eden-emu/mbedtls
15
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Merge remote-tracking branch 'development' into pk_import_into_psa-use_usage

Browse source
This commit is contained in:
Gilles Peskine 2024-02-06 10:14:17 +01:00
commit 8a85673a39
121 changed files with 3893 additions and 1305 deletions
Download patch file Download diff file Expand all files Collapse all files

1
tests/data_files/tls13_early_data.txt
View file

@ -1,3 +1,4 @@
EarlyData context: line 0 lf
EarlyData context: line 1 lf
EarlyData context: line 2 lf
EarlyData context: If it appears, that means early_data received.

4
tests/include/test/drivers/key_management.h
View file

@ -67,6 +67,10 @@ void mbedtls_test_transparent_free(void);
psa_status_t mbedtls_test_opaque_init(void);
void mbedtls_test_opaque_free(void);
psa_status_t mbedtls_test_opaque_unwrap_key(
const uint8_t *wrapped_key, size_t wrapped_key_length, uint8_t *key_buffer,
size_t key_buffer_size, size_t *key_buffer_length);
psa_status_t mbedtls_test_transparent_generate_key(
const psa_key_attributes_t *attributes,
uint8_t *key, size_t key_size, size_t *key_length);

12
tests/include/test/macros.h
View file

@ -125,8 +125,8 @@
do { \
TEST_ASSERT((pointer) == NULL); \
if ((item_count) != 0) { \
(pointer) = mbedtls_calloc(sizeof(*(pointer)), \
(item_count)); \
(pointer) = mbedtls_calloc((item_count), \
sizeof(*(pointer))); \
TEST_ASSERT((pointer) != NULL); \
} \
} while (0)
@ -155,8 +155,8 @@
#define TEST_CALLOC_NONNULL(pointer, item_count) \
do { \
TEST_ASSERT((pointer) == NULL); \
(pointer) = mbedtls_calloc(sizeof(*(pointer)), \
(item_count)); \
(pointer) = mbedtls_calloc((item_count), \
sizeof(*(pointer))); \
if (((pointer) == NULL) && ((item_count) == 0)) { \
(pointer) = mbedtls_calloc(1, 1); \
} \
@ -175,8 +175,8 @@
do { \
TEST_ASSERT((pointer) == NULL); \
if ((item_count) != 0) { \
(pointer) = mbedtls_calloc(sizeof(*(pointer)), \
(item_count)); \
(pointer) = mbedtls_calloc((item_count), \
sizeof(*(pointer))); \
TEST_ASSUME((pointer) != NULL); \
} \
} while (0)

10
tests/include/test/ssl_helpers.h
View file

@ -589,6 +589,16 @@ int mbedtls_test_tweak_tls13_certificate_msg_vector_len(
int *expected_result, mbedtls_ssl_chk_buf_ptr_args *args);
#endif /* MBEDTLS_TEST_HOOKS */
#if defined(MBEDTLS_SSL_SESSION_TICKETS)
int mbedtls_test_ticket_write(
void *p_ticket, const mbedtls_ssl_session *session,
unsigned char *start, const unsigned char *end,
size_t *tlen, uint32_t *ticket_lifetime);
int mbedtls_test_ticket_parse(void *p_ticket, mbedtls_ssl_session *session,
unsigned char *buf, size_t len);
#endif /* MBEDTLS_SSL_SESSION_TICKETS */
#define ECJPAKE_TEST_PWD "bla"
#if defined(MBEDTLS_USE_PSA_CRYPTO)

5
tests/opt-testcases/tls13-misc.sh
View file

@ -506,4 +506,7 @@ run_test "TLS 1.3 G->m: EarlyData: feature is enabled, good." \
-s "Sent max_early_data_size=$EARLY_DATA_INPUT_LEN" \
-s "ClientHello: early_data(42) extension exists." \
-s "EncryptedExtensions: early_data(42) extension exists." \
-s "$( tail -1 $EARLY_DATA_INPUT )"
-s "$( head -1 $EARLY_DATA_INPUT )" \
-s "$( tail -1 $EARLY_DATA_INPUT )" \
-s "200 early data bytes read" \
-s "106 early data bytes read"

34
tests/scripts/all.sh
View file

@ -821,6 +821,14 @@ pre_generate_files() {
fi
}
clang_version() {
if command -v clang > /dev/null ; then
clang --version|grep version|sed -E 's#.*version ([0-9]+).*#\1#'
else
echo 0 # report version 0 for "no clang"
fi
}
################################################################
#### Helpers for components using libtestdriver1
################################################################
@ -4694,14 +4702,8 @@ component_test_aesni_m32 () { # ~ 60s
}
support_test_aesni_m32_clang() {
support_test_aesni_m32 && if command -v clang > /dev/null ; then
# clang >= 4 is required to build with target attributes
clang_ver="$(clang --version|grep version|sed -E 's#.*version ([0-9]+).*#\1#')"
[[ "${clang_ver}" -ge 4 ]]
else
# clang not available
false
fi
# clang >= 4 is required to build with target attributes
support_test_aesni_m32 && [[ $(clang_version) -ge 4 ]]
}
component_test_aesni_m32_clang() {
@ -4752,9 +4754,8 @@ component_build_aes_aesce_armcc () {
}
support_build_aes_armce() {
# clang >= 4 is required to build with AES extensions
ver="$(clang --version|grep version|sed -E 's#.*version ([0-9]+).*#\1#')"
[ "${ver}" -ge 11 ]
# clang >= 11 is required to build with AES extensions
[[ $(clang_version) -ge 11 ]]
}
component_build_aes_armce () {
@ -4809,15 +4810,8 @@ component_build_aes_armce () {
}
support_build_sha_armce() {
if command -v clang > /dev/null ; then
# clang >= 4 is required to build with SHA extensions
clang_ver="$(clang --version|grep version|sed -E 's#.*version ([0-9]+).*#\1#')"
[[ "${clang_ver}" -ge 4 ]]
else
# clang not available
false
fi
# clang >= 4 is required to build with SHA extensions
[[ $(clang_version) -ge 4 ]]
}
component_build_sha_armce () {

1
tests/scripts/analyze_outcomes.py
View file

@ -325,6 +325,7 @@ KNOWN_TASKS = {
# is required.
'test_suite_ecp': [
re.compile(r'ECP check public-private .*'),
re.compile(r'ECP calculate public: .*'),
re.compile(r'ECP gen keypair .*'),
re.compile(r'ECP point muladd .*'),
re.compile(r'ECP point multiplication .*'),

78
tests/src/drivers/test_driver_asymmetric_encryption.c
View file

@ -13,11 +13,15 @@
#include "psa_crypto_rsa.h"
#include "string.h"
#include "test/drivers/asymmetric_encryption.h"
#include "test/drivers/key_management.h"
#if defined(MBEDTLS_TEST_LIBTESTDRIVER1)
#include "libtestdriver1/library/psa_crypto_rsa.h"
#endif
#define PSA_RSA_KEY_PAIR_MAX_SIZE \
PSA_KEY_EXPORT_RSA_KEY_PAIR_MAX_SIZE(PSA_VENDOR_RSA_MAX_KEY_BITS)
mbedtls_test_driver_asymmetric_encryption_hooks_t mbedtls_test_driver_asymmetric_encryption_hooks =
MBEDTLS_TEST_DRIVER_ASYMMETRIC_ENCRYPTION_INIT;
@ -104,7 +108,7 @@ psa_status_t mbedtls_test_transparent_asymmetric_decrypt(
}
/*
* opaque versions - TODO
* opaque versions
*/
psa_status_t mbedtls_test_opaque_asymmetric_encrypt(
const psa_key_attributes_t *attributes, const uint8_t *key,
@ -112,17 +116,31 @@ psa_status_t mbedtls_test_opaque_asymmetric_encrypt(
size_t input_length, const uint8_t *salt, size_t salt_length,
uint8_t *output, size_t output_size, size_t *output_length)
{
(void) attributes;
(void) key;
(void) key_length;
(void) alg;
(void) input;
(void) input_length;
(void) salt;
(void) salt_length;
(void) output;
(void) output_size;
(void) output_length;
unsigned char unwrapped_key[PSA_RSA_KEY_PAIR_MAX_SIZE];
size_t unwrapped_key_length;
psa_status_t status;
status = mbedtls_test_opaque_unwrap_key(key, key_length,
unwrapped_key, sizeof(unwrapped_key),
&unwrapped_key_length);
if (status != PSA_SUCCESS) {
return status;
}
#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
(defined(MBEDTLS_PSA_ACCEL_ALG_RSA_OAEP) || defined(MBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_CRYPT))
return libtestdriver1_mbedtls_psa_asymmetric_encrypt(
(const libtestdriver1_psa_key_attributes_t *) attributes,
unwrapped_key, unwrapped_key_length,
alg, input, input_length, salt, salt_length,
output, output_size, output_length);
#else
return mbedtls_psa_asymmetric_encrypt(
attributes, unwrapped_key, unwrapped_key_length,
alg, input, input_length, salt, salt_length,
output, output_size, output_length);
#endif
return PSA_ERROR_NOT_SUPPORTED;
}
@ -132,17 +150,31 @@ psa_status_t mbedtls_test_opaque_asymmetric_decrypt(
size_t input_length, const uint8_t *salt, size_t salt_length,
uint8_t *output, size_t output_size, size_t *output_length)
{
(void) attributes;
(void) key;
(void) key_length;
(void) alg;
(void) input;
(void) input_length;
(void) salt;
(void) salt_length;
(void) output;
(void) output_size;
(void) output_length;
unsigned char unwrapped_key[PSA_RSA_KEY_PAIR_MAX_SIZE];
size_t unwrapped_key_length;
psa_status_t status;
status = mbedtls_test_opaque_unwrap_key(key, key_length,
unwrapped_key, sizeof(unwrapped_key),
&unwrapped_key_length);
if (status != PSA_SUCCESS) {
return status;
}
#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
(defined(MBEDTLS_PSA_ACCEL_ALG_RSA_OAEP) || defined(MBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_CRYPT))
return libtestdriver1_mbedtls_psa_asymmetric_decrypt(
(const libtestdriver1_psa_key_attributes_t *) attributes,
unwrapped_key, unwrapped_key_length,
alg, input, input_length, salt, salt_length,
output, output_size, output_length);
#else
return mbedtls_psa_asymmetric_decrypt(
attributes, unwrapped_key, unwrapped_key_length,
alg, input, input_length, salt, salt_length,
output, output_size, output_length);
#endif
return PSA_ERROR_NOT_SUPPORTED;
}

2
tests/src/drivers/test_driver_key_management.c
View file

@ -159,7 +159,7 @@ static psa_status_t mbedtls_test_opaque_wrap_key(
* The argument key_buffer_length is filled with the unwrapped(clear)
* key_size on success.
* */
static psa_status_t mbedtls_test_opaque_unwrap_key(
psa_status_t mbedtls_test_opaque_unwrap_key(
const uint8_t *wrapped_key,
size_t wrapped_key_length,
uint8_t *key_buffer,

