Commit graph

148 commits

Author SHA1 Message Date
Andrzej Kurek
c470b6b021 Merge development commit 8e76332 into development-psa
Additional changes to temporarily enable running tests:
ssl_srv.c and test_suite_ecdh use mbedtls_ecp_group_load instead of
mbedtls_ecdh_setup
test_suite_ctr_drbg uses mbedtls_ctr_drbg_update instead of 
mbedtls_ctr_drbg_update_ret
2019-01-31 08:20:20 -05:00
Hanno Becker
710f203541 Merge branch 'iotssl-1770' into development_thomas_dee 2018-11-02 10:52:49 +00:00
Hanno Becker
6e1adee42b Regenerate test files
Previous commits have added or modified build instructions for
server1*, server2*, server5*, test-ca*, cli-rsa* in the Makefile
tests/data_files/Makefile, or the apps they invoke have been changed.

This commit regenerates those files to make sure they are in match with
the build instructions.
2018-11-02 10:52:38 +00:00
Hanno Becker
52acdb5926 Add tests for relaxed CRL-CA name comparison
This commit introduces variants test-ca_utf8.crt,
test-ca_printablestring.crt and test-ca_uppercase.crt
of tests/data_files/test-ca.crt which differ from
test-ca.crt in their choice of string encoding and
upper and lower case letters in the DN field. These
changes should be immaterial to the recovation check,
and three tests are added that crl.pem, which applies
to test-ca.crt, is also considered as applying to
test-ca_*.crt.
2018-11-02 10:49:05 +00:00
Hanno Becker
b963081df1 Generate tests/data_files/test-ca_cat[12|21].crt from Makefile 2018-11-02 09:01:52 +00:00
Hanno Becker
386f99c65c Generate cli-rsa* CSRs and CRTs through Mbed TLS applications 2018-11-02 09:01:52 +00:00
Hanno Becker
0dd11396d4 Generate server5.req.ku.sha1 through Mbed TLS application 2018-11-02 09:01:52 +00:00
Hanno Becker
ebc1f40aa0 Generate server2* CSRs and CRTs through Mbed TLS applications 2018-11-02 09:01:52 +00:00
Hanno Becker
b83777532a Generate test-ca* CSRs and CRTs through Mbed TLS applications 2018-11-02 09:01:52 +00:00
Hanno Becker
50cb93a04c Generate server1* CRTs and CSRs through Mbed TLS applications
Previously, CSRs and CRTs from the server1* family in testa/data_files
were generated through OpenSSL. This commit changes the build instructions
to use Mbed TLS' example applications programs/x509/cert_write and
programs/x509/cert_req instead.
2018-11-02 09:01:49 +00:00
Manuel Pégourié-Gonnard
da19f4c79f Merge branch 'development' into iotssl-1260-non-blocking-ecc-restricted
Summary of merge conflicts:

include/mbedtls/ecdh.h -> documentation style
include/mbedtls/ecdsa.h -> documentation style
include/mbedtls/ecp.h -> alt style, new error codes, documentation style
include/mbedtls/error.h -> new error codes
library/error.c -> new error codes (generated anyway)
library/ecp.c:
    - code of an extracted function was changed
library/ssl_cli.c:
    - code addition on one side near code change on the other side
      (ciphersuite validation)
library/x509_crt.c -> various things
    - top fo file: helper structure added near old zeroize removed
    - documentation of find_parent_in()'s signature: improved on one side,
      added arguments on the other side
    - documentation of find_parent()'s signature: same as above
    - verify_chain(): variables initialised later to give compiler an
      opportunity to warn us if not initialised on a code path
    - find_parent(): funcion structure completely changed, for some reason git
      tried to insert a paragraph of the old structure...
    - merge_flags_with_cb(): data structure changed, one line was fixed with a
      cast to keep MSVC happy, this cast is already in the new version
    - in verify_restratable(): adjacent independent changes (function
      signature on one line, variable type on the next)
programs/ssl/ssl_client2.c:
    - testing for IN_PROGRESS return code near idle() (event-driven):
      don't wait for data in the the socket if ECP_IN_PROGRESS
tests/data_files/Makefile: adjacent independent additions
tests/suites/test_suite_ecdsa.data: adjacent independent additions
tests/suites/test_suite_x509parse.data: adjacent independent additions

