Commit graph

3976 commits

Author SHA1 Message Date
Philippe Antoine f049304895 Removes warnings for unused parameters 2019-06-21 19:47:27 +02:00
Philippe Antoine 9c7b698a2e Fuzz performance test without entropy 2019-06-21 19:47:27 +02:00
Philippe Antoine 7233352432 Fuzz testing
Fuzz targets are x509 crt csr and crl parsing
as well as private and public key parsing
and client and server communication

Fuzz targets for DTLS
Simple corpus with valid DTLS connection
Deterministic behavior for fuzzing, ie no timestamps
2019-06-21 19:47:27 +02:00
Jaeden Amero fd0f65459c Merge remote-tracking branch 'origin/pr/2697' into development
* origin/pr/2697:
  Update crypto submodule
  Add all.sh component that exercises invalid_param checks
  Remove mbedtls_param_failed from programs
  Make it easier to define MBEDTLS_PARAM_FAILED as assert
  Make test suites compatible with #include <assert.h>
  Pass -m32 to the linker as well
  Don't systematically rebuild programs
2019-06-21 13:21:05 +01:00
Jaeden Amero ca4e4a8b2a Merge remote-tracking branch 'origin/pr/2614' into development
* origin/pr/2614:
  Use 'config.pl baremetal' in all.sh
2019-06-21 13:15:07 +01:00
Jaeden Amero aada0c7fd0 Merge remote-tracking branch 'origin/pr/2053' into development
* origin/pr/2053:
  Clarify ChangeLog entry for fix to #1628
  Add Changelog entry for clang test-ref-configs.pl fix
  Enable more compiler warnings in tests/Makefile
  Change file scoping of test helpers.function
2019-06-21 12:54:27 +01:00
Gilles Peskine 1d10257d21 Copy the new header files to Mbed OS on-target test directories
The new PSA helper headers are needed at build time. When building
Mbed OS tests, the source files are copied to a directory under TESTS.
The required header files need to be present in this directory.
2019-06-20 17:23:58 +02:00
Gilles Peskine 9e5bcbd8d1 Remove unused functions
These functions became obsolete when the key export format changed
from including the SubjectPublicKeyInfo to being just the key
material.
2019-06-20 13:01:56 +02:00
Gilles Peskine 3cff768ad4 Move the one non-crypto-specific PSA helper macro to a new header
Create a new header file psa_helpers.h and put the one helper macro
that isn't specific to PSA crypto there. Use this header file in the
ITS test suite.
2019-06-20 12:54:43 +02:00
Gilles Peskine 1838e82190 Rename psa_helpers.function to psa_crypto_helpers.h
This file isn't like the other .function files: it isn't concatenated
by a separate preprocessing script, but included via C preprocessing.

Rename this file to .h. This isn't a normal C header, because it
defines auxiliary functions. But the functions aren't big and we only
have one compilation unit per executable, so this is good enough for
what we're doing.
2019-06-20 12:40:56 +02:00
Gilles Peskine 982fe790c1 Remove unused functions
These functions became obsolete when the key export format changed
from including the SubjectPublicKeyInfo to being just the key
material.
2019-06-19 18:23:21 +02:00
Jaeden Amero c54ee936d7 Merge remote-tracking branch 'origin/pr/2443' into development
* origin/pr/2443: (25 commits)
  Fix documentation of X.509 parsing test
  Add X.509 CRT parsing test for mixed time-encodings
  Improve X.509 CRT parsing test names
  Add negative X.509 parsing tests for v3Ext in v1/v2 CRT
  Add negative X.509 parsing tests for IssuerID/SubjectID in v1 CRT
  Improve name of X.509 CRT parsing test
  Always use the same X.509 alg structure inside and outside of TBS
  Fix test dependencies in X.509 CRT parsing suite
  Fix non-DER length encoding in two X.509 CRT parsing tests
  Fix test case name formatting in X.509 parsing suite
  Use ASN.1 NULL TLVs when testing invalid tags
  Shorten X.509 CRT parsing test names
  Extend negative testing for X.509 Signature parsing
  Extend negative testing for X.509 SignatureAlgorithm parsing
  Extend negative testing for X.509 v3 Extension parsing
  Extend negative testing for X.509 SubjectID parsing
  Extend negative testing for X.509 IssuerID parsing
  Extend negative testing for X.509 SubjectPublicKeyInfo parsing
  Extend negative testing for X.509 Subject parsing
  Extend negative testing for X.509 Validity parsing
  ...
2019-06-14 15:29:14 +01:00
Jaeden Amero 7af080a9f9 Merge remote-tracking branch 'origin/pr/2442' into development
* origin/pr/2442:
  Correct placement of ChangeLog entry
  Improve documentation of mbedtls_x509_get_ext()
  Adapt ChangeLog
  Always return a high-level error code from X.509 module
  Obey bounds of ASN.1 substructures
2019-06-14 15:27:42 +01:00
Gilles Peskine adcde5e997 Add all.sh component that exercises invalid_param checks
With the change to the full config, there were no longer any tests
that exercise invalid-parameter behavior. The test suite exercises
invalid-parameter behavior by calling TEST_INVALID_PARAM and friends,
relying on the test suite's mbedtls_check_param function. This
function is only enabled if MBEDTLS_CHECK_PARAMS is defined but not
MBEDTLS_CHECK_PARAMS_ASSERT.

Add a component to all.sh that enables MBEDTLS_CHECK_PARAMS but
disables MBEDTLS_CHECK_PARAMS_ASSERT and doesn't define
MBEDTLS_PARAM_FAILED. This way, the xxx_invalid_param() tests do run.
Since sample programs don't provide a mbedtls_check_param function,
this component doesn't build the sample programs.
2019-06-14 13:09:13 +02:00
Jaeden Amero 6b5dc689f7 Merge remote-tracking branch 'origin/pr/2430' into development
* origin/pr/2430:
  Document support for MD2 and MD4 in programs/x509/cert_write
  Correct name of X.509 parsing test for well-formed, ill-signed CRT
  Add test cases exercising successful verification of MD2/MD4/MD5 CRT
  Add test case exercising verification of valid MD2 CRT
  Add MD[245] test CRTs to tree
  Add instructions for MD[245] test CRTs to tests/data_files/Makefile
  Add suppport for MD2 to CSR and CRT writing example programs
  Remove use of MD2 in further x509parse tests
  Convert further x509parse tests to use lower-case hex data
  Correct placement of ChangeLog entry
  Adapt ChangeLog
  Use SHA-256 instead of MD2 in X.509 CRT parsing tests
  Consistently use lower case hex data in X.509 parsing tests
2019-06-14 08:49:31 +01:00
Jaeden Amero e1b02df515 Merge remote-tracking branch 'origin/pr/2260' into development
* origin/pr/2260:
  Update crypto submodule
  Remove heading spaces in tests/data_files/Makefile
  Re-generate library/certs.c from script
  Add new line at the end of test-ca2.key.enc
  Use strict syntax to annotate origin of test data in certs.c
  Add run to all.sh exercising !MBEDTLS_PEM_PARSE_C + !MBEDTLS_FS_IO
  Allow DHM self test to run without MBEDTLS_PEM_PARSE_C
  ssl-opt.sh: Auto-skip tests that use files if MBEDTLS_FS_IO unset
  Document origin of hardcoded certificates in library/certs.c
  Adapt ChangeLog
  Rename server1.der to server1.crt.der
  Add DER encoded files to git tree
  Add build instructions to generate DER versions of CRTs and keys
  Document "none" value for ca_path/ca_file in ssl_client2/ssl_server2
  ssl_server2: Skip CA setup if `ca_path` or `ca_file` argument "none"
  ssl_client2: Skip CA setup if `ca_path` or `ca_file` argument "none"
  Correct white spaces in ssl_server2 and ssl_client2
  Adapt ssl_client2 to parse DER encoded test CRTs if PEM is disabled
  Adapt ssl_server2 to parse DER encoded test CRTs if PEM is disabled
2019-06-14 08:46:48 +01:00
Gilles Peskine 9e23bea692 Make test suites compatible with #include <assert.h>
Don't use the macro name assert. It's technically permitted as long as
<assert.h> is not included, but it's fragile, because it means the
code and any header that it includes must not include <assert.h>.
2019-06-13 15:13:43 +02:00
Gilles Peskine e7655df7be Make test suites compatible with #include <assert.h>
Don't use the macro name assert. It's technically permitted as long as
<assert.h> is not included, but it's fragile, because it means the
code and any header that it includes must not include <assert.h>.
2019-06-13 15:12:23 +02:00
Hanno Becker 61cf9e3ca3 Fix documentation of X.509 parsing test 2019-06-13 13:32:44 +01:00
k-stachowiak 69969ef088 Remove redundant config.pl call 2019-06-13 11:53:17 +02:00
Jaeden Amero b1c72f56b1 Update library version to 2.18.0
Increase the SO versions of libmbedx509 and libmbedtls due to the
addition of fields in publicly visible (non-opaque) structs:
  - mbedtls_ssl_config
  - mbedtls_ssl_context
  - mbedtls_x509_crt
2019-06-11 17:19:35 +01:00
Jaeden Amero a3daa21d8c Merge remote-tracking branch 'origin/pr/2678' into development
* origin/pr/2678:
  Update crypto submodule to 1.1.0d2
  all.sh: Perform targeted EtM tests for MAC-less configs
  ssl: Don't access non-existent encrypt_then_mac field
2019-06-10 11:00:14 +01:00
k-stachowiak c1955559ad Add a test for signing content with a long ECDSA key
Due to the way the current PK API works, it may have not been clear
for the library clients, how big output buffers they should pass
to the signing functions. Depending on the key type they depend on
MPI or EC specific compile-time constants.

Inside the library, there were places, where it was assumed that
the MPI size will always be enough, even for ECDSA signatures.
However, for very small sizes of the MBEDTLS_MPI_MAX_SIZE and
sufficiently large key, the EC signature could exceed the MPI size
and cause a stack overflow.

This test establishes both conditions -- small MPI size and the use
of a long ECDSA key -- and attempts to sign an arbitrary file.
This can cause a stack overvlow if the signature buffers are not
big enough, therefore the test is performed for an ASan build.
2019-06-10 11:46:18 +02:00
Gilles Peskine 5d26e7cbfe Pass -m32 to the linker as well
For unit tests and sample programs, CFLAGS=-m32 is enough to get a
32-bit build, because these programs are all compiled directly
from *.c to the executable in one shot. But with makefile rules that
first build object files and then link them, LDFLAGS=-m32 is also
needed.
2019-06-07 18:15:37 +02:00
Jaeden Amero b01314683a test: Remove redundant 0-byte decryption test
Remove the "Decrypt empty buffer" test, as ChaCha20 is a stream cipher
and 0 bytes encrypted is identical to a 0 length buffer. The "ChaCha20
Encrypt and decrypt 0 bytes" test will test decryption of a 0 length
buffer.
2019-06-07 12:57:33 +01:00
Jaeden Amero 5ab80efa10 test: Check empty buffer decryption for chachapoly
Previously, even in the Chacha20 and Chacha20-Poly1305 tests, we would
test that decryption of an empty buffer would work with
MBEDTLS_CIPHER_AES_128_CBC.

Make the cipher used with the dec_empty_buf() test configurable, so that
Chacha20 and Chacha20-Poly1305 empty buffer tests can use ciphers other
than AES CBC. Then, make the Chacha20 and Chacha20-Poly1305 empty buffer
tests use the MBEDTLS_CIPHER_CHACHA20 and
MBEDTLS_CIPHER_CHACHA20_POLY1305 cipher suites.
2019-06-07 12:57:33 +01:00
Jaeden Amero 2353b542d9 test: Remove redundant 0-byte decryption test
Remove the "Decrypt empty buffer" test, as ChaCha20 is a stream cipher
and 0 bytes encrypted is identical to a 0 length buffer. The "ChaCha20
Encrypt and decrypt 0 bytes" test will test decryption of a 0 length
buffer.
2019-06-06 11:56:54 +01:00
Jaeden Amero ab11889958 test: Check empty buffer decryption for chachapoly
Previously, even in the Chacha20 and Chacha20-Poly1305 tests, we would
test that decryption of an empty buffer would work with
MBEDTLS_CIPHER_AES_128_CBC.

Make the cipher used with the dec_empty_buf() test configurable, so that
Chacha20 and Chacha20-Poly1305 empty buffer tests can use ciphers other
than AES CBC. Then, make the Chacha20 and Chacha20-Poly1305 empty buffer
tests use the MBEDTLS_CIPHER_CHACHA20 and
MBEDTLS_CIPHER_CHACHA20_POLY1305 cipher suites.
2019-06-06 11:56:54 +01:00
Gilles Peskine dd413d3c92 Test shutdown without closing handles
Add some test cases that shut down and restart without explicitly
closing handles, and check that the handles are properly invalidated.
2019-06-05 16:38:42 +02:00
Gilles Peskine 76b29a77fb Close or destroy keys explicitly in tests 2019-06-05 16:38:42 +02:00
Gilles Peskine 1153e7bd57 Replace all calls to mbedtls_psa_crypto_free by PSA_DONE
Replace all calls to mbedtls_psa_crypto_free in tests by PSA_DONE.
This is correct for most tests, because most tests close open keys. A
few tests now fail; these tests need to be reviewed and switched back
to mbedtls_psa_crypto_free if they genuinely expected to end with some
slots still in use.
2019-06-05 16:38:42 +02:00
Gilles Peskine a6d252a986 New macro PSA_DONE for a clean PSA shutdown
The new macro PSA_DONE calls mbedtls_psa_crypto_free, but before that,
it checks that no key slots are in use. The goal is to allow tests to
verify that functions like psa_close_key properly mark slots as
unused, and more generally to detect key slot leaks. We call
mbedtls_psa_crypto_free at the end of each test case, which could mask
a bug whereby slots are not freed when they should be, but their
content is correctly reclaimed by mbedtls_psa_crypto_free.
2019-06-05 16:38:42 +02:00
Gilles Peskine 952f40962a Create PSA-specific helper function file
Create a specific file for helper functions that are related to the
PSA API. The reason for a separate file is so that it can include
<psa/crypto.h>, without forcing this header inclusion into every test
suite. In this commit, psa_helpers.function doesn't need psa/crypto.h
yet, but this will be the case in a subsequent commit.

Move PSA_ASSERT to psa_helpers.function, since that's the sort of
things it's for.

Include "psa_helpers.function" from the PSA crypto tests.

In the ITS test, don't include "psa_helpers". The ITS tests are
meant to stand alone from the rest of the library.
2019-06-05 16:38:42 +02:00
Jaeden Amero 6b1683dd5d all.sh: Perform targeted EtM tests for MAC-less configs
When testing a configuration where no ciphersuites have MAC, via
component_test_when_no_ciphersuites_have_mac(), perform a targeted test
of only encrypt-then-MAC tests within ssl-opt.sh.
2019-06-05 14:42:50 +01:00
Jaeden Amero 2de07f1dd1 ssl: Don't access non-existent encrypt_then_mac field
When MBEDTLS_SSL_ENCRYPT_THEN_MAC is enabled, but not
MBEDTLS_SSL_SOME_MODES_USE_MAC, mbedtls_ssl_derive_keys() and
build_transforms() will attempt to use a non-existent `encrypt_then_mac`
field in the ssl_transform.

    Compile [ 93.7%]: ssl_tls.c
    [Error] ssl_tls.c@865,14: 'mbedtls_ssl_transform {aka struct mbedtls_ssl_transform}' ha
s no member named 'encrypt_then_mac'
    [ERROR] ./mbed-os/features/mbedtls/src/ssl_tls.c: In function 'mbedtls_ssl_derive_keys'
:
    ./mbed-os/features/mbedtls/src/ssl_tls.c:865:14: error: 'mbedtls_ssl_transform {aka str
uct mbedtls_ssl_transform}' has no member named 'encrypt_then_mac'
         transform->encrypt_then_mac = session->encrypt_then_mac;
                  ^~

Change mbedtls_ssl_derive_keys() and build_transforms() to only access
`encrypt_then_mac` if `encrypt_then_mac` is actually present.

Add a regression test to detect when we have regressions with
configurations that do not include any MAC ciphersuites.

Fixes d56ed2491b ("Reduce size of `ssl_transform` if no MAC ciphersuite is enabled")
2019-06-05 14:09:29 +01:00
Gilles Peskine d2d45c1738 Convert cipher and pk to PSA attribute-based key creation
This fixes the build under MBEDTLS_USE_PSA_CRYPTO.
2019-06-05 11:34:54 +02:00
Gilles Peskine baea7aac89 Convert remaining obsolete function call 2019-06-05 11:34:54 +02:00
Hanno Becker 7717c41adc Add X.509 CRT parsing test for mixed time-encodings 2019-06-04 17:26:46 +01:00
Hanno Becker 8671e81b7a Improve X.509 CRT parsing test names 2019-06-04 17:26:46 +01:00
Hanno Becker 04b10c073e Add negative X.509 parsing tests for v3Ext in v1/v2 CRT 2019-06-04 17:26:46 +01:00
Hanno Becker d51d4856e6 Add negative X.509 parsing tests for IssuerID/SubjectID in v1 CRT 2019-06-04 17:26:46 +01:00
Hanno Becker 7ca07e3459 Improve name of X.509 CRT parsing test 2019-06-04 17:26:46 +01:00
Hanno Becker 764fbdf97d Always use the same X.509 alg structure inside and outside of TBS 2019-06-04 17:26:46 +01:00
Hanno Becker 60dd6fc944 Fix test dependencies in X.509 CRT parsing suite
Most tests use an sha256WithRSAEncryption OID which isn't recognized
unless RSA and SHA-256 are enabled.
2019-06-04 17:26:43 +01:00
Hanno Becker 31af3b874b Fix non-DER length encoding in two X.509 CRT parsing tests
Lengths below 128 Bytes must be encoded as a single 'XX' byte in DER,
but two tests in the X.509 CRT parsing suite used the BER but non-DER
encoding '81 XX' (the first byte 10000001 indicating that the length
is to follow (high bit) and has length 1 byte (low bit)).
2019-06-04 17:26:06 +01:00
Hanno Becker 19db19e41f Fix test case name formatting in X.509 parsing suite 2019-06-04 17:25:44 +01:00
Hanno Becker 0f5acc18c5 Use ASN.1 NULL TLVs when testing invalid tags
Previously, a test exercising the X.509 CRT parser's behaviour
on unexpected tags would use a '00' byte in place of the tag
for the expected structure. This makes reviewing the examples
harder because the binary data isn't valid DER-encoded ASN.1.

This commit uses the ASN.1 NULL TLV '05 00' to test invalid
tags, and adapts surrounding structures' length values accordingly.
This eases reviewing because now the ASN.1 structures are still
well-formed at the place where the mismatch occurs.
2019-06-04 17:25:44 +01:00
Hanno Becker 2389d1684b Shorten X.509 CRT parsing test names 2019-06-04 17:25:40 +01:00
Hanno Becker 44199b69b4 Extend negative testing for X.509 Signature parsing 2019-06-04 17:19:47 +01:00
Hanno Becker 5f88a77e2d Extend negative testing for X.509 SignatureAlgorithm parsing 2019-06-04 17:19:47 +01:00
Hanno Becker 05987e33f1 Extend negative testing for X.509 v3 Extension parsing 2019-06-04 17:19:47 +01:00
Hanno Becker be3850a2b3 Extend negative testing for X.509 SubjectID parsing 2019-06-04 17:19:47 +01:00
Hanno Becker 9f06b50b66 Extend negative testing for X.509 IssuerID parsing 2019-06-04 17:19:47 +01:00
Hanno Becker bb955e5195 Extend negative testing for X.509 SubjectPublicKeyInfo parsing 2019-06-04 17:19:47 +01:00
Hanno Becker 28ae6b1ba8 Extend negative testing for X.509 Subject parsing 2019-06-04 17:19:46 +01:00
Hanno Becker 18459d420f Extend negative testing for X.509 Validity parsing 2019-06-04 17:19:46 +01:00
Hanno Becker 5e2cf38ff6 Extend negative testing for X.509 Issuer parsing 2019-06-04 17:19:46 +01:00
Hanno Becker a328fffdaa Extend negative testing for X.509 AlgorithmIdentifier parsing 2019-06-04 17:19:43 +01:00
Hanno Becker e7d8f96f9f Extend negative testing for X.509 Serial number parsing 2019-06-04 16:23:46 +01:00
Hanno Becker a9ef412cee Extend negative testing for X.509 Version parsing 2019-06-04 16:23:46 +01:00
Hanno Becker a5c481e384 Extend negative testing for X.509 TBS header parsing 2019-06-04 16:23:46 +01:00
Hanno Becker 6ccfb18ab1 Always return a high-level error code from X.509 module
Some functions within the X.509 module return an ASN.1 low level
error code where instead this error code should be wrapped by a
high-level X.509 error code as in the bulk of the module.

Specifically, the following functions are affected:
- mbedtls_x509_get_ext()
- x509_get_version()
- x509_get_uid()

This commit modifies these functions to always return an
X.509 high level error code.

Care has to be taken when adapting `mbetls_x509_get_ext()`:
Currently, the callers `mbedtls_x509_crt_ext()` treat the
return code `MBEDTLS_ERR_ASN1_UNEXPECTED_TAG` specially to
gracefully detect and continue if the extension structure is not
present. Wrapping the ASN.1 error with
`MBEDTLS_ERR_X509_INVALID_EXTENSIONS` and adapting the check
accordingly would mean that an unexpected tag somewhere
down the extension parsing would be ignored by the caller.

The way out of this is the following: Luckily, the extension
structure is always the last field in the surrounding structure,
so if there is some data remaining, it must be an Extension
structure, so we don't need to deal with a tag mismatch gracefully
in the first place.

