Commit graph

6205 commits

Author SHA1 Message Date
Joe Subbiani
54110b3b6f Reduce translate_ciphers.py test list
Having a list of every ciphersuite suggests that it should be maintained with
any new ciphersuites that are added in the future. This in turn almost defeats
the purpose of having translation functions to begin with
Instead, the unit test now only test a much smaller subset of ciphersuite names
that exercise each stage in the OpenSSL and GnuTLS translate functions.
In the future, if a new cipersuite is added that requires an extra stage in
translation, then that cipher can be added to the test suite, otherwise it
should not be necessary.

Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>
2021-09-03 13:19:57 +01:00
Joe Subbiani
b0aba9a46e Improve comments to be more accurate
Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>
2021-09-03 13:19:57 +01:00
Joe Subbiani
1d592cba5c Remove NULL-SHA256 specific to OpenSSL
Instead add TLS-RSA-WITH-NULL-SHA256 to list of common ciphersuites.
It therefore has to be removed from GnuTLS as it could then duplicate.

Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>
2021-09-03 13:19:56 +01:00
Joe Subbiani
79f5790370 Remove test_translate_format()
As test_translate_ciphers_format.sh was made as a testing ground before
utilising translate_ciphers.py in compat.sh, once it was translated to
python code - as a unit test, it became redundant.

Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>
2021-09-03 13:19:56 +01:00
Joe Subbiani
a25ffab422 Integrate tests as unit tests into one file
Rather than having the tests seperated into different files, they were integrated
into translate_ciphers.py and can be run from root using:
`python -m unittest tests/scripts/translate_ciphers.py`

test_translate_ciphers_format.sh was originally made as a testing ground before
having the translation tool being implmented into compat.sh. Translating it to
python code makes it redundant and therefore it will be removed.

Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>
2021-09-03 13:19:50 +01:00
Joe Subbiani
f2de374fc1 Remove unused import
Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>
2021-09-03 13:18:55 +01:00
Joe Subbiani
a3d991c3d0 Improve python coding style
Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>
2021-09-03 13:18:55 +01:00
Joe Subbiani
918ee797ce Improve consitancy and useability
test_translate_ciphers_names.py
- Combined m, o and g ciphers all into one a single list of tuples to
  avoid needing to rely on indexes

test_translate_ciphers_format.sh
- Removed redundant test
- Added return errors

compat.sh
- Improved how translate_ciphers.py is called

translate_ciphers.py
- Improve regex and translation to be more intutive and efficient
- change how arguments are taken and handelled to be more reliable

Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>
2021-09-03 13:18:54 +01:00
Joe Subbiani
439a696903 Improve translation error checking
If translate_ciphers.py is used incorrectly in compat.sh, an error
check function - check_translation - is called to evaluate and inform
the user of the error that has occured.

Added an output that informs the users an error has taken place in
translate_ciphers.py incase the error response is an empty string.

Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>
2021-09-03 13:18:54 +01:00
Joe Subbiani
c3610baddf Check exit status of translate_ciphers.py
If a call to translate_ciphers.py from compat.sh returns an exit 1
status, the error message will be echod and the program will exit

Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>
2021-09-03 13:18:54 +01:00
Joe Subbiani
d614c0b197 Include translate ciphers tests in all.sh
To run test_translate_ciphers_names.py and _format.sh in the CI, include
it in all.sh component_check_generate_test_code.

Rename check_generate_test_code to check_test_helpers

Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>
2021-09-03 13:18:50 +01:00
Mateusz Starzyk
3050f054f2 Subtract 1 from input in CCM's incomplete data tests
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
2021-09-03 12:59:44 +02:00
Joe Subbiani
3eac5b9c6d Use zip rather than enumerate
After improving coding style, pylint suggeted using enumerate but
zip is more appropriate to avoid indexing

Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>
2021-09-02 18:53:52 +01:00
Joe Subbiani
a56e10db4c Run test_translate_ciphers_format.sh from root
Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>
2021-09-02 18:53:52 +01:00
Joe Subbiani
f849a93d94 Improve python coding style
As per check-python-files.sh, added string documentation for
files and functions.

Modified for loops to use enumerate rather than range(len(
although as the same iteration index is used for multiple
lists it does not seem quite appropriate

Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>
2021-09-02 18:53:52 +01:00
Joe Subbiani
f3fcc29eb1 Move translate scripts to appropriate folder
"tests/scripts/*.py is executable programs used only for testing"

Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>
2021-09-02 18:53:52 +01:00
Joe Subbiani
4a703cef89 Remove commented out old code
When making a modified function I commented out the previous code
in case I needed to use some of it, and forgot to remove it. This
has now been resolved

Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>
2021-09-02 18:53:52 +01:00
Joe Subbiani
43592bd1f9 Remove trailing whitespaces
Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>
2021-09-02 18:53:52 +01:00
Joe Subbiani
a032963d65 Modify comment descriptions of add_xxx_ciphersuites()
Modify the comments to include the use of the translate function
and retire the explanation of maintaining 2 seperate lists

Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>
2021-09-02 18:53:52 +01:00
Joe Subbiani
6452f1ee35 Modify file name comments to match the file rename
Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>
2021-09-02 18:53:52 +01:00
Joe Subbiani
0fadf8ef7d Improve coding style and consistancy
- Replace uses of mbed and gnu with mbedtls and gnutls respectivley.
 - Uses sys.exit() rather than exit()
 - Rename format() as it is an inbuilt python function
 - Add error information if incorrect arguments are passsed to
   translate_ciphers.py

Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>
2021-09-02 18:53:52 +01:00
Joe Subbiani
34d62620fb Reduce calls to translate_ciphers.py in compat.sh
After every edge case to append which ciphers were being used
a call to translate_ciphers.py was being made.

Now a call to translate_ciphers are made at the end of every
function where ciphersuite names are being added. This occurs
3 times. 1 for MBedTLS, GNUTLS and OpenSSL. 1 for MBedTLS and
OpenSSL and another 1 for MBedTLS and GNUTLS.

Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>
2021-09-02 18:53:52 +01:00
Joe Subbiani
d16d273a40 Compact 2 format functions to 1
In translate_ciphers.py there were 2 format functions that were
virtually identical and a check was made beforehand to decide
which one to call. Now the check is made inside a single function
to reduce duplicate code

Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>
2021-09-02 18:53:52 +01:00
Joe Subbiani
15d7124661 Replace lists with calls to translate_ciphersuite.py
Replace the OpenSSL $O_CIPHERS and GNU $G_CIPHERS declarations
with calls to translate_ciphersuite.py

Declared a new variable for each sublist $CIPHERS which is appended
to MBedTLS $M_CIPHERS and translated+appended to the OpenSSL and GNU
lists.

Fixes #4674

Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>
2021-09-02 18:53:52 +01:00
Joe Subbiani
a16ccac1d9 Format files and add license comment
Changes to pass tests/scripts/check_files.py
-Add missing new line at end of each file
-Remove any trailing whitespaces
-Added file shebang comments

Added license info and purpose of file descriptions. The 2 test_translate...
files may not be stay later down the line, but incase they do become
permanent, it is good to add the appropriate comments now.

Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>
2021-09-02 18:53:51 +01:00
Joe Subbiani
29239b00a6 Move translate scripts to test directory
To be used by compat.sh, the files were moved to the same directory.
The files were also renamed to be distinguishable aside from their
file extensions

Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>
2021-09-02 18:53:51 +01:00
Ronald Cron
13592ca654
Merge pull request #4879 from yuhaoth/pr/upgrade-gnutls-next
Upgrade gnutls next
2021-09-02 16:38:19 +02:00
Mateusz Starzyk
df2507301b Use AES-128 for multipart CCM corner cases tests
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
2021-09-02 12:36:02 +02:00
Jerry Yu
75261df2e3 fix comment issues
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-09-02 17:56:20 +08:00
Jerry Yu
b12d81d1a3 Add feature tests for gnutls-next
Test NO_TICKETS and DISABLE_TLS13_COMPAT_MODE

Change-Id: Idf21b36bd64c7eefe4e0e6fb875b2e06ebb0aa07
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-09-02 17:31:10 +08:00
Jerry Yu
ab46aa0436 Upgrade gnutls-next to 3.7.2
v3.7.2 introduces DISABLE_TLS13_COMPAT_MODE. That can be
used to verify if TLS13 COMPATIBLE is not available.

