Commit graph

1127 commits

Author SHA1 Message Date
Gilles Peskine 67665509ab Note that unmet_dependencies is only filled in verbose mode
Warn about a gotcha that caused a bug in development.

Ensure that it's at least zeroed out, rather than uninitialized, in
non-verbose mode.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-04-01 09:59:54 +02:00
Janos Follath 0f22670243 Bump version to Mbed TLS 2.7.14 2020-02-19 12:08:10 +00:00
Manuel Pégourié-Gonnard 9c16ede466 Check for buffer overflow in test function 2020-02-19 09:45:02 +01:00
Manuel Pégourié-Gonnard 355bbc0e70 Test each failure mode of pk_parse_key_pkcs1_der()
(Only the top-level ones, ie, for each call to eg asn1_get_mpi(), ensure
there's at least one test case that makes this call fail in one way, but don't
test the various ways to make asn1_get_mpi fail - that should be covered
elsewhere.)

- the new checks added by the previous commits needed exercising
- existing tests sometimes had wrong descriptions or where passing for the
  wrong reason (eg with the "length mismatch" test, the function actually
failed before reaching the length check)
- while at it, add tests for the rest as well

The valid minimal-size key was generated with:

openssl genrsa 128 2>/dev/null | openssl rsa -outform der 2>/dev/null | xxd -p
2020-02-18 11:27:08 +01:00
Manuel Pégourié-Gonnard bfd0259d26 Clean up test function pk_parse_key
- remove incorrect compile-time dependency (the individual cases already have
  correct run-time dependency information)
- remove unused argument
- remove unused stack buffer
- remove useless code block
2020-02-18 11:27:08 +01:00
Gilles Peskine 261aea1956 shrink tests: clearer description 2020-02-03 16:35:01 +01:00
Gilles Peskine 84b8e25426 Better coverage for copy and swap
Cover more cases: different signs, different zeronesses, repeated
argument.
2020-02-03 16:34:51 +01:00
Gilles Peskine 6f43c6038e Bignum copy/shrink: More precise test case descriptions 2020-02-03 16:27:56 +01:00
Janos Follath a67508e066 Merge pull request #3002 from gilles-peskine-arm/coverity-20200115-2.7 into mbedtls-2.7 2020-01-29 14:53:48 +00:00
Gilles Peskine 16ba09c621 Check that mbedtls_mpi_grow succeeds 2020-01-22 19:09:05 +01:00
Janos Follath ee88f8145d Bump version to Mbed TLS 2.7.13 2020-01-20 14:28:41 +00:00
Jaeden Amero d8180f8d84 Merge remote-tracking branch 'origin/mbedtls-2.7' into mbedtls-2.7-restricted
* origin/mbedtls-2.7:
  Enable more test cases without MBEDTLS_MEMORY_DEBUG
  More accurate test case description
  Clarify that the "FATAL" message is expected
  Note that mbedtls_ctr_drbg_seed() must not be called twice
  Fix CTR_DRBG benchmark
  Changelog entry for xxx_drbg_set_entropy_len before xxx_drbg_seed
  CTR_DRBG: support set_entropy_len() before seed()
  CTR_DRBG: Don't use functions before they're defined
  HMAC_DRBG: support set_entropy_len() before seed()
2020-01-15 16:59:10 +00:00
Jaeden Amero db649896e6
Merge pull request #2895 from gilles-peskine-arm/drbg-set_entropy_len-2.7
Backport 2.7: Allow xxx_drbg_set_entropy_len before xxx_drbg_seed
2019-11-29 16:17:08 +00:00
Gilles Peskine 02fbc08d2e Enable more test cases without MBEDTLS_MEMORY_DEBUG
None of the test cases in tests_suite_memory_buffer_alloc actually
need MBEDTLS_MEMORY_DEBUG. Some have additional checks when
MBEDTLS_MEMORY_DEBUG but all are useful even without it. So enable
them all and #ifdef out the parts that require DEBUG.
2019-11-26 18:48:08 +01:00
Gilles Peskine 786f068ec0 More accurate test case description 2019-11-26 18:47:14 +01:00
Gilles Peskine 04d45c98e8 Clarify that the "FATAL" message is expected
The test case "Memory buffer small buffer" emits a message
"FATAL: verification of first header failed". In this test case, it's
actually expected, but it looks weird to see this message from a
passing test. Add a comment that states this explicitly, and modify
the test description to indicate that the failure is expected, and
change the test function name to be more accurate.