We may therefore wrap the return code from the initial call to
`mbedtls_asn1_get_tag()` in `mbedtls_x509_get_ext()` by
`MBEDTLS_ERR_X509_INVALID_EXTENSIONS` and simply remove
the special treatment of `MBEDTLS_ERR_ASN1_UNEXPECTED_TAG`
in the callers `x509_crl_get_ext()` and `x509_crt_get_ext()`.

This renders `mbedtls_x509_get_ext()` unsuitable if it ever
happened that an Extension structure is optional and does not
occur at the end of its surrounding structure, but for CRTs
and CRLs, it's fine.

The following tests need to be adapted:
- "TBSCertificate v3, issuerID wrong tag"
  The issuerID is optional, so if we look for its presence
  but find a different tag, we silently continue and try
  parsing the subjectID, and then the extensions. The tag '00'
  used in this test doesn't match either of these, and the
  previous code would hence return LENGTH_MISMATCH after
  unsucessfully trying issuerID, subjectID and Extensions.
  With the new code, any data remaining after issuerID and
  subjectID _must_ be Extension data, so we fail with
  UNEXPECTED_TAG when trying to parse the Extension data.
- "TBSCertificate v3, UIDs, invalid length"
  The test hardcodes the expectation of
  MBEDTLS_ERR_ASN1_INVALID_LENGTH, which needs to be
  wrapped in MBEDTLS_ERR_X509_INVALID_FORMAT now.

Fixes #2431.
2019-06-04 13:59:48 +01:00
Hanno Becker 12f62fb82c Obey bounds of ASN.1 substructures
When parsing a substructure of an ASN.1 structure, no field within
the substructure must exceed the bounds of the substructure.
Concretely, the `end` pointer passed to the ASN.1 parsing routines
must be updated to point to the end of the substructure while parsing
the latter.

This was previously not the case for the routines
- x509_get_attr_type_and_value(),
- mbedtls_x509_get_crt_ext(),
- mbedtls_x509_get_crl_ext().
These functions kept using the end of the parent structure as the
`end` pointer and would hence allow substructure fields to cross
the substructure boundary. This could lead to successful parsing
of ill-formed X.509 CRTs.

This commit fixes this.

Care has to be taken when adapting `mbedtls_x509_get_crt_ext()`
and `mbedtls_x509_get_crl_ext()`, as the underlying function
`mbedtls_x509_get_ext()` returns `0` if no extensions are present
but doesn't set the variable which holds the bounds of the Extensions
structure in case the latter is present. This commit addresses
this by returning early from `mbedtls_x509_get_crt_ext()` and
`mbedtls_x509_get_crl_ext()` if parsing has reached the end of
the input buffer.

The following X.509 parsing tests need to be adapted:
- "TBSCertificate, issuer two inner set datas"
  This test exercises the X.509 CRT parser with a Subject name
  which has two empty `AttributeTypeAndValue` structures.
  This is supposed to fail with `MBEDTLS_ERR_ASN1_OUT_OF_DATA`
  because the parser should attempt to parse the first structure
  and fail because of a lack of data. Previously, it failed to
  obey the (0-length) bounds of the first AttributeTypeAndValue
  structure and would try to interpret the beginning of the second
  AttributeTypeAndValue structure as the first field of the first
  AttributeTypeAndValue structure, returning an UNEXPECTED_TAG error.
- "TBSCertificate, issuer, no full following string"
  This test exercises the parser's behaviour on an AttributeTypeAndValue
  structure which contains more data than expected; it should therefore
  fail with MBEDTLS_ERR_ASN1_LENGTH_MISMATCH. Because of the missing bounds
  check, it previously failed with UNEXPECTED_TAG because it interpreted
  the remaining byte in the first AttributeTypeAndValue structure as the
  first byte in the second AttributeTypeAndValue structure.
- "SubjectAltName repeated"
  This test should exercise two SubjectAltNames extensions in succession,
  but a wrong length values makes the second SubjectAltNames extension appear
  outside of the Extensions structure. With the new bounds in place, this
  therefore fails with a LENGTH_MISMATCH error. This commit adapts the test
  data to put the 2nd SubjectAltNames extension inside the Extensions
  structure, too.
2019-06-04 10:15:09 +01:00
Hanno Becker 4cbea4b07e Remove heading spaces in tests/data_files/Makefile 2019-06-03 17:46:56 +01:00
Hanno Becker 471ad477bb Add new line at the end of test-ca2.key.enc 2019-06-03 17:46:56 +01:00
Hanno Becker a545be2622 Add run to all.sh exercising !MBEDTLS_PEM_PARSE_C + !MBEDTLS_FS_IO 2019-06-03 17:46:56 +01:00
Hanno Becker 91e72c3121 ssl-opt.sh: Auto-skip tests that use files if MBEDTLS_FS_IO unset
This should allow to run ssl-opt.sh successfully in the default
configuration minus MBEDTLS_PEM_PARSE_C minus MBEDTLS_FS_IO.
2019-06-03 17:46:56 +01:00
Hanno Becker 58fc28ce1a Rename server1.der to server1.crt.der 2019-06-03 17:46:56 +01:00
Hanno Becker 8843c250c0 Add DER encoded files to git tree 2019-06-03 17:46:56 +01:00
Hanno Becker e21387e014 Add build instructions to generate DER versions of CRTs and keys 2019-06-03 17:46:56 +01:00
Hanno Becker d0ac5faa72 Insert records with unexpected CID in CID tests in ssl-opt.sh 2019-06-03 16:07:50 +01:00
Hanno Becker 8c07beeb84 Rename MBEDTLS_SSL_CID->MBEDTLS_SSL_DTLS_CONNECTION_ID in SSL suite 2019-06-03 16:07:50 +01:00
Hanno Becker a0e20d04b2 Rename MBEDTLS_SSL_CID to MBEDTLS_SSL_DTLS_CONNECTION_ID
Files modified via

sed -i 's/MBEDTLS_SSL_CID\([^_]\|$\)/MBEDTLS_SSL_DTLS_CONNECTION_ID\1/g' **/*.c **/*.h **/*.sh **/*.function
2019-06-03 16:07:50 +01:00
Hanno Becker c2045b0764 Add CID test not using datagram packing to ssl-opt.sh 2019-06-03 16:07:50 +01:00
Hanno Becker 78c9137b0c Add Proxy tests for Connection ID to ssl-opt.sh
Also, shorten test names to avoid them being truncated on the cmd line.
2019-06-03 16:07:50 +01:00
Hanno Becker 22a59fdca8 Remove indicators and warnings about unfinished CID implementation 2019-06-03 16:07:50 +01:00
Hanno Becker b3e9dd53ba Fix mismatching debug grep in ssl-opt.sh CID tests 2019-06-03 16:07:50 +01:00
Hanno Becker b42ec0df02 Add support for change of CID to ssl_client2 / ssl_server2
And add tests for various CID configuration changes during
renegotiation to ssl-opt.sh.
2019-06-03 16:07:50 +01:00
Hanno Becker 2749a67d1f Reintroduce grepping for debug messages in CID tests in ssl-opt.sh 2019-06-03 16:07:50 +01:00
Hanno Becker e2c2314ab4 Add missing dependencies in unit tests for CID-based record enc/dec
Changes generated via:
% sed -i '/.*CID [0-9]+[0-9]/{n;s/depends_on:/depends_on:MBEDTLS_SSL_CID:/}' test_suite_ssl.data
2019-06-03 14:47:36 +01:00
Hanno Becker 43c24b8da9 Fix missing compile-time guards around CID-only constants 2019-06-03 14:47:36 +01:00
Hanno Becker 8a7f972202 Skip copying CIDs to SSL transforms until CID feature is complete
This commit temporarily comments the copying of the negotiated CIDs
into the established ::mbedtls_ssl_transform in mbedtls_ssl_derive_keys()
until the CID feature has been fully implemented.

While mbedtls_ssl_decrypt_buf() and mbedtls_ssl_encrypt_buf() do
support CID-based record protection by now and can be unit tested,
the following two changes in the rest of the stack are still missing
before CID-based record protection can be integrated:
- Parsing of CIDs in incoming records.
- Allowing the new CID record content type for incoming records.
- Dealing with a change of record content type during record
  decryption.

Further, since mbedtls_ssl_get_peer_cid() judges the use of CIDs by
the CID fields in the currently transforms, this change also requires
temporarily disabling some grepping for ssl_client2 / ssl_server2
debug output in ssl-opt.sh.
2019-06-03 14:47:36 +01:00
Hanno Becker d856c82993 Add unit tests for record protection using CID 2019-06-03 14:47:36 +01:00
Hanno Becker 6c87b3f9df Record enc/dec tests: Don't take turns in sending / receiving roles
Part of the record encryption/decryption tests is to gradually
increase the space available at the front and/or at the back of
a record and observe when encryption starts to succeed. If exactly
one of the two parameters is varied at a time, the expectation is
that encryption will continue to succeed once it has started
succeeding (that's not true if both pre- and post-space are varied
at the same time).

Moreover, previously the test would take turns when choosing which
transform should be used for encryption, and which for decryption.

With the introduction of the CID feaature, this switching of transforms
doesn't align with the expectation of eventual success of the encryption,
since the overhead of encryption might be different for the parties,
because both parties may use different CIDs for their outgoing records.

This commit modifies the tests to not take turns between transforms,
but to always use the same transforms for encryption and decryption
during a single round of the test.
2019-06-03 14:47:36 +01:00
Hanno Becker 4a9b028c08 Correct name of X.509 parsing test for well-formed, ill-signed CRT 2019-06-03 14:45:21 +01:00
Hanno Becker 20a4ade3f5 Add test cases exercising successful verification of MD2/MD4/MD5 CRT 2019-06-03 14:45:21 +01:00
Hanno Becker 7b8abee4f5 Add test case exercising verification of valid MD2 CRT
The X.509 parsing test suite test_suite_x509parse contains a test
exercising X.509 verification for a valid MD4/MD5 certificate in a
profile which doesn't allow MD4/MD5. This commit adds an analogous
test for MD2.
2019-06-03 14:45:16 +01:00
Hanno Becker fcffdccb85 Grep for dbug msgs witnessing use of CID in ssl_client2/ssl_server2 2019-06-03 14:43:16 +01:00
Hanno Becker 9ecb6c676c Grep for dbg msg witnessing copying of CIDs to SSL transform 2019-06-03 14:43:16 +01:00
Hanno Becker a6a4c7623c Grep for dbg msg witnessing parsing of CID extension in ServerHello 2019-06-03 14:43:16 +01:00
Hanno Becker 4bc9e9d3f6 Grep for dbg msg witnessing writing of CID extension in ServerHello 2019-06-03 14:43:16 +01:00
Hanno Becker 7dee2c6369 Grep for dbg msg witnessing parsing of CID extension in ClientHello 2019-06-03 14:43:16 +01:00
Hanno Becker 6b78c83829 Grep for dbg msg witnessing writing of CID extension in ClientHello 2019-06-03 14:43:16 +01:00
Hanno Becker f157a97b75 Modify CID tests in ssl-opt.sh to grep for CID config debug msgs 2019-06-03 14:43:16 +01:00
Hanno Becker 5f925be378 Indicate ssl-opt.sh CID tests only test the stub CID code 2019-06-03 14:42:08 +01:00
Hanno Becker 9bae30d00d Fix use of requires_config_enabled in ssl-opt.sh
requires_config_enabled doesn't support multiple config options.
Tests having multiple configuration dependencies must be prefixed
with multiple invocations of requires_config_enabled instead.
2019-06-03 14:42:08 +01:00
Hanno Becker d029a2b57f Fix typo in CID test in ssl-opt.sh 2019-06-03 14:42:08 +01:00
Hanno Becker 7cf463e3cc Add basic Connection ID tests to ssl-opt.sh 2019-06-03 14:42:08 +01:00
Hanno Becker 53756b3228 Add MD[245] test CRTs to tree 2019-06-03 14:22:59 +01:00
Hanno Becker 2e0f71f977 Add instructions for MD[245] test CRTs to tests/data_files/Makefile 2019-06-03 14:22:53 +01:00
Gilles Peskine a3b93ff893 Make docstring style consistent
Use PEP 257 indented docstring style, mostly: always with """, with the
terminating """ on a separate line if the docstring is more than one
line, and with all lines indented to the opening """.

This commit does not change the text to keep the first paragraph single-line.
2019-06-03 11:23:56 +02:00
Hanno Becker ba698da57a Remove use of MD2 in further x509parse tests 2019-06-03 09:54:07 +01:00
Hanno Becker 32b48ea364 Convert further x509parse tests to use lower-case hex data 2019-06-03 09:48:39 +01:00
Jaeden Amero 3b025ac52b test: Always use make clean by itself
When running make with parallelization, running both "clean" and "lib"
with a single make invocation can lead to each target building in
parallel. It's bad if lib is partially done building something, and then
clean deletes what was built. This can lead to errors later on in the
lib target.

    $ make -j9 clean lib
      CC    aes.c
      CC    aesni.c
      CC    arc4.c
      CC    aria.c
      CC    asn1parse.c
      CC    ./library/error.c
      CC    ./library/version.c
      CC    ./library/version_features.c
      AR    libmbedcrypto.a
    ar: aes.o: No such file or directory
    Makefile:120: recipe for target 'libmbedcrypto.a' failed
    make[2]: *** [libmbedcrypto.a] Error 1
    Makefile:152: recipe for target 'libmbedcrypto.a' failed
    make[1]: *** [libmbedcrypto.a] Error 2
    Makefile:19: recipe for target 'lib' failed
    make: *** [lib] Error 2
    make: *** Waiting for unfinished jobs....

To avoid this sort of trouble, always invoke clean by itself without
other targets throughout the library. Don't run clean in parallel with
other rules. The only place where clean was run in parallel with other
targets was in list-symbols.sh.
2019-05-31 12:47:07 +01:00
Hanno Becker 01346c645b Use SHA-256 instead of MD2 in X.509 CRT parsing tests
- Replace 'RSA with MD2' OID '2a864886f70d010102' by
  'RSA with SHA-256' OID '2a864886f70d01010b':
  Only the last byte determines the hash, and
  `MBEDTLS_OID_PKCS1_MD2 == MBEDTLS_OID_PKCS1 "\x02"`
  `MBEDTLS_OID_PKCS1_SHA256 == MBEDTLS_OID_PKCS1 "\x0b"`
  See oid.h.
- Replace MD2 dependency by SHA256 dependency.
- Adapt expected CRT info output.
2019-05-30 11:16:39 +01:00
Hanno Becker d0d78d7c4a Consistently use lower case hex data in X.509 parsing tests 2019-05-30 11:16:39 +01:00
Gilles Peskine 54f544581a Pacify Pylint
Pass Pylint by cleaning up the code where possible and silencing
Pylint where I know better.

No behavior change.
2019-05-29 09:58:59 +02:00
Gilles Peskine 42a0a0aeea Obey Python naming and method structure conventions
* Rename internal methods and fields to start with an underscore.
* Rename global constants to uppercase.
* Change methods that don't use self to be class methods or static
  methods as appropriate.

No behavior change in this commit.
2019-05-29 09:58:59 +02:00
Gilles Peskine 2938268fb4 Merge remote-tracking branch 'upstream-crypto/development' into psa-api-1.0-beta-merge_development_20190524
Conflicts:
* library/ssl_cli.c, library/ssl_tls.c:
  Removed on the development branch. Keep them removed.
* include/psa/crypto_extra.h, library/psa_crypto_storage.c,
  tests/suites/test_suite_psa_crypto.data,
  tests/suites/test_suite_psa_crypto.function,
  tests/suites/test_suite_psa_crypto_persistent_key.data,
  tests/suites/test_suite_psa_crypto_slot_management.data,
  tests/suites/test_suite_psa_crypto_slot_management.function:
  Modified on the development branch only to implement the enrollment
  algorithm, which has been reimplemented on the API branch.
  Keep the API branch.
2019-05-29 09:57:29 +02:00
Gilles Peskine 3027ba6429 Enrollment algorithm in policy: add tests of psa_copy_key 2019-05-27 14:08:28 +02:00
Gilles Peskine bcdd44b9be Enrollment algorithm in policy: add support in psa_copy_key tests
Add parameters to psa_copy_key tests for the enrollment algorithm (alg2).

This commit only tests with alg2=0, which is equivalent to not setting
an enrollment algorithm.
2019-05-27 14:08:28 +02:00
Gilles Peskine b4e0cda8db Enrollment algorithm in policy: update persistent key tests
The storage format has changed, so update the test data accordingly.
2019-05-27 14:08:28 +02:00
Gilles Peskine 183442c854 Enrollment algorithm in policy: test persistent keys 2019-05-27 14:08:27 +02:00
Gilles Peskine 96f0b3b1d3 Keys may allow a second algorithm
Add a second permitted algorithm to key policies.

This commit includes smoke tests that do not cover psa_copy_key.
2019-05-27 14:08:27 +02:00
Gilles Peskine d3bb7bb2f2 Persistent key reload: test more metadata
In the tests for opening a persistent key after closing it, also read
back and check the key data if permitted by policy, and the key
policy.
2019-05-24 17:02:25 +02:00
Gilles Peskine 1ecf92c2f8 Align test functions to usage/alg parameter order
Manually cherry-picked from ca5bed742f
by taking that patch, replacing KEYPAIR by KEY_PAIR
throughout (renaming applied in this branch), and discarding parts
about import_twice in test_suite_psa_crypto (this test function was
removed from this branch).
2019-05-24 16:38:14 +02:00
Jaeden Amero 2ab5cf658f Merge remote-tracking branch 'origin/pr/2403' into development
* origin/pr/2403: (24 commits)
  crypto: Update to Mbed Crypto 8907b019e7
  Create seedfile before running tests
  crypto: Update to Mbed Crypto 81f9539037
  ssl_cli.c : add explicit casting to unsigned char
  Generating visualc files - let Mbed TLS take precedence over crypto
  Add a link to the seedfile for out-of-tree cmake builds
  Adjust visual studio file generation to always use the crypto submodule
  all.sh: unparallelize mingw tests
  all.sh - disable parallelization for shared target tests
  config.pl: disable PSA_ITS_FILE and PSA_CRYPTO_STORAGE for baremetal
  all.sh: unset crypto storage define in a psa full config cmake asan test
  all.sh: unset FS_IO-dependent defines for tests that do not have it
  curves.pl - change test script to not depend on the implementation
  Export the submodule flag to sub-cmakes
  Disable MBEDTLS_ECP_RESTARTABLE in full config
  Export the submodule flag to sub-makes
  Force the usage of crypto submodule
  Fix crypto submodule usage in Makefile
  Documentation rewording
  Typo fixes in documentation
  ...
2019-05-23 09:08:55 +01:00
Jaeden Amero a542bb6de6 Merge remote-tracking branch 'origin/pr/2647' into development
* origin/pr/2647:
  list-symbols.sh: if the build fails, print the build transcript
  Document "check-names.sh -v"
  all.sh: invoke check-names.sh in print-trace-on-exit mode
  Print a command trace if the check-names.sh exits unexpectedly
2019-05-23 09:08:41 +01:00
Gilles Peskine 3c8ccc068f Create seedfile before running tests
With MBEDTLS_USE_PSA_CRYPTO and MBEDTLS_ENTROPY_NV_SEED enabled, the
tests need a seedfile. Since test_suite_entropy is no longer there to
create it, and MBEDTLS_USE_PSA_CRYPTO is now enabled in the full
config, create tests/seedfile explicitly in basic-build-test.sh.
2019-05-23 03:01:35 -04:00
Andrzej Kurek 4a71cfa39f Add a link to the seedfile for out-of-tree cmake builds 2019-05-23 03:01:35 -04:00
Andrzej Kurek 62faadd6a3 all.sh: unparallelize mingw tests
Sometimes, when building the shared target with crypto submodule, one could
get an "No rule to make target '../crypto/library/libmbedcrypto.so'" error.
This is due to two reasons - building in parallel and (probably) an
incomplete/incorrect list of dependencies for certain targets. The proposed
solution is to disable parallel builds with crypto submodule for now.
An issue has been raised here: https://github.com/ARMmbed/mbedtls/issues/2634
2019-05-23 03:01:35 -04:00
Andrzej Kurek 87615770c7 all.sh - disable parallelization for shared target tests
Sometimes, when building the shared target with crypto submodule, one could
get an "No rule to make target '../crypto/library/libmbedcrypto.so'" error.
This is due to two reasons - building in parallel and (probably) an
incomplete/incorrect list of dependencies for certain targets. The proposed
solution is to disable parallel builds with crypto submodule for now.
An issue has been raised here: https://github.com/ARMmbed/mbedtls/issues/2634
2019-05-23 03:01:35 -04:00
Andrzej Kurek 324b2f76ca all.sh: unset crypto storage define in a psa full config cmake asan test 2019-05-23 03:01:35 -04:00
Andrzej Kurek 73757080c1 all.sh: unset FS_IO-dependent defines for tests that do not have it 2019-05-23 03:01:35 -04:00
Andrzej Kurek 098b16ca83 curves.pl - change test script to not depend on the implementation
Currently the top-level makefile deploys commands to both Mbed TLS and
the submodule. Running make in the "tests" directory builds only the TLS tests.
The top level CMake on the other hand does not have the "tests" target defined,
so it also cannot be used, hence the raw "make".
2019-05-23 03:01:35 -04:00
Andrzej Kurek 346747cd24 Force the usage of crypto submodule
Remove all.sh tests exercising the optional usage of submodule
2019-05-23 03:01:35 -04:00
Manuel Pégourié-Gonnard 971dea3745 Enable USE_PSA_CRYPTO with config.pl full
Previously it was disabled as too experimental, which no longer holds. Also,
this option introduces new APIs, so it's not only about an internal
alternative (as the comment in config.pl used to state) - people who request a
full config should get all of the available APIs.

