Commit graph

1589 commits

Author SHA1 Message Date
Janos Follath 28eb06df16 ECP: Catch unsupported import/export
mbedtls_ecp_read_key() module returned without an error even when
importing keys corresponding to the requested group was not
implemented.

We change this and return an error when the requested group is not
supported and make the remaining import/export functions more robust.
2019-02-26 16:48:40 +00:00
Janos Follath e5670f2663 Remove unnecessary cast from ECP test 2019-02-26 16:48:40 +00:00
Janos Follath ffbd7e8ff3 Improve mbedtls_ecp_point_read_binary tests
Renamed the tests because they are explicitly testing Curve25519 and
nothing else. Improved test coverage, test documentation and extended
in-code documentation with a specific reference to the standard as well.
2019-02-25 11:49:54 +00:00
Janos Follath 7caf8e452f Add Montgomery points to ecp_point_write_binary
The library is able to perform computations and cryptographic schemes on
curves with x coordinate ladder representation. Here we add the
capability to export such points.
2019-02-22 15:42:18 +00:00
Janos Follath ab0f71a22a ECDH: Add test vectors for Curve25519
The test vectors added are published in RFC 7748.
2019-02-22 15:42:03 +00:00
Janos Follath e344d0f6fc Add little endian export to Bignum
The function `mbedtls_mpi_write_binary()` writes big endian byte order,
but we need to be able to write little endian in some caseses. (For
example when handling keys corresponding to Montgomery curves.)

Used `echo xx | tac -rs ..` to transform the test data to little endian.
2019-02-22 15:41:31 +00:00
Janos Follath 171a7efd02 Add mbedtls_ecp_read_key
The private keys used in ECDH differ in the case of Weierstrass and
Montgomery curves. They have different constraints, the former is based
on big endian, the latter little endian byte order. The fundamental
approach is different too:
- Weierstrass keys have to be in the right interval, otherwise they are
  rejected.
- Any byte array of the right size is a valid Montgomery key and it
  needs to be masked before interpreting it as a number.

Historically it was sufficient to use mbedtls_mpi_read_binary() to read
private keys, but as a preparation to improve support for Montgomery
curves we add mbedtls_ecp_read_key() to enable uniform treatment of EC
keys.

For the masking the `mbedtls_mpi_set_bit()` function is used. This is
suboptimal but seems to provide the best trade-off at this time.
Alternatives considered:
- Making a copy of the input buffer (less efficient)
- removing the `const` constraint from the input buffer (breaks the api
and makes it less user friendly)
- applying the mask directly to the limbs (violates the api between the
modules and creates and unwanted dependency)
2019-02-22 15:39:03 +00:00
Janos Follath 59b813c7be Add Montgomery points to ecp_point_read_binary
The library is able to perform computations and cryptographic schemes on
curves with x coordinate ladder representation. Here we add the
capability to import such points.
2019-02-22 15:38:46 +00:00
Janos Follath a778a94b7d Add little endian import to Bignum
The function `mbedtls_mpi_read_binary()` expects big endian byte order,
but we need to be able to read from little endian in some caseses. (For
example when handling keys corresponding to Montgomery curves.)

Used `echo xx | tac -rs .. | tr [a-z] [A-Z]` to transform the test data
to little endian and `echo "ibase=16;xx" | bc` to convert to decimal.
2019-02-22 15:38:32 +00:00
Jaeden Amero e895342522 Merge remote-tracking branch 'origin/pr/2427' into development 2019-02-22 12:53:13 +00:00
Jaeden Amero 8963b0311c Merge remote-tracking branch 'origin/pr/2411' into development 2019-02-22 10:32:44 +00:00
Jaeden Amero 0ae63f7bc3 Merge remote-tracking branch 'origin/pr/2383' into development 2019-02-22 10:32:43 +00:00
Gilles Peskine c4dff06f31 Add test case for ecdh_get_params with mismatching group
Add a test case for doing an ECDH calculation by calling
mbedtls_ecdh_get_params on both keys, with keys belonging to
different groups. This should fail, but currently passes.
2019-02-22 10:21:31 +01:00
Gilles Peskine 552563b741 Add test case for ecdh_calc_secret
Add a test case for doing an ECDH calculation by calling
mbedtls_ecdh_get_params on both keys, then mbedtls_ecdh_calc_secret.
2019-02-22 10:20:07 +01:00
Gilles Peskine adc558e289 Fix test data missing some fake-random input
The test function pkcs1_rsaes_v15_encrypt gets its fake-random input
for padding from a test parameter. In one test case, the parameter was
too short, causing a fallback to rand(). The reference output depends
on this random input, so the test data was correct only for a platform
with one particular rand() implementation. Supply sufficient
fake-random input so that rand() isn't called.
2019-02-19 18:33:57 +01:00
Gilles Peskine 85a6dd40ba Add tests for RSA encrypt/decrypt with NULL for empty message 2019-02-19 18:33:57 +01:00
k-stachowiak 28cb6fbd47 Unbump version to 0.0.0 2019-02-18 12:01:03 +01:00
Andrzej Kurek 1b20be59e2 Write documentation for TEST_ASSERT 2019-02-15 10:13:35 -05:00
Jaeden Amero 3ea2687053 psa: Initialize crypto in tests that need to
Don't unconditionally enable PSA Crypto for all tests. Only enable it in
tests that require it. This allows crypto tests to check that
psa_crypto_init() fails when it is supposed to fail, since we want to
perform some action in a test, and then call psa_crypto_init() and check
the result without it having been called previously.
2019-02-13 07:34:54 -05:00
Andrzej Kurek f389629556 Move a restartable ecp context to a conditional compilation block
This was an unused variable when compiling with parameter validation
but without ecp_restartable
2019-02-11 05:15:54 -05:00
Hanno Becker 2d8a2c0852 Modify existing X.509 test for also test new copyless API
The existing test `x509parse_crt()` for X.509 CRT parsing
so far used the generic parsing API `mbedtls_x509_crt_parse()`
capable of parsing both PEM encoded and DER encoded certficates,
but was actually only used with DER encoded input data. Moreover,
as the purpose of the test is the testing of the core DER X.509 parsing
functionality, not the PEM vs. DER dispatch (which is now already tested
in the various `x509_crt_info()` tests), the call can be replaced with a
direct call to `mbedtls_x509_parse_crt_der()`.

