Commit graph

11335 commits

Author SHA1 Message Date
Janos Follath 6c6c8fceaa Improve style 2019-06-26 09:15:08 +01:00
Gilles Peskine 1468da76a5 Convert derive_output to the new KDF API 2019-06-26 09:15:08 +01:00
Janos Follath 6660f0eb98 Add TLS 1.2 PSK master secret generation 2019-06-26 09:15:08 +01:00
Janos Follath 51f4a0f9ac Style: enforce 80 column limit 2019-06-26 09:15:08 +01:00
Janos Follath c56215163f Simplify psa_key_derivation_input_bytes
The specific key derivation input functions support a subset of the
input options and need to check it anyway. Checking it at the top level
is redundant, it brings a very little value and comes with a cost in
code size and maintainability.
2019-06-26 09:15:08 +01:00
Janos Follath adbec81cc4 Remove the deprecated PSA_ALG_SELECT_RAW option
This change affects the psa_key_derivation_s structure. With the buffer
removed from the union, it is empty if MBEDTLS_MD_C is not defined.

We can avoid undefined behaviour by adding a new dummy field that is
always present or make the whole union conditional on MBEDTLS_MD_C.

In this latter case the initialiser macro has to depend on MBEDTLS_MD_C
as well. Furthermore the first structure would be either
psa_hkdf_key_derivation_t or psa_tls12_prf_key_derivation_t both of
which are very deep and would make the initialisation macro difficult
to maintain, therefore we go with the first option.
2019-06-26 09:15:08 +01:00
Janos Follath a27c927d4a Add test for psa_key_derivation_set_capacity
This commit restores the test coverage to the level before adapting the
derive_setup tests.
2019-06-26 09:15:08 +01:00
Janos Follath 16de4a4017 Adapt the derive_setup tests to the new API
Part of the tests are adapted in this commit, another part is already
covered by the derive_input tests and some of them are not applicable to
the new API (the new API does not request capacity at the setup stage).

The test coverage temporarily drops with this commit, the two test cases
conserning capacity will be re-added in a later commit.
2019-06-26 09:15:08 +01:00
Janos Follath ba3fab9074 Adapt derive_key_policy test to the new API 2019-06-26 09:15:08 +01:00
Janos Follath 63028dd906 Add label input for psa_tls12_prf_input 2019-06-26 09:15:08 +01:00
Janos Follath 8155054e28 Add key import for psa_tls12_prf_input 2019-06-26 09:15:08 +01:00
Janos Follath f08e2654ed Add seed input for psa_tls12_prf_input 2019-06-26 09:15:08 +01:00
Janos Follath ef83f5e98e Move raw key derivation input to a new function 2019-06-26 09:15:08 +01:00
Janos Follath b80a94e2ea Rename psa_key_derivation_input_raw
The function dispatches between all the available methods and
does not just handle the raw key derivation case like the name suggests.
2019-06-26 09:15:08 +01:00
Janos Follath 4b7effd35a Add more tests for TLS 1.2 PRF input 2019-06-26 09:15:08 +01:00
Janos Follath 99dd6acdce Add test cases for derive_input
In the 1.0 API some functionality has been split from the
psa_key_derivation_setup() function and is now done with the
psa_key_derivation_input_*() functions. The new tests maintain the
existing test coverage of this functionality.
2019-06-26 09:15:08 +01:00
Janos Follath af3c2a0700 Add a test for psa_key_derivation_input 2019-06-26 09:15:08 +01:00
Janos Follath b03233e196 Add stubs for psa_tls12_prf_input 2019-06-26 09:15:08 +01:00
Janos Follath 6a1d262803 Adapt psa_key_derivation_abort to the new context 2019-06-26 09:15:08 +01:00
Janos Follath 999f648437 Add new psa_tls12_prf_key_derivation_t
As part of adapting TLS 1.2 key derivation to the PSA 1.0 API we need to
change the context structure.
2019-06-26 09:15:08 +01:00
Janos Follath e3e8166cdd Move PSA_PRE_1_0_KEY_DERIVATION to crypto_struct.h
We want to make the PRF context structure depend on this flag, but
crypto_extra.h is included after crypto_struct.h and having the
option at its original place would not affect crypto_struct.h.
2019-06-26 09:15:08 +01:00
Janos Follath 083036af64 Safely erase key material upon abort
Some key derivation operation contexts (like
psa_tls12_prf_key_derivation_t) directly contain buffers with parts of
the derived key. Erase them safely as part of the abort.
2019-06-26 09:15:58 +01:00
Janos Follath 71a4c9125b Add flag for removing deprecated API
Add the compile time option PSA_PRE_1_0_KEY_DERIVATION. If this is not
turned on, then the function `psa_key_derivation()` is removed.

Most of the tests regarding key derivation haven't been adapted to the
new API yet and some of them have only been adapted partially. When this
new option is turned off, the tests using the old API and test cases
using the old API of partially adapted tests are skipped.