Change-Id: Id68748e92504835b5a63b2565a618f728e7222f6
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-09-02 17:31:10 +08:00
Gilles Peskine
0bf740ee4f
Merge pull request #4765 from gilles-peskine-arm/all.sh-subshells-3.0
Run all.sh components in a subshell
2021-09-02 10:26:58 +02:00
Paul Elliott
b0450febe6 Tests for sending too much data after set lengths
We previously had tests for not sending enough (additional) data, but
were missing tests for sending too much. I have added these to the state
tests, as I don't think this is complex enough to deserve a standalone
test.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-09-01 15:09:15 +01:00
Paul Elliott
7f62842247 Add test for calling update when nonce not set
Previously only testing calling update_ad in this state.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-09-01 15:09:15 +01:00
Paul Elliott
c6d11d02f5 Aligh update buffer test variables with psa naming
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-09-01 15:09:15 +01:00
Mateusz Starzyk
7251eda6ff Replace BAD_SEQUENCE error with BAD_INPUT
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
2021-09-01 13:26:44 +02:00
Manuel Pégourié-Gonnard
5a8abb144c
Merge pull request #4883 from mstarzyk-mobica/fix_psa_sign_msg
PSA MAC computation with _HASH flag implies _MESSAGE.
2021-09-01 12:23:20 +02:00
Gilles Peskine
6ac8f94a72 Fix cipher info key length sanity checks
Most supported ciphers have a 128-bit, 192-bit or 256-bit keys. List the
exceptions explicitly.

This commit fixes a test failure with the null cipher and an incorrect
comment that omitted several key lengths.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-09-01 08:31:49 +02:00
Gilles Peskine
0be02bd823 Add accessor functions for cipher_info fields
Add functions to read the type, mode, name and key_bitlen fields from
mbedtls_cipher_info_t. These are the fields that applications are most
likely to care about.

TLS code also uses iv_size and block_size, which it might make sense to
expose, but most applications shouldn't need those, so I'm not exposing them
for now.

Call the new functions in unit tests, so they're at least smoke-tested.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-08-31 22:52:41 +02:00
Mateusz Starzyk
1ebcd55afa Extend mac_key_policy test.
Add checks for psa_mac_compute and psa_mac_verify.

Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
2021-08-30 17:11:01 +02:00
Manuel Pégourié-Gonnard
e45ee40f7e
Merge pull request #4811 from hanno-arm/tls13_ciphersuite_api
Add TLS 1.3 ciphersuite and key exchange identifiers and API
2021-08-30 09:47:46 +02:00
Paul Elliott
5e69aa5709 Remove NULL check for set nonce
Also remove tests which would pass NULL to this function.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-08-25 17:40:40 +01:00
Paul Elliott
6f0e72038d Align set nonce variables with psa convention
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-08-25 17:40:40 +01:00
Paul Elliott
f127763ec9 Align generate nonce variables with psa convention
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-08-25 17:40:40 +01:00
Jerry Yu
31c01d303e Rename available values for tls13_kex_modes
Rename `psk_pure` to `psk` and `ephemeral_pure` to `ephemeral`

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-08-25 18:13:53 +08:00
Mateusz Starzyk
cbefb6ba4d Merge branch 'development' into ccm_chunked
Conflicts:
	library/ccm.c

Conflict resolved by re-applying the MBEDTLS_BYTE_0 macro.
Conflict resolved by ignoring the MBEDTLS_PUT_UINT16_BE macro
used in development branch on the 'b' buffer, because the 'b'
buffer is removed in current branch.
2021-08-24 15:14:23 +02:00
Mateusz Starzyk
d07f4fc30f Use separate expected results for MAC sign and verify key policy.
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
2021-08-24 14:16:55 +02:00
Yuto Takano
fc1e9ffcb2 Use Abstract Base Classes to ensure Problem is not instantiated
- Problem() is a parent abstract class that should only be used for
  subclassing.
- With the help of ABC, implement abstract methods that force
  subclasses to implement quiet and verbose outputs.
- The repeated logic of "if self.quiet" is consolidated in Problem.

Signed-off-by: Yuto Takano <yuto.takano@arm.com>
2021-08-23 13:54:56 +01:00
Mateusz Starzyk
cb0a7cd142 Fix mac_key_policy test function
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
2021-08-20 11:34:49 +02:00
Yuto Takano
5f83171999 Fix listing line number wrongly using start char pos
Signed-off-by: Yuto Takano <yuto.takano@arm.com>
2021-08-18 18:03:24 +01:00
Yuto Takano
7143209604 Remove unused imports in list_internal_identifiers.py
Signed-off-by: Yuto Takano <yuto.takano@arm.com>
2021-08-17 12:44:16 +01:00
Yuto Takano
3590691bad Fix issues raised by Pylint 2.4.4 on CI
Locally they were unreported by Pylint 2.9.2.

Signed-off-by: Yuto Takano <yuto.takano@arm.com>
2021-08-17 11:05:43 +01:00
Yuto Takano
4b7d23dfa6 Separate make clean and make lib in check_names
Signed-off-by: Yuto Takano <yuto.takano@arm.com>
2021-08-17 10:48:22 +01:00
Yuto Takano
704b0f77e1 Use .span() for positions, and separate line_no argument in Match
This reverts a previous change where line_no was removed and put into
a triple tuple. It was discovered that re.Match.span() conveniently
returns (start, end), so separating line_no again makes the code cleaner.
The legibility of the code heavily outweighs the issues pointed out by
Pylint (hence disabled).

Signed-off-by: Yuto Takano <yuto.takano@arm.com>
2021-08-17 10:41:23 +01:00
Yuto Takano
b1417b4554 Use Enums for the enum-parsing state machine
Signed-off-by: Yuto Takano <yuto.takano@arm.com>
2021-08-17 10:30:20 +01:00
Yuto Takano
5473be2914 Use a class variable for quiet instead of passing it around
Signed-off-by: Yuto Takano <yuto.takano@arm.com>
2021-08-17 10:14:24 +01:00
Archana
0dc86b5a2a
Remove dependency of builtin keys on storage
The psa_open_key API depends on MBEDTLS_PSA_CRYPTO_STORAGE_C.
This is unnecessary for builtin keys and so is fixed.
Updated an open_fail test vector keeping with the same.

Signed-off-by: Archana <archana.madhavan@silabs.com>
2021-08-17 02:46:00 +05:30
Paul Elliott
66696b5591 Improve nonce length checks
Add the missing nonce length checks (this function is being used by
oneshot functions as well as multipart, and thus all cipher suites are
being used) and cover the case where a NULL buffer gets passed in.
Extended the set nonce test to cover this.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-08-16 18:44:50 +01:00
Yuto Takano
6adb287960 Move duplicated behaviour in get_files to own function
Signed-off-by: Yuto Takano <yuto.takano@arm.com>
2021-08-16 11:38:34 +01:00
Yuto Takano
90bc026913 Exclusively use re.search() to avoid confusion with .match()
Also fix newline being removed when lines were concatenated

Signed-off-by: Yuto Takano <yuto.takano@arm.com>
2021-08-16 11:34:10 +01:00
Yuto Takano
9d9c6dc46e Align the item counts in check_names for ease of reading
Signed-off-by: Yuto Takano <yuto.takano@arm.com>
2021-08-16 10:43:45 +01:00
Yuto Takano
165700c914 Remove unnecessary try/catch in list_internal_identifiers
The try/catch was used to catch Exceptions and exit with code 1,
a legacy from check_names.py which uses the pattern to exit with
code 2. But code 1 is the default for the Python runtime anyway,
so it is redundant and can be removed.

Signed-off-by: Yuto Takano <yuto.takano@arm.com>
2021-08-16 10:39:24 +01:00
Yuto Takano
8246eb8fb6 Fix English typos in comments of check_names and list-identifiers
Signed-off-by: Yuto Takano <yuto.takano@arm.com>
2021-08-16 10:37:24 +01:00
Yuto Takano
fb86ac70f5 Comment Match.__str__ and use format() to simplify calculation
Signed-off-by: Yuto Takano <yuto.takano@arm.com>
2021-08-16 10:32:40 +01:00
Manuel Pégourié-Gonnard
f11724bf2e
Merge pull request #4861 from yuhaoth/pr/add-openssl-gnutls-tls1_3-check
Add openssl/gnutls tls1.3 feature tests.
2021-08-13 09:15:22 +02:00
Manuel Pégourié-Gonnard
4512f21473
Merge pull request #3572 from mpg/add-arm-linux-build
Add arm-linux-gnueabi-gcc build
2021-08-12 13:16:02 +02:00
Hanno Becker
932064d660 Add ssl-opt.sh tests for ssl_client/server TLS 1.3 kex parameters
Those tests are so far only checking that ssl_client2/ssl_server2
recognize the arguments, nothing more.

Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-08-12 06:31:14 +01:00
Hanno Becker
ae336852c5 Add ssl-opt.sh run to TLS 1.3 test in all.sh
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-08-12 06:28:45 +01:00
Dave Rodgman
2aec149e13
Merge pull request #4248 from hanno-arm/tls13_populate_transform
Fix and test compliance of TLS 1.3 record protection
2021-08-11 16:41:51 +01:00
Jerry Yu
0402979ed3 Add openssl/gnutls tls1.3 feature tests.
Add functions and test cases to make sure
tls1.3 is available in openssl/gnutls

Change-Id: I797d15117a8de96614f392e6bb2ed16b6d71ba69
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-08-11 18:09:49 +08:00
Yuto Takano
d73cec1e09 Add newline at end of list-identifiers.sh
Signed-off-by: Yuto Takano <yuto.takano@arm.com>
2021-08-10 15:45:28 +01:00
Yuto Takano
ac72fac465 Put back list-identifiers.sh as a thin wrapper around the python script
Signed-off-by: Yuto Takano <yuto.takano@arm.com>
2021-08-10 15:09:16 +01:00
Mateusz Starzyk
e0f5227550 Add CCM test for calling finish without any input.
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
2021-08-10 14:31:57 +02:00
Mateusz Starzyk
8fb1754e1a Add short description for CCM test functions.
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
2021-08-10 14:00:14 +02:00
Mateusz Starzyk
f442de69eb Add tests for CCM corner cases.
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
2021-08-10 14:00:14 +02:00
Mateusz Starzyk
bccbf88bc3 Rename CCM test functions.
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
2021-08-10 14:00:14 +02:00
Mateusz Starzyk
ceb5bc6150 Fix typos.
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
2021-08-10 13:58:39 +02:00
Mateusz Starzyk
8788906947 Add CCM test for edge cases.
Cover:
- not calling auth data update
- not calling cipher text update
- exceeding configured auth data length
- exceeding configured cipher text length

Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
2021-08-10 13:58:39 +02:00
Mateusz Starzyk
c8bdf36a72 Validate tag pointer in ccm function.
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
2021-08-10 13:58:39 +02:00
Mateusz Starzyk
27a1bef89d Tidy up test functions.
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
2021-08-10 13:56:37 +02:00
Mateusz Starzyk
29ec75b34e Add multipart testing to CCM* tests.
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
2021-08-10 13:56:37 +02:00
Mateusz Starzyk
25a3dfe7dd Add multipart tests for ccm suite.
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
2021-08-10 13:56:37 +02:00
Manuel Pégourié-Gonnard
448c80727d
Merge pull request #4853 from yuhaoth/pr/add-tls13-config-check-and-dummy-handshake
TLS1_3:add tls13 config check and dummy handshake
2021-08-10 12:59:09 +02:00
Yuto Takano
206b022ad0 Fix off-by-one error in string formatting in Python
Signed-off-by: Yuto Takano <yuto.takano@arm.com>
2021-08-10 11:30:43 +01:00
Jerry Yu
b9930e7d70 Add dummy tls1.3 handshake dispatch functions
Base on version config, `handshack_{clinet,server}_step`
will call different step function. TLS1.3 features will
be gradully added base on it.

And a new test cases is added to make sure it reports
`feature is not available`.

Change-Id: I4f0e36cb610f5aa59f97910fb8204bfbf2825949
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-08-10 13:34:32 +08:00
Jerry Yu
b19ccc3998 fix test_suite_debug test fail
Before `mbedtls_ssl_setup`, config functions should
be called. Without it, `mbedtls_ssl_setup` will raise
invalid value error.

Change-Id: I46fdaa5e8eb83d06c620087a9e1e7e14e1c5d9b5
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-08-10 13:34:32 +08:00
Jerry Yu
c46e9b4091 tests: Add negative version config tests.
tls1.3 and tls1.2 can not be enabled at same
time before #4832 resolved.

And the test won't run into `handshake` stage, add
`skip_handshak_check` function to skip it.

Change-Id: I13f3b06b2f33b9c9beb8cac90f5fda41a4ed53f3
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-08-10 13:34:32 +08:00
Yuto Takano
7bfac1d7fe Fix incorrect reference to NameCheck in script docstring
Signed-off-by: Yuto Takano <yuto.takano@arm.com>
2021-08-09 15:49:25 +01:00
Yuto Takano
55c6c87d95 Separate code parsing and name checking in two classes
Signed-off-by: Yuto Takano <yuto.takano@arm.com>
2021-08-09 15:35:19 +01:00
Janos Follath
f8f88d6b00
Merge pull request #4746 from gilles-peskine-arm/bump-version-3.0
Fix release scripts for 3.0
2021-08-09 15:28:28 +01:00
Yuto Takano
50953433a4 Bring back logging of number of files
Signed-off-by: Yuto Takano <yuto.takano@arm.com>
2021-08-09 14:54:36 +01:00
Yuto Takano
8e9a219310 Improve ease of specifying which files to look in (check_names)
- Instead of os.path.join, use glob patterns (supports Windows too)
- Instead of creating the lists beforehand (which adds messiness), pass glob
  expessions to functions and let them memoise it.
- Add support for excluding based on glob patterns, which isn't used now but
  could come in handy.

Signed-off-by: Yuto Takano <yuto.takano@arm.com>
2021-08-09 14:48:53 +01:00
Yuto Takano
f005c3369a Change variable name argparser to parser
Signed-off-by: Yuto Takano <yuto.takano@arm.com>
2021-08-09 13:56:36 +01:00
Yuto Takano
d70d446d69 Improve code style consistency in check_names.py
Signed-off-by: Yuto Takano <yuto.takano@arm.com>
2021-08-09 12:45:51 +01:00
Yuto Takano
68d241211b Create list_internal_identifiers.py
This is the equivalent of `list-identifiers.sh --internal`, which is
useful for generating an exclusion file for ABI/API checking.

Signed-off-by: Yuto Takano <yuto.takano@arm.com>
2021-08-09 12:10:31 +01:00
Yuto Takano
977e07f5c8 Use glob in get_files(), call setup_logger on init
glob is more flexible and simplifies the function arguments drastically.
It is also much more intuitive to extend in the future when the filepaths
need to be extended or changed.

setup_logger had to be called as the first thing after instantiation, so
this commit simplify makes it automatic.

Several clarification comments are added too.

Signed-off-by: Yuto Takano <yuto.takano@arm.com>
2021-08-09 11:56:15 +01:00
Yuto Takano
51efcb143d Rename check-names.py to check_names.py
This is necessary to import check_names from other scripts, which
will inevitably happen in the next few commits to implement the equivalent
of `list-identifiers.sh --internal`.

Signed-off-by: Yuto Takano <yuto.takano@arm.com>
2021-08-09 11:54:12 +01:00
Yuto Takano
6fececf192 Comment why is used
Signed-off-by: Yuto Takano <yuto.takano@arm.com>
2021-08-07 17:28:23 +01:00
Yuto Takano
fc54dfb0d6 Move check_repo_path into NameCheck as staticmethod
Signed-off-by: Yuto Takano <yuto.takano@arm.com>
2021-08-07 17:18:28 +01:00
Yuto Takano
55614b51f1 Use --quiet to hide explanations and show only minimal necessary info
Signed-off-by: Yuto Takano <yuto.takano@arm.com>
2021-08-07 01:00:18 +01:00
Yuto Takano
b47b504418 Improve comments in parse_mbed_words()
Signed-off-by: Yuto Takano <yuto.takano@arm.com>
2021-08-07 00:42:54 +01:00
Yuto Takano
12a7ecda5a Fix further pylint issues picked up by Travis CI
Signed-off-by: Yuto Takano <yuto.takano@arm.com>
2021-08-07 00:40:29 +01:00
Yuto Takano
a083d15edd Specify file open encoding as utf-8 in check-names
Signed-off-by: Yuto Takano <yuto.takano@arm.com>
2021-08-07 00:25:59 +01:00
Yuto Takano
381fda8550 Print line number next to problem in check-names
Signed-off-by: Yuto Takano <yuto.takano@arm.com>
2021-08-06 23:37:20 +01:00
Yuto Takano
bcc3d99cc1 Fix compatibiliy with Python 3.5 on the CI
Signed-off-by: Yuto Takano <yuto.takano@arm.com>
2021-08-06 23:14:58 +01:00
Yuto Takano
d93fa37aa6 Address all pylint issues to follow style
Signed-off-by: Yuto Takano <yuto.takano@arm.com>
2021-08-06 23:05:55 +01:00
Yuto Takano
9e0e0e9980 Fix Pylint-detected function argument syntax error
Signed-off-by: Yuto Takano <yuto.takano@arm.com>
2021-08-06 22:01:37 +01:00
Yuto Takano
25eeb7b935 Output subprocess stdout if it errored
Signed-off-by: Yuto Takano <yuto.takano@arm.com>
2021-08-06 21:27:59 +01:00
Yuto Takano
cfc9e4a275 Change identifier regex to better support multiline declarations
Signed-off-by: Yuto Takano <yuto.takano@arm.com>
2021-08-06 21:07:39 +01:00
Yuto Takano
8f457cf222 Use enumerate() to get line numbers
Signed-off-by: Yuto Takano <yuto.takano@arm.com>
2021-08-06 21:07:39 +01:00
Yuto Takano
a4e751257a Output line number, line, and position of error
Signed-off-by: Yuto Takano <yuto.takano@arm.com>
2021-08-06 21:07:39 +01:00
Yuto Takano
159255ab7b Document dependency on nm
Signed-off-by: Yuto Takano <yuto.takano@arm.com>
2021-08-06 21:07:39 +01:00
Yuto Takano
13ecd996fc Improve regex to adapt to flexible spaces
Signed-off-by: Yuto Takano <yuto.takano@arm.com>
2021-08-06 21:07:39 +01:00
Yuto Takano
5c1acf2735 Match macros with spaces between # and define
Signed-off-by: Yuto Takano <yuto.takano@arm.com>
2021-08-06 21:07:39 +01:00
Yuto Takano
d24e037dd1 Warn user if files are excluded from search
Signed-off-by: Yuto Takano <yuto.takano@arm.com>
2021-08-06 21:07:39 +01:00
Yuto Takano
5939a2a4de Check environment by verifying other dirs' existence
Signed-off-by: Yuto Takano <yuto.takano@arm.com>
2021-08-06 21:07:39 +01:00
Yuto Takano
201f9e85ca Make use of -v to log some debug information
Signed-off-by: Yuto Takano <yuto.takano@arm.com>
2021-08-06 21:07:39 +01:00
Yuto Takano
81528c058a Add documentation, fix identifier parsing
- Add documentation to all classes and functions that were
  not self-explanatory.
- Fix the parsing of identifiers, so it now behaves identically
  to the original shell script. Detects the same amount of identifiers.
- Fix macro parsing so MBEDTLS_PSA_ACCEL didn't error out
- Reformat output to be comprehensible