Adapt all.sh: now all builds with full config will also test this option, and
builds with the default config will test without it. Just to be sure, let's
have a build with full config minus this option.

Update documentation of MBEDTLS_USE_PSA_CRYPTO to reflect the status of the
new APIs it enables in Mbed TLS and why they're still opt-in.
2019-05-23 03:01:35 -04:00
Manuel Pégourié-Gonnard de7636e2dd Enable MBEDTLS_PSA_CRYPTO_C by default
Also enable it in scripts/config.pl full, as well as two storage options that
were only blacklisted from full config because they depended on
MBEDTLS_PSA_CRYPTO_C.
2019-05-23 03:01:35 -04:00
Manuel Pégourié-Gonnard d8167e85d6 Build from submodule by default (make, cmake)
Adapt tests in all.sh:
- tests with submodule enabled (default) no longer need to enable it
  explicitly, and no longer need runtime tests, as those are now handled by
all other test cases in this script
- tests with submodule disabled (old default) now need to disable it
  explicitly, and execute some runtime tests, as those are no longer tested
anywhere else in this script

Adapt documentation in Readme: remove the section "building with submodule"
and replace it with a new section before the other building sections.
Purposefully don't document how to build not from the submodule, as that
option is going away soon.
2019-05-23 03:01:35 -04:00
Gilles Peskine 9a52cf3d97 list-symbols.sh: if the build fails, print the build transcript
If "make clean lib" fails in list-symbols.sh, print the transcript
from running make.
2019-05-22 18:22:58 +02:00
Gilles Peskine 0c12e308af Document "check-names.sh -v" 2019-05-22 18:22:45 +02:00
Ron Eldor 56f071fb9e Add negative test for malformed SAN
Add a negative test for a malformed SAN extension.
2019-05-22 17:36:58 +03:00
Jaeden Amero 496c176d90
Merge pull request #266 from ARMmbed/psa-policy_alg2-poc
Keys may allow a second algorithm
2019-05-22 11:55:01 +01:00
Gilles Peskine 52315e4c16 Enrollment algorithm in policy: add tests of psa_copy_key 2019-05-21 18:31:59 +02:00
Gilles Peskine 705cbfd802 Enrollment algorithm in policy: add support in psa_copy_key tests
Add parameters to psa_copy_key tests for the enrollment algorithm (alg2).

This commit only tests with alg2=0, which is equivalent to not setting
an enrollment algorithm.
2019-05-21 18:31:59 +02:00
Gilles Peskine 468c96cccc Enrollment algorithm in policy: update persistent key tests
The storage format has changed, so update the test data accordingly.
2019-05-21 17:06:35 +02:00
Gilles Peskine 6fbfdb9e06 Enrollment algorithm in policy: test persistent keys 2019-05-21 17:06:35 +02:00
Gilles Peskine cbce4d8889 Persistent key reload: test more metadata
In the tests for opening a persistent key after closing it, also read
back and check the key data if permitted by policy, and the key
policy.
2019-05-21 17:06:35 +02:00
Gilles Peskine 2c86ebc2f8 EC key pair import: check the buffer size
When importing a private elliptic curve key, require the input to have
exactly the right size. RFC 5915 requires the right size (you aren't
allowed to omit leading zeros). A different buffer size likely means
that something is wrong, e.g. a mismatch between the declared key type
and the actual data.
2019-05-21 17:06:27 +02:00
Gilles Peskine 536e20571a New macro to get the bit size of an elliptic curve 2019-05-21 17:06:03 +02:00
Gilles Peskine ca5bed742f Align test functions to usage/alg parameter order 2019-05-21 17:06:03 +02:00
Gilles Peskine d6f371b1ba Keys may allow a second algorithm
Add a second permitted algorithm to key policies.

This commit includes smoke tests that do not cover psa_copy_key.
2019-05-21 17:06:03 +02:00
Jaeden Amero 3d07ffade2 Merge remote-tracking branch 'tls/development' into development
Resolve conflicts by performing the following operations:
    - Reject changes to files removed during the creation of Mbed Crypto
      from Mbed TLS.
    - Reject the addition of certificates that would not be used by any
      tests, including rejecting the addition of Makefile rules to
      generate these certificates.
    - Reject changes to error.c referencing modules that are not part of
      Mbed Crypto.

* origin/development: (80 commits)
  Style fix
  Fix test data
  Update test data
  Add some negative test cases
  Fix minor issues
  Add ChangeLog entry about listing all SAN
  Remove unneeded whitespaces
  Fix mingw CI failures
  Initialize psa_crypto in ssl test
  Check that SAN is not malformed when parsing
  Documentation fixes
  Fix ChangeLog entry
  Fix missing tls version test failures
  Fix typo
  Fix ChangeLog entry location
  Add changeLog entry
  Add test for export keys functionality
  Add function to retrieve the tls_prf type
  Add tests for the public tls_prf API
  Add public API for tls_prf
  ...
2019-05-21 08:57:44 +01:00
Jaeden Amero 31d1432233 Merge remote-tracking branch 'origin/pr/2530' into development
* origin/pr/2530: (27 commits)
  Style fix
  Fix test data
  Update test data
  Add some negative test cases
  Fix minor issues
  Add ChangeLog entry about listing all SAN
  Check that SAN is not malformed when parsing
  Documentation fixes
  Fix ChangeLog entry
  Fail in case critical crt policy not supported
  Update SAN parsing documentation
  change the type of hardware_module_name member
  Change mbedtls_x509_subject_alternative_name
  Add length checking in certificate policy parsing
  Rephrase x509_crt extension member description
  Rephrase changeLog entries
  Remove redundant memset()
  Propogate error when parsing SubjectAltNames
  Tidy up style in x509_info_subject_alt_name
  Print unparseable SubjectAlternativeNames
  ...
2019-05-20 18:02:25 +01:00
Jaeden Amero 9ebcf9b00a Merge remote-tracking branch 'origin/pr/2538' into development
* origin/pr/2538:
  Remove unneeded whitespaces
  Fix mingw CI failures
  Initialize psa_crypto in ssl test
  Fix missing tls version test failures
  Fix typo
  Fix ChangeLog entry location
  Add changeLog entry
  Add test for export keys functionality
  Add function to retrieve the tls_prf type
  Add tests for the public tls_prf API
  Add public API for tls_prf
  Add eap-tls key derivation in the examples.
  Add ChangeLog entry
  Add an extra key export function
  Have the temporary buffer allocated dynamically
  Zeroize secret data in the exit point
  Add a single exit point in key derivation function
2019-05-20 10:58:36 +01:00
Ron Eldor 76a9c4a81f Fix test data
Fix test data to test what it actually intends to test.
2019-05-20 11:58:59 +03:00
Ron Eldor 8a59d6b964 Update test data
Update the test data for the negative certificate policies
extension tests with correct lengths, to test the correct behaviour.
Add another test.
2019-05-19 14:11:20 +03:00
Gilles Peskine 35ef36b62f Rename psa_generate_random_key back to psa_generate_key
generate_key is a more classical name. The longer name was only
introduced to avoid confusion with getting a key from a generator,
which is key derivation, but we no longer use the generator
terminology so this reason no longer applies.

perl -i -pe 's/psa_generate_random_key/psa_generate_key/g' $(git ls-files)
2019-05-17 10:56:57 +02:00
Gilles Peskine c93b80c350 Rename *KEYPAIR* to *KEY_PAIR*
Be consistent with PUBLIC_KEY.

perl -i -pe 's/KEYPAIR/KEY_PAIR/g' $(git ls-files)
2019-05-17 10:56:57 +02:00
Gilles Peskine dcaefae849 Parametrize Diffie-Hellman keys by a group identifier
Parametrize finite-field Diffie-Hellman key types with a DH group
identifier, in the same way elliptic curve keys are parametrized with
an EC curve identifier.

Define the DH groups from the TLS registry (these are the groups from
RFC 7919).

Replicate the macro definitions and the metadata tests from elliptic
curve identifiers to DH group identifiers.

Define PSA_DH_GROUP_CUSTOM as an implementation-specific extension for
which domain parameters are used to specify the group.
2019-05-16 19:51:10 +02:00
Gilles Peskine be697d8324 Shorten the name of psa_key_agreement_raw_shared_secret
There is less of a risk of confusion with the KA+KDF function now.
2019-05-16 18:55:25 +02:00
Gilles Peskine cf7292e257 Wrap and reindent some lines
After renaming several identifiers, re-wrap and re-indent some lines
to make the code prettier.
2019-05-16 18:55:25 +02:00
Gilles Peskine 51ae0e4b79 Rename "generator" to "operation"
Generators are now key derivation operations.

Keep "random generator" intact.
2019-05-16 18:55:25 +02:00
Gilles Peskine cbe6650394 Rename generator-related internal identifiers
perl -pe 's/crypto_generator/key_derivation/gi' $(git ls-files)
    perl -pe 's/_generator/_key_derivation/gi' $(git ls-files)
2019-05-16 18:55:25 +02:00
Gilles Peskine 03410b5c5f Rename PSA_KDF_STEP_xxx -> PSA_KEY_DERIVATION_INPUT_xxx
More consistent with the new function names.
2019-05-16 18:55:25 +02:00
Gilles Peskine a99d3fbd05 Rename generator functions to psa_key_derivation_xxx
Generators are mostly about key derivation (currently: only about key
derivation). "Generator" is not a commonly used term in cryptography.
So favor "derivation" as terminology. Call a generator a key
derivation operation structure, since it behaves like other multipart
operation structures. Furthermore, the function names are not fully
consistent.

In this commit, I rename the functions to consistently have the prefix
"psa_key_derivation_". I used the following command:

    perl -i -pe '%t = (
        psa_crypto_generator_t => "psa_key_derivation_operation_t",
        psa_crypto_generator_init => "psa_key_derivation_init",
        psa_key_derivation_setup => "psa_key_derivation_setup",
        psa_key_derivation_input_key => "psa_key_derivation_input_key",
        psa_key_derivation_input_bytes => "psa_key_derivation_input_bytes",
        psa_key_agreement => "psa_key_derivation_key_agreement",
        psa_set_generator_capacity => "psa_key_derivation_set_capacity",
        psa_get_generator_capacity => "psa_key_derivation_get_capacity",
        psa_generator_read => "psa_key_derivation_output_bytes",
        psa_generate_derived_key => "psa_key_derivation_output_key",
        psa_generator_abort => "psa_key_derivation_abort",
        PSA_CRYPTO_GENERATOR_INIT => "PSA_KEY_DERIVATION_OPERATION_INIT",
        PSA_GENERATOR_UNBRIDLED_CAPACITY => "PSA_KEY_DERIVATION_UNLIMITED_CAPACITY",
        ); s/\b(@{[join("|", keys %t)]})\b/$t{$1}/ge' $(git ls-files)
2019-05-16 18:55:21 +02:00
Jaeden Amero d35249e66f
Merge pull request #109 from gilles-peskine-arm/psa-key_attributes-set_persistent
Individual setters for persistent key attributes
2019-05-16 17:28:53 +01:00
Jaeden Amero 99e8d26a75
Merge pull request #104 from gilles-peskine-arm/psa-global_key_id
Make key ids global and define their range
2019-05-16 17:11:59 +01:00
Ron Eldor 11818f2c17 Add some negative test cases
Add some invalid certificate tests for certifiate policies extension.
2019-05-16 18:17:02 +03:00
Jaeden Amero 16ab39102e
Merge pull request #102 from gilles-peskine-arm/psa-aead_multipart-delay
Multipart AEAD buffer output sizes
2019-05-16 13:34:21 +01:00
Jaeden Amero 76be7f9c70
Merge pull request #108 from gilles-peskine-arm/psa-copy_key-policy
Add policy usage flag to copy a key
2019-05-16 12:08:13 +01:00
Jaeden Amero 826e326d2e
Merge pull request #107 from gilles-peskine-arm/psa-curve_size_macro
PSA: EC curve size macro
2019-05-16 11:59:41 +01:00
Gilles Peskine c9d910bed6 EC key pair import: check the buffer size
When importing a private elliptic curve key, require the input to have
exactly the right size. RFC 5915 requires the right size (you aren't
allow to omit leading zeros). A different buffer size likely means
that something is wrong, e.g. a mismatch between the declared key type
and the actual data.
2019-05-16 00:18:48 +02:00
Gilles Peskine 6c9514427b New macro to get the bit size of an elliptic curve 2019-05-16 00:16:46 +02:00
Gilles Peskine 049c7535af Split long lines after psa_import_key refactoring 2019-05-15 23:16:07 +02:00
Gilles Peskine 73676cbc50 Put handle parameter last: psa_import_key
In psa_import_key, change the order of parameters to pass
the pointer where the newly created handle will be stored last.
This is consistent with most other library functions that put inputs
before outputs.
2019-05-15 23:16:07 +02:00
Gilles Peskine 98dd779eb5 Put handle parameter last: psa_generate_derived_key
In psa_generate_derived_key, change the order of parameters to pass
the pointer where the newly created handle will be stored last.
This is consistent with most other library functions that put inputs
before outputs.
2019-05-15 20:15:31 +02:00
Gilles Peskine dd835cbea6 Add a few tests for persistent attributes
psa_set_key_lifetime and psa_set_key_id aren't pure setters: they also
set the other attribute in some conditions. Add dedicated tests for
this behavior.
2019-05-15 19:14:05 +02:00
Gilles Peskine c87af66325 Replace psa_make_key_persistent by id/lifetime setters in tests
Remove all internal uses of psa_make_key_persistent.
2019-05-15 19:14:05 +02:00
Gilles Peskine f9fbc38e66 Declare key id 0 as invalid
In keeping with other integral types, declare 0 to be an invalid key
identifier.

Documented, implemented and tested.
2019-05-15 18:42:09 +02:00
Gilles Peskine 13f97dc164 all.sh: invoke check-names.sh in print-trace-on-exit mode 2019-05-15 17:55:33 +02:00
Gilles Peskine 36428d34c9 Print a command trace if the check-names.sh exits unexpectedly
We've observed that sometimes check-names.sh exits unexpectedly with
status 2 and no error message. The failure is not reproducible. This
commits makes the script print a trace if it exits unexpectedly.
2019-05-15 17:29:15 +02:00
Ron Eldor 6b9b1b88fb Initialize psa_crypto in ssl test
Call `psa_crypto_init()` in `tls_prf` ssl test in case
`MBEDTLS_USE_PSA_CRYPTO` is defined since tls_prf may use psa crypto.
2019-05-15 17:04:33 +03:00
Ron Eldor d2f25f7ea8 Fix missing tls version test failures
Add checks for tls_prf tests with the relevant tls version configuration.
2019-05-15 14:54:22 +03:00
Ron Eldor f75e252909 Add test for export keys functionality
Add test in `ssl-opts.sh` that the export keys callback
is actually called.
2019-05-15 13:57:39 +03:00
Ron Eldor 824ad7b351 Add tests for the public tls_prf API
Add tests for `mbedtls_ssl_tls_prf` wiht and without
the function types dependencies.
2019-05-15 13:57:39 +03:00
Gilles Peskine 003a4a97d3 Use PSA_AEAD_{ENCRYPT,DECRYPT}_OUTPUT_SIZE in tests 2019-05-14 16:11:07 +02:00
Gilles Peskine c160d9ec83 psa_copy_key: enforce PSA_KEY_USAGE_COPY
Implement the check and add a negative test.
2019-05-14 14:32:03 +02:00
Gilles Peskine f9f4a4849c Update psa_copy_key tests to use PSA_KEY_USAGE_COPY
Pass the new flag to the existing tests and add a few more test cases
to explore more variations of flag sets.
2019-05-14 14:24:49 +02:00
Jaeden Amero 81f9539037
Merge pull request #105 from ARMmbed/test-link-seedfile-02
Add a link to the seedfile for out-of-tree cmake builds
2019-05-14 08:42:46 +01:00
Ron Eldor 890819a597 Change mbedtls_x509_subject_alternative_name
Make `mbedtls_x509_subject_alternative_name` to be a single item
rather than a list. Adapt the subject alternative name parsing function,
to receive a signle `mbedtls_x509_buf` item from the subject_alt_names
sequence of the certificate.
2019-05-13 19:23:07 +03:00
Jaeden Amero 1fe90fab30
Merge pull request #101 from gilles-peskine-arm/psa-key_attributes-verify_attributes
Check unused attributes in import and copy
2019-05-13 11:48:40 +01:00
Janos Follath 22f605fbab Print unparseable SubjectAlternativeNames
In x509_info_subject_alt_name() we silently dropped names that we
couldn't parse because they are not supported or are malformed. (Being
malformed might mean damaged file, but can be a sign of incompatibility
between applications.)

This commit adds code notifying the user that there is something, but
we can't parse it.
2019-05-10 10:57:44 +01:00
Ron Eldor 3c4734a2a5 Add Wisun Fan device certificate
Add certificate with Wisun fan device extended key usage,
support parsing it and add tests.
2019-05-07 17:06:47 +03:00
Ron Eldor 74d9acc144 Add support for certificate policies extension
Add support for certificate policies, as defined in rfc 5280.
Currently support only `anyPolicy` policy.
2019-05-07 17:05:45 +03:00
Ron Eldor b2dc3fa72e Suppport otherName of type hardware module name
Add support of parsing of subject alternative name, of type otherName.
Currently supports only hardware module name, as defined in rfc 4108.
2019-05-07 17:04:57 +03:00
Gilles Peskine f9666595e1 Implement and test the new key identifier range
Only allow creating keys in the application (user) range. Allow
opening keys in the implementation (vendor) range as well.

Compared with what the implementation allowed, which was undocumented:
0 is now allowed; values from 0x40000000 to 0xfffeffff are now
forbidden.
2019-05-06 18:56:30 +02:00
Gilles Peskine 225010fdf7 Remove lifetime parameter from psa_open_key
Change the scope of key identifiers to be global, rather than
per lifetime. As a result, you now need to specify the lifetime of a
key only when creating it.
2019-05-06 18:52:22 +02:00
Gilles Peskine ee32cd4af6 Slot management tests: more robust storage purge
Record what key ids have been used in a test case and purge them. The
cleanup code no longer requires the key identifiers used in the tests
to be in a certain small range.
2019-05-06 18:39:37 +02:00
Jack Lloyd 3ded1c81b1 Test the return value in the OID->X.509 map functions 2019-05-06 12:16:32 -04:00
Jack Lloyd 5ed7fff8ce Add a test of the OID->MD map functions 2019-05-06 12:16:18 -04:00
Jack Lloyd 5d9c9636fa Add support for RSA PKCSv1.5 signatures using RIPEMD-160 2019-05-06 12:15:17 -04:00
Gilles Peskine 26869f2d9b Implement ChaCha20 and ChaCha20-Poly1305
Smoke tests: test data for ChaCha20 calculated with PyCryptodome; test
vector from RFC 7539 for ChaCha20-Poly1305.
2019-05-06 15:59:44 +02:00
Gilles Peskine 3e79c8ecfd Declare ChaCha20 cipher and AEAD
Declare algorithms for ChaCha20 and ChaCha20-Poly1305, and a
corresponding (common) key type.

Don't declare Poly1305 as a separate algorithm because it's a one-time
authenticator, not a MAC, so the API isn't suitable for it (no way to
use a nonce).
2019-05-06 15:59:44 +02:00
Gilles Peskine 423005ea93 Cipher tests: pass the IV from the test data
Don't hard-code an IV in cipher test functions. It restricts what can
be used as test data.
2019-05-06 15:59:44 +02:00
Gilles Peskine 679693ee49 Algorithm encoding: add flag bit PSA_ALG_AEAD_FROM_BLOCK_FLAG
Make it easy to distinguish generic constructions on top of block
ciphers, such as CCM or GCM, from specialized algorithms such as
Chacha20-Poly1305.
2019-05-06 15:10:16 +02:00
Andrzej Kurek d8cf464f7d Add a link to the seedfile for out-of-tree cmake builds 2019-05-06 07:24:02 -04:00
Gilles Peskine 4a6446482a Test psa_copy_key with wrong type or size in attributes
Split the test function copy_key into two: one for success and one for
failure.

Add failure tests where the attributes specify an incorrect type or size.
2019-05-03 17:14:08 +02:00
Gilles Peskine 8fb3a9ead4 Test psa_import_key: test for size in attributes
Add tests where psa_import_key is called with attributes specifying an
incorrect size.
2019-05-03 16:59:21 +02:00
Adrian L. Shaw 5a5a79ae2a Rename psa_generate_key() and psa_generator_import_key() 2019-05-03 15:44:28 +01:00
Jaeden Amero 8bf196b303
Merge pull request #98 from yanesca/curve25519_negative_tests
Curve25519 negative tests
2019-05-02 09:16:35 +01:00
Jaeden Amero 75d9a333ce Merge remote-tracking branch 'origin/pr/1633' into development
* origin/pr/1633: (26 commits)
  Fix uninitialized variable access in debug output of record enc/dec
  Adapt PSA code to ssl_transform changes
  Ensure non-NULL key buffer when building SSL test transforms
  Catch errors while building SSL test transforms
  Use mbedtls_{calloc|free}() in SSL unit test suite
  Improve documentation of mbedtls_record
  Adapt record length value after encryption
  Alternative between send/recv transform in SSL record test suite
  Fix memory leak on failure in test_suite_ssl
  Rename ssl_decrypt_buf() to mbedtls_ssl_decrypt_buf() in comment
  Add record encryption/decryption tests for ARIA to SSL test suite
  Improve documentation of mbedtls_ssl_transform
  Double check that record expansion is as expected during decryption
  Move debugging output after record decryption
  Add encryption/decryption tests for small records
  Add tests for record encryption/decryption
  Reduce size of `ssl_transform` if no MAC ciphersuite is enabled
  Remove code from `ssl_derive_keys` if relevant modes are not enabled
  Provide standalone version of `ssl_decrypt_buf`
  Provide standalone version of `ssl_encrypt_buf`
  ...
2019-05-02 09:08:43 +01:00
Jaeden Amero 7b3603c6d8 Merge remote-tracking branch 'tls/development' into development
Resolve merge conflicts by performing the following actions:

- Reject changes to deleted files.
- Reject changes to generate_errors.pl and generate_visualc_files.pl.
  Don't add an 'include-crypto' option which would attempt to use the
  non-existent crypto submodule.
- list-identifiers.sh had the `--internal` option added to it, which
  lists identifiers only in internal headers. Add PSA-specific internal
  headers to list-identifiers.sh.

