Commit graph

2543 commits

Author SHA1 Message Date
Hanno Becker f1931760d8 Move test of mbedtls_camellia_free() to separate test
The acceptance of NULL should be tested regardless of the
setting of MBEDTLS_CHECK_PARAMS.
2018-12-19 12:47:55 +00:00
Hanno Becker ff62f44ad7 Remove duplicated parameter check in CAMELLIA module 2018-12-19 12:47:55 +00:00
Hanno Becker e939de7247 Minor fixes to Camellia parameter validation 2018-12-19 12:47:55 +00:00
Hanno Becker 75788371df Test parameter validation for CAMELLIA module 2018-12-19 12:47:55 +00:00
Gilles Peskine e146e7dbae Don't use TEST_VALID_PARAM with a value
TEST_VALID_PARAM is only for functions that return void. This commit
fixes the build with clang -Wunused-comparison.
2018-12-19 13:21:22 +01:00
Hanno Becker 1959535038 Add parameter validation test for mbedtls_ecp_check_pub_priv() 2018-12-19 08:52:08 +00:00
Hanno Becker 549e455a42 Add parameter validation test for mbedtls_ecp_gen_privkey() 2018-12-19 08:52:02 +00:00
Hanno Becker 0a4fa9b1fb Add parameter validation test for mbedtls_ecp_check_budget() 2018-12-19 08:51:58 +00:00
Hanno Becker 807c107c3c Fix typos in ECP test suite 2018-12-19 08:51:55 +00:00
Simon Butcher 54b789aa74 Merge remote-tracking branch 'public/pr/2298' into development 2018-12-19 08:08:14 +00:00
Gilles Peskine 78438e4109 Test parameter validation for pk, pkparse and pkwrite 2018-12-19 00:55:47 +01:00
Hanno Becker 59274d43cb Remove unnecessary call to mbedtls_mpi_free() in MPI tests 2018-12-18 23:27:03 +00:00
Hanno Becker b48e1aa846 Add separate test for mbedtls_mpi_free() accepting NULL 2018-12-18 23:25:01 +00:00
Jaeden Amero ee427b26d4 tests: Backup config.h before modifying it
It's good to make a backup of config.h before modifying it, so that when
"cleanup" runs the next test has a clean default config.h to start from.

Fixes 840af0a9ae ("Add tests to all.sh for CHECK_PARAMS edge cases")
2018-12-18 21:14:28 +00:00
Hanno Becker e118504a5f Numerous minor improvements to bignum documentation 2018-12-18 18:12:13 +00:00
Hanno Becker 56b661cbf8 Add test that mbedtls_mpi_free() accepts NULL parameter 2018-12-18 18:12:13 +00:00
Hanno Becker afb607b9db Add tests for parameter validation in MPI module 2018-12-18 18:12:13 +00:00
Hanno Becker d22df58a56 Add missing guards around SHA-1 tests 2018-12-18 17:02:03 +00:00
Hanno Becker adc9b178ca Minor improvements to DHM module 2018-12-18 16:59:09 +00:00
Hanno Becker 8c8a93c574 Test parameter validation for DHM module 2018-12-18 16:59:09 +00:00
Hanno Becker 4fbd4bf442 Fix guard in SHA-512 tests 2018-12-18 16:37:43 +00:00
Hanno Becker 36beb04fd5 Add tests or SHA-256 parameter validation 2018-12-18 16:31:06 +00:00
Hanno Becker 686c9a0e8d Test SHA-512 parameter validation 2018-12-18 15:33:14 +00:00
Hanno Becker a994b2379f Test that xxx_free() functions accept NULL parameter 2018-12-18 15:30:30 +00:00
Hanno Becker ae2ff02ff1 Add tests for ChaChaPoly parameter validation
Parameter validation was previously performed and tested unconditionally
for the ChaCha/Poly modules. This commit therefore only needs go guard the
existing tests accordingly and use the appropriate test macros for parameter
validation.
2018-12-18 15:30:30 +00:00
Hanno Becker af05a90349 Test parameter validation in ECDSA module 2018-12-18 14:31:50 +00:00
Hanno Becker 491db772c3 Test parameter validation for ECJPAKE module 2018-12-18 14:31:18 +00:00
Hanno Becker 4c818483b2 Test parameter validation for ECDH module 2018-12-18 14:30:39 +00:00
Hanno Becker b06f193d73 Add missing cases to RSA parameter validation test 2018-12-18 14:05:20 +00:00
Hanno Becker 05cf6dabb8 Add missing test for mbedtls_rsa_pkcs1_sign() 2018-12-18 13:38:05 +00:00
Hanno Becker f04d923834 Test mbedtls_rsa_gen_key() with NULL ctx/RNG separately 2018-12-18 13:38:05 +00:00
Hanno Becker 71cd6c7ba9 Remove duplicate test in RSA parameter validation test 2018-12-18 13:38:05 +00:00
Hanno Becker a7ee00225b Test mbedtls_rsa_init() with invalid padding 2018-12-18 13:38:05 +00:00
Hanno Becker 046d2024c5 Test parameter validation for RSA module 2018-12-18 13:38:05 +00:00
Hanno Becker 57b684f9d1 Add separate test for xxx_free() functions in ECP module 2018-12-18 13:00:48 +00:00
Hanno Becker 12dff0352b Test parameter validation for ECP module 2018-12-18 13:00:48 +00:00
Manuel Pégourié-Gonnard 488d9309fc Fix unused param warnings in test function 2018-12-18 13:05:49 +01:00
Hanno Becker 0e24473b94 Test parameter validation in SHA-1 module 2018-12-18 11:37:28 +00:00
Manuel Pégourié-Gonnard e55e103bfe Fix off-by-one in iv_off check and add tests 2018-12-18 12:22:40 +01:00
Manuel Pégourié-Gonnard ab6b9758d6 Improve constant naming in test functions 2018-12-18 12:22:40 +01:00
Manuel Pégourié-Gonnard 2bc535be86 Add parameter validation for AES-CTR 2018-12-18 12:22:40 +01:00
Manuel Pégourié-Gonnard 8e41eb7187 Add parameter validation for AES-OFB 2018-12-18 12:22:40 +01:00
Manuel Pégourié-Gonnard 1677cca54b Add parameter validation for AES-CFB functions 2018-12-18 12:22:40 +01:00
Manuel Pégourié-Gonnard 191af1313a Add param validation for mbedtls_aes_crypt_xts() 2018-12-18 12:22:40 +01:00
Manuel Pégourié-Gonnard 3178d1a997 Add param validation for mbedtls_aes_crypt_cbc() 2018-12-18 12:22:40 +01:00
Manuel Pégourié-Gonnard 1aca260571 Add parameter validation for mbedtls_aes_crypt_ecb() 2018-12-18 12:22:40 +01:00
Manuel Pégourié-Gonnard 68e3dff3f1 Add parameter validation XTS setkey functions 2018-12-18 12:22:40 +01:00
Manuel Pégourié-Gonnard af0c6cb9e0 Fix missing guard on XTS function in tests 2018-12-18 12:02:52 +01:00
Hanno Becker 6640b0d9a3 Undo deprecation of MBEDTLS_ERR_BLOWFISH_INVALID_INPUT_LENGTH 2018-12-18 09:53:14 +00:00
Hanno Becker 938f9e9bdb Undo deprecation of MBEDTLS_ERR_CAMELLIA_INVALID_INPUT_LENGTH
Merging MBEDTLS_ERR_CAMELLIA_INVALID_INPUT_LENGTH and
MBEDTLS_ERR_CAMELLIA_INVALID_KEY_LENGTH is an API break.
2018-12-18 09:50:57 +00:00
Hanno Becker d2f3a00062 Introduce single BLOWFISH error code for bad input data
Deprecate the old specific error codes
* MBEDTLS_ERR_BLOWFISH_INVALID_KEY_LENGTH
* MBEDTLS_ERR_BLOWFISH_INVALID_INPUT_LENGTH
2018-12-17 13:26:37 +00:00
Hanno Becker 4c029d09be Introduce single CAMELLIA error code for bad input data
Deprecate the old specific error codes
* MBEDTLS_ERR_CAMELLIA_INVALID_KEY_LENGTH
* MBEDTLS_ERR_CAMELLIA_INVALID_INPUT_LENGTH
2018-12-17 13:26:33 +00:00
Gilles Peskine c8fff7b2e7 Declare test_suite_aes.ofb to CMake 2018-12-14 18:30:41 +01:00
Gilles Peskine ac372cc687 Add a facility to skip running some test suites
With the build option SKIP_TEST_SUITES=..., the specified test suites
are built, but skipped when running tests. Usage:
    make check SKIP_TEST_SUITES=timing,gcm
or
    cmake -D SKIP_TEST_SUITES=timing,gcm ...