This commit does that, and further adds to the test an analogous
call to the new API `mbedtls_x509_parse_crt_der_nocopy()` to test
copyless parsing of X.509 certificates.
2019-02-08 14:24:58 +00:00
Hanno Becker 462c3e5210 Add test for mbedtls_x509_parse_file() with DER encoded CRT 2019-02-08 14:24:58 +00:00
Andrzej Kurek 8a2e97c2df Merge development-psa commit 80b5662 into development-psa-merged branch
Adjust crypto submodule version to use new, forked crypto version accordingly.
2019-02-05 06:02:51 -05:00
k-stachowiak a1dc9117a7 Correct code formatting in the timing test suites 2019-02-05 09:22:20 +01:00
Andrzej Kurek de5a007316 Merge development commit f352f7 into development-psa 2019-02-01 07:03:03 -05:00
Hanno Becker 56104ea9bb Adapt test in test_suite_pk to work with new PSA public key format 2019-02-01 11:48:19 +00:00
Andrzej Kurek 409fdae6bf test_suite_ctr_drbg: use ctr_drbg_update_ret instead of ctr_drbg_update
Align files with development to ensure the same state of repositories.
2019-02-01 02:53:16 -05:00
Andrzej Kurek f093a3dc61 Use ecdh_setup instead of ecp_group_load
Align files with development to ensure the same state of repositories.
2019-02-01 02:50:36 -05:00
Andrzej Kurek c470b6b021 Merge development commit 8e76332 into development-psa
Additional changes to temporarily enable running tests:
ssl_srv.c and test_suite_ecdh use mbedtls_ecp_group_load instead of
mbedtls_ecdh_setup
test_suite_ctr_drbg uses mbedtls_ctr_drbg_update instead of 
mbedtls_ctr_drbg_update_ret
2019-01-31 08:20:20 -05:00
Jaeden Amero 730ecdf3b1 Merge remote-tracking branch 'origin/pr/2371' into development 2019-01-30 13:15:40 +00:00
k-stachowiak 21daa3c1ee Reduce the timing tests complexity 2019-01-29 10:19:49 +01:00
Ron Eldor 17233f5a5c Increase okm_hex buffer to contain null character
Add an additional byte for the `okm_hex` buffer, to assure
it is null-terminated in case `okm` is 128 bytes long.
2019-01-28 15:18:15 +02:00
Ron Eldor bc93219f66 Minor modifications to hkdf test
1. Fix comment grammar.
2. Rename `okm_string` to `okm_hex`.
2019-01-28 15:07:55 +02:00
Ron Eldor 1a3a7e5fc7 Add explanation for okm_string size
Add explanation for why the size of `okm_string` buffer
is twice as `okm` buffer.
2019-01-28 15:01:53 +02:00
Hanno Becker 8d865dfe37 PSA: Adapt PK test suite to new key policy initialization API 2019-01-25 14:25:16 +00:00
Hanno Becker 353295ac70 PSA: Adapt PK test suite to modified key slot allocation mechanism 2019-01-25 14:25:00 +00:00
Antonin Décimo 36e89b5b71 Fix #2370, minor typos and spelling mistakes 2019-01-24 10:37:40 +01:00
Simon Butcher 8e763329ad Merge remote-tracking branch 'public/pr/2040' into development 2019-01-23 10:28:25 +01:00
Simon Butcher 38cb940692 Merge remote-tracking branch 'public/pr/2231' into development 2019-01-23 10:20:08 +01:00
Simon Butcher 6944e05956 Merge remote-tracking branch 'public/pr/2232' into development 2019-01-08 15:33:28 +00:00
Simon Butcher 012a06cbf6 Merge remote-tracking branch 'public/pr/2228' into development 2019-01-08 15:26:58 +00:00
Andrzej Kurek 2349c4db88 Adapt to the new key allocation mechanism 2019-01-08 09:36:01 -05:00
Simon Butcher ecff219e6f Change file scoping of test helpers.function
Dependent on configured options, not all of the helper functions were being
used, which was leading to warning of unused functions with Clang.