* development: (1059 commits)
  Change symlink to hardlink to avoid permission issues
  Fix out-of-tree testing symlinks on Windows
  Updated version number to 2.10.0 for release
  Add a disabled CMAC define in the no-entropy configuration
  Adapt the ARIA test cases for new ECB function
  Fix file permissions for ssl.h
  Add ChangeLog entry for PR#1651
  Fix MicroBlaze register typo.
  Fix typo in doc and copy missing warning
  Fix edit mistake in cipher_wrap.c
  Update CTR doc for the 64-bit block cipher
  Update CTR doc for other 128-bit block ciphers
  Slightly tune ARIA CTR documentation
  Remove double declaration of mbedtls_ssl_list_ciphersuites
  Update CTR documentation
  Use zeroize function from new platform_util
  Move to new header style for ALT implementations
  Add ifdef for selftest in header file
  Fix typo in comments
  Use more appropriate type for local variable
  ...
2018-06-13 09:52:54 +02:00
Jaeden Amero
78a03ec230 Merge remote-tracking branch 'upstream-public/pr/1379' into development-proposed 2018-03-29 10:57:57 +01:00
Gilles Peskine
15ad579895 Merge tag 'mbedtls-2.8.0' into iotssl-1381-x509-verify-refactor-restricted
Conflict resolution:

* ChangeLog
* tests/data_files/Makefile: concurrent additions, order irrelevant
* tests/data_files/test-ca.opensslconf: concurrent additions, order irrelevant
* tests/scripts/all.sh: one comment change conflicted with a code
  addition. In addition some of the additions in the
  iotssl-1381-x509-verify-refactor-restricted branch need support for
  keep-going mode, this will be added in a subsequent commit.
2018-03-23 02:16:22 +01:00
Jethro Beekman
d2df936e67 Fix parsing of PKCS#8 encoded Elliptic Curve keys.
The relevant ASN.1 definitions for a PKCS#8 encoded Elliptic Curve key are:

PrivateKeyInfo ::= SEQUENCE {
  version                   Version,
  privateKeyAlgorithm       PrivateKeyAlgorithmIdentifier,
  privateKey                PrivateKey,
  attributes           [0]  IMPLICIT Attributes OPTIONAL
}

AlgorithmIdentifier  ::=  SEQUENCE  {
  algorithm   OBJECT IDENTIFIER,
  parameters  ANY DEFINED BY algorithm OPTIONAL
}

ECParameters ::= CHOICE {
  namedCurve         OBJECT IDENTIFIER
  -- implicitCurve   NULL
  -- specifiedCurve  SpecifiedECDomain
}

ECPrivateKey ::= SEQUENCE {
  version        INTEGER { ecPrivkeyVer1(1) } (ecPrivkeyVer1),
  privateKey     OCTET STRING,
  parameters [0] ECParameters {{ NamedCurve }} OPTIONAL,
  publicKey  [1] BIT STRING OPTIONAL
}

Because of the two optional fields, there are 4 possible variants that need to
be parsed: no optional fields, only parameters, only public key, and both
optional fields. Previously mbedTLS was unable to parse keys with "only
parameters". Also, only "only public key" was tested. There was a test for "no
optional fields", but it was labelled incorrectly as SEC.1 and not run because
of a great renaming mixup.
2018-03-22 18:01:18 -07:00
Manuel Pégourié-Gonnard
47a98d4e2c fixup previous commit: add forgotten file 2018-03-14 14:08:57 +01:00
Manuel Pégourié-Gonnard
a63305d134 x509: CRL: add tests for non-critical extension
The 'critical' boolean can be set to false in two ways:
- by leaving it implicit (test data generated by openssl)
- by explicitly setting it to false (generated by hand)
2018-03-14 12:44:54 +01:00
Manuel Pégourié-Gonnard
fd3e4fbae7 x509: CRL: reject unsupported critical extensions 2018-03-14 09:15:02 +01:00
Manuel Pégourié-Gonnard
05e464dff7 Merge branch 'development' into iotssl-1381-x509-verify-refactor-restricted
* development: (557 commits)
  Add attribution for #1351 report
  Adapt version_features.c
  Note incompatibility of truncated HMAC extension in ChangeLog
  Add LinkLibraryDependencies to VS2010 app template
  Add ChangeLog entry for PR #1382
  MD: Make deprecated functions not inline
  Add ChangeLog entry for PR #1384
  Have Visual Studio handle linking to mbedTLS.lib internally
  Mention in ChangeLog that this fixes #1351
  Add issue number to ChangeLog
  Note in the changelog that this fixes an interoperability issue.
  Style fix in ChangeLog
  Add ChangeLog entries for PR #1168 and #1362
  Add ChangeLog entry for PR #1165
  ctr_drbg: Typo fix in the file description comment.
  dhm: Fix typo in RFC 5114 constants
  tests_suite_pkparse: new PKCS8-v2 keys with PRF != SHA1
  data_files/pkcs8-v2: add keys generated with PRF != SHA1
  tests/pkcs5/pbkdf2_hmac: extend array to accommodate longer results
  tests/pkcs5/pbkdf2_hmac: add unit tests for additional SHA algorithms
  ...
2018-03-05 11:55:38 +01:00
Gilles Peskine
e6844ccf2b Merge branch 'pr_1135' into development-proposed 2018-02-14 17:20:42 +01:00
Antonio Quartulli
f476b9d98c
data_files/pkcs8-v2: add keys generated with PRF != SHA1
We now have support for the entire SHA family to be used as
PRF in PKCS#5 v2.0, therefore we need to add new keys to test
these new functionalities.