The list can be separated by any of space, comma or semicolon, and each
element can be a regular expression in ERE syntax except that "." stands
for itself. Skipping "foo" skips not only "foo" itself but also
any "foo.bar", but does not skip "foobar".
2018-12-14 18:29:28 +01:00
Gilles Peskine 15db850fe9 run-test-suites: update the documentation
Update the documentation to mention the optional verbosity level with -v.

Print the documentation on --help.

Die on an unsupported option.
2018-12-14 18:23:13 +01:00
Manuel Pégourié-Gonnard e7306d30a9 Improve some documentation and ChangeLog entry 2018-12-13 09:45:49 +01:00
Manuel Pégourié-Gonnard a4251f4775 Test aes_free( NULL ) unconditionally 2018-12-12 12:04:51 +01:00
Manuel Pégourié-Gonnard 54e7f312d3 Make TEST_VALID_PARAM() available unconditionally 2018-12-12 11:56:09 +01:00
Manuel Pégourié-Gonnard aae10fa427 Fix some whitespace issues 2018-12-12 10:24:19 +01:00
Manuel Pégourié-Gonnard cd2b29cd12 Improve wording in documentation and ChangeLog 2018-12-12 10:23:57 +01:00
Manuel Pégourié-Gonnard 9b8ea89ae5 Fix a few style / whitespace issues 2018-12-11 12:28:56 +01:00
Manuel Pégourié-Gonnard acfdc623d2 Fix test macro that was too lenient
Previously, one could change the definition of AES_VALIDATE_RET() to return
some other code than MBEDTLS_ERR_AES_BAD_INPUT_DATA, and the test suite
wouldn't notice. Now this modification would make the suite fail as expected.
2018-12-11 12:28:56 +01:00
Manuel Pégourié-Gonnard 840af0a9ae Add tests to all.sh for CHECK_PARAMS edge cases 2018-12-11 12:28:56 +01:00
Manuel Pégourié-Gonnard 44c5d58d05 Document AES functions and fix free() functions 2018-12-11 12:28:56 +01:00
Manuel Pégourié-Gonnard a2b0e27378 Skip param validation tests if custom macro used
The test framework for validation of parameters depends on the macro
MBEDTLS_PARAM_FAILED() being set to its default value when building the
library. So far the test framework attempted to define this macro but this was
the wrong place - this definition wouldn't be picked by the library.

Instead, a different approach is taken: skip those tests when the macro is
defined in config.h, as in that case we have no way to know if it will indeed
end up calling mbedtls_param_failed() as we need it to.

This commit was tested by manually ensuring that aes_invalid_params:

- passes (and is not skipped) in the default configuration
- is skipped when MBEDTLS_PARAM_FAILED() is defined in config.h
2018-12-11 12:28:56 +01:00
Manuel Pégourié-Gonnard 3ef6a6dc5c Fix const-ness in mbedtls_param_failed()
The previous prototype gave warnings are the strings produced by #cond and
__FILE__ are const, so we shouldn't implicitly cast them to non-const.

While at it modifying most example programs:
- include the header that has the function declaration, so that the definition
  can be checked to match by the compiler
- fix whitespace
- make it work even if PLATFORM_C is not defined:
    - CHECK_PARAMS is not documented as depending on PLATFORM_C and there is
      no reason why it should
    - so, remove the corresponding #if defined in each program...
    - and add missing #defines for mbedtls_exit when needed

The result has been tested (make all test with -Werror) with the following
configurations:

- full with    CHECK_PARAMS with    PLATFORM_C
- full with    CHECK_PARAMS without PLATFORM_C
- full without CHECK_PARAMS without PLATFORM_C
- full without CHECK_PARAMS with    PLATFORM_C

Additionally, it has been manually tested that adding

    mbedtls_aes_init( NULL );

near the normal call to mbedtls_aes_init() in programs/aes/aescrypt2.c has the
expected effect when running the program.
2018-12-11 12:28:56 +01:00
Manuel Pégourié-Gonnard 8e661bf6a8 Fix arity of the PARAM_FAILED() macro and function
It was inconsistent between files: sometimes 3 arguments, sometimes one.

