Commit graph

13635 commits

Author SHA1 Message Date
Manuel Pégourié-Gonnard e79e3bb2da Add test cases with various record sizes
- plaintext length = 0 or 1
- plaintext length + MAC length = -1 or 0 mod block_size
    (using the minimum plaintext length that works)

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-07-07 11:02:59 +02:00
Manuel Pégourié-Gonnard 527c1ff71a Generate good/bad padding programmatically
Compared to the previous approach of having the bad padding provided as input
to the testing function, this allows to test more kinds of incorrect data,
with less test cases in the .data file and more important no manually-generated
non-trivial data in the test case parameters, making it much easier to
complete the testing matrix.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-07-07 10:43:37 +02:00
Manuel Pégourié-Gonnard fafe8553c6
Merge pull request #3392 from paul-elliott-arm/psa_ecc_dh_macros
PSA: update EC curve and DH group family macros
2020-07-07 09:20:44 +02:00
Steven Cooreman 14f0e526fb Fix Curve25519 ecp_read_key vectors to match description
They did not match their description, probably due to a botched manual
endianness conversion where the nibbles also got swapped.

Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2020-07-06 10:52:38 +02:00
Steven Cooreman bd3a6f4497 Rewrite changelog for #3425 as requested
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2020-07-06 10:52:38 +02:00
Steven Cooreman c9b7f78647 Rework mbedtls_ecp_write_key to remove unnecessary output parameter
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2020-07-06 10:52:32 +02:00
Steven Cooreman e3fd39289e Fix endianness and masking for Curve25519 keys handled by PSA
Changed PSA core (and PKWrite) from reaching into MPI to using the proper
ecp function to fetch a private key.
Added changelog.

Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2020-07-06 10:45:31 +02:00
Steven Cooreman 6f5cc71ad1 Document masking of Montgomery private keys in psa_export_key
Follow the PSA Crypto specification which was updated between 1.0 beta3
and 1.0.0.
Add corresponding test cases.

Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2020-07-06 10:45:04 +02:00
Steven Cooreman de8593f2fe Implement and test mbedtls_ecp_write_key
mbedtls_ecp_write_key is a mirror function to mbedtls_ecp_read_key, which
writes a private key back into a byte buffer in the correct format.
This is a helpful convenience function, since the byte order is defined
differently between Montgomery and Weierstrass curves. Since this difference
is accounted for in mbedtls_ecp_read_key, it made sense to add
mbedtls_ecp_write_key for the purpose of abstracting this away such that
psa_export_key doesn't need to take byte order into account.

Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2020-07-06 10:42:38 +02:00
okhowang(王沛文) 0c4bbda16a Use local labels in padlock.c
Fixes #3451

Signed-off-by: okhowang(王沛文) <okhowang@tencent.com>
2020-07-04 01:43:41 +08:00
Gilles Peskine 642a4ef0aa
Merge pull request #3463 from gilles-peskine-arm/tests-not-executed
Fix some test cases that weren't getting executed
2020-07-03 15:13:18 +02:00
Gilles Peskine 2426506fa0
Merge pull request #3458 from gilles-peskine-arm/analyze_outcomes-count_test_cases-1
Test outcome analysis: check that all available test cases have been executed
2020-07-03 15:12:44 +02:00
Janos Follath 74ff13cfae
Merge pull request #3479 from okhowang/format-signedness
add -Wformat-signedness when gcc > 5
2020-07-03 11:53:39 +01:00
Manuel Pégourié-Gonnard 0ac01a1c59 TLS: Add negative tests for non-EtM CBC decryption
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-07-03 12:49:10 +02:00
okhowang(王沛文) 0cd8e0f6a7 Only pass -Wformat-signedness to versions of GCC that support it.
Fixes #3478