Signed-off-by: Yuto Takano <yuto.takano@arm.com>
2021-08-06 21:07:39 +01:00
Yuto Takano
6f38ab3bca Fix legacy troublesome regex
Signed-off-by: Yuto Takano <yuto.takano@arm.com>
2021-08-06 21:07:39 +01:00
Yuto Takano
fe02684049 Python port of f6643ccd90
Signed-off-by: Yuto Takano <yuto.takano@arm.com>
2021-08-06 21:07:39 +01:00
Yuto Takano
0fd48f7939 Python port of 7cc4c68eb6
Signed-off-by: Yuto Takano <yuto.takano@arm.com>
2021-08-06 21:07:39 +01:00
Yuto Takano
17220988dc Parse identifiers from library headers: Python port of d9eee3b417
Signed-off-by: Yuto Takano <yuto.takano@arm.com>
2021-08-06 21:07:39 +01:00
Yuto Takano
56e3a5caa6 Add test driver symbols: Python port of 7f13fa2454
Signed-off-by: Yuto Takano <yuto.takano@arm.com>
2021-08-06 21:07:39 +01:00
Yuto Takano
e77f699ed5 Exclude FStar and Hacl: Python port of 9b33e7d7d7
Signed-off-by: Yuto Takano <yuto.takano@arm.com>
2021-08-06 21:07:39 +01:00
Yuto Takano
062289c657 Invoke config.py instead of pl: Python port of 5d46f6a89b
Signed-off-by: Yuto Takano <yuto.takano@arm.com>
2021-08-06 21:07:39 +01:00
Yuto Takano
c62b4084a2 Per-line opt-out of typo check: Python port of b683776181
Signed-off-by: Yuto Takano <yuto.takano@arm.com>
2021-08-06 21:07:39 +01:00
Yuto Takano
e503d61b99 Remove 1.3 to 2.0 helpers: Python port of 7d48b28218
Signed-off-by: Yuto Takano <yuto.takano@arm.com>
2021-08-06 21:07:39 +01:00
Yuto Takano
157444c24d Add library header files: Python port of 65a6fa3e26
Signed-off-by: Yuto Takano <yuto.takano@arm.com>
2021-08-06 21:07:39 +01:00
Yuto Takano
c763cc368f Check for double underscores: Python port of 712f7a804e
Signed-off-by: Yuto Takano <yuto.takano@arm.com>
2021-08-06 21:07:39 +01:00
Yuto Takano
fa950ae344 Look in 3rdparty: Python port of 8a0f5bb3c1
Signed-off-by: Yuto Takano <yuto.takano@arm.com>
2021-08-06 21:07:39 +01:00
Yuto Takano
bb7dca495f Work with PSA constants: Python port of 03091d1114
Signed-off-by: Yuto Takano <yuto.takano@arm.com>
2021-08-06 21:07:39 +01:00
Yuto Takano
ed91cf003a Remove Yotta: Python port of 3ad2efdc82
Signed-off-by: Yuto Takano <yuto.takano@arm.com>
2021-08-06 21:07:39 +01:00
Yuto Takano
c1838937f1 Also check PSA: Python port of 2d9d6db60f
Signed-off-by: Yuto Takano <yuto.takano@arm.com>
2021-08-06 21:07:39 +01:00
Yuto Takano
3963967ebc Restructure check-names.py with more verbose error messages
Signed-off-by: Yuto Takano <yuto.takano@arm.com>
2021-08-06 21:07:39 +01:00
Yuto Takano
b61f0e1151 Merge upstream 3.0 from 'development' in ARMmbed/mbedtls
Signed-off-by: Yuto Takano <yuto.takano@arm.com>
2021-08-06 21:07:34 +01:00
Darryl Green
6c79b5dce7 Keep compatibility with python versions prior to 3.5
Signed-off-by: Yuto Takano <yuto.takano@arm.com>
2021-08-06 21:04:36 +01:00
Darryl Green
a783d9c5ef Remove check-names.sh and sub-scripts it used
Signed-off-by: Yuto Takano <yuto.takano@arm.com>
2021-08-06 21:04:34 +01:00
Darryl Green
4e9b51bc18 Update scripts to use check-names.py
Signed-off-by: Yuto Takano <yuto.takano@arm.com>
2021-08-06 21:04:32 +01:00
Darryl Green
d5802926d9 Rewrite check-names.sh in python
Signed-off-by: Yuto Takano <yuto.takano@arm.com>
2021-08-06 21:04:26 +01:00
Gilles Peskine
80ddb991c2 Add --restore option to clean up but not necessarily run components
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-08-06 11:51:59 +02:00
Gilles Peskine
03af678911 Documentation improvements
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-08-06 11:35:17 +02:00
Gilles Peskine
86f6129067 Documentation improvement
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-08-05 15:11:33 +02:00
Gilles Peskine
7530163f3b Make --quiet more effective when running make generated_files
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-08-05 15:10:47 +02:00
Gilles Peskine
78f6f05778
Merge pull request #4695 from yutotakano/fix-ssl-opt.sh-hard-abort
ssl-opt.sh: Skip tests instead of conditional hard abort
2021-08-04 10:16:19 +02:00
Gilles Peskine
bf66e2cc8f Documentation improvements
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-08-03 13:44:28 +02:00
Gilles Peskine
1d475b6398 Disable wildcards when checking for unsupported components
Otherwise $COMMAND_LINE_COMPONENTS would try to expand wildcard patterns
based on files in the current directory.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-08-03 13:43:36 +02:00
Manuel Pégourié-Gonnard
ae505eeeed Fix missing dependency on Travis
Was getting errors like:

In file included from /usr/include/limits.h:25:0,
                 from /usr/lib/gcc-cross/arm-linux-gnueabi/5/include-fixed/limits.h:168,
                 from /usr/lib/gcc-cross/arm-linux-gnueabi/5/include-fixed/syslimits.h:7,
                 from /usr/lib/gcc-cross/arm-linux-gnueabi/5/include-fixed/limits.h:34,
                 from ../include/mbedtls/check_config.h:30,
                 from ../include/mbedtls/build_info.h:81,
                 from common.h:26,
                 from asn1write.c:20:
/usr/include/features.h:367:25: fatal error: sys/cdefs.h: No such file or directory

There are two packages to choose from: armhf or armel. Since the comment
in all.sh says we're trying to be close to Debian's "armel"
architecture, choose that, and fix a comment that was mentioning
gnueabihf for no apparent reason.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2021-08-03 11:19:59 +02:00
Manuel Pégourié-Gonnard
3a6c76937a Add arm-linux-gnueabi-gcc build to all.sh
Currently it can't be mandatory, since we can't install the required toolchain
on Jenkins right away.

Also, while at it, remove `SHELL='sh -x'` from the other arm5vte component; it
was a leftover from debugging.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2021-08-03 11:19:59 +02:00
Gilles Peskine
c111e24292 Improve the detection of keep-going commands
Have simpler patterns related to 'test' (the central objective being to keep
going if 'make test' or 'tests/...' fails, but not if 'make tests' fails).

Add 'cd' as a can't-keep-going command.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-08-02 23:29:53 +02:00
Gilles Peskine
88a7c2b32e Improve --error-test reporting
Count invocations from 1 to n instead of n to 1.