Align to 1 argument for the macro and 3 for the function, because:
- we don't need 3 arguments for the macro, it can add __FILE__ and __LINE__
  in its expansion, while the function needs them as parameters to be correct;
- people who re-defined the macro should have flexibility, and 3 arguments
  can give the impression they they don't have as much as they actually do;
- the design document has the macro with 1 argument, so let's stick to that.
2018-12-11 12:28:56 +01:00
Simon Butcher 249b3d6efe Remove use of the macro TEST_FN from the AES test suite
The TEST_FN macro is now redundant and no longer necessary.
2018-12-11 12:28:56 +01:00
Simon Butcher 6542f6c597 Change the use of setjmp/longjmp in parameter failure callback
Change the use of setjmp and longjmp in signalling parameter validation failures
when using the MBEDTLS_CHECK_PARAMS config.h option. This change allows
all calls which might result in a call to the parameter validation failure
handler to always be caught, even without use of the new macros, by placing a
setjmp() in the outer function which calls the test function, which the handler
can jump to.

This has several benefits:
    * it allows us to remove the clang compiler warning (-Wclobbered) caused
      by local auto variables being in the same function as the call to setjmp.
    * removes the need to wrap all function calls in the test functions with the
      TEST_ASSERT() macro. Now all parameter validation function calls should be
      caught.
2018-12-11 12:28:56 +01:00
Simon Butcher 747f5fe3e2 Add disabling of gcc 'clobbered' warning
With gcc, use of setjmp() was triggering warnings about use of auto variables
being clobbered.
2018-12-11 12:28:56 +01:00
Simon Butcher a646345e3f Add additional parameter validation tests for the AES module
This adds additional tests to validate the AES module parameter validation
checks which are enabled using the MBEDTLS_CHECK_PARAMS option.
2018-12-11 12:28:56 +01:00
Jaeden Amero faafcd83a8 Merge remote-tracking branch 'upstream-public/pr/2223' into development 2018-12-07 16:16:24 +00:00
Jaeden Amero fedb407a3f Merge remote-tracking branch 'upstream-public/pr/2208' into development 2018-12-07 16:16:04 +00:00
Jaeden Amero 52ed0b9030 Merge remote-tracking branch 'upstream-public/pr/2101' into development 2018-12-07 16:15:31 +00:00
Jaeden Amero d07ef47150 Merge remote-tracking branch 'upstream-public/pr/2061' into development 2018-12-07 16:07:21 +00:00
Jaeden Amero 60ca6e58b6 test: Make basic-build-test.sh see summary statuses
We've changed the behavior of "-v" to no longer output test summary
statuses. Update basic-build-test.sh to use the test runner's verbosity
option "-v 2", so that the basic-build-test.sh script can get the summary
statuses it needs.
2018-12-07 13:06:24 +00:00
Jaeden Amero 8ef1f48a52 Merge remote-tracking branch 'upstream-public/pr/2219' into development 2018-12-06 16:16:36 +00:00
Jaeden Amero 3c0941ec64 Merge remote-tracking branch 'upstream-public/pr/2172' into development 2018-12-06 16:09:08 +00:00
Jaeden Amero 41722ec29e Merge remote-tracking branch 'upstream-public/pr/1958' into development 2018-12-06 15:53:56 +00:00
Jaeden Amero 643e0027d6 Merge remote-tracking branch 'upstream-public/pr/1548' into development 2018-12-06 15:51:29 +00:00
Janos Follath 36c5f7fe9b ECDH: Hide context from tests
The tests for the ECDH key exchange that use the context accessed it
directly. This can't work with the new context, where we can't make any
assumptions about the implementation of the context. This commit works
around this problem and comes with the cost of allocating an extra
structures on the stack when executing the test.

One of the tests is testing an older interface for the sake of backward
compatibility. The new ECDH context is not backward compatible and this
test doesn't make any sense for it, therefore we skip this test in
non-legacy mode.
2018-12-06 12:22:46 +00:00
Jaeden Amero 5dfca1e1bd Update library version to 2.15.1 2018-12-01 18:44:29 +00:00
Janos Follath fc03e8dfa9 ECDH: Adapt tests for mbedtls_ecdh_setup()
The recently added `mbedtls_ecdh_setup()` function is not used in the
tests yet. This commit adapts the tests to the new workflow.