Signed-off-by: okhowang(王沛文) <okhowang@tencent.com>
2020-07-03 16:51:14 +08:00
Manuel Pégourié-Gonnard 527b87890d
Merge pull request #3454 from gilles-peskine-arm/include-common-h-development
Include common.h from all library source files
2020-07-03 09:44:18 +02:00
Gilles Peskine bbb3664957 Documentation improvements
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-07-03 09:32:50 +02:00
Paul Elliott 06a28082af Add Changelog entry for PSA DH/ECC Macros rename
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2020-07-02 17:00:06 +01:00
Paul Elliott 75e27032d3 Rename DH Family Macros According to PSA Spec
Rename PSA_DH_GROUP_xxx to PSA_DH_FAMILY_xxx, also rename
PSA_KEY_TYPE_GET_GROUP to PSA_KEY_TYPE_DH_GET_FAMILY and rename
psa_dh_group_t to psa_dh_family_t. Old defines are provided in
include/crypto_compat.h for backward compatibility.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2020-07-02 16:59:49 +01:00
Paul Elliott 8ff510ac26 Rename ECC Family Macros According to PSA Spec
Rename PSA_ECC_CURVE_xxx to PSA_ECC_FAMILY_xxx, also rename
PSA_KEY_TYPE_GET_CURVE to PSA_KEY_TYPE_ECC_GET_FAMILY and rename
psa_ecc_curve_t to psa_ecc_family_t. Old defines are provided in
include/crypto_compat.h for backward compatibility.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2020-07-02 16:59:30 +01:00
Gilles Peskine e1c4362966 Remove redundant assignment
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-07-02 17:50:20 +02:00
Gilles Peskine 76dd3aa5bb Add comments explaining include paths
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-07-02 15:59:45 +02:00
Gilles Peskine 280165c9b3 Library files aren't supposed to be executable
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-07-02 13:19:17 +02:00
Gilles Peskine dedff7a57d CMake: Include the library directory for the sake of 3rdparty
"Include the library directory for the sake of 3rdparty" did the job
for Make and Visual Studio. This commit does the job for CMake.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-07-02 13:13:27 +02:00
Gilles Peskine 3ca8a9285e Factor common library properties
All libraries (should) rely on the same directory structure. Instead of
repeating the same clauses 6 times (3 libraries times 2 build modes), set
the include paths, compile definitions and install instructions with a
single piece of code.

Include the 3rdparty directory for all libraries, not just crypto. It's
currently only needed for crypto, but that's just happenstance.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-07-02 13:07:37 +02:00
Manuel Pégourié-Gonnard bfbdca8bb4 Merge branch 'development' into development-restricted
* development: (46 commits)
  Update ChangeLog header.
  Bump version to Mbed TLS 2.23.0
  Assemble changelog
  cmake: Add comment about mbedtls_test target
  programs: psa: Link against mbedcrypto not mbedtls
  Use mbedtls_test_unhexify in programs
  Rework mbedtls_test_unhexify()
  tests: Get rid of mbedtls_test_unhexify() in unit test code
  tests: ccm: Prepare to char* to data_t* type change
  tests: aes.ofb: Prepare to char* to data_t* type change
  tests: nist_kw: Prepare to char* to data_t* type change
  tests: chacha20: Prepare to char* to data_t* type change
  tests: hkdf: Prepare to char* to data_t* type change
  tests: aria: Prepare to char* to data_t* type change
  programs: Link to tests common code
  build: Add top-level mbedtls_test target
  programs: cmake: Use list of executables
  programs: cmake: Fix relative path warnings
  programs: ssl: cmake: Add missing executables
  programs: ssl: cmake: Reorder declaration of executables
  ...
2020-07-02 13:01:38 +02:00
Gilles Peskine 0d7216511f Fix erroneous skip of test cases for disabled ciphersuites
Test cases that force a specific ciphersuites are only executed if
this ciphersuite is enabled. But there are test cases (for RC4) whose
goal is to check that the ciphersuite is not used. These test cases
must run even if (or only if) the ciphersuite is disable, so add an
exception for these test cases.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-07-02 11:38:21 +02:00
Gilles Peskine db09ef6d22 Include common.h instead of config.h in library source files
In library source files, include "common.h", which takes care of
including "mbedtls/config.h" (or the alternative MBEDTLS_CONFIG_FILE)
and other things that are used throughout the library.

FROM=$'#if !defined(MBEDTLS_CONFIG_FILE)\n#include "mbedtls/config.h"\n#else\n#include MBEDTLS_CONFIG_FILE\n#endif' perl -i -0777 -pe 's~\Q$ENV{FROM}~#include "common.h"~' library/*.c 3rdparty/*/library/*.c scripts/data_files/error.fmt scripts/data_files/version_features.fmt

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-07-02 11:26:57 +02:00
Gilles Peskine 66c3dc44f2 Include the library directory for the sake of 3rdparty
When compiling library files under `3rdparty/`, the directory containing
the `.c` file that is being compiled is not the current directory, so
headers from the `library/` directory are not found. Fix this by
adding `.` to the include path.

This was not detected until now because as of this commit, no 3rdparty
source file requires a header under `library/`.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-07-02 11:26:57 +02:00
Janos Follath 41f20116da
Merge pull request #713 from ARMmbed/merge-2.23.0-release-to-development
Merge 2.23.0 release to development
2020-07-01 14:44:13 +01:00
Janos Follath be9a5752c2 Merge tag 'mbedtls-2.23.0' into merge-2.23.0-release-to-development
Mbed TLS 2.23.0
2020-07-01 11:23:17 +01:00
Janos Follath 3ede1737dc
Merge pull request #710 from ARMmbed/mbedtls-2.23.0r0-pr
Prepare Release Candidate for Mbed TLS 2.23.0
2020-06-30 12:08:49 +01:00
Janos Follath 13cba685be Update ChangeLog header.
Signed-off-by: Janos Follath <janos.follath@arm.com>
2020-06-29 22:48:24 +01:00
Janos Follath 0435cd8c23 Bump version to Mbed TLS 2.23.0
Executed "./scripts/bump_version.sh --version 2.23.0 --so-crypto 5"

A symbol has been removed from the mbedcrypto library since the last
release:
mbedtls_ecc_group_to_psa ( enum mbedtls_ecp_group_id grpid,
                           size_t* bits )

This is an ABI break and we need to increase the SO version.