Explain how changing the loop variable would cause an error if the function
was not executed in a subshell.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-08-02 23:28:00 +02:00
Gilles Peskine
ec135544c8 Clarify some comments
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-08-02 23:27:42 +02:00
Gilles Peskine
8bb9b80d18
Merge pull request #4806 from hanno-arm/ssl_session_serialization_version
Store TLS version in SSL session structure
2021-08-02 12:45:55 +02:00
Hanno Becker
d7e4b2ce42 Remove duplicated test from SSL test suite
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-08-02 04:54:03 +01:00
Hanno Becker
6c53ecc01d all.sh: Run basic TLS 1.3 with and without record padding
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-08-02 04:54:03 +01:00
Hanno Becker
1f91878281 Specify padding granularity in TLS 1.3 record protection KATs
Still check that encryption and decryption are inverse to each other
if the granularity does not match the one used in the KAT.

Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-08-02 04:54:03 +01:00
Hanno Becker
41537452f4 Add comment regarding the wire-version used in TLS 1.3 records
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-08-02 04:54:03 +01:00
Hanno Becker
80e760e006 Fix memory leak in TLS 1.3 record protection unit test
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-08-02 04:54:02 +01:00
Hanno Becker
a77d005d39 Add known answer tests for TLS 1.3 record protection
This commit adds four known answer tests for TLS 1.3 record protection
from the following sources:

- RFC 8448 "Example Handshake Traces for TLS 1.3"
- tls13.ulfheim.net "The New Illustrated TLS Connection"

It extends the test coverage of the existing record protection tests
in the following ways:

- The existing record protection tests hand-craft record transform
  structures; the new tests use the function

     mbedtls_ssl_tls13_populate_transform()

  from library source to create an TLS 1.3 transform from raw
  key material and connection information.
- The existing record protection tests only check that encryption
  and decryption are inverse to each other; as such, they don't
  catch non-compliant implementations of encryption and decryption
  which happen to be inverse to each other. By adding a known answer
  test for TLS 1.3 record protection, can gain confidence that our
  implementation is indeed standards-compliant.

Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-08-02 04:53:58 +01:00
Gilles Peskine
69813477b0
Merge pull request #4758 from paul-elliott-arm/fix_cipher_output_size
Fix divide by zero if macro used with wrong key type
2021-07-30 18:56:18 +02:00
Manuel Pégourié-Gonnard
8da9dc05e8
Merge pull request #4748 from TRodziewicz/re-introduce_ext_checks_for_psa_unlock-wipe_key_slot
Re-introduction of key slot checks
2021-07-29 13:45:57 +02:00
Manuel Pégourié-Gonnard
1a515d1bc2
Merge pull request #4777 from gilles-peskine-arm/save-coverage-summary-3.0
Save the basic-build-test.sh test report summary to coverage-summary.txt
2021-07-29 10:52:35 +02:00
Manuel Pégourié-Gonnard
06672ef771
Merge pull request #4776 from gilles-peskine-arm/generate_psa_tests-robutness-202107
Fix bugs around generate_psa_tests.py invocation from tests/Makefile
2021-07-29 09:58:19 +02:00
Manuel Pégourié-Gonnard
b637150dfe
Merge pull request #4730 from TRodziewicz/finish_removing_tls_1.0_and_1.1
Remove all TLS 1.0 and 1.1 instances and add some compatibility tests
2021-07-27 09:42:53 +02:00
Paul Elliott
91b021e4c7 Add finish buffer size test
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-07-23 18:53:54 +01:00
Paul Elliott
43fbda648d Add test for update buffer size
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-07-23 18:53:53 +01:00
Paul Elliott
693bf312d9 Fix _arg argument not being cast to correct type
Also change to TEST_EQUAL, as this is now possible.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-07-23 18:53:53 +01:00
Paul Elliott
56e4aa6ae2 Restore accidentally deleted blank lines
Script to generate test data was missing a '\n'

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-07-23 18:53:53 +01:00
Paul Elliott
863864a2f7 Add multipart set nonce test
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-07-23 18:53:53 +01:00
Paul Elliott
0a6a5694d9 Add missing include to PSA test driver
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-07-23 15:30:01 +01:00
Hanno Becker
fadbdbb576 Store TLS version in SSL session structure
Instances of `mbedtls_ssl_session` represent data enabling session resumption.

With the introduction of TLS 1.3, the format of this data changes. We therefore
need TLS-version field as part of `mbedtlsl_ssl_session` which allows distinguish
1.2 and 1.3 sessions.

This commit introduces such a TLS-version field to mbedtls_ssl_session.

The change has a few ramifications:

- Session serialization/deserialization routines need to be adjusted.

  This is achieved by adding the TLS-version after the header of
  Mbed TLS version+config, and by having the subsequent structure
  of the serialized data depend on the value of this field.

  The details are described in terms of the RFC 8446 presentation language.

  The 1.2 session (de)serialization are moved into static helper functions,
  while the top-level session (de)serialization only parses the Mbed TLS
  version+config header and the TLS-version field, and dispatches according
  to the found version.

  This way, it will be easy to add support for TLS 1.3 sessions in the future.

- Tests for session serialization need to be adjusted

- Once we add support for TLS 1.3, with runtime negotiation of 1.2 vs. 1.3,
  we will need to have some logic comparing the TLS version of the proposed session
  to the negotiated TLS version. For now, however, we only support TLS 1.2,
  and no such logic is needed. Instead, we just store the TLS version in the
  session structure at the same point when we populate mbedtls_ssl_context.minor_ver.

The change introduces some overlap between `mbedtls_ssl_session.minor_ver` and
`mbedtls_ssl_context.minor_ver`, which should be studied and potentially resolved.
However, with both fields being private and explicitly marked so, this can happen
in a later change.

Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-07-23 06:25:48 +01:00
Paul Elliott
41ffae17b1 Fix incorrect function documentation
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-07-22 21:53:12 +01:00
Paul Elliott
26f4aef3a7 Remove aead_verify call from test driver
Function was removed, but missed this reference.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-07-22 21:53:12 +01:00
Paul Elliott
ebf91638b5 Move set nonce / set length tests to positive test
Previous test in state test was not actually making sure that the
operatioon could be completed using set lengths / set nonce in either
order, thus changed the 'normal' encrypt / decrypt tests to run in
alternating order.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-07-22 18:52:20 +01:00
Paul Elliott
329d5381a5 Add 0 length part tests
Add tests to do zero length part, n length part until done, to exercise
the zero length edge case.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-07-22 18:52:20 +01:00
Paul Elliott
243080ca7d Clarify comments on state test.
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-07-22 18:52:20 +01:00
Paul Elliott
97fd1bad83 Convert over to using a single internal test func
Make all encrypt/decrypt tests use the same function. Cleanup arguments
that were poorly named and document internal function. Removed one test
as I didn't want to write another test purely for it, when its already
tested in one shot.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-07-22 18:52:20 +01:00
Gilles Peskine
d8d19327d5 Fix mixup about the directory containing the success indicator file
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-07-22 12:30:14 +02:00
Ronald Cron
dfce58f32d
Merge pull request #4753 from JoeSubbiani/TestBlockSizes_dev
Test block sizes are powers of 2
2021-07-22 11:19:18 +02:00
Gilles Peskine
6ee3b7ed1f More robust failure detection for the coverage report generation
The previous implementation was hard to understand and could in principle
fail to notice if there was a test case failure and the writing of the
line "Note: $TOTAL_FAIL failures." failed. KISS.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-07-22 11:08:30 +02:00
Gilles Peskine
b969570650 Explain the final error checking
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-07-22 10:56:39 +02:00
Paul Elliott
e0fcb3b99e Add 'too big' tests for nonce generation
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-07-21 18:51:23 +01:00
Paul Elliott
d85f547b65 Add expected size to nonce generation test
Also add unneeded copy-paste in the test descriptions.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-07-21 18:51:23 +01:00
Paul Elliott
374a2be588 Add missing state test coverage
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-07-21 18:51:23 +01:00
Paul Elliott
481be341ef Make state tests more readable
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-07-21 18:51:23 +01:00
TRodziewicz
3daaea858b Changing the places of the mbedtls_test_hook_test_fail callback declaration
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
2021-07-20 13:36:16 +02:00
TRodziewicz
12c77410eb Removing unneded extern declaration of a callback and including common.h where the cb is needed
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
2021-07-15 16:12:54 +02:00
Joe Subbiani
5ccdc556b1 Remove trailing whitespace
Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>
2021-07-15 09:03:51 +01:00
Joe Subbiani
113d80c219 Simplify the test and description
Previously the check was convoluted. This has been simplified
and given a more appropriate suggestion as per gilles suggestion

Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>
2021-07-14 15:16:09 +01:00
Paul Elliott
a417f56d28 Add non regression test for cipher output size
Call the output size macros specifically with asymmetric keys, which
would cause a crash (and thus test fail) should this fix get regressed.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-07-14 12:39:54 +01:00
Gilles Peskine
fc70b5252b Save the coverage report to a file
Save the "Test Report Summary" to a file. This can help both CI scripts and
human readers who want the summary after the fact without having to copy the
console output.