Having done that, the old lifecycle is not tested anymore, so we add a
new test to ensure backward compatibility.
2018-11-30 14:09:57 +00:00
Simon Butcher 51b8a2fa87 Merge remote-tracking branch 'restricted/pr/512' into development 2018-11-29 16:56:02 +00:00
Simon Butcher 658618b6b2 Merge remote-tracking branch 'restricted/pr/516' into development 2018-11-29 16:53:51 +00:00
Ron Eldor b9b3813649 Separate REGEX of MACRO to groups
Seperate the REGEX into identifier, condition and value, into groups,
to behandled differently.
2018-11-27 16:37:49 +02:00
Ron Eldor 111ba0e949 Fix parsing error of test data
Fix parsing error that contains special character.
The previous implementation replaced the `:` char with `\n`,
and split on `\n`. Test data containing strings with `\n`
were split as well. Fixes #2193.
The split function caused strings containing `\:` to add
another escape char, resulting in `\\:`. This caused the
tests with the `\:` in the string data to fail.
The fix doesn't replace with `\n`, but splits all `:` that
are not preceded with `\`. After that, removes the preceding `\` char.
2018-11-27 13:48:13 +02:00
Andres Amaya Garcia 687d6739b2 Fix resource leak of file desc in test code 2018-11-26 21:23:28 +00:00
Gilles Peskine d919993b76 CTR_DRBG: deprecate mbedtls_ctr_drbg_update because it ignores errors
Deprecate mbedtls_ctr_drbg_update (which returns void) in favor of a
new function mbedtls_ctr_drbg_update_ret which reports error.
2018-11-26 19:26:00 +01:00
Ron Eldor d5062dedeb Add conditional dependency to tests
Add a way to check compile time defionitions values, for determining
whether to skip tests.
2018-11-26 14:23:14 +02:00
Ron Eldor 6dbb9aabf8 Test AD too long only when CCM_ALT not defined
Since the AD too long is a limitation on Mbed TLS,
HW accelerators may support this. Run the test for AD too long,
only if `MBEDTLS_CCM_ALT` is not defined.
Addresses comment in #1996.
2018-11-25 10:31:53 +02:00
Simon Butcher 60ee838a8a Merge remote-tracking branch 'public/pr/2224' into development-psa-proposed 2018-11-23 21:18:32 +00:00
Gilles Peskine c117d5928c check-files: detect merge artifacts
Detect Git merge artifacts. These are lines starting with "<<<<<<",
"|||||||" or ">>>>>>>" followed by a space, or containing just
"=======". For "=======", exempt Markdown files, because this can be
used to underline a title, as a compromise between false negatives and
false positives.
2018-11-23 21:11:52 +01:00
Gilles Peskine 043980585c Factor record_issue into its own method 2018-11-23 21:11:30 +01:00
Jaeden Amero bb225f7914 Merge remote-tracking branch 'upstream-public/pr/2225' into development-psa-proposed 2018-11-23 17:37:04 +00:00
Jaeden Amero b1c48d3d83 psa: Include PSA headers for tests and programs
Programs and tests need to be able to use PSA header files when
USE_CRYPTO_SUBMODULE and MBEDTLS_USE_PSA_CRYPTO are set. Add the crypto
submodule include folder, which contains psa headers, after the main
include folder so that psa headers can be found and crypto submodule
headers don't take precedence over mbedtls headers.
2018-11-23 15:22:44 +00:00
Hanno Becker ee81756a51 Fix wrong cmake invocation in all.sh testing MBEDTLS_USE_PSA_CRYPTO
It should be `cmake -D VAR=1` instead of `cmake -D VAR`.
2018-11-23 15:08:32 +00:00
Simon Butcher ebeb6cb446 Update library version to 2.15.0 2018-11-23 14:18:15 +00:00
Hanno Becker 46b79c14ad Merge remote-tracking branch 'remote_jaeden/dev/patater/avoid-check-files-todo-dev' into development-psa-proposed 2018-11-23 13:40:44 +00:00
Jaeden Amero 80a23a5bc4 check-files: Don't check same-named files
The check-files script contains the strings "TODO" and "todo" in order to
search for files that contain TODO items. So, any check-files script would
need to be excluded from the list of files that gets checked for "TODO".
Normally, the script excludes itself from checks, but with the addition of
the crypto submodule, there is another copy of the script present from the
project root. We must avoid checking check-files scripts for TODO items.
This also helps if you run check-files from another working tree in your
working tree.
2018-11-23 13:14:38 +00:00
Hanno Becker 4ae8b497c0 Merge branch 'iotssl-2578-psa-sig-verification' into development-psa-proposed 2018-11-23 11:37:00 +00:00
Hanno Becker a0a96a0c56 Merge branch 'psa_cipher_integration' into development-psa-proposed 2018-11-23 11:26:57 +00:00
Hanno Becker f8b5f27bce Merge branch 'psa_cipher' into development-psa-proposed 2018-11-23 11:18:02 +00:00
Hanno Becker 485529952f Merge branch 'opaque_psk_implementation' into development-psa-proposed 2018-11-23 11:12:38 +00:00
Hanno Becker b345ae64f1 Merge branch 'iotssl-2596-opaque-csr-creation' into development-psa-proposed 2018-11-23 11:05:04 +00:00
Andrzej Kurek 967cfd18fd Remove trailing whitespace 2018-11-22 12:05:08 -05:00
Andrzej Kurek 4b11407258 Cosmetic changes
Adjust whitespaces, reduce test dependencies and reduce buffer size passed by 1.
2018-11-22 12:05:08 -05:00
Andrzej Kurek 5f7bad34bb Add CSR write testing using opaque keys
Parse and verify CSR programatically instead of using predetermined data,
to not tamper with randomness in tests.
2018-11-22 12:05:08 -05:00
Manuel Pégourié-Gonnard 2baae9ef71 Add tests for ECDSA verify with short r, s values
This is intended to test transcoding the signature to the format expected by
PSA (fixed-length encoding of r, s) when r and s have respectively:
- full length with initial null byte
- full length without initial null byte
- non-full length with initial null byte
- non-full length without initial null byte

The signatures were generated using:

programs/pkey/pk_sign tests/data_files/server5.key foo

where foo is an empty file, and with a variant of one of the following patches
applied:

diff --git a/library/ecdsa.c b/library/ecdsa.c
index abac015cebc6..e4a27b044516 100644
--- a/library/ecdsa.c
+++ b/library/ecdsa.c
@@ -305,7 +305,9 @@ static int ecdsa_sign_restartable( mbedtls_ecp_group *grp,
                 ret = MBEDTLS_ERR_ECP_RANDOM_FAILED;
                 goto cleanup;
             }
+            printf("\ngenerating r...\n");

+gen:
             MBEDTLS_MPI_CHK( mbedtls_ecp_gen_privkey( grp, pk, f_rng, p_rng ) );

 #if defined(MBEDTLS_ECP_RESTARTABLE)
@@ -317,6 +319,11 @@ mul:
             MBEDTLS_MPI_CHK( mbedtls_ecp_mul_restartable( grp, &R, pk, &grp->G,
                                                   f_rng, p_rng, ECDSA_RS_ECP ) );
             MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( pr, &R.X, &grp->N ) );
+
+            size_t bits = mbedtls_mpi_bitlen( pr );
+            printf("%zu ", bits);
+            if( bits != 255 )
+                goto gen;
         }
         while( mbedtls_mpi_cmp_int( pr, 0 ) == 0 );

or:

diff --git a/library/ecdsa.c b/library/ecdsa.c
index abac015cebc6..d704376e0c42 100644
--- a/library/ecdsa.c
+++ b/library/ecdsa.c
@@ -305,7 +305,9 @@ static int ecdsa_sign_restartable( mbedtls_ecp_group *grp,
                 ret = MBEDTLS_ERR_ECP_RANDOM_FAILED;
                 goto cleanup;
             }
+            printf("\ngenerating r...\n");