This patch adds the new keys in `tests/data_files` and
commands to generate them in `tests/data_files/Makefile`.

Note that the pkcs8 command in OpenSSL 1.0 called with
the -v2 argument generates keys using PKCS#5 v2.0 with SHA1
as PRF by default.

(This behaviour has changed in OpenSSL 1.1, where the exact same
command instead uses PKCS#5 v2.0 with SHA256)

The new keys are generated by specifying different PRFs with
-v2prf.

Signed-off-by: Antonio Quartulli <antonio@openvpn.net>
2018-02-08 17:18:19 +08:00
Gilles Peskine
7fb29b17c7 Merge branch 'development' into development-restricted 2017-11-28 18:46:09 +01:00
Gilles Peskine
ea8d697fa2 Merge remote-tracking branch 'upstream-public/pr/1089' into development
Resolve trivial conflict due to additions in the same place in
tests/data_files/Makefile; minor comment/whitespace presentation
improvements.
2017-11-28 17:32:32 +01:00
Gilles Peskine
2507267cd4 Merge branch 'development' into development-restricted 2017-11-24 16:05:49 +01:00
Gilles Peskine
e7707228b4 Merge remote-tracking branch 'upstream-public/pr/1062' into development 2017-11-24 15:35:50 +01:00
Gilles Peskine
28a0c72795 RSA: Fix buffer overflow in PSS signature verification
Fix buffer overflow in RSA-PSS signature verification when the hash is
too large for the key size. Found by Seth Terashima, Qualcomm.

Added a non-regression test and a positive test with the smallest
permitted key size for a SHA-512 hash.
2017-10-17 19:01:38 +02:00
Ron Eldor
3f2da84bca Resolve PR review comments
1) Fix style comments
2) Fix typo in Makefile
3) Remove the `MBEDTLS_MD5_C` dependency from test data file,
as the used keys are not encrypted
2017-10-17 15:53:32 +03:00
Ron Eldor
b006518289 Resolve PR review comments
1) use `pk_get_rsapubkey` instead of reimplementing the parsing
2) rename the key files, according to their type and key size
3) comment in the data_files/Makefile hoe the keys were generated
4) Fix issue of failure parsing pkcs#1 DER format parsing, missed in previous commit
2017-10-16 12:40:27 +03:00
Ron Eldor
d0c56de934 Add support for public keys encoded with PKCS#1
1) Add support for public keys encoded with PKCS#1
2) Add tests for PKCS#1 PEM and DER, and PKCS#8 DER
2017-10-10 17:12:07 +03:00
Hanno Becker
08a36dde80 Unify naming schemes for RSA keys 2017-09-29 20:05:23 +01:00
Hanno Becker
cc56628117 Don't use all_final as a target in tests/data_files/Makefile
The `neat` target in that Makefile assumes all_final to be a concatenation of
file names.
2017-09-26 16:21:19 +01:00
Hanno Becker
81535d0011 Minor style and typo corrections 2017-09-14 07:51:54 +01:00
Hanno Becker
476986547b Omit version from X.509 v1 certificates
The version field in an X.509 certificate is optional and defaults to v1, so it
may be omitted in this case.
2017-09-14 07:51:54 +01:00
Hanno Becker
418a62242b Extend tests/data_files/Makefile to include CRT's for CRT write test 2017-09-14 07:51:28 +01:00
Hanno Becker
5a4f172522 Add suffix for 1024-bit RSA key files
Previously, 2048-bit and 4096-bit RSA key files had their bitsize indicated in their filename, while the original
1024-bit keys hadn't. This commit unifies the naming scheme by always indicating the bitsize in the filename.
2017-09-07 15:40:30 +01:00
Hanno Becker
c8063c58f0 Correct Makefile in tests/data_files
The documentation of the target `all_final` was no longer accurate, and numerous non-file targets were missing in the
.PHONY section.
2017-09-07 15:30:12 +01:00
Hanno Becker
8fdfc98676 Update keyfiles
This commit replaces the previous keyfiles with those generated by the commands added in the previous commit.
2017-09-05 10:08:37 +01:00
Hanno Becker
d16f6126c7 Add RSA key generation commands to test Makefile
This commit adds the commands used to generate the various RSA keys to tests/Makefile so that they can be easily
regenerated or modified, e.g. if larger key sizes or other encryption algorithms need to be tested in the future.
2017-09-05 10:08:37 +01:00
Hanno Becker
37c6b6b339 Add tests for encrypted 2048 and 4096-bit RSA keys 2017-08-26 09:22:14 +01:00
Manuel Pégourié-Gonnard
5faafa76cf Update X.509 test certs' Readme 2017-08-17 10:13:00 +02:00
Manuel Pégourié-Gonnard
8b59049407 Make verify() actually restartable 2017-08-15 10:45:09 +02:00
Manuel Pégourié-Gonnard
d19a41d9aa Add tests for verify_restartable()
For selection of test cases, see comments added in the commit.

