ARMmbed/mbedtls
1
0
Fork 0
mirror of https://github.com/ARMmbed/mbedtls.git synced 2025-05-13 10:19:53 +08:00
Code Issues Releases Wiki Activity
28,197 Commits 172 Branches 267 Tags
Commit Graph

10111 Commits

Author SHA1 Message Date
David Horstmann
9cc6b2f446 Add missing import in test_psa_compliance.py 
Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2023-08-29 17:36:35 +01:00
David Horstmann
fd9264e65b Fix pylint errors 
Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2023-08-29 16:21:15 +01:00
Gilles Peskine
a878b663cf
Merge pull request #8090 from silabs-Kusumit/PBKDF2_higher_cost_tests 
PBKDF2: tests with higher input costs
 2023-08-29 14:00:17 +00:00
David Horstmann
41c316d3b2 Move -B switch into a single argument 
This will prevent CMake from mistaking the build directory for the
source directory

Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2023-08-29 14:57:23 +01:00
Waleed Elmelegy
79b6e26b1b Improve mbedtls_pkcs5_pbes2_ext function test data 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2023-08-29 14:55:03 +01:00
David Horstmann
b48822c816 Appease pylint by renaming variables 
Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2023-08-29 14:12:53 +01:00
David Horstmann
beaee2604f Test PSA compliance: Build only the crypto target 
Use CMake's -t option to build only the crypto target. Parameterize the
crypto target to have the right name depending on whether this is Mbed
TLS or PSA Crypto.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2023-08-29 14:01:52 +01:00
David Horstmann
c69074dcf6 Tidy up reference to Mbed TLS in help message 
Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2023-08-29 13:46:11 +01:00
David Horstmann
2ba89bece6 Disable pylint error in CMake command 
Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2023-08-29 10:37:29 +01:00
David Horstmann
3b8984af5c Remove or qualify references to Mbed TLS 
Either remove exclusive references to Mbed TLS or accompany them with
references to "PSA Crypto".

Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2023-08-29 10:32:26 +01:00
David Horstmann
f757069269 Rename 'mbedtls_dir' -> 'root_dir' 
This makes it more repo-agnostic

Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2023-08-29 10:27:13 +01:00
David Horstmann
98af198a30 Correctly detect presence of the built library 
Use the repo-specific test not just the Mbed TLS specific one.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2023-08-29 10:25:54 +01:00
David Horstmann
58cf7c6c38 Use repo detection functions at start of all.sh 
Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2023-08-29 10:15:05 +01:00
David Horstmann
d02b5f8f56 Separate directory discernment into 2 functions 
Have separate in_mbedtls_repo() and in_psa_crypto_repo() functions

Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2023-08-29 09:55:56 +01:00
Gilles Peskine
1783870681 compat.sh: add --preserve-logs option 
Similar to ssl-opt.sh.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-08-28 17:36:52 +02:00
Dave Rodgman
d395590597
Merge pull request #7579 from daverodgman/safer-ct-asm 
Arm assembly implementation of constant time primitives
 2023-08-28 08:26:29 +00:00
Gilles Peskine
7be571ac85 Remove GNUTLS_LEGACY and OPENSSL_LEGACY 
They aren't used anywhere.

Keep the command line options of all.sh to avoid breaking any wrapper
scripts that people might have.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-08-27 21:51:54 +02:00
Gilles Peskine
e29203be88 Stop using "legacy" OpenSSL and GnuTLS 
None of the tests actually need GNUTLS_LEGACY (3.3.8): GNUTLS (3.4.10)
works.