* origin/development: (40 commits)
  Document the scripts behaviour further
  Use check_output instead of Popen
  all.sh: Require i686-w64-mingw32-gcc version >= 6
  generate_visualc_files.pl: add mbedtls source shadowing by crypto
  generate_errors.pl: refactor and simplify the code
  Start unused variable with underscore
  Correct documentation
  generate_errors.pl: typo fix
  revert changes to generate_features.pl and generate_query_config.pl
  Check that the report directory is a directory
  Use namespaces instead of full classes
  Fix pylint issues
  Don't put abi dumps in subfolders
  Add verbose switch to silence all output except the final report
  Fetch the remote crypto branch, rather than cloning it
  Prefix internal functions with underscore
  Add RepoVersion class to make handling of many arguments easier
  Reduce indentation levels
  Improve documentation
  Use optional arguments for setting repositories
  ...
2019-05-01 14:12:43 +01:00
Janos Follath 05a708f7e2 Add negative tests for Curve25519
If we provide low order element as a public key and the implementation
maps the point in infinity to the origin, we can force the common secret
to be zero.

According to the standard (RFC 7748) this is allowed but in this case
the primitive must not be used in a protocol that requires contributory
behaviour.

Mbed Crypto returns an error when the result is the point in the
infinity and does not map it to the origin. This is safe even if used in
protocols that require contributory behaviour.

This commit adds test cases that verify that Mbed Crypto returns an
error when low order public keys are processed.

The low order elements in the test cases were taken from this website:
https://cr.yp.to/ecdh.html
2019-04-30 14:58:15 +01:00
Janos Follath 182b0b9966 Add test for ECP multiplication
The tests we had for ECP point multiplication were tailored for test
vectors symulating crypto operations and tested a series of operations
against public test vectors.

This commit adds a test function that exercises a single multiplication.
This is much better suited for negative testing than the preexisting
test.

Only one new test case is added that exercises a fraction of an existing
test, just to make sure that the test is consistent with the existing
test functions.
2019-04-30 14:53:49 +01:00
Manuel Pégourié-Gonnard df2bfcfe57 Use 'config.pl baremetal' in all.sh 2019-04-29 12:44:12 +02:00
Gilles Peskine aa02c17dfa Add buffer size macro for psa_get_key_domain_parameters 2019-04-28 11:48:29 +02:00
Gilles Peskine e56e878207 Remove extra parameter from psa_generate_key
Read extra data from the domain parameters in the attribute structure
instead of taking an argument on the function call.

Implement this for RSA key generation, where the public exponent can
be set as a domain parameter.

Add tests that generate RSA keys with various public exponents.
2019-04-26 17:37:50 +02:00
Gilles Peskine a1ace9c494 Call psa_reset_key_attributes after psa_get_key_attributes
After calling psa_get_key_attributes(), call
psa_reset_key_attributes() if the key may have domain parameters,
because that's the way to free the domain parameter substructure in
the attribute structure. Keep not calling reset() in some places where
the key can only be a symmetric key which doesn't have domain
parameters.
2019-04-26 16:15:31 +02:00
Gilles Peskine 3a4f1f8e46 Set the key size as an attribute
Instead of passing a separate parameter for the key size to
psa_generate_key and psa_generator_import_key, set it through the
attributes, like the key type and other metadata.
2019-04-26 13:49:28 +02:00
Hanno Becker 78d1f70ab6 Ensure non-NULL key buffer when building SSL test transforms 2019-04-25 12:58:21 +01:00
Hanno Becker a5780f1993 Catch errors while building SSL test transforms 2019-04-25 12:58:21 +01:00
Hanno Becker 3ee5421f9c Use mbedtls_{calloc|free}() in SSL unit test suite 2019-04-25 12:58:21 +01:00
Hanno Becker 907ab20b38 Alternative between send/recv transform in SSL record test suite 2019-04-25 12:58:21 +01:00
Hanno Becker 81e16a34f5 Fix memory leak on failure in test_suite_ssl 2019-04-25 12:58:21 +01:00
Hanno Becker d0fa2d7563 Add record encryption/decryption tests for ARIA to SSL test suite 2019-04-25 12:58:21 +01:00
Hanno Becker b3268dac00 Add encryption/decryption tests for small records
This commit adds tests to check the behavior of the record encryption
routine `ssl_encrypt_buf` when the buffer surrounding the plaintext is
too small to hold the expansion in the beginning and end (due to IV's,
padding, and MAC).

Each test starts successively increases the space available at the
beginning, end, or both, of the record buffer, and checks that the
record encryption either fails with a BUFFER_TOO_SMALL error, or
that it succeeds. Moreover, if it succeeds, it is checked that
decryption succeeds, too, and results in the original record.
2019-04-25 12:58:21 +01:00
Hanno Becker a18d1320da Add tests for record encryption/decryption
This commit adds tests exercising mutually inverse pairs of
record encryption and decryption transformations for the various
transformation types allowed in TLS: Stream, CBC, and AEAD.
2019-04-25 12:58:21 +01:00
Jaeden Amero dfcf84aea5 tests: Update generator with Mbed Crypto comments
Update comments in the top of the test code generator script with the
name of the parent project.
2019-04-25 11:46:21 +01:00
Jaeden Amero ef24980e66 Remove unused test data files 2019-04-25 11:46:21 +01:00
Jaeden Amero bb1f701212 config: Remove X.509 options
Note that this fails check-names.sh because options that TLS and X.509
files use are no longer present in config.h.
2019-04-25 11:46:21 +01:00
Jaeden Amero 1c66e48670 config: Remove TLS and NET options
Remove TLS and NET options from config files and scripts.

Note that this fails check-names.sh because options that TLS and NET
files use are no longer present in config.h.
2019-04-25 11:46:21 +01:00
Jaeden Amero 7fcc7bc576 check-names: Enable referencing Mbed TLS macros
Add a macro whitelist which enables us to refer to Mbed TLS macros that
are no longer present in Mbed Crypto.
2019-04-25 11:46:21 +01:00
Jaeden Amero 1ad37309e4 Remove irrelevant configs
Remove configuration files that are TLS-specific or otherwise not
relevant to a pure-crypto library.
2019-04-25 11:46:21 +01:00
Jaeden Amero 8298d70bee Only build libmbedcrypto
Update build scripts and tools to only build or update libmbedcrypto.
2019-04-25 11:46:21 +01:00
Jaeden Amero 986a15199d programs, tests: Depend only on libmbedcrypto
Update the tests and programs to depend only on libmbedcrypto, since
we'll soon only build libmbedcrypto.
2019-04-25 11:46:21 +01:00
Jaeden Amero 0688e4f266 Remove programs that depend on TLS or X.509 2019-04-25 11:46:08 +01:00
Gilles Peskine 2c2cf0e36d Update remaining test cases to use key attributes
Finish updating the tests to use psa_key_attributes_t and
psa_import_key instead of psa_key_policy_t and
psa_import_key_to_handle.
2019-04-24 15:47:30 +02:00
Gilles Peskine 4440688a69 Update key management tests to use attributes
Remove test cases which are no longer relevant because they involve a
slot which is allocated but not filled with key material.
2019-04-24 15:47:29 +02:00
Gilles Peskine 34e23d2109 Persistent key gray-box tests: add test cases with restart
Also test the behavior if the crypto subsystem is restarted after
creating the persistent key.
2019-04-24 15:46:04 +02:00
Gilles Peskine 5c648abe44 Update persistent_key_load_key_from_storage to use attributes
Update persistent_key_load_key_from_storage to the new attribute-based
key creation interface. I tweaked the code a little to make it simpler
and more robust without changing the core logic.
2019-04-24 15:46:04 +02:00
Gilles Peskine ca25db91f5 Update copy_key tests to the new attribute-based interface 2019-04-24 15:46:04 +02:00
Gilles Peskine 4cf3a43dbd Simplify and expand invalid-handle tests
Simplify invalid-handle tests and make them test more things. Call
these tests in several test functions after destroying a key.
2019-04-24 15:46:04 +02:00
Gilles Peskine c4344042f4 Remove tests for empty slots
With the attribute-based key creation API, it is no longer possible to
have a handle to a slot that does not hold key material. Remove all
corresponding tests.
2019-04-24 15:46:04 +02:00
Gilles Peskine 8c8f2ab66b Implement psa_get_key_attributes
Implement attribute querying.

Test attribute getters and setters. Use psa_get_key_attributes instead
of the deprecated functions psa_get_key_policy or
psa_get_key_information in most tests.
2019-04-24 15:46:04 +02:00
Gilles Peskine ff5f0e7221 Implement atomic-creation psa_{generate,generator_import}_key
Implement the new, attribute-based psa_generate_key and
psa_generator_import_key.
2019-04-24 15:46:03 +02:00
Gilles Peskine 4747d19d18 Implement atomic-creation psa_import_key
Implement the new, attribute-based psa_import_key and some basic
functions to access psa_key_attributes_t. Replace
psa_import_key_to_handle by psa_import_key in a few test functions.

This commit does not handle persistence attributes yet.
2019-04-24 15:45:50 +02:00
Gilles Peskine 87a5e565f4 Rename functions that inject key material to an allocated handle
This commit starts a migration to a new interface for key creation.
Today, the application allocates a handle, then fills its metadata,
and finally injects key material. The new interface fills metadata
into a temporary structure, and a handle is allocated at the same time
it gets filled with both metadata and key material.

This commit was obtained by moving the declaration of the old-style
functions to crypto_extra.h and renaming them with the to_handle
suffix, adding declarations for the new-style functions in crypto.h
under their new name, and running

    perl -i -pe 's/\bpsa_(import|copy|generator_import|generate)_key\b/$&_to_handle/g' library/*.c tests/suites/*.function programs/psa/*.c
    perl -i -pe 's/\bpsa_get_key_lifetime\b/$&_from_handle/g' library/*.c tests/suites/*.function programs/psa/*.c

Many functions that are specific to the old interface, and which will
not remain under the same name with the new interface, are still in
crypto.h for now.

All functional tests should still pass. The documentation may have
some broken links.
2019-04-24 15:24:45 +02:00
Jaeden Amero 1cd7bea2b1 Merge remote-tracking branch 'origin/pr/2586' into development
* origin/pr/2586:
  all.sh: Require i686-w64-mingw32-gcc version >= 6
2019-04-24 11:23:54 +01:00
Jaeden Amero 9679cb48d5 Merge remote-tracking branch 'origin/pr/2549' into development
* origin/pr/2549:
  Document the scripts behaviour further
  Add --internal option to list-identifiers.sh
2019-04-24 11:22:24 +01:00
Darryl Green 1ae4886c82 Document the scripts behaviour further 2019-04-18 13:09:25 +01:00
Jaeden Amero d874a1fd14 Remove zlib
The library no longer uses zlib, so we can remove the option to build
with zlib.
2019-04-18 10:32:56 +01:00
Jaeden Amero d832f187f7 Remove pkcs11-helper option
In preparation for removing X.509 and PKCS11 from Mbed Crypto, remove
pkcs11-helper. It won't be relevant after X.509 and PKCS11 are removed.
2019-04-18 10:32:56 +01:00
Gilles Peskine 882e57ecba psa_constant_names: support key agreement algorithms 2019-04-18 09:42:21 +02:00
Gilles Peskine f8a9d942a5 Test multipart key agreement with ECDH+HKDF
Basic coverage with one algorithm only and a restricted choice of
output lengths.
2019-04-18 09:42:21 +02:00
Gilles Peskine f0cba73b99 New test function for raw agreement
Change test cases with test data for raw agreement to this new test
function.
2019-04-18 09:42:21 +02:00
Gilles Peskine f8831c27f3 Remove obsolete test case "ECDH-only public key"
Since the format change for EC public key import from
SubjectPublicKeyInfo to the ECPoint content, it is no longer possible
to import a key with metadata marking it as ECDH-only. This test was
converted systematically but now no longer has any purpose since the
public key is now like any other public key.
2019-04-18 09:42:21 +02:00
Gilles Peskine 77f40d83c1 Quick fix of key agreement setup tests for the new derivation API
Allow either the key derivation step or the key agreement step to
fail.

These tests should be split into three groups: key derivation setup
tests with an algorithm that includes a key agreement step, and
multipart key agreement failure tests, and raw key agreement failure
tests.
2019-04-18 09:42:21 +02:00
Gilles Peskine 04ee2d2295 Update key agreement policy tests for the new derivation API
Separate test functions for raw key agreement and key agreement with
KDF.
2019-04-18 09:42:21 +02:00
Gilles Peskine 2e46e9cf21 Add exercise_key for raw key agreement 2019-04-18 09:42:21 +02:00
Jaeden Amero 117b8a4516 all.sh: Require i686-w64-mingw32-gcc version >= 6
Require mingw gcc version 6 or greater in order to ensure
BCryptGenRandom() is available.
2019-04-17 15:23:17 +01:00
Jaeden Amero 521dbc67da Merge remote-tracking branch 'tls/development' into development
Merge Mbed TLS at f790a6cbee into Mbed Crypto.

Resolve conflicts by performing the following:
    - Reject changes to README.md
    - Don't add crypto as a submodule
    - Remove test/ssl_cert_test from programs/Makefile
    - Add cipher.nist_kw test to tests/CMakeLists.txt
    - Reject removal of crypto-specific all.sh tests
    - Reject update to SSL-specific portion of component_test_valgrind
      in all.sh
    - Reject addition of ssl-opt.sh testing to component_test_m32_o1 in
      all.sh

* tls/development: (87 commits)
  Call mbedtls_cipher_free() to reset a cipher context
  Don't call mbedtls_cipher_setkey twice
  Update crypto submodule
  Minor fixes in get certificate policies oid test
  Add certificate policy oid x509 extension
  cpp_dummy_build: Add missing header psa_util.h
  Clarify comment mangled by an earlier refactoring
  Add an "out-of-box" component
  Run ssl-opt.sh on 32-bit runtime
  Don't use debug level 1 for informational messages
  Skip uncritical unsupported extensions
  Give credit to OSS-Fuzz for #2404
  all.sh: remove component_test_new_ecdh_context
  Remove crypto-only related components from all.sh
  Remove ssl_cert_test sample app
  Make CRT callback tests more robust
  Rename constant in client2.c
  Document and test flags in x509_verify
  Fix style issues and a typo
  Fix a rebase error
  ...
2019-04-17 12:12:24 +01:00
Jaeden Amero f790a6cbee Merge remote-tracking branch 'origin/pr/2536' into development
* origin/pr/2536:
  Update crypto submodule
  Minor fixes in get certificate policies oid test
  Add certificate policy oid x509 extension
2019-04-17 10:52:54 +01:00
Jaeden Amero 5c7915b0ed Merge remote-tracking branch 'origin/pr/2582' into development
* origin/pr/2582:
  Call mbedtls_cipher_free() to reset a cipher context
  Don't call mbedtls_cipher_setkey twice
2019-04-17 10:46:45 +01:00
Jaeden Amero c41a3285de Merge remote-tracking branch 'origin/pr/2559' into development
* origin/pr/2559:
  Clarify comment mangled by an earlier refactoring
  Add an "out-of-box" component
  Run ssl-opt.sh on 32-bit runtime
2019-04-16 15:09:42 +01:00
Jaeden Amero 7a1c4eb826 Merge remote-tracking branch 'origin/pr/2567' into development
* origin/pr/2567:
  Don't use debug level 1 for informational messages
2019-04-16 15:08:39 +01:00
Gilles Peskine 424840e033 Call mbedtls_cipher_free() to reset a cipher context
mbedtls_cipher_reset() only restarts the operation, it doesn't
dissociate the key from the context.
2019-04-16 16:06:34 +02:00
Jaeden Amero fe7106755e Merge remote-tracking branch 'origin/pr/2539' into development
Resolve conflicts by performing the following:
  - Ensure calls to mbedtls_x509_crt_verify_* are made with callbacks

* origin/pr/2539:
  Make CRT callback tests more robust
  Rename constant in client2.c
  Fix typo
  Add test for configuration specific CRT callback
  Fix doxygen documentation of mbedtls_ssl_set_verify()
  Add test exercising context-specific CRT callback to ssl-opt.sh
  Add cmd to use context-specific CRT callback in ssl_client2
  Implement context-specific verification callbacks
  Add context-specific CRT verification callbacks
  Improve documentation of mbedtls_ssl_conf_verify()
2019-04-16 15:05:18 +01:00
Jaeden Amero ff34d43720 Merge remote-tracking branch 'origin/pr/2532' into development
* origin/pr/2532: (29 commits)
  Document and test flags in x509_verify
  Fix style issues and a typo
  Fix name to function call
  Address comments for x509 tests
  Address review comments regarding ssl_client2 and ssl tests
  Remove mbedtls_ from the static function name
  Change docs according to review comments
  Change the verify function naming
  Fix ssl_client2 and ssl_server2 if !PLATFORM_C
  Correct placement of usage macro in ssl_client2
  Update version_features.c
  Remove trailing whitespace in test_suite_x509parse.function
  Update query_config.c
  Add ssl-opt.sh tests for trusted CA callbacks
  Only run X.509 CRT verification tests with CA callback tests if !CRL
  Minor fixes to CA callback tests
  Declare CA callback type even if feature is disabled
  Implement X.509 CRT verification using CA callback
  Add prototype for CRT verification with static and dynamic CA list
  Make use of CA callback if present when verifying peer CRT chain
  ...
2019-04-16 14:42:11 +01:00
Jaeden Amero 24c71d3a5c Merge remote-tracking branch 'origin/pr/2502' into development
* origin/pr/2502:
  all.sh: remove component_test_new_ecdh_context
  Remove crypto-only related components from all.sh
2019-04-16 14:41:20 +01:00
Jaeden Amero 137c5b7297 Merge remote-tracking branch 'origin/pr/2477' into development
* origin/pr/2477:
  Fix typo in data_file generator code
2019-04-16 14:38:58 +01:00
Gilles Peskine 139ec3b913 Don't call mbedtls_cipher_setkey twice
The documentation doesn't explicitly say whether it's allowed or not.
This currently works with the default software implementation, but
only by accident. It isn't guaranteed to work with new ciphers or with
alternative implementations of individual ciphers, and it doesn't work
with the PSA wrappers. So don't do it.
2019-04-16 15:25:20 +02:00
Ron Eldor 685a398a6b Minor fixes in get certificate policies oid test
1. Remove irrelevant  dependency on `MBEDTLS_ASN1_WRITE_C`.
2. Remove whitespace between `*` and parameter.
2019-04-16 13:26:54 +03:00
Ron Eldor e82341646a Add certificate policy oid x509 extension
Add the `MBEDTLS_OID_X509_EXT_CERTIFICATE_POLICIES` to the list
of supported x509 extensions, in `mbedtls_oid_get_x509_ext_type()`.
2019-04-16 13:26:54 +03:00
Gilles Peskine f1349e4bfe Clarify comment mangled by an earlier refactoring 2019-04-10 18:41:53 +02:00
Gilles Peskine 7832c9fc3d Add an "out-of-box" component
Just run `make` and `make test`. And `selftest` for good measure.
2019-04-10 18:41:53 +02:00
Gilles Peskine 4b317616eb Run ssl-opt.sh on 32-bit runtime
Run ssl-opt.sh on x86_32 with ASan. This may detect bugs that only
show up on 32-bit platforms, for example due to size_t overflow.

For this component, turn off some memory management features that are
not useful, potentially slow, and may reduce ASan's effectiveness at
catching buffer overflows.
2019-04-10 18:41:53 +02:00
Hanno Becker 4c8c7aa95e Don't use debug level 1 for informational messages 2019-04-10 09:26:53 +01:00
Gilles Peskine 1e2730b9b1 Update usage of PSA_ALG_ECDH so that test_suite_psa_crypto compiles 2019-04-09 12:25:23 +02:00
Gilles Peskine 3135184cfc Merge remote-tracking branch 'upstream-crypto/development' into psa-api-beta2-merge-development
Merge the Mbed Crypto development branch a little after
mbedcrypto-1.0.0 into the PSA Crypto API 1.0 beta branch a little
after beta 2.

Summary of merge conflicts:

* Some features (psa_copy_key, public key format without
  SubjectPublicKeyInfo wrapping) went into both sides, but with a few
  improvements on the implementation side. For those, take the
  implementation side.
* The key derivation API changed considerably on the API side. This
  merge commit generally goes with the updated API except in the tests
  where it keeps some aspects of the implementation.

