This option allows to test the constant-flow nature of selected code, using
MemSan and the fundamental observation behind ctgrind that the set of
operations allowed on undefined memory by dynamic analysers is the same as the
set of operations allowed on secret data to avoid leaking it to a local
attacker via side channels, namely, any operation except branching and
dereferencing.
(This isn't the full story, as on some CPUs some instructions have variable
execution depending on the inputs, most notably division and on some cores
multiplication. However, testing that no branch or memory access depends on
secret data is already a good start.)
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
The test function now depends on MBEDTLS_TEST_HOOKS, which is enabled by
config.py full, and since there are already components in all.sh exercising
the full config, this test function is sill exercised even with this new
dependency.
Since this is the first time a test function depends on MBEDTLS_TEST_HOOKS,
fix a bug in check-names.sh that wasn't apparent so far: headers from
library/*.h were not considered when looking for macro definitions. This
became apparent because MBEDTLS_STATIC_TESTABLE is defined in library/common.h
and started being used in library/ssl_msg.c, so was flagged as a likely typo.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
Just move code from ssl_decrypt_buf() to the new cf_hmac() function and then
call cf_hmac() from there.
This makes the new cf_hmac() function used, opening the door for making it
static in the next commit. It also validates that its interface works for
using it in ssl_decrypt_buf().
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
The dummy implementation is not constant-flow at all for now, it's just
here as a starting point and a support for developing the tests and putting
the infrastructure in place.
Depending on the implementation strategy, there might be various corner cases
depending on where the lengths fall relative to block boundaries. So it seems
safer to just test all possible lengths in a given range than to use only a
few randomly-chosen values.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
The condition is a complex and repeated a few times. There were already some
inconsistencies in the repetitions as some of them forgot about DES.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
* development: (22 commits)
Only pass -Wformat-signedness to versions of GCC that support it.
Documentation improvements
Remove redundant assignment
Add comments explaining include paths
Library files aren't supposed to be executable
CMake: Include the library directory for the sake of 3rdparty
Factor common library properties
Fix erroneous skip of test cases for disabled ciphersuites
Include common.h instead of config.h in library source files
Include the library directory for the sake of 3rdparty
Fix copypasta in test case descriptions
Remove metadata tests for features that are not implemented
Fix dependency in PSA test cases
Fix dependency in AES GCM test case
Document the fields of TestCasesOutcomes
Check test case coverage
New script for test outcome analysis
check_test_cases: move some functions into the logical class
check_test_cases: move "walk" functions into a class
check_test_cases: parametrize iteration functions by the action
...
"Include the library directory for the sake of 3rdparty" did the job
for Make and Visual Studio. This commit does the job for CMake.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
All libraries (should) rely on the same directory structure. Instead of
repeating the same clauses 6 times (3 libraries times 2 build modes), set
the include paths, compile definitions and install instructions with a
single piece of code.
Include the 3rdparty directory for all libraries, not just crypto. It's
currently only needed for crypto, but that's just happenstance.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
* development: (46 commits)
Update ChangeLog header.
Bump version to Mbed TLS 2.23.0
Assemble changelog
cmake: Add comment about mbedtls_test target
programs: psa: Link against mbedcrypto not mbedtls
Use mbedtls_test_unhexify in programs
Rework mbedtls_test_unhexify()
tests: Get rid of mbedtls_test_unhexify() in unit test code
tests: ccm: Prepare to char* to data_t* type change
tests: aes.ofb: Prepare to char* to data_t* type change
tests: nist_kw: Prepare to char* to data_t* type change
tests: chacha20: Prepare to char* to data_t* type change
tests: hkdf: Prepare to char* to data_t* type change
tests: aria: Prepare to char* to data_t* type change
programs: Link to tests common code
build: Add top-level mbedtls_test target
programs: cmake: Use list of executables
programs: cmake: Fix relative path warnings
programs: ssl: cmake: Add missing executables
programs: ssl: cmake: Reorder declaration of executables
...
Test cases that force a specific ciphersuites are only executed if
this ciphersuite is enabled. But there are test cases (for RC4) whose
goal is to check that the ciphersuite is not used. These test cases
must run even if (or only if) the ciphersuite is disable, so add an
exception for these test cases.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
In library source files, include "common.h", which takes care of
including "mbedtls/config.h" (or the alternative MBEDTLS_CONFIG_FILE)
and other things that are used throughout the library.
FROM=$'#if !defined(MBEDTLS_CONFIG_FILE)\n#include "mbedtls/config.h"\n#else\n#include MBEDTLS_CONFIG_FILE\n#endif' perl -i -0777 -pe 's~\Q$ENV{FROM}~#include "common.h"~' library/*.c 3rdparty/*/library/*.c scripts/data_files/error.fmt scripts/data_files/version_features.fmt
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
When compiling library files under `3rdparty/`, the directory containing
the `.c` file that is being compiled is not the current directory, so
headers from the `library/` directory are not found. Fix this by
adding `.` to the include path.
This was not detected until now because as of this commit, no 3rdparty
source file requires a header under `library/`.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Executed "./scripts/bump_version.sh --version 2.23.0 --so-crypto 5"
A symbol has been removed from the mbedcrypto library since the last
release:
mbedtls_ecc_group_to_psa ( enum mbedtls_ecp_group_id grpid,
size_t* bits )
This is an ABI break and we need to increase the SO version.