None of the tests actually need OPENSSL_LEGACY (1.0.1j): OPENSSL (1.0.2g)
works.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-08-27 21:43:00 +02:00
Gilles Peskine
5f5e3886c5 Minor robustness improvement 
Let openssl use any experimental or obsolete cipher that's not in ALL.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-08-27 21:41:31 +02:00
Gilles Peskine
5cb8605d79 ssl-opt.sh doesn't actually use OPENSSL_LEGACY, so remove it 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-08-27 21:40:56 +02:00
Gilles Peskine
8ca2041145
Merge pull request #8074 from tgonzalezorlandoarm/tg/allowlist 
Implement allowlist of test cases that are legitimately not executed
 2023-08-24 18:03:20 +00:00
David Horstmann
0ac57ca6c6 Rename is_psa_crypto -> in_psa_crypto_repo 
(For consistency with all.sh)

Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2023-08-24 15:18:18 +01:00
David Horstmann
7f93d22ad9 Rename psa_crypto_lib_filename to just crypto_lib_filename 
Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2023-08-24 15:18:18 +01:00
David Horstmann
4dcddcfae2 Parameterize out of source build directory 
Use CMake to build the library out-of-source (rather than make)
in tests/scripts/test_psa_compliance.py and add a script argument for
the out-of-source build directory.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2023-08-24 15:18:18 +01:00
David Horstmann
76a7738537 Invert logic for repo detection in all.sh 
Instead of:
    ! in_psa_crypto_repo()
use
    in_mbedtls_repo()

Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2023-08-24 15:18:18 +01:00
David Horstmann
e31014a681 Tweak test_psa_compliance pylint annotations 
Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2023-08-24 15:18:18 +01:00
David Horstmann
1d09184291 Modify test_psa_compliance.py for psa-crypto repo 
Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2023-08-24 15:18:18 +01:00
David Horstmann
9a6c45b436 Make all.sh PSA-crypto-friendly 
Introduce changes needed to run all.sh in the psa-crypto repo. Where
behaviour must differ, detect that we are in the psa-crypto repo by
checking for the 'core' directory.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2023-08-24 15:18:11 +01:00
Tomás González
d43cab3f5c Correct analyze_outcomes identation 
Signed-off-by: Tomás González <tomasagustin.gonzalezorlando@arm.com>
 2023-08-24 09:12:40 +01:00
Agathiyan Bragadeesh
733766bc71 Remove trailing whitespace in data file. 
Signed-off-by: Agathiyan Bragadeesh <agathiyan.bragadeesh2@arm.com>
 2023-08-23 15:44:52 +01:00
Agathiyan Bragadeesh
de84f9d67a Add test for rejecting empty AttributeValue 
Signed-off-by: Agathiyan Bragadeesh <agathiyan.bragadeesh2@arm.com>
 2023-08-23 11:44:04 +01:00
Gilles Peskine
e65bba4dd2
Merge pull request #7803 from gilles-peskine-arm/psa-low-hash-mac-size 
Start testing the PSA built-in drivers: hashes
 2023-08-22 11:19:41 +00:00
Tomás González
a0631446b5 Correct analyze_outcomes.py identation 
Signed-off-by: Tomás González <tomasagustin.gonzalezorlando@arm.com>
 2023-08-22 12:18:04 +01:00
Agathiyan Bragadeesh
ea3e83f36a Amend test in test_suite_x509write 
Needed since we now reject escaped null hexpairs in strings

Signed-off-by: Agathiyan Bragadeesh <agathiyan.bragadeesh2@arm.com>
 2023-08-22 10:39:56 +01:00
Agathiyan Bragadeesh
01e9392c3f Add malformatted DER test for string_to_names 
Signed-off-by: Agathiyan Bragadeesh <agathiyan.bragadeesh2@arm.com>
 2023-08-22 10:39:56 +01:00
Agathiyan Bragadeesh
cab79188ca Remove redundant tests in test_suite_x509write 
Signed-off-by: Agathiyan Bragadeesh <agathiyan.bragadeesh2@arm.com>
 2023-08-22 10:39:56 +01:00
Agathiyan Bragadeesh
a0ba8aab2e Add test for non ascii x509 subject name 
Signed-off-by: Agathiyan Bragadeesh <agathiyan.bragadeesh2@arm.com>
 2023-08-22 10:39:56 +01:00
Agathiyan Bragadeesh
a953f8ab36 Remove duplicate test in test_suite_x509write 
The test for outputing a hexstring representation is actually
testing dn_gets, and is tested in test_suite_x509parse.