Due to the divergence between the two branches on key derivation and
key agreement, test_suite_psa_crypto does not compile. This will be
resolved in subsequent commits.
2019-04-09 12:00:00 +02:00
Andrzej Kurek 4a8d2dfdd6 all.sh: remove component_test_new_ecdh_context
Remove the ecdh_context component to have it only in the crypto repository
2019-04-08 06:20:00 -04:00
Andrzej Kurek cd9286f1ca Remove crypto-only related components from all.sh 2019-04-08 05:49:08 -04:00
Janos Follath 4031b314ed Make CRT callback tests more robust 2019-04-05 16:50:39 +01:00
Janos Follath 846ae7a70d Document and test flags in x509_verify 2019-04-05 16:45:01 +01:00
Janos Follath d7ecbd6914 Fix style issues and a typo 2019-04-05 16:44:42 +01:00
Jaeden Amero aa3402018e Merge remote-tracking branch 'origin/pr/2535' into development
* origin/pr/2535:
  Add Wisun Fan device extended key usage
2019-04-05 14:36:08 +01:00
Jaeden Amero 7c1e6193af Merge remote-tracking branch 'origin/pr/2464' into development
* origin/pr/2464:
  Allow main() to lack a docstring.
  Silence pylint
  check-files.py: readability improvement in permission check
  check-files.py: use class fields for class-wide constants
  check-files.py: clean up class structure
  abi_check.py: Document more methods
  check-files.py: document some classes and methods
  Fix pylint errors going uncaught
  Call pylint3, not pylint
  New, documented pylint configuration
2019-04-05 14:19:09 +01:00
Jaeden Amero d192ba4ef1 Merge remote-tracking branch 'origin/pr/2463' into development
* origin/pr/2463:
  Fix a rebase error
  Wrap lines at 80 columns
  Add NIST keywrap as a cipher mode
  Fix errors in AEAD test function
2019-04-05 14:15:40 +01:00
Jaeden Amero 62ab1f9961 Merge remote-tracking branch 'origin/pr/2405' into development
* origin/pr/2405:
  Fix ChangeLog entry ordering
  Fix typo
  Add non-regression test for buffer overflow
  Improve documentation of mbedtls_mpi_write_string()
  Adapt ChangeLog
  Fix 1-byte buffer overflow in mbedtls_mpi_write_string()
2019-04-05 14:08:49 +01:00
Darryl Green 383d1fa6a5 Add --internal option to list-identifiers.sh
When doing ABI/API checking, its useful to have a list of all the
identifiers that are defined in the internal header files, as we
do not promise compatibility for them. This option allows for a
simple method of getting them for use with the ABI checking script.
2019-04-05 13:59:52 +01:00
Jaeden Amero 3d8144731f Merge remote-tracking branch 'origin/pr/2192' into development
* origin/pr/2192:
  Increase okm_hex buffer to contain null character
  Minor modifications to hkdf test
  Add explanation for okm_string size
  Update ChangeLog
  Reduce buffer size of okm
  Reduce Stack usage of hkdf test function
2019-04-05 13:53:14 +01:00
Jack Lloyd 274024f3d5 Fix a rebase error 2019-04-04 07:59:41 -07:00
Janos Follath ee11be6572 Add test for configuration specific CRT callback 2019-04-04 12:03:30 +01:00
Hanno Becker efb440afec Add test exercising context-specific CRT callback to ssl-opt.sh 2019-04-03 13:11:20 +01:00
Ron Eldor b6dc105456 Add Wisun Fan device extended key usage
Add the Wisun extended key usage oid and tests.
2019-04-03 13:48:50 +03:00
Jack Lloyd ffdf28851d Add NIST keywrap as a cipher mode
Closes #2003 see also #1658
2019-04-02 10:02:55 -07:00
Jack Lloyd 1dbc5a257f Fix errors in AEAD test function
It was failing to set the key in the ENCRYPT direction before encrypting.
This just happened to work for GCM and CCM.

After re-encrypting, compare the length to the expected ciphertext
length not the plaintext length. Again this just happens to work for
GCM and CCM since they do not perform any kind of padding.
2019-04-02 10:02:55 -07:00
Jarno Lamsa dfd22c4dbd Address comments for x509 tests 2019-04-01 15:18:53 +03:00
Jarno Lamsa f7a7f9ee43 Address review comments regarding ssl_client2 and ssl tests 2019-04-01 15:11:54 +03:00
Jarno Lamsa 31d9db6195 Change the verify function naming
Change the naming to reflect that the function uses a new ca callback
feature to distinguish different callbacks.
2019-04-01 14:33:49 +03:00
Hanno Becker 3f932bbc5d Remove trailing whitespace in test_suite_x509parse.function 2019-03-28 17:06:47 +00:00
Hanno Becker 746aaf3f38 Add ssl-opt.sh tests for trusted CA callbacks 2019-03-28 16:13:44 +00:00
Hanno Becker 0350d56286 Only run X.509 CRT verification tests with CA callback tests if !CRL 2019-03-28 16:13:44 +00:00
Hanno Becker cbb590369c Minor fixes to CA callback tests 2019-03-28 16:13:44 +00:00
Jarno Lamsa 557426ad77 Add a failure testcase for ca callback 2019-03-28 16:13:43 +00:00
Jarno Lamsa 912ed33991 Change callback name to ca_callback 2019-03-28 16:13:43 +00:00
Jarno Lamsa 03cd120ce4 Test for ca list callback 2019-03-28 16:13:43 +00:00
Jaeden Amero c70a3c76bf Merge remote-tracking branch 'tls/development' into development
Resolve conflicts actions:
 - Reject path changes to config.h
 - Reject submodule-related changes in build scripts (Makefile,
   CMakeLists.txt)
 - Add oid test suite to list of tests in tests/CMakeLists.txt,
   rejecting any test filtering related changes (which TLS uses to avoid
   duplicating crypto tests)
 - Add legacy ECDH test to all.sh without including
   all.sh tests that depend on SSL
2019-03-28 16:02:25 +00:00
Jaeden Amero 57773d4ede Merge remote-tracking branch 'restricted/pr/551' into development
* restricted/pr/551:
  ECP: Clarify test descriptions
  ECP: remove extra whitespaces
  Fix ECDH secret export for Mongomery curves
  Improve ECP test names
  Make ecp_get_type public
  Add more tests for ecp_read_key
  ECP: Catch unsupported import/export
  Improve documentation of mbedtls_ecp_read_key
  Fix typo in ECP module
  Remove unnecessary cast from ECP test
  Improve mbedtls_ecp_point_read_binary tests
  Add Montgomery points to ecp_point_write_binary
  ECDH: Add test vectors for Curve25519
  Add little endian export to Bignum
  Add mbedtls_ecp_read_key
  Add Montgomery points to ecp_point_read_binary
  Add little endian import to Bignum
2019-03-27 17:01:24 +00:00
Jaeden Amero 0ea33776ce Merge remote-tracking branch 'restricted/pr/552' into development
Ensure this merge passes tests by auto-generating query_config.c, adding
MBEDTLS_ECDH_LEGACY_CONTEXT to it.

* restricted/pr/552:
  Fix mbedtls_ecdh_get_params with new ECDH context
  Test undefining MBEDTLS_ECDH_LEGACY_CONTEXT in all.sh
  Define MBEDTLS_ECDH_LEGACY_CONTEXT in config.h
  Add changelog entry for mbedtls_ecdh_get_params robustness
  Fix ecdh_get_params with mismatching group
  Add test case for ecdh_get_params with mismatching group
  Add test case for ecdh_calc_secret
  Fix typo in documentation
2019-03-27 17:01:16 +00:00
Jaeden Amero c73fde725b Merge remote-tracking branch 'origin/pr/2531' into development
Ensure tests pass when the submodule is used by updating the list of
crypto tests to include test_suite_oid in both tests/CMakeLists.txt and
tests/Makefile.

* origin/pr/2531:
  Add changeLog entry
  Add certificate policy of type any policy id
2019-03-27 16:52:08 +00:00
Jaeden Amero 3930e18c3c Merge remote-tracking branch 'origin/pr/2509' into development
* origin/pr/2509:
  all.sh: Generate seedfile for crypto submodule tests
  Update crypto submodule to test with private headers
  tests: Use globbing in test suite exclusion list
  Update crypto submodule to Mbed Crypto development
  tests: Test crypto via the crypto submodule
2019-03-27 14:45:26 +00:00
Jaeden Amero d5d01a0435 Merge remote-tracking branch 'origin/pr/2525' into development
* origin/pr/2525:
  Update library version to 2.17.0
2019-03-26 14:50:06 +00:00
Ron Eldor 11ee07191f Add certificate policy of type any policy id
Add a function for getting the certificate policy. Currently only
"Any Policy" is supported.
2019-03-26 14:41:07 +02:00
Jaeden Amero 3f8d78411a Update library version to 2.17.0 2019-03-19 16:12:55 +00:00
Jaeden Amero 9714510736 all.sh: Generate seedfile for crypto submodule tests
When running tests from the crypto submodule, generate and use a
seedfile within the crypto/tests directory.
2019-03-19 15:45:09 +00:00
Jaeden Amero 0a504c02f6 tests: Add library to include path when used as submodule
Some tests use internal-only header files, which are stored in the
'library' folder, and therefore need the library folder passed in on the
include path. For non-submoudle builds, this is set globally in the
top-level CMakeLists.txt file. For submodule builds, this is set through
target includes to a path only meaningful when Mbed Crypto is built as a
submodule.
2019-03-15 15:47:17 +00:00
Gilles Peskine d7929e7539 Fix copypasta in test data 2019-03-15 11:37:09 +01:00
Gilles Peskine e3dbdd8d90 Gate entropy injection through a dedicated configuration option
Entropy injection has specific testing requirements. Therefore it
should depend on a specific option.
2019-03-15 11:15:21 +01:00
Gilles Peskine 6bf4baef95 Remove compilation option MBEDTLS_PSA_HAS_ITS_IO
MBEDTLS_PSA_HAS_ITS_IO is not really useful since it doesn't actually
enable anything except the entropy seed file support, which only
requires the ITS interface and not a native implemetation. Remove it.
2019-03-15 11:15:13 +01:00
Gilles Peskine 5e80d91dbf Remove psa_crypto_storage_backend.h
Since there is now a single storage backend, we don't need a backend
interface. Make the functions that were declared in
psa_crypto_storage_backend.h and are now both defined and used in
psa_crypto_storage.c static, except for psa_is_key_present_in_storage
which is used by the gray-box tests and is now declared in
psa_crypto_storage.h.
2019-03-15 11:15:04 +01:00
Gilles Peskine e435f23019 Remove psa_crypto_storage_file
Now that we have ITS over files, we no longer need a direct backend
for key storage over files. Remove psa_crypto_storage_file and its
tests.

Switch MBEDTLS_PSA_CRYPTO_STORAGE_ITS_C and MBEDTLS_PSA_ITS_FILE_C on
by default. This preserves functionality and test coverage in the
default configuration, but forgets any key previously stored using the
file backend.
2019-03-15 11:14:51 +01:00
Gilles Peskine 23793482ac Support ITS over file in PSA crypto 2019-03-15 11:14:37 +01:00
Gilles Peskine b0c642abae Tests for PSA ITS over stdio files 2019-03-15 11:14:35 +01:00
Gilles Peskine bc1f272750 Tests for PSA ITS over files 2019-03-15 11:14:29 +01:00
Jaeden Amero 2184ef63ab tests: Use globbing in test suite exclusion list
Use e.g. test_suite_aes.% instead of listing out subsuites. This makes
is less of a pain to add new subsuites.
2019-03-13 14:50:00 +00:00
Jaeden Amero b78b300b2e tests: Test crypto via the crypto submodule
Test the crypto implementation via tests from the Mbed Crypto submodule
instead of at the Mbed TLS top level.

The version test is the only test that is tested from both TLS and
Crypto, despite being entirely in libmbedcrypto. This is because the
test data is code-gen'd from the version updating script and the version
between Mbed TLS and Mbed Crypto don't necessarily always agree. The
test data must come from the top level module, as only the top level
module will have test data that matches the expected version.
2019-03-13 13:39:23 +00:00
Jaeden Amero b478bb6ddb tests: Add a crypto prefix to submodule tests
Prepend ".crypto" to tests that came from the crypto submodule. This
allows, when this project is used as a submodule, for tests with names
the same between the parent and this project when used as a submodule to
both be built and run.
2019-03-11 16:51:37 +00:00
Jaeden Amero 1264c2a86f tests: Exclude version suite when used as a submodule
The version test suite is duplicated between Mbed TLS and Mbed Crypto.
Use TLS's copy and not Crypto's copy when Crypto is used as a submodule
of TLS.

The version test is the only test that is tested from both TLS and
Crypto, despite being entirely in libmbedcrypto. This is because the
test data is code-gen'd from the version updating script and the version
between Mbed TLS and Mbed Crypto don't necessarily always agree. The
test data must come from the top level module, as only the top level
module will have test data that matches the expected version.
2019-03-11 16:50:30 +00:00
Jaeden Amero 120d571e8e tests: Use parent module includes when used as a submodule
For Makefiles, enable overriding where includes can come from in order
to enable the parent module to set the include path. This allows the
parent module to specify that its config.h should be used, even when the
submodule when built standalone would use a different config.h.

For CMake, always look in the parent's include folder and our own. List
the parent's include folder first, so that preference is given to parent
include files.
2019-03-11 16:50:25 +00:00
Jaeden Amero 9afb2e9921 Remove tests that depend on TLS or X.509 2019-03-11 16:49:26 +00:00
Jaeden Amero e23737c618 recursion.pl: Don't depend on X.509 2019-03-11 16:48:36 +00:00
Jaeden Amero 03c60de0e0 query_config: Move to programs/test
As the SSL programs, like ssl_client2 and ssl_server2, are dependent on
SSL and therefore about to be removed, the only consumer of query_config
is the query_compile_time_config test. As such, it makes sense to move
query_config to be next to what uses it.
2019-03-11 16:48:36 +00:00
Jaeden Amero 9b90f2e294 all.sh: Remove dependency on TLS, NET, and X.509 2019-03-11 16:48:35 +00:00
Jaeden Amero 2b9eb0bd6c Merge remote-tracking branch 'tls/development' into development
* origin/development: (113 commits)
  Update query_config.c
  Fix failure in SSLv3 per-version suites test
  Adjust DES exclude lists in test scripts
  Clarify 3DES changes in ChangeLog
  Fix documentation for 3DES removal
  Exclude 3DES tests in test scripts
  Fix wording of ChangeLog and 3DES_REMOVE docs
  Reduce priority of 3DES ciphersuites
  Fix unused variable warning in ssl_parse_certificate_coordinate()
  Update the crypto submodule to a78c958
  Fix ChangeLog entry to correct release version
  Fix typo in x509write test data
  Add ChangeLog entry for unused bits in bitstrings
  Improve docs for named bitstrings and their usage
  Add tests for (named) bitstring to suite_asn1write
  Add new function mbedtls_asn1_write_named_bitstring()
  Add missing compile time guard in ssl_client2
  Update programs/ssl/query_config.c
  ssl_client2: Reset peer CRT info string on reconnect
  Add further debug statements on assertion failures
  ...
2019-03-07 12:02:18 +00:00
Janos Follath 04dadb73fd Add non-regression test for buffer overflow 2019-03-06 12:29:37 +00:00
Jaeden Amero 0a9f9b20b6 Merge remote-tracking branch 'origin/pr/2317' into development
* origin/pr/2317:
  Update ChangeLog
  all.sh: Test MBEDTLS_MPI_WINDOW_SIZE=1
  Fix DEADCODE in mbedtls_mpi_exp_mod()
2019-03-05 16:33:42 +00:00
Jaeden Amero 41e1986ed0 Merge remote-tracking branch 'origin/pr/2293' into development
* origin/pr/2293:
  Declare test_suite_aes.ofb to CMake
  Add a facility to skip running some test suites
  run-test-suites: update the documentation
2019-03-05 16:30:37 +00:00
Jaeden Amero 6b47a6ceac Merge remote-tracking branch 'origin/pr/2100' into development
* origin/pr/2100:
  Fix test data missing some fake-random input
  Add tests for RSA encrypt/decrypt with NULL for empty message
2019-03-05 16:29:27 +00:00
Jaeden Amero 7df1bec82b Merge remote-tracking branch 'origin/pr/1520' into development
* origin/pr/1520:
  Use certificates from data_files and refer them
  Specify server certificate to use in SHA-1 test
  refactor CA and SRV certificates into separate blocks
  refactor SHA-1 certificate defintions and assignment
  refactor server SHA-1 certificate definition into a new block
  define TEST_SRV_CRT_RSA_SOME in similar logic to TEST_CA_CRT_RSA_SOME
  server SHA-256 certificate now follows the same logic as CA SHA-256 certificate
  add entry to ChangeLog
2019-03-05 16:24:11 +00:00
Simon Butcher 535ee4a35b Merge remote-tracking branch 'public/pr/2421' into development
* public/pr/2421: (68 commits)
  Fix unused variable warning in ssl_parse_certificate_coordinate()
  Add missing compile time guard in ssl_client2
  Update programs/ssl/query_config.c
  ssl_client2: Reset peer CRT info string on reconnect
  Add further debug statements on assertion failures
  Fix typo in documentation of ssl_parse_certificate_chain()
  Add debug output in case of assertion failure
  Fix typo in SSL ticket documentation
  Add config sanity check for !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE
  ssl_client2: Zeroize peer CRT info buffer when reconnecting
  Reintroduce numerous ssl-opt.sh tests if !MBEDTLS_SSL_KEEP_PEER_CERT
  ssl_client2: Extract peer CRT info from verification callback
  Improve documentation of mbedtls_ssl_get_peer_cert()
  Improve documentation of MBEDTLS_SSL_KEEP_PEER_CERTIFICATE
  Fix indentation of Doxygen comment in ssl_internal.h
  Set peer CRT length only after successful allocation
  Remove question in comment about verify flags on cli vs. server
  Remove misleading and redundant guard around restartable ECC field
  Add test for !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE to all.sh
  Free peer CRT chain immediately after verifying it
  ...
2019-03-01 12:46:07 +00:00
Simon Butcher 195bddebcc Merge remote-tracking branch 'restricted/pr/528' into development
* restricted/pr/528:
  Update query_config.c
  Fix failure in SSLv3 per-version suites test
  Adjust DES exclude lists in test scripts
  Clarify 3DES changes in ChangeLog
  Fix documentation for 3DES removal
  Exclude 3DES tests in test scripts
  Fix wording of ChangeLog and 3DES_REMOVE docs
  Reduce priority of 3DES ciphersuites
2019-03-01 12:45:45 +00:00
Simon Butcher 74ac6e3fec Merge remote-tracking branch 'public/pr/2028' into development
* public/pr/2028:
  Update the crypto submodule to a78c958
  Fix ChangeLog entry to correct release version
  Fix typo in x509write test data
  Add ChangeLog entry for unused bits in bitstrings
  Improve docs for named bitstrings and their usage
  Add tests for (named) bitstring to suite_asn1write
  Add new function mbedtls_asn1_write_named_bitstring()
2019-03-01 12:44:19 +00:00
Simon Butcher bbed914b41 Merge remote-tracking branch 'public/pr/2447' into development
* public/pr/2447:
  Unbump version to 0.0.0
2019-03-01 12:41:25 +00:00
Simon Butcher 700cbac98a Merge remote-tracking branch 'public/pr/2448' into development
* public/pr/2448:
  Reword changelog entry
  Update change log
  Reenable GnuTLS next based tests
2019-03-01 12:40:43 +00:00
Manuel Pégourié-Gonnard aa946b2d49 Fix failure in SSLv3 per-version suites test
The test used 3DES as the suite for SSLv3, which now makes the handshake fails
with "no ciphersuite in common", failing the test as well. Use Camellia
instead (as there are not enough AES ciphersuites before TLS 1.2 to
distinguish between the 3 versions).

Document some dependencies, but not all. Just trying to avoid introducing new
issues by using a new cipher here, not trying to make it perfect, which is a
much larger task out of scope of this commit.
2019-03-01 10:22:04 +01:00
Andres Amaya Garcia 419bd0011f Adjust DES exclude lists in test scripts 2019-03-01 10:22:04 +01:00
Andres Amaya Garcia bdfba79f0d Fix documentation for 3DES removal 2019-03-01 10:21:11 +01:00
Andres Amaya Garcia 2dadab7d3f Exclude 3DES tests in test scripts 2019-03-01 10:21:11 +01:00
Andres Amaya Garcia 412ddf3812 Fix typo in x509write test data 2019-02-28 09:38:03 +00:00
Andres Amaya Garcia 7067f812f8 Add tests for (named) bitstring to suite_asn1write 2019-02-28 09:36:30 +00:00
Jaeden Amero 001626e44e Fix typo in data_file generator code
The file to generate is `server10_int3-bs.pem`, not
`server10-bs_int3-bs.pem`.
2019-02-27 17:17:02 +00:00
Jaeden Amero a78c958b17 Merge remote-tracking branch 'tls/pr/2028' into development 2019-02-27 15:21:44 +00:00
Jaeden Amero a9d6ba2510 Merge remote-tracking branch 'tls/development' into development
Additional work done as part of merge:
    - Run ./tests/scripts/check-generated-files.sh and check in the
      resulting changes to programs/ssl/query_config.c
2019-02-27 15:15:53 +00:00
Janos Follath 54ba3eb7de ECP: Clarify test descriptions 2019-02-27 14:47:10 +00:00
Gilles Peskine e915d532a6 Silence pylint
Silence pylint in specific places where we're doing slightly unusual
or dodgy, but correct.
2019-02-27 11:03:25 +01:00
Gilles Peskine 23e64f226b check-files.py: readability improvement in permission check 2019-02-27 11:03:25 +01:00
Gilles Peskine 1e9698af4b check-files.py: use class fields for class-wide constants
In an issue tracker, heading and files_exemptions are class-wide
constants, so make them so instead of being per-instance fields.
2019-02-27 11:03:25 +01:00
Gilles Peskine 6ee576e0b5 check-files.py: clean up class structure
Line issue trackers are conceptually a subclass of file issue
trackers: they're file issue trackers where issues arise from checking
each line independently. So make it an actual subclass.

Pylint pointed out the design smell: there was an abstract method that
wasn't always overridden in concrete child classes.
2019-02-27 11:03:25 +01:00
Gilles Peskine 0d060ef328 check-files.py: document some classes and methods
Document all classes and longer methods.

