Commit graph

12629 commits

Author SHA1 Message Date
Gilles Peskine 180850a229
Merge pull request #291 from gilles-peskine-arm/ctr_drbg-test_aes_128
Test MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
2019-12-20 10:43:44 +01:00
Jaeden Amero ccdeb47cdf
Merge pull request #2958 from yanesca/iotcrypt-942-initialise-return-values
Initialize return values to an error
2019-12-19 11:33:03 +00:00
Janos Follath 73c616bdc1 Put includes in alphabetical order
The library style is to start with the includes corresponding to the
current module and then the rest in alphabetical order. Some modules
have several header files (eg. ssl_internal.h).

The recently added error.h includes did not respect this convention and
this commit restores it. In some cases this is not possible just by
moving the error.h declarations. This commit fixes the pre-existing
order in these instances too.
2019-12-19 10:27:57 +00:00
Janos Follath df587ee6d6 Remove duplicate include statement
Now that the Error module has error codes as well and is processed by
the generate_errors script like any other module, we don't need to
include the header manually.
2019-12-19 10:27:57 +00:00
Janos Follath d8752858fc Update crypto submodule 2019-12-19 10:27:04 +00:00
Jaeden Amero 795c6bab62
Merge pull request #323 from yanesca/iotcrypt-942-initialise-return-values
Initialise return values to an error
2019-12-19 10:24:22 +00:00
Jaeden Amero 40f923ecf7
Merge pull request #2961 from RonEld/update_readme_to_vs_2012
Update the VS version in the Readme file
2019-12-18 13:43:05 +00:00
Ron Eldor 05b44892c0 Change the version of VS
Change the miniaml version to the correct one - 2013. Revet the
VS version in the tests to 2010, since the solution file
hasn't been updated yet.
2019-12-18 14:28:18 +02:00
Ron Eldor c5074be0ce Update the VS version in the Readme file
Update the VS version in the README file to 2012, as this is the
minimal version supported.
2019-12-18 14:00:13 +02:00
Janos Follath 865b3ebf84 Initialize return values to an error
Initializing the return values to an error is best practice and makes
the library more robust against programmer errors.
2019-12-16 15:15:16 +00:00
Janos Follath 2d20567122 Add two error codes to the Error module
One of the error codes was already reserved, this commit just makes it
explicit. The other one is a new error code for initializing return
values in the library: `MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED` should
not be returned by the library. If it is returned, then it is surely a
bug in the library or somebody is tampering with the device.
2019-12-16 15:15:16 +00:00
Jaeden Amero 16027956cd
Merge pull request #333 from gilles-peskine-arm/psa-streamline_encodings-prepare_for_types
Streamline PSA key type encodings: prepare
2019-12-13 09:39:03 +00:00
Janos Follath ab534cfd62 Fix number of allocated errors in Platform 2019-12-12 14:34:30 +00:00
Janos Follath 9c2ccd2e7a Fix error code range in documentation 2019-12-12 14:24:46 +00:00
Jaeden Amero 88d1c05644
Merge pull request #2953 from gilles-peskine-arm/update-crypto-20191206
Update crypto submodule
2019-12-12 12:17:11 +00:00
Gilles Peskine 4cd3277656 Factor common code of psa_import_ec_{public,private}_key 2019-12-12 09:00:27 +01:00
Gilles Peskine 46c33801f3 Remove unused macros 2019-12-12 09:00:27 +01:00
Gilles Peskine 7a1925c453 Add a few EC public key import/export test cases
Test a Brainpool curve and a curve whose bit size is not a multiple of 8.
2019-12-12 09:00:27 +01:00
Gilles Peskine f8210f2bd5 Test the block size for symmetric keys
Also insist on their category.

Fix a missing implementation of PSA_BLOCK_CIPHER_BLOCK_SIZE for
ChaCha20.
2019-12-12 09:00:27 +01:00
Gilles Peskine 92f2da9d67 More precise descriptions for format and parse tests 2019-12-12 09:00:27 +01:00
Gilles Peskine fb745bf618 Fix memory failure handling in test_format_storage_data_check
Fail the test instead of crashing if a memory allocation fails.

