Commit graph

1889 commits

Author SHA1 Message Date
Hanno Becker
278fc7aedd Extend large packet tests for TLS
Same as previous commit, but for large packet tests.
2017-11-20 16:25:50 +00:00
Hanno Becker
8501f98ec4 Extend small packet tests for TLS
This commit ensures that there is a small packet test for at least any
combination of
- SSL/TLS version: SSLv3, TLS 1.0, TLS 1.1 or TLS 1.2
- Stream cipher (RC4) or Block cipher (AES)
- Usage of Encrypt then MAC extension [TLS only]
- Usage of truncated HMAC extension [TLS only]
2017-11-20 16:25:50 +00:00
Hanno Becker
32c550141f Add missing dependencies on trunc HMAC ext in ssl-opt.sh
Noticed that the test cases in ssl-opt.sh exercising the truncated HMAC
extension do not depend on MBEDTLS_SSL_TRUNCATED_HMAC being enabled in
config.h. This commit fixes this.
2017-11-20 16:25:50 +00:00
Hanno Becker
992b6872f3 Fix heap corruption in ssl_decrypt_buf
Previously, MAC validation for an incoming record proceeded as follows:

1) Make a copy of the MAC contained in the record;
2) Compute the expected MAC in place, overwriting the presented one;
3) Compare both.

This resulted in a record buffer overflow if truncated MAC was used, as in this
case the record buffer only reserved 10 bytes for the MAC, but the MAC
computation routine in 2) always wrote a full digest.

For specially crafted records, this could be used to perform a controlled write of
up to 6 bytes past the boundary of the heap buffer holding the record, thereby
corrupting the heap structures and potentially leading to a crash or remote code
execution.

This commit fixes this by making the following change:
1) Compute the expected MAC in a temporary buffer that has the size of the
   underlying message digest.
2) Compare to this to the MAC contained in the record, potentially
   restricting to the first 10 bytes if truncated HMAC is used.

A similar fix is applied to the encryption routine `ssl_encrypt_buf`.
2017-11-20 08:52:25 +00:00
Darryl Green
f5bcbede92 Add tests for invalid private parameters in mbedtls_ecdsa_sign() 2017-11-17 17:09:31 +00:00
Hanno Becker
72a4f0338d Add tests for UDP proxy packing option 2017-11-15 16:39:20 +00:00
Hanno Becker
000767123f Add tests for event-driven I/O 2017-11-15 16:39:08 +00:00
Andres Amaya Garcia
72705c906c Add regression test for parsing subjectAltNames 2017-11-07 20:16:19 +00:00
Manuel Pégourié-Gonnard
254eec8bb4 Document choice of script exit code 2017-10-26 09:47:36 +02:00
Hanno Becker
4ac73e7804 Use shell string processing instead of sed in ssl-opt.sh 2017-10-23 15:27:37 +01:00
Gilles Peskine
b00b0da452 RSA PSS: fix first byte check for keys of size 8N+1
For a key of size 8N+1, check that the first byte after applying the
public key operation is 0 (it could have been 1 instead). The code was
incorrectly doing a no-op check instead, which led to invalid
signatures being accepted. Not a security flaw, since you would need the
private key to craft such an invalid signature, but a bug nonetheless.
2017-10-19 15:23:49 +02:00
Gilles Peskine
139108af94 RSA PSS: fix minimum length check for keys of size 8N+1
The check introduced by the previous security fix was off by one. It
fixed the buffer overflow but was not compliant with the definition of
PSS which technically led to accepting some invalid signatures (but
not signatures made without the private key).
2017-10-18 19:03:42 +02:00
Hanno Becker
9cfabe3597 Use a conservative excess of the maximum fragment length in tests
This leads to graceful test failure instead of crash when run on the previous
code.
2017-10-18 14:42:01 +01:00
Gilles Peskine
6a54b0240d RSA: Fix another buffer overflow in PSS signature verification
Fix buffer overflow in RSA-PSS signature verification when the masking
operation results in an all-zero buffer. This could happen at any key size.
2017-10-17 19:12:36 +02:00
Gilles Peskine
28a0c72795 RSA: Fix buffer overflow in PSS signature verification
Fix buffer overflow in RSA-PSS signature verification when the hash is
too large for the key size. Found by Seth Terashima, Qualcomm.

Added a non-regression test and a positive test with the smallest
permitted key size for a SHA-512 hash.
2017-10-17 19:01:38 +02:00
Ron Eldor
3f2da84bca Resolve PR review comments
1) Fix style comments
2) Fix typo in Makefile
3) Remove the `MBEDTLS_MD5_C` dependency from test data file,
as the used keys are not encrypted
2017-10-17 15:53:32 +03:00
Hanno Becker
134c2ab891 Add build and ssl-opt.sh run for !SSL_RENEGOTIATION to all.sh 2017-10-17 11:03:50 +01:00
Hanno Becker
6a2436493f Add dependency on SSL_RENEGOTIATION to renego tests in ssl-opt.sh 2017-10-17 11:03:50 +01:00
Ron Eldor
5472d43ffb Fix issues when MBEDTLS_PEM_PARSE_C not defined
1) Fix compilatoin issues when `MBEDTLS_PEM_PARSE_C` not defined
2) remove dependency for `MBEDTLS_PEM_PARSE_C` in DER tests
2017-10-17 09:50:39 +03:00
Ron Eldor
b006518289 Resolve PR review comments
1) use `pk_get_rsapubkey` instead of reimplementing the parsing
2) rename the key files, according to their type and key size
3) comment in the data_files/Makefile hoe the keys were generated
4) Fix issue of failure parsing pkcs#1 DER format parsing, missed in previous commit
2017-10-16 12:40:27 +03:00
Andres Amaya Garcia
60100d09ee Improve leap year test names in x509parse.data 2017-10-12 23:21:37 +01:00
Andres Amaya Garcia
735b37eeef Correctly handle leap year in x509_date_is_valid()
This patch ensures that invalid dates on leap years with 100 or 400
years intervals are handled correctly.
2017-10-12 23:21:37 +01:00
Janos Follath
b0f148c0ab Renegotiation: Add tests for SigAlg ext parsing
This commit adds regression tests for the bug when we didn't parse the
Signature Algorithm extension when renegotiating. (By nature, this bug
affected only the server)

The tests check for the fallback hash (SHA1) in the server log to detect
that the Signature Algorithm extension hasn't been parsed at least in
one of the handshakes.

A more direct way of testing is not possible with the current test
framework, since the Signature Algorithm extension is parsed in the
first handshake and any corresponding debug message is present in the
logs.
2017-10-12 23:21:37 +01:00
Hanno Becker
dfd15b3444 Add toy example triggering early abort in mbedtls_rsa_deduce_primes 2017-10-12 09:14:09 +01:00
Hanno Becker
e167fe6a53 Correct pkparse test case to lead to failure for MBEDTLS_RSA_NO_CRT
The test case parses an RSA private key with N=P=Q=D=E=1 and expects a failure from the PK layer. With the weakened
semantics of `mbedtls_rsa_complete`, the latter won't throw an error on that key in case if MBEDTLS_RSA_NO_CRT is
set. This commit modifies the test case to use N=2 which is rejected by `mbedtls_rsa_complete` regardless of whether
MBEDTLS_RSA_NO_CRT is set or not.
2017-10-11 19:42:56 +01:00
Hanno Becker
7643d4e30c Fix number of loop iterations in mbedtls_deduce_primes
The number of loop iterations per candidate in `mbedtls_deduce_primes` was off
by one. This commit corrects this and removes a toy non-example from the RSA
test suite, as it seems difficult to have the function fail on small values of N
even if D,E are corrupted.
2017-10-11 16:32:49 +01:00
Janos Follath
88f5808c13 Renegotiation: Add tests for SigAlg ext parsing
This commit adds regression tests for the bug when we didn't parse the
Signature Algorithm extension when renegotiating. (By nature, this bug
affected only the server)

The tests check for the fallback hash (SHA1) in the server log to detect
that the Signature Algorithm extension hasn't been parsed at least in
one of the handshakes.

A more direct way of testing is not possible with the current test
framework, since the Signature Algorithm extension is parsed in the
first handshake and any corresponding debug message is present in the
logs.
2017-10-11 12:49:09 +01:00
Hanno Becker
a565f54c4c Introduce new files rsa_internal.[ch] for RSA helper functions
This commit splits off the RSA helper functions into separate headers and
compilation units to have a clearer separation of the public RSA interface,
intended to be used by end-users, and the helper functions which are publicly
provided only for the benefit of designers of alternative RSA implementations.
2017-10-11 11:00:19 +01:00
Hanno Becker
04877a48d4 Adapt rsa_import tests to weakened semantics of rsa_complete
The tests now accept two result parameters, one for the expected result of the
completion call, and one for the expected result of the subsequent sanity
check.
2017-10-11 10:01:33 +01:00
Hanno Becker
7f25f850ac Adapt uses of mbedtls_rsa_complete to removed PRNG argument 2017-10-10 16:56:22 +01:00
Hanno Becker
f9e184b9df Remove PRNG argument from mbedtls_rsa_complete 2017-10-10 16:55:41 +01:00
Hanno Becker
52c6dc64c6 Correct length check for DTLS records from old epochs.
DTLS records from previous epochs were incorrectly checked against the
current epoch transform's minimal content length, leading to the
rejection of entire datagrams. This commit fixed that and adapts two
test cases accordingly.