Declare a static method as such. Pointed out by pylint.
2019-02-27 11:03:25 +01:00
Gilles Peskine aad2ebdf30 Fix pylint errors going uncaught
Make check-python-files.sh run pylint on all *.py files (in
directories where they are known to be present), rather than list
files explicitly.

Fix a bug whereby the return status of check-python-files.sh was only
based on the last file passing, i.e. errors in other files were
effectively ignored.

Make check-python-files.sh run pylint unconditionally. Since pylint3
is not critical, make all.sh to skip running check-python-files.sh if
pylint3 is not available.
2019-02-27 11:03:25 +01:00
Gilles Peskine b2c269eeee Call pylint3, not pylint
We use Python 3, so call Pylint for Python 3, not for Python 2.
2019-02-27 11:03:24 +01:00
Gilles Peskine 7f61575cba New, documented pylint configuration
The pylint configuration in .pylint was a modified version of the
output of `pylint --generate-rcfile` from an unknown version of
pylint. Replace it with a file that only contains settings that are
modified from the default, with an explanation of why each setting is
modified.

The new .pylintrc was written from scratch, based on the output of
pylint on the current version of the files and on a judgement of what
to silence generically, what to silence on a case-by-case basis and
what to fix.
2019-02-27 11:03:24 +01:00
Janos Follath bf42408528 Improve ECP test names 2019-02-26 16:49:52 +00:00
Janos Follath df9295b7ec Make ecp_get_type public
The ecp_get_type function comes handy in higher level modules and tests
as well. It is not inline anymore, to enable alternative implementations
to implement it for themselves.
2019-02-26 16:49:42 +00:00
Janos Follath 4ffdbe0979 Add more tests for ecp_read_key 2019-02-26 16:48:40 +00:00
Janos Follath 28eb06df16 ECP: Catch unsupported import/export
mbedtls_ecp_read_key() module returned without an error even when
importing keys corresponding to the requested group was not
implemented.

We change this and return an error when the requested group is not
supported and make the remaining import/export functions more robust.
2019-02-26 16:48:40 +00:00
Janos Follath e5670f2663 Remove unnecessary cast from ECP test 2019-02-26 16:48:40 +00:00
Hanno Becker fe9aec4cb1 Reintroduce numerous ssl-opt.sh tests if !MBEDTLS_SSL_KEEP_PEER_CERT 2019-02-26 14:38:09 +00:00
Hanno Becker 545ced45f7 Add test for !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE to all.sh 2019-02-26 14:38:09 +00:00
Hanno Becker d0aac14303 Add dependency to ssl-opt.sh tests which need peer CRT debug info 2019-02-26 14:38:09 +00:00
Gilles Peskine 9e0a4a54a2 Test abort after failed setup
Commit "Smoke-test operation contexts after setup+abort" replaced
{failed-setup; abort} sequences by {failed-setup; successful-setup}.
We want to test that, but we also want to test {failed-setup; abort}.
So test {failed-setup; abort; failed-setup; successful-setup}.
2019-02-26 11:29:17 +01:00
Gilles Peskine f426e0f303 Smoke-test operation contexts after setup+abort
After a successful setup followed by abort, or after a failed setup
from an inactive state, a context must be usable. Test this for
hash, MAC and cipher contexts.
2019-02-26 11:29:16 +01:00
Janos Follath ffbd7e8ff3 Improve mbedtls_ecp_point_read_binary tests
Renamed the tests because they are explicitly testing Curve25519 and
nothing else. Improved test coverage, test documentation and extended
in-code documentation with a specific reference to the standard as well.
2019-02-25 11:49:54 +00:00
Janos Follath 7caf8e452f Add Montgomery points to ecp_point_write_binary
The library is able to perform computations and cryptographic schemes on
curves with x coordinate ladder representation. Here we add the
capability to export such points.
2019-02-22 15:42:18 +00:00
Janos Follath ab0f71a22a ECDH: Add test vectors for Curve25519
The test vectors added are published in RFC 7748.
2019-02-22 15:42:03 +00:00
Janos Follath e344d0f6fc Add little endian export to Bignum
The function `mbedtls_mpi_write_binary()` writes big endian byte order,
but we need to be able to write little endian in some caseses. (For
example when handling keys corresponding to Montgomery curves.)

Used `echo xx | tac -rs ..` to transform the test data to little endian.
2019-02-22 15:41:31 +00:00
Janos Follath 171a7efd02 Add mbedtls_ecp_read_key
The private keys used in ECDH differ in the case of Weierstrass and
Montgomery curves. They have different constraints, the former is based
on big endian, the latter little endian byte order. The fundamental
approach is different too:
- Weierstrass keys have to be in the right interval, otherwise they are
  rejected.
- Any byte array of the right size is a valid Montgomery key and it
  needs to be masked before interpreting it as a number.

Historically it was sufficient to use mbedtls_mpi_read_binary() to read
private keys, but as a preparation to improve support for Montgomery
curves we add mbedtls_ecp_read_key() to enable uniform treatment of EC
keys.

For the masking the `mbedtls_mpi_set_bit()` function is used. This is
suboptimal but seems to provide the best trade-off at this time.
Alternatives considered:
- Making a copy of the input buffer (less efficient)
- removing the `const` constraint from the input buffer (breaks the api
and makes it less user friendly)
- applying the mask directly to the limbs (violates the api between the
modules and creates and unwanted dependency)
2019-02-22 15:39:03 +00:00
Janos Follath 59b813c7be Add Montgomery points to ecp_point_read_binary
The library is able to perform computations and cryptographic schemes on
curves with x coordinate ladder representation. Here we add the
capability to import such points.
2019-02-22 15:38:46 +00:00
Janos Follath a778a94b7d Add little endian import to Bignum
The function `mbedtls_mpi_read_binary()` expects big endian byte order,
but we need to be able to read from little endian in some caseses. (For
example when handling keys corresponding to Montgomery curves.)

Used `echo xx | tac -rs .. | tr [a-z] [A-Z]` to transform the test data
to little endian and `echo "ibase=16;xx" | bc` to convert to decimal.
2019-02-22 15:38:32 +00:00
Jaeden Amero 86016a03a1 Merge remote-tracking branch 'origin/pr/2338' into development 2019-02-22 12:55:30 +00:00
Jaeden Amero e895342522 Merge remote-tracking branch 'origin/pr/2427' into development 2019-02-22 12:53:13 +00:00
Gilles Peskine e023c80477 Test undefining MBEDTLS_ECDH_LEGACY_CONTEXT in all.sh
Test that the library works with the new context format.
2019-02-22 13:04:23 +01:00
Jaeden Amero 415620c1f2 Merge remote-tracking branch 'origin/pr/2105' into development
Additional work done as part of merge:
    - Run ./tests/scripts/check-generated-files.sh and check in the
      resulting changes to programs/ssl/query_config.c
2019-02-22 10:33:15 +00:00
Jaeden Amero 8963b0311c Merge remote-tracking branch 'origin/pr/2411' into development 2019-02-22 10:32:44 +00:00
Jaeden Amero d9516b508a Merge remote-tracking branch 'origin/pr/2407' into development 2019-02-22 10:32:44 +00:00
Jaeden Amero 0ae63f7bc3 Merge remote-tracking branch 'origin/pr/2383' into development 2019-02-22 10:32:43 +00:00
Hanno Becker 241b524964 Disable restartable ECC in full config PSA test in all.sh 2019-02-22 10:26:30 +00:00
Gilles Peskine c4dff06f31 Add test case for ecdh_get_params with mismatching group
Add a test case for doing an ECDH calculation by calling
mbedtls_ecdh_get_params on both keys, with keys belonging to
different groups. This should fail, but currently passes.
2019-02-22 10:21:31 +01:00
Gilles Peskine 552563b741 Add test case for ecdh_calc_secret
Add a test case for doing an ECDH calculation by calling
mbedtls_ecdh_get_params on both keys, then mbedtls_ecdh_calc_secret.
2019-02-22 10:20:07 +01:00
Jaeden Amero bf61ca7a04
Merge pull request #58 from Patater/disallow-invalid-context
Disallow use of invalid contexts
2019-02-21 17:37:04 +00:00
Jaeden Amero 5e6d24c5e1 psa: Add backwards compatible error codes
Add deprecated error codes to help transition between the previous
version of the PSA Crypto specification and the current one.
2019-02-21 11:49:15 +00:00
Jaeden Amero 36ee5d0fbf psa: Disallow repeated setup
Calling psa_*_setup() twice on a MAC, cipher, or hash context should
result in a PSA_ERROR_BAD_STATE error because the operation has already
been set up.

Fixes #10
2019-02-20 15:27:41 +00:00
Jaeden Amero 11aa7ee189 psa: Extend hash bad order test
Extend hash bad order test in line with the new bad order tests for MAC
and cipher, covering more cases and making comments and test layout
consistent.

Ensure that when doing hash operations out of order, PSA_ERROR_BAD_STATE
is returned as documented in crypto.h and the PSA Crypto specification.
2019-02-20 15:27:41 +00:00
Jaeden Amero a0f625ac9a psa: Disallow use of invalid hash contexts
If a hash context has not been set up, fail with PSA_ERROR_BAD_STATE as
documented in crypto.h and the PSA Crypto specification.
2019-02-20 15:27:41 +00:00
Jaeden Amero ab43997f44 psa: Disallow use of invalid cipher contexts
Ensure that when doing cipher operations out of order,
PSA_ERROR_BAD_STATE is returned as documented in crypto.h and the PSA
Crypto specification.
2019-02-20 15:27:41 +00:00
Jaeden Amero 252ef28dac psa: Disallow use of invalid MAC contexts
Ensure that when doing MAC operations out of order, PSA_ERROR_BAD_STATE
is returned as documented in crypto.h and the PSA Crypto specification.
2019-02-20 15:27:41 +00:00
Gilles Peskine e086652aef Test the length of cipher_update output
In multipart cipher tests, test that each step of psa_cipher_update
produces output of the expected length. The length is hard-coded in
the test data since it depends on the mode.

The length of the output of psa_cipher_finish is effectively tested
because it's the total output length minus the length produced by the
update steps.
2019-02-19 19:45:55 +01:00
Gilles Peskine a04ba4ec52 Add some CTR multipart tests
Test data obtained with Python+PyCrypto:
AES.new(key, mode=AES.MODE_CTR, counter=Crypto.Util.Counter.new(128, initial_value=0x2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a)).encrypt(plaintext.decode('hex')).encode('hex')
2019-02-19 19:26:06 +01:00
Gilles Peskine 3215de4cf5 Add CBC multipart tests with 2 blocks
Test data obtained with Python+PyCrypto:
AES.new(key, AES.MODE_CBC, iv).encrypt(plaintext.decode('hex')).encode('hex')
2019-02-19 19:26:02 +01:00
Gilles Peskine 3b7e084077 Fix incorrect length check in multipart cipher tests
The output length can be equal to the input length.

This wasn't noticed at runtime because we happened to only test with
CBC with the first chunk being a partial block.
2019-02-19 19:22:51 +01:00
Gilles Peskine ee46fe7b9b Fix output size calculations in cipher tests
Some calls to psa_cipher_finish or psa_cipher_update append to a
buffer. Several of these calls were not calculating the offset into
the buffer or the remaining buffer size correctly.

This did not lead to buffer overflows before because the buffer sizes
were sufficiently large for our test inputs. This did not lead to
incorrect output when the test was designed to append but actually
wrote too early because all the existing test cases either have no
output from finish (stream cipher) or have no output from update (CBC,
with less than one block of input).
2019-02-19 19:05:33 +01:00
Gilles Peskine adc558e289 Fix test data missing some fake-random input
The test function pkcs1_rsaes_v15_encrypt gets its fake-random input
for padding from a test parameter. In one test case, the parameter was
too short, causing a fallback to rand(). The reference output depends
on this random input, so the test data was correct only for a platform
with one particular rand() implementation. Supply sufficient
fake-random input so that rand() isn't called.
2019-02-19 18:33:57 +01:00
Gilles Peskine 85a6dd40ba Add tests for RSA encrypt/decrypt with NULL for empty message 2019-02-19 18:33:57 +01:00
Jaeden Amero cf2010cf58 psa: Check generator validity before read
Check generator validity (i.e. that alg has been initialized) before
allowing reads from the generator or allowing reads of the generator's
capacity.

This aligns our implementation with the documented error code behavior
in our crypto.h and the PSA Crypto API.
2019-02-18 17:05:50 +00:00
Hanno Becker 28f78440d8 Grep for debug output witnessing use of PSA in ECDHE ssl-opt.sh 2019-02-18 16:47:50 +00:00
Hanno Becker 354e248d81 Add ssl-opt.sh tests for PSA-based ECDH with various ECC curves 2019-02-18 16:42:02 +00:00
Jaeden Amero 9654e11b1d
Merge pull request #55 from davidsaada/david_its_ps_err_codes
Modify PSA related error codes and types
2019-02-18 15:39:27 +00:00
k-stachowiak 17a38d3a74 Reenable GnuTLS next based tests 2019-02-18 15:29:56 +01:00
David Saada a2523b2c6d Replace ITS specific types with more generic PSA storage types
PSA spec now defines more generic PSA storage types instead of the ITS
specific ones. This is necessary in order to integrate with
the newer implementation of PSA ITS landing in Mbed OS soon.
Changes include the following:
- psa_status_t replaces psa_its_status_t
- psa_storage_info_t replaces psa_its_info_t
- psa_storage_uid_t replaces psa_its_uid_t
2019-02-18 13:56:26 +02:00
David Saada b4ecc27629 Replace PSA error code definitions with the ones defined in PSA spec 2019-02-18 13:53:13 +02:00
k-stachowiak 28cb6fbd47 Unbump version to 0.0.0 2019-02-18 12:01:03 +01:00
Andrzej Kurek 1b20be59e2 Write documentation for TEST_ASSERT 2019-02-15 10:13:35 -05:00
Jaeden Amero 0574e6a7bd
Merge pull request #51 from Patater/update-dev-tls-dev-crypto-merge
Merge mbedtls/development-psa, mbedtls/development into development
2019-02-15 15:07:37 +00:00
Jaeden Amero 67ea2c5e6d Merge branch 'development-psa-proposed' into development
Resolve conflicts by performing the following.

- Take the upstream Mbed TLS ChangeLog verbatim.
- Reject changes to Makefiles and CMake that are related to using Mbed
  Crypto as a submodule. It doesn't make sense to use Mbed Crypto as a
  submodule of itself.
- Reject README changes, as Mbed Crypto has its own, different README.
- Reject PSA-related changes to config.h. We don't want to disable the
  availability of the PSA Crypto API by default in the Mbed Crypto
  config.h.
- Don't inadvertently revert dead code removal in
  mbedtls_cipher_write_tag() which was added in f2a7529403 ("Fix
  double return statement in cipher.c")
- Where Mbed Crypto already had some MBEDTLS_USE_PSA_CRYPTO code (from
  past companion PRs) take the latest version from Mbed TLS which
  includes integration with MBEDTLS_CHECK_PARAMS.
- Update the version of the shared library files to match what's
  currently present in Mbed TLS.
- Reject removal of testing with PSA from config full tests.
- Resolve conflicts in test tests/suites/helpers.function, where both
  Mbed Crypto and Mbed TLS both added documentation for TEST_ASSERT.
  Combine text from both documentation efforts.
- Reject adding a submodule of ourselves.
- Reject addition of submodule tests in all.sh.
- Reject addition of submodule to library path in
  tests/scripts/run-test-suites.pl.
- Avoid using USE_CRYPTO_SUBMODULE=1 in
  component_test_use_psa_crypto_full_cmake_asan() in all.sh.
2019-02-14 15:58:43 +00:00
Andrzej Kurek eb5087126f all.sh: add a seedfile generation step
When using PSA with MBEDTLS_ENTROPY_NV_SEED, some test suites
require the seed file for PSA initialization, which was normally generated
later, when entropy tests were run. This change creates an initial seedfile
in all.sh.
2019-02-14 07:18:59 -05:00
Gilles Peskine c4cd2adae8 test_psa_constant_names: fix uses of C integer types
Some of the types may in principle be wider than `unsigned`, so use
`unsigned long` in printf.

Add support for signed types: a status is a signed value, and
preferentially printed in decimal.
2019-02-13 18:46:51 +01:00
Jaeden Amero 3ea2687053 psa: Initialize crypto in tests that need to
Don't unconditionally enable PSA Crypto for all tests. Only enable it in
tests that require it. This allows crypto tests to check that
psa_crypto_init() fails when it is supposed to fail, since we want to
perform some action in a test, and then call psa_crypto_init() and check
the result without it having been called previously.
2019-02-13 07:34:54 -05:00
Jaeden Amero 2d7e5fe31d
Merge pull request #46 from Patater/fix-windows-initializers
psa: Test fresh contexts have default behavior
2019-02-12 16:34:10 +00:00
Jaeden Amero 1fb011f2a6
Merge pull request #152 from ARMmbed/psa-test-psa_constant_names
Test psa_constant_names
2019-02-12 13:39:25 +00:00
Jaeden Amero d48e9c713e all.sh: Enable verbose failure messages for CMake
Set the CMake-observed variable `CTEST_OUTPUT_ON_FAILURE`, so that when
a "make test" run by CMake fails, verbose test output about the detail
of failure is available.
2019-02-12 11:38:14 +00:00
Andres Amaya Garcia 4343384966 Fix typo in x509write test data 2019-02-11 21:33:10 +00:00
Andrzej Kurek f389629556 Move a restartable ecp context to a conditional compilation block
This was an unused variable when compiling with parameter validation
but without ecp_restartable
2019-02-11 05:15:54 -05:00
Hanno Becker 2d8a2c0852 Modify existing X.509 test for also test new copyless API
The existing test `x509parse_crt()` for X.509 CRT parsing
so far used the generic parsing API `mbedtls_x509_crt_parse()`
capable of parsing both PEM encoded and DER encoded certficates,
but was actually only used with DER encoded input data. Moreover,
as the purpose of the test is the testing of the core DER X.509 parsing
functionality, not the PEM vs. DER dispatch (which is now already tested
in the various `x509_crt_info()` tests), the call can be replaced with a
direct call to `mbedtls_x509_parse_crt_der()`.

This commit does that, and further adds to the test an analogous
call to the new API `mbedtls_x509_parse_crt_der_nocopy()` to test
copyless parsing of X.509 certificates.
2019-02-08 14:24:58 +00:00
Hanno Becker 462c3e5210 Add test for mbedtls_x509_parse_file() with DER encoded CRT 2019-02-08 14:24:58 +00:00
Jaeden Amero 2a0f48ae1f
Merge pull request #43 from Patater/update-2.16-dev
Update to a development version of Mbed TLS 2.16.0
2019-02-08 08:13:41 +00:00
Jaeden Amero 5229bbb08e psa: Test fresh contexts have default behavior
Test that freshly-initialized contexts exhibit default behavior through
the API. Do this without depending on the internal representation of the
contexts. This provides better portability of our tests on compilers
like MSVC.
2019-02-07 17:01:12 +00:00
Jaeden Amero 6fd4ee2af1
Merge pull request #20 from gilles-peskine-arm/psa-copy_key
New function psa_copy_key
2019-02-07 15:40:42 +00:00
Jaeden Amero c979f6ab38 psa: Test empty PKCS#1 v1.5 decryption
The tests use a ciphertext for PKCS#1 v1.5 encryption of a zero-length
buffer that was created with a call to psa_asymmetric_encrypt().
2019-02-07 12:19:59 +00:00
Jaeden Amero f8daab78ff psa: Enable testing RSA decryption with output sizes
For must-fail asymmetric decryption tests, add an output size parameter
so that tests can directly control what output buffer size they allocate
and use independently from the key size used. This enables better
testing of behavior with various output buffer sizes.
2019-02-07 12:19:59 +00:00
Jaeden Amero 412654a605 psa: Expect output-buffer-sized RSA-decryption
When RSA decrypting, unlike with RSA encrypting, we sometimes expect the
output length will be less than the key size. For instance, in the case
where the plaintext is zero-length we expect the output length of the
decryption to be zero-length as well, not key size in length.

For must-fail tests, we don't expect output-buffer-sized RSA-decryption,
only that the output length is less than or equal to the output size, so
these tests remain unchanged.

Change the must-pass tests to expect that the actual output size is
equal to the expected length of the output buffer instead of always
being the key size.
2019-02-07 12:19:59 +00:00
Jaeden Amero 68933640f5 Merge commit '01b34fb316a5' into development
Merge a development version of Mbed TLS 2.16.0 that doesn't have
parameter validation into development.

The following conflicts were resolved:

- Update ChangeLog to include release notes merged from development so
  far, with a version of "2.14.0+01b34fb316a5" and release date of
  "xxxx-xx-xx" to show this is not a released version, but instead a
  snapshot of the development branch equivalent to version of the 2.14.0
  with additional commits from the mbedtls/development branch up through
  01b34fb316 included. Entries added for unreleased versions of Mbed
  Crypto remain at the top of the file for Mbed TLS 2.xx.x.
- Replace the Mbed Crypto version of
  mbedtls_rsa_rsaes_pkcs1_v15_decrypt() with the version from Mbed TLS
  which fixes timing variations and memory access variations that could
  lead to a Bleichenbacher-style padding oracle attack. This will
  prevent using psa_asymmetric_decrypt() with zero-length output buffers
  until a follow up commit is made to restore this capability.
- In ssl_srv.c, include changes for both the new ECDH interface and
  opaque PSK as already added to development previously.
2019-02-07 12:19:59 +00:00
Andres Amaya Garcia 4c981a09e8 Add gen_query_config.pl to check-gen-files and bump_version 2019-02-07 10:37:39 +00:00
Andres Amaya Garcia 3169dc0619 ssl-opt: Use ssl_server2 to query config instead of grep and sed 2019-02-07 10:37:39 +00:00
Gilles Peskine c9516fbf13 Document exercise_key and fix one incorrect usage
In one place, exercise_key was used in a such a way that if the test
failed inside exercise_key, the test suite would correctly report the
test as failed but would not report the exact location of the failure.
Fix this.