+gen:
             MBEDTLS_MPI_CHK( mbedtls_ecp_gen_privkey( grp, pk, f_rng, p_rng ) );

 #if defined(MBEDTLS_ECP_RESTARTABLE)
@@ -353,6 +355,11 @@ modn:
         MBEDTLS_MPI_CHK( mbedtls_mpi_inv_mod( s, pk, &grp->N ) );
         MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( s, s, &e ) );
         MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( s, s, &grp->N ) );
+
+            size_t bits = mbedtls_mpi_bitlen( s );
+            printf("%zu ", bits);
+            if( bits != 247 )
+                goto gen;
     }
     while( mbedtls_mpi_cmp_int( s, 0 ) == 0 );

with the value edited manually between each run to get the desired bit length.
2018-11-22 11:17:37 -05:00
Andrzej Kurek c05ec9f39c pk_wrap: test if a valid md_alg is passed to ecdsa_verify_wrap
Adjust tests to pass a valid algorithm
2018-11-22 11:17:37 -05:00
Manuel Pégourié-Gonnard cfdf8f4d8f Implement key_opaque option to ssl_client2 2018-11-22 14:35:11 +00:00
Hanno Becker e9420c2aff Rename PSA test in ssl-opt.sh 2018-11-22 14:05:54 +00:00
Hanno Becker a0dc9cf8ec Remove superfluous quotes in ssl-opt.sh 2018-11-22 14:05:54 +00:00
Hanno Becker 9b5853c846 Add runs for specific PSA-supported ciphersuites to ssl-opt.sh
So far, make sure we test the following ciphersuites
without any fallback to non-PSA ciphers:

TLS-ECDHE-ECDSA-WITH-AES-128-CCM
TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8
TLS-ECDHE-ECDSA-WITH-AES-256-CCM
TLS-ECDHE-ECDSA-WITH-AES-256-CCM-8
TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256
TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384
TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA
TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256
TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384
2018-11-22 14:05:54 +00:00
Hanno Becker 9d76d56d81 Omit tests from ssl-opt.sh which force a disabled ciphersuite 2018-11-22 14:05:54 +00:00
Hanno Becker b1b2c01df4 Add missing newline at the end of test_suite_cipher.gcm.data 2018-11-22 14:03:39 +00:00
Hanno Becker b0c05e242c Test PSA-based GCM cipher operations 2018-11-22 14:03:39 +00:00
Hanno Becker 5cec718191 Adapt existing Cipher-GCM test cases to new param for auth_crypt_tv 2018-11-22 14:03:39 +00:00
Hanno Becker a13272d6d2 Test PSA-based CCM cipher operations 2018-11-22 14:03:39 +00:00
Hanno Becker e43164e8f1 Add AES-*-CBC test vectors for PSA-based cipher contexts 2018-11-22 14:03:39 +00:00
Hanno Becker 6767cca100 Merge branch 'gcm_through_cipher_api_tests' into psa_cipher_ 2018-11-22 14:03:14 +00:00
Hanno Becker c0c882cd67 Add missing dependencies in test_suite_cipher.gcm 2018-11-22 13:41:53 +00:00
Hanno Becker ef42f22edd Add NIST AES GCM test vectors to single-step cipher API test suite
The test suites `test_suite_gcm.aes{128,192,256}_en.data` contains
numerous NIST test vectors for AES-*-GCM against which the GCM
API mbedtls_gcm_xxx() is tested.

However, one level higher at the cipher API, no tests exist which
exercise mbedtls_cipher_auth_{encrypt/decrypt}() for GCM ciphers,
although test_suite_cipher.function contains the test auth_crypt_tv
which does precisely that and is already used e.g. in
test_suite_cipher.ccm.

This commit replicates the test vectors from
test_suite_gcm.aes{128,192,256}_en.data in test_suite_cipher.gcm.data
and adds a run of auth_crypt_tv for each of them.

The conversion was mainly done through the sed command line

```
s/gcm_decrypt_and_verify:\([^:]*\):\([^:]*\):\([^:]*\):\([^:]*\):
\([^:]*\):\([^:]*\):\([^:]*\):\([^:]*\):\([^:]*\):\([^:]*\)/auth_crypt_tv:
\1:\2:\4:\5:\3:\7:\8:\9/
```
2018-11-22 13:41:07 +00:00
Manuel Pégourié-Gonnard 23a1ccd23f Fix test that wasn't actually effective
psa_destroy_key() returns success even if the slot is empty.
2018-11-22 12:21:20 +01:00
Manuel Pégourié-Gonnard fa9a1ca967 Improve description of a test 2018-11-22 09:59:34 +01:00
Manuel Pégourié-Gonnard 69baf70984 Align names to use "opaque" only everywhere
It's better for names in the API to describe the "what" (opaque keys) rather
than the "how" (using PSA), at least since we don't intend to have multiple
function doing the same "what" in different ways in the foreseeable future.
2018-11-22 09:59:34 +01:00
Manuel Pégourié-Gonnard 3686771dfa Implement pk_sign() for opaque ECDSA keys 2018-11-22 09:59:34 +01:00
Manuel Pégourié-Gonnard d97390e97d Add tests for unsupported operations/functions 2018-11-22 09:59:34 +01:00
Manuel Pégourié-Gonnard 920c063bad Implement can_do for opaque ECC keypairs
Unfortunately the can_do wrapper does not receive the key context as an
argument, so it cannot check psa_get_key_information(). Later we might want to
change our internal structures to fix this, but for now we'll just restrict
opaque PSA keys to be ECDSA keypairs, as this is the only thing we need for
now. It also simplifies testing a bit (no need to test each key type).
2018-11-22 09:59:34 +01:00
Manuel Pégourié-Gonnard 0184b3c69b Add support for get_(bit)len on opaque keys 2018-11-22 09:59:34 +01:00
Manuel Pégourié-Gonnard 01a12c49aa Add key generation to opaque test function
While at it, clarify who's responsible for destroying the underlying key. That
can't be us because some keys cannot be destroyed and we wouldn't know. So
let's leave that up to the caller.
2018-11-22 09:59:34 +01:00
Manuel Pégourié-Gonnard 7b5fe041f1 Implement alloc/free wrappers for pk_opaque_psa 2018-11-22 09:59:34 +01:00
Hanno Becker 1d911cd59d Automatically allocate opaque PSK key slots in ssl_{client/server}2
Previously, command line arguments `psk_slot` and `psk_list_slot`
could be used to indicate the PSA key slots that the example
applications should use to store the PSK(s) provided.

