Commit graph

1541 commits

Author SHA1 Message Date
Hanno Becker d03949e2a4 Remove md_wrap.c and md_internal.h 2019-09-09 09:45:57 +01:00
Hanno Becker 530387eaa3 Introduce getter functions for MD info fields
This commit continues the introduction of the MD digest implementation
abstraction layer given by `mbedtls_md_handle_t` by adding getter
functions returning the various properties of an implementation
(e.g. name, digest type, digest size). For the existing implementation,
these are just structure field accesses; however, in configurations
hardcoding the choice of a fixed digest algorithm, we'll be able to
implement them as inline functions returning compile-time constants.
2019-09-09 09:45:57 +01:00
Hanno Becker a5cedbcd3f Introduce MD handle type
As has been previously done for ciphersuites, this commit introduces
a zero-cost abstraction layer around the type

  mbedtls_md_info const *

whose valid values represent implementations of message digest algorithms.

Access to a particular digest implementation can be requested by name or
digest ID through the API mbedtls_md_info_from_xxx(), which either returns
a valid implementation or NULL, representing failure.

This commit replaces such uses of `mbedtls_md_info const *` by an abstract
type `mbedtls_md_handle_t` whose valid values represent digest implementations,
and which has a designated invalid value MBEDTLS_MD_INVALID_HANDLE.

The purpose of this abstraction layer is to pave the way for builds which
support precisely one digest algorithm. In this case, mbedtls_md_handle_t
can be implemented as a two-valued type, with one value representing the
invalid handle, and the unique valid value representing the unique enabled
digest.
2019-09-09 09:45:57 +01:00
Manuel Pégourié-Gonnard 505be8be4d Remove unnecessary depends in a test case 2019-09-09 10:21:30 +02:00
Manuel Pégourié-Gonnard 394c5fb24b Implement NO_SHA224 in MD layer as well 2019-09-09 10:21:30 +02:00
Manuel Pégourié-Gonnard 5a26ff3cf9 Declare dependencies on !NO_SHA224 in test suites 2019-09-09 10:21:30 +02:00
Hanno Becker d601854548 Fixup TinyCrypt Tests: Remove redundant guards 2019-09-04 16:19:49 +01:00
Hanno Becker 0e83f7252f TinyCrypt Test: Don't expect ECP error code
We want to be able to remove all legacy ECC entirely when using TinyCrypt.
In particular, we cannot rely on legacy ECC identifiers.
2019-09-04 16:17:45 +01:00
Hanno Becker 6e2fddec7e TinyCrypt Test: Disable det-ECDSA x509write test for TinyCrypt
TinyCrypt only implements non-deterministic ECDSA.
2019-09-04 16:17:45 +01:00
Hanno Becker 179c15f6b0 TinyCrypt Test: Add PK priv'key test for TinyCrypt-based Secp256r1
Even though exhaustive testing of TinyCrypt is left for later,
without this test we don't have any evidence that PK writing
works for TinyCrypt-based PK context.
2019-09-04 16:17:45 +01:00
Hanno Becker 3eb0ee23a0 TinyCrypt Test: Disable x509parse tests that don't apply to TC
TinyCrypt only supports Secp256r1, so skip all tests in test_suite_x509parse
which use different curves, while splitting those which rely on Secp256r1
alone into two tests: one for legacy ECC, and one for TinyCrypt.

Studying and improving the TinyCrypt test coverage is left for a later commit.
2019-09-04 16:17:45 +01:00
Hanno Becker 06e2bf6d01 TinyCrypt Test: Disable CRT print test in test_suite_debug if TC on 2019-09-04 16:17:45 +01:00
Hanno Becker fdd294a79f TinyCrypt Test: Skip pkwrite test cases that don't apply to TinyCrypt
The current pkwrite tests involving ECC all use curves different
from Secp256r1, so they don't apply to TinyCrypt.