Internal reference: IOTSSL-1417
2017-10-10 16:04:32 +01:00
Hanno Becker
d82d84664a ssl-opt.sh: Kill server via KILL signal if TERM doesn't succeed 2017-10-10 16:04:32 +01:00
Hanno Becker
cadb5bbe3c Add slight delay before killing server in ssl-opt.sh for log output
It seems that tests from ssl-opt.sh are sometimes failing because
the server is killed before its output has been finalized. This commit
adds a small delay in ssl-opt.sh before killing the server to prevent
that.
2017-10-10 16:04:32 +01:00
Hanno Becker
17c0493ca8 Allow default arguments for client/server/proxy in ssl-opt.sh
ssl-opt.sh checks whether the client, server and proxy commands are
names of executable files, forbidding the use of default arguments by
by e.g. setting P_SRV="ssl_server2 debug_level=3". This commit relaxes
this check, only considering the part of the command string prior to
the first whitespace.
2017-10-10 16:00:48 +01:00
Ron Eldor
d0c56de934 Add support for public keys encoded with PKCS#1
1) Add support for public keys encoded with PKCS#1
2) Add tests for PKCS#1 PEM and DER, and PKCS#8 DER
2017-10-10 17:12:07 +03:00
Andres Amaya Garcia
3f50f511de Ensure failed test_suite output is sent to stdout
The change modifies the template code in tests/suites/helpers.function
and tests/suites/main.function so that error messages are printed to
stdout instead of being discarded. This makes errors visible regardless
of the --verbose flag being passed or not to the test suite programs.
2017-10-07 18:15:28 +01:00
Andres Amaya Garcia
def0339db2 Ensure failed test_suite output is sent to stdout
The change modifies the template code in tests/suites/helpers.function
and tests/suites/main.function so that error messages are printed to
stdout instead of being discarded. This makes errors visible regardless
of the --verbose flag being passed or not to the test suite programs.
2017-10-07 17:33:34 +01:00
Hanno Becker
21acb66cba Correct typo: PBDFK -> PBKDF 2017-10-06 14:38:15 +01:00
Andres Amaya Garcia
67d8da522f Remove use of GNU sed features from ssl-opt.sh 2017-10-06 11:59:13 +01:00
Andres Amaya Garcia
3b1bdff285 Fix typos in ssl-opt.sh comments 2017-10-06 11:59:13 +01:00
Andres Amaya Garcia
b84c40b12f Add ssl-opt.sh test to check gmt_unix_time is good
Add a test to ssl-opt.sh that parses the client and server debug
output and then checks that the Unix timestamp in the ServerHello
message is within acceptable bounds.
2017-10-06 11:59:13 +01:00
Andres Amaya Garcia
93993defd1 Extend ssl-opt.h so that run_test takes function
Extend the run_test function in ssl-opt.sh so that it accepts the -f
and -F options. These parameters take an argument which is the name of
a shell function that will be called by run_test and will be given the
client input and output debug log. The idea is that these functions are
defined by each test and they can be used to do some custom check
beyon those allowed by the pattern matching capabilities of the
run_test function.
2017-10-06 11:59:13 +01:00
Hanno Becker
b25c0c78cf Add test case calling ssl_set_hostname twice
Add a test case calling ssl_set_hostname twice to test_suite_ssl.
When run in CMake build mode ASan, this catches the current leak,
but will hopefully be fine with the new version.
2017-10-06 11:58:50 +01:00
Gilles Peskine
964faeb6c4 Cleaned up get_line for test data files
Look, ma, a use for do...while!

Also removed 1-3 calls to strlen.
2017-10-06 11:58:50 +01:00
Gilles Peskine
b04e2c3d81 Allow comments in test data files 2017-10-06 11:58:50 +01:00
Andres Amaya Garcia
acdae0cb33 Remove use of GNU sed features from ssl-opt.sh 2017-10-06 11:55:32 +01:00
Andres Amaya Garcia
5987ef451c Fix typos in ssl-opt.sh comments 2017-10-06 11:55:32 +01:00
Andres Amaya Garcia
ac36e382a9 Add ssl-opt.sh test to check gmt_unix_time is good
Add a test to ssl-opt.sh that parses the client and server debug
output and then checks that the Unix timestamp in the ServerHello
message is within acceptable bounds.
2017-10-06 11:55:32 +01:00
Andres Amaya Garcia
a46a58ab94 Extend ssl-opt.h so that run_test takes function
Extend the run_test function in ssl-opt.sh so that it accepts the -f
and -F options. These parameters take an argument which is the name of
a shell function that will be called by run_test and will be given the
client input and output debug log. The idea is that these functions are
defined by each test and they can be used to do some custom check
beyon those allowed by the pattern matching capabilities of the
run_test function.
2017-10-06 11:55:32 +01:00
Hanno Becker
f8b56d4e41 Adapt RSA test suite
Don't expect alternative implementations to implement the RSA operations for wrong key-types.
2017-10-05 10:30:13 +01:00
Hanno Becker
0f65e0ca03 Rename rsa_deduce_moduli to rsa_deduce_primes 2017-10-03 14:40:44 +01:00
Hanno Becker
8ba6ce4f4f Rename rsa_deduce_private to rsa_deduce_private_exponent 2017-10-03 14:40:43 +01:00
Hanno Becker
db13cefde2 Correct typo in RSA test suite data 2017-10-03 14:31:05 +01:00
Hanno Becker
c21a8db3fe Adapt test suites to modified error codes
As the new PKCS v1.5 verification function opaquely compares an expected encoding to the given one, it cannot
distinguish multiple reasons of failure anymore and instead always returns MBEDTLS_ERR_RSA_VERIFY_FAILED. This
necessitates some modifications to the expected return values of some tests verifying signatures with bad padding.
2017-10-03 07:58:00 +01:00
Hanno Becker
558477d073 Add tests for non-reduced length encoding in PKCS1 v15 signatures
This commit adds some tests to the RSA test suite verifying that RSA PKCS-v15 signatures with non-reduced length
encodings are refuted. Details are provided via comments in the test suite data file.
2017-10-03 07:57:16 +01:00
Hanno Becker
3f3ae85e11 Correct memory leak in RSA test suite
The test for `mbedtls_rsa_import_raw` didn't include freeing the allocate buffers.
2017-10-02 13:17:01 +01:00
Hanno Becker
bdefff1dde Change signature of mbedtls_rsa_deduce_private
Make input arguments constant and adapt the implementation to use a temporary instead of in-place operations.
2017-10-02 09:59:48 +01:00
Hanno Becker
713fe7f66c Add test case calling ssl_set_hostname twice
Add a test case calling ssl_set_hostname twice to test_suite_ssl.
When run in CMake build mode ASan, this catches the current leak,
but will hopefully be fine with the new version.
2017-09-30 23:34:52 +01:00
Hanno Becker
08a36dde80 Unify naming schemes for RSA keys 2017-09-29 20:05:23 +01:00
Gilles Peskine
5b7ee07ff6 Cleaned up get_line for test data files
Look, ma, a use for do...while!

Also removed 1-3 calls to strlen.
2017-09-29 18:00:25 +02:00
Gilles Peskine
26182edd0c Allow comments in test data files 2017-09-29 15:45:12 +02:00
Hanno Becker
e1582a832b Add expectation when testing RSA key import/export
This commit adds a flag to the RSA import/export tests indicating whether it is
expected that a full RSA keypair can be set up from the provided parameters.