Fix #309
2019-11-26 18:47:14 +01:00
Janos Follath f4482aaccc mpi_lt_mpi_ct: Add further tests
The existing tests did not catch a failure that came up at integration
testing. Adding the missing test cases to trigger the bug.
2019-11-11 12:27:36 +00:00
Janos Follath a776aea91a mpi_lt_mpi_ct: Fix test numbering 2019-11-11 12:27:36 +00:00
Janos Follath 1b86eeb06b mpi_lt_mpi_ct perform tests for both limb size
The corner case tests were designed for 32 and 64 bit limbs
independently and performed only on the target platform. On the other
platform they are not corner cases anymore, but we can still exercise
them.
2019-11-11 12:27:36 +00:00
Janos Follath 6adff06e50 mbedtls_mpi_lt_mpi_ct: add tests for 32 bit limbs
The corner case tests were designed for 64 bit limbs and failed on 32
bit platforms because the numbers in the test ended up being stored in a
different number of limbs and the function (correctly) returnd an error
upon receiving them.
2019-11-11 12:27:36 +00:00
Janos Follath 9332ecefc8 Add more tests for mbedtls_mpi_lt_mpi_ct 2019-11-11 12:27:36 +00:00
Janos Follath aaa3f22b76 mpi_lt_mpi_ct test: hardcode base 16 2019-11-11 12:27:36 +00:00
Janos Follath c3b376e2f2 Change mbedtls_mpi_cmp_mpi_ct to check less than
The signature of mbedtls_mpi_cmp_mpi_ct() meant to support using it in
place of mbedtls_mpi_cmp_mpi(). This meant full comparison functionality
and a signed result.

To make the function more universal and friendly to constant time
coding, we change the result type to unsigned. Theoretically, we could
encode the comparison result in an unsigned value, but it would be less
intuitive.

Therefore we won't be able to represent the result as unsigned anymore
and the functionality will be constrained to checking if the first
operand is less than the second. This is sufficient to support the
current use case and to check any relationship between MPIs.

The only drawback is that we need to call the function twice when
checking for equality, but this can be optimised later if an when it is
needed.
2019-11-11 12:27:36 +00:00
Janos Follath 883801d3ec Add tests to constant time mpi comparison 2019-11-11 12:27:36 +00:00
Gilles Peskine b729e1b9ba CTR_DRBG: support set_entropy_len() before seed()
mbedtls_ctr_drbg_seed() always set the entropy length to the default,
so a call to mbedtls_ctr_drbg_set_entropy_len() before seed() had no
effect. Change this to the more intuitive behavior that
set_entropy_len() sets the entropy length and seed() respects that and
only uses the default entropy length if there was no call to
set_entropy_len().

