generate test cases for hash operation failure 
Test that hash operation functions fail when given a hash algorithm
that is not supported or an algorithm that is not a hash.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-04-05 15:19:16 +02:00
Gilles Peskine
c05158bf86 New test suite for systematically generated operation failure tests 
The new test suite psa_crypto_op_fail is intended for systematically
generated test cases that ensure that cryptographic operations with
invalid parameters fail as expected. I intend invalid parameters to
cover things like an invalid algorithm, an algorithm that is
incompatible with the operation, a key type that is incompatible with
the algorithm, etc.

This commit just creates the infrastructure. Subsequent commits will
add data generation and test code.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-04-05 15:19:16 +02:00
Gilles Peskine
a296e48b2b Simplify key_for_usage_flags 
Generate "with implication" and "without implication" usage test cases
separately.

The set of generated test cases is unchanged. The order, and the description
of "with implication" test cases, changes.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-04-05 15:19:16 +02:00
Przemek Stekiel
9618e0b83e Fix the order of added tests 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-04-04 14:29:50 +02:00
Dave Rodgman
52af769878 Update references to old Github organisation 
Replace references to ARMmbed organisation with the new
org, Mbed-TLS, following project migration.

Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2022-03-31 14:27:24 +01:00
Dave Rodgman
ce514def84 Merge pull request #5563 from AndrzejKurek/timeless-2.28 
Backport 2.28: Fix builds with MBEDTLS_HAVE_TIME disabled and test
 2022-03-15 16:43:18 +00:00
Przemek Stekiel
06ca18863e Fix duplicated test case descriptions 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-03-14 12:36:05 +01:00
Przemyslaw Stekiel
a24ae48a91 Add driver dispatch tests for RSA hash sign 
Tested key types:
PSA_ALG_RSA_PKCS1V15_SIGN_RAW
PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256)

Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-03-11 09:15:28 +01:00
Przemyslaw Stekiel
81af55b488 Add driver dispatch tests for RSA hash verify 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-03-11 09:15:28 +01:00
Przemyslaw Stekiel
e15ebe199b Add driver dispatch tests for RSA message sign 
Tested algs:
PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256)

Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-03-11 09:15:22 +01:00
Przemyslaw Stekiel
5b97d53430 Add driver dispatch tests for RSA message verify 
Tested algs:
PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256)
PSA_ALG_RSA_PSS(PSA_ALG_SHA_256)
PSA_ALG_RSA_PSS_ANY_SALT(PSA_ALG_SHA_256)

Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-03-11 08:46:29 +01:00
Andrzej Kurek
161005b2be Add the timing test dependency on MBEDTLS_HAVE_TIME 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-03-04 15:25:42 -05:00
Ron Eldor
b6889d1d6a Fix test_suite_md API violation 
Add a call to `mbedtls_md_starts()` in the `mbedtls_md_process()`
test, as it violates the API usage. Fixes #2227.

Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
 2022-03-04 16:44:44 +00:00
Thomas Daubney
53a07dc924 Modifies data files to match new test function name 
This commit alters the relevant .data files
such that the new function name change of check_iv
to iv_len_validity is reflected there.

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
 2022-03-02 16:54:41 +00:00
Thomas Daubney
755cb9bf4f Changes name of check_iv to iv_len_validity 
Commit changes name of check_iv to
iv_len_vlaidity as this seems to better describe
its functionality.

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
 2022-03-02 16:49:38 +00:00
Thomas Daubney
7c4a486081 Initialise buffer before use 
Commit initialises buf before it is used.

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
 2022-03-02 16:47:49 +00:00
Thomas Daubney
ac72f9c213 Initialise iv buffer before use 
Commit initialises the iv buffer before
it ias passed to mbedtls_cipher_set_iv().

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
 2022-03-02 16:44:51 +00:00
pespacek
55dfd8bb0a BUGFIX: PSA test vectors use UID 1 instead of 0. 
Test vector to test rejection of uid = 0 was added.

Signed-off-by: pespacek <peter.spacek@silabs.com>
 2022-02-16 15:48:40 +01:00
pespacek
ecaca12612 TEST: added psa_its_set expected failure test 
Signed-off-by: pespacek <peter.spacek@silabs.com>
 2022-02-16 15:48:00 +01:00
Andrzej Kurek
28a7c06281 Test drivers: rename import call source to driver location 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-02-04 09:14:39 -05:00
Andrzej Kurek
981a0ceeee Formatting and documentation fixes 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-02-04 09:14:39 -05:00
Andrzej Kurek
96c8f9e89d Add tests for import hooks in the driver wrappers 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-02-04 09:14:39 -05:00
Manuel Pégourié-Gonnard
ca664c74a6 Merge pull request #5255 from AndrzejKurek/chacha-iv-len-16-fixes-2.x 
Backport 2.28: Return an error from `mbedtls_cipher_set_iv` for an invalid IV length with ChaCha20 and ChaCha20+Poly
 2022-02-03 11:31:34 +01:00
Andrzej Kurek
e001596d83 Add missing MBEDTLS_ASN1_WRITE_C dependency in test_suite_psa_crypto 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-01-26 07:45:43 -05:00
Andrzej Kurek
c60cc1d7be Add missing dependency on MBEDTLS_GCM_C in cipher tests 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-01-26 07:45:43 -05:00
Dave Rodgman
d41dab39c5 Bump version to 2.28.0 
Executed ./scripts/bump_version.sh --version 2.28.0 --so-tls 14

Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2021-12-15 11:55:31 +00:00
Dave Rodgman
08412e2a67 Merge remote-tracking branch 'restricted/development_2.x-restricted' into mbedtls-2.28.0rc0-pr 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2021-12-14 12:52:51 +00:00
Paul Elliott
5752b4b7d0 Add expected output for tests 
Expected output generated by OpenSSL (see below) apart from the case
where both password and salt are either NULL or zero length, as OpenSSL
does not support this. For these test cases we have had to use our own
output as that which is expected. Code to generate test cases is as
follows:

 #include <openssl/pkcs12.h>
 #include <openssl/evp.h>
 #include <string.h>

int Keygen_Uni( const char * test_name, unsigned char *pass, int
    passlen, unsigned char *salt,
                    int saltlen, int id, int iter, int n,
                                    unsigned char *out, const EVP_MD
                                    *md_type )
{
   size_t index;

   printf( "%s\n", test_name );

   int ret = PKCS12_key_gen_uni( pass, passlen, salt, saltlen, id, iter,
                                        n, out, md_type );

   if( ret != 1 )
   {
         printf( "Key generation returned %d\n", ret );
      }
   else
   {
         for( index = 0; index < n; ++index )
         {
                  printf( "%02x", out[index] );
               }

         printf( "\n" );
      }

   printf( "\n" );

}

int main(void)
{
   unsigned char out_buf[48];
   unsigned char pass[64];
   int pass_len;
   unsigned char salt[64];
   int salt_len;

   /* If ID=1, then the pseudorandom bits being produced are to be used
      as key material for performing encryption or decryption.

            If ID=2, then the pseudorandom bits being produced are to be
            used as an IV (Initial Value) for encryption or decryption.

                  If ID=3, then the pseudorandom bits being produced are
                  to be used as an integrity key for MACing.
                     */

   int id = 1;
   int iter = 3;

   memset( out_buf, 0, sizeof( out_buf ) );
   memset( pass, 0, sizeof( pass ) );
   memset( salt, 0, sizeof( salt ) );

   Keygen_Uni( "Zero length pass and salt", pass, 0, salt, 0, id, iter,
       sizeof(out_buf),
                      out_buf, EVP_md5( ) );

   memset( out_buf, 0, sizeof( out_buf ) );

   Keygen_Uni( "NULL pass and salt", NULL, 0, NULL, 0, id, iter,
       sizeof(out_buf),
                      out_buf, EVP_md5( ) );

   memset( out_buf, 0, sizeof( out_buf ) );

   salt[0] = 0x01;
   salt[1] = 0x23;
   salt[2] = 0x45;
   salt[3] = 0x67;
   salt[4] = 0x89;
   salt[5] = 0xab;
   salt[6] = 0xcd;
   salt[7] = 0xef;

   Keygen_Uni( "Zero length pass", pass, 0, salt, 8, id, iter,
       sizeof(out_buf),
                      out_buf, EVP_md5( ) );

   memset( out_buf, 0, sizeof( out_buf ) );

   Keygen_Uni( "NULL pass", NULL, 0, salt, 8, id, iter, sizeof(out_buf),
                      out_buf, EVP_md5( ) );

   memset( out_buf, 0, sizeof( out_buf ) );
   memset( salt, 0, sizeof( salt ) );

   pass[0] = 0x01;
   pass[1] = 0x23;
   pass[2] = 0x45;
   pass[3] = 0x67;
   pass[4] = 0x89;
   pass[5] = 0xab;
   pass[6] = 0xcd;
   pass[7] = 0xef;

   Keygen_Uni( "Zero length salt", pass, 8, salt, 0, id, iter,
       sizeof(out_buf),
                      out_buf, EVP_md5( ) );

   memset( out_buf, 0, sizeof( out_buf ) );

   Keygen_Uni( "NULL salt", pass, 8, NULL, 0, id, iter, sizeof(out_buf),
                      out_buf, EVP_md5( ) );

   memset( out_buf, 0, sizeof( out_buf ) );

   salt[0] = 0x01;
   salt[1] = 0x23;
   salt[2] = 0x45;
   salt[3] = 0x67;
   salt[4] = 0x89;
   salt[5] = 0xab;
   salt[6] = 0xcd;
   salt[7] = 0xef;

   Keygen_Uni( "Valid pass and salt", pass, 8, salt, 8, id, iter,
       sizeof(out_buf),
                      out_buf, EVP_md5( ) );

   return 0;
}

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2021-12-13 11:15:28 +00:00