To avoid any complex compile time options, or adding more logic to
generate_test_code.py to screen out unused functions, those functions which were
provoking the warning were changed to remove static, remove them from file
scope, and expose them to the linker.
2018-12-28 11:06:25 +00:00
Simon Butcher 6c164e754b Update the version of the library to 2.16.0 2018-12-21 10:51:51 +00:00
Simon Butcher ad7c2105a2 Merge remote-tracking branch 'public/pr/2274' into development 2018-12-20 12:16:57 +00:00
Simon Butcher 12b4240300 Merge remote-tracking branch 'public/pr/2288' into development 2018-12-20 12:16:46 +00:00
Simon Butcher c831193c85 Merge remote-tracking branch 'public/pr/2302' into development 2018-12-20 12:16:39 +00:00
Simon Butcher 1efda39f8a Merge remote-tracking branch 'public/pr/2297' into development 2018-12-20 12:16:29 +00:00
Simon Butcher 5aa7809ac8 Merge remote-tracking branch 'public/pr/2275' into development 2018-12-20 12:15:19 +00:00
Simon Butcher 780cf189b0 Merge remote-tracking branch 'public/pr/2271' into development 2018-12-20 12:15:08 +00:00
Simon Butcher 032c037052 Merge remote-tracking branch 'public/pr/2270' into development 2018-12-20 12:04:13 +00:00
Simon Butcher a033633bb0 Merge remote-tracking branch 'public/pr/2269' into development 2018-12-20 12:02:56 +00:00
Simon Butcher 70935a4001 Merge remote-tracking branch 'public/pr/2299' into development 2018-12-20 12:02:23 +00:00
Simon Butcher 003c0e032f Merge remote-tracking branch 'public/pr/2292' into development 2018-12-20 12:02:17 +00:00
Simon Butcher decf2f5c2c Merge remote-tracking branch 'public/pr/2291' into development 2018-12-20 12:02:11 +00:00
Simon Butcher 65ce5dc981 Merge remote-tracking branch 'public/pr/2290' into development 2018-12-20 12:02:05 +00:00
Simon Butcher ad2e0dae32 Merge remote-tracking branch 'public/pr/2283' into development 2018-12-20 12:01:58 +00:00
Simon Butcher 0bbf7f450d Merge remote-tracking branch 'public/pr/2279' into development 2018-12-20 12:01:49 +00:00
Simon Butcher 962b7b17d5 Merge remote-tracking branch 'public/pr/2273' into development 2018-12-20 12:01:17 +00:00
Simon Butcher 6be67a6518 Merge remote-tracking branch 'public/pr/2281' into development 2018-12-20 12:01:09 +00:00
Simon Butcher dac513e246 Merge remote-tracking branch 'public/pr/2282' into development 2018-12-20 12:01:04 +00:00
Simon Butcher ccafd14fee Merge remote-tracking branch 'public/pr/2276' into development 2018-12-20 12:00:57 +00:00
Simon Butcher 2a8d32c6c1 Merge remote-tracking branch 'public/pr/2287' into development 2018-12-20 12:00:50 +00:00
Gilles Peskine 743e3988dc Avoid unused-variable warnings for str as well
The exact guard is FS_IO && PK_PARSE_C. Just keep it simple.
2018-12-20 12:29:48 +01:00
Gilles Peskine 88ca3a244e Avoid unused-variable warnings in some configurations 2018-12-20 12:26:16 +01:00
Gilles Peskine d6027119be Fix dependencies on MBEDTLS_FS_IO 2018-12-20 12:15:41 +01:00
Hanno Becker 73b79841b2 Remove parameter validation for deprecated function in ECDSA module 2018-12-20 09:53:24 +00:00
k-stachowiak dd63359dae Add tests for valid NULL in ccm_free() 2018-12-19 19:02:39 +01:00
k-stachowiak 508bcd96db Remove unneeded test for the CCM free function 2018-12-19 19:02:39 +01:00
k-stachowiak 26d365eb54 Add parameter validation for CCM 2018-12-19 19:02:39 +01:00
k-stachowiak fb54360f8c Prevent unused variable in some configurations 2018-12-19 18:34:21 +01:00
Gilles Peskine 6af45ec53e PK: document context validity requirements
Document when a context must be initialized or not, when it must be
set up or not, and whether it needs a private key or a public key will
do.

The implementation is sometimes more liberal than the documentation,
accepting a non-set-up context as a context that can't perform the
requested information. This preserves backward compatibility.
2018-12-19 18:10:03 +01:00
k-stachowiak a85edd9415 Split the unconditional and conditional parameter validation tests 2018-12-19 18:06:35 +01:00
Hanno Becker f25ee7f79d Fix parameter validation for mbedtls_mpi_lsb()
The MPI_VALIDATE_RET() macro cannot be used for parameter
validation of mbedtls_mpi_lsb() because this function returns
a size_t.

Use the underlying MBEDTLS_INTERNAL_VALIDATE_RET() insteaed,
returning 0 on failure.