Signed-off-by: Janos Follath <janos.follath@arm.com>
2020-06-29 22:41:30 +01:00
Janos Follath 1959010c4b Assemble changelog
Executed scripts/assemble_changelog.py and manually fixed style where it
diverged from the instructions in ChangeLog.d/00README.md.

Manually added ChangeLog.d/bugfix_PR3405 which didn't have the .txt
extension as prescribed in ChangeLog.d/00README.md and deleted it
afterwards.

Signed-off-by: Janos Follath <janos.follath@arm.com>
2020-06-29 22:35:07 +01:00
Gilles Peskine 82ac38ee5d
Merge pull request #3438 from ronald-cron-arm/programs-use-common-test-code
Add support to build and link test common code in programs
2020-06-29 10:29:36 +02:00
Ronald Cron dd6bdb5056 cmake: Add comment about mbedtls_test target
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-06-29 09:21:54 +02:00
Gilles Peskine 7eefa22fb1 Fix copypasta in test case descriptions
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-06-26 22:54:47 +02:00
Gilles Peskine b20b873bff Remove metadata tests for features that are not implemented
The metadata tests depend on the corresponding feature because there
is no guarantee that the metadata is correct if the feature is
disabled. There are metadata test cases for some algorithms and key
types that are declared but not supported. These test cases are
present but can never run.

It is debatable whether having these test cases is a good thing in
case they become runnable in the future, or a bad thing because
they're dead code. We're working on detecting test cases that are
never executed for accidental reasons (e.g. typo in a dependency or
missing configuration on the CI), and having test cases that are
deliberately never executed messes this up. So remove these test
cases. If we do implement the corresponding feature, it'll be easy to
add the corresponding metadata test cases.

The features that had metadata tests but no implementations were:

* SHA-512/256 and SHA-512/224 (hypothetical dependency: MBEDTLS_SHA512_256)
* DSA (hypothetical dependency: MBEDTLS_DSA_C)
* SHA-3 and HMAC-SHA-3 (hypothetical dependency: MBEDTLS_SHA3_C)

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-06-26 22:48:06 +02:00
Gilles Peskine af9dbc9213 Fix dependency in PSA test cases
The test cases were never executed.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-06-26 22:45:30 +02:00
Gilles Peskine a911b32e2f Fix dependency in AES GCM test case
The test case was never executed.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-06-26 22:40:58 +02:00
Gilles Peskine 961914df12
Merge pull request #3382 from stevew817/feature/volatile-keys-in-SE
Support volatile keys in external SE
2020-06-26 20:27:11 +02:00
Gilles Peskine 3d863f2631 Document the fields of TestCasesOutcomes
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-06-26 18:31:26 +02:00
Gilles Peskine 8d3c70a279 Check test case coverage
Check that every available test case in the test suites and ssl-opt.sh
has been executed at least once.

For the time being, only report a warning, because our coverage is
incomplete. Once we've updated all.sh to have full coverage, this
warning should become an error.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-06-26 18:29:34 +02:00
Gilles Peskine 15c2cbfed5 New script for test outcome analysis
This is a new script designed to analyze test outcomes collected
during a whole CI run.

This commit introduces the script, the code to read the outcome file,
and a very simple framework to report errors. It does not perform any
actual analysis yet.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-06-26 18:29:34 +02:00
Gilles Peskine 6f6ff3346d check_test_cases: move some functions into the logical class
With previous refactorings, some functions are now solely meant to be
called from other functions in a particular class. Move them into this
class.

No behavior change.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-06-26 18:29:30 +02:00
Gilles Peskine 78c45dbb0f check_test_cases: move "walk" functions into a class
Make the structure more Pythonic: use classes for abstraction and
refinement, rather than higher-order functions.

Convert walk(function, state, data) into instance.walk(data) where
instance has a method that implements function and state is a field of
instance.

No behavior change.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-06-26 18:29:25 +02:00
Manuel Pégourié-Gonnard 34c1e7d069 Add ChangeLog entry for base blinding protection
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-06-26 11:33:41 +02:00
Manuel Pégourié-Gonnard 750d3c76cb RSA: blind call to mpi_inv_mod() on secret value
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-06-26 11:22:18 +02:00
Manuel Pégourié-Gonnard b3e3d79e1a RSA: remove redundant GCD call in prepare_blinding()
inv_mod() already returns a specific error code if the value is not
invertible, so no need to check in advance that it is. Also, this is a
preparation for blinding the call to inv_mod(), which is made easier by
avoiding the redundancy (otherwise the call to gcd() would need to be blinded
too).

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-06-26 11:21:20 +02:00