Further, the tests of `mbedtls_rsa_import` and `mbedtls_rsa_import_raw` are
expanded to perform key checks and an example encryption-decryption.
2017-09-29 11:54:05 +01:00
Hanno Becker
4d6e83406c Improve readability of test for mbedtls_rsa_import 2017-09-29 11:54:05 +01:00
Hanno Becker
54cfc585cd Add test cases for mbedtls_rsa_import[_raw] where N is missing 2017-09-29 11:54:05 +01:00
Hanno Becker
d5ba5effaa Add ASan build-and-test run for MBEDTLS_RSA_NO_CRT in all.sh 2017-09-28 13:10:44 +01:00
Hanno Becker
13be990114 Correct expectation in DHM test in ssl-opt.sh
The previous test expected a DHM group generator of size 2048 bits, while with
the change to RFC 7919, the base is 2, so has bit-size 2.
2017-09-28 11:06:31 +01:00
Hanno Becker
cc56628117 Don't use all_final as a target in tests/data_files/Makefile
The `neat` target in that Makefile assumes all_final to be a concatenation of
file names.
2017-09-26 16:21:19 +01:00
Hanno Becker
6428f8d78e Let ssl-opt.sh gracefully fail is SSL_MAX_CONTENT_LEN is not 16384
Some tests in ssl-opt.sh require MBEDTLS_SSL_MAX_CONTENT_LEN to be set to its
default value of 16384 to succeed. While ideally such a dependency should not
exist, as a short-term remedy this commit adds a small check that will at least
lead to graceful exit if that assumption is violated.
2017-09-22 16:58:50 +01:00
Janos Follath
4b151fabb7 DHM: Add negative tests for parameter checking
A bug in the dhm_check_range() function makes it pass even when the
parameters are not in the range. This commit adds tests for signalling
this problem as well as a couple of other negative tests.
2017-09-21 12:03:06 +01:00
Hanno Becker
09930d1f01 Add expected number of fragments to 16384-byte packet tests 2017-09-18 16:11:42 +01:00
Hanno Becker
c526696c05 Add tests for messages beyond 16384 bytes to ssl-opt.sh
This commit adds four tests to ssl-opt.sh testing the library's behavior when
`mbedtls_ssl_write` is called with messages beyond 16384 bytes. The combinations
tested are TLS vs. DTLS and MBEDTLS_SSL_MAX_FRAGMENT_LENGTH enabled vs. disabled.
2017-09-18 16:11:42 +01:00
Hanno Becker
4aed27e469 Add missing test-dependencies for MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
The tests for the maximum fragment length extension were lacking a dependency on
MBEDTLS_SSL_MAX_FRAGMENT_LENGTH being set in the config.
2017-09-18 16:11:42 +01:00
Hanno Becker
5175ac6e13 Add tests for disabled MFL-extension to all.sh
This commit adds a build with default config except
MBEDTLS_SSL_MAX_FRAGMENT_LENGTH to all.sh, as well as a run of the MFL-related
tests in ssl-opt.sh.
2017-09-18 16:11:39 +01:00
Hanno Becker
d4a872ee67 Rename internal MBEDTLS_ENTROPY_HAVE_STRONG to ENTROPY_HAVE_STRONG
This commit renames the test-only flag MBEDTLS_ENTROPY_HAVE_STRONG to ENTROPY_HAVE_STRONG to make it more transparent
that it's an internal flag, and also to content the testscript tests/scripts/check-names.pl which previously complained
about the macro occurring in a comment in `entropy.c` without being defined in a library file.
2017-09-14 08:04:13 +01:00
Hanno Becker
81535d0011 Minor style and typo corrections 2017-09-14 07:51:54 +01:00
Hanno Becker
476986547b Omit version from X.509 v1 certificates
The version field in an X.509 certificate is optional and defaults to v1, so it
may be omitted in this case.
2017-09-14 07:51:54 +01:00
Hanno Becker
418a62242b Extend tests/data_files/Makefile to include CRT's for CRT write test 2017-09-14 07:51:28 +01:00
Hanno Becker
5a4f172522 Add suffix for 1024-bit RSA key files
Previously, 2048-bit and 4096-bit RSA key files had their bitsize indicated in their filename, while the original
1024-bit keys hadn't. This commit unifies the naming scheme by always indicating the bitsize in the filename.
2017-09-07 15:40:30 +01:00
Hanno Becker
c8063c58f0 Correct Makefile in tests/data_files
The documentation of the target `all_final` was no longer accurate, and numerous non-file targets were missing in the
.PHONY section.
2017-09-07 15:30:12 +01:00
Hanno Becker
6ac972d815 Style correction in test_suite_pk.function 2017-09-07 13:10:44 +01:00
Manuel Pégourié-Gonnard
d23bc1b2cf Merge branch 'iotssl-1381-x509-verify-refactor' into iotssl-1381-x509-verify-refactor-restricted
* iotssl-1381-x509-verify-refactor:
  Tests: depends-pkalgs.pl - disable less options
  Tests: add omitted dependency on MBEDTLS_ECDSA_C in test_suite_debug
2017-09-06 11:35:11 +02:00
Gert van Dijk
25d124dc74 Tests: depends-pkalgs.pl - disable less options
Rather than disabling SSL & Key exchanges as a whole, only disable those
options required by reverse dependencies.

GitHub issue #1040 https://github.com/ARMmbed/mbedtls/issues/1040
See also discussion in PR #1074.
https://github.com/ARMmbed/mbedtls/pull/1074#issuecomment-327096303
2017-09-05 14:29:28 +02:00
Hanno Becker
55b1a0af0c Add further tests for DER-encoded PKCS8-v2-DES encrypted RSA keys
For uniformity, this commit adds tests for DER encoded PKCS8-v2-DES encrypted RSA keys that were already present for
PKCS8-v2-3DES encrypted RSA keys.
2017-09-05 10:43:20 +01:00
Hanno Becker
7d108257a4 Add further tests for new RSA keys
For uniformity, this commit adds tests for DER encoded, SHA1-2DES and SHA1-RC4-128-encrypted RSA keys; for SHA1-3DES encrypted keys, these were already present.
2017-09-05 10:35:31 +01:00
Hanno Becker
8fdfc98676 Update keyfiles
This commit replaces the previous keyfiles with those generated by the commands added in the previous commit.
2017-09-05 10:08:37 +01:00
Hanno Becker
d16f6126c7 Add RSA key generation commands to test Makefile
This commit adds the commands used to generate the various RSA keys to tests/Makefile so that they can be easily
regenerated or modified, e.g. if larger key sizes or other encryption algorithms need to be tested in the future.
2017-09-05 10:08:37 +01:00
Gert van Dijk
4f13195f3b Tests: add omitted dependency on MBEDTLS_ECDSA_C in test_suite_debug
GitHub issue #1040 https://github.com/ARMmbed/mbedtls/issues/1040
2017-09-04 14:17:10 +02:00
Manuel Pégourié-Gonnard
4b6e210d00 Merge branch 'mbedtls-2.6' into iotssl-1381-x509-verify-refactor-restricted
* mbedtls-2.6: (27 commits)
  Update version number to 2.6.0
  Fix language in Changelog for clarity
  Improve documentation of PKCS1 decryption functions
  Fix style and missing item in ChangeLog
  Add credit to Changelog to fix for #666
  Fix naked call to time() with platform call
  Fix ChangeLog for duplication after merge
  Rename time and index parameter to avoid name conflict.
  Correct comment
  Adapt ChangeLog
  Reliably zeroize sensitive data in AES sample application
  Reliably zeroize sensitive data in Crypt-and-Hash sample application
  Fix potential integer overflow parsing DER CRT
  Fix potential integer overflow parsing DER CRL
  Move the git scripts to correct path
  Update after @sbutcher-arm comments
  Fix slash direction for linux path
  Add note for the git_hoos README file
  Pre push hook script
  Check return code of mbedtls_mpi_fill_random
  ...
2017-08-31 10:09:43 +02:00
Hanno Becker
37c6b6b339 Add tests for encrypted 2048 and 4096-bit RSA keys 2017-08-26 09:22:14 +01:00
Hanno Becker
750e8b4596 Rename rsa_check_params->rsa_validate_params and change error codes 2017-08-25 08:34:55 +01:00
Hanno Becker
bf37b10370 Add test run for RSA_NO_CRT to all.sh 2017-08-23 16:17:28 +01:00
Hanno Becker
131134fa1a Adapt RSA test suite to deal with RSA_NON_CRT option 2017-08-23 16:17:28 +01:00
Hanno Becker
ceb7a9ddb3 Adapt RSA test suites to new RSA interface 2017-08-23 16:17:27 +01:00
Hanno Becker
6326a6da7f Adapt PKCS v21 test suite to new RSA interface 2017-08-23 16:17:27 +01:00
Hanno Becker
6d43f9e0a4 Adapt PKCS v15 test suite to new RSA interface 2017-08-23 16:17:27 +01:00
Hanno Becker
d71dc159a6 Adapt PK test suite to use new interface 2017-08-23 16:17:27 +01:00
Hanno Becker
ce00263bd2 Add tests for rsa_check_params
This commit adds test for the new library function mbedtls_rsa_check_params for
checking a set of RSA core parameters. There are some toy example tests with
small numbers that can be verified by hand, as well as tests with real world
numbers. Complete, partial and corrupted data are tested, as well the check for
primality exactly if a PRNG is provided.
2017-08-23 15:07:39 +01:00
Hanno Becker
f1b9a2c783 Add tests for rsa_export_raw
This commit adds tests for the new library function mbedtls_rsa_export_raw.
Each test case performs the following steps:

- Parse and convert a set of hex-string decoded core RSA parameters into big
  endian byte arrays.
- Use these to initialize an RSA context
- Export core RSA parameters as byte arrays again afterwards
- Compare byte strings.

Each test split is performed twice, once with successive and once with
simultaneous exporting.
2017-08-23 15:05:35 +01:00
Hanno Becker
417f2d6107 Add tests for rsa_export
This commit adds tests for the new library function mbedtls_rsa_export. Each
test case performs the following steps:

- Parse and convert a set of hex-string decoded core RSA parameters into MPI's.
- Use these to initialize an RSA context
- Export core RSA parameters as MPI's again afterwards
- Compare initial MPI's to exported ones.

In the private key case, all core parameters are exported and sanity-checked,
regardless of whether they were also used during setup.