Take care to exit with a nonzero status if there is a failure while
generating the test report summary.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-07-13 23:27:01 +02:00
Gilles Peskine
bbced87390 Show the udp_proxy seed in the console log
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-07-13 23:26:00 +02:00
Gilles Peskine
a3d2264b88 Only run an unbridled parallel make (make -j) if MAKEFLAGS is unset
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-07-13 23:23:23 +02:00
Gilles Peskine
6ee3bc09ed Fix typo in test dependencies
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-07-13 20:34:55 +02:00
Gilles Peskine
e9ad95a63c Error out if enumerating the generated data files fails
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-07-13 18:36:05 +02:00
Gilles Peskine
8b427c851e Use python3 when building on non-Windows for Windows
The makefiles look for python3 on Unix-like systems where python is often
Python 2. This uses sh code so it doesn't work on Windows. On Windows, the
makefiles just assume that python is Python 3.

The code was incorrectly deciding not to try python3 based on WINDOWS_BUILD,
which indicates that the build is *for* Windows. Switch to checking WINDOWS,
which indicates that the build is *on* Windows.

Fix #4774

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-07-13 18:26:08 +02:00
Gilles Peskine
5df77c63fb Fix race condition when running generate_psa_tests.py
Fix a race condition in parallel builds: when generating *.data files with
generate_psa_tests.py, make instantiated the recipe once per output file,
potentially resulting in multiple instances of generate_psa_tests.py running
in parallel. This not only was inefficient, but occasionally caused the
output to be corrupted (https://github.com/ARMmbed/mbedtls/issues/4773). Fix
this by ensuring the recipe only runs once.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-07-13 18:02:27 +02:00
Gilles Peskine
bf4d0ce88d Remove obsolete MBEDTLS_xxx dependencies
This file had temporary MBEDTLS_xxx dependencies because it was created when
support for PSA_WANT_xxx was still incomplete. Switch to the PSA_WANT_xxx
dependencies

This fixes the bug that "PSA storage read: AES-GCM+CTR" was never executed
because there was a typo in a dependency.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-07-13 17:12:53 +02:00
TRodziewicz
829fe7038d Correction to callback declaration and usage
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
2021-07-13 12:23:12 +02:00
Gilles Peskine
568f53a9d8 Don't unconditionally restore **/Makefile
all.sh restores **/Makefile from git in case the version in the worktree was
from doing a cmake in-tree build. Instead of doing this unconditionally, do
it only if the toplevel Makefile seems to have been automatically
generated (by cmake or otherwise, e.g. by mbedtls-prepare-build). This way
all.sh no longer silently wipes changes made to Makefile but not committed yet.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-07-12 18:19:39 +02:00
Gilles Peskine
f83eb82a4d Don't restore *config.h before backing it up
Back up the config files at the beginning of all.sh, rather than before each
component. In particular, create the backup before running cleanup for the
first time. This fixes #3139 (all.sh using a config.h.bak from a previous
job), and makes all.sh more robust against accidentally using a modified
config.h midway through because a component messed with the backup.

Use a different extension (*.all.bak rather than *.bak) for the backups.
This is necessary to ensure that auxiliary scripts such as depends*.pl that
make their own backup don't remove all.sh's backup, which the code from this
commit does not support.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-07-12 18:19:31 +02:00
Gilles Peskine
03ab544832 Generate cpp_cummy_build.cpp dynamically
Generate programs/test/cpp_dummy_build.cpp dynamically instead of
maintaining it manually. This removes the need to update it when the list of
headers changes.

Include all the headers unconditionally except for the ones that cannot be
included directly.

Support this dynamic generation both with make and with cmake.

Adapt all.sh accordingly. Remove the redundant C build from
component_build_default_make_gcc_and_cxx (it was also done in
component_test_default_out_of_box), leaving a component_test_make_cxx. Also
run the C++ program, because why not. Do this in the full configuration
which may catch a bit more problems in headers.

Fixes #2570 for good.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-07-12 18:19:31 +02:00
Gilles Peskine
7238503642 Heed --quiet when running make generated_files
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-07-12 18:19:31 +02:00
Gilles Peskine
88a07457c7 Remove barely-used redirect functions
redirect_out was no longer used and redirect_err was only used to
quiet dd. Change the dd invocation to only print diagnostics on
error (on platforms where this is possible).

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-07-12 18:19:31 +02:00
Gilles Peskine
aca0b32132 Keep going after a shell "[" a.k.a. "test" fails
This is necessary to actually keep going and finish the
component-specific cleanup in component_test_cmake_out_of_source if
ssl-opt.err is non-empty.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-07-12 18:19:31 +02:00
Archana
c590611e97
Add requested montgomery curve tests
* Add tests to validate MSB not ok for Curve25519 and
  Curve448.
* Add a test to generate key for for Curve448.

Signed-off-by: Archana <archana.madhavan@silabs.com>
2021-07-12 20:47:11 +05:30
Archana
8584f5b68b
test: psa: Improve description of curve 448 tests
Improve the description of some curve 448 tests

Signed-off-by: Archana <archana.madhavan@silabs.com>
2021-07-12 20:11:08 +05:30
Archana
ef6aa5c46d Support Curve448 via the PSA API
Enable Curve448 support
Add test vectors to evaluate
* RFC 7748
* a known-answer public key export test.
* a known-answer ECDH (X448) test.

Signed-off-by: Archana <archana.madhavan@silabs.com>
2021-07-12 08:07:14 +05:30
Archana
1d2e2bb8cc Add missing Curve448 support for PSA keys
mbedtls_ecp_read_key and mbedtls_ecp_write_key are updated to include
support for Curve448 as prescribed by RFC 7748 §5.

Test suites have been updated to validate curve448 under Montgomery
curves.

Signed-off-by: Archana <archana.madhavan@silabs.com>
2021-07-12 08:02:54 +05:30
TRodziewicz
c3366a4185 Added mis-removed test and removed unneeded tests
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
2021-07-09 16:57:20 +02:00
TRodziewicz
299510e889 Correction to comments and changelog removed
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
2021-07-09 16:55:11 +02:00
TRodziewicz
7871c2e736 Adding new macro for tests failing
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
2021-07-09 14:27:04 +02:00
Joe Subbiani
da36c9f2ce Improve Code Style
add space between bracket and a newline that had occured
through changes but do not match the original file style

Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>
2021-07-09 12:03:06 +01:00
Yuto Takano
3fa1673cf6 Fix grammar suggesting an upper bound on MAX_CONTENT_LEN
Co-authored-by: Gilles Peskine <gilles.peskine@arm.com>
Signed-off-by: Yuto Takano <yuto.takano@arm.com>
2021-07-09 11:23:40 +01:00
Gilles Peskine
c2e22ee271 Remove code that is useless now that components run in a subshell
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-07-08 18:49:19 +02:00
Gilles Peskine
b80f0d20ea Complain if an unsupported component is explicitly requested
In all.sh, when an explicit list of components is specified, error out
if one of the components is not known or not supported. Patterns that
happen to match zero components are still effectively ignored.

Fix #2783

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-07-08 18:49:11 +02:00
Gilles Peskine
a681c59d34 Better not function
In the `not` function, in keep-going mode, arrange to report the
failing command (rather than `"$@"`).

Note that the `!` keyword should not be used, because failures with
`!` are not reported properly.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-07-08 18:48:26 +02:00
Gilles Peskine
fec30cbe8c Fix double reporting when the last command of a function fails
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-07-08 18:44:46 +02:00
Gilles Peskine
1f0cdaf3af Stop dispatching through obsolete functions
Remove the obsolete functions record_status and if_build_succeeded.
They didn't affect error detection, but they made error reporting
worse since $BASH_COMMAND would be the unexpanded "$@".

Keep the function definitions for the sake of pull requests using them
that may still be in flight.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-07-08 18:44:36 +02:00
Gilles Peskine
f7e956c85c component_test_cmake_out_of_source: simplify and fix error handling
Remove ssl-opt.err even if it's empty.

Call cat unconditionally: it'll have no visible effect if the file is
empty.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-07-08 18:07:44 +02:00
Gilles Peskine
3664780f98 Detect errors on the left-hand side of a pipeline
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-07-08 18:07:36 +02:00
Gilles Peskine
ce266c48bb Run each component in a subshell and handle errors more robustly
This commit completely rewrites keep-going mode. Instead of relying
solely on "set -e", which has some subtle limitations (such as being
off anywhere inside a conditional), use an ERR trap to record errors.