Also, add a test for this behaviour.
2018-12-19 16:51:50 +00:00
Gilles Peskine d54b97503b pk parse: the password is optional
For mbedtls_pk_parse_key and mbedtls_pk_parse_keyfile, the password is
optional. Clarify what this means: NULL is ok and means no password.
Validate parameters and test accordingly.
2018-12-19 17:36:14 +01:00
k-stachowiak 516897a44a Remove unnecessary parameter validation from the Cipher module 2018-12-19 17:34:58 +01:00
k-stachowiak 95070a8286 Make some cipher parameter validation unconditional 2018-12-19 17:34:58 +01:00
k-stachowiak 5b01f8b3ae Add a new line at the end of the test data file 2018-12-19 17:34:13 +01:00
k-stachowiak 90b8d4a11e Include static cipher functions in the parameter validation scheme 2018-12-19 17:34:13 +01:00
k-stachowiak a539070f82 Make all parameter validation tests optional 2018-12-19 17:34:13 +01:00
Krzysztof Stachowiak e0215d7869 Add Cipher module parameter validation 2018-12-19 17:34:13 +01:00
k-stachowiak 5fccb3edf3 Add tests for valid NULL in gcm_free() 2018-12-19 17:30:38 +01:00
k-stachowiak 8ffc92a1e8 Add parameter validation for the GCM module 2018-12-19 17:30:38 +01:00
Gilles Peskine ee3cfec3cc PK sign/verify: hash=NULL is ok if md_alg=0 and hash_len=0 2018-12-19 17:11:44 +01:00
Gilles Peskine 998fbfbe68 Properly test pk_write with an empty output buffer
This needs a real key to test properly.
2018-12-19 17:08:51 +01:00
Gilles Peskine cc274c2ebf Do run the valid parameters test function 2018-12-19 17:08:01 +01:00
Gilles Peskine 1f19fa6f62 PK: Fix free(NULL) in library and tests
free() functions are documented as no-ops on NULL. Implement and test
this correctly.
2018-12-19 14:18:39 +01:00
Hanno Becker f947c0a2dd Move testing of mbedtls_blowfish_free() to separate test case
It should be tested regardless of the setting of MBEDTLS_CHECK_PARAMS.
2018-12-19 12:52:59 +00:00
Hanno Becker 49acc64c69 Minor improvements to Blowfish documentation and tests 2018-12-19 12:52:59 +00:00
Hanno Becker e38b4cd661 Test parameter validation for Blowfish module 2018-12-19 12:52:59 +00:00
Hanno Becker 0294072c09 Avoid unused variable warning in ARIA param validation test 2018-12-19 12:51:00 +00:00
Hanno Becker 14b91e8e22 Move testing of mbedtls_aria_free() to separate test
The test that mbedtls_aria_free() accepts NULL parameters
can be performed even if MBEDTLS_CHECK_PARAMS is unset, but
was previously included in the test case aria_invalid_params()
which is only executed if MBEDTLS_CHECK_PARAMS is set.
2018-12-19 12:51:00 +00:00
Hanno Becker fac1d44d62 Fix style in ARIA parameter validation tests 2018-12-19 12:51:00 +00:00
Hanno Becker b0de9f5b03 Test that mbedtls_aria_free() accepts NULL parameter 2018-12-19 12:51:00 +00:00
Hanno Becker 9e45c1607e Test parameter validation for ARIA module 2018-12-19 12:51:00 +00:00
Hanno Becker f1931760d8 Move test of mbedtls_camellia_free() to separate test
The acceptance of NULL should be tested regardless of the
setting of MBEDTLS_CHECK_PARAMS.
2018-12-19 12:47:55 +00:00
Hanno Becker ff62f44ad7 Remove duplicated parameter check in CAMELLIA module 2018-12-19 12:47:55 +00:00
Hanno Becker e939de7247 Minor fixes to Camellia parameter validation 2018-12-19 12:47:55 +00:00
Hanno Becker 75788371df Test parameter validation for CAMELLIA module 2018-12-19 12:47:55 +00:00
Gilles Peskine e146e7dbae Don't use TEST_VALID_PARAM with a value
TEST_VALID_PARAM is only for functions that return void. This commit
fixes the build with clang -Wunused-comparison.
2018-12-19 13:21:22 +01:00
Hanno Becker 1959535038 Add parameter validation test for mbedtls_ecp_check_pub_priv() 2018-12-19 08:52:08 +00:00
Hanno Becker 549e455a42 Add parameter validation test for mbedtls_ecp_gen_privkey() 2018-12-19 08:52:02 +00:00
Hanno Becker 0a4fa9b1fb Add parameter validation test for mbedtls_ecp_check_budget() 2018-12-19 08:51:58 +00:00
Hanno Becker 807c107c3c Fix typos in ECP test suite 2018-12-19 08:51:55 +00:00
Simon Butcher 54b789aa74 Merge remote-tracking branch 'public/pr/2298' into development 2018-12-19 08:08:14 +00:00
Gilles Peskine 78438e4109 Test parameter validation for pk, pkparse and pkwrite 2018-12-19 00:55:47 +01:00
Hanno Becker 59274d43cb Remove unnecessary call to mbedtls_mpi_free() in MPI tests 2018-12-18 23:27:03 +00:00
Hanno Becker b48e1aa846 Add separate test for mbedtls_mpi_free() accepting NULL 2018-12-18 23:25:01 +00:00
Hanno Becker e118504a5f Numerous minor improvements to bignum documentation 2018-12-18 18:12:13 +00:00
Hanno Becker 56b661cbf8 Add test that mbedtls_mpi_free() accepts NULL parameter 2018-12-18 18:12:13 +00:00
Hanno Becker afb607b9db Add tests for parameter validation in MPI module 2018-12-18 18:12:13 +00:00
Hanno Becker d22df58a56 Add missing guards around SHA-1 tests 2018-12-18 17:02:03 +00:00
Hanno Becker adc9b178ca Minor improvements to DHM module 2018-12-18 16:59:09 +00:00
Hanno Becker 8c8a93c574 Test parameter validation for DHM module 2018-12-18 16:59:09 +00:00
Hanno Becker 4fbd4bf442 Fix guard in SHA-512 tests 2018-12-18 16:37:43 +00:00
Hanno Becker 36beb04fd5 Add tests or SHA-256 parameter validation 2018-12-18 16:31:06 +00:00