Each test split is performed twice, once with successive and once with
simultaneous exporting.
2017-08-23 15:04:39 +01:00
Hanno Becker
c77ab892e5 Add tests for rsa_import, rsa_import_raw and rsa_complete
This commit adds numerous tests for the new library functions mbedtls_rsa_import
and mbedtls_rsa_import_raw in conjunction with mbedtls_rsa_complete for
importing and completing core sets of core RSA parameters (N,P,Q,D,E) into an
RSA context, with the importing accepting either MPI's or raw big endian
buffers.

Each test is determined by the following parameters:
1) Set of parameters provided
   We're testing full sets (N,P,Q,D,E), partial sets (N,-,-,D,E) and (N,P,Q,-,E)
   that are sufficient to generate missing parameters, and the partial and
   insufficient set (N, -, Q, -, E).
2) Simultaenous or successive importing
   The functions rsa_import and rsa_import_raw accept importing parameters at
   once or one after another. We test both.
3) Sanity of parameters
2017-08-23 15:02:57 +01:00
Hanno Becker
e78fd8d1b6 Add tests for rsa_deduce_moduli
This commit adds test for the new library function mbedtls_rsa_deduce_moduli for
deducing the prime factors (P,Q) of an RSA modulus N from knowledge of a
pair (D,E) of public and private exponent:

- Two toy examples that can be checked by hand, one fine and with bad parameters.
- Two real world examples, one fine and one with bad parameters.
2017-08-23 14:47:25 +01:00
Hanno Becker
6b4ce49991 Add tests for rsa_deduce_private
This commit adds tests for the new library function mbedtls_rsa_deduce_private
for deducing the private RSA exponent D from the public exponent E and the
factorization (P,Q) of the RSA modulus:

- Two toy examples with small numbers that can be checked by hand, one
  working fine and another failing due to bad parameters.

- Two real world examples, one fine and one with bad parameters.
2017-08-23 14:47:25 +01:00
Hanno Becker
8fd5548241 Minor formatting changes 2017-08-23 14:47:25 +01:00
Manuel Pégourié-Gonnard
be2f0b5e27 Fix test that didn't check full value of flags 2017-08-21 11:00:22 +02:00
Manuel Pégourié-Gonnard
7766a2c9c0 Improve some comments 2017-08-21 10:57:57 +02:00
Simon Butcher
72ea31b026 Update version number to 2.6.0 2017-08-10 11:51:16 +01:00
Manuel Pégourié-Gonnard
a54f6cc874 Unify name of default profile in X.509 tests 2017-08-09 10:41:42 +02:00
Manuel Pégourié-Gonnard
7ff243a87c Add missing dependency in test-certs Makefile 2017-08-08 18:54:13 +02:00
Manuel Pégourié-Gonnard
562df401d3 Improve some comments, fix some typos+whitespace 2017-08-08 18:17:53 +02:00
Manuel Pégourié-Gonnard
ea2dc14c0c Fix some whitespace 2017-08-08 11:10:37 +02:00
Manuel Pégourié-Gonnard
a7c4c8a46c Make some perl scripts usable with git bisect run
For that they need to return between 0 and 124 on error, while die returns
255, causing bisect-run to abort.
2017-08-08 11:06:51 +02:00
Manuel Pégourié-Gonnard
9bc860c3ad Add test for callback and bad signatures
Our current behaviour is a bit inconsistent here:
- when the bad signature is made by a trusted CA, we stop here and don't
  include the trusted CA in the chain (don't call vrfy on it)
- otherwise, we just add NOT_TRUSTED to the flags but keep building the chain
  and call vrfy on the upper certs
2017-08-08 11:06:50 +02:00
Manuel Pégourié-Gonnard
a656825aef Add test for bad name and callback
This ensures that the callback can actually clear that flag, and that it is
seen by the callback at the right level. This flag is not set at the same
place than others, and this difference will get bigger in the upcoming
refactor, so let's ensure we don't break anything here.
2017-08-08 11:06:50 +02:00
Manuel Pégourié-Gonnard
2d825d42bb Add test for same CA with different keys
When a trusted CA is rolling its root keys, it could happen that for some
users the list of trusted roots contains two versions of the same CA with the
same name but different keys. Currently this is supported but wasn't tested.

Note: the intermediate file test-ca-alt.csr is commited on purpose, as not
commiting intermediate files causes make to regenerate files that we don't
want it to touch.
2017-08-08 11:06:50 +02:00
Manuel Pégourié-Gonnard
c10afdb322 Add test for CA forgery attempt
As we accept EE certs that are explicitly trusted (in the list of trusted
roots) and usually look for parent by subject, and in the future we might want
to avoid checking the self-signature on trusted certs, there could a risk that we
incorrectly accept a cert that looks like a trusted root except it doesn't
have the same key. This test ensures this will never happen.
2017-08-08 11:06:50 +02:00
Manuel Pégourié-Gonnard
d092277683 Add test for profile on trusted EE cert 2017-08-08 11:06:50 +02:00
Manuel Pégourié-Gonnard
bc313017a5 Add tests for flags passed to f_vrfy
The tests cover chains of length 0, 1 and 2, with one error, located at any of
the available levels in the chain. This exercises all three call sites of
f_vrfy (two in verify_top, one in verify_child). Chains of greater length
would not cover any new code path or behaviour that I can see.
2017-08-08 11:06:49 +02:00
Manuel Pégourié-Gonnard
ffa42efa1c Add ability to test flags value in vrfy callback
So far there was no test ensuring that the flags passed to the vrfy callback
are correct (ie the flags for the current certificate, not including those of
the parent).

Actual tests case making use of that test function will be added in the next
commit.
2017-08-08 11:06:49 +02:00
Manuel Pégourié-Gonnard
602544e659 Fix usage of CFLAGS with cmake in all.sh
With cmake, CFLAGS has to be set when invoking cmake, not make (which totally
ignores the value of CFLAGS when it runs and only keeps the one from cmake).

Also, in that case the flags were either redundant (-Werror etc) or wrong
(-std=c99 -pedantic) as some parts of the library will not build with
-pedantic (see the other -pedantic tests, which are correct, for what needs to
be disabled).
2017-08-08 11:06:49 +02:00
Manuel Pégourié-Gonnard
43be6cda47 Fix depends_on:pk_alg in test suites 2017-08-08 11:06:49 +02:00
Manuel Pégourié-Gonnard
902bb6a018 Add new test script depends-pkalgs.pl 2017-08-08 11:06:49 +02:00
Manuel Pégourié-Gonnard
5be9533cdf Fix depends_on:curve in x509 tests 2017-08-08 11:06:49 +02:00
Manuel Pégourié-Gonnard
9ba9dfb1c6 Fix usage of {curves,key-exchanges}.pl in all.sh 2017-08-08 11:06:49 +02:00
Manuel Pégourié-Gonnard
1fe6bb9f25 Fix missing depends_on:SHA/MD in x509 tests 2017-08-08 11:06:49 +02:00
Manuel Pégourié-Gonnard
42a4d30a04 Add new test script depends-hashes.pl
This is step 1 of a plan to get rid once and for all of missing depends_on in
the X509 test suite (step 2 will be RSA/ECDSA, and step 0 was curves.pl).
2017-08-08 11:00:46 +02:00
Manuel Pégourié-Gonnard
b341dd58c5 Add tests for spurious certs in the chain
We have code to skip them but didn't have explicit tests ensuring they are
(the corresponding branch was never taken).

While at it, remove extra copy of the chain in server10*.crt, which was
duplicated for no reason.
2017-08-08 11:00:46 +02:00
Manuel Pégourié-Gonnard
4dfc04a66f Add test for bad signature with longer chain
This is one line that wasn't covered in verify_child()
2017-08-08 11:00:46 +02:00
Manuel Pégourié-Gonnard
29d60fb85f Add test for expired cert in longer chain
That's two lines that were not covered in verify_child()
2017-08-08 11:00:46 +02:00
Manuel Pégourié-Gonnard
41859786be Add tests for fatal error in vrfy callback
This shows inconsistencies in how flags are handled when callback fails:
- sometimes the flags set by the callback are transmitted, sometimes not
- when the cert if not trusted, sometimes BADCERT_NOT_TRUSTED is set,
  sometimes not

This adds coverage for 9 lines and 9 branches. Now all lines related to
callback failure are covered.
2017-08-08 11:00:46 +02:00
Manuel Pégourié-Gonnard
6b9d53f6c8 Add ability to test failing vrfy callback 2017-08-08 11:00:46 +02:00
Manuel Pégourié-Gonnard
6622fed524 Add tests for profile enforcement
Now all checks related to profile are covered in:
- verify_with_profile()
- verify_child()
- verify_top()
(that's 10 lines that were previously not covered)