Adding tests for TinyCrypt is left to a later commit.
2019-09-04 16:17:25 +01:00
Hanno Becker d84dbe559f TinyCrypt Test: Adapt pub/prv ECC key parsing tests to TinyCrypt 2019-09-04 16:17:25 +01:00
Hanno Becker c10c9bfc10 TinyCrypt Test: Add guards to ECDSA verify tests from PK test suite
- The underlying test vectors are for Secp192r1, while TinyCrypt uses Secp256r1.
- The test implementation is specific to the structure of legacy-ECC PK ctxs.

Addition of analogous tests for TinyCrypt-based ECC PK contexts are left
for a later commit.
2019-09-04 16:17:25 +01:00
Hanno Becker 251d7523fe TinyCrypt Test: Adapt 'PK utils: ECKEY' test in PK test suite 2019-09-04 16:17:25 +01:00
Hanno Becker f2bf115057 TinyCrypt Test: Initialize TinyCrypt RNG in test suites if enabled 2019-09-04 16:17:25 +01:00
Simon Butcher 42e4e723e8 Merge remote-tracking branch 'origin/pr/648' into baremetal 2019-09-04 12:42:35 +01:00
Hanno Becker df9633b21c Add missing dependency of RSA test on CTR DRBG 2019-09-03 08:59:05 +01:00
Manuel Pégourié-Gonnard fc8adbadb5 Merge branch 'mbedtls-2.16' into baremetal-2.16-20190827
* mbedtls-2.16: (21 commits)
  Exclude DTLS 1.2 only with older OpenSSL
  Document the rationale for the armel build
  Switch armel build to -Os
  Add a build on ARMv5TE in ARM mode
  Add changelog entry for ARM assembly fix
  bn_mul.h: require at least ARMv6 to enable the ARM DSP code
  Changelog entry for test certificates update
  Change worktree_rev to HEAD for rev-parse
  Add ChangeLog entry for entropy_nv_seed test case fix
  entropy_nv_seed: cope with SHA-256
  entropy_nv_seed: clean up properly
  Add ChangeLog entry for undefined behavior fix in test_suite_nist_kw
  Don't call memset after calloc
  Adapt ChangeLog
  ECP restart: Don't calculate address of sub ctx if ctx is NULL
  Update certificates to expire in 2029
  Update soon to be expired crl
  Test that a shared library build produces a dynamically linked executable
  Test that the shared library build with CMake works
  Add a test of MBEDTLS_CONFIG_FILE
  ...
2019-08-30 13:08:33 +02:00
Teppo Järvelin 4009d8f377 Make function mbedtls_ssl_set_hostname(...) as optional
Now function mbedtls_ssl_set_hostname is compile-time configurable
in config.h with define MBEDTLS_X509_REMOVE_HOSTNAME_VERIFICATION.
This affects to many x509 API's. See config.h for details.
2019-08-27 10:47:08 +03:00
Simon Butcher 434ab19164 Merge remote-tracking branch 'origin/pr/629' into baremetal 2019-08-14 16:53:13 +01:00
Simon Butcher 0863b2a259 Merge remote-tracking branch 'origin/pr/612' into baremetal 2019-08-14 16:50:13 +01:00
Gilles Peskine c1b621c5cb Merge remote-tracking branch 'upstream-public/pr/2754' into mbedtls-2.16 2019-08-14 16:00:01 +02:00
Hanno Becker 572d448ab2 Enforce NULL context for hardcoded RNG 2019-08-12 17:05:03 +01:00
Gilles Peskine a60dc25e9f
Merge pull request #2419 from RonEld/Backport2.16_2734
Backport 2.16: Update soon to be expired crl
2019-08-03 13:38:20 +02:00
Gilles Peskine 1e3eb28ae3
Merge pull request #2735 from hanno-arm/skip_test-2.16
2.16: Add TEST_ASSUME macro to allow skipping tests at runtime
2019-08-03 13:37:59 +02:00
Manuel Pégourié-Gonnard 39581c7cf4 Merge branch 'mbedtls-2.16' into baremetal-2.16-20190801
* mbedtls-2.16:
  Fix parsing issue when int parameter is in base 16
  Refactor receive_uint32()
  Refactor get_byte function
  Make the script portable to both pythons
  Update the test encoding to support python3
  update the test script
  tests: Limit each log to 10 GiB
2019-08-01 11:05:18 +02:00
Hanno Becker 8844055b0e Remove compression field from SSL session if compression disabled 2019-08-01 10:11:20 +02:00
Hanno Becker af5d8abf26 Don't call memset on NULL pointer in NIST KW test suite
Note: There's no need to call `memset()` after `calloc()`
because `calloc()` includes zeroization.
2019-07-22 11:15:12 +01:00
Gilles Peskine 756b3f2c25 entropy_nv_seed: cope with SHA-256
This test case was only executed if the SHA-512 module was enabled and
MBEDTLS_ENTROPY_FORCE_SHA256 was not enabled, so "config.pl full"
didn't have a chance to reach it even if that enabled
MBEDTLS_PLATFORM_NV_SEED_ALT.