Hanno Becker 686c9a0e8d Test SHA-512 parameter validation 2018-12-18 15:33:14 +00:00
Hanno Becker a994b2379f Test that xxx_free() functions accept NULL parameter 2018-12-18 15:30:30 +00:00
Hanno Becker ae2ff02ff1 Add tests for ChaChaPoly parameter validation
Parameter validation was previously performed and tested unconditionally
for the ChaCha/Poly modules. This commit therefore only needs go guard the
existing tests accordingly and use the appropriate test macros for parameter
validation.
2018-12-18 15:30:30 +00:00
Hanno Becker af05a90349 Test parameter validation in ECDSA module 2018-12-18 14:31:50 +00:00
Hanno Becker 491db772c3 Test parameter validation for ECJPAKE module 2018-12-18 14:31:18 +00:00
Hanno Becker 4c818483b2 Test parameter validation for ECDH module 2018-12-18 14:30:39 +00:00
Hanno Becker b06f193d73 Add missing cases to RSA parameter validation test 2018-12-18 14:05:20 +00:00
Hanno Becker 05cf6dabb8 Add missing test for mbedtls_rsa_pkcs1_sign() 2018-12-18 13:38:05 +00:00
Hanno Becker f04d923834 Test mbedtls_rsa_gen_key() with NULL ctx/RNG separately 2018-12-18 13:38:05 +00:00
Hanno Becker 71cd6c7ba9 Remove duplicate test in RSA parameter validation test 2018-12-18 13:38:05 +00:00
Hanno Becker a7ee00225b Test mbedtls_rsa_init() with invalid padding 2018-12-18 13:38:05 +00:00
Hanno Becker 046d2024c5 Test parameter validation for RSA module 2018-12-18 13:38:05 +00:00
Hanno Becker 57b684f9d1 Add separate test for xxx_free() functions in ECP module 2018-12-18 13:00:48 +00:00
Hanno Becker 12dff0352b Test parameter validation for ECP module 2018-12-18 13:00:48 +00:00
Manuel Pégourié-Gonnard 488d9309fc Fix unused param warnings in test function 2018-12-18 13:05:49 +01:00
Hanno Becker 0e24473b94 Test parameter validation in SHA-1 module 2018-12-18 11:37:28 +00:00
Manuel Pégourié-Gonnard e55e103bfe Fix off-by-one in iv_off check and add tests 2018-12-18 12:22:40 +01:00
Manuel Pégourié-Gonnard ab6b9758d6 Improve constant naming in test functions 2018-12-18 12:22:40 +01:00
Manuel Pégourié-Gonnard 2bc535be86 Add parameter validation for AES-CTR 2018-12-18 12:22:40 +01:00
Manuel Pégourié-Gonnard 8e41eb7187 Add parameter validation for AES-OFB 2018-12-18 12:22:40 +01:00
Manuel Pégourié-Gonnard 1677cca54b Add parameter validation for AES-CFB functions 2018-12-18 12:22:40 +01:00
Manuel Pégourié-Gonnard 191af1313a Add param validation for mbedtls_aes_crypt_xts() 2018-12-18 12:22:40 +01:00
Manuel Pégourié-Gonnard 3178d1a997 Add param validation for mbedtls_aes_crypt_cbc() 2018-12-18 12:22:40 +01:00
Manuel Pégourié-Gonnard 1aca260571 Add parameter validation for mbedtls_aes_crypt_ecb() 2018-12-18 12:22:40 +01:00
Manuel Pégourié-Gonnard 68e3dff3f1 Add parameter validation XTS setkey functions 2018-12-18 12:22:40 +01:00
Manuel Pégourié-Gonnard af0c6cb9e0 Fix missing guard on XTS function in tests 2018-12-18 12:02:52 +01:00
Hanno Becker 6640b0d9a3 Undo deprecation of MBEDTLS_ERR_BLOWFISH_INVALID_INPUT_LENGTH 2018-12-18 09:53:14 +00:00
Hanno Becker 938f9e9bdb Undo deprecation of MBEDTLS_ERR_CAMELLIA_INVALID_INPUT_LENGTH
Merging MBEDTLS_ERR_CAMELLIA_INVALID_INPUT_LENGTH and
MBEDTLS_ERR_CAMELLIA_INVALID_KEY_LENGTH is an API break.
2018-12-18 09:50:57 +00:00
Hanno Becker d2f3a00062 Introduce single BLOWFISH error code for bad input data
Deprecate the old specific error codes
* MBEDTLS_ERR_BLOWFISH_INVALID_KEY_LENGTH
* MBEDTLS_ERR_BLOWFISH_INVALID_INPUT_LENGTH
2018-12-17 13:26:37 +00:00
Hanno Becker 4c029d09be Introduce single CAMELLIA error code for bad input data
Deprecate the old specific error codes
* MBEDTLS_ERR_CAMELLIA_INVALID_KEY_LENGTH
* MBEDTLS_ERR_CAMELLIA_INVALID_INPUT_LENGTH
2018-12-17 13:26:33 +00:00
Manuel Pégourié-Gonnard e7306d30a9 Improve some documentation and ChangeLog entry 2018-12-13 09:45:49 +01:00
Manuel Pégourié-Gonnard a4251f4775 Test aes_free( NULL ) unconditionally 2018-12-12 12:04:51 +01:00
Manuel Pégourié-Gonnard 54e7f312d3 Make TEST_VALID_PARAM() available unconditionally 2018-12-12 11:56:09 +01:00
Manuel Pégourié-Gonnard aae10fa427 Fix some whitespace issues 2018-12-12 10:24:19 +01:00
Manuel Pégourié-Gonnard cd2b29cd12 Improve wording in documentation and ChangeLog 2018-12-12 10:23:57 +01:00
Manuel Pégourié-Gonnard 9b8ea89ae5 Fix a few style / whitespace issues 2018-12-11 12:28:56 +01:00
Manuel Pégourié-Gonnard acfdc623d2 Fix test macro that was too lenient
Previously, one could change the definition of AES_VALIDATE_RET() to return
some other code than MBEDTLS_ERR_AES_BAD_INPUT_DATA, and the test suite
wouldn't notice. Now this modification would make the suite fail as expected.
2018-12-11 12:28:56 +01:00
Manuel Pégourié-Gonnard 44c5d58d05 Document AES functions and fix free() functions 2018-12-11 12:28:56 +01:00
Manuel Pégourié-Gonnard a2b0e27378 Skip param validation tests if custom macro used
The test framework for validation of parameters depends on the macro
MBEDTLS_PARAM_FAILED() being set to its default value when building the
library. So far the test framework attempted to define this macro but this was
the wrong place - this definition wouldn't be picked by the library.