77
tests/src/test_helpers/ssl_helpers.c
View file

@ -9,7 +9,7 @@
*/
#include <test/ssl_helpers.h>
#include "md_psa.h"
#include "mbedtls/psa_util.h"
#if defined(MBEDTLS_SSL_TLS_C)
#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
@ -841,6 +841,23 @@ int mbedtls_test_ssl_endpoint_init(
}
#endif
#if defined(MBEDTLS_DEBUG_C)
#if defined(MBEDTLS_SSL_SRV_C)
if (endpoint_type == MBEDTLS_SSL_IS_SERVER &&
options->srv_log_fun != NULL) {
mbedtls_ssl_conf_dbg(&(ep->conf), options->srv_log_fun,
options->srv_log_obj);
}
#endif
#if defined(MBEDTLS_SSL_CLI_C)
if (endpoint_type == MBEDTLS_SSL_IS_CLIENT &&
options->cli_log_fun != NULL) {
mbedtls_ssl_conf_dbg(&(ep->conf), options->cli_log_fun,
options->cli_log_obj);
}
#endif
#endif /* MBEDTLS_DEBUG_C */
ret = mbedtls_test_ssl_endpoint_certificate_init(ep, options->pk_alg,
options->opaque_alg,
options->opaque_alg2,
@ -1977,6 +1994,12 @@ void mbedtls_test_ssl_perform_handshake(
mbedtls_test_message_socket_init(&server_context);
mbedtls_test_message_socket_init(&client_context);
#if defined(MBEDTLS_DEBUG_C)
if (options->cli_log_fun || options->srv_log_fun) {
mbedtls_debug_set_threshold(4);
}
#endif
/* Client side */
if (options->dtls != 0) {
TEST_ASSERT(mbedtls_test_ssl_endpoint_init(&client,
@ -2000,14 +2023,6 @@ void mbedtls_test_ssl_perform_handshake(
set_ciphersuite(&client.conf, options->cipher, forced_ciphersuite);
}
#if defined(MBEDTLS_DEBUG_C)
if (options->cli_log_fun) {
mbedtls_debug_set_threshold(4);
mbedtls_ssl_conf_dbg(&client.conf, options->cli_log_fun,
options->cli_log_obj);
}
#endif
/* Server side */
if (options->dtls != 0) {
TEST_ASSERT(mbedtls_test_ssl_endpoint_init(&server,
@ -2072,14 +2087,6 @@ void mbedtls_test_ssl_perform_handshake(
}
#endif /* MBEDTLS_SSL_RENEGOTIATION */
#if defined(MBEDTLS_DEBUG_C)
if (options->srv_log_fun) {
mbedtls_debug_set_threshold(4);
mbedtls_ssl_conf_dbg(&server.conf, options->srv_log_fun,
options->srv_log_obj);
}
#endif
TEST_ASSERT(mbedtls_test_mock_socket_connect(&(client.socket),
&(server.socket),
BUFFSIZE) == 0);
@ -2419,4 +2426,40 @@ int mbedtls_test_tweak_tls13_certificate_msg_vector_len(
return 0;
}
#endif /* MBEDTLS_TEST_HOOKS */
/*
* Functions for tests based on tickets. Implementations of the
* write/parse ticket interfaces as defined by mbedtls_ssl_ticket_write/parse_t.
* Basically same implementations as in ticket.c without the encryption. That
* way we can tweak easily tickets characteristics to simulate misbehaving
* peers.
*/
#if defined(MBEDTLS_SSL_SESSION_TICKETS)
int mbedtls_test_ticket_write(
void *p_ticket, const mbedtls_ssl_session *session,
unsigned char *start, const unsigned char *end,
size_t *tlen, uint32_t *lifetime)
{
int ret;
((void) p_ticket);
if ((ret = mbedtls_ssl_session_save(session, start, end - start,
tlen)) != 0) {
return ret;
}
/* Maximum ticket lifetime as defined in RFC 8446 */
*lifetime = 7 * 24 * 3600;
return 0;
}
int mbedtls_test_ticket_parse(void *p_ticket, mbedtls_ssl_session *session,
unsigned char *buf, size_t len)
{
((void) p_ticket);
return mbedtls_ssl_session_load(session, buf, len);
}
#endif /* MBEDTLS_SSL_SESSION_TICKETS */
#endif /* MBEDTLS_SSL_TLS_C */

137
tests/suites/test_suite_aes.ctr.data Normal file
View file

@ -0,0 +1,137 @@
# Test vectors from NIST Special Publication 800-38A 2001 Edition
# Recommendation for Block Edition Cipher Modes of Operation
# as below, but corrupt the key to check the test catches it
AES-CTR NIST 128 bad
aes_ctr:"00000000000000000000000000000000":"f0f1f2f3f4f5f6f7f8f9fafbfcfdfeff":"6bc1bee22e409f96e93d7e117393172aae2d8a571e03ac9c9eb76fac45af8e5130c81c46a35ce411e5fbc1191a0a52eff69f2445df4f9b17ad2b417be66c3710":"874d6191b620e3261bef6864990db6ce9806f66b7970fdff8617187bb9fffdff5ae4df3edbd5d35e5b4f09020db03eab1e031dda2fbe03d1792170a0f3009cee":1
AES-CTR NIST 128
aes_ctr:"2b7e151628aed2a6abf7158809cf4f3c":"f0f1f2f3f4f5f6f7f8f9fafbfcfdfeff":"6bc1bee22e409f96e93d7e117393172aae2d8a571e03ac9c9eb76fac45af8e5130c81c46a35ce411e5fbc1191a0a52eff69f2445df4f9b17ad2b417be66c3710":"874d6191b620e3261bef6864990db6ce9806f66b7970fdff8617187bb9fffdff5ae4df3edbd5d35e5b4f09020db03eab1e031dda2fbe03d1792170a0f3009cee":0
AES-CTR NIST 192
depends_on:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
aes_ctr:"8e73b0f7da0e6452c810f32b809079e562f8ead2522c6b7b":"f0f1f2f3f4f5f6f7f8f9fafbfcfdfeff":"6bc1bee22e409f96e93d7e117393172aae2d8a571e03ac9c9eb76fac45af8e5130c81c46a35ce411e5fbc1191a0a52eff69f2445df4f9b17ad2b417be66c3710":"1abc932417521ca24f2b0459fe7e6e0b090339ec0aa6faefd5ccc2c6f4ce8e941e36b26bd1ebc670d1bd1d665620abf74f78a7f6d29809585a97daec58c6b050":0
AES-CTR NIST 256
depends_on:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
aes_ctr:"603deb1015ca71be2b73aef0857d77811f352c073b6108d72d9810a30914dff4":"f0f1f2f3f4f5f6f7f8f9fafbfcfdfeff":"6bc1bee22e409f96e93d7e117393172aae2d8a571e03ac9c9eb76fac45af8e5130c81c46a35ce411e5fbc1191a0a52eff69f2445df4f9b17ad2b417be66c3710":"601ec313775789a5b7a7f504bbf3d228f443e3ca4d62b59aca84e990cacaf5c52b0930daa23de94ce87017ba2d84988ddfc9c58db67aada613c2dd08457941a6":0
AES-CTR aes_encrypt_ctr_multipart 1 1
aes_encrypt_ctr_multipart:1:1
AES-CTR aes_encrypt_ctr_multipart 2 1
aes_encrypt_ctr_multipart:2:1
AES-CTR aes_encrypt_ctr_multipart 2 2
aes_encrypt_ctr_multipart:2:2
AES-CTR aes_encrypt_ctr_multipart 4 1
aes_encrypt_ctr_multipart:4:1
AES-CTR aes_encrypt_ctr_multipart 4 2
aes_encrypt_ctr_multipart:4:2
AES-CTR aes_encrypt_ctr_multipart 15 1
aes_encrypt_ctr_multipart:15:1
AES-CTR aes_encrypt_ctr_multipart 15 2
aes_encrypt_ctr_multipart:15:2
AES-CTR aes_encrypt_ctr_multipart 15 8
aes_encrypt_ctr_multipart:15:8
AES-CTR aes_encrypt_ctr_multipart 15 15
aes_encrypt_ctr_multipart:15:15
AES-CTR aes_encrypt_ctr_multipart 16 1
aes_encrypt_ctr_multipart:16:1
AES-CTR aes_encrypt_ctr_multipart 16 2
aes_encrypt_ctr_multipart:16:2
AES-CTR aes_encrypt_ctr_multipart 16 8
aes_encrypt_ctr_multipart:16:8
AES-CTR aes_encrypt_ctr_multipart 16 15
aes_encrypt_ctr_multipart:16:15
AES-CTR aes_encrypt_ctr_multipart 16 16
aes_encrypt_ctr_multipart:16:16
AES-CTR aes_encrypt_ctr_multipart 17 1
aes_encrypt_ctr_multipart:17:1
AES-CTR aes_encrypt_ctr_multipart 17 2
aes_encrypt_ctr_multipart:17:2
AES-CTR aes_encrypt_ctr_multipart 17 8
aes_encrypt_ctr_multipart:17:8
AES-CTR aes_encrypt_ctr_multipart 17 15
aes_encrypt_ctr_multipart:17:15
AES-CTR aes_encrypt_ctr_multipart 17 16
aes_encrypt_ctr_multipart:17:16
AES-CTR aes_encrypt_ctr_multipart 63 1
aes_encrypt_ctr_multipart:63:1
AES-CTR aes_encrypt_ctr_multipart 63 2
aes_encrypt_ctr_multipart:63:2
AES-CTR aes_encrypt_ctr_multipart 63 8
aes_encrypt_ctr_multipart:63:8
AES-CTR aes_encrypt_ctr_multipart 63 15
aes_encrypt_ctr_multipart:63:15
AES-CTR aes_encrypt_ctr_multipart 63 16
aes_encrypt_ctr_multipart:63:16
AES-CTR aes_encrypt_ctr_multipart 63 17
aes_encrypt_ctr_multipart:63:17
AES-CTR aes_encrypt_ctr_multipart 64 1
aes_encrypt_ctr_multipart:64:1
AES-CTR aes_encrypt_ctr_multipart 64 2
aes_encrypt_ctr_multipart:64:2
AES-CTR aes_encrypt_ctr_multipart 64 8
aes_encrypt_ctr_multipart:64:8
AES-CTR aes_encrypt_ctr_multipart 64 15
aes_encrypt_ctr_multipart:64:15
AES-CTR aes_encrypt_ctr_multipart 64 16
aes_encrypt_ctr_multipart:64:16
AES-CTR aes_encrypt_ctr_multipart 64 17
aes_encrypt_ctr_multipart:64:17
AES-CTR aes_encrypt_ctr_multipart 1024 1
aes_encrypt_ctr_multipart:1024:1
AES-CTR aes_encrypt_ctr_multipart 1024 10
aes_encrypt_ctr_multipart:1024:10
AES-CTR aes_encrypt_ctr_multipart 1024 15
aes_encrypt_ctr_multipart:1024:15
AES-CTR aes_encrypt_ctr_multipart 1024 16
aes_encrypt_ctr_multipart:1024:16
AES-CTR aes_encrypt_ctr_multipart 1024 63
aes_encrypt_ctr_multipart:1024:63
AES-CTR aes_encrypt_ctr_multipart 1024 64
aes_encrypt_ctr_multipart:1024:64
AES-CTR aes_encrypt_ctr_multipart 1024 65
aes_encrypt_ctr_multipart:1024:65
AES-CTR aes_encrypt_ctr_multipart 1024 1023
aes_encrypt_ctr_multipart:1024:1023
AES-CTR aes_encrypt_ctr_multipart 1024 1024
aes_encrypt_ctr_multipart:1024:1024

118
tests/suites/test_suite_aes.function
View file

@ -88,6 +88,124 @@ exit:
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_CTR */
void aes_ctr(data_t *key, data_t *ictr, data_t *pt, data_t *ct, int expected)
{
unsigned char *output = NULL;
unsigned char ctr[16];
unsigned char stream_block[16];
mbedtls_aes_context ctx;
// sanity checks on test input
TEST_ASSERT(pt->len == ct->len);
TEST_ASSERT(key->len == 16 || key->len == 24 || key->len == 32);
TEST_CALLOC(output, pt->len);
// expected result is always success on zero-length input, so skip len == 0 if expecting failure
for (size_t len = (expected == 0 ? 0 : 1); len <= pt->len; len++) {
for (int i = 0; i < 2; i++) {
mbedtls_aes_init(&ctx);
TEST_ASSERT(mbedtls_aes_setkey_enc(&ctx, key->x, key->len * 8) == 0);
memcpy(ctr, ictr->x, 16);
memset(stream_block, 0, 16);
memset(output, 0, pt->len);
size_t nc_off = 0;
if (i == 0) {
// encrypt
TEST_EQUAL(mbedtls_aes_crypt_ctr(&ctx, len, &nc_off, ctr,
stream_block, pt->x, output), 0);
TEST_ASSERT(!!memcmp(output, ct->x, len) == expected);
} else {
// decrypt
TEST_EQUAL(mbedtls_aes_crypt_ctr(&ctx, len, &nc_off, ctr,
stream_block, ct->x, output), 0);
TEST_ASSERT(!!memcmp(output, pt->x, len) == expected);
}
}
}
exit:
mbedtls_free(output);
mbedtls_aes_free(&ctx);
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_CTR */
void aes_encrypt_ctr_multipart(int length, int step_size)
{
unsigned char key[16];
unsigned char ctr_a[16];
unsigned char ctr_b[16];
unsigned char stream_block_a[16];
unsigned char stream_block_b[16];
unsigned char *input = NULL;
unsigned char *output_a = NULL;
unsigned char *output_b = NULL;
mbedtls_aes_context ctx;
size_t nc_off_a, nc_off_b;
TEST_ASSERT(length >= 0);
TEST_ASSERT(step_size > 0);
TEST_CALLOC(input, length);
TEST_CALLOC(output_a, length);
TEST_CALLOC(output_b, length);
// set up a random key
mbedtls_test_rnd_std_rand(NULL, key, sizeof(key));
// random input
mbedtls_test_rnd_std_rand(NULL, input, length);
// complete encryption in one call
mbedtls_aes_init(&ctx);
TEST_ASSERT(mbedtls_aes_setkey_enc(&ctx, key, sizeof(key) * 8) == 0);
memset(ctr_a, 0, sizeof(ctr_a));
memset(stream_block_a, 0, sizeof(stream_block_a));
nc_off_a = 0;
TEST_EQUAL(mbedtls_aes_crypt_ctr(&ctx, length, &nc_off_a, ctr_a,
stream_block_a, input, output_a), 0);
mbedtls_aes_free(&ctx);
// encrypt in multiple steps of varying size
mbedtls_aes_init(&ctx);
TEST_ASSERT(mbedtls_aes_setkey_enc(&ctx, key, sizeof(key) * 8) == 0);
memset(ctr_b, 0, sizeof(ctr_b));
memset(stream_block_b, 0, sizeof(stream_block_b));
nc_off_b = 0;
size_t remaining = length;
unsigned char *ip = input, *op = output_b;
while (remaining != 0) {
size_t l = MIN(remaining, (size_t) step_size);
step_size *= 2;
remaining -= l;
TEST_EQUAL(mbedtls_aes_crypt_ctr(&ctx, l, &nc_off_b, ctr_b, stream_block_b, ip, op), 0);
ip += l;
op += l;
}
// finally, validate that multiple steps produced same result as single-pass
TEST_MEMORY_COMPARE(output_a, length, output_b, length);
TEST_MEMORY_COMPARE(ctr_a, sizeof(ctr_a), ctr_b, sizeof(ctr_b));
TEST_MEMORY_COMPARE(stream_block_a, sizeof(stream_block_a),
stream_block_b, sizeof(stream_block_b));
TEST_EQUAL(nc_off_a, nc_off_b);
exit:
mbedtls_free(input);
mbedtls_free(output_a);
mbedtls_free(output_b);
mbedtls_aes_free(&ctx);
}
/* END_CASE */
/* BEGIN_CASE depends_on:!MBEDTLS_BLOCK_CIPHER_NO_DECRYPT */
void aes_decrypt_ecb(data_t *key_str, data_t *src_str,
data_t *dst, int setkey_result)