Signed-off-by: Agathiyan Bragadeesh <agathiyan.bragadeesh2@arm.com>
 2023-08-22 10:39:56 +01:00
Agathiyan Bragadeesh
957ca0595d Accept short name/ber encoded data in DNs 
Signed-off-by: Agathiyan Bragadeesh <agathiyan.bragadeesh2@arm.com>
 2023-08-22 10:39:56 +01:00
Agathiyan Bragadeesh
afdb187bbc Add more comprehensive string to name tests 
Signed-off-by: Agathiyan Bragadeesh <agathiyan.bragadeesh2@arm.com>
 2023-08-22 10:39:56 +01:00
Agathiyan Bragadeesh
e59dedbce2 Add test reject null characters in string to names 
Signed-off-by: Agathiyan Bragadeesh <agathiyan.bragadeesh2@arm.com>
 2023-08-22 10:39:56 +01:00
Agathiyan Bragadeesh
5ca9848513 Reword test in test_suite_x509write 
Signed-off-by: Agathiyan Bragadeesh <agathiyan.bragadeesh2@arm.com>
 2023-08-22 10:39:56 +01:00
Agathiyan Bragadeesh
47cc76f070 Update x509 test for numericoid/hexstring output 
Signed-off-by: Agathiyan Bragadeesh <agathiyan.bragadeesh2@arm.com>
 2023-08-22 10:39:56 +01:00
Agathiyan Bragadeesh
ef299d6735 Add more tests for RFC 4514 
Signed-off-by: Agathiyan Bragadeesh <agathiyan.bragadeesh2@arm.com>
 2023-08-22 10:39:56 +01:00
Agathiyan Bragadeesh
404b4bb9ab Add x509 tests for upper and lowercase hexpairs 
Signed-off-by: Agathiyan Bragadeesh <agathiyan.bragadeesh2@arm.com>
 2023-08-22 10:39:56 +01:00
Agathiyan Bragadeesh
dba8a641fe Add and update tests for x509write and x509parse 
Due to change in handling non-ascii characters, existing tests had to be
updated to handle the new implementation. New tests and certificates
are added to test the escaping functionality in edge cases.

Signed-off-by: Agathiyan Bragadeesh <agathiyan.bragadeesh2@arm.com>
 2023-08-22 10:39:52 +01:00
Agathiyan Bragadeesh
ef2decbe4a Escape hexpairs characters RFC 4514 
Converts none ascii to escaped hexpairs in mbedtls_x509_dn_gets and
interprets hexpairs in mbedtls_x509_string_to_names.

Signed-off-by: Agathiyan Bragadeesh <agathiyan.bragadeesh2@arm.com>
 2023-08-22 10:38:16 +01:00
Agathiyan Bragadeesh
48513b8639 Escape special characters RFC 4514 
This escapes special characters according to RFC 4514 in
mbedtls_x509_dn_gets and de-escapes in mbedtls_x509_string_to_names.
This commit does not handle hexpairs.

Signed-off-by: Agathiyan Bragadeesh <agathiyan.bragadeesh2@arm.com>
 2023-08-22 10:38:16 +01:00
Tomás González
5022311c9d Tidy up allow list definition 
* Don't break string literals in the allow list definition
 * Comment each test that belongs to the allow list is there.

Signed-off-by: Tomás González <tomasagustin.gonzalezorlando@arm.com>
 2023-08-22 09:54:28 +01:00
Tomás González
7ebb18fbd6 Make non-executed tests that are not in the allow list an error 
* Turn the warnings produced when finding non-executed tests that
   are not in the allow list into errors.

Signed-off-by: Tomás González <tomasagustin.gonzalezorlando@arm.com>
 2023-08-22 09:47:49 +01:00