ssl-opt.sh uses a 3-byte PSK in many test cases. Unfortunately GnuTLS >=3.4.0
rejects a PSK that is less than 4 bytes long:
> Error setting the PSK credentials: The request is invalid.
Use a longer PSK throughout ssl-opt. Only the test cases involving GnuTLS
need to change, but it's easier to do a global search-and-replace, and it's
easier to not have to worry about mismatches in constructed test cases
later, so replace everything.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
When given a PSK key but no username, gnutls-cli prompts for a password.
Prevent that by passing --pskusername with the same identity that
ssl_server2 uses by default.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Only s_server has a -nocert option, s_client doesn't. Fixes OpenSSL client
test cases in PSK-only builds.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Tighten the matching when detecting which certificates are in use to
determine algorithm requirements. This fixes a bug whereby all tests were
skipped in configurations without RSA except for an Mbed TLS client against
a GnuTLS or OpenSSL server, due to *server2* matching ssl_server2.
Fixes#8366.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Like `openssl rsa`, `openssl genrsa` changed its output format from PKCS8 to
PKCS1 in OpenSSL 3.0. Note that the makefile instructions assume older
OpenSSL. Convert the files that were generated with OpenSSL 3.x and hence
were not in the intended format. The files are converted, not regenerated,
so the key material is the same.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
With OpenSSL 3.0.2 (which I used to generate the previous set of "pkcs1" DER
files), the output of `openssl rsa -outform DER` is actually a
PKCS#8-encoded key, despite what the documentation says. This is a change
from OpenSSL 1.x, where the output is a PKCS#1-encoded key. OpenSSL 3.0.8
documents the output as PKCS#8.
Change to `openssl pkey`, which seems more reliable. The documentation
states that the output is PKCS#8, but the output is actually consistently
PKCS#1 at least from 1.0.2g to 3.3.0.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
When PSA is available, we exercise the parsed RSA key with PKCS#1v1.5
signature, which requires the modulus size in bytes to be at least
tLen + 11 (per RFC 8017 §9.2) where tLen = hLen + oidLen + 6 and
hLen = 32, oidLen = 9 for SHA-512 or SHA3-512. 10 is the DER overhead
(3 ASN.1 type-length headers with lengths <128). Replace 512-bit test
cases (good enough for SHA-256 but not SHA-384 and up) by 768-bit and
up (good enough for SHA-512).
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
These are sufficiently large for PKCS#1v1.5 signature with SHA-512 or
SHA3-512. Cover some non-word-aligned sizes.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
The previous commit had:
- one obvious mistake (-f NULL with default -e runs nothing)
- one unforeseen issue: OPENSSL_NEXT skips static ECDH
- arguably scope creep: the stated goal was to simplify the full
invocation (in particular, make it obvious that everything is run
without having to remember the default value of EXCLUDE), but it also
made an unrelated change: running most tests with OPENSSL_NEXT (hence
the previous point).
This commit should fix all this, in particular it switches back to
running most tests with OPENSSL and using OPENSSL_NEXT only when needed.
Hopefully in the future we'll do the opposite: most tests will run with
a recent OpenSSL, and only those that need an older one will use
something older. But that will be another PR.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
Prepare this component for PSA_CRYPTO_CONFIG to be on by default.
Rename it so that the name is still accurate when we remove legacy symbols
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
We actually only need two invocations.
This also moves all the default tests to OPENSSL_NEXT, which is good
because OPENSSL is ancient.
I have no idea why NULL doesn't work with OPENSSL_NEXT (1.1.1a) server,
because according to the manpage [1], "ALL,COMPLEMENTOFALL" (which is
what we are using) should do it, and indeed
$OPENSSL_NEXT ciphers "ALL,COMPLEMENTOFALL" | tr ':' '\n'
lists NULL ciphersuites, and also they work client-side with
OPENSSL_NEXT...
[1] https://www.openssl.org/docs/man1.1.1/man1/ciphers.html
Also, while at it, remove partial invocation (only non-default) from one
component, as we already have a full invocation in the same config (plus
ASan) in another component.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
- MBEDTLS_GENPRIME is removed because now we rely on predefined
RSA keys.
- MBEDTLS_RSA_GEN_KEY_MIN_BITS is replaced with RSA_KEY_SIZE which
is set on top of test_suite_pk to a value which is supported
in the predefined_keys[] array.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
Remove static declaration of look-up table from test_suite_pk
and generate it automatically with Python.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
This is to manage RSA and EC keys in the same way in order to
prepare for the following commits.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
Most of them (2 exceptions, see below) are of the "driver + built-in"
type, so they're all a subset of test_psa_crypto_driver which tests
everything with driver + built-in at once.
Furthermore, all those components were build-only, while
test_psa_crypto_driver runs the test suites.
Special cases: two of the components looked like they were trying to go for
driver-only (ecdh disabling ECDH_C and hkdf disabling HKDF_C).
For ECDH, built-in would actually be re-enabled because not enough was
accelerated: you also need ECC key types and curves - see
component_test_psa_crypto_config_accel_ecdh which does this correctly.
For HKDF, we don't have test driver support for key derivation yet. I
guess that shows how little testing value these build-only components
really had.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
As the comment says, this component's only goal was to make sure the
legacy+driver test cases in test_suite_md.psa were executed.
But actually these are already executed in
component_test_psa_crypto_drivers which tests with everything having
both a driver and the built-in, as can be seen in the outcomes file.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
Was missing several key types and algs. Also, list those that are not
implemented, but comment them out, to make it clearer what's not
implemented yet.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