2
tests/suites/test_suite_constant_time_hmac.function
View file

@ -3,7 +3,7 @@
#include <mbedtls/constant_time.h>
#include <mbedtls/md.h>
#include <constant_time_internal.h>
#include "md_psa.h"
#include "mbedtls/psa_util.h"
#include <ssl_misc.h>
#include <test/constant_flow.h>

45
tests/suites/test_suite_ctr_drbg.data
View file

@ -1105,3 +1105,48 @@ ctr_drbg_threads:"B10A961F2EA39927B4C48AEDDD299026":1:5
CTR_DRBG self test
ctr_drbg_selftest:
Increment counter rollover
ctr_increment_rollover
Increment counter 00
ctr_increment:"00"
Increment counter ff00
ctr_increment:"ff00"
Increment counter ff0000
ctr_increment:"ff0000"
Increment counter ff000000
ctr_increment:"ff000000"
Increment counter ff00000000
ctr_increment:"ff00000000"
Increment counter ff0000000000
ctr_increment:"ff0000000000"
Increment counter ff000000000000
ctr_increment:"ff000000000000"
Increment counter 01
ctr_increment:"01"
Increment counter ff01
ctr_increment:"ff01"
Increment counter ff0001
ctr_increment:"ff0001"
Increment counter ff000001
ctr_increment:"ff000001"
Increment counter ff00000001
ctr_increment:"ff00000001"
Increment counter ff0000000001
ctr_increment:"ff0000000001"
Increment counter ff000000000001
ctr_increment:"ff000000000001"

73
tests/suites/test_suite_ctr_drbg.function
View file

@ -2,6 +2,7 @@
#include "mbedtls/entropy.h"
#include "mbedtls/ctr_drbg.h"
#include "string.h"
#include "ctr.h"
#if defined(MBEDTLS_THREADING_PTHREAD)
#include "mbedtls/threading.h"
@ -443,3 +444,75 @@ void ctr_drbg_selftest()
AES_PSA_DONE();
}
/* END_CASE */
/* BEGIN_CASE */
void ctr_increment_rollover()
{
uint8_t c[16];
uint8_t r[16];
// test all increments from 2^n - 1 to 2^n (i.e. where we roll over into the next bit)
for (int n = 0; n <= 128; n++) {
memset(c, 0, 16);
memset(r, 0, 16);
// set least significant (highest address) n bits to 1, i.e. generate (2^n - 1)
for (int i = 0; i < n; i++) {
int bit = i % 8;
int byte = (i / 8);
c[15 - byte] |= 1 << bit;
}
// increment to get 2^n
mbedtls_ctr_increment_counter(c);
// now generate a reference result equal to 2^n - i.e. set only bit (n + 1)
// if n == 127, this will not set any bits (i.e. wraps to 0).
int bit = n % 8;
int byte = n / 8;
if (byte < 16) {
r[15 - byte] = 1 << bit;
}
TEST_MEMORY_COMPARE(c, 16, r, 16);
}
uint64_t lsb = 10, msb = 20;
MBEDTLS_PUT_UINT64_BE(msb, c, 0);
MBEDTLS_PUT_UINT64_BE(lsb, c, 8);
memcpy(r, c, 16);
mbedtls_ctr_increment_counter(c);
for (int i = 15; i >= 0; i--) {
r[i] += 1;
if (r[i] != 0) {
break;
}
}
TEST_MEMORY_COMPARE(c, 16, r, 16);
}
/* END_CASE */
/* BEGIN_CASE */
void ctr_increment(data_t *x)
{
uint8_t c[16];
uint8_t r[16];
// initialise c and r from test argument
memset(c, 0, 16);
memcpy(c, x->x, x->len);
memcpy(r, c, 16);
// increment c
mbedtls_ctr_increment_counter(c);
// increment reference
for (int i = 15; i >= 0; i--) {
r[i] += 1;
if (r[i] != 0) {
break;
}
}
// test that mbedtls_ctr_increment_counter behaviour matches reference
TEST_MEMORY_COMPARE(c, 16, r, 16);
}
/* END_CASE */

2
tests/suites/test_suite_debug.function
View file

@ -1,5 +1,5 @@
/* BEGIN_HEADER */
#include "mbedtls/debug.h"
#include "debug_internal.h"
#include "string.h"
#include "mbedtls/pk.h"

60
tests/suites/test_suite_ecp.data
View file

@ -529,6 +529,24 @@ ECP check public-private #7 (wrong Qy)
depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED
mbedtls_ecp_check_pub_priv:MBEDTLS_ECP_DP_SECP256R1:"37cc56d976091e5a723ec7592dff206eee7cf9069174d0ad14b5f76822596292":"4ee500d82311ffea2fd2345d5d16bd8a88c26b770d55cd8a2a0efa01c8b4edfe":MBEDTLS_ECP_DP_SECP256R1:"00f12a1320760270a83cbffd53f6031ef76a5d86c8a204f2c30ca9ebf51f0f0ea7":"37cc56d976091e5a723ec7592dff206eee7cf9069174d0ad14b5f76822596292":"4ee500d82311ffea2fd2345d5d16bd8a88c26b770d55cd8a2a0efa01c8b4edfe":MBEDTLS_ERR_ECP_BAD_INPUT_DATA
ECP calculate public: secp256r1, good
depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED
ecp_calc_public:MBEDTLS_ECP_DP_SECP256R1:"00f12a1320760270a83cbffd53f6031ef76a5d86c8a204f2c30ca9ebf51f0f0ea7":0:"0437cc56d976091e5a723ec7592dff206eee7cf9069174d0ad14b5f768225962924ee500d82311ffea2fd2345d5d16bd8a88c26b770d55cd8a2a0efa01c8b4edff"
ECP calculate public: secp256r1, private value out of range
depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED
ecp_calc_public:MBEDTLS_ECP_DP_SECP256R1:"ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff":MBEDTLS_ERR_ECP_INVALID_KEY:""
# Alice's private key from rfc 7748, masked and adjusted for endianness
# because the test function wants the little-endian representation.
ECP calculate public: Curve25519, good
depends_on:MBEDTLS_ECP_DP_CURVE25519_ENABLED
ecp_calc_public:MBEDTLS_ECP_DP_CURVE25519:"6a2cb91da5fb77b12a99c0eb872f4cdf4566b25172c1163c7da518730a6d0770":0:"8520f0098930a754748b7ddcb43ef75a0dbf3a0d26381af4eba4a98eaa9b4e6a"
ECP calculate public: Curve25519, private value not masked
depends_on:MBEDTLS_ECP_DP_CURVE25519_ENABLED
ecp_calc_public:MBEDTLS_ECP_DP_CURVE25519:"2a2cb91da5fb77b12a99c0eb872f4cdf4566b25172c1163c7da518730a6d0770":MBEDTLS_ERR_ECP_INVALID_KEY:"8520f0098930a754748b7ddcb43ef75a0dbf3a0d26381af4eba4a98eaa9b4e6a"
ECP gen keypair [#1]
depends_on:MBEDTLS_ECP_DP_SECP192R1_ENABLED
mbedtls_ecp_gen_keypair:MBEDTLS_ECP_DP_SECP192R1
@ -581,6 +599,48 @@ genkey_mx_known_answer:447:"ffffffffffffffffffffffffffffffffffffffffffffffffffff
ECP generate Montgomery key: Curve448, not enough entropy
genkey_mx_known_answer:447:"4f0102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f30313233343536":""
ECP set public key: invalid group (0)
ecp_set_public_key_group_check:MBEDTLS_ECP_DP_NONE:MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE
ECP set public key: valid group (secp256r1)
depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED
ecp_set_public_key_group_check:MBEDTLS_ECP_DP_SECP256R1:0
ECP set public key: group not supported (secp256r1)
depends_on:!MBEDTLS_ECP_DP_SECP256R1_ENABLED
ecp_set_public_key_group_check:MBEDTLS_ECP_DP_SECP256R1:MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE
ECP set public key: bad group (not in enum)
ecp_set_public_key_group_check:MBEDTLS_ECP_DP_MAX:MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE
ECP set public key: good, secp256r1
depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED
ecp_set_public_key_good:MBEDTLS_ECP_DP_SECP256R1:"04e1e1e1e1e1e1e1e1e1e1e1e1e1e1e1e1e1e1e1e1e1e0e1ff20e1ffe120e1e1e173287170a761308491683e345cacaebb500c96e1a7bbd37772968b2c951f0579"
ECP set public key: good, Curve25519
depends_on:MBEDTLS_ECP_DP_CURVE25519_ENABLED
ecp_set_public_key_good:MBEDTLS_ECP_DP_CURVE25519:"8520f0098930a754748b7ddcb43ef75a0dbf3a0d26381af4eba4a98eaa9b4e6a"
ECP set public key after private: good, secp256r1
depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED
ecp_set_public_key_after_private:MBEDTLS_ECP_DP_SECP256R1:"70726976617465206b6579":MBEDTLS_ECP_DP_SECP256R1:"04e1e1e1e1e1e1e1e1e1e1e1e1e1e1e1e1e1e1e1e1e1e0e1ff20e1ffe120e1e1e173287170a761308491683e345cacaebb500c96e1a7bbd37772968b2c951f0579"
ECP set public key after private: good, Curve25519
depends_on:MBEDTLS_ECP_DP_CURVE25519_ENABLED
ecp_set_public_key_after_private:MBEDTLS_ECP_DP_CURVE25519:"70076d0a7318a57d3c16c17251b26645df4c2f87ebc0992ab177fba51db92c6a":MBEDTLS_ECP_DP_CURVE25519:"8520f0098930a754748b7ddcb43ef75a0dbf3a0d26381af4eba4a98eaa9b4e6a"
ECP set public key after private: secp256r1 then secp256k1
depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP256K1_ENABLED
ecp_set_public_key_after_private:MBEDTLS_ECP_DP_SECP256R1:"70726976617465206b6579":MBEDTLS_ECP_DP_SECP256K1:"04e1e1e1e1e1e1e1e1e1e1e1e1e1e1e1e1e1e1e1e1e1e0e1ff20e1ffe120e1e1e173287170a761308491683e345cacaebb500c96e1a7bbd37772968b2c951f0579"
ECP set public key after private: secp256r1 then secp384r1
depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED
ecp_set_public_key_after_private:MBEDTLS_ECP_DP_SECP256R1:"70726976617465206b6579":MBEDTLS_ECP_DP_SECP384R1:"04aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaae1e1e1e1e1e1e1e1e1e1e1e1e1e1e1e1e1e1e1e1e1e0e1ff20e1ffe120e1e1e173287170a761308491683e345cacaebb500c96e1a7bbd37772968b2c951f0579bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb"
ECP set public key after private: secp384r1 then secp256r1
depends_on:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ECP_DP_SECP256R1_ENABLED
ecp_set_public_key_after_private:MBEDTLS_ECP_DP_SECP384R1:"70726976617465206b6579":MBEDTLS_ECP_DP_SECP256R1:"04e1e1e1e1e1e1e1e1e1e1e1e1e1e1e1e1e1e1e1e1e1e0e1ff20e1ffe120e1e1e173287170a761308491683e345cacaebb500c96e1a7bbd37772968b2c951f0579"
ECP read key #1 (short weierstrass, too small)
depends_on:MBEDTLS_ECP_DP_SECP192R1_ENABLED
mbedtls_ecp_read_key:MBEDTLS_ECP_DP_SECP192R1:"00":MBEDTLS_ERR_ECP_INVALID_KEY:0