Free memory even if the test fails.
2019-12-12 09:00:26 +01:00
Gilles Peskine 667c111416 Sanity checks for key attributes in exercise_key 2019-12-12 09:00:26 +01:00
Gilles Peskine 325584889d Add option to show what values are tested
This is useful to inspect what the script does manually, in particular
to check that expected values do get tested. --keep-c provides the
same information but in a way that's harder to access.
2019-12-11 11:03:07 +01:00
Gilles Peskine 49af2d3a4f Support non-ASCII characters in headers
Filter out non-ASCII characters in automatically processed headers.

Do this in a way that minimizes the code change: keep manipulating
strings, but strip off non-ASCII characters when reading lines, which
should only remove characters in comments that we don't parse anyway.
2019-12-11 11:03:07 +01:00
Jaeden Amero caf88ff8f5
Merge pull request #2938 from yanesca/iotssl-2954-custom-io-unit-test
Mock TCP sockets and callbacks for SSL unit tests
2019-12-10 09:49:59 +00:00
Jaeden Amero 1a61d455e9
Merge pull request #2841 from k-stachowiak/improve-memory-operation-clarity
Improve clarity of a memory operation call
2019-12-09 19:54:29 +02:00
Janos Follath c673c2cd44 Break up the ssl_mock_tcp unit test
Break the test up to three different tests for the sake of
better readability and maintainability.
2019-12-09 09:10:21 +00:00
Janos Follath 3766ba50de Add non-blocking mock TCP callbacks to SSL tests 2019-12-09 09:10:21 +00:00
Janos Follath 031827feba Add mbedtls_mock_socket to SSL unit tests
In a unit test we want to avoid accessing the network. To test the
handshake in the unit test suite we need to implement a connection
between the server and the client. This socket implementation uses
two ring buffers to mock the transport layer.
2019-12-09 09:10:14 +00:00
Gilles Peskine 5af2941fff Update crypto submodule
* #321: Replace config.pl by config.py
* #322: Update Mbed Crypto with latest Mbed TLS changes as of 2019-11-15
* #308: Small performance improvement of mbedtls_mpi_div_mpi()
* #324: test_psa_constant_names: support key agreement, better code structure
* #320: Link to the PSA crypto portal page from README.md
* #293: Always gather MBEDTLS_ENTROPY_BLOCK_SIZE bytes of entropy
* #310: Clarify test descriptions in test_suite_memory_buffer_alloc
* #307: Add ASN.1 ENUMERATED tag support
* #328: Remove dependency of crypto_values.h on crypto_extra.h
* #325: Rename psa_asymmetric_{sign_verify} to psa_{sign,verify}_hash

Missed listing in the previous submodule update:

* #304: Make sure Asan failures are detected in 'make test'
2019-12-06 20:30:42 +01:00
Gilles Peskine 81f7909497
Merge pull request #325 from gilles-peskine-arm/psa-sign_hash
Rename psa_asymmetric_{sign_verify} to psa_{sign,verify}_hash
2019-12-06 10:10:14 +01:00
Gilles Peskine a78acf1c6f
Merge pull request #2935 from gilles-peskine-arm/config_py-pl_error_clarity
config.pl: If python3 fails, make it clear that this isn't fatal
2019-12-06 10:09:35 +01:00
Janos Follath 6264e66ba4 Add mbedtls_test_buffer to SSL unit tests
In a unit test we want to avoid accessing the network. To test the
handshake in the unit test suite we need to implement a connection
between the server and the client. This ring buffer implementation will
serve as the said connection.
2019-12-06 07:23:49 +00:00
Zachary J. Fields 2347a34b75
Propagate public headers
Declare include headers as `PUBLIC` to propagate to project consumers
2019-12-03 16:19:53 -06:00
Janos Follath 24eed8d2d2 Initialise return values to an error
Initialising the return values to and error is best practice and makes
the library more robust.
2019-12-03 16:07:18 +00:00
Janos Follath a13b905d8d Map the new Mbed TLS error value in PSA 2019-12-03 16:03:11 +00:00
Janos Follath 60f6b64b8f Add two error codes to the Error module
One of the error codes was already reserved, this commit just makes it
explicit. The other one is a new error code for initializing return
values in the library: `MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED` should
not be returned by the library. If it is returned, then it is surely a
bug in the library or somebody is tampering with the device.
2019-12-03 16:01:06 +00:00
Janos Follath d11550e11d Fix number of allocated errors in Platform 2019-12-03 16:01:06 +00:00
Gilles Peskine 1a60fa1e3a
Merge pull request #328 from gilles-peskine-arm/psa-ecdsa_deterministic_flag
Remove dependency of crypto_values.h on crypto_extra.h
2019-11-29 18:41:55 +01:00
Gilles Peskine 0168f2f2c1 Better documentation in crypto_compat.h
Note that the identifiers declared in this header are deprecated.

Indicate what API version identifiers were from.
2019-11-29 12:23:46 +01:00
Gilles Peskine 2ff02c361e Document MBEDTLS_TEST_DEPRECATED 2019-11-29 12:17:21 +01:00
Gilles Peskine 895242be1c Add negative test cases for deprecated aliases
Catch more potential plumbing errors such as not returning the right
value or not writing to an output parameter.
2019-11-29 12:15:40 +01:00
Gilles Peskine 972630e240 Remove dependency of crypto_values.h on crypto_extra.h
Define PSA_ALG_ECDSA_DETERMINISTIC_FLAG in crypto_values.h.

This is necessary for the current PSA API specification processing
scripts.
2019-11-29 11:55:48 +01:00
Janos Follath 512fe9673f Fix test assert macro calls
The assert() macro in test is not available anymore. It is superseeded
by TEST_HELPER_ASSERT().
2019-11-29 10:13:32 +00:00
Gilles Peskine 6608e71032 Change ASSERT_ALLOC to take a size in elements, not bytes
`ASSERT_ALLOC(p, length)` now allocates `length` elements, i.e.
`length * sizeof(*p)` bytes.
2019-11-29 10:13:32 +00:00
Gilles Peskine 28405300ee New macro ASSERT_ALLOC to allocate memory in tests
The new macro ASSERT_ALLOC allocates memory with mbedtls_calloc and
fails the test if the allocation fails. It outputs a null pointer if
the requested size is 0. It is meant to replace existing calls to
mbedtls_calloc.
2019-11-29 10:13:32 +00:00
Jaeden Amero ba9fff2433
Merge pull request #283 from ARMmbed/dev/gilles-peskine-arm/ctr_drbg-aes_fail-crypto
Uncaught AES failure in CTR_DRBG
2019-11-28 15:02:00 +00:00
Gilles Peskine 7bb1a7e0bf
Merge pull request #307 from msopiha-linaro/development
Add ASN.1 ENUMERATED tag support
2019-11-28 10:20:18 +01:00
Gilles Peskine afaee1cacf Catch AES failure in mbedtls_ctr_drbg_random
The functions mbedtls_ctr_drbg_random() and
mbedtls_ctr_drbg_random_with_add() could return 0 if an AES function
failed. This could only happen with alternative AES
implementations (the built-in implementation of the AES functions
involved never fail), typically due to a failure in a hardware
accelerator.

Bug reported and fix proposed by Johan Uppman Bruce and Christoffer
Lauri, Sectra.
2019-11-28 10:03:08 +01:00
Gilles Peskine 06c28890c9 Add test function for effective key attributes
We're going to create some edge cases where the attributes of a key
are not bitwise identical to the attributes passed during creation.
Have a test function ready for that.
2019-11-26 19:14:18 +01:00