This commit changes this approach to use the utility function
`mbedtls_psa_get_free_key_slot()` to obtain free key slots from
the PSA Crypto implementation automatically, so that users only
need to pass boolean flags `psk_opaque` and `psk_list_opaque`
on the command line to enable / disable PSA-based opaque PSKs.
2018-11-21 21:12:58 +00:00
Hanno Becker 28c79dc3d0 Add tests to ssl-opt.sh exercising server-side opaque PSK 2018-11-21 21:12:58 +00:00
Hanno Becker f7027514fb Add tests to ssl-opt.sh exercising client-side opaque PSK 2018-11-21 21:12:58 +00:00
Hanno Becker 6e02197e24 Refer to PSA through MBEDTLS_USE_PSA_CRYPTO, not USE_PSA, in all.sh 2018-11-21 21:08:43 +00:00
Hanno Becker 1cfc5ddb11 Initialize PSA Crypto implementation at the start of each test suite 2018-11-21 21:08:43 +00:00
Manuel Pégourié-Gonnard 655c0a8d76 Add build using PSA to all.sh 2018-11-21 21:08:40 +00:00
Jaeden Amero acaabe796e crypto: Test without crypto as a submodule
Add a test to ensure that when the crypto submodule is not used, the crypto
library is not created and that libmbedcrypto.a does not contain symbols
from files contained within the crypto submodule.
2018-11-21 12:54:57 +00:00
Jaeden Amero ed93bdc8aa crypto: Test with crypto as a submodule
- Check that libmbedcrypto was not built at the top level.
- Check that we've built libmbedcrypto with the correct files. Build
  libmbedcrypto with debug symbols and verify that files used are from the
  crypto submodule.
- Check that config.h is handled properly. Enable a feature at the top
  level that the crypto library submodule has disabled in its config.h, and
  check that the library symboles indicate that the feature is present in
  libmbedcrypto.
- Ensure basic functionality of the resulting build with a run of
  `make test` and `ssl-opt.sh`.
2018-11-21 12:54:57 +00:00
Jaeden Amero 30b340a760 crypto: Add mbedtls-psa as a submodule
mbedtls-psa contains an implementation of libmbedcrypto, including the PSA
Crypto API.
2018-11-21 12:54:57 +00:00
Ron Eldor 8672cb7909 Set result to False on Failure
Add a member for holding a failed result,
and notify_complete with this member value, when finished.
2018-11-21 14:02:12 +02:00
Jaeden Amero 2d0e00fca8 all.sh: Cleanup CMakeFiles
all.sh's cleanup function would not entirely remove CMakeFiles due to a
missing -o in its fine command. Add a -o after prune, so that the find for
CMakeFiles can succeed.
2018-11-20 18:46:43 +00:00
Simon Butcher c1b9892177 Update library version number to 2.14.0 2018-11-19 18:31:40 +00:00
Manuel Pégourié-Gonnard f560a2d6fc Disable test that trigger bug in old GnuTLS
This is temporary until we fix the GnuTLS version available in our CI.
2018-11-19 13:24:23 +01:00
Ron Eldor 7a977881b4 Change buf size to a valid size
Change the size of `buf` to a valid hash size, in `ecdsa_prim_random()`
2018-11-19 13:51:00 +02:00
Simon Butcher cdd1a6c872 Merge remote-tracking branch 'restricted/pr/510' into development-restricted-proposed 2018-11-12 14:29:14 +00:00
Simon Butcher 53b45ec881 Merge remote-tracking branch 'public/pr/2079' into development-restricted-proposed 2018-11-07 12:58:44 +00:00
Simon Butcher 241823aab8 Merge remote-tracking branch 'public/pr/1641' into development-restricted-proposed 2018-11-07 12:55:47 +00:00
Simon Butcher 42ab4ae033 Merge remote-tracking branch 'public/pr/2167' into development-restricted-proposed 2018-11-07 12:54:45 +00:00
Ron Eldor c242eea732 Change data file suffix for ott
Change the suffix of the data files searched in `mbedtls_test.py`
to `datax` as the generated files have this suffix.
2018-11-05 16:22:36 +02:00
Manuel Pégourié-Gonnard 79bf327a95 Add ARIA and ChachaPoly to basic-build-test
The invocation of `compat.sh` that runs those tests was added in all.sh but
not here, resulting in our reported coverage figures being slightly lower than
what we actually test. Fixing that omission change the figures reported from:

Lines Tested       : 19105 of 22623 84.4%
Functions Tested   : 1392 of 1460 95.3%

to:

Lines Tested       : 19126 of 22623 84.5%
Functions Tested   : 1399 of 1460 95.8%

It requires `$OPENSSL_NEXT` to be set and point to an OpenSSL version in the
1.1.1 line or later.
2018-11-05 14:27:09 +01:00
Hanno Becker a8b13d79bf Add tests for relaxed CRL-CA name comparison
This commit introduces variants test-ca_utf8.crt,
test-ca_printablestring.crt and test-ca_uppercase.crt
of tests/data_files/test-ca.crt which differ from
test-ca.crt in their choice of string encoding and
upper and lower case letters in the DN field. These
changes should be immaterial to the recovation check,
and three tests are added that crl.pem, which applies
to test-ca.crt, is also considered as applying to
test-ca_*.crt.

The test files were generated using PR #1641 which
- adds a build instruction for test-ca.crt to
  tests/data_files/Makefile which allows easy
  change of the subject DN.
- changes the default string format from `PrintableString`
  to `UTF8String`.