193
tests/suites/test_suite_ecp.function
View file

@ -590,29 +590,41 @@ void ecp_write_binary(int id, char *x, char *y, char *z, int format,
{
mbedtls_ecp_group grp;
mbedtls_ecp_point P;
mbedtls_ecp_keypair key;
unsigned char buf[256];
size_t olen;
memset(buf, 0, sizeof(buf));
mbedtls_ecp_group_init(&grp); mbedtls_ecp_point_init(&P);
mbedtls_ecp_keypair_init(&key);
TEST_ASSERT(mbedtls_ecp_group_load(&grp, id) == 0);
TEST_EQUAL(mbedtls_ecp_group_load(&grp, id), 0);
TEST_ASSERT(mbedtls_test_read_mpi(&P.X, x) == 0);
TEST_ASSERT(mbedtls_test_read_mpi(&P.Y, y) == 0);
TEST_ASSERT(mbedtls_test_read_mpi(&P.Z, z) == 0);
TEST_ASSERT(mbedtls_ecp_point_write_binary(&grp, &P, format,
&olen, buf, blen) == ret);
TEST_EQUAL(mbedtls_test_read_mpi(&P.X, x), 0);
TEST_EQUAL(mbedtls_test_read_mpi(&P.Y, y), 0);
TEST_EQUAL(mbedtls_test_read_mpi(&P.Z, z), 0);
TEST_EQUAL(mbedtls_ecp_point_write_binary(&grp, &P, format,
&olen, buf, blen), ret);
if (ret == 0) {
TEST_ASSERT(olen <= MBEDTLS_ECP_MAX_PT_LEN);
TEST_ASSERT(mbedtls_test_hexcmp(buf, out->x, olen, out->len) == 0);
TEST_LE_U(olen, MBEDTLS_ECP_MAX_PT_LEN);
ASSERT_COMPARE(buf, olen,
out->x, out->len);
}
memset(buf, 0, blen);
TEST_EQUAL(mbedtls_ecp_set_public_key(grp.id, &key, &P), 0);
TEST_EQUAL(mbedtls_ecp_write_public_key(&key, format,
&olen, buf, blen), ret);
if (ret == 0) {
ASSERT_COMPARE(buf, olen,
out->x, out->len);
}
exit:
mbedtls_ecp_group_free(&grp); mbedtls_ecp_point_free(&P);
mbedtls_ecp_keypair_free(&key);
}
/* END_CASE */
@ -988,6 +1000,41 @@ exit:
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_ECP_C */
void ecp_calc_public(int grp_id, data_t *private_data,
int expected_ret, data_t *expected_public)
{
mbedtls_ecp_keypair key;
mbedtls_ecp_keypair_init(&key);
mbedtls_test_rnd_pseudo_info rnd_info;
memset(&rnd_info, 0x00, sizeof(mbedtls_test_rnd_pseudo_info));
TEST_EQUAL(mbedtls_ecp_group_load(&key.grp, grp_id), 0);
TEST_EQUAL(mbedtls_mpi_read_binary(&key.d,
private_data->x, private_data->len), 0);
TEST_EQUAL(mbedtls_ecp_keypair_calc_public(&key,
&mbedtls_test_rnd_pseudo_rand, &rnd_info),
expected_ret);
if (expected_ret == 0) {
TEST_EQUAL(mbedtls_ecp_check_pub_priv(&key, &key,
&mbedtls_test_rnd_pseudo_rand, &rnd_info),
0);
unsigned char buf[MBEDTLS_ECP_MAX_PT_LEN];
size_t length;
TEST_EQUAL(mbedtls_ecp_point_write_binary(&key.grp, &key.Q,
MBEDTLS_ECP_PF_UNCOMPRESSED,
&length, buf, sizeof(buf)),
0);
ASSERT_COMPARE(expected_public->x, expected_public->len, buf, length);
}
exit:
mbedtls_ecp_keypair_free(&key);
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_ECP_C */
void mbedtls_ecp_gen_keypair(int id)
{
@ -1030,6 +1077,7 @@ void mbedtls_ecp_gen_key(int id)
&mbedtls_test_rnd_pseudo_rand,
&rnd_info) == 0);
TEST_EQUAL(mbedtls_ecp_keypair_get_group_id(&key), id);
TEST_ASSERT(mbedtls_ecp_check_pubkey(&key.grp, &key.Q) == 0);
TEST_ASSERT(mbedtls_ecp_check_privkey(&key.grp, &key.d) == 0);
@ -1038,23 +1086,124 @@ exit:
}
/* END_CASE */
/* BEGIN_CASE */
void ecp_set_public_key_group_check(int grp_id, int expected_ret)
{
mbedtls_ecp_keypair key;
mbedtls_ecp_keypair_init(&key);
mbedtls_ecp_point Q;
mbedtls_ecp_point_init(&Q);
TEST_EQUAL(mbedtls_ecp_set_public_key(grp_id, &key, &Q),
expected_ret);
exit:
mbedtls_ecp_keypair_free(&key);
mbedtls_ecp_point_free(&Q);
}
/* END_CASE */
/* BEGIN_CASE */
void ecp_set_public_key_good(int grp_id, data_t *public_data)
{
mbedtls_ecp_keypair key;
mbedtls_ecp_keypair_init(&key);
mbedtls_ecp_group grp;
mbedtls_ecp_group_init(&grp);
mbedtls_ecp_point Q;
mbedtls_ecp_point_init(&Q);
TEST_EQUAL(mbedtls_ecp_group_load(&grp, grp_id), 0);
TEST_EQUAL(mbedtls_ecp_point_read_binary(&grp, &Q,
public_data->x, public_data->len),
0);
/* Freshly initialized key */
TEST_EQUAL(mbedtls_ecp_set_public_key(grp_id, &key, &Q), 0);
TEST_EQUAL(key.grp.id, grp_id);
TEST_EQUAL(mbedtls_ecp_point_cmp(&key.Q, &Q), 0);
/* Key with a public key already set to a different value */
TEST_EQUAL(mbedtls_mpi_add_int(&key.Q.X, &key.Q.X, 1), 0);
TEST_EQUAL(mbedtls_mpi_add_int(&key.Q.Y, &key.Q.Y, 1), 0);
TEST_EQUAL(mbedtls_mpi_add_int(&key.Q.Z, &key.Q.Z, 1), 0);
TEST_EQUAL(mbedtls_ecp_set_public_key(grp_id, &key, &Q), 0);
TEST_EQUAL(key.grp.id, grp_id);
TEST_EQUAL(mbedtls_ecp_point_cmp(&key.Q, &Q), 0);
exit:
mbedtls_ecp_keypair_free(&key);
mbedtls_ecp_group_free(&grp);
mbedtls_ecp_point_free(&Q);
}
/* END_CASE */
/* BEGIN_CASE */
void ecp_set_public_key_after_private(int private_grp_id, data_t *private_data,
int public_grp_id, data_t *public_data)
{
mbedtls_ecp_keypair key;
mbedtls_ecp_keypair_init(&key);
mbedtls_ecp_group grp;
mbedtls_ecp_group_init(&grp);
mbedtls_ecp_point Q;
mbedtls_ecp_point_init(&Q);
mbedtls_mpi d;
mbedtls_mpi_init(&d);
TEST_EQUAL(mbedtls_ecp_group_load(&grp, public_grp_id), 0);
TEST_EQUAL(mbedtls_ecp_point_read_binary(&grp, &Q,
public_data->x, public_data->len),
0);
TEST_EQUAL(mbedtls_ecp_read_key(private_grp_id, &key,
private_data->x, private_data->len),
0);
TEST_EQUAL(mbedtls_mpi_copy(&d, &key.d), 0);
int ret = mbedtls_ecp_set_public_key(public_grp_id, &key, &Q);
if (private_grp_id == public_grp_id) {
TEST_EQUAL(ret, 0);
TEST_EQUAL(key.grp.id, public_grp_id);
TEST_EQUAL(mbedtls_ecp_point_cmp(&key.Q, &Q), 0);
TEST_EQUAL(mbedtls_mpi_cmp_mpi(&d, &key.d), 0);
} else {
TEST_EQUAL(ret, MBEDTLS_ERR_ECP_BAD_INPUT_DATA);
}
exit:
mbedtls_ecp_keypair_free(&key);
mbedtls_ecp_group_free(&grp);
mbedtls_ecp_point_free(&Q);
mbedtls_mpi_free(&d);
}
/* END_CASE */
/* BEGIN_CASE */
void mbedtls_ecp_read_key(int grp_id, data_t *in_key, int expected, int canonical)
{
int ret = 0;
mbedtls_ecp_keypair key;
mbedtls_ecp_keypair key2;
mbedtls_ecp_keypair_init(&key);
mbedtls_ecp_keypair key2;
mbedtls_ecp_keypair_init(&key2);
TEST_EQUAL(mbedtls_mpi_lset(&key.Q.X, 1), 0);
TEST_EQUAL(mbedtls_mpi_lset(&key.Q.Y, 2), 0);
TEST_EQUAL(mbedtls_mpi_lset(&key.Q.Z, 3), 0);
ret = mbedtls_ecp_read_key(grp_id, &key, in_key->x, in_key->len);
TEST_ASSERT(ret == expected);
if (expected == 0) {
TEST_EQUAL(mbedtls_ecp_keypair_get_group_id(&key), grp_id);
ret = mbedtls_ecp_check_privkey(&key.grp, &key.d);
TEST_ASSERT(ret == 0);
TEST_EQUAL(mbedtls_mpi_cmp_int(&key.Q.X, 1), 0);
TEST_EQUAL(mbedtls_mpi_cmp_int(&key.Q.Y, 2), 0);
TEST_EQUAL(mbedtls_mpi_cmp_int(&key.Q.Z, 3), 0);
if (canonical) {
unsigned char buf[MBEDTLS_ECP_MAX_BYTES];
@ -1233,6 +1382,28 @@ void ecp_export(int id, char *Qx, char *Qy, char *d, int expected_ret, int inval
TEST_EQUAL(mbedtls_ecp_point_cmp(&key.Q, &export_Q), 0);
TEST_EQUAL(mbedtls_mpi_cmp_mpi(&key.d, &export_d), 0);
TEST_EQUAL(mbedtls_ecp_group_cmp(&key.grp, &export_grp), 0);
/* Check consistency with the group id */
TEST_EQUAL(export_grp.id,
mbedtls_ecp_keypair_get_group_id(&key));
/* Test null arguments: grp only */
mbedtls_ecp_group_free(&export_grp);
mbedtls_ecp_group_init(&export_grp);
TEST_EQUAL(mbedtls_ecp_export(&key, &export_grp, NULL, NULL), 0);
TEST_EQUAL(mbedtls_ecp_group_cmp(&key.grp, &export_grp), 0);
/* Test null arguments: d only */
mbedtls_mpi_free(&export_d);
mbedtls_mpi_init(&export_d);
TEST_EQUAL(mbedtls_ecp_export(&key, NULL, &export_d, NULL), 0);
TEST_EQUAL(mbedtls_mpi_cmp_mpi(&key.d, &export_d), 0);
/* Test null arguments: Q only */
mbedtls_ecp_point_free(&export_Q);
mbedtls_ecp_point_init(&export_Q);
TEST_EQUAL(mbedtls_ecp_export(&key, NULL, NULL, &export_Q), 0);
TEST_EQUAL(mbedtls_ecp_point_cmp(&key.Q, &export_Q), 0);
}
exit:

127
tests/suites/test_suite_gcm.function
View file

@ -153,6 +153,21 @@ exit:
mbedtls_free(output);
}
static void gcm_reset_ctx(mbedtls_gcm_context *ctx, const uint8_t *key,
size_t key_bits, const uint8_t *iv, size_t iv_len,
int starts_ret)
{
int mode = MBEDTLS_GCM_ENCRYPT;
mbedtls_cipher_id_t valid_cipher = MBEDTLS_CIPHER_ID_AES;
mbedtls_gcm_init(ctx);
TEST_EQUAL(mbedtls_gcm_setkey(ctx, valid_cipher, key, key_bits), 0);
TEST_EQUAL(starts_ret, mbedtls_gcm_starts(ctx, mode, iv, iv_len));
exit:
/* empty */
return;
}
/* END_HEADER */
/* BEGIN_DEPENDENCIES
@ -478,6 +493,118 @@ exit:
}
/* END_CASE */
/* BEGIN_CASE */
/* NISP SP 800-38D, Section 5.2.1.1 requires that bit length of IV should
* satisfy 1 <= bit_len(IV) <= 2^64 - 1. */
void gcm_invalid_iv_len(void)
{
mbedtls_gcm_context ctx;
mbedtls_gcm_init(&ctx);
uint8_t b16[16] = { 0 };
BLOCK_CIPHER_PSA_INIT();
// Invalid IV length 0
gcm_reset_ctx(&ctx, b16, sizeof(b16) * 8, b16, 0, MBEDTLS_ERR_GCM_BAD_INPUT);
mbedtls_gcm_free(&ctx);
// Only testable on platforms where sizeof(size_t) >= 8.
#if SIZE_MAX >= UINT64_MAX
// Invalid IV length 2^61
gcm_reset_ctx(&ctx, b16, sizeof(b16) * 8, b16, 1ULL << 61, MBEDTLS_ERR_GCM_BAD_INPUT);
mbedtls_gcm_free(&ctx);
#endif
goto exit; /* To suppress error that exit is defined but not used */
exit:
mbedtls_gcm_free(&ctx);
BLOCK_CIPHER_PSA_DONE();
}
/* END_CASE */
/* BEGIN_CASE */
void gcm_add_len_too_long(void)
{
// Only testable on platforms where sizeof(size_t) >= 8.
#if SIZE_MAX >= UINT64_MAX
mbedtls_gcm_context ctx;
mbedtls_gcm_init(&ctx);
uint8_t b16[16] = { 0 };
BLOCK_CIPHER_PSA_INIT();
/* NISP SP 800-38D, Section 5.2.1.1 requires that bit length of AD should
* be <= 2^64 - 1, ie < 2^64. This is the minimum invalid length in bytes. */
uint64_t len_max = 1ULL << 61;
gcm_reset_ctx(&ctx, b16, sizeof(b16) * 8, b16, sizeof(b16), 0);
// Feed AD that just exceeds the length limit
TEST_EQUAL(mbedtls_gcm_update_ad(&ctx, b16, len_max),
MBEDTLS_ERR_GCM_BAD_INPUT);
mbedtls_gcm_free(&ctx);
gcm_reset_ctx(&ctx, b16, sizeof(b16) * 8, b16, sizeof(b16), 0);
// Feed AD that just exceeds the length limit in two calls
TEST_EQUAL(mbedtls_gcm_update_ad(&ctx, b16, 1), 0);
TEST_EQUAL(mbedtls_gcm_update_ad(&ctx, b16, len_max - 1),
MBEDTLS_ERR_GCM_BAD_INPUT);
mbedtls_gcm_free(&ctx);
gcm_reset_ctx(&ctx, b16, sizeof(b16) * 8, b16, sizeof(b16), 0);
// Test if potential total AD length overflow is handled properly
TEST_EQUAL(mbedtls_gcm_update_ad(&ctx, b16, 1), 0);
TEST_EQUAL(mbedtls_gcm_update_ad(&ctx, b16, UINT64_MAX), MBEDTLS_ERR_GCM_BAD_INPUT);
exit:
mbedtls_gcm_free(&ctx);
BLOCK_CIPHER_PSA_DONE();
#endif
}
/* END_CASE */
/* BEGIN_CASE */
void gcm_input_len_too_long(void)
{
// Only testable on platforms where sizeof(size_t) >= 8
#if SIZE_MAX >= UINT64_MAX
mbedtls_gcm_context ctx;
uint8_t b16[16] = { 0 };
uint8_t out[1];
size_t out_len;
mbedtls_gcm_init(&ctx);
BLOCK_CIPHER_PSA_INIT();
/* NISP SP 800-38D, Section 5.2.1.1 requires that bit length of input should
* be <= 2^39 - 256. This is the maximum valid length in bytes. */
uint64_t len_max = (1ULL << 36) - 32;
gcm_reset_ctx(&ctx, b16, sizeof(b16) * 8, b16, sizeof(b16), 0);
// Feed input that just exceeds the length limit
TEST_EQUAL(mbedtls_gcm_update(&ctx, b16, len_max + 1, out, len_max + 1,
&out_len),
MBEDTLS_ERR_GCM_BAD_INPUT);
mbedtls_gcm_free(&ctx);
gcm_reset_ctx(&ctx, b16, sizeof(b16) * 8, b16, sizeof(b16), 0);
// Feed input that just exceeds the length limit in two calls
TEST_EQUAL(mbedtls_gcm_update(&ctx, b16, 1, out, 1, &out_len), 0);
TEST_EQUAL(mbedtls_gcm_update(&ctx, b16, len_max, out, len_max, &out_len),
MBEDTLS_ERR_GCM_BAD_INPUT);
mbedtls_gcm_free(&ctx);
gcm_reset_ctx(&ctx, b16, sizeof(b16) * 8, b16, sizeof(b16), 0);
// Test if potential total input length overflow is handled properly
TEST_EQUAL(mbedtls_gcm_update(&ctx, b16, 1, out, 1, &out_len), 0);
TEST_EQUAL(mbedtls_gcm_update(&ctx, b16, UINT64_MAX, out, UINT64_MAX,
&out_len),
MBEDTLS_ERR_GCM_BAD_INPUT);
exit:
mbedtls_gcm_free(&ctx);
BLOCK_CIPHER_PSA_DONE();
#endif
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_SELF_TEST:MBEDTLS_CCM_GCM_CAN_AES */
void gcm_selftest()
{

12
tests/suites/test_suite_gcm.misc.data
View file

@ -1,2 +1,14 @@
GCM - Invalid parameters
gcm_invalid_param:
GCM - Invalid IV length
depends_on:MBEDTLS_GCM_C:MBEDTLS_CCM_GCM_CAN_AES
gcm_invalid_iv_len:
GCM - Additional data length too long
depends_on:MBEDTLS_GCM_C:MBEDTLS_CCM_GCM_CAN_AES
gcm_add_len_too_long:
GCM - Input length too long
depends_on:MBEDTLS_GCM_C:MBEDTLS_CCM_GCM_CAN_AES
gcm_input_len_too_long:

2
tests/suites/test_suite_md.function
View file

@ -1,6 +1,6 @@
/* BEGIN_HEADER */
#include "mbedtls/md.h"
#include "md_psa.h"
#include "mbedtls/psa_util.h"
#include "mbedtls/oid.h"
#include "mbedtls/asn1.h"

2
tests/suites/test_suite_pk.function
View file

@ -17,7 +17,7 @@
* but the test code generator requires test case data to be valid C code
* unconditionally (https://github.com/Mbed-TLS/mbedtls/issues/2023). */
#include "psa/crypto.h"
#include "md_psa.h"
#include "mbedtls/psa_util.h"
/* Used for properly sizing the key buffer in pk_genkey_ec() */
#include "psa_util_internal.h"

1
tests/suites/test_suite_pkcs7.function
View file

@ -4,6 +4,7 @@
#include "mbedtls/x509.h"
#include "mbedtls/x509_crt.h"
#include "mbedtls/x509_crl.h"
#include "x509_internal.h"
#include "mbedtls/oid.h"
#include "sys/types.h"
#include "sys/stat.h"

2
tests/suites/test_suite_pkwrite.function
View file

@ -1,5 +1,5 @@
/* BEGIN_HEADER */
#include "mbedtls/pk.h"
#include "pk_internal.h"
#include "mbedtls/pem.h"
#include "mbedtls/oid.h"
#include "psa/crypto_sizes.h"