Add documentation for exercise_key that explains how to use it.
2019-02-06 16:42:34 +01:00
Gilles Peskine e84d5d2f1c psa_copy_key: Add test cases to specifically check non-exportability
Test that copying a non-exportable key doesn't make it exportable.
This complements similar tests that exercise a different usage flag.
2019-02-06 16:42:05 +01:00
Darryl Green 45010a333e Move test_psa_constant_names to a full config build 2019-02-06 13:45:03 +00:00
Darryl Green b8fe06820b Document that ECDH and FFDH are excluded only temporarily 2019-02-06 13:44:30 +00:00
Andrzej Kurek 1767e40368 all.sh: fix submodule test names 2019-02-05 06:05:49 -05:00
Andrzej Kurek 8a2e97c2df Merge development-psa commit 80b5662 into development-psa-merged branch
Adjust crypto submodule version to use new, forked crypto version accordingly.
2019-02-05 06:02:51 -05:00
Andrzej Kurek e9c3b8130a all.sh: move crypto submodule check to pre_check_git 2019-02-05 05:34:21 -05:00
Andrzej Kurek fd0381a2c5 all.sh: change test_submodule to test_use_psa_crypto 2019-02-05 05:00:02 -05:00
Darryl Green 61b7f61d5e Change unknown hash algorithm value
0x010000ff corresponds to PSA_ALG_ANY_HASH, so this collides and
isn't an unknown algorithm.
2019-02-05 09:21:28 +00:00
k-stachowiak a1dc9117a7 Correct code formatting in the timing test suites 2019-02-05 09:22:20 +01:00
Jaeden Amero 80b566267f Merge remote-tracking branch 'origin/pr/2386' into development-psa 2019-02-04 16:42:23 +00:00
Jaeden Amero d18b264eaf Merge remote-tracking branch 'origin/pr/2382' into development-psa 2019-02-04 16:41:46 +00:00
Peter Kolbus 1bc1a4c639 all.sh: Fix check_headers_in_cpp
When all.sh invokes check_headers_in_cpp, a backup config.h exists. This
causes a stray difference vs cpp_dummy_build.cpp. Fix by only collecting
the *.h files in include/mbedtls.

Change-Id: Ifd415027e856858579a6699538f06fc49c793570
2019-02-01 17:58:59 -06:00
Jaeden Amero acdf07c033
Merge pull request #41 from hanno-arm/ec_pubkey_fmt_fixes
Make further adaptations to new EC public key format
2019-02-01 13:05:48 +00:00
Andrzej Kurek de5a007316 Merge development commit f352f7 into development-psa 2019-02-01 07:03:03 -05:00
Hanno Becker 00114d71f4 Adapt test in test_suite_pk to work with new PSA public key format 2019-02-01 11:56:42 +00:00
Hanno Becker 56104ea9bb Adapt test in test_suite_pk to work with new PSA public key format 2019-02-01 11:48:19 +00:00
Andrzej Kurek 409fdae6bf test_suite_ctr_drbg: use ctr_drbg_update_ret instead of ctr_drbg_update
Align files with development to ensure the same state of repositories.
2019-02-01 02:53:16 -05:00
Andrzej Kurek f093a3dc61 Use ecdh_setup instead of ecp_group_load
Align files with development to ensure the same state of repositories.
2019-02-01 02:50:36 -05:00
Peter Kolbus 60c6da2352 all.sh: Test MBEDTLS_MPI_WINDOW_SIZE=1
There were no tests for a non-default MPI window size. Add one.

Change-Id: Ic08fbc9161d0b3ee67eb3c91f9baf602646c9dfe
2019-01-31 19:41:11 -06:00
Andrzej Kurek c470b6b021 Merge development commit 8e76332 into development-psa
Additional changes to temporarily enable running tests:
ssl_srv.c and test_suite_ecdh use mbedtls_ecp_group_load instead of
mbedtls_ecdh_setup
test_suite_ctr_drbg uses mbedtls_ctr_drbg_update instead of 
mbedtls_ctr_drbg_update_ret
2019-01-31 08:20:20 -05:00
Jaeden Amero f352f75f6b Merge remote-tracking branch 'origin/pr/2332' into development 2019-01-30 15:53:00 +00:00
Jaeden Amero c4cc2511d0 Merge remote-tracking branch 'origin/pr/2325' into development 2019-01-30 15:35:44 +00:00
Jaeden Amero c89148bba7 Merge remote-tracking branch 'origin/pr/2207' into development 2019-01-30 14:57:44 +00:00
Jaeden Amero b18239713e Merge remote-tracking branch 'origin/pr/2191' into development 2019-01-30 14:56:58 +00:00
Jaeden Amero 730ecdf3b1 Merge remote-tracking branch 'origin/pr/2371' into development 2019-01-30 13:15:40 +00:00
Andrzej Kurek 92dd4d0307 ssl-opt.sh: add a test for "calc PSA finished" log to the PSA tests 2019-01-30 04:10:19 -05:00
Andrzej Kurek 683d77e836 ssl_opt: check client and server output for PSA calc verify in PSA tests
Increase debug level to 2 in PSA tests and check for "PSA calc verify"
to ensure that the PSA code is being run.
2019-01-30 03:50:42 -05:00
Darryl Green ec07950e53 Exclude ECDH and FFDH key agreement algorithms for now 2019-01-29 16:08:46 +00:00
Gilles Peskine 95ab71a19a test_psa_constant_names: make tmp files easier to recognize 2019-01-29 16:08:46 +00:00
Gilles Peskine 17542086ab Recognize kdf_alg as KDF algorithm parameter name 2019-01-29 16:08:46 +00:00
Gilles Peskine 6d194bd92b Read constant names from crypto_extra.h as well as crypto_values.h
test_psa_constant_names.py was originally written before the split of
crypto.h into crypto_values.h and more, so it now needs to read
crypto_values.h as well.

In both generate_psa_constants.py and test_psa_constant_names.py, read
crypto_extra.h as well. We don't currently define any value there, but
it's plausible that we will one day.
2019-01-29 16:08:46 +00:00
Gilles Peskine 6a78573088 CMake: psa_constant_names and test_psa_constant_names
Build and install psa_constant_names.

Make sure that test_psa_constant_names passes in an out-of-tree build.
2019-01-29 16:08:46 +00:00
Gilles Peskine c68ce9637a Exclude full-length-algorithm macros from testing
Calls to PSA_ALG_AEAD_WITH_DEFAULT_TAG_LENGTH and
PSA_ALG_FULL_LENGTH_MAC are not in canonical form, so exclude them
from the list of constructor macros to test.
2019-01-29 16:08:46 +00:00
Gilles Peskine 434899fccd Test truncated MAC and AEAD algorithms
For MAC and AEAD algorithms, test the algorithm truncated to certain
lengths (1 and 63 bytes).
2019-01-29 16:08:46 +00:00
Gilles Peskine f96ed6615c Fix bug in distribute_arguments for multi-argument macros 2019-01-29 16:08:46 +00:00
Gilles Peskine cf9c18e696 Add option to keep the temporary C files
Useful for debugging and for reviewing what test cases are generated.
2019-01-29 16:08:45 +00:00
Gilles Peskine a0a315c815 Add location information to input processing exceptions
If parsing fails, report the input file name and line number.

If distribute_arguments fails, report for what name.
2019-01-29 16:08:45 +00:00
Gilles Peskine 377c6832a2 Test psa_constant_names in all.sh 2019-01-29 16:08:44 +00:00
Gilles Peskine 2482702d15 Test program for psa_constant_names
Test psa_constant_names on many inputs. For each input, find out the
numerical value by compiling and running a C program, pass the
numerical value to psa_constant_names and compare the output with the
original input.

Gather inputs by parsing psa/crypto.h and
test_suite_psa_crypto_metadata.data. For macros that take an argument,
list some possible arguments using the parsed data.
2019-01-29 16:07:45 +00:00
k-stachowiak 21daa3c1ee Reduce the timing tests complexity 2019-01-29 10:19:49 +01:00
Gilles Peskine 6b156df1ba Don't consider RIPEMD160 a PSA_ALG_ANY_HASH candidate
Some parts of the library don't support it, such as RSA PKCS#1v1.5
signature.
2019-01-28 15:43:19 +01:00
Gilles Peskine 8c1247fec9 Add psa_copy_key tests with policy constraints
Test a few cases. The logic to combine the constraint is similar to
the logic to combine the source and target, so it's ok to have less
parameter domain coverage for constraints.
2019-01-28 14:55:16 +01:00
Gilles Peskine 57ab721d8a Test psa_copy_key
Split the testing into tests that exercise policies in
test_suite_psa_crypto and tests that exercise slot content (slot
states, key material) in test_suite_psa_crypto_slot_management.

Test various cases of source and target policies with and without
wildcards. Missing: testing of the policy constraint on psa_copy_key
itself.

Test several key types (raw data, AES, RSA). Test with the
source or target being persistent.

Add failure tests (incompatible policies, source slot empty, target
slot occupied).
2019-01-28 14:55:06 +01:00
Gilles Peskine f603c718c9 New function psa_copy_key
Copy a key from one slot to another.

Implemented and smoke-tested.
2019-01-28 14:41:11 +01:00
Jaeden Amero 43bafcca94
Merge pull request #15 from gilles-peskine-arm/psa-signature_policy_wildcard
Support wildcard hash in signature policies
2019-01-28 13:31:14 +00:00
Ron Eldor 17233f5a5c Increase okm_hex buffer to contain null character
Add an additional byte for the `okm_hex` buffer, to assure
it is null-terminated in case `okm` is 128 bytes long.
2019-01-28 15:18:15 +02:00
Ron Eldor bc93219f66 Minor modifications to hkdf test
1. Fix comment grammar.
2. Rename `okm_string` to `okm_hex`.
2019-01-28 15:07:55 +02:00
Ron Eldor 1a3a7e5fc7 Add explanation for okm_string size
Add explanation for why the size of `okm_string` buffer
is twice as `okm` buffer.
2019-01-28 15:01:53 +02:00
Andrzej Kurek e85414edd0 ssl-opt: add a check for PSA computation of digest of ServerKeyExchange 2019-01-28 07:04:19 -05:00
Jaeden Amero 37a8c0c144
Merge pull request #27 from hanno-arm/crypto_submodule_update_prs_6_18_19_sibling
PSA integration sibling: Update crypto submodule (Hash clone, Key Policy Init, Key slot alloc)
2019-01-28 11:33:28 +00:00
Hanno Becker a814ae6f92 PSA: Adapt PK test suite to new key policy initialization API 2019-01-25 14:36:28 +00:00
Hanno Becker fcf659b12d PSA: Adapt PK test suite to modified key slot allocation mechanism 2019-01-25 14:36:28 +00:00
Hanno Becker 8d865dfe37 PSA: Adapt PK test suite to new key policy initialization API 2019-01-25 14:25:16 +00:00
Hanno Becker 353295ac70 PSA: Adapt PK test suite to modified key slot allocation mechanism 2019-01-25 14:25:00 +00:00
Jaeden Amero 4d69cf1a84
Merge pull request #13 from Patater/pubkey-format
Simplify RSA and EC public key formats
2019-01-25 10:09:40 +00:00
Gilles Peskine eb2d4b9037 Test that HASH_ANY is not meaningful for OAEP
PSA_ALG_HASH_ANY is specified as meaningful only for signature.
2019-01-24 13:05:36 +01:00
Antonin Décimo 36e89b5b71 Fix #2370, minor typos and spelling mistakes 2019-01-24 10:37:40 +01:00
Jaeden Amero ccdce90adb psa: Simplify EC public key format
Remove front matter from our EC key format, to make it just the contents
of an ECPoint as defined by SEC1 section 2.3.3.

As a consequence of the simplification, remove the restriction on not
being able to use an ECDH key with ECDSA. There is no longer any OID
specified when importing a key, so we can't reject importing of an ECDH
key for the purpose of ECDSA based on the OID.
2019-01-23 17:39:46 +00:00
Jaeden Amero 25384a236e psa: Simplify RSA public key format
Remove pkcs-1 and rsaEncryption front matter from RSA public keys. Move
code that was shared between RSA and other key types (like EC keys) to
be used only with non-RSA keys.
2019-01-23 17:31:50 +00:00
Jaeden Amero 0b6b871056
Merge pull request #22 from ARMmbed/iotssl-2697-psa-key-allocation-crypto
Adapting to the new PSA key slot allocation mechanism
2019-01-23 15:00:19 +00:00
Andrzej Kurek c750932f2c Adapt to the new key allocation mechanism 2019-01-23 06:22:32 -05:00
Gilles Peskine 870f5dc656 Add missing test dependency 2019-01-23 10:42:23 +01:00
Simon Butcher 8e763329ad Merge remote-tracking branch 'public/pr/2040' into development 2019-01-23 10:28:25 +01:00
Simon Butcher 38cb940692 Merge remote-tracking branch 'public/pr/2231' into development 2019-01-23 10:20:08 +01:00
Jaeden Amero 494624d299
Merge pull request #18 from gilles-peskine-arm/psa-hash_clone
New function psa_hash_clone
2019-01-22 17:35:25 +00:00
Gilles Peskine ea2e3604b1 Merge branch 'psa-copy_key' into psa-api-1.0-beta
New function psa_copy_key().

Conflicts:
* library/psa_crypto.c: trivial conflicts due to consecutive changes.
* tests/suites/test_suite_psa_crypto.data: the same code
  was added on both sides, but with a conflict resolution on one side.
* tests/suites/test_suite_psa_crypto_metadata.function: the same code
  was added on both sides, but with a conflict resolution on one side.
2019-01-19 13:56:35 +01:00
Gilles Peskine 4cb9dde84a New function psa_copy_key
Copy a key from one slot to another.

Implemented and smoke-tested.
2019-01-19 13:46:36 +01:00
Gilles Peskine 0ce26e35d6 Add a hash wildcard value for hash-and-sign algorithm
You can use PSA_ALG_ANY_HASH to build the algorithm value for a
hash-and-sign algorithm in a policy. Then the policy allows usage with
this hash-and-sign family with any hash.

Test that PSA_ALG_ANY_HASH-based policies allow a specific hash, but
not a different hash-and-sign family. Test that PSA_ALG_ANY_HASH is
not valid for operations, only in policies.
2019-01-19 13:42:51 +01:00
Gilles Peskine b66c27b2c9 New macro PSA_ALG_IS_HASH_AND_SIGN
Test for a subclass of public-key algorithm: those that perform
full-domain hashing, i.e. algorithms that can be broken down as
sign(key, hash(message)).
2019-01-19 13:42:51 +01:00
Gilles Peskine b865df005c Merge branch 'psa-no_type_on_allocate_key' into psa-api-1.0-beta
Remove the type and bits arguments from psa_allocate_key() and
psa_create_key().
2019-01-19 12:24:18 +01:00
Gilles Peskine d40c1fbd50 Don't require a type and size when creating a key slot
Remove the type and bits arguments to psa_allocate_key() and
psa_create_key(). They can be useful if the implementation wants to
know exactly how much space to allocate for the slot, but many
implementations (including ours) don't care, and it's possible to work
around their lack by deferring size-dependent actions to the time when
the key material is created. They are a burden to applications and
make the API more complex, and the benefits aren't worth it.

Change the API and adapt the implementation, the units test and the
sample code accordingly.
2019-01-19 12:20:52 +01:00
Gilles Peskine b37af92eb9 Merge branch 'psa-hash_clone' into psa-api-1.0-beta
Add psa_hash_clone.
2019-01-19 12:07:27 +01:00
Gilles Peskine ebb2c3e419 New function psa_hash_clone
Clone a hash operation.

Test good cases as part as multipart tests. Add new test functions for
the state machine.
2019-01-19 12:03:41 +01:00
Gilles Peskine 9dcc80e628 Merge branch 'psa-derive_input_steps-agreement_as_one_step' into psa-api-1.0-beta
Change the key derivation API to take inputs in multiple steps,
instead of a single one-site-fits-poorly function.

Conflicts:
* include/psa/crypto.h: merge independent changes in the documentation
  of psa_key_agreement (public_key from the work on public key formats
  vs general description and other parameters in the work on key derivation).
* tests/suites/test_suite_psa_crypto.data: update the key agreement
  tests from the work on key derivation to the format from the work on
  public key formats.
* tests/suites/test_suite_psa_crypto_metadata.function: reconcile the
  addition of unrelated ALG_IS_xxx macros
2019-01-18 18:54:15 +01:00
Gilles Peskine 6843c29713 Simplify the encoding of key agreement algorithms
Get rid of "key selection" algorithms (of which there was only one:
raw key selection).

Encode key agreement by combining a raw key agreement with a KDF,
rather than passing the KDF as an argument of a key agreement macro.
2019-01-18 18:38:08 +01:00
Gilles Peskine 969c5d61f7 Make key agreement the secret input for key derivation
* Documentation
* Proof-of-concept implementation
* Updates to the tests (work in progress)
2019-01-18 18:34:28 +01:00
Gilles Peskine b70a0fd1a5 Key derivation by small input steps: proof-of-concept
Document the new API. Keep the old one.

Implement for HKDF. Use it in a few test cases.

Key agreement is still unchanged.
2019-01-18 18:33:12 +01:00
Gilles Peskine 1f9e58a1bb Merge branch 'psa-signature_policy_wildcard' into psa-api-1.0-beta
For hash-and-sign algorithms, allow a policy to specify a wildcard
instead of a specific hash algorithm.
2019-01-18 17:52:17 +01:00
Gilles Peskine 2d22647ce3 Merge remote-tracking branch 'upstream-crypto/pr/13' into psa-api-1.0-beta
Change the import/export format of RSA and ECC public keys to use just
the key data, without a SubjectPublicKeyInfo wrapping.
2019-01-18 17:04:12 +01:00
Ron Eldor 574ac577b0 Specify server certificate to use in SHA-1 test
Specify the SHA-1 server certificate to use in the SHA-1 test,
because now the default certificates use SHA256 certificates.
2019-01-17 00:36:42 +02:00
Andres Amaya Garcia 5d26163db4 Add tests for (named) bitstring to suite_asn1write 2019-01-16 18:59:07 +00:00
Jaeden Amero 0ae445f8fd psa: Simplify EC public key format
Remove front matter from our EC key format, to make it just the contents
of an ECPoint as defined by SEC1 section 2.3.3.

As a consequence of the simplification, remove the restriction on not
being able to use an ECDH key with ECDSA. There is no longer any OID
specified when importing a key, so we can't reject importing of an ECDH
key for the purpose of ECDSA based on the OID.
2019-01-15 11:29:18 +00:00
Gilles Peskine 30f77cdfc1 Add a hash wildcard value for hash-and-sign algorithm
You can use PSA_ALG_ANY_HASH to build the algorithm value for a
hash-and-sign algorithm in a policy. Then the policy allows usage with
this hash-and-sign family with any hash.

Test that PSA_ALG_ANY_HASH-based policies allow a specific hash, but
not a different hash-and-sign family. Test that PSA_ALG_ANY_HASH is
not valid for operations, only in policies.
2019-01-14 19:38:56 +01:00
Gilles Peskine d35b489ce5 New macro PSA_ALG_IS_HASH_AND_SIGN
Test for a subclass of public-key algorithm: those that perform
full-domain hashing, i.e. algorithms that can be broken down as
sign(key, hash(message)).
2019-01-14 16:02:15 +01:00
Jaeden Amero 8d4be19517
Merge pull request #7 from gilles-peskine-arm/all_sh-mbedcrypto
[mbedcrypto] all.sh: make it possible to run a subset of the components
2019-01-14 10:47:20 +00:00
Jaeden Amero 6b19600fba psa: Simplify RSA public key format
Remove pkcs-1 and rsaEncryption front matter from RSA public keys. Move
code that was shared between RSA and other key types (like EC keys) to
be used only with non-RSA keys.
2019-01-11 18:08:53 +00:00
Jaeden Amero 005401e6a7
Merge pull request #8 from NirSonnenschein/fix_check-names.sh
modify check-names.sh and list-macros.sh to work with PSA constants
2019-01-11 13:22:54 +00:00
Gilles Peskine e87898709c Rename test_memcheck to test_valgrind
Valgrind is what it does. `memcheck` is how it's implemented.
2019-01-10 18:36:20 +01:00
Gilles Peskine a49b00f2ed Support wildcard patterns with a positive list of components to run
Wildcard patterns now work with command line COMPONENT arguments
without --except as well as with. You can now run e.g.
`all.sh "check_*` to run all the sanity checks.
2019-01-10 18:36:20 +01:00
Gilles Peskine d692e11309 Delete $OUT_OF_SOURCE_DIR under --force
The deletion of "$OUT_OF_SOURCE_DIR" had mistakenly been lumped
together with Yotta and then removed when Yotta support was removed.
Bring it back.
2019-01-10 18:36:20 +01:00
Gilles Peskine add1d23b26 Fix sometimes-spurious warning about changed config.h
After backing up and restoring config.h, `git diff-files` may report
it as potentially-changed because it isn't sure whether the index is
up to date. Use `git diff` instead: it actually reads the file.
2019-01-10 18:36:20 +01:00
Gilles Peskine 92bff7f9bf all.sh: Update the maintainer documentation 2019-01-10 18:36:16 +01:00
Gilles Peskine 2edf47c2c3 Merge the code to call output_env.sh into pre_check_tools
It's all about tool detection.
2019-01-10 18:35:33 +01:00
Gilles Peskine 657f59a520 all.sh: only check tools that are going to be used
Don't require openssl, mingw, etc. if we aren't going to run a
component that uses them.
2019-01-10 18:35:32 +01:00
Gilles Peskine e26ab189cb all.sh: only look for armcc if it is used
Only look for armcc if component_build_armcc is to be executed,
instead of requiring the option --no-armcc.