Instead, a different approach is taken: skip those tests when the macro is
defined in config.h, as in that case we have no way to know if it will indeed
end up calling mbedtls_param_failed() as we need it to.

This commit was tested by manually ensuring that aes_invalid_params:

- passes (and is not skipped) in the default configuration
- is skipped when MBEDTLS_PARAM_FAILED() is defined in config.h
2018-12-11 12:28:56 +01:00
Manuel Pégourié-Gonnard 3ef6a6dc5c Fix const-ness in mbedtls_param_failed()
The previous prototype gave warnings are the strings produced by #cond and
__FILE__ are const, so we shouldn't implicitly cast them to non-const.

While at it modifying most example programs:
- include the header that has the function declaration, so that the definition
  can be checked to match by the compiler
- fix whitespace
- make it work even if PLATFORM_C is not defined:
    - CHECK_PARAMS is not documented as depending on PLATFORM_C and there is
      no reason why it should
    - so, remove the corresponding #if defined in each program...
    - and add missing #defines for mbedtls_exit when needed

The result has been tested (make all test with -Werror) with the following
configurations:

- full with    CHECK_PARAMS with    PLATFORM_C
- full with    CHECK_PARAMS without PLATFORM_C
- full without CHECK_PARAMS without PLATFORM_C
- full without CHECK_PARAMS with    PLATFORM_C

Additionally, it has been manually tested that adding

    mbedtls_aes_init( NULL );

near the normal call to mbedtls_aes_init() in programs/aes/aescrypt2.c has the
expected effect when running the program.
2018-12-11 12:28:56 +01:00
Manuel Pégourié-Gonnard 8e661bf6a8 Fix arity of the PARAM_FAILED() macro and function
It was inconsistent between files: sometimes 3 arguments, sometimes one.

Align to 1 argument for the macro and 3 for the function, because:
- we don't need 3 arguments for the macro, it can add __FILE__ and __LINE__
  in its expansion, while the function needs them as parameters to be correct;
- people who re-defined the macro should have flexibility, and 3 arguments
  can give the impression they they don't have as much as they actually do;
- the design document has the macro with 1 argument, so let's stick to that.
2018-12-11 12:28:56 +01:00
Simon Butcher 249b3d6efe Remove use of the macro TEST_FN from the AES test suite
The TEST_FN macro is now redundant and no longer necessary.
2018-12-11 12:28:56 +01:00
Simon Butcher 6542f6c597 Change the use of setjmp/longjmp in parameter failure callback
Change the use of setjmp and longjmp in signalling parameter validation failures
when using the MBEDTLS_CHECK_PARAMS config.h option. This change allows
all calls which might result in a call to the parameter validation failure
handler to always be caught, even without use of the new macros, by placing a
setjmp() in the outer function which calls the test function, which the handler
can jump to.

This has several benefits:
    * it allows us to remove the clang compiler warning (-Wclobbered) caused
      by local auto variables being in the same function as the call to setjmp.
    * removes the need to wrap all function calls in the test functions with the
      TEST_ASSERT() macro. Now all parameter validation function calls should be
      caught.
2018-12-11 12:28:56 +01:00
Simon Butcher 747f5fe3e2 Add disabling of gcc 'clobbered' warning
With gcc, use of setjmp() was triggering warnings about use of auto variables
being clobbered.
2018-12-11 12:28:56 +01:00
Simon Butcher a646345e3f Add additional parameter validation tests for the AES module
This adds additional tests to validate the AES module parameter validation
checks which are enabled using the MBEDTLS_CHECK_PARAMS option.
2018-12-11 12:28:56 +01:00
Jaeden Amero fedb407a3f Merge remote-tracking branch 'upstream-public/pr/2208' into development 2018-12-07 16:16:04 +00:00
Jaeden Amero 52ed0b9030 Merge remote-tracking branch 'upstream-public/pr/2101' into development 2018-12-07 16:15:31 +00:00
Jaeden Amero 41722ec29e Merge remote-tracking branch 'upstream-public/pr/1958' into development 2018-12-06 15:53:56 +00:00
Janos Follath 36c5f7fe9b ECDH: Hide context from tests
The tests for the ECDH key exchange that use the context accessed it
directly. This can't work with the new context, where we can't make any
assumptions about the implementation of the context. This commit works
around this problem and comes with the cost of allocating an extra
structures on the stack when executing the test.