85
tests/suites/test_suite_psa_crypto.data
View file

@ -684,7 +684,7 @@ import_with_data:"":PSA_KEY_TYPE_RAW_DATA:8:PSA_ERROR_INVALID_ARGUMENT
PSA import EC keypair: explicit bit-size=255 for secp256r1
depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT:PSA_WANT_ECC_SECP_R1_256
import_with_data:"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):255:PSA_ERROR_NOT_SUPPORTED
import_with_data:"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):255:PSA_ERROR_INVALID_ARGUMENT
PSA import EC keypair: explicit bit-size=521 for secp521r1 (good)
depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT:PSA_WANT_ECC_SECP_R1_521
@ -692,7 +692,7 @@ import_with_data:"01b1b6ad07bb79e7320da59860ea28e055284f6058f279de666e06d435d2af
PSA import EC keypair: explicit bit-size=528 for secp521r1 (bad)
depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT:PSA_WANT_ECC_SECP_R1_521
import_with_data:"01b1b6ad07bb79e7320da59860ea28e055284f6058f279de666e06d435d2af7bda28d99fa47b7dd0963e16b0073078ee8b8a38d966a582f46d19ff95df3ad9685aae":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):528:PSA_ERROR_NOT_SUPPORTED
import_with_data:"01b1b6ad07bb79e7320da59860ea28e055284f6058f279de666e06d435d2af7bda28d99fa47b7dd0963e16b0073078ee8b8a38d966a582f46d19ff95df3ad9685aae":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):528:PSA_ERROR_INVALID_ARGUMENT
PSA import EC keypair: explicit bit-size, DER format
depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT:PSA_WANT_ECC_SECP_R1_256
@ -716,7 +716,7 @@ import_with_data:"04dea5e45d0ea37fc566232a508f4ad20ea13d47e4bf5fa4d54a57a0ba0120
PSA import EC keypair: implicit bit-size, not a valid length
depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT:PSA_WANT_ECC_SECP_R1_256
import_with_data:"0123456789abcdef0123456789abcdef":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):0:PSA_ERROR_NOT_SUPPORTED
import_with_data:"0123456789abcdef0123456789abcdef":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):0:PSA_ERROR_INVALID_ARGUMENT
PSA import EC keypair: secp256r1, all-bits-zero (bad)
depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT:PSA_WANT_ECC_SECP_R1_256
@ -1025,35 +1025,39 @@ aead_key_policy:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_AEAD_WITH_
PSA key policy: asymmetric encryption, encrypt | decrypt
depends_on:PSA_WANT_ALG_RSA_PKCS1V15_CRYPT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT
asymmetric_encryption_key_policy:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082013b020100024100ee2b131d6b1818a94ca8e91c42387eb15a7c271f57b89e7336b144d4535b16c83097ecdefbbb92d1b5313b5a37214d0e8f25922dca778b424b25295fc8a1a7070203010001024100978ac8eadb0dc6035347d6aba8671215ff21283385396f7897c04baf5e2a835f3b53ef80a82ed36ae687a925380b55a0c73eb85656e989dcf0ed7fb4887024e1022100fdad8e1c6853563f8b921d2d112462ae7d6b176082d2ba43e87e1a37fc1a8b33022100f0592cf4c55ba44307b18981bcdbda376c51e590ffa5345ba866f6962dca94dd02201995f1a967d44ff4a4cd1de837bc65bf97a2bf7eda730a9a62cea53254591105022027f96cf4b8ee68ff8d04062ec1ce7f18c0b74e4b3379b29f9bfea3fc8e592731022100cefa6d220496b43feb83194255d8fb930afcf46f36606e3aa0eb7a93ad88c10c":PSA_ALG_RSA_PKCS1V15_CRYPT
asymmetric_encryption_key_policy:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082013b020100024100ee2b131d6b1818a94ca8e91c42387eb15a7c271f57b89e7336b144d4535b16c83097ecdefbbb92d1b5313b5a37214d0e8f25922dca778b424b25295fc8a1a7070203010001024100978ac8eadb0dc6035347d6aba8671215ff21283385396f7897c04baf5e2a835f3b53ef80a82ed36ae687a925380b55a0c73eb85656e989dcf0ed7fb4887024e1022100fdad8e1c6853563f8b921d2d112462ae7d6b176082d2ba43e87e1a37fc1a8b33022100f0592cf4c55ba44307b18981bcdbda376c51e590ffa5345ba866f6962dca94dd02201995f1a967d44ff4a4cd1de837bc65bf97a2bf7eda730a9a62cea53254591105022027f96cf4b8ee68ff8d04062ec1ce7f18c0b74e4b3379b29f9bfea3fc8e592731022100cefa6d220496b43feb83194255d8fb930afcf46f36606e3aa0eb7a93ad88c10c":PSA_ALG_RSA_PKCS1V15_CRYPT:0
PSA key policy: asymmetric encryption, wrong algorithm (v1.5/OAEP)
depends_on:PSA_WANT_ALG_RSA_OAEP:PSA_WANT_ALG_RSA_PKCS1V15_CRYPT:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT
asymmetric_encryption_key_policy:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082013b020100024100ee2b131d6b1818a94ca8e91c42387eb15a7c271f57b89e7336b144d4535b16c83097ecdefbbb92d1b5313b5a37214d0e8f25922dca778b424b25295fc8a1a7070203010001024100978ac8eadb0dc6035347d6aba8671215ff21283385396f7897c04baf5e2a835f3b53ef80a82ed36ae687a925380b55a0c73eb85656e989dcf0ed7fb4887024e1022100fdad8e1c6853563f8b921d2d112462ae7d6b176082d2ba43e87e1a37fc1a8b33022100f0592cf4c55ba44307b18981bcdbda376c51e590ffa5345ba866f6962dca94dd02201995f1a967d44ff4a4cd1de837bc65bf97a2bf7eda730a9a62cea53254591105022027f96cf4b8ee68ff8d04062ec1ce7f18c0b74e4b3379b29f9bfea3fc8e592731022100cefa6d220496b43feb83194255d8fb930afcf46f36606e3aa0eb7a93ad88c10c":PSA_ALG_RSA_OAEP(PSA_ALG_SHA_256)
asymmetric_encryption_key_policy:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082013b020100024100ee2b131d6b1818a94ca8e91c42387eb15a7c271f57b89e7336b144d4535b16c83097ecdefbbb92d1b5313b5a37214d0e8f25922dca778b424b25295fc8a1a7070203010001024100978ac8eadb0dc6035347d6aba8671215ff21283385396f7897c04baf5e2a835f3b53ef80a82ed36ae687a925380b55a0c73eb85656e989dcf0ed7fb4887024e1022100fdad8e1c6853563f8b921d2d112462ae7d6b176082d2ba43e87e1a37fc1a8b33022100f0592cf4c55ba44307b18981bcdbda376c51e590ffa5345ba866f6962dca94dd02201995f1a967d44ff4a4cd1de837bc65bf97a2bf7eda730a9a62cea53254591105022027f96cf4b8ee68ff8d04062ec1ce7f18c0b74e4b3379b29f9bfea3fc8e592731022100cefa6d220496b43feb83194255d8fb930afcf46f36606e3aa0eb7a93ad88c10c":PSA_ALG_RSA_OAEP(PSA_ALG_SHA_256):0
PSA key policy: asymmetric encryption, wrong algorithm (OAEP with different hash)
depends_on:PSA_WANT_ALG_RSA_OAEP:PSA_WANT_ALG_SHA_224:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT
asymmetric_encryption_key_policy:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_RSA_OAEP(PSA_ALG_SHA_224):PSA_KEY_TYPE_RSA_KEY_PAIR:"3082013b020100024100ee2b131d6b1818a94ca8e91c42387eb15a7c271f57b89e7336b144d4535b16c83097ecdefbbb92d1b5313b5a37214d0e8f25922dca778b424b25295fc8a1a7070203010001024100978ac8eadb0dc6035347d6aba8671215ff21283385396f7897c04baf5e2a835f3b53ef80a82ed36ae687a925380b55a0c73eb85656e989dcf0ed7fb4887024e1022100fdad8e1c6853563f8b921d2d112462ae7d6b176082d2ba43e87e1a37fc1a8b33022100f0592cf4c55ba44307b18981bcdbda376c51e590ffa5345ba866f6962dca94dd02201995f1a967d44ff4a4cd1de837bc65bf97a2bf7eda730a9a62cea53254591105022027f96cf4b8ee68ff8d04062ec1ce7f18c0b74e4b3379b29f9bfea3fc8e592731022100cefa6d220496b43feb83194255d8fb930afcf46f36606e3aa0eb7a93ad88c10c":PSA_ALG_RSA_OAEP(PSA_ALG_SHA_256)
asymmetric_encryption_key_policy:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_RSA_OAEP(PSA_ALG_SHA_224):PSA_KEY_TYPE_RSA_KEY_PAIR:"3082013b020100024100ee2b131d6b1818a94ca8e91c42387eb15a7c271f57b89e7336b144d4535b16c83097ecdefbbb92d1b5313b5a37214d0e8f25922dca778b424b25295fc8a1a7070203010001024100978ac8eadb0dc6035347d6aba8671215ff21283385396f7897c04baf5e2a835f3b53ef80a82ed36ae687a925380b55a0c73eb85656e989dcf0ed7fb4887024e1022100fdad8e1c6853563f8b921d2d112462ae7d6b176082d2ba43e87e1a37fc1a8b33022100f0592cf4c55ba44307b18981bcdbda376c51e590ffa5345ba866f6962dca94dd02201995f1a967d44ff4a4cd1de837bc65bf97a2bf7eda730a9a62cea53254591105022027f96cf4b8ee68ff8d04062ec1ce7f18c0b74e4b3379b29f9bfea3fc8e592731022100cefa6d220496b43feb83194255d8fb930afcf46f36606e3aa0eb7a93ad88c10c":PSA_ALG_RSA_OAEP(PSA_ALG_SHA_256):0
PSA key policy: asymmetric encryption, alg=0 in policy
depends_on:PSA_WANT_ALG_RSA_PKCS1V15_CRYPT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT
asymmetric_encryption_key_policy:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:0:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082013b020100024100ee2b131d6b1818a94ca8e91c42387eb15a7c271f57b89e7336b144d4535b16c83097ecdefbbb92d1b5313b5a37214d0e8f25922dca778b424b25295fc8a1a7070203010001024100978ac8eadb0dc6035347d6aba8671215ff21283385396f7897c04baf5e2a835f3b53ef80a82ed36ae687a925380b55a0c73eb85656e989dcf0ed7fb4887024e1022100fdad8e1c6853563f8b921d2d112462ae7d6b176082d2ba43e87e1a37fc1a8b33022100f0592cf4c55ba44307b18981bcdbda376c51e590ffa5345ba866f6962dca94dd02201995f1a967d44ff4a4cd1de837bc65bf97a2bf7eda730a9a62cea53254591105022027f96cf4b8ee68ff8d04062ec1ce7f18c0b74e4b3379b29f9bfea3fc8e592731022100cefa6d220496b43feb83194255d8fb930afcf46f36606e3aa0eb7a93ad88c10c":PSA_ALG_RSA_PKCS1V15_CRYPT
asymmetric_encryption_key_policy:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:0:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082013b020100024100ee2b131d6b1818a94ca8e91c42387eb15a7c271f57b89e7336b144d4535b16c83097ecdefbbb92d1b5313b5a37214d0e8f25922dca778b424b25295fc8a1a7070203010001024100978ac8eadb0dc6035347d6aba8671215ff21283385396f7897c04baf5e2a835f3b53ef80a82ed36ae687a925380b55a0c73eb85656e989dcf0ed7fb4887024e1022100fdad8e1c6853563f8b921d2d112462ae7d6b176082d2ba43e87e1a37fc1a8b33022100f0592cf4c55ba44307b18981bcdbda376c51e590ffa5345ba866f6962dca94dd02201995f1a967d44ff4a4cd1de837bc65bf97a2bf7eda730a9a62cea53254591105022027f96cf4b8ee68ff8d04062ec1ce7f18c0b74e4b3379b29f9bfea3fc8e592731022100cefa6d220496b43feb83194255d8fb930afcf46f36606e3aa0eb7a93ad88c10c":PSA_ALG_RSA_PKCS1V15_CRYPT:0
PSA key policy: asymmetric encryption, ANY_HASH in policy is not meaningful
depends_on:PSA_WANT_ALG_RSA_OAEP:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT
asymmetric_encryption_key_policy:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_RSA_OAEP(PSA_ALG_ANY_HASH):PSA_KEY_TYPE_RSA_KEY_PAIR:"3082013b020100024100ee2b131d6b1818a94ca8e91c42387eb15a7c271f57b89e7336b144d4535b16c83097ecdefbbb92d1b5313b5a37214d0e8f25922dca778b424b25295fc8a1a7070203010001024100978ac8eadb0dc6035347d6aba8671215ff21283385396f7897c04baf5e2a835f3b53ef80a82ed36ae687a925380b55a0c73eb85656e989dcf0ed7fb4887024e1022100fdad8e1c6853563f8b921d2d112462ae7d6b176082d2ba43e87e1a37fc1a8b33022100f0592cf4c55ba44307b18981bcdbda376c51e590ffa5345ba866f6962dca94dd02201995f1a967d44ff4a4cd1de837bc65bf97a2bf7eda730a9a62cea53254591105022027f96cf4b8ee68ff8d04062ec1ce7f18c0b74e4b3379b29f9bfea3fc8e592731022100cefa6d220496b43feb83194255d8fb930afcf46f36606e3aa0eb7a93ad88c10c":PSA_ALG_RSA_OAEP(PSA_ALG_SHA_256)
asymmetric_encryption_key_policy:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_RSA_OAEP(PSA_ALG_ANY_HASH):PSA_KEY_TYPE_RSA_KEY_PAIR:"3082013b020100024100ee2b131d6b1818a94ca8e91c42387eb15a7c271f57b89e7336b144d4535b16c83097ecdefbbb92d1b5313b5a37214d0e8f25922dca778b424b25295fc8a1a7070203010001024100978ac8eadb0dc6035347d6aba8671215ff21283385396f7897c04baf5e2a835f3b53ef80a82ed36ae687a925380b55a0c73eb85656e989dcf0ed7fb4887024e1022100fdad8e1c6853563f8b921d2d112462ae7d6b176082d2ba43e87e1a37fc1a8b33022100f0592cf4c55ba44307b18981bcdbda376c51e590ffa5345ba866f6962dca94dd02201995f1a967d44ff4a4cd1de837bc65bf97a2bf7eda730a9a62cea53254591105022027f96cf4b8ee68ff8d04062ec1ce7f18c0b74e4b3379b29f9bfea3fc8e592731022100cefa6d220496b43feb83194255d8fb930afcf46f36606e3aa0eb7a93ad88c10c":PSA_ALG_RSA_OAEP(PSA_ALG_SHA_256):0
PSA key policy: asymmetric encryption, encrypt but not decrypt
depends_on:PSA_WANT_ALG_RSA_PKCS1V15_CRYPT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT
asymmetric_encryption_key_policy:PSA_KEY_USAGE_ENCRYPT:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082013b020100024100ee2b131d6b1818a94ca8e91c42387eb15a7c271f57b89e7336b144d4535b16c83097ecdefbbb92d1b5313b5a37214d0e8f25922dca778b424b25295fc8a1a7070203010001024100978ac8eadb0dc6035347d6aba8671215ff21283385396f7897c04baf5e2a835f3b53ef80a82ed36ae687a925380b55a0c73eb85656e989dcf0ed7fb4887024e1022100fdad8e1c6853563f8b921d2d112462ae7d6b176082d2ba43e87e1a37fc1a8b33022100f0592cf4c55ba44307b18981bcdbda376c51e590ffa5345ba866f6962dca94dd02201995f1a967d44ff4a4cd1de837bc65bf97a2bf7eda730a9a62cea53254591105022027f96cf4b8ee68ff8d04062ec1ce7f18c0b74e4b3379b29f9bfea3fc8e592731022100cefa6d220496b43feb83194255d8fb930afcf46f36606e3aa0eb7a93ad88c10c":PSA_ALG_RSA_PKCS1V15_CRYPT
asymmetric_encryption_key_policy:PSA_KEY_USAGE_ENCRYPT:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082013b020100024100ee2b131d6b1818a94ca8e91c42387eb15a7c271f57b89e7336b144d4535b16c83097ecdefbbb92d1b5313b5a37214d0e8f25922dca778b424b25295fc8a1a7070203010001024100978ac8eadb0dc6035347d6aba8671215ff21283385396f7897c04baf5e2a835f3b53ef80a82ed36ae687a925380b55a0c73eb85656e989dcf0ed7fb4887024e1022100fdad8e1c6853563f8b921d2d112462ae7d6b176082d2ba43e87e1a37fc1a8b33022100f0592cf4c55ba44307b18981bcdbda376c51e590ffa5345ba866f6962dca94dd02201995f1a967d44ff4a4cd1de837bc65bf97a2bf7eda730a9a62cea53254591105022027f96cf4b8ee68ff8d04062ec1ce7f18c0b74e4b3379b29f9bfea3fc8e592731022100cefa6d220496b43feb83194255d8fb930afcf46f36606e3aa0eb7a93ad88c10c":PSA_ALG_RSA_PKCS1V15_CRYPT:0
PSA key policy: asymmetric encryption, decrypt but not encrypt
depends_on:PSA_WANT_ALG_RSA_PKCS1V15_CRYPT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT
asymmetric_encryption_key_policy:PSA_KEY_USAGE_DECRYPT:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082013b020100024100ee2b131d6b1818a94ca8e91c42387eb15a7c271f57b89e7336b144d4535b16c83097ecdefbbb92d1b5313b5a37214d0e8f25922dca778b424b25295fc8a1a7070203010001024100978ac8eadb0dc6035347d6aba8671215ff21283385396f7897c04baf5e2a835f3b53ef80a82ed36ae687a925380b55a0c73eb85656e989dcf0ed7fb4887024e1022100fdad8e1c6853563f8b921d2d112462ae7d6b176082d2ba43e87e1a37fc1a8b33022100f0592cf4c55ba44307b18981bcdbda376c51e590ffa5345ba866f6962dca94dd02201995f1a967d44ff4a4cd1de837bc65bf97a2bf7eda730a9a62cea53254591105022027f96cf4b8ee68ff8d04062ec1ce7f18c0b74e4b3379b29f9bfea3fc8e592731022100cefa6d220496b43feb83194255d8fb930afcf46f36606e3aa0eb7a93ad88c10c":PSA_ALG_RSA_PKCS1V15_CRYPT
asymmetric_encryption_key_policy:PSA_KEY_USAGE_DECRYPT:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082013b020100024100ee2b131d6b1818a94ca8e91c42387eb15a7c271f57b89e7336b144d4535b16c83097ecdefbbb92d1b5313b5a37214d0e8f25922dca778b424b25295fc8a1a7070203010001024100978ac8eadb0dc6035347d6aba8671215ff21283385396f7897c04baf5e2a835f3b53ef80a82ed36ae687a925380b55a0c73eb85656e989dcf0ed7fb4887024e1022100fdad8e1c6853563f8b921d2d112462ae7d6b176082d2ba43e87e1a37fc1a8b33022100f0592cf4c55ba44307b18981bcdbda376c51e590ffa5345ba866f6962dca94dd02201995f1a967d44ff4a4cd1de837bc65bf97a2bf7eda730a9a62cea53254591105022027f96cf4b8ee68ff8d04062ec1ce7f18c0b74e4b3379b29f9bfea3fc8e592731022100cefa6d220496b43feb83194255d8fb930afcf46f36606e3aa0eb7a93ad88c10c":PSA_ALG_RSA_PKCS1V15_CRYPT:0
PSA key policy: asymmetric encryption, neither encrypt nor decrypt
depends_on:PSA_WANT_ALG_RSA_PKCS1V15_CRYPT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT
asymmetric_encryption_key_policy:0:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082013b020100024100ee2b131d6b1818a94ca8e91c42387eb15a7c271f57b89e7336b144d4535b16c83097ecdefbbb92d1b5313b5a37214d0e8f25922dca778b424b25295fc8a1a7070203010001024100978ac8eadb0dc6035347d6aba8671215ff21283385396f7897c04baf5e2a835f3b53ef80a82ed36ae687a925380b55a0c73eb85656e989dcf0ed7fb4887024e1022100fdad8e1c6853563f8b921d2d112462ae7d6b176082d2ba43e87e1a37fc1a8b33022100f0592cf4c55ba44307b18981bcdbda376c51e590ffa5345ba866f6962dca94dd02201995f1a967d44ff4a4cd1de837bc65bf97a2bf7eda730a9a62cea53254591105022027f96cf4b8ee68ff8d04062ec1ce7f18c0b74e4b3379b29f9bfea3fc8e592731022100cefa6d220496b43feb83194255d8fb930afcf46f36606e3aa0eb7a93ad88c10c":PSA_ALG_RSA_PKCS1V15_CRYPT
asymmetric_encryption_key_policy:0:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082013b020100024100ee2b131d6b1818a94ca8e91c42387eb15a7c271f57b89e7336b144d4535b16c83097ecdefbbb92d1b5313b5a37214d0e8f25922dca778b424b25295fc8a1a7070203010001024100978ac8eadb0dc6035347d6aba8671215ff21283385396f7897c04baf5e2a835f3b53ef80a82ed36ae687a925380b55a0c73eb85656e989dcf0ed7fb4887024e1022100fdad8e1c6853563f8b921d2d112462ae7d6b176082d2ba43e87e1a37fc1a8b33022100f0592cf4c55ba44307b18981bcdbda376c51e590ffa5345ba866f6962dca94dd02201995f1a967d44ff4a4cd1de837bc65bf97a2bf7eda730a9a62cea53254591105022027f96cf4b8ee68ff8d04062ec1ce7f18c0b74e4b3379b29f9bfea3fc8e592731022100cefa6d220496b43feb83194255d8fb930afcf46f36606e3aa0eb7a93ad88c10c":PSA_ALG_RSA_PKCS1V15_CRYPT:0
PSA key policy: asymmetric encryption, opaque key, encrypt | decrypt
depends_on:PSA_CRYPTO_DRIVER_TEST:PSA_WANT_ALG_RSA_PKCS1V15_CRYPT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT
asymmetric_encryption_key_policy:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082013b020100024100ee2b131d6b1818a94ca8e91c42387eb15a7c271f57b89e7336b144d4535b16c83097ecdefbbb92d1b5313b5a37214d0e8f25922dca778b424b25295fc8a1a7070203010001024100978ac8eadb0dc6035347d6aba8671215ff21283385396f7897c04baf5e2a835f3b53ef80a82ed36ae687a925380b55a0c73eb85656e989dcf0ed7fb4887024e1022100fdad8e1c6853563f8b921d2d112462ae7d6b176082d2ba43e87e1a37fc1a8b33022100f0592cf4c55ba44307b18981bcdbda376c51e590ffa5345ba866f6962dca94dd02201995f1a967d44ff4a4cd1de837bc65bf97a2bf7eda730a9a62cea53254591105022027f96cf4b8ee68ff8d04062ec1ce7f18c0b74e4b3379b29f9bfea3fc8e592731022100cefa6d220496b43feb83194255d8fb930afcf46f36606e3aa0eb7a93ad88c10c":PSA_ALG_RSA_PKCS1V15_CRYPT:1
PSA key policy: asymmetric signature, sign | verify hash, PKCS#1v1.5 SHA-256
depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT
@ -7406,3 +7410,62 @@ persistent_key_load_key_from_storage:"":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY
PSA derive persistent key: HKDF SHA-256, exportable
persistent_key_load_key_from_storage:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_KEY_TYPE_RAW_DATA:1024:PSA_KEY_USAGE_EXPORT:0:DERIVE_KEY
ECP group ID <-> PSA family - SECP192R1
depends_on:PSA_WANT_ECC_SECP_R1_192
ecc_conversion_functions:MBEDTLS_ECP_DP_SECP192R1:PSA_ECC_FAMILY_SECP_R1:192
ECP group ID <-> PSA family - SECP224R1
depends_on:PSA_WANT_ECC_SECP_R1_224
ecc_conversion_functions:MBEDTLS_ECP_DP_SECP224R1:PSA_ECC_FAMILY_SECP_R1:224
ECP group ID <-> PSA family - SECP256R1
depends_on:PSA_WANT_ECC_SECP_R1_256
ecc_conversion_functions:MBEDTLS_ECP_DP_SECP256R1:PSA_ECC_FAMILY_SECP_R1:256
ECP group ID <-> PSA family - SECP384R1
depends_on:PSA_WANT_ECC_SECP_R1_384
ecc_conversion_functions:MBEDTLS_ECP_DP_SECP384R1:PSA_ECC_FAMILY_SECP_R1:384
ECP group ID <-> PSA family - SECP521R1
depends_on:PSA_WANT_ECC_SECP_R1_521
ecc_conversion_functions:MBEDTLS_ECP_DP_SECP521R1:PSA_ECC_FAMILY_SECP_R1:521
ECP group ID <-> PSA family - BP256R1
depends_on:PSA_WANT_ECC_BRAINPOOL_P_R1_256
ecc_conversion_functions:MBEDTLS_ECP_DP_BP256R1:PSA_ECC_FAMILY_BRAINPOOL_P_R1:256
ECP group ID <-> PSA family - BP384R1
depends_on:PSA_WANT_ECC_BRAINPOOL_P_R1_384
ecc_conversion_functions:MBEDTLS_ECP_DP_BP384R1:PSA_ECC_FAMILY_BRAINPOOL_P_R1:384
ECP group ID <-> PSA family - BP512R1
depends_on:PSA_WANT_ECC_BRAINPOOL_P_R1_512
ecc_conversion_functions:MBEDTLS_ECP_DP_BP512R1:PSA_ECC_FAMILY_BRAINPOOL_P_R1:512
ECP group ID <-> PSA family - CURVE25519
depends_on:PSA_WANT_ECC_MONTGOMERY_255
ecc_conversion_functions:MBEDTLS_ECP_DP_CURVE25519:PSA_ECC_FAMILY_MONTGOMERY:255
ECP group ID <-> PSA family - SECP192K1
depends_on:PSA_WANT_ECC_SECP_K1_192
ecc_conversion_functions:MBEDTLS_ECP_DP_SECP192K1:PSA_ECC_FAMILY_SECP_K1:192
ECP group ID <-> PSA family - SECP224K1
depends_on:PSA_WANT_ECC_SECP_K1_224
ecc_conversion_functions:MBEDTLS_ECP_DP_SECP224K1:PSA_ECC_FAMILY_SECP_K1:224
ECP group ID <-> PSA family - SECP256K1
depends_on:PSA_WANT_ECC_SECP_K1_256
ecc_conversion_functions:MBEDTLS_ECP_DP_SECP256K1:PSA_ECC_FAMILY_SECP_K1:256
ECP group ID <-> PSA family - CURVE448
depends_on:PSA_WANT_ECC_MONTGOMERY_448
ecc_conversion_functions:MBEDTLS_ECP_DP_CURVE448:PSA_ECC_FAMILY_MONTGOMERY:448
ECP group ID <-> PSA family - Null values
ecc_conversion_functions:MBEDTLS_ECP_DP_NONE:0:0
ECP group ID <-> PSA family - Wrong values
ecc_conversion_functions_fail