Leaving aside profile enforcement in CRLs for now, as the focus is on
preparing to refactor cert verification.
2017-08-08 11:00:46 +02:00
Manuel Pégourié-Gonnard
9832ceaa2a Set deterministic flags for NULL profile
Previously flags was left to whatever value it had before. It's cleaner to
make sure it has a definite value, and all bits set looks like the safest way
for when it went very wrong.
2017-08-08 11:00:46 +02:00
Manuel Pégourié-Gonnard
e54931f489 Add "profile" arg to X.509 test function
Unused yet, tests using it will be added in the next commit
2017-08-08 11:00:46 +02:00
Simon Butcher
f145a9dac2 Fix the check for max CA intermediates in ssl-opt.sh
The tests only work for a specific number for MBEDTLS_X509_MAX_INTERMEDIATE_CA
so the check has been changed to confirm the default value, and to show an error
otherwise.
2017-07-28 18:18:29 +01:00
Simon Butcher
9e24b5184c Fix threshold checks for MBEDTLS_X509_MAX_INTERMEDIATE_CA 2017-07-28 18:18:29 +01:00
Simon Butcher
bcfa6f42e3 Fix the check for max CA intermediates in ssl-opt.sh
The tests only work for a specific number for MBEDTLS_X509_MAX_INTERMEDIATE_CA
so the check has been changed to confirm the default value, and to show an error
otherwise.
2017-07-28 16:43:33 +01:00
Simon Butcher
efdfeeba6a Fix threshold checks for MBEDTLS_X509_MAX_INTERMEDIATE_CA 2017-07-28 12:15:13 +01:00
Simon Butcher
06b786372c Change a ssl-opt.sh script sanity checks
Change the check in ssl-opt.sh for MBEDTLS_X509_MAX_INTERMEDIATE_CA to
check config.h instead of the x509 headers.
2017-07-28 01:00:17 +01:00
Andres AG
7d6ec7bacc Add CRT DER tests with incorrect version 2017-07-27 21:44:34 +01:00
Andres AG
c124061681 Add CRL DER tests with incorrect version 2017-07-27 21:44:34 +01:00
Andres AG
6fb6d79a37 Add CSR DER tests with incorrect version 2017-07-27 21:44:34 +01:00
Ron Eldor
d922c78aa4 Move the git scripts to correct path
The git scripts were accidently put in `test` folder instead of `tests`.
Moved them to `tests` folder
2017-07-27 21:44:34 +01:00
Ron Eldor
bf007d297d Pre push hook script
Add git_hook folder, and pre-push script,
to be soft linked from .git/hooks/pre-push
2017-07-27 21:44:34 +01:00
Simon Butcher
2c4d558873 Fixes test for MBEDTLS_NO_UDBL_DIVISION
The test for MBEDTLS_NO_UDBL_DIVISION wasn't preserving it's own config.h
for the next test.

Also added comments to ARM Compiler 6 tests to better explain them.
2017-07-27 21:44:34 +01:00
Andres Amaya Garcia
f755bb3adf Remove MBEDTLS_TYPE_UDBL tests from all.sh 2017-07-27 21:44:33 +01:00
Andres Amaya Garcia
465db7eba1 Fix no 64-bit division test in all.sh 2017-07-27 21:44:33 +01:00
Andres Amaya Garcia
9946783218 Add tests for 64 and 32-bit int types compilation 2017-07-27 21:44:33 +01:00
Gilles Peskine
b1a977f5a7 MBEDTLS_NO_INT64_DIVISION -> MBEDTLS_NO_UDBL_DIVISION
Changed the option to disable the use of 64-bit division, to an option
to disable the use of double-width division, whether that's 64 or 128-bit.
2017-07-27 21:44:33 +01:00
Andres Amaya Garcia
5e873fb464 Add all.sh test to force 32-bit compilation 2017-07-27 21:44:33 +01:00
Ron Eldor
5a21fd62bf fix for issue 1118: check if iv is zero in gcm.
1) found by roberto in mbedtls forum
2) if iv_len is zero, return an error
3) add tests for invalid parameters
2017-07-27 21:44:33 +01:00
Hanno Becker
3b1422e55e Check threshold for MBEDTLS_X509_MAX_INTERMEDIATE_CA in X509 tests
The X509 test suite assumes that MBEDTLS_X509_MAX_INTERMEDIATE_CA is below the
hardcoded threshold 20 used in the long certificate chain generating script
tests/data_files/dir-max/long.sh. This commit adds a compile-time check for
that.
2017-07-26 13:49:38 +01:00
Hanno Becker
e908c3de67 Improve Readme for long test certificate chains 2017-07-26 13:49:38 +01:00
Hanno Becker
a6bca9f19e Check value of MBEDTLS_X509_MAX_INTERMEDIATE_CA in ssl-opt.sh
Some tests in ssl-opt.sh assumes the value 8 for the maximal number
MBEDTLS_X509_MAX_INTERMEDIATE_CA of intermediate CA's. This commit adds a check
before conducting the respective tests.
2017-07-26 13:49:32 +01:00
Andres AG
eacc616a9c Add CRT DER tests with incorrect version 2017-07-26 12:13:13 +01:00
Andres AG
2a9fd0e5c7 Add CRL DER tests with incorrect version 2017-07-26 12:13:04 +01:00
Andres AG
ae7b1c4aed Add CSR DER tests with incorrect version 2017-07-26 12:12:53 +01:00
Ron Eldor
4d90d56dfe Move the git scripts to correct path
The git scripts were accidently put in `test` folder instead of `tests`.
Moved them to `tests` folder
2017-07-24 21:47:30 +01:00
Hanno Becker
47deec488f Move flag indicating presence of strong entropy to test code 2017-07-24 15:31:30 +01:00
Ron Eldor
fcb7491a49 Pre push hook script
Add git_hook folder, and pre-push script,
to be soft linked from .git/hooks/pre-push
2017-07-24 14:25:26 +02:00
Hanno Becker
c6deafc0d4 Omit RSA key generation test if no strong entropy is present
The RSA key generation test needs strong entropy to succeed. This commit captures the presence of a strong entropy
source in a preprocessor flag and only runs the key generation test if that flag is set.
2017-07-24 09:09:01 +01:00
Simon Butcher
51aaa99473 Fixes test for MBEDTLS_NO_UDBL_DIVISION
The test for MBEDTLS_NO_UDBL_DIVISION wasn't preserving it's own config.h
for the next test.

Also added comments to ARM Compiler 6 tests to better explain them.
2017-07-23 13:42:36 +02:00
Hanno Becker
f058f34b5a Support negative dependencies in test cases
The entropy test suite uses a negative dependency "depends_on:!CONFIG_FLAG" for one of its tests. This kind of
dependency (running a test only if some configuration flag is not defined) is currently not supported and instead
results in the respective test case being dropped.

This commit adds support for negative dependencies in test cases.
2017-07-23 10:41:04 +01:00
Hanno Becker
75efa79201 Adapt generic test suite file to coding standard 2017-07-23 10:40:58 +01:00
Hanno Becker
910f662cd7 Increase readability of verbose test suite output 2017-07-23 10:40:53 +01:00
Hanno Becker
1b841cc9bf Correct typo in entropy test suite data 2017-07-23 10:40:46 +01:00
Hanno Becker
7e8e57c6d1 Initialize RSA context in RSA test suite before first potentially failing operation
The function `mbedtls_rsa_gen_key` from `test_suite_rsa.function` initialized a stack allocated RSA context only after
seeding the CTR DRBG. If the latter operation failed, the cleanup code tried to free the uninitialized RSA context,
potentially resulting in a segmentation fault. Fixes one aspect of #1023.
2017-07-23 10:40:29 +01:00
Andres Amaya Garcia
c327aa1542 Remove MBEDTLS_TYPE_UDBL tests from all.sh 2017-07-22 11:53:56 +02:00
Andres Amaya Garcia
6fb65864a2 Fix no 64-bit division test in all.sh 2017-07-22 11:53:56 +02:00
Andres Amaya Garcia
33264d7a96 Add tests for 64 and 32-bit int types compilation 2017-07-22 11:53:56 +02:00
Gilles Peskine
9a9adcd6aa MBEDTLS_NO_INT64_DIVISION -> MBEDTLS_NO_UDBL_DIVISION
Changed the option to disable the use of 64-bit division, to an option
to disable the use of double-width division, whether that's 64 or 128-bit.
2017-07-22 11:53:56 +02:00
Andres Amaya Garcia
dd29c2f2c3 Add all.sh test to force 32-bit compilation 2017-07-22 11:53:56 +02:00
Janos Follath
745bcf454f Fix typos 2017-07-21 14:04:31 +01:00
Ron Eldor
e1b92fee55 fix for issue 1118: check if iv is zero in gcm.
1) found by roberto in mbedtls forum
2) if iv_len is zero, return an error
3) add tests for invalid parameters
2017-07-20 00:11:24 +02:00
Hanno Becker
83ebf78404 Add test for AES_ROM_TABLES and AES_FEWER_TABLES to all.sh 2017-07-07 12:29:15 +01:00
Manuel Pégourié-Gonnard
5be13d8fd1 Make test script more portable
seq isn't POSIX and isn't present by default on BSDs
2017-07-06 14:31:54 +02:00
Manuel Pégourié-Gonnard
9107b5fdd3 Improve comments 2017-07-06 12:16:25 +02:00
Manuel Pégourié-Gonnard
81bb6b6acf Add SSL tests for long cert chains 2017-07-06 11:58:41 +02:00
Manuel Pégourié-Gonnard
31458a1878 Only return VERIFY_FAILED from a single point
Everything else is a fatal error. Also improve documentation about that for
the vrfy callback.
2017-07-06 11:58:41 +02:00
Manuel Pégourié-Gonnard
d15795acd5 Improve behaviour on fatal errors
If we didn't walk the whole chain, then there may be any kind of errors in the
part of the chain we didn't check, so setting all flags looks like the safe
thing to do.
2017-07-06 11:58:41 +02:00
Manuel Pégourié-Gonnard
1beb048316 Add test for limit on intermediate certificates
Inspired by test code provided by Nicholas Wilson in PR #351.