Specifically:
- `test-ca_utf8.crt` was generated by running
      `rm test-ca.crt && make test-ca.crt`
   on PR #1641.
- `test-ca_uppercase.crt`, too, was generated by running
      `rm test-ca.crt && make test-ca.crt`
   on PR #1641, after modifying the subject DN line in the build
   instruction for `test-ca.crt` in `tests/data_files/Makefile`.
-  `test-ca_printable.crt` is a copy of `test-ca.crt`
   because at the time of this commit, `PrintableString` is
   still the default string format.
2018-11-05 11:47:49 +00:00
Simon Butcher 06f88e9c42 Merge remote-tracking branch 'public/pr/2007' into development-proposed 2018-11-04 19:12:57 +00:00
Jaeden Amero 8396a71449 test: Enable multiple levels of verbosity
Enable passing a number to "-v" in order to set the level of verbosity.
Print detailed test failure information at verbosity level 1 or higher.
Display summary messages at the verbosity level 2 or higher. Print
detailed test information at verbosity level 3 or higher, whether the
test failed or not. This enables a more readable output style that
includes detailed failure information when a failure occurs.
2018-11-02 13:25:16 +00:00
Jaeden Amero f4b521dd10 test: Use GetOpt::Long for argument parsing
Simplify argument parsing by using a core perl library for parsing
arguments.
2018-11-02 13:25:16 +00:00
Jaeden Amero 79e4f4e933 test: Print verbosely on failures in verbose mode
Update the test runner to print detail about why the test failed when it
fails, if the runner is running in verbose mode.
2018-11-02 13:25:16 +00:00
Hanno Becker 710f203541 Merge branch 'iotssl-1770' into development_thomas_dee 2018-11-02 10:52:49 +00:00
Hanno Becker 6e1adee42b Regenerate test files
Previous commits have added or modified build instructions for
server1*, server2*, server5*, test-ca*, cli-rsa* in the Makefile
tests/data_files/Makefile, or the apps they invoke have been changed.

This commit regenerates those files to make sure they are in match with
the build instructions.
2018-11-02 10:52:38 +00:00
Hanno Becker 381c77c0c4 Change serial in test-ca.crt from 0 to 3 to circumvent ASN.1 bug
As of 2.13.1, mbedtls_asn1_write_mpi() doesn't write 0 correctly. #2166.
2018-11-02 10:52:35 +00:00
Hanno Becker 52acdb5926 Add tests for relaxed CRL-CA name comparison
This commit introduces variants test-ca_utf8.crt,
test-ca_printablestring.crt and test-ca_uppercase.crt
of tests/data_files/test-ca.crt which differ from
test-ca.crt in their choice of string encoding and
upper and lower case letters in the DN field. These
changes should be immaterial to the recovation check,
and three tests are added that crl.pem, which applies
to test-ca.crt, is also considered as applying to
test-ca_*.crt.
2018-11-02 10:49:05 +00:00
Hanno Becker b963081df1 Generate tests/data_files/test-ca_cat[12|21].crt from Makefile 2018-11-02 09:01:52 +00:00
Hanno Becker 386f99c65c Generate cli-rsa* CSRs and CRTs through Mbed TLS applications 2018-11-02 09:01:52 +00:00
Hanno Becker 0dd11396d4 Generate server5.req.ku.sha1 through Mbed TLS application 2018-11-02 09:01:52 +00:00
Hanno Becker ebc1f40aa0 Generate server2* CSRs and CRTs through Mbed TLS applications 2018-11-02 09:01:52 +00:00
Hanno Becker b83777532a Generate test-ca* CSRs and CRTs through Mbed TLS applications 2018-11-02 09:01:52 +00:00
Hanno Becker 50cb93a04c Generate server1* CRTs and CSRs through Mbed TLS applications
Previously, CSRs and CRTs from the server1* family in testa/data_files
were generated through OpenSSL. This commit changes the build instructions
to use Mbed TLS' example applications programs/x509/cert_write and
programs/x509/cert_req instead.
2018-11-02 09:01:49 +00:00
Simon Butcher 7904f94550 Merge remote-tracking branch 'public/pr/1099' into development-proposed 2018-10-28 18:10:37 +00:00
Simon Butcher 02ef525a7b Merge remote-tracking branch 'public/pr/2107' into development-proposed 2018-10-28 16:16:58 +00:00
Simon Butcher a07d86e8af Merge remote-tracking branch 'public/pr/1902' into development 2018-10-27 18:36:55 +01:00
Simon Butcher 3869384ddb Merge remote-tracking branch 'public/pr/2031' into development 2018-10-27 18:34:18 +01:00
Simon Butcher 78dd2e55bf Merge remote-tracking branch 'public/pr/1806' into development 2018-10-27 17:59:17 +01:00
Simon Butcher e783f4a767 Merge remote-tracking branch 'public/pr/1609' into development 2018-10-27 17:35:25 +01:00
Simon Butcher 76cf60beb3 Remove merge conflict marker in ssl-opt.sh
Commit 6346a75dfb introduced a merge conflict marker into ssl-opt.sh
by accident. This commit removes it.
2018-10-25 21:51:32 +01:00
Simon Butcher 169712e15a Merge remote-tracking branch 'restricted/pr/390' into development 2018-10-24 18:34:30 +01:00
Simon Butcher c774e32939 Merge remote-tracking branch 'restricted/pr/517' into development 2018-10-22 14:23:29 +01:00
Simon Butcher 837f821bc2 Merge remote-tracking branch 'public/pr/1990' into development 2018-10-22 14:22:56 +01:00
Manuel Pégourié-Gonnard bcedb92e7b Merge branch 'development' into iotssl-1260-non-blocking-ecc-restricted
* development:
  Add Jenkinsfile for PR job
2018-10-22 09:52:46 +02:00
Darryl Green b51e267bee Add Jenkinsfile for PR job 2018-10-19 15:25:10 +01:00
Hanno Becker 198611db32 Add missing return value check in ECDSA test suite
The test case `ecdsa_det_test_vectors` from the ECDSA test suite
called `mbedtls_md()` without checking its return value.
2018-10-17 13:58:19 +01:00
Hanno Becker 0fbbc64fee Add dependency of mbedtls_asn1_write_len() test on ASN.1 parsing 2018-10-16 13:48:23 +01:00
Hanno Becker 19d858e8e6 Add dependency of pkwrite test suite on pkparse module 2018-10-16 13:46:25 +01:00
Gilles Peskine 96f3b4ee42 Remove yotta support from check-files.py
Complements "Remove Yotta support from the docs, tests and build scripts".
2018-10-16 14:10:21 +02:00
Manuel Pégourié-Gonnard 7a28e99fa0 Expand test to ensure no assumption on output
The functions don't require the caller to preserve the content of the output
parameter - let's ensure that they don't assume that.
2018-10-16 11:22:45 +02:00
Manuel Pégourié-Gonnard 6346a75dfb Merge branch 'development' into iotssl-1260-non-blocking-ecc-restricted
* development:
  ssl-opt.sh: change expected output for large srv packet test with SSLv3
  Adapt ChangeLog
  Fix bug in SSL ticket implementation removing keys of age < 1s
  ssl-opt.sh: Add DTLS session resumption tests
  Add ChangeLog entry
  Fix typo
  Fix hmac_drbg failure in benchmark, with threading
  Remove trailing whitespace
  Remove trailing whitespace
  ssl_server2: add buffer overhead for a termination character
  Add missing large and small packet tests for ssl_server2
  Added buffer_size and response_size options for ssl-server2. Added appropriate tests.