49
tests/suites/test_suite_psa_crypto.function
View file

@ -6,6 +6,8 @@
#include "mbedtls/oid.h"
#include "common.h"
#include "mbedtls/psa_util.h"
/* For MBEDTLS_CTR_DRBG_MAX_REQUEST, knowing that psa_generate_random()
* uses mbedtls_ctr_drbg internally. */
#include "mbedtls/ctr_drbg.h"
@ -2107,7 +2109,8 @@ void asymmetric_encryption_key_policy(int policy_usage_arg,
int policy_alg,
int key_type,
data_t *key_data,
int exercise_alg)
int exercise_alg,
int use_opaque_key)
{
mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
@ -2124,6 +2127,11 @@ void asymmetric_encryption_key_policy(int policy_usage_arg,
psa_set_key_algorithm(&attributes, policy_alg);
psa_set_key_type(&attributes, key_type);
if (use_opaque_key) {
psa_set_key_lifetime(&attributes, PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION(
PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION));
}
PSA_ASSERT(psa_import_key(&attributes, key_data->x, key_data->len,
&key));
@ -9479,6 +9487,45 @@ exit:
}
/* END_CASE */
/* BEGIN_CASE depends_on:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY */
void ecc_conversion_functions(int grp_id_arg, int psa_family_arg, int bits_arg)
{
mbedtls_ecp_group_id grp_id = grp_id_arg;
psa_ecc_family_t ecc_family = psa_family_arg;
size_t bits = bits_arg;
size_t bits_tmp;
TEST_EQUAL(ecc_family, mbedtls_ecc_group_to_psa(grp_id, &bits_tmp));
TEST_EQUAL(bits, bits_tmp);
TEST_EQUAL(grp_id, mbedtls_ecc_group_from_psa(ecc_family, bits));
}
/* END_CASE */
/* BEGIN_CASE depends_on:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY */
void ecc_conversion_functions_fail()
{
size_t bits;
/* Invalid legacy curve identifiers. */
TEST_EQUAL(0, mbedtls_ecc_group_to_psa(MBEDTLS_ECP_DP_MAX, &bits));
TEST_EQUAL(0, bits);
TEST_EQUAL(0, mbedtls_ecc_group_to_psa(MBEDTLS_ECP_DP_NONE, &bits));
TEST_EQUAL(0, bits);
/* Invalid PSA EC family. */
TEST_EQUAL(MBEDTLS_ECP_DP_NONE, mbedtls_ecc_group_from_psa(0, 192));
/* Invalid bit-size for a valid EC family. */
TEST_EQUAL(MBEDTLS_ECP_DP_NONE, mbedtls_ecc_group_from_psa(PSA_ECC_FAMILY_SECP_R1, 512));
/* Twisted-Edward curves are not supported yet. */
TEST_EQUAL(MBEDTLS_ECP_DP_NONE,
mbedtls_ecc_group_from_psa(PSA_ECC_FAMILY_TWISTED_EDWARDS, 255));
TEST_EQUAL(MBEDTLS_ECP_DP_NONE,
mbedtls_ecc_group_from_psa(PSA_ECC_FAMILY_TWISTED_EDWARDS, 448));
}
/* END_CASE */
/* BEGIN_CASE */
void key_agreement_output(int alg_arg,
int our_key_type_arg, data_t *our_key_data,

6
tests/suites/test_suite_ssl.data
View file

@ -3270,3 +3270,9 @@ ssl_ecjpake_set_password:1
Test Elliptic curves' info parsing
elliptic_curve_get_properties
TLS 1.3 resume session with ticket
tls13_resume_session_with_ticket
TLS 1.3 early data
tls13_early_data