The former test-only function mbedtls_ctr_drbg_seed_entropy_len() is
no longer used, but keep it for strict ABI compatibility.
2019-10-23 18:01:25 +02:00
Jaeden Amero 5cc748e58f Merge remote-tracking branch 'origin/pr/2866' into mbedtls-2.7
* origin/pr/2866:
  Reduce stack usage of test_suite_pkcs1_v15
  Reduce stack usage of test_suite_pkcs1_v21
  Reduce stack usage of test_suite_rsa
  Reduce stack usage of test_suite_pk
2019-10-02 18:00:13 +01:00
Jaeden Amero 2fc6cf5da7 Merge remote-tracking branch 'origin/pr/2704' into mbedtls-2.7
* origin/pr/2704:
  Adapt auth_crypt_tv usage to 2.7
  Add missing dependencies in test_suite_cipher.gcm
  Adapt ChangeLog
  Add NIST AES GCM test vectors to single-step cipher API test suite
2019-10-02 17:56:38 +01:00
Ron Eldor 0ab4092e2d Reduce stack usage of test_suite_pkcs1_v15
Reduce the stack usage of the `test_suite_pkcs1_v15` by reducing the
size of the buffers used in the tests, to a reasonable big enough size.
2019-10-02 14:34:24 +03:00
Ron Eldor dd4277f70d Reduce stack usage of test_suite_pkcs1_v21
Reduce the stack usage of the `test_suite_pkcs1_v21` by reducing the
size of the buffers used in the tests, to a reasonable big enough size,
and change the size sent to the API to sizeof output.
2019-10-02 14:34:24 +03:00
Ron Eldor b3d3973264 Reduce stack usage of test_suite_rsa
Reduce the stack usage of the `test_suite_rsa` by reducing the
size of the buffers used in the tests, to a reasonable big enough size,
and change the data size to decrypt in the data file.
2019-10-02 14:34:24 +03:00
Ron Eldor 6827d1c588 Reduce stack usage of test_suite_pk
Reduce the stack usage of the `test_suite_pk` by reducing the
size of the buffers used in the tests, to a reasonable big enough size.
2019-10-02 14:34:17 +03:00
Jaeden Amero d7bd10dc89 Bump version to Mbed TLS 2.7.12 2019-09-06 13:28:28 +01:00
Gilles Peskine ad72522fad Merge remote-tracking branch 'upstream-restricted/mbedtls-2.7-proposed' into mbedtls-2.7-restricted 2019-08-14 16:30:13 +02:00
Gilles Peskine 3b8cf47004 Merge remote-tracking branch 'upstream-restricted/pr/508' into mbedtls-2.7-restricted 2019-08-14 16:25:10 +02:00
Gilles Peskine 298a43a77e Merge remote-tracking branch 'upstream-restricted/pr/549' into mbedtls-2.7-restricted 2019-08-14 16:24:51 +02:00
Gilles Peskine ab327dfec7 Merge remote-tracking branch 'upstream-restricted/pr/614' into mbedtls-2.7-restricted 2019-08-14 16:24:08 +02:00
Gilles Peskine c7ad7ed185 Merge remote-tracking branch 'upstream-public/pr/2755' into mbedtls-2.7 2019-08-14 15:59:21 +02:00
Gilles Peskine d56ca658ab entropy_nv_seed: cope with SHA-256
This test case was only executed if the SHA-512 module was enabled and
MBEDTLS_ENTROPY_FORCE_SHA256 was not enabled, so "config.pl full"
didn't have a chance to reach it even if that enabled
MBEDTLS_PLATFORM_NV_SEED_ALT.

Now all it takes to enable this test is MBEDTLS_PLATFORM_NV_SEED_ALT
and its requirements, and the near-ubiquitous MD module.
2019-07-19 17:41:55 +02:00
Gilles Peskine 923f7f9637 entropy_nv_seed: clean up properly
Call mbedtls_entropy_free on test failure.

Restore the previous NV seed functions which the call to
mbedtls_platform_set_nv_seed() changed. This didn't break anything,
but only because the NV seed functions used for these tests happened
to work for the tests that got executed later in the .data file.
2019-07-19 17:41:55 +02:00
Ron Eldor 4f928c0f37 Create certificates with correct string formatting
For conformity, create the certificates using `cert_write` so
so they will all be `printableString`.
2019-07-10 17:23:06 +03:00
Ron Eldor 3936a0296d Update certificates to expire in 2029
Update certificates that expire on 2021, to prolong their validity,
to make tests pass three years ahead.
2019-07-10 17:23:06 +03:00
k-stachowiak 0f16adace4 Add a test for mlaformed ECJPAKE context 2019-07-09 10:22:13 +02:00
Jaeden Amero 0cf1776a2d Merge remote-tracking branch 'origin/pr/2451' into mbedtls-2.7
* origin/pr/2451:
  Fix #2370, minor typos and spelling mistakes
2019-06-21 15:55:21 +01:00
Jaeden Amero dd11fbccd2 Merge remote-tracking branch 'origin/pr/2320' into mbedtls-2.7
* origin/pr/2320:
  Clarify ChangeLog entry for fix to #1628
  Add Changelog entry for clang test-ref-configs.pl fix
  Enable more compiler warnings in tests/Makefile
  Change file scoping of test helpers.function
2019-06-21 15:55:21 +01:00
Gilles Peskine 9bf1509ef3 Adapt auth_crypt_tv usage to 2.7 2019-06-18 16:14:39 +02:00
Hanno Becker dd91b24764 Add missing dependencies in test_suite_cipher.gcm 2019-06-18 16:11:38 +02:00
Hanno Becker 311276c871 Add NIST AES GCM test vectors to single-step cipher API test suite
The test suites `test_suite_gcm.aes{128,192,256}_en.data` contains
numerous NIST test vectors for AES-*-GCM against which the GCM
API mbedtls_gcm_xxx() is tested.