Solving a conflict in tests/ssl-opt.sh: two set of tests were added at the
same place (just after large packets):
- restartable ECC tests (in this branch)
- server-side large packets (in development)

Resolution was to move the ECC tests after the newly added server large packet
ones.
2018-10-15 11:26:17 +02:00
Andrzej Kurek 9580528248 ssl-opt.sh: fix typo in mtu settings 2018-10-11 08:55:37 -04:00
Andrzej Kurek b459346f67 ssl-opt.sh: add a check for i686 targets
Run DTLS fragmenting tests on non-i686 targets only.
Remove reduntant gnutls requirements.
2018-10-11 08:43:30 -04:00
Andrzej Kurek 7782605491 ssl-opt.sh: add comments regarding ciphersuite forcing 2018-10-11 07:34:08 -04:00
Andrzej Kurek 7c6df832ed ssl-opt.sh: revert unnecessary "autoreduction" checks
return to the initial check for "resend"
2018-10-11 07:06:12 -04:00
Andrzej Kurek 7311c78074 ssl-opt.sh: force ciphersuites to reduce mtu size 2018-10-11 06:49:41 -04:00
Hanno Becker e5fecec7bf Add test for MBEDTLS_PLATFORM_{CALLOC/FREE}_MACRO to all.sh
This commit adds a test to tests/scripts/all.sh exercising an
ASan build of the default configuration with

MBEDTLS_PLATFORM_MEMORY enabled,
MBEDTLS_PLATFORM_CALLOC_MACRO set to std calloc
MBEDTLS_PLATFORM_FREE_MACRO   set to std free

(This should functionally be indistinguishable from a default build)
2018-10-11 11:04:20 +01:00
Darryl Green ac2ead0e68 Improve deterministic test for prime testing
Extend the mbedtls_mpi_is_prime_det test to check that it reports
the number as prime when testing rounds-1 rounds, then reports the
number as composite when testing the full number of rounds.
2018-10-09 16:36:53 +01:00
Janos Follath a0b67c2f3e Bignum: Deprecate mbedtls_mpi_is_prime()
When using a primality testing function the tolerable error rate depends
on the scheme in question, the required security strength and wether it
is used for key generation or parameter validation. To support all use
cases we need more flexibility than what the old API provides.
2018-10-09 16:36:53 +01:00
Janos Follath 64eca05ec2 Bignum: Add tests for primality testing
Primality tests have to deal with different distribution when generating
primes and when validating primes.
These new tests are testing if mbedtls_mpi_is_prime() is working
properly in the latter setting.

The new tests involve pseudoprimes with maximum number of
non-witnesses. The non-witnesses were generated by printing them
from mpi_miller_rabin(). The pseudoprimes were generated by the
following function:

void gen_monier( mbedtls_mpi* res, int nbits )
{
    mbedtls_mpi p_2x_plus_1, p_4x_plus_1, x, tmp;

    mbedtls_mpi_init( &p_2x_plus_1 );
    mbedtls_mpi_init( &p_4x_plus_1 );
    mbedtls_mpi_init( &x ); mbedtls_mpi_init( &tmp );

    do
    {
        mbedtls_mpi_gen_prime( &p_2x_plus_1, nbits >> 1, 0,
                               rnd_std_rand, NULL );
        mbedtls_mpi_sub_int( &x, &p_2x_plus_1, 1 );
        mbedtls_mpi_div_int( &x, &tmp, &x, 2 );

        if( mbedtls_mpi_get_bit( &x, 0 ) == 0 )
            continue;

        mbedtls_mpi_mul_int( &p_4x_plus_1, &x, 4 );
        mbedtls_mpi_add_int( &p_4x_plus_1, &p_4x_plus_1, 1 );

        if( mbedtls_mpi_is_prime( &p_4x_plus_1, rnd_std_rand,
                                  NULL ) == 0 )
            break;

    } while( 1 );

    mbedtls_mpi_mul_mpi( res, &p_2x_plus_1, &p_4x_plus_1 );
}
2018-10-09 16:36:53 +01:00
Janos Follath a3cb7eb8ad Bignum: Add test for improved prime generation 2018-10-09 16:33:27 +01:00
Andrzej Kurek 35f2f300ca ssl-opt.sh: change expected pattern from 'resend' to 'autoreduction' 2018-10-09 08:52:14 -04:00
Andrzej Kurek 0fc9cf40cf ssl-opt.sh: increase proxy mtu sizes to contain entire datagrams 2018-10-09 03:09:41 -04:00
Gilles Peskine 695a34654a Add tests for PKCS#1 v1.5 decoding
Functional tests for various payload sizes and output buffer sizes.

When the padding is bad or the plaintext is too large for the output
buffer, verify that function writes some outputs. This doesn't
validate that the implementation is time-constant, but it at least
validates that it doesn't just return early without outputting anything.
2018-10-08 11:13:21 +02:00
Simon Butcher 03de21059d Add additional test case for alternative CSR headers
Add a test case for alternative headers possible for CSR's, as defined in
RFC7468.
2018-10-06 17:19:31 +01:00
Andrzej Kurek 948fe80f42 ssl-opt.sh: adjust test timeouts to fit slower targets 2018-10-06 05:07:47 -04:00