Signed-off-by: Janos Follath <janos.follath@arm.com>
Executed scripts/assemble_changelog.py and manually fixed style where it
diverged from the instructions in ChangeLog.d/00README.md.
Manually added ChangeLog.d/bugfix_PR3405 which didn't have the .txt
extension as prescribed in ChangeLog.d/00README.md and deleted it
afterwards.
Signed-off-by: Janos Follath <janos.follath@arm.com>
The metadata tests depend on the corresponding feature because there
is no guarantee that the metadata is correct if the feature is
disabled. There are metadata test cases for some algorithms and key
types that are declared but not supported. These test cases are
present but can never run.
It is debatable whether having these test cases is a good thing in
case they become runnable in the future, or a bad thing because
they're dead code. We're working on detecting test cases that are
never executed for accidental reasons (e.g. typo in a dependency or
missing configuration on the CI), and having test cases that are
deliberately never executed messes this up. So remove these test
cases. If we do implement the corresponding feature, it'll be easy to
add the corresponding metadata test cases.
The features that had metadata tests but no implementations were:
* SHA-512/256 and SHA-512/224 (hypothetical dependency: MBEDTLS_SHA512_256)
* DSA (hypothetical dependency: MBEDTLS_DSA_C)
* SHA-3 and HMAC-SHA-3 (hypothetical dependency: MBEDTLS_SHA3_C)
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Check that every available test case in the test suites and ssl-opt.sh
has been executed at least once.
For the time being, only report a warning, because our coverage is
incomplete. Once we've updated all.sh to have full coverage, this
warning should become an error.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
This is a new script designed to analyze test outcomes collected
during a whole CI run.
This commit introduces the script, the code to read the outcome file,
and a very simple framework to report errors. It does not perform any
actual analysis yet.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
With previous refactorings, some functions are now solely meant to be
called from other functions in a particular class. Move them into this
class.
No behavior change.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Make the structure more Pythonic: use classes for abstraction and
refinement, rather than higher-order functions.
Convert walk(function, state, data) into instance.walk(data) where
instance has a method that implements function and state is a field of
instance.
No behavior change.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Rework mbedtls_test_unhexify to extend its scope of usage.
Return in error when the function detects an error instead
of calling mbedtls_exit().
Improve safety by checking the output buffer is not overrun.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
In test functions calling mbedtls_test_unhexify(), change the
type of the associated parameters from `char*` to `data_t`.
That way the `unhexify` operation is done by the test
framework and not by the unit test code.
Use for the new parameters of type data_t the name of the
local variable that use to store the `unhexify` version of
the `char*` parameter.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
In preparation of changing the type of some parameters
of mbedtls_ccm_star_encrypt_and_tag/auth_decrypt from
`char *` to `data_t` to get rid of the calls to
mbedtls_test_unhexify():
- Change the name of parameters and local variables to
clarify which ones are related to the outputs of the
library functions under test and which ones are
related to the expected values of those outputs.
- Use two different buffers to store the plain and cipher
text as expected by the library functions.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
In preparation of changing the type of some parameters
of aes_encrypt_ofb() from `char *` to `data_t` to get rid
of the calls to mbedtls_test_unhexify():
- Change the name of parameters and local variables to
clarify which ones are related to the outputs of the
library functions under test and which ones are
related to the expected values of those outputs.
- Add assertion on fragment_size parameter
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
In preparation of changing the type of some parameters
of mbedtls_nist_kw_wrap/unwrap() from `char *` to `data_t`
to get rid of the calls to mbedtls_test_unhexify():
- Change the name of parameters and local variables to
clarify which ones are related to the outputs of the
library functions under test and which ones are
related to the expected values of those outputs.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
In preparation of changing the type of some parameters of
test_chacha20() from `char *` to `data_t` to get rid of the
calls to mbedtls_test_unhexify():
- Reduce the size of output[] buffer to 375 as its content
is "ASCII expended" into a buffer of 751 bytes.
- Align naming of variables to store and check the
output of mbedtls_chacha20_crypt(). No *dst* variables
anynore, only *output* variables.
- Use two different buffers to store the expected output
of mbedtls_chacha20_crypt() (expected_output_str[]) and
the ASCII string representation of the output of
mbedtls_chacha20_crypt() (output_string[]). Both were
stored in dst_str[] before.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
In preparation of changing the type of some parameters
of test_hkdf() from `char *` to `data_t` to get rid of the
calls to mbedtls_test_unhexify():
- Align naming of variables related to the expected okm
- Rename `okm_hex[]` to `okm_string[]`
- Added TEST_ASSERT( expected_okm_len <= sizeof( okm ) ) to check
that the okm[] buffer is large enough for the okm output.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
In preparation of changing the type of some parameters
of some test functions from `char *` to `data_t` to get
rid of the calls to mbedtls_test_unhexify():
- Align the name of source data length local variable
with the name of the local variable containing the
source data, respectively src_str and src_str_len.
- Change the type of length, index local variables
from int to size_t.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>