254
tests/suites/test_suite_ssl.function
View file

@ -12,6 +12,48 @@
#define SSL_MESSAGE_QUEUE_INIT { NULL, 0, 0, 0 }
#if defined(MBEDTLS_SSL_EARLY_DATA) && defined(MBEDTLS_SSL_CLI_C) && \
defined(MBEDTLS_SSL_SRV_C) && defined(MBEDTLS_DEBUG_C) && \
defined(MBEDTLS_TEST_AT_LEAST_ONE_TLS1_3_CIPHERSUITE) && \
defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED) && \
defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED) && \
defined(MBEDTLS_MD_CAN_SHA256) && \
defined(MBEDTLS_ECP_HAVE_SECP256R1) && defined(MBEDTLS_ECP_HAVE_SECP384R1) && \
defined(MBEDTLS_PK_CAN_ECDSA_VERIFY) && defined(MBEDTLS_SSL_SESSION_TICKETS)
/*
* The implementation of the function should be based on
* mbedtls_ssl_write_early_data() eventually. The current version aims at
* removing the dependency on mbedtls_ssl_write_early_data() for the
* development and testing of reading early data.
*/
static int write_early_data(mbedtls_ssl_context *ssl,
unsigned char *buf, size_t len)
{
int ret = mbedtls_ssl_get_max_out_record_payload(ssl);
TEST_ASSERT(ret > 0);
TEST_ASSERT(len <= (size_t) ret);
ret = mbedtls_ssl_flush_output(ssl);
TEST_EQUAL(ret, 0);
TEST_EQUAL(ssl->out_left, 0);
ssl->out_msglen = len;
ssl->out_msgtype = MBEDTLS_SSL_MSG_APPLICATION_DATA;
if (len > 0) {
memcpy(ssl->out_msg, buf, len);
}
ret = mbedtls_ssl_write_record(ssl, 1);
TEST_EQUAL(ret, 0);
ret = len;
exit:
return ret;
}
#endif
/* END_HEADER */
/* BEGIN_DEPENDENCIES
@ -3519,3 +3561,215 @@ exit:
MD_OR_USE_PSA_DONE();
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_CLI_C:MBEDTLS_SSL_SRV_C:MBEDTLS_TEST_AT_LEAST_ONE_TLS1_3_CIPHERSUITE:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED:MBEDTLS_MD_CAN_SHA256:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_SSL_SESSION_TICKETS */
void tls13_resume_session_with_ticket()
{
int ret = -1;
unsigned char buf[64];
mbedtls_test_ssl_endpoint client_ep, server_ep;
mbedtls_test_handshake_test_options client_options;
mbedtls_test_handshake_test_options server_options;
mbedtls_ssl_session saved_session;
/*
* Test set-up
*/
mbedtls_platform_zeroize(&client_ep, sizeof(client_ep));
mbedtls_platform_zeroize(&server_ep, sizeof(server_ep));
mbedtls_test_init_handshake_options(&client_options);
mbedtls_test_init_handshake_options(&server_options);
mbedtls_ssl_session_init(&saved_session);
PSA_INIT();
client_options.pk_alg = MBEDTLS_PK_ECDSA;
ret = mbedtls_test_ssl_endpoint_init(&client_ep, MBEDTLS_SSL_IS_CLIENT,
&client_options, NULL, NULL, NULL,
NULL);
TEST_EQUAL(ret, 0);
server_options.pk_alg = MBEDTLS_PK_ECDSA;
ret = mbedtls_test_ssl_endpoint_init(&server_ep, MBEDTLS_SSL_IS_SERVER,
&server_options, NULL, NULL, NULL,
NULL);
mbedtls_ssl_conf_session_tickets_cb(&server_ep.conf,
mbedtls_test_ticket_write,
mbedtls_test_ticket_parse,
NULL);
TEST_EQUAL(ret, 0);
ret = mbedtls_test_mock_socket_connect(&(client_ep.socket),
&(server_ep.socket), 1024);
TEST_EQUAL(ret, 0);
/*
* Run initial handshake: ephemeral key exchange mode, certificate with
* SECP256R1 key, CA certificate with SECP384R1 key, ECDSA signature
* algorithm. Then, get the ticket sent by the server at the end of its
* handshake sequence.
*/
TEST_EQUAL(mbedtls_test_move_handshake_to_state(
&(server_ep.ssl), &(client_ep.ssl),
MBEDTLS_SSL_HANDSHAKE_OVER), 0);
do {
ret = mbedtls_ssl_read(&(client_ep.ssl), buf, sizeof(buf));
} while (ret != MBEDTLS_ERR_SSL_RECEIVED_NEW_SESSION_TICKET);
/*
* Save client session and reset the SSL context of the two endpoints.
*/
ret = mbedtls_ssl_get_session(&(client_ep.ssl), &saved_session);
TEST_EQUAL(ret, 0);
ret = mbedtls_ssl_session_reset(&(client_ep.ssl));
TEST_EQUAL(ret, 0);
ret = mbedtls_ssl_session_reset(&(server_ep.ssl));
TEST_EQUAL(ret, 0);
/*
* Set saved session on client side and handshake using the ticket
* included in that session.
*/
ret = mbedtls_ssl_set_session(&(client_ep.ssl), &saved_session);
TEST_EQUAL(ret, 0);
/*
* Run the handshake up to MBEDTLS_SSL_HANDSHAKE_WRAPUP and not
* MBEDTLS_SSL_HANDSHAKE_OVER to preserve handshake data for the checks
* below.
*/
TEST_EQUAL(mbedtls_test_move_handshake_to_state(
&(server_ep.ssl), &(client_ep.ssl),
MBEDTLS_SSL_HANDSHAKE_WRAPUP), 0);
TEST_EQUAL(server_ep.ssl.handshake->resume, 1);
TEST_EQUAL(server_ep.ssl.handshake->new_session_tickets_count, 1);
TEST_EQUAL(server_ep.ssl.handshake->key_exchange_mode,
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL);
exit:
mbedtls_test_ssl_endpoint_free(&client_ep, NULL);
mbedtls_test_ssl_endpoint_free(&server_ep, NULL);
mbedtls_test_free_handshake_options(&client_options);
mbedtls_test_free_handshake_options(&server_options);
mbedtls_ssl_session_free(&saved_session);
PSA_DONE();
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_SSL_EARLY_DATA:MBEDTLS_SSL_CLI_C:MBEDTLS_SSL_SRV_C:MBEDTLS_DEBUG_C:MBEDTLS_TEST_AT_LEAST_ONE_TLS1_3_CIPHERSUITE:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED:MBEDTLS_MD_CAN_SHA256:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_SSL_SESSION_TICKETS */
void tls13_early_data()
{
int ret = -1;
unsigned char buf[64];
const char *early_data = "This is early data.";
size_t early_data_len = strlen(early_data);
mbedtls_test_ssl_endpoint client_ep, server_ep;
mbedtls_test_handshake_test_options client_options;
mbedtls_test_handshake_test_options server_options;
mbedtls_ssl_session saved_session;
/*
* Test set-up
*/
mbedtls_platform_zeroize(&client_ep, sizeof(client_ep));
mbedtls_platform_zeroize(&server_ep, sizeof(server_ep));
mbedtls_test_init_handshake_options(&client_options);
mbedtls_test_init_handshake_options(&server_options);
mbedtls_ssl_session_init(&saved_session);
PSA_INIT();
client_options.pk_alg = MBEDTLS_PK_ECDSA;
ret = mbedtls_test_ssl_endpoint_init(&client_ep, MBEDTLS_SSL_IS_CLIENT,
&client_options, NULL, NULL, NULL,
NULL);
TEST_EQUAL(ret, 0);
mbedtls_ssl_conf_early_data(&client_ep.conf, MBEDTLS_SSL_EARLY_DATA_ENABLED);
server_options.pk_alg = MBEDTLS_PK_ECDSA;
ret = mbedtls_test_ssl_endpoint_init(&server_ep, MBEDTLS_SSL_IS_SERVER,
&server_options, NULL, NULL, NULL,
NULL);
TEST_EQUAL(ret, 0);
mbedtls_ssl_conf_session_tickets_cb(&server_ep.conf,
mbedtls_test_ticket_write,
mbedtls_test_ticket_parse,
NULL);
mbedtls_ssl_conf_early_data(&server_ep.conf, MBEDTLS_SSL_EARLY_DATA_ENABLED);
ret = mbedtls_test_mock_socket_connect(&(client_ep.socket),
&(server_ep.socket), 1024);
TEST_EQUAL(ret, 0);
/*
* Run initial handshake: ephemeral key exchange mode, certificate with
* SECP256R1 key, CA certificate with SECP384R1 key, ECDSA signature
* algorithm. Then, get the ticket sent by the server at the end of its
* handshake sequence.
*/
TEST_EQUAL(mbedtls_test_move_handshake_to_state(
&(server_ep.ssl), &(client_ep.ssl),
MBEDTLS_SSL_HANDSHAKE_OVER), 0);
do {
ret = mbedtls_ssl_read(&(client_ep.ssl), buf, sizeof(buf));
} while (ret != MBEDTLS_ERR_SSL_RECEIVED_NEW_SESSION_TICKET);
/*
* Save client session and reset the SSL context of the two endpoints.
*/
ret = mbedtls_ssl_get_session(&(client_ep.ssl), &saved_session);
TEST_EQUAL(ret, 0);
ret = mbedtls_ssl_session_reset(&(client_ep.ssl));
TEST_EQUAL(ret, 0);
ret = mbedtls_ssl_session_reset(&(server_ep.ssl));
TEST_EQUAL(ret, 0);
/*
* Set saved session on client side and start handshake using the ticket
* included in that session.
*/
ret = mbedtls_ssl_set_session(&(client_ep.ssl), &saved_session);
TEST_EQUAL(ret, 0);
TEST_EQUAL(mbedtls_test_move_handshake_to_state(
&(client_ep.ssl), &(server_ep.ssl),
MBEDTLS_SSL_SERVER_HELLO), 0);
TEST_ASSERT(client_ep.ssl.early_data_status !=
MBEDTLS_SSL_EARLY_DATA_STATUS_NOT_SENT);
ret = write_early_data(&(client_ep.ssl), (unsigned char *) early_data,
early_data_len);
TEST_EQUAL(ret, early_data_len);
TEST_EQUAL(mbedtls_test_move_handshake_to_state(
&(server_ep.ssl), &(client_ep.ssl),
MBEDTLS_SSL_CLIENT_FINISHED), MBEDTLS_ERR_SSL_RECEIVED_EARLY_DATA);
TEST_EQUAL(server_ep.ssl.handshake->early_data_accepted, 1);
TEST_EQUAL(mbedtls_ssl_read_early_data(&(server_ep.ssl), buf, sizeof(buf)),
early_data_len);
TEST_MEMORY_COMPARE(buf, early_data_len, early_data, early_data_len);
TEST_EQUAL(mbedtls_test_move_handshake_to_state(
&(server_ep.ssl), &(client_ep.ssl),
MBEDTLS_SSL_HANDSHAKE_OVER), 0);
exit:
mbedtls_test_ssl_endpoint_free(&client_ep, NULL);
mbedtls_test_ssl_endpoint_free(&server_ep, NULL);
mbedtls_test_free_handshake_options(&client_options);
mbedtls_test_free_handshake_options(&server_options);
mbedtls_ssl_session_free(&saved_session);
PSA_DONE();
}
/* END_CASE */

4
tests/suites/test_suite_version.data
View file

@ -1,8 +1,8 @@
Check compile time library version
check_compiletime_version:"3.5.1"
check_compiletime_version:"3.5.2"
Check runtime library version
check_runtime_version:"3.5.1"
check_runtime_version:"3.5.2"
Check for MBEDTLS_VERSION_C
check_feature:"MBEDTLS_VERSION_C":0

1
tests/suites/test_suite_x509parse.function
View file

@ -4,6 +4,7 @@
#include "mbedtls/x509_crt.h"
#include "mbedtls/x509_crl.h"
#include "mbedtls/x509_csr.h"
#include "x509_internal.h"
#include "mbedtls/pem.h"
#include "mbedtls/oid.h"
#include "mbedtls/base64.h"

3
tests/suites/test_suite_x509write.function
View file

@ -2,12 +2,13 @@
#include "mbedtls/bignum.h"
#include "mbedtls/x509_crt.h"
#include "mbedtls/x509_csr.h"
#include "x509_internal.h"
#include "mbedtls/pem.h"
#include "mbedtls/oid.h"
#include "mbedtls/rsa.h"
#include "mbedtls/asn1write.h"
#include "mbedtls/pk.h"
#include "md_psa.h"
#include "mbedtls/psa_util.h"
#if defined(MBEDTLS_RSA_C)
int mbedtls_rsa_decrypt_func(void *ctx, size_t *olen,