The test will fail if someone sets MAX_INTERMEDIATE_CA to a value larger than
18 (default is 8), which is hopefully unlikely and can easily be fixed by
running long.sh again with a larger value if it ever happens.

Current behaviour is suboptimal as flags are not set, but currently the goal
is only to document/test existing behaviour.
2017-07-06 11:57:31 +02:00
Andres Amaya Garcia
b71b630730 Change test suites to use new MD API with ret code 2017-06-28 12:52:16 +01:00
Ron Eldor
f3612483cc Support verbose output of the test suites
generate add ctest test-suites, with the --verbose argument to be given
to the test suites.
The verbose output will be shown **only** if ctest is run with `-v` parameter
The verbose argument is to the test-suites, only when run through `ctest`
2017-06-25 11:24:18 +03:00
Simon Butcher
f2a597fa3d Update the version number to 2.5.1 2017-06-20 23:08:10 +01:00
Hanno Becker
a540068a56 Modify PK test suite to provide PRNG to RSA signature function
To prepare for the option of mandatory blinding, this commit changes
the PK test suite to always call signature functions with a PRNG.
2017-06-09 13:29:53 +01:00
Manuel Pégourié-Gonnard
b86b143030 Merge remote-tracking branch 'restricted/iotssl-1138-rsa-padding-check-restricted' into development-restricted
* restricted/iotssl-1138-rsa-padding-check-restricted:
  RSA PKCS1v1.5 verification: check padding length
2017-06-08 20:31:06 +02:00
Manuel Pégourié-Gonnard
1178ac5e77 Merge remote-tracking branch 'hanno/sliding_exponentiation' into development
* hanno/sliding_exponentiation:
  Adapt ChangeLog
  Abort modular inversion when modulus is one.
  Correct sign in modular exponentiation algorithm.
2017-06-08 19:46:30 +02:00
Manuel Pégourié-Gonnard
af63c21466 Fix issue in testing SHA-1 compile-time option 2017-06-08 17:51:08 +02:00
Hanno Becker
e6706e62d8 Add tests for missing CA chains and bad curves.
This commit adds four tests to tests/ssl-opt.sh:
(1) & (2): Check behaviour of optional/required verification when the
trusted CA chain is empty.
(3) & (4): Check behaviour of optional/required verification when the
client receives a server certificate with an unsupported curve.
2017-06-07 11:26:59 +01:00
Manuel Pégourié-Gonnard
ddc6e52cc1 Merge remote-tracking branch 'gilles/iotssl-1223/development' into development
* gilles/iotssl-1223/development:
  Fix FALLBACK_SCSV parsing
2017-06-06 20:11:36 +02:00
Manuel Pégourié-Gonnard
383a118338 Merge remote-tracking branch 'gilles/IOTSSL-1330/development' into development
* gilles/IOTSSL-1330/development:
  Changelog entry for the bug fixes
  SSLv3: when refusing renegotiation, stop processing
  Ignore failures when sending fatal alerts
  Cleaned up double variable declaration
  Code portability fix
  Added changelog entry
  Send TLS alerts in many more cases
  Skip all non-executables in run-test-suites.pl
  SSL tests: server requires auth, client has no certificate
  Balanced braces across preprocessor conditionals
  Support setting the ports on the command line
2017-06-06 19:22:41 +02:00
Gilles Peskine
f11d33b2df Cleaned up negative test predicate for test case
The test infrastructure does support negative predicates for test
cases, thanks to Andreas for letting me know.
2017-06-06 19:16:18 +02:00
Gilles Peskine
2a458daa11 all.sh: test with SHA-1 enabled
Enabling SHA-1 for certificates is deprecated but we still want it to work.

Thanks to @andresag01
2017-06-06 18:44:14 +02:00
Gilles Peskine
5d2511c4d4 SHA-1 deprecation: allow it in key exchange
By default, keep allowing SHA-1 in key exchange signatures. Disabling
it causes compatibility issues, especially with clients that use
TLS1.2 but don't send the signature_algorithms extension.

SHA-1 is forbidden in certificates by default, since it's vulnerable
to offline collision-based attacks.
2017-06-06 18:44:14 +02:00
Gilles Peskine
fd14bca6dc Document test data makefile 2017-06-06 18:44:14 +02:00
Gilles Peskine
4fa6bed0c6 X.509 tests: obey compile-time SHA-1 support option
There is now one test case to validate that SHA-1 is rejected in
certificates by default, and one test case to validate that SHA-1 is
supported if MBEDTLS_TLS_DEFAULT_ALLOW_SHA1 is #defined.
2017-06-06 18:44:14 +02:00
Gilles Peskine
62469d95e2 Allow SHA-1 in test scripts 2017-06-06 18:44:14 +02:00
Gilles Peskine
bc70a1836b Test that SHA-1 defaults off
Added tests to validate that certificates signed using SHA-1 are
rejected by default, but accepted if SHA-1 is explicitly enabled.
2017-06-06 18:44:14 +02:00
Gilles Peskine
2dc81a0cbc Test that X.509 verification rejects SHA-256 by default 2017-06-06 18:44:13 +02:00
Gilles Peskine
ef86ab238f Allow SHA-1 in X.509 and TLS tests
SHA-1 is now disabled by default in the X.509 layer. Explicitly enable
it in our tests for now. Updating all the test data to SHA-256 should
be done over time.
2017-06-06 18:44:13 +02:00
Gilles Peskine
f040a17604 Added SHA256 test certificates
With SHA-1 deprecation, we need a few certificates using algorithms in
the default support list. Most tests still use SHA-1 though.

The generation process for the new certificates is recorded in the makefile.
2017-06-06 18:44:13 +02:00
Hanno Becker
8435c381bd Remove use of size zero array in ECJPAKE test suite
The ECJPAKE test suite uses a size zero array for the empty password
used in the tests, which is not valid C. This commit fixes this.

This originally showed up as a compilation failure on Visual Studio
2015, documented in IOTSSL-1242, but can also be observed with GCC
when using the -Wpedantic compilation option.
2017-06-05 15:10:59 +01:00
Andres AG
a3b9adb6bd Add negative testing for mbedtls_pem_read_buffer() 2017-05-30 16:54:23 +01:00
Gilles Peskine
d50177fdf3 Fix FALLBACK_SCSV parsing
Fixed a bug in ssl_srv.c when parsing TLS_FALLBACK_SCSV in the
ciphersuite list that caused it to miss it sometimes. Reported by Hugo
Leisink as issue #810. Fix initially by @andreasag01; this commit
isolates the bug fix and adds a non-regression test.
2017-05-16 17:53:03 +02:00
Simon Butcher
9f77017a8d Updated version number to 2.5.0 2017-05-16 10:22:37 +01:00
Janos Follath
89baba2375 Add tests for the CA suppression option 2017-05-16 10:22:37 +01:00
Andres Amaya Garcia
d3f0f5e1c8 Fix check-doxy-blocks.pl to run from root dir
Modify tests/scripts/check-doxy-blocks.pl to ensure that:
  * It can only be run from the mbed TLS root directory.
  * An error code is returned to the environment when a potential error
    in the source code is found.
2017-05-12 00:16:50 +01:00
Andres AG
5c79d25d94 Add PK tests to avoid hashlen overflow for RSA 2017-05-11 21:58:25 +01:00
Manuel Pégourié-Gonnard
c1380de887 RSA PKCS1v1.5 verification: check padding length
The test case was generated by modifying our signature code so that it
produces a 7-byte long padding (which also means garbage at the end, so it is
essential in to check that the error that is detected first is indeed the
padding rather than the final length check).
2017-05-11 13:10:13 +02:00
Hanno Becker
4bcb4914c5 Abort modular inversion when modulus is one.
The modular inversion function hangs when provided with the modulus 1. This commit refuses this modulus with a BAD_INPUT error code. It also adds a test for this case.
2017-05-08 14:47:04 +01:00
Gilles Peskine
1cc8e3472a Send TLS alerts in many more cases
The TLS client and server code was usually closing the connection in
case of a fatal error without sending an alert. This commit adds
alerts in many cases.