However, one level higher at the cipher API, no tests exist which
exercise mbedtls_cipher_auth_{encrypt/decrypt}() for GCM ciphers,
although test_suite_cipher.function contains the test auth_crypt_tv
which does precisely that and is already used e.g. in
test_suite_cipher.ccm.

This commit replicates the test vectors from
test_suite_gcm.aes{128,192,256}_en.data in test_suite_cipher.gcm.data
and adds a run of auth_crypt_tv for each of them.

The conversion was mainly done through the sed command line

```
s/gcm_decrypt_and_verify:\([^:]*\):\([^:]*\):\([^:]*\):\([^:]*\):
\([^:]*\):\([^:]*\):\([^:]*\):\([^:]*\):\([^:]*\):\([^:]*\)/auth_crypt_tv:
\1:\2:\4:\5:\3:\7:\8:\9/
```
2019-06-18 16:10:42 +02:00
Jaeden Amero 35a7e4675f Merge remote-tracking branch 'origin/pr/2688' into mbedtls-2.7
* origin/pr/2688:
  Update library version to 2.7.11
2019-06-18 14:22:59 +01:00
Jaeden Amero 6794f68d29 Update library version to 2.7.11 2019-06-11 17:31:57 +01:00
Hanno Becker 19557c2078 Always return a high-level error code from X.509 module
Some functions within the X.509 module return an ASN.1 low level
error code where instead this error code should be wrapped by a
high-level X.509 error code as in the bulk of the module.

Specifically, the following functions are affected:
- mbedtls_x509_get_ext()
- x509_get_version()
- x509_get_uid()

This commit modifies these functions to always return an
X.509 high level error code.

Care has to be taken when adapting `mbetls_x509_get_ext()`:
Currently, the callers `mbedtls_x509_crt_ext()` treat the
return code `MBEDTLS_ERR_ASN1_UNEXPECTED_TAG` specially to
gracefully detect and continue if the extension structure is not
present. Wrapping the ASN.1 error with
`MBEDTLS_ERR_X509_INVALID_EXTENSIONS` and adapting the check
accordingly would mean that an unexpected tag somewhere
down the extension parsing would be ignored by the caller.

The way out of this is the following: Luckily, the extension
structure is always the last field in the surrounding structure,
so if there is some data remaining, it must be an Extension
structure, so we don't need to deal with a tag mismatch gracefully
in the first place.

We may therefore wrap the return code from the initial call to
`mbedtls_asn1_get_tag()` in `mbedtls_x509_get_ext()` by
`MBEDTLS_ERR_X509_INVALID_EXTENSIONS` and simply remove
the special treatment of `MBEDTLS_ERR_ASN1_UNEXPECTED_TAG`
in the callers `x509_crl_get_ext()` and `x509_crt_get_ext()`.

This renders `mbedtls_x509_get_ext()` unsuitable if it ever
happened that an Extension structure is optional and does not
occur at the end of its surrounding structure, but for CRTs
and CRLs, it's fine.

The following tests need to be adapted:
- "TBSCertificate v3, issuerID wrong tag"
  The issuerID is optional, so if we look for its presence
  but find a different tag, we silently continue and try
  parsing the subjectID, and then the extensions. The tag '00'
  used in this test doesn't match either of these, and the
  previous code would hence return LENGTH_MISMATCH after
  unsucessfully trying issuerID, subjectID and Extensions.
  With the new code, any data remaining after issuerID and
  subjectID _must_ be Extension data, so we fail with
  UNEXPECTED_TAG when trying to parse the Extension data.
- "TBSCertificate v3, UIDs, invalid length"
  The test hardcodes the expectation of
  MBEDTLS_ERR_ASN1_INVALID_LENGTH, which needs to be
  wrapped in MBEDTLS_ERR_X509_INVALID_FORMAT now.

Fixes #2431.
2019-06-04 14:03:27 +01:00