Now all it takes to enable this test is MBEDTLS_PLATFORM_NV_SEED_ALT
and its requirements, and the near-ubiquitous MD module.
2019-07-19 17:43:03 +02:00
Gilles Peskine 0450eecfae entropy_nv_seed: clean up properly
Call mbedtls_entropy_free on test failure.

Restore the previous NV seed functions which the call to
mbedtls_platform_set_nv_seed() changed. This didn't break anything,
but only because the NV seed functions used for these tests happened
to work for the tests that got executed later in the .data file.
2019-07-19 17:43:03 +02:00
Gilles Peskine fc41bd7f35 Don't call memset after calloc
memset has undefined behavior when either pointer can be NULL, which
is the case when it's the result of malloc/calloc with a size of 0.
The memset calls here are useless anyway since they come immediately
after calloc.
2019-07-19 17:42:47 +02:00
Hanno Becker 90f7b75354 Fix unused variable warning in SSL test suite 2019-07-12 15:15:08 +01:00
Hanno Becker ac8c984784 SSL tests: Skip tests using version not matching hardcoded version 2019-07-12 15:15:08 +01:00
Hanno Becker 930fbf60d6 Add TEST_ASSUME macro to allow skipping tests at runtime
This commit adds a macro TEST_ASSUME to the test infrastructure
which allows to skip tests based on unmet conditions determined
at runtime.
2019-07-12 15:15:08 +01:00
Ron Eldor e81ff54881 Refactor receive_uint32()
Call `greentea_getc()` 8 times, and then `unhexify` once, instead of
calling `receive_byte()`, which inside calls `greentea_getc()` twice,
for every hex digit.
2019-07-11 14:36:34 +03:00
Ron Eldor 3dd77909d3 Refactor get_byte function
Change implementation of `get_byte()` to call `unhexify()`.
2019-07-11 14:36:27 +03:00
Ron Eldor b43fe57d34 Update the test encoding to support python3
Since Python3 handles encoding differently than Python2,
a change in the way the data is encoded and sent to the target is needed.
1. Change the test data to be sent as hex string
2. Convert the characters to binary bytes.

This is done because the mbed tools translate the encoding differently
(mbed-greentea, and mbed-htrunner)
2019-07-11 14:36:13 +03:00
Ron Eldor 36503922a0 Update certificates to expire in 2029
Update certificates that expire on 2021, to prolong their validity,
to make tests pass three years ahead.
2019-07-10 18:35:10 +03:00
Hanno Becker e02758c9c8 Remove ciphersuite from SSL session if single suite hardcoded
If MBEDTLS_SSL_SINGLE_CIPHERSUITE is enabled, the type

  mbedtls_ssl_ciphersuite_handle_t

is logically a boolean (concretely realized as `unsigned char`),
containing the invalid handle and the unique valid handle, which
represents the single enabled ciphersuite.

