Commit graph

18344 commits

Author SHA1 Message Date
Przemyslaw Stekiel
8d468e4ee8 Remove key generation when given argument is invalid from NotSupported class
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2021-10-20 10:04:55 +02:00
Przemyslaw Stekiel
1b0978b803 Add test class for key generation
Genertae test_suite_psa_crypto_generate_key.generated.data.
Use test_suite_psa_crypto_generate_key.function as a test function.

Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2021-10-20 09:05:33 +02:00
Gilles Peskine
89615eefe7 Show values when TEST_EQUAL fails
When TEST_EQUAL fails, show the two numerical values in the test log (only
with host_test). The values are printed in hexa and signed decimal.

The arguments of TEST_EQUAL must now be integers, not pointers or floats.
The current implementation requires them to fit in unsigned long long
Signed values no larger than long long will work too. The implementation
uses unsigned long long rather than uintmax_t to reduce portability
concerns. The snprintf function must support "%llx" and "%lld".

For this purpose, add room for two lines of text to the mbedtls_test_info
structure. This adds 154 bytes of global data.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-10-19 22:32:44 +02:00
Gilles Peskine
9202ba37b1
Merge pull request #4960 from mpg/cleanup-tls-cipher-psa-3.x
Clean up some remnants of TLS pre-1.2 support
2021-10-19 21:59:15 +02:00
Gilles Peskine
e7fc7ef38b Always set a build type for cmake when building for testing
Set the build type to Release (-O2) when running CPU-intensive tests (ssl-opt,
or unit tests with debug features). A build type of Check (-Os) would be best
when the main objective of the build is to check for build errors or warnings
and there aren't many tests to run; in this commit there are no such test
cases to change. Only use cmake with no build type (which results in not
passing a -O option, and thus missing some GCC warnings) when exercising cmake
features.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-10-19 21:33:32 +02:00
Paul Elliott
58ed8a7594 Remove use of -p with lsof
On machines with more modern kernels (>5.4 from testing so far) the
useage of -b seems to conflict with the usage of -p. Whilst the usage of
-b seems like a good idea to avoid blocks as we are tight looping on it,
the usage of -p seems to require the usage of stat() (specifically in
/proc) which -b forbids. All you get is a load of warnings
(suppressable by -w) but never a positive result, which means that all
servers are reported as "Failed to start". We are not keen on losing
-b, so instead parse the output of lsof (using -F to format it) to
check the if PIDs that it outputs match that we are looking for.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-10-19 18:23:47 +01:00
Gilles Peskine
f11d30ecda Retry if a test case fails because of an unexpected resend
Palliative for https://github.com/ARMmbed/mbedtls/issues/3377. If a test
case fails due to an unexpected resend, allow retrying, like in the case of
a client timeout.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-10-19 18:00:10 +02:00
Gilles Peskine
0e3534c67b Move retry logic into check_test_failure
This will allow having other retry conditions, in particular based on
run_test options.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-10-19 17:23:25 +02:00
Gilles Peskine
196d73bc1b Move the core loop of run_test into an auxiliary function
No behavior change.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-10-19 16:45:29 +02:00
Gilles Peskine
236bf98cfd Move some code of run_test into auxiliary functions
No behavior change.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-10-19 16:45:29 +02:00
Gabor Mezei
765862c4f3
Move mbedtls_cf_memcmp to a new public header
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2021-10-19 12:22:25 +02:00
Gabor Mezei
291df7bbab
Add macro guard for header file
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2021-10-19 11:27:17 +02:00
Gabor Mezei
e212379810
Bind functions' availability for config options
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2021-10-18 19:38:02 +02:00
Gilles Peskine
6210320215
Merge pull request #4989 from AndrzejKurek/remove-ssl-export-keys
Remove MBEDTLS_SSL_EXPORT_KEYS, making it always on
2021-10-18 17:53:56 +02:00
Gilles Peskine
e7997c494b
Merge pull request #5085 from daverodgman/fix_naming
Fix naming examples in TLS 1.3 style guide
2021-10-18 17:52:07 +02:00
Gilles Peskine
bf21c07923
Merge pull request #5072 from mprse/issue_5065
Use switch statement instead if-else in psa_aead_check_nonce_length() and psa_aead_set_lengths(). Fixes #5065
2021-10-18 17:51:50 +02:00
Gabor Mezei
949455892f
Remove unused function
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2021-10-18 17:02:29 +02:00
Gabor Mezei
a2d0f90c5a
Make functions static
These functions are only used as an auxiliary function for constant-time functions.

Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2021-10-18 16:56:50 +02:00
Gabor Mezei
a316fc8eb0
Update documentation and comments
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2021-10-18 16:39:13 +02:00
Gabor Mezei
63bbba5c13
Rename and reorder function parameters
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2021-10-18 16:39:13 +02:00
Gabor Mezei
7013f62ee5
Use condition for not sensitive data
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2021-10-18 16:39:13 +02:00
Gabor Mezei
eab90bcc36
Move implementation specific comment
This comment is about how the functions are implemented, not about their
public interface, so it doesn't belong in the header file.
It applies to everything in constant_time.c so moved there.

Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2021-10-18 16:39:13 +02:00
Gabor Mezei
1e64261da5
Make mbedtls_cf_size_mask_lt function static
The mbedtls_cf_size_mask_lt is solely used as an auxiliary function
for mbedtls_cf_size_mask_ge.

Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2021-10-18 16:39:13 +02:00
Dave Rodgman
c8aaac89d0 Fix naming examples in TLS 1.3 style guide
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2021-10-18 13:00:51 +01:00
Gilles Peskine
7637ab0d8b
Merge pull request #5037 from mprse/issue_4551
Fix psa_generate_key(): return PSA_ERROR_INVALID_ARGUMENT for public key
2021-10-18 10:39:21 +02:00
Gilles Peskine
0d4640ad90
Merge pull request #4984 from gilles-peskine-arm/check-names-files
check_names.py: more robust handling of excluded files
2021-10-15 13:33:50 +02:00
Przemyslaw Stekiel
316c4fa3ce Address review comments
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2021-10-15 08:04:53 +02:00
Gilles Peskine
2bb5e9c973
Merge pull request #4760 from gilles-peskine-arm/ecb-alt-ret-3.0
Catch failures of mbedtls_aes_crypt_ecb and its DES equivalents
2021-10-14 12:11:20 +02:00
Przemyslaw Stekiel
ed61c5e8b0 Add change-log file (issue #5065)
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2021-10-14 09:14:09 +02:00
Gilles Peskine
1c66bf8061
Merge pull request #5070 from mpg/fix-resumption-openssl-client-tests
Use newer OpenSSL for tests failing with the old
2021-10-13 21:05:15 +02:00
Paul Elliott
0421715ade Use 127.0.0.1 rather than localhost
This was causing some tests using the openssl s_client to not connect -
I suspect this was due to localhost (at least on my machine) resolving
to ::1 rather than 127.0.0.1. Note that the error seen would have been
that the session file specified with -sess_out did not get created.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-10-13 16:14:47 +01:00
Paul Elliott
1428f252ad Fix incorrect check for DTLS
Missing wildcards meant that some servers were not identified as DTLS,
which lead to port checking on TCP rather than UDP, and thus mistakenly
cancelling tests as the server had not come up.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-10-13 16:14:40 +01:00
Paul Elliott
09cfa18976 Spelling fix
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-10-13 16:13:44 +01:00
Przemyslaw Stekiel
4cad4fc8a9 psa_crypto.c: use switch instead if-else in psa_aead_check_nonce_length and psa_aead_set_lengths (fixes #5065)
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2021-10-13 14:04:36 +02:00
Przemyslaw Stekiel
1ecfdea002 all.sh: add full - MBEDTLS_CHACHAPOLY_C without PSA_WANT_ALG_GCM and PSA_WANT_ALG_CHACHA20_POLY1305
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2021-10-13 13:27:34 +02:00
Manuel Pégourié-Gonnard
d60950c2d0 Use newer OpenSSL for tests failing with the old
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2021-10-13 13:12:47 +02:00
openluopworld
151ccb2977 update changelog for #4884
Signed-off-by: openluopworld <wuhanluop@163.com>
2021-10-13 00:23:30 +08:00
openluopworld
506752299b add changelog file for #4950
Signed-off-by: openluopworld <wuhanluop@163.com>
2021-10-12 18:38:50 +08:00
openluopworld
78521966b0 changelog for #4950
Signed-off-by: openluopworld <wuhanluop@163.com>
2021-10-12 18:21:25 +08:00
Ronald Cron
e3e16d5d67
Merge pull request #4982 from yuhaoth/pr/add-read-ptr-and-handshake-kex-modes
TLS1.3:add read ptr and handshake kex modes
CI merge job: only "Session resume using tickets, DTLS: openssl client" failed in one component thus CI can be considered as passed.
2021-10-11 19:23:12 +02:00
Przemyslaw Stekiel
77804132ba Use PSA_HASH_LENGTH instead hardcoded integer values 2021-10-11 16:38:17 +02:00
Ronald Cron
e23bba04ee
Merge pull request #4927 from yuhaoth/pr/add-tls13-serverhello-utils
TLS 1.3: ServerHello: add  utils functions used by ServerHello
Regarding the merge job, there was only one of the failure we currently encounter on almost all PR (Session resume using tickets, DTLS: openssl client test case see #5012) thus we can consider that this PR passed CI.
2021-10-11 11:01:11 +02:00
Przemyslaw Stekiel
b576c7b779 Address review comments
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2021-10-11 10:43:17 +02:00
Jerry Yu
e4eefc716a Improve document for chk_buf_read_ptr
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-10-09 10:40:40 +08:00
Gilles Peskine
f6892dec2a Readability improvements
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-10-08 16:28:32 +02:00
Jerry Yu
fd320e9a6e Replace zeroize with memset
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-10-08 21:52:41 +08:00
Gilles Peskine
09c46da27e Implement PSA_WANT_KEY_TYPE_ARIA
Follow what has been done for CAMELLIA.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-10-08 15:48:16 +02:00
Przemyslaw Stekiel
25f7063533 enerate_psa_tests.py fix format
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2021-10-08 15:28:45 +02:00
Jerry Yu
88b756bacb move tls1_3 max md size
It should be internal definition

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-10-08 18:41:38 +08:00
Przemyslaw Stekiel
d9d630cdf3 Addapt psa_generate_key() tests
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2021-10-08 12:26:21 +02:00