It makes the most sense to test with chains using ECC only, so for the chain
of length 2 we use server10 -> int-ca3 -> int-ca2 and trust int-ca2 directly.

Note: server10.crt was created by copying server10_int3_int-ca2.crt and
manually truncating it to remove the intermediates. That base can now be used
to create derived certs (without or with a chain) in a programmatic way.
2017-08-15 10:44:08 +02:00
Manuel Pégourié-Gonnard
7ff243a87c Add missing dependency in test-certs Makefile 2017-08-08 18:54:13 +02:00
Manuel Pégourié-Gonnard
2d825d42bb Add test for same CA with different keys
When a trusted CA is rolling its root keys, it could happen that for some
users the list of trusted roots contains two versions of the same CA with the
same name but different keys. Currently this is supported but wasn't tested.

Note: the intermediate file test-ca-alt.csr is commited on purpose, as not
commiting intermediate files causes make to regenerate files that we don't
want it to touch.
2017-08-08 11:06:50 +02:00
Manuel Pégourié-Gonnard
c10afdb322 Add test for CA forgery attempt
As we accept EE certs that are explicitly trusted (in the list of trusted
roots) and usually look for parent by subject, and in the future we might want
to avoid checking the self-signature on trusted certs, there could a risk that we
incorrectly accept a cert that looks like a trusted root except it doesn't
have the same key. This test ensures this will never happen.
2017-08-08 11:06:50 +02:00
Manuel Pégourié-Gonnard
bc313017a5 Add tests for flags passed to f_vrfy
The tests cover chains of length 0, 1 and 2, with one error, located at any of
the available levels in the chain. This exercises all three call sites of
f_vrfy (two in verify_top, one in verify_child). Chains of greater length
would not cover any new code path or behaviour that I can see.
2017-08-08 11:06:49 +02:00
Manuel Pégourié-Gonnard
b341dd58c5 Add tests for spurious certs in the chain
We have code to skip them but didn't have explicit tests ensuring they are
(the corresponding branch was never taken).

While at it, remove extra copy of the chain in server10*.crt, which was
duplicated for no reason.
2017-08-08 11:00:46 +02:00
Manuel Pégourié-Gonnard
4dfc04a66f Add test for bad signature with longer chain
This is one line that wasn't covered in verify_child()
2017-08-08 11:00:46 +02:00
Manuel Pégourié-Gonnard
29d60fb85f Add test for expired cert in longer chain
That's two lines that were not covered in verify_child()
2017-08-08 11:00:46 +02:00
Hanno Becker
e908c3de67 Improve Readme for long test certificate chains 2017-07-26 13:49:38 +01:00
Janos Follath
745bcf454f Fix typos 2017-07-21 14:04:31 +01:00