The SSL session structure mbedtls_ssl_session contains an instance
of mbedtls_ssl_ciphersuite_handle_t which is guaranteed to be valid,
and which is hence redundant in any two-valued implementation of
mbedtls_ssl_ciphersuite_handle_t.

This commit replaces read-uses of

  mbedtls_ssl_session::ciphersuite_info

by a getter functions which, and defines this getter function
either by just reading the field from the session structure
(in case MBEDTLS_SSL_SINGLE_CIPHERSUITE is disabled), or by
returning the single valid ciphersuite handle (in case
MBEDTLS_SSL_SINGLE_CIPHERSUITE is enabled) and removing the
field from mbedtls_ssl_session in this case.
2019-07-08 11:23:24 +01:00
Hanno Becker d3369f6d01 Add TEST_ASSUME macro to allow skipping tests at runtime
This commit adds a macro TEST_ASSUME to the test infrastructure
which allows to skip tests based on unmet conditions determined
at runtime.
2019-07-05 13:41:08 +01:00
Manuel Pégourié-Gonnard de8869c529 Merge remote-tracking branch 'restricted/pr/608' into baremetal-proposed
* restricted/pr/608:
  programs: Make `make clean` clean all programs always
  ssl_tls: Enable Suite B with subset of ECP curves
  windows: Fix Release x64 configuration
  timing: Remove redundant include file
  net_sockets: Fix typo in net_would_block()
  Add all.sh component that exercises invalid_param checks
  Remove mbedtls_param_failed from programs
  Make it easier to define MBEDTLS_PARAM_FAILED as assert
  Make test suites compatible with #include <assert.h>
  Pass -m32 to the linker as well
  Update library to 2.16.2
  Use 'config.pl baremetal' in all.sh
  Clarify ChangeLog entry for fix to #1628
  Fix #2370, minor typos and spelling mistakes
  Add Changelog entry for clang test-ref-configs.pl fix
  Enable more compiler warnings in tests/Makefile
  Change file scoping of test helpers.function
2019-07-03 10:31:46 +02:00
Hanno Becker abd929c89c Merge branch 'mbedtls-2.16' into baremetal-2.16-01_07_19 2019-07-01 11:25:42 +01:00
Hanno Becker 7ab8a2e2a0 Add X.509 CRT test for nested calls for CRT frame / PK acquire 2019-06-28 15:52:54 +01:00
Hanno Becker 7c5fbbeec0 Reduce number of parallel workers in X.509 CRT threading test
The previous tests used 100 parallel workers which for EC certificates
leads to a memory usage of more than 1Mb, hence leading to an out of memory
condition in tests using the memory buffer allocator which has a pool of 1Mb.

Use 25 workers but an increased number of iterations per worker instead.
2019-06-25 09:11:11 +01:00
Hanno Becker d687ef0a91 Move X.509 threading test to separate test suite
This allows to build the library + tests via `make` without
specifying `PTHREAD=1`, in which case the X.509 threading
test suite will be silently dropped.

This is analogous to the pre-existing handling of the example
application `ssl_pthread_server`, which is only build if `PTHREAD=1`
and silently dropped otherwise.
2019-06-25 09:10:57 +01:00
Hanno Becker fd8b7bd63f Add concurrent X.509 CRT verification test
This commit enhances the X.509 parsing test suite by a test
which exercises multiple threads concurrently verifying the
same certificate with the same set of trusted roots.
2019-06-25 09:10:57 +01:00
Hanno Becker 5f268b3cf6 Don't allow change of CRT frame returned by x509_crt_frame_acquire() 2019-06-25 09:10:57 +01:00
Hanno Becker 54f1c2cb20 Rename MBEDTLS_X509_SAFE_SNPRINTF_WITH_ERROR to _WITH_CLEANUP 2019-06-25 09:10:57 +01:00