One of the tests is testing an older interface for the sake of backward
compatibility. The new ECDH context is not backward compatible and this
test doesn't make any sense for it, therefore we skip this test in
non-legacy mode.
2018-12-06 12:22:46 +00:00
Jaeden Amero 5dfca1e1bd Update library version to 2.15.1 2018-12-01 18:44:29 +00:00
Janos Follath fc03e8dfa9 ECDH: Adapt tests for mbedtls_ecdh_setup()
The recently added `mbedtls_ecdh_setup()` function is not used in the
tests yet. This commit adapts the tests to the new workflow.

Having done that, the old lifecycle is not tested anymore, so we add a
new test to ensure backward compatibility.
2018-11-30 14:09:57 +00:00
Simon Butcher 51b8a2fa87 Merge remote-tracking branch 'restricted/pr/512' into development 2018-11-29 16:56:02 +00:00
Simon Butcher 658618b6b2 Merge remote-tracking branch 'restricted/pr/516' into development 2018-11-29 16:53:51 +00:00
Andres Amaya Garcia 687d6739b2 Fix resource leak of file desc in test code 2018-11-26 21:23:28 +00:00
Gilles Peskine d919993b76 CTR_DRBG: deprecate mbedtls_ctr_drbg_update because it ignores errors
Deprecate mbedtls_ctr_drbg_update (which returns void) in favor of a
new function mbedtls_ctr_drbg_update_ret which reports error.
2018-11-26 19:26:00 +01:00
Ron Eldor d5062dedeb Add conditional dependency to tests
Add a way to check compile time defionitions values, for determining
whether to skip tests.
2018-11-26 14:23:14 +02:00
Ron Eldor 6dbb9aabf8 Test AD too long only when CCM_ALT not defined
Since the AD too long is a limitation on Mbed TLS,
HW accelerators may support this. Run the test for AD too long,
only if `MBEDTLS_CCM_ALT` is not defined.
Addresses comment in #1996.
2018-11-25 10:31:53 +02:00
Simon Butcher 60ee838a8a Merge remote-tracking branch 'public/pr/2224' into development-psa-proposed 2018-11-23 21:18:32 +00:00
Simon Butcher ebeb6cb446 Update library version to 2.15.0 2018-11-23 14:18:15 +00:00
Hanno Becker 4ae8b497c0 Merge branch 'iotssl-2578-psa-sig-verification' into development-psa-proposed 2018-11-23 11:37:00 +00:00
Hanno Becker f8b5f27bce Merge branch 'psa_cipher' into development-psa-proposed 2018-11-23 11:18:02 +00:00
Andrzej Kurek 967cfd18fd Remove trailing whitespace 2018-11-22 12:05:08 -05:00
Andrzej Kurek 4b11407258 Cosmetic changes
Adjust whitespaces, reduce test dependencies and reduce buffer size passed by 1.
2018-11-22 12:05:08 -05:00
Andrzej Kurek 5f7bad34bb Add CSR write testing using opaque keys
Parse and verify CSR programatically instead of using predetermined data,
to not tamper with randomness in tests.
2018-11-22 12:05:08 -05:00
Manuel Pégourié-Gonnard 2baae9ef71 Add tests for ECDSA verify with short r, s values
This is intended to test transcoding the signature to the format expected by
PSA (fixed-length encoding of r, s) when r and s have respectively:
- full length with initial null byte
- full length without initial null byte
- non-full length with initial null byte
- non-full length without initial null byte

The signatures were generated using:

programs/pkey/pk_sign tests/data_files/server5.key foo

where foo is an empty file, and with a variant of one of the following patches
applied:

diff --git a/library/ecdsa.c b/library/ecdsa.c
index abac015cebc6..e4a27b044516 100644
--- a/library/ecdsa.c
+++ b/library/ecdsa.c
@@ -305,7 +305,9 @@ static int ecdsa_sign_restartable( mbedtls_ecp_group *grp,
                 ret = MBEDTLS_ERR_ECP_RANDOM_FAILED;
                 goto cleanup;
             }
+            printf("\ngenerating r...\n");

+gen:
             MBEDTLS_MPI_CHK( mbedtls_ecp_gen_privkey( grp, pk, f_rng, p_rng ) );

 #if defined(MBEDTLS_ECP_RESTARTABLE)
@@ -317,6 +319,11 @@ mul:
             MBEDTLS_MPI_CHK( mbedtls_ecp_mul_restartable( grp, &R, pk, &grp->G,
                                                   f_rng, p_rng, ECDSA_RS_ECP ) );
             MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( pr, &R.X, &grp->N ) );
+
+            size_t bits = mbedtls_mpi_bitlen( pr );
+            printf("%zu ", bits);
+            if( bits != 255 )
+                goto gen;
         }
         while( mbedtls_mpi_cmp_int( pr, 0 ) == 0 );

or:

diff --git a/library/ecdsa.c b/library/ecdsa.c
index abac015cebc6..d704376e0c42 100644
--- a/library/ecdsa.c
+++ b/library/ecdsa.c
@@ -305,7 +305,9 @@ static int ecdsa_sign_restartable( mbedtls_ecp_group *grp,
                 ret = MBEDTLS_ERR_ECP_RANDOM_FAILED;
                 goto cleanup;
             }
+            printf("\ngenerating r...\n");