Added one test case to detect that we send the alert, where a server
complains that the client's certificate is from an unknown CA (case
tracked internally as IOTSSL-1330).
2017-05-03 16:28:34 +02:00
Gilles Peskine
071db41627 Skip all non-executables in run-test-suites.pl
The script was blacklisting extensions. Rather than keep adding to the
extensions, whitelist executables.
2017-05-03 16:26:47 +02:00
Gilles Peskine
fd8332e15f SSL tests: server requires auth, client has no certificate
Added explicit test cases where the client has no certificate but the
server requires one.
2017-05-03 16:25:07 +02:00
Gilles Peskine
f93c7d3ab0 Support setting the ports on the command line
Added command line arguments --port and --proxy-port to choose the
ports explicitly instead of deriving them from the PID. This
facilitates debugging e.g. with Wireshark.
2017-04-26 16:41:55 +02:00
Hanno Becker
a4af1c47d2 Correct sign in modular exponentiation algorithm.
The modular exponentiation function  handled the sign incorrectly. This commit fixes this and a test case which should have caught it.
2017-04-18 09:07:45 +01:00
Andres AG
d1cc7f6f34 Fix buffer overflow in mbedtls_mpi_write_string()
Fix a buffer overflow when writting a string representation of an MPI
number to a buffer in hexadecimal. The problem occurs because hex
digits are written in pairs and this is not accounted for in the
calculation of the required buffer size when the number of digits is
odd.
2017-03-02 21:34:21 +00:00
Andres AG
99acfc4521 Fix failing pkparse test case
The first three test cases from test_suites_pkparse.data failed because
the key file they read requires DES to be read. However, MBEDTLS_DES_C
was missing from the dependency list.
2017-03-02 16:01:08 +00:00
Janos Follath
28fff14113 Add invalid key tests for curve SECP224K1
This curve has special arithmetic on 64 bit platforms and an untested
path lead to trying to free a buffer on the stack.

For the sake of completeness, a test case for a point with non-affine
coordinates has been added as well.
2017-02-28 18:41:39 +00:00
Janos Follath
ea7054a00c Add unit tests for X509 certificate date parsing 2017-02-28 14:23:12 +00:00
Simon Butcher
fc794ff2b7 Merge branch 'iotssl-1071-ca-flags'
Fixes a regression introduced by an earlier commit that modified
x509_crt_verify_top() to ensure that valid certificates that are after past or
future valid in the chain are processed. However the change introduced a change
in behaviour that caused the verification flags MBEDTLS_X509_BADCERT_EXPIRED and
MBEDTLS_BADCERT_FUTURE to always be set whenever there is a failure in the
verification regardless of the cause.

The fix maintains both behaviours:

 * Ensure that valid certificates after future and past are verified
 * Ensure that the correct verification flags are set.
2017-02-27 19:06:05 +00:00
Simon Butcher
0278a38f10 Merge branch 'iotssl-1077-dos-crl'
Modifies the function mbedtls_x509_crl_parse() to ensure that a CRL in PEM
format with trailing characters after the footer does not result in the
execution of an infinite loop.
2017-02-26 01:16:02 +00:00
Simon Butcher
9cfdf2caa7 Merge branch 'development-restricted' 2017-02-15 23:55:22 +02:00
Andres Amaya Garcia
6a54336897 Fix integer overflows in buffer bound checks
Fix potential integer overflows in the following functions:
  * mbedtls_md2_update() to be bypassed and cause
  * mbedtls_cipher_update()
  * mbedtls_ctr_drbg_reseed()
This overflows would mainly be exploitable in 32-bit systems and could
cause buffer bound checks to be bypassed.
2017-02-15 23:31:07 +02:00
Andres AG
49d29337fa Add tests for overreads in pem_read_buffer() 2017-02-15 23:31:07 +02:00
Andres AG
13fb6e7271 Add DTLS test to check 6 byte record ctr is cmp
Add a test to ssl-opt.sh to ensure that in DTLS a 6 byte record counter
is compared in ssl_check_ctr_renegotiate() instead of a 8 byte one as in
the TLS case. Because currently there are no testing facilities to check
that renegotiation routines are triggered after X number of input/output
messages, the test consists on setting a renegotiation period that
cannot be represented in 6 bytes, but whose least-significant byte is 2.
If the library behaves correctly, the renegotiation routines will be
executed after two exchanged.
2017-02-15 23:26:35 +02:00
Simon Butcher
ba6aa63578 Fix all.sh test builds with recent glibc and clang
Fixes strict C99 builds in all.sh with glibc version >2.19 where platform support
wasn't being compiled in automatically.

Also fixes C99 syntax with armclang.
2017-02-15 23:25:08 +02:00
Simon Butcher
53716395b2 Clarify use of armcc in all.sh 2017-02-15 23:23:22 +02:00
Andres AG
0911f0880c Add -march argument to armc6 build tests 2017-02-15 23:23:22 +02:00
Andres AG
7f08d7a35a Modify output_env.sh to make it extensible 2017-02-15 23:23:22 +02:00
Andres AG
9e3fba09fd Add ARM Compiler 6 build tests to all.sh 2017-02-15 23:23:22 +02:00
Janos Follath
4c006cdb1c Update library version number to 2.4.1 2017-02-15 22:55:55 +02:00
Simon B
8477d37ee6 Remove need for elevated command line in Windows
Changes use of mklink in Windows test builds, to create junctions instead of
directory symbolic links. This removes the need for an elevated command prompt
when running cmake to create the Visual Studio project files.
2017-02-15 09:08:26 +00:00
Simon Butcher
1e6f5ac127 Make mingw test build a requirement of all.sh
Changed the mingw test build to be a required test of the all.sh script.
2017-02-15 09:08:26 +00:00
Simon Butcher
4ae4fdcd99 Fix mingw test build to avoid executing the tests
Changed the mingw build target to avoid building mingw test suites and
then attempting to run them which was failing on Linux.
2017-02-15 09:08:26 +00:00
Simon Butcher
9510cc1a18 Make the test builds much stricter for warnings
Tighten up the test options in all.sh, test-ref-configs.pl and curves.pl
to ensure the builds are strict for all warnings, warnings are treated
as errors, and that wherever possible builds are strict to the C99
standard. (Note that builds that use the Unix sockets API cannot be).
2017-02-15 09:08:26 +00:00
Andres AG
342889fdbe Remove unused var warnings in windows unittests 2017-02-15 09:08:26 +00:00
Simon B
24d9a4cf8d Fix config of compiler warning flags with MSVC
Compiler warnings were being configured twice and not suppressed on the
test suites with Microsoft Visual Studio.
2017-02-15 09:08:26 +00:00
Andres AG
b9d3db68c6 Use MAKEFLAGS to pass args to make in all.sh
Modify the script at tests/scripts/all.sh to export the variable
MAKEFLAGS with -j if it was not set before. This should decrease the
total runtime of tests/scripts/all.sh by letting make run multiple jobs
in parallel. Also, add a check at the top of the script to cause a
failure if the environment is not Linux.
2017-02-15 09:08:26 +00:00
Andres Amaya Garcia
f7cf56fa45 Fix integer overflows in buffer bound checks
Fix potential integer overflows in the following functions:
  * mbedtls_md2_update() to be bypassed and cause
  * mbedtls_cipher_update()
  * mbedtls_ctr_drbg_reseed()
This overflows would mainly be exploitable in 32-bit systems and could
cause buffer bound checks to be bypassed.
2017-02-08 12:04:24 +00:00
Andres AG
f535662894 Add tests for overreads in pem_read_buffer() 2017-02-08 12:03:46 +00:00
Simon Butcher
1d4db5b7b5 Merge 'iotssl-1099-incorrect-renego-dtls'
Fix an incorrect condition in ssl_check_ctr_renegotiate() that compared
64 bits of record counter instead of 48 bits as described in RFC 6347
Section 4.3.1. This would cause the function's return value to be
occasionally incorrect and the renegotiation routines to be triggered
at unexpected times.
2017-02-02 23:47:08 +00:00
Andres AG
9060d4da08 Fix generate_code.pl to handle escaped : 2017-02-02 14:38:13 +00:00
Andres AG
9f430c15d8 Add tests for out flags from x509_crt_verify_top()
The tests load certificate chains from files. The CA chains contain a
past or future certificate and an invalid certificate. The test then
checks that the flags set are MBEDTLS_X509_BADCERT_EXPIRED or
MBEDTLS_X509_BADCERT_FUTURE.
2017-01-20 13:52:01 +00:00
Andres AG
a39db394db Add test for infinite loop in CRL parse 2017-01-19 17:10:51 +00:00
Andres AG
692ad84e5c Add DTLS test to check 6 byte record ctr is cmp
Add a test to ssl-opt.sh to ensure that in DTLS a 6 byte record counter
is compared in ssl_check_ctr_renegotiate() instead of a 8 byte one as in
the TLS case. Because currently there are no testing facilities to check
that renegotiation routines are triggered after X number of input/output
messages, the test consists on setting a renegotiation period that
cannot be represented in 6 bytes, but whose least-significant byte is 2.
If the library behaves correctly, the renegotiation routines will be
executed after two exchanged.
2017-01-19 16:30:57 +00:00
Simon Butcher
cb587009d6 Fix all.sh test builds with recent glibc and clang
Fixes strict C99 builds in all.sh with glibc version >2.19 where platform support
wasn't being compiled in automatically.