The sole purpose of this option is to make the transition to the new API
smoother. Once the transition is complete it can and should be removed
along with the old API and its implementation.
2019-06-26 09:15:08 +01:00
Philippe Antoine cf8fdfd8e1 Documentation for corpus generation 2019-06-25 22:06:35 +02:00
Philippe Antoine 1c582c3b8b Restore tests/fuzz/Makefile after in-tree cmake
Save and restore the Makefile in tests/fuzz like the other makefiles.
2019-06-25 21:55:21 +02:00
Philippe Antoine adc23e6132 Adding ifdefs to avoid warnings for unused globals 2019-06-25 21:53:12 +02:00
Philippe Antoine cd2c127f75 Adds LDFLAGS fsanitize=address 2019-06-25 21:50:07 +02:00
Gilles Peskine c2d56a4446 Allow declarations after statements
We officially allow C99, so don't forbid this C99 feature.
2019-06-25 18:52:06 +02:00
Jaeden Amero ab83fdf944 CMake: Add a subdirectory build regression test
If we have a regression with the "build Mbed TLS as a subdirectory with
CMake" feature and fail to build, fail the test.
2019-06-25 15:21:24 +01:00
Jaeden Amero 41421c4797 README: Enable builds as a CMake subproject
Update the README with information on a newly supported feature: the
ability to build Mbed TLS as a subproject of another CMake project.
2019-06-25 13:34:12 +01:00
Jaeden Amero 33b6a99d4d ChangeLog: Enable builds as a CMake subproject 2019-06-25 13:34:11 +01:00
Ashley Duncan 3278081428 Remove use of CMAKE_SOURCE_DIR
Remove use of CMAKE_SOURCE_DIR in case mbedtls is built from within
another CMake project. Define MBEDTLS_DIR to ${CMAKE_CURRENT_SOURCE_DIR}
in the main CMakeLists.txt file and refer to that when defining target
include paths to enable mbedtls to be built as a sub project.

Fixes #2609

Signed-off-by: Ashley Duncan <ashes.man@gmail.com>
Signed-off-by: Jaeden Amero <jaeden.amero@arm.com>
2019-06-25 13:33:51 +01:00
Ron Eldor 72662a495c Refactor receive_uint32()
Call `greentea_getc()` 8 times, and then `unhexify` once, instead of
calling `receive_byte()`, which inside calls `greentea_getc()` twice,
for every hex digit.
2019-06-25 14:56:44 +03:00
Ron Eldor b220489422 Refactor get_byte function
Change implementation of `get_byte()` to call `unhexify()`.
2019-06-25 14:56:44 +03:00
Ron Eldor 64e45950de Make the script portable to both pythons
Make the script work for python3 and for python2
2019-06-25 14:56:43 +03:00
Ron Eldor 5075f4df18 Update the test encoding to support python3
Since Python3 handles encoding differently than Python2,
a change in the way the data is encoded and sent to the target is needed.
1. Change the test data to be sent as hex string
2. Convert the characters to binary bytes.

This is done because the mbed tools translate the encoding differently
(mbed-greentea, and mbed-htrunner)
2019-06-25 14:56:01 +03:00
Ron Eldor 33908e8429 update the test script
Update `mbedtls_test.py` script to work with Python 3.7.
resolves #2653
2019-06-25 14:55:43 +03:00
Gilles Peskine ed87d31d7d Specify the order of inputs for TLS-1.2 KDFs
From the implementation point of view does not make much difference to
constrain the input order.

We constrain it because, this way the code is easier to review, the data
flow easier to understand and the implementations in general are easier
to validate.
2019-06-25 12:02:31 +01:00
Gilles Peskine 8f2a6dcc25 Support PSA_KEY_DERIVATION_INPUT_SEED 2019-06-25 12:02:31 +01:00
Gilles Peskine 7a52464fba Driver registration: more future-proof bad-version test 2019-06-24 19:58:12 +02:00
Gilles Peskine 45a8ca373c Fix typos in function argument names 2019-06-24 19:55:49 +02:00
Gilles Peskine 55a6acfe4d Add negative tests for driver registration 2019-06-24 19:55:49 +02:00
Gilles Peskine d089021128 Unregister drivers on library deinitialization 2019-06-24 19:55:48 +02:00
Gilles Peskine a899a72fd0 Implement the secure element driver registration function 2019-06-24 19:55:44 +02:00
Gilles Peskine bc2adf94a8 Fix minor type choice inconsistency 2019-06-24 15:45:09 +02:00
Sébastien Duquette 661d725044 Deref pointer when using sizeof in x509_get_other_name
Fix for #2716.
2019-06-24 09:17:18 -04:00
Gilles Peskine 2c2243dc0b Smoke test for secure element driver registration 2019-06-24 14:29:28 +02:00
Gilles Peskine d910e928e8 Declare a function to register a secure element driver 2019-06-24 14:10:24 +02:00
Gilles Peskine b6cadea6a5 Secure element driver structure
Define a structure type containing all the methods of a secure element
driver.
2019-06-24 14:10:24 +02:00
Gilles Peskine e6d5781ef4
Merge pull request #132 from gilles-peskine-arm/mbedtls-stats-api
Test that closing a handle reclaims its resources
2019-06-24 10:52:43 +02:00