+gen:
             MBEDTLS_MPI_CHK( mbedtls_ecp_gen_privkey( grp, pk, f_rng, p_rng ) );

 #if defined(MBEDTLS_ECP_RESTARTABLE)
@@ -353,6 +355,11 @@ modn:
         MBEDTLS_MPI_CHK( mbedtls_mpi_inv_mod( s, pk, &grp->N ) );
         MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( s, s, &e ) );
         MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( s, s, &grp->N ) );
+
+            size_t bits = mbedtls_mpi_bitlen( s );
+            printf("%zu ", bits);
+            if( bits != 247 )
+                goto gen;
     }
     while( mbedtls_mpi_cmp_int( s, 0 ) == 0 );

with the value edited manually between each run to get the desired bit length.
2018-11-22 11:17:37 -05:00
Andrzej Kurek c05ec9f39c pk_wrap: test if a valid md_alg is passed to ecdsa_verify_wrap
Adjust tests to pass a valid algorithm
2018-11-22 11:17:37 -05:00
Hanno Becker b1b2c01df4 Add missing newline at the end of test_suite_cipher.gcm.data 2018-11-22 14:03:39 +00:00
Hanno Becker b0c05e242c Test PSA-based GCM cipher operations 2018-11-22 14:03:39 +00:00
Hanno Becker 5cec718191 Adapt existing Cipher-GCM test cases to new param for auth_crypt_tv 2018-11-22 14:03:39 +00:00
Hanno Becker a13272d6d2 Test PSA-based CCM cipher operations 2018-11-22 14:03:39 +00:00
Hanno Becker e43164e8f1 Add AES-*-CBC test vectors for PSA-based cipher contexts 2018-11-22 14:03:39 +00:00
Hanno Becker 6767cca100 Merge branch 'gcm_through_cipher_api_tests' into psa_cipher_ 2018-11-22 14:03:14 +00:00
Hanno Becker c0c882cd67 Add missing dependencies in test_suite_cipher.gcm 2018-11-22 13:41:53 +00:00
Hanno Becker ef42f22edd Add NIST AES GCM test vectors to single-step cipher API test suite
The test suites `test_suite_gcm.aes{128,192,256}_en.data` contains
numerous NIST test vectors for AES-*-GCM against which the GCM
API mbedtls_gcm_xxx() is tested.

However, one level higher at the cipher API, no tests exist which
exercise mbedtls_cipher_auth_{encrypt/decrypt}() for GCM ciphers,
although test_suite_cipher.function contains the test auth_crypt_tv
which does precisely that and is already used e.g. in
test_suite_cipher.ccm.

This commit replicates the test vectors from
test_suite_gcm.aes{128,192,256}_en.data in test_suite_cipher.gcm.data
and adds a run of auth_crypt_tv for each of them.

The conversion was mainly done through the sed command line

```
s/gcm_decrypt_and_verify:\([^:]*\):\([^:]*\):\([^:]*\):\([^:]*\):
\([^:]*\):\([^:]*\):\([^:]*\):\([^:]*\):\([^:]*\):\([^:]*\)/auth_crypt_tv:
\1:\2:\4:\5:\3:\7:\8:\9/
```
2018-11-22 13:41:07 +00:00
Manuel Pégourié-Gonnard 23a1ccd23f Fix test that wasn't actually effective
psa_destroy_key() returns success even if the slot is empty.
2018-11-22 12:21:20 +01:00
Manuel Pégourié-Gonnard fa9a1ca967 Improve description of a test 2018-11-22 09:59:34 +01:00
Manuel Pégourié-Gonnard 69baf70984 Align names to use "opaque" only everywhere
It's better for names in the API to describe the "what" (opaque keys) rather
than the "how" (using PSA), at least since we don't intend to have multiple
function doing the same "what" in different ways in the foreseeable future.
2018-11-22 09:59:34 +01:00
Manuel Pégourié-Gonnard 3686771dfa Implement pk_sign() for opaque ECDSA keys 2018-11-22 09:59:34 +01:00
Manuel Pégourié-Gonnard d97390e97d Add tests for unsupported operations/functions 2018-11-22 09:59:34 +01:00
Manuel Pégourié-Gonnard 920c063bad Implement can_do for opaque ECC keypairs
Unfortunately the can_do wrapper does not receive the key context as an
argument, so it cannot check psa_get_key_information(). Later we might want to
change our internal structures to fix this, but for now we'll just restrict
opaque PSA keys to be ECDSA keypairs, as this is the only thing we need for
now. It also simplifies testing a bit (no need to test each key type).
2018-11-22 09:59:34 +01:00
Manuel Pégourié-Gonnard 0184b3c69b Add support for get_(bit)len on opaque keys 2018-11-22 09:59:34 +01:00
Manuel Pégourié-Gonnard 01a12c49aa Add key generation to opaque test function
While at it, clarify who's responsible for destroying the underlying key. That
can't be us because some keys cannot be destroyed and we wouldn't know. So
let's leave that up to the caller.
2018-11-22 09:59:34 +01:00
Manuel Pégourié-Gonnard 7b5fe041f1 Implement alloc/free wrappers for pk_opaque_psa 2018-11-22 09:59:34 +01:00
Hanno Becker 1cfc5ddb11 Initialize PSA Crypto implementation at the start of each test suite 2018-11-21 21:08:43 +00:00