You can still pass --no-armcc, but it's no longer required when
listing components to run. With no list of components or an exclude
list on the command line, --no-armcc is equivalent to having
build_armcc in the exclude list.
2019-01-10 18:35:32 +01:00
Gilles Peskine 1bcb1c8e28 all.sh: Always build the list of components to run
Build the list of components to run in $RUN_COMPONENTS as part of
command line parsing. After parsing the command line, it no longer
matters how this list was built.
2019-01-10 18:35:32 +01:00
Gilles Peskine 1072610e14 all.sh: list components automatically
Extract the list of available components by looking for definitions of
functions called component_xxx. The previous code explicitly listed
all components in run_all_components, which opened the risk of
forgetting to list a component there.

Add a conditional execution facility: if a function support_xxx exists
and returns false then component_xxx is not executed (except when the
command line lists an explicit set of components to execute).
2019-01-10 18:35:32 +01:00
Gilles Peskine 69f190e8dd Rename test_memcheck to test_valgrind
Valgrind is what it does. `memcheck` is how it's implemented.
2019-01-10 18:29:15 +01:00
Gilles Peskine a28db923d9 Support wildcard patterns with a positive list of components to run
Wildcard patterns now work with command line COMPONENT arguments
without --except as well as with. You can now run e.g.
`all.sh "check_*` to run all the sanity checks.
2019-01-10 18:29:15 +01:00
Gilles Peskine 53190e6160 Delete $OUT_OF_SOURCE_DIR under --force
The deletion of "$OUT_OF_SOURCE_DIR" had mistakenly been lumped
together with Yotta and then removed when Yotta support was removed.
Bring it back.
2019-01-10 18:29:15 +01:00
Gilles Peskine d1174cf015 Fix sometimes-spurious warning about changed config.h
After backing up and restoring config.h, `git diff-files` may report
it as potentially-changed because it isn't sure whether the index is
up to date. Use `git diff` instead: it actually reads the file.
2019-01-10 18:29:15 +01:00
Gilles Peskine c70637a5f0 all.sh: Update the maintainer documentation 2019-01-10 18:29:12 +01:00
Gilles Peskine cc9f0b956e Merge the code to call output_env.sh into pre_check_tools
It's all about tool detection.
2019-01-10 18:27:38 +01:00
Gilles Peskine 879642663a all.sh: only check tools that are going to be used
Don't require openssl, mingw, etc. if we aren't going to run a
component that uses them.
2019-01-10 18:27:38 +01:00
Gilles Peskine 5331c6e0b1 all.sh: only look for armcc if it is used
Only look for armcc if component_build_armcc is to be executed,
instead of requiring the option --no-armcc.

You can still pass --no-armcc, but it's no longer required when
listing components to run. With no list of components or an exclude
list on the command line, --no-armcc is equivalent to having
build_armcc in the exclude list.
2019-01-10 18:27:38 +01:00
Gilles Peskine beb3a81588 all.sh: Always build the list of components to run
Build the list of components to run in $RUN_COMPONENTS as part of
command line parsing. After parsing the command line, it no longer
matters how this list was built.
2019-01-10 18:27:38 +01:00
Gilles Peskine 878cf60172 all.sh: list components automatically
Extract the list of available components by looking for definitions of
functions called component_xxx. The previous code explicitly listed
all components in run_all_components, which opened the risk of
forgetting to list a component there.

Add a conditional execution facility: if a function support_xxx exists
and returns false then component_xxx is not executed (except when the
command line lists an explicit set of components to execute).
2019-01-10 18:27:38 +01:00
Gilles Peskine 55ae162559 all.sh: fix MAKEFLAGS setting
MAKEFLAGS was set to -j if it was already set, instead of being set if
not previously set as intended. So now all.sh will do parallel builds
if invoked without MAKEFLAGS in the environment.
2019-01-10 09:32:04 +01:00
Gilles Peskine bdf3f52710 all.sh: don't insist on Linux; always run Valgrind
Don't bail out of all.sh if the OS isn't Linux. We only expect
everything to pass on a recent Linux x86_64, but it's useful to call
all.sh to run some components on any platform.

In all.sh, always run both MemorySanitizer and Valgrind. Valgrind is
slower than ASan and MSan but finds some things that they don't.

Run MSan unconditionally, not just on Linux/x86_64. MSan is supported
on some other OSes and CPUs these days.

Use `all.sh --except test_memsan` if you want to omit MSan because it
isn't supported on your platform. Use `all.sh --except test_memcheck`
if you want to omit Valgrind because it's too slow.

Make the test scripts more portable (tested on FreeBSD): don't insist
on GNU sed, and recognize amd64 as well as x86_64 for `uname -m`. The
`make` utility must still be GNU make.
2019-01-10 09:32:04 +01:00
Gilles Peskine 74851d8dd9 Gdb script: improve portability of ASLR disabling disabling
Call `set disable-randomization off` only if it seems to be supported.
The goal is to neither get an error about disable-randomization not
being supported (e.g. on FreeBSD), nor get an error if it is supported
but fails (e.g. on Ubuntu).

Only fiddle with disable-randomization from all.sh, which cares
because it reports the failure of ASLR disabling as an error. If a
developer invokes the Gdb script manually, a warning about ASLR
doesn't matter.
2019-01-10 09:32:04 +01:00
Gilles Peskine 1927565f9b Use CMAKE_BUILD_TYPE to do Asan builds
Use `cmake -D CMAKE_BUILD_TYPE=Asan` rather than manually setting
`-fsanitize=address`. This lets cmake determine the necessary compiler
and linker flags.

With UNSAFE_BUILD on, force -Wno-error. This is necessary to build
with MBEDTLS_TEST_NULL_ENTROPY.
2019-01-10 09:32:04 +01:00
Gilles Peskine 06b385fabe Fix inconsistent indentation
Only whitespace changes in this commit.
2019-01-10 09:32:04 +01:00
Gilles Peskine a1fc4b5ead all.sh: fix MAKEFLAGS setting
MAKEFLAGS was set to -j if it was already set, instead of being set if
not previously set as intended. So now all.sh will do parallel builds
if invoked without MAKEFLAGS in the environment.
2019-01-09 22:36:33 +01:00
Gilles Peskine a16c2b1ff1 all.sh: don't insist on Linux; always run Valgrind
Don't bail out of all.sh if the OS isn't Linux. We only expect
everything to pass on a recent Linux x86_64, but it's useful to call
all.sh to run some components on any platform.

In all.sh, always run both MemorySanitizer and Valgrind. Valgrind is
slower than ASan and MSan but finds some things that they don't.

Run MSan unconditionally, not just on Linux/x86_64. MSan is supported
on some other OSes and CPUs these days.

Use `all.sh --except test_memsan` if you want to omit MSan because it
isn't supported on your platform. Use `all.sh --except test_memcheck`
if you want to omit Valgrind because it's too slow.

Make the test scripts more portable (tested on FreeBSD): don't insist
on GNU sed, and recognize amd64 as well as x86_64 for `uname -m`. The
`make` utility must still be GNU make.
2019-01-09 22:36:33 +01:00
Gilles Peskine 4976e82a9e Gdb script: improve portability of ASLR disabling disabling
Call `set disable-randomization off` only if it seems to be supported.
The goal is to neither get an error about disable-randomization not
being supported (e.g. on FreeBSD), nor get an error if it is supported
but fails (e.g. on Ubuntu).

Only fiddle with disable-randomization from all.sh, which cares
because it reports the failure of ASLR disabling as an error. If a
developer invokes the Gdb script manually, a warning about ASLR
doesn't matter.
2019-01-09 22:36:31 +01:00
Gilles Peskine 5fa32a7a7a Use CMAKE_BUILD_TYPE to do Asan builds
Use `cmake -D CMAKE_BUILD_TYPE=Asan` rather than manually setting
`-fsanitize=address`. This lets cmake determine the necessary compiler
and linker flags.

With UNSAFE_BUILD on, force -Wno-error. This is necessary to build
with MBEDTLS_TEST_NULL_ENTROPY.
2019-01-09 22:35:57 +01:00
Gilles Peskine 55f7c94430 Fix inconsistent indentation
Only whitespace changes in this commit.
2019-01-09 22:35:55 +01:00
Nir Sonnenschein 6bd14269c9 remove excess whitespace 2019-01-09 00:32:56 +02:00
Nir Sonnenschein 03091d1114 modify check-names.sh and list-macros.sh to work with PSA constants
fixed processing of PSA macros in check names script.
This required changes in:
*list-macros.sh to scan the PSA headers
*check-names to scan PSA files and allow PSA_* macro names
2019-01-08 18:15:50 +02:00
Simon Butcher 6944e05956 Merge remote-tracking branch 'public/pr/2232' into development 2019-01-08 15:33:28 +00:00
Simon Butcher 012a06cbf6 Merge remote-tracking branch 'public/pr/2228' into development 2019-01-08 15:26:58 +00:00
Andrzej Kurek 2349c4db88 Adapt to the new key allocation mechanism 2019-01-08 09:36:01 -05:00
Jaeden Amero d94d671f14 psa: Test that generator initializers work 2019-01-08 14:28:04 +00:00
Jaeden Amero 5bae227da0 psa: Add initializers for cipher operation objects
Add new initializers for cipher operation objects and use them in our
tests and library code. Prefer using the macro initializers due to their
straightforwardness.
2019-01-08 14:28:04 +00:00
Jaeden Amero 769ce27f12 psa: Add initializers for MAC operation objects
Add new initializers for MAC operation objects and use them in our tests
and library code. Prefer using the macro initializers due to their
straightforwardness.
2019-01-08 14:28:04 +00:00
Jaeden Amero 6a25b41ac3 psa: Add initializers for hash operation objects
Add new initializers for hash operation objects and use them in our
tests and library code. Prefer using the macro initializers due to their
straightforwardness.
2019-01-08 14:28:04 +00:00
Jaeden Amero 70261c513a psa: Add initializers for key policies
Add new initializers for key policies and use them in our docs, example
programs, tests, and library code. Prefer using the macro initializers
due to their straightforwardness.
2019-01-08 14:28:04 +00:00
Gilles Peskine 51585384b9 Merge remote-tracking branch 'upstream-crypto/development' into all_sh-mbedcrypto
Merge the work on all.sh that was done on mbedtls-2.14.0 with the
changes from mbedtls-2.14.0 to the current tip of mbed-crypto/development.

There is a merge conflict in test/scripts/all.sh, which is the only
file that was modified in the all.sh work branch. I resolved it by
taking the copy from the all.sh branch and applying the changes
between mbedtls-2.14.0 and mbedtls-2.16.0. As evidenced by
`git diff mbedtls-2.14.0 d668baebc5e1709f4118aba3802d9af0ee4e4d83`,
many of the commits in
`git log mbedtls-2.14.0 d668baebc5e1709f4118aba3802d9af0ee4e4d83`
cancelled each other or were redundant with parallel commits that had
also occured via another branch included in mbedtls-2.14.0, leaving
the following differences:

* Removal of one unimportant blank line.
* The changes from db2b8db715
  "psa: Add storage implementation for files", to turn off
  PSA storage when MBEDTLS_FS_IO is turned off, which I manually
  replayed.
2019-01-05 10:27:47 +01:00
Jaeden Amero 8c7e95d9e0 tests: Remove unused key policy objects
persistent_key_import() and persistent_key_destroy() don't need to and
don't use key policy objects. Remove unused key policy objects.
2019-01-04 15:38:07 +00:00
Gilles Peskine b28636b865 Merge tag 'mbedtls-2.16.0' into all_sh-2.14
Merge the work on all.sh that was done on mbedtls-2.14.0 with the
changes from mbedtls-2.14.0 to mbedtls-2.16.0.

There is a merge conflict in test/scripts/all.sh, which is the only
file that was modified in the all.sh work branch. I resolved it by
taking the copy from the all.sh branch and applying the changes
between mbedtls-2.14.0 and mbedtls-2.16.0. These changes consisted of
two commits:

* "Add tests to all.sh for CHECK_PARAMS edge cases": adds two
  test components which are reproduced here as
  test_check_params_without_platform and component_test_check_params_silent.
* "tests: Backup config.h before modifying it": moot because the
  component framework introduced in the all.sh branch backs up config.h
  systematically.
2019-01-03 13:04:36 +01:00
Gilles Peskine 608953eb8c Back up and restore config.h systematically
In all.sh, always save config.h before running a component, instead of
doing it manually in each component that requires it (except when we
forget, which has happened). This would break a script that requires
config.h.bak not to exist, but we don't have any of those.
2019-01-02 19:05:33 +01:00
Gilles Peskine 8ae15ddcf8 Back up and restore config.h systematically
In all.sh, always save config.h before running a component, instead of
doing it manually in each component that requires it (except when we
forget, which has happened). This would break a script that requires
config.h.bak not to exist, but we don't have any of those.
2019-01-02 18:57:02 +01:00
Gilles Peskine ffcdeff00a Add the current component name to msg output and the final report 2019-01-02 18:09:05 +01:00
Gilles Peskine 81b96ed603 Add --except mode: run all components except a list
Allow the list to use wildcards, e.g. you can run the sanity checks with
all.sh --except "test_*" "build_*"
2019-01-02 18:07:23 +01:00
Gilles Peskine 92525111dc all.sh: with non-option arguments, run only these components 2019-01-02 18:07:23 +01:00
Gilles Peskine 348fb9a597 New option --list-components
Add an option to list the available components.

This is not useful yet, but a subsequent commit will add the ability
to run specific components.
2019-01-02 18:07:23 +01:00
Gilles Peskine 782f411bf5 Move test-ref-configs into its own component 2019-01-02 18:07:22 +01:00
Gilles Peskine e48351a33f Move cleanup into the common wrapper function
Call cleanup from run_component instead of calling it from each
individual component function.

Clean up after each component rather than before. With the new
structure it makes more sense for each component to leave the place
clean. Run cleanup once at the beginning to start from a clean slate.
2019-01-02 18:07:22 +01:00
Gilles Peskine 9f8f92ca9b Remove duplicate component for RSA_NO_CRT 2019-01-02 18:07:22 +01:00
Gilles Peskine 8f07312124 Move the code into functions. No behavior change.
Move almost all the code of this script into functions. There is no
intended behavior change. The goal of this commit is to make
subsequent improvements easier to follow.

A very large number of lines have been reintended. To see what's going
on, ignore whitespace differences (e.g. diff -w).

I followed the following rules:

* Minimize the amount of code that gets moved.
* Don't change anything to what gets executed or displayed.
* Almost all the code must end up in a function.
* One function does one thing. For most of the code, that's from one
  "cleanup" to the next.
* The test sequence functions (run_XXX) are independent.

The change mostly amounts to putting chunks of code into a function
and calling the functions in order. A few test runs are conditional;
in those cases the conditional is around the function call.
2019-01-02 18:07:22 +01:00
Simon Butcher d3d8a64dfa Enable more compiler warnings in tests/Makefile
tests/Makefile had some unused warnings disabled unnecessarily, which
test-ref-configs.pl was turning back on. We don't need to disable these warnings
so I'm turning them back on.
2018-12-28 11:06:35 +00:00
Simon Butcher ecff219e6f Change file scoping of test helpers.function
Dependent on configured options, not all of the helper functions were being
used, which was leading to warning of unused functions with Clang.

To avoid any complex compile time options, or adding more logic to
generate_test_code.py to screen out unused functions, those functions which were
provoking the warning were changed to remove static, remove them from file
scope, and expose them to the linker.
2018-12-28 11:06:25 +00:00
Simon Butcher 6c164e754b Update the version of the library to 2.16.0 2018-12-21 10:51:51 +00:00
Gilles Peskine c08fc1d7e9 Move MIN and MAX macros from PSA tests to helpers.function 2018-12-20 18:47:53 +01:00
Gilles Peskine d76f181617 Prefer ASSERT_ALLOC to calloc+TEST_ASSERT in PSA tests
To allocate memory dynamically in a test, call ASSERT_ALLOC which
takes care of calling calloc and of checking for NULL.
2018-12-20 18:47:53 +01:00
Gilles Peskine 1f2aa0e3b0 Remove useless null checks of data_t* parameters
The test framework never passes NULL for a data_t* parameter, so
testing them against NULL is clutter.
2018-12-20 18:47:53 +01:00
Gilles Peskine 40ab95bdbc Remove checks of test parameters against SIZE_MAX
Our code base doesn't even support 16-bit platforms, so those checks
are always trivially true.
2018-12-20 18:47:53 +01:00
Gilles Peskine 0dfba2ddf0 Use ASSERT_COMPARE in preference to memcmp in PSA tests 2018-12-20 18:47:52 +01:00
Gilles Peskine f812dcf4ae Rewrap some lines after the macro changes
Change the way some lines are wrapped to cut at a more logical place.
This commit mainly rewrites multi-line calls to TEST_EQUAL, and also a
few calls to PSA_ASSERT.
2018-12-20 18:47:52 +01:00
Gilles Peskine fe11b72b93 Use TEST_EQUAL(a,b) in preference to TEST_ASSERT(a==b)
This commit is the result of the following command, followed by
reindenting (but not wrapping lines):

perl -00 -i -pe 's/^( *)TEST_ASSERT\(([^;=]*)(?: |\n *)==([^;=]*)\);$/${1}TEST_EQUAL($2,$3);/gm' tests/suites/test_suite_psa_*.function
2018-12-20 18:47:52 +01:00
Gilles Peskine 8817f61007 Use PSA_ASSERT(a) in preference to TEST_ASSERT(a==PSA_SUCCESS)
This commit is the result of the following command, followed by
reindenting (but not wrapping lines):

perl -00 -i -pe 's/^( *)TEST_ASSERT\(([^;=]*)(?: |\n *)==\s*PSA_SUCCESS\s*\);$/${1}PSA_ASSERT($2 );/gm' tests/suites/test_suite_psa_*.function
2018-12-20 18:47:52 +01:00
Gilles Peskine 0f915f1d2a Indent PSA tests according to K&R rules with Mbed TLS tweaks
Only whitespace changes in this commit.
2018-12-20 18:47:52 +01:00
Gilles Peskine 9d8eea7e19 Wrap some multiline expressions in parentheses
This guarantees that they'll be indented as desired under most
indentation rules.
2018-12-20 18:47:52 +01:00
Gilles Peskine 5f7aeeea06 New test macro TEST_EQUAL
TEST_EQUAL(expr1, expr2) is just TEST_ASSERT((expr1) == (expr2)) for
now, but in the future I hope that it will print out the differing
values.
2018-12-20 18:47:52 +01:00
Gilles Peskine 0174be2c17 Move the PSA_ASSERT macro to the common helpers file
It's potentially useful in all PSA test suites, of which there are now
several.
2018-12-20 18:47:52 +01:00
Gilles Peskine f055ad7512 Add a safety check to ARRAY_LENGTH
Cause a compilation error on ARRAY_LENGTH(p) where p is a pointer as
opposed to an array. This only works under GCC and compatible
compilers such as Clang. On other compilers, ARRAY_LENGTH works but
doesn't check the type of its argument.
2018-12-20 18:47:52 +01:00
Simon Butcher 428d00d837 Merge remote-tracking branch 'public/pr/2209' into development-restricted 2018-12-20 12:34:59 +00:00
Simon Butcher 88d45a84eb Merge remote-tracking branch 'public/pr/2171' into development-restricted 2018-12-20 12:30:47 +00:00
Simon Butcher ad7c2105a2 Merge remote-tracking branch 'public/pr/2274' into development 2018-12-20 12:16:57 +00:00
Simon Butcher 12b4240300 Merge remote-tracking branch 'public/pr/2288' into development 2018-12-20 12:16:46 +00:00
Simon Butcher c831193c85 Merge remote-tracking branch 'public/pr/2302' into development 2018-12-20 12:16:39 +00:00
Simon Butcher 1efda39f8a Merge remote-tracking branch 'public/pr/2297' into development 2018-12-20 12:16:29 +00:00
Simon Butcher 5aa7809ac8 Merge remote-tracking branch 'public/pr/2275' into development 2018-12-20 12:15:19 +00:00
Simon Butcher 780cf189b0 Merge remote-tracking branch 'public/pr/2271' into development 2018-12-20 12:15:08 +00:00
Simon Butcher 032c037052 Merge remote-tracking branch 'public/pr/2270' into development 2018-12-20 12:04:13 +00:00
Simon Butcher a033633bb0 Merge remote-tracking branch 'public/pr/2269' into development 2018-12-20 12:02:56 +00:00
Simon Butcher 70935a4001 Merge remote-tracking branch 'public/pr/2299' into development 2018-12-20 12:02:23 +00:00
Simon Butcher 003c0e032f Merge remote-tracking branch 'public/pr/2292' into development 2018-12-20 12:02:17 +00:00
Simon Butcher decf2f5c2c Merge remote-tracking branch 'public/pr/2291' into development 2018-12-20 12:02:11 +00:00
Simon Butcher 65ce5dc981 Merge remote-tracking branch 'public/pr/2290' into development 2018-12-20 12:02:05 +00:00
Simon Butcher ad2e0dae32 Merge remote-tracking branch 'public/pr/2283' into development 2018-12-20 12:01:58 +00:00
Simon Butcher 0bbf7f450d Merge remote-tracking branch 'public/pr/2279' into development 2018-12-20 12:01:49 +00:00
Simon Butcher 962b7b17d5 Merge remote-tracking branch 'public/pr/2273' into development 2018-12-20 12:01:17 +00:00
Simon Butcher 6be67a6518 Merge remote-tracking branch 'public/pr/2281' into development 2018-12-20 12:01:09 +00:00
Simon Butcher dac513e246 Merge remote-tracking branch 'public/pr/2282' into development 2018-12-20 12:01:04 +00:00