Also fixes C99 syntax with armclang.
2017-01-06 16:14:44 +00:00
Simon Butcher
105e856143 Merge branch 'gcc-compiler-warnings' 2017-01-05 18:26:40 +00:00
Simon Butcher
49f00bd81d Clarify use of armcc in all.sh 2017-01-05 16:20:56 +00:00
Andres AG
a5cd973047 Add -march argument to armc6 build tests 2017-01-05 10:15:00 +00:00
Andres AG
31f9b5bdd8 Modify output_env.sh to make it extensible 2017-01-05 10:14:51 +00:00
Andres AG
87bb577cfb Add ARM Compiler 6 build tests to all.sh 2017-01-03 10:12:11 +00:00
Simon Butcher
710dd4fdd6 Merge branch 'speedup_tests'
Pull Request #533 - Use MAKEFLAGS to pass args to make in all.sh

Modify the script at tests/scripts/all.sh to export the variable
MAKEFLAGS with -j if it was not set before. This should decrease the
total runtime of tests/scripts/all.sh by letting make run multiple jobs
in parallel. Also, add a check at the top of the script to cause a
failure if the environment is not Linux.w
2016-12-30 19:09:40 +00:00
Janos Follath
1808dc01bd Update library version number to 2.4.1 2016-12-13 16:00:52 +00:00
Andres AG
1a83445b25 Add SNI with DTLS tests to ssl-opt.sh script 2016-12-07 10:01:30 +00:00
Andres AG
9c94b6951c Add tests for overreads in pem_read_buffer() 2016-11-21 11:03:40 +00:00
Simon B
d473c1f359 Remove need for elevated command line in Windows
Changes use of mklink in Windows test builds, to create junctions instead of
directory symbolic links. This removes the need for an elevated command prompt
when running cmake to create the Visual Studio project files.
2016-11-17 16:04:33 +00:00
Simon Butcher
002bc6262b Make mingw test build a requirement of all.sh
Changed the mingw test build to be a required test of the all.sh script.
2016-11-17 09:27:45 +00:00
Simon Butcher
91aef33832 Fix mingw test build to avoid executing the tests
Changed the mingw build target to avoid building mingw test suites and
then attempting to run them which was failing on Linux.
2016-11-17 09:22:47 +00:00
Simon Butcher
f95c1764fa Make the test builds much stricter for warnings
Tighten up the test options in all.sh, test-ref-configs.pl and curves.pl
to ensure the builds are strict for all warnings, warnings are treated
as errors, and that wherever possible builds are strict to the C99
standard. (Note that builds that use the Unix sockets API cannot be).
2016-11-17 09:22:46 +00:00
Andres AG
ea67eeb4e8 Remove unused var warnings in windows unittests 2016-11-10 17:22:12 +00:00
Simon B
9b3e3c4942 Fix config of compiler warning flags with MSVC
Compiler warnings were being configured twice and not suppressed on the
test suites with Microsoft Visual Studio.
2016-11-10 15:37:33 +00:00
Simon Butcher
16c54ee9c8 Update library version number to 2.4.0 2016-10-16 19:34:39 +01:00
Simon Butcher
8e00410402 Merge fix for AEAD Random IVs 2016-10-14 00:48:33 +01:00
Simon Butcher
9800a058ae Merge branch 'development' 2016-10-13 17:25:56 +01:00
Simon Butcher
99000142cb Merge fix for IE Certificate Compatibility 2016-10-13 17:21:01 +01:00
Simon Butcher
488c08c00b Merge branch fixing date validity in X.509 2016-10-13 16:13:09 +01:00
Janos Follath
f45dab1939 Fix global variable shadowing 2016-10-13 13:54:48 +01:00
Simon Butcher
6437b221a3 Fix stdio redirection memory leak in test suites 2016-10-13 13:54:48 +01:00
Janos Follath
e5dc202469 Restore P>Q in RSA key generation (#558)
The PKCS#1 standard says nothing about the relation between P and Q
but many libraries guarantee P>Q and mbed TLS did so too in earlier
versions.

This commit restores this behaviour.
2016-10-13 13:54:48 +01:00
Janos Follath
d7b9049806 Fix memory leaks in CMAC tests 2016-10-13 13:53:56 +01:00
Andres AG
fe4db8f575 Fix memory leak in test_suite_cmac.function 2016-10-13 13:53:56 +01:00
Andres AG
f04f54d432 Add seed cmdline arg to test scripts 2016-10-13 13:53:33 +01:00
Janos Follath
2d9c46767a Fix minor style issues in test framework 2016-10-13 13:53:13 +01:00
Simon Butcher
33388669ec Fix to test output in test suites
Fixes the test suites to consistently use mbedtls_fprintf to output to
stdout or stderr.

Also redirects output from the tests to /dev/null to avoid confusing
output if the test suite code or library outputs anything to stdout.
2016-10-13 13:53:13 +01:00
Simon Butcher
8739aa9403 Fix exit and formatting in CMAC test suite
Minor fixes following review.
2016-10-13 13:53:13 +01:00
Simon Butcher
03faeac7ec Add CMAC test suite to CMakeLists.txt 2016-10-13 13:53:13 +01:00
Simon Butcher
c3db62fd51 Extend test coverage of CMAC
Expands tests to include NULL tests and successive calls to
mbedtls_cipher_cmac_update() and mbedtls_cipher_cmac_reset().
2016-10-13 13:53:13 +01:00
Andres AG
8254b6c9f3 Clean up of formatting, and potential integer overflow fix 2016-10-13 13:51:13 +01:00
Simon Butcher
f394e09431 Clean up and minor fixes following review
Minor fixes following review including:
    * formatting changes including indentation and code style
    * corrections
    * removal of debug code
    * clarification of code through variable renaming
    * memory leak
    * compiler warnings
2016-10-13 13:51:12 +01:00
Simon Butcher
937fddbfcb Introduce a CMAC specific test suite 2016-10-13 13:51:11 +01:00
Andres AG
42547d0cf7 Set selftest verbose flag to boost coverage 2016-10-13 13:48:48 +01:00
Andres AG
84c46db746 Fix scripts to support multiple openssl and gnutls 2016-10-13 13:48:48 +01:00
Andres AG
3616f6f261 Rename net.{c,h} to net_sockets.{c,h}
The library/net.c and its corresponding include/mbedtls/net.h file are
renamed to library/net_sockets.c and include/mbedtls/net_sockets.h
respectively. This is to avoid naming collisions in projects which also
have files with the common name 'net'.
2016-10-13 13:48:48 +01:00
Simon Butcher
1c8b33ad19 Merge branch 'development' 2016-10-13 13:40:41 +01:00
Janos Follath
e709f7c9e0 Fix global variable shadowing 2016-10-13 13:20:12 +01:00
Simon Butcher
e019296ab7 Fix stdio redirection memory leak in test suites 2016-10-13 10:03:08 +01:00
Janos Follath
ef44178474 Restore P>Q in RSA key generation (#558)
The PKCS#1 standard says nothing about the relation between P and Q
but many libraries guarantee P>Q and mbed TLS did so too in earlier
versions.

This commit restores this behaviour.
2016-10-13 00:25:07 +01:00
Janos Follath
99d09d2747 Fix memory leaks in CMAC tests 2016-10-12 15:32:54 +01:00
Andres AG
c4424c0a69 Fix memory leak in test_suite_cmac.function 2016-10-12 15:32:53 +01:00
Janos Follath
d444358247 Fix memory leaks in CMAC tests 2016-10-12 14:31:01 +01:00
Andres AG
8abc6b86f9 Fix memory leak in test_suite_cmac.function 2016-10-12 00:40:16 +01:00
Andres AG
c47857dbf4 Add seed cmdline arg to test scripts 2016-10-12 00:36:31 +01:00
Andres AG
7770ea82d5 Add seed cmdline arg to test scripts 2016-10-12 00:32:17 +01:00
Andres AG
e0af995f12 Add test for bounds in X509 DER write funcs 2016-10-11 14:07:48 +01:00
Janos Follath
8ca53b51c5 Fix minor style issues in test framework 2016-10-11 12:25:34 +01:00
Simon Butcher
2573136fa8 Fix to test output in test suites
Fixes the test suites to consistently use mbedtls_fprintf to output to
stdout or stderr.

Also redirects output from the tests to /dev/null to avoid confusing
output if the test suite code or library outputs anything to stdout.
2016-10-11 12:25:34 +01:00
Simon Butcher
bd8d221920 Fix exit and formatting in CMAC test suite
Minor fixes following review.
2016-10-11 12:25:04 +01:00
Simon Butcher
53da6ae842 Add CMAC test suite to CMakeLists.txt 2016-10-11 12:25:04 +01:00
Simon Butcher
33183fd408 Extend test coverage of CMAC
Expands tests to include NULL tests and successive calls to
mbedtls_cipher_cmac_update() and mbedtls_cipher_cmac_reset().
2016-10-11 12:25:04 +01:00
Andres AG
a592dcc1c6 Clean up of formatting, and potential integer overflow fix 2016-10-06 15:23:39 +01:00