Run each component in a subshell. This way a component can set
environment variables, change the current directory, etc., without
affecting other components.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-07-08 18:07:20 +02:00
Gilles Peskine
5d99682a8c Add --error-test option to test error detection and reporting
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-07-08 17:35:19 +02:00
Gilles Peskine
62cf2e8e9f Switch all.sh to bash
This will let us use bash features that are not found in some other sh
implementations, such as DEBUG and ERR traps, "set -o pipefail", etc.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-07-08 17:35:19 +02:00
Yuto Takano
9c09d5513e Raise max_content_len constraint by one in Connection ID tests
Signed-off-by: Yuto Takano <yuto.takano@arm.com>
2021-07-08 16:03:44 +01:00
Yuto Takano
bc87b1ddf3 Add content length constraint to tests that use max_frag_len
Includes:
- handshake memory tests
- Connection ID (MFL) tests
- DTLS fragmenting tests

Signed-off-by: Yuto Takano <yuto.takano@arm.com>
2021-07-08 15:56:33 +01:00
Joe Subbiani
93213f6649 Remove test cases and update power 2 check
The power 2 check now uses a looping bit shift to try match
with the block sizes and will escape the loop when appropriate

The test cases, as pointed out by Gilles, could be harmful in
the future and testing a test case is not generally necessary

Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>
2021-07-08 15:32:52 +01:00
Gilles Peskine
45f2a40fa4 Speed up the generation of storage format test cases
Restore the optimization done in
 HEAD^{/Speed up the generation of storage format test cases}
which was lost during refactoring made when adding support for
implicit usage flags.

There are still more than one call to the C compiler, but the extra
calls are only for some key usage test cases.

This is an internal refactoring. This commit does not change the
output of generate_psa_tests.py

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-07-07 12:47:47 +02:00
Dave Rodgman
45419c1ee5 Revert "Add auto-generated files"
This reverts commit 3e84187132.
2021-07-06 20:44:59 +01:00
Dave Rodgman
8a3b232f57 Revert "Add additional generated files"
This reverts commit 2a9c783625.
2021-07-06 20:44:54 +01:00
Joe Subbiani
fc46318792 Change test suite duplicate descriptions
tests/scripts/check_test_cases.py located duplicate descriptions
for the negative tests checking that the check fails when a block
size is not a power of 2

Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>
2021-07-06 14:44:20 +01:00
Joe Subbiani
f37bbe53a0 Extend psa_crypto_metadata tests to check for powers of 2
Add a check to ensure the block_size is or is not a power of 2

Add a new parameter to verify the expected pass/fail when a block_size
is or is not a power of 2.

Add new sets of input data to verify these tests

Fixes #4228

Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>
2021-07-06 10:42:54 +01:00
TRodziewicz
d9be65277d Corrections to the new functions names and error message wording
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
2021-07-05 15:16:00 +02:00
TRodziewicz
053b99b90b Re-introduction of key slot chekcs
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
2021-07-05 12:06:03 +02:00
Yuto Takano
6f6574381e Move repetitive equality check to requires_config_value_equals
Signed-off-by: Yuto Takano <yuto.takano@arm.com>
2021-07-02 15:37:19 +01:00
Yuto Takano
0248582033 Reword and add explanatory comments for MAX_IM_CA tests
- Reword the comment on config.h to suggest that
  `MAX_INTERMEDIATE_CA` may not exist in the config.
- Add a comment explaining why the tests are more restrictive
  than necessary.

Signed-off-by: Yuto Takano <yuto.takano@arm.com>
2021-07-02 15:37:19 +01:00
Yuto Takano
b0a1c5b021 Use requires_max_content_len, add check in Renegotiation
- Abstract out repetitive checks for IN and OUT content lens
- Remove unclear comment and redundant echo
- Add content length constraints in Renegotiation with fragment length test

Signed-off-by: Yuto Takano <yuto.takano@arm.com>
2021-07-02 15:37:19 +01:00
Yuto Takano
2be6f1ac5b Add space between command substitution braces and content
Signed-off-by: Yuto Takano <yuto.takano@arm.com>
2021-07-02 15:37:19 +01:00
Yuto Takano
73e7dcbdfc Add MAX_IM_CA requirement to int_max+1 chain as well
Signed-off-by: Yuto Takano <yuto.takano@arm.com>
2021-07-02 15:37:19 +01:00
Yuto Takano
e43556b6bf Remove hard exit with MAX_INTERMEDIATE_CA in ssl-opt.sh
- Replace last remaining dependency on config.py with query_config
- Replace hard exit with `requires_config_value_at_least` and
  `requires_config_value_at_most` to maintain the same effect

Signed-off-by: Yuto Takano <yuto.takano@arm.com>
2021-07-02 15:37:19 +01:00
Yuto Takano
0509fea3b2 Remove hard exit in ssh-opt.sh, replace with requires functions
- Replace calls to config.py for MAX_IN_LEN and MAX_OUT_LEN with
  `get_config_value_or_default`
- Remove hard exit when MAX_IN/OUT_LEN < 4096, replace with
  `requires_config_value_at_least`

Signed-off-by: Yuto Takano <yuto.takano@arm.com>
2021-07-02 15:37:19 +01:00
Gilles Peskine
1fe01acfc3 Add option to list the generated files and exit
This is useful during the release process, when we want to commit the
generated files.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-07-01 11:13:29 +02:00
Dave Rodgman
2a9c783625 Add additional generated files
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2021-07-01 09:57:20 +01:00
Dave Rodgman
3e84187132 Add auto-generated files
Add files generated by running make generated_files

Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2021-07-01 09:45:38 +01:00
Dave Rodgman
7601657418 Bump library version numbers
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2021-06-30 23:09:51 +01:00
Dave Rodgman
34d8cd2892 Merge remote-tracking branch 'restricted/development-restricted' into mbedtls-3.0.0rc0-pr 2021-06-30 22:51:02 +01:00
Dave Rodgman
9f5774f56d
Merge pull request #4739 from gabor-mezei-arm/3258_fp30_implement_one-shot_MAC_and_cipher
Implement one-shot cipher
2021-06-30 17:04:23 +01:00
Dave Rodgman
0a7ff4a4e2
Merge pull request #4741 from gabor-mezei-arm/3267_fp30_sign_verify_key_policies
Key policy extension for PSA_KEY_USAGE_SIGN/VERIFY_HASH
2021-06-30 14:50:57 +01:00
Dave Rodgman
dc1a3b2d70
Merge pull request #4724 from hanno-arm/ssl_hs_parse_error_3_0
Cleanup SSL error code space
2021-06-30 09:02:55 +01:00
Dave Rodgman
c42409820b Change exceptional case for running negative tests
Update maybe_requires_ciphersuite_enabled so that it will not skip the
ciphersuite requirement when running a test case where the test expects
a ciphersuite mismatch

Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2021-06-29 19:53:16 +01:00
gabor-mezei-arm
2c9e54a063
Fix pylint issue
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-06-29 20:40:31 +02:00
Dave Rodgman
e5b828cb32 Fix error string checked for by ssl-opt.sh negative tests
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2021-06-29 19:37:52 +01:00
Dave Rodgman
bec7cafbe1 Correct required config flag in ECJPAKE tests
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2021-06-29 19:10:46 +01:00
Dave Rodgman
737237fe37 Fix ECJPAKE test failures
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2021-06-29 19:08:33 +01:00
gabor-mezei-arm
2bd5799df0
Fix test case dependency
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-06-29 19:55:25 +02:00
gabor-mezei-arm
ff0da72d52
Restoring the multi-part cipher_verify_output() testing
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-06-29 19:55:25 +02:00
gabor-mezei-arm
95aad8378c
Unify multipart cipher operation tester functions
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-06-29 19:55:24 +02:00
gabor-mezei-arm
a56756ed45
Rename test functions
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-06-29 19:55:24 +02:00
gabor-mezei-arm
50c86cfe79
Remove duplicated tests
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-06-29 19:49:01 +02:00
gabor-mezei-arm
2b231fc81b
Test struct initialization
Modify tests to test mbedtls_psa_cipher_operation_t,
mbedtls_transparent_test_driver_cipher_operation_t and
mbedtls_opaque_test_driver_cipher_operation_t struct initialization macros.

Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-06-29 19:49:00 +02:00
gabor-mezei-arm
93ad276c29
Add test for one-shot cipher driver wrapper functions
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-06-29 19:48:59 +02:00
gabor-mezei-arm
a9449a0b07
Dispatch cipher functions through the driver interface
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-06-29 19:48:59 +02:00
gabor-mezei-arm
f494bcd313
Add tests for one-shot hash cipher functions
Tests for psa_cipher_encrypt and psa_cipher_decrypt functions.
The psa_cipher_encrypt function takes no parameter for IV and always generates
it therefore there will be a randomness in the calculation and cannot be
validated by comparing the actual output with the expected output.
The function is tested by:
 - doing a prtially randomized test with an encryption then a decryption
   and validating the input with output of the decryption
 - validating against the multipart encryption
The combination of this two methods provides enough coverage like a
known answer test.

Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-06-29 19:48:59 +02:00
gabor-mezei-arm
0c24edd56a
Return iterator instead of list
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-06-29 17:07:01 +02:00
gabor-mezei-arm
6385780f54
Rename function
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-06-29 17:07:00 +02:00
gabor-mezei-arm
2a499c0cc5
Refactor handlibg of the key usage flags
Move implicit usage flags handling to the StorageKey class.
Create a subclass for test case data.

Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-06-29 17:07:00 +02:00
gabor-mezei-arm
335e55647e
Update key policy testing test cases
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-06-29 17:07:00 +02:00
gabor-mezei-arm
db4522ca83
Rename test cases
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-06-29 17:06:59 +02:00
gabor-mezei-arm
40d5cd8571
Remove unneeded test case parameter
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-06-29 17:06:59 +02:00
gabor-mezei-arm
2784bfe226
Move key type validation to crypto_knowledge
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-06-29 17:06:59 +02:00
gabor-mezei-arm
340fbf3735 Refactor key generation
Remove the key builder and use iterator instead of lists.

Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-06-29 17:06:56 +02:00
gabor-mezei-arm
5df1dee0c6
Rename variables and funcions
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-06-29 17:06:47 +02:00
gabor-mezei-arm
2710bb1d82
Use string in dict instead of Expr object
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-06-29 17:06:47 +02:00
gabor-mezei-arm
d9050a53ac Remove unnecessary test cases
It is enough only one test case for a key type, algorithm pair when
testing the implicit usage flags.

Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-06-29 17:06:43 +02:00
gabor-mezei-arm
8f40510a92
Add better name for variables
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-06-29 17:06:34 +02:00
gabor-mezei-arm
35929ebb72
Simplify code
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-06-29 17:06:33 +02:00
gabor-mezei-arm
d851d6872a
Remove unneeded test case parameter
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-06-29 17:06:33 +02:00
gabor-mezei-arm
ff8264c348
Simplify test function
Use the updated usage flags as expected.

Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-06-29 17:06:33 +02:00
gabor-mezei-arm
98a3435a10
Rename function to conform to the library
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-06-29 17:06:33 +02:00
gabor-mezei-arm
c8720c4857
Give better name for test cases
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-06-29 17:06:32 +02:00
gabor-mezei-arm
11e4838ef3
Fix generated file modification
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-06-29 17:06:32 +02:00
gabor-mezei-arm
49d6ea9c9a Fix test case duplication
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-06-29 17:06:30 +02:00
gabor-mezei-arm
0f8136af79
Fix pylint issues
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-06-29 17:06:22 +02:00
gabor-mezei-arm
060fdce536
Fix tests
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-06-29 17:06:22 +02:00
gabor-mezei-arm
672e376ba5 Add test case generation for usage extensions when loading keys
Add test cases validating that if a stored key only had the hash policy,
then after loading it psa_get_key_attributes reports that it also has the
message policy, and the key can be used with message functions.

Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-06-29 17:06:20 +02:00
gabor-mezei-arm
7748b6f24b Add key usage policy extension support for key generation
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-06-29 17:06:08 +02:00
gabor-mezei-arm
a4102cb57d
Use different subslasses for the test data files
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-06-29 17:05:53 +02:00
gabor-mezei-arm
780cf9da72
Create a function for gather all the keys.
Prepare for using subclasses.

Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-06-29 17:05:53 +02:00
gabor-mezei-arm
6ee7253df2
Extend description generation
Add an extra optional parameter to generate a more detailed description
for test cases.

Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-06-29 17:05:53 +02:00
gabor-mezei-arm
68c030a76c
Use builder method pattern to generate a key
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-06-29 17:05:53 +02:00
gabor-mezei-arm
b5db2c480f
Convert iterators to lists to remove late binding
Remove late binding of iterators to enable the creation of an object
with an actual state of a variable.

Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-06-29 17:05:52 +02:00
gabor-mezei-arm
7b5c4e2db3
Add type annotations
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-06-29 17:05:52 +02:00
gabor-mezei-arm
edf2df84ba
Add test for extended key usage policies
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-06-29 17:03:39 +02:00
gabor-mezei-arm
4ff73037f9 Update tests for extended key usage policies
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-06-29 17:03:35 +02:00
Dave Rodgman
6ce10be0ce Fix test failure
The test was checking for an obsolete error.

Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2021-06-29 14:23:47 +01:00
Ronald Cron
8682faeb09
Merge pull request #4694 from gilles-peskine-arm/out_size-3.0
Add output size parameter to signature functions
2021-06-29 09:43:17 +02:00
Bence Szépkúti
414d6bd424 Fix pre-existing typo in comment
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2021-06-28 14:11:11 +01:00
TRodziewicz
2abf03c551 Remove all TLS 1.0 and 1.1 instances and add some compatibility tests
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
2021-06-28 14:36:37 +02:00
Hanno Becker
bc00044279 Rename MBEDTLS_ERR_SSL_BAD_HS_PROTOCOL_VERSION
New name is MBEDTLS_ERR_SSL_BAD_PROTOCOL_VERSION.

Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-06-28 12:35:07 +01:00
Bence Szépkúti
fc04aa2be5 Remove MBEDTLS_USER_CONFIG_VERSION handling
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2021-06-28 09:28:48 +01:00
Bence Szépkúti
ba7248abc4 Introduce versioning in the config files
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2021-06-28 09:28:47 +01:00
Bence Szépkúti
bb0cfeb2d4 Rename config.h to mbedtls_config.h
This commit was generated using the following script:

# ========================
#!/bin/sh
git ls-files | grep -v '^ChangeLog' | xargs sed -b -E -i '
s/((check|crypto|full|mbedtls|query)_config)\.h/\1\nh/g
s/config\.h/mbedtls_config.h/g
y/\n/./
'
mv include/mbedtls/config.h include/mbedtls/mbedtls_config.h
# ========================

Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2021-06-28 09:28:33 +01:00
Bence Szépkúti
c5c9eb4741 Move preprocessor logic to build_info.h
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2021-06-28 09:24:42 +01:00
Bence Szépkúti
c662b36af2 Replace all inclusions of config.h
Also remove preprocessor logic for MBEDTLS_CONFIG_FILE, since
build_info.h alreadyy handles it.

This commit was generated using the following script:

# ========================
#!/bin/sh
git ls-files | grep -v '^include/mbedtls/build_info\.h$' | xargs sed -b -E -i '
/^#if !?defined\(MBEDTLS_CONFIG_FILE\)/i#include "mbedtls/build_info.h"
//,/^#endif/d
'
# ========================

Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2021-06-28 09:24:07 +01:00
Dave Rodgman
10bda58b49
Merge pull request #4259 from CJKay/cmake-config
Add CMake package config file
2021-06-25 20:32:13 +01:00
Dave Rodgman
63ad854de8
Merge pull request #4712 from daverodgman/psa_cipher_and_mac_abort_on_error
Psa cipher and mac abort on error
2021-06-25 15:39:59 +01:00
Janos Follath
d910305856 Fix ecp_check_pub() test cases
Negative x coordinate was tested with the value -1. It happens to be one
of the low order points both for Curve25519 and Curve448 and might be
rejected because of that and not because it is negative. Make sure that
x < 0 is the only plausible reason for the point to be rejected.

Signed-off-by: Janos Follath <janos.follath@arm.com>
2021-06-25 12:28:49 +01:00
Paul Elliott
e57dd2d450 Fix potential free of uninitialised pointer
A test was added in that could cause a jump to exit prior to
initialisation of a pointer that would get freed if that test failed.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-06-25 11:17:12 +01:00
Ronald Cron
3698fa1043
Merge pull request #4673 from gilles-peskine-arm/psa_crypto_spm-from_platform_h
Fix and test the MBEDTLS_PSA_CRYPTO_SPM build
2021-06-25 09:01:08 +02:00
Gilles Peskine
f00f152444 Add output size parameter to signature functions
The functions mbedtls_pk_sign(), mbedtls_pk_sign_restartable(),
mbedtls_ecdsa_write_signature() and mbedtls_ecdsa_write_signature_restartable()
now take an extra parameter indicating the size of the output buffer for the
signature.

No change to RSA because for RSA, the output size is trivial to calculate.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-06-25 00:46:22 +02:00
Paul Elliott
87c909a8c5 Make auxiliary function static
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-06-24 20:40:47 +01:00
Gilles Peskine
1fed4b8324
Merge pull request #4720 from gilles-peskine-arm/gcm-finish-outlen
Add output_length parameter to mbedtls_gcm_finish
2021-06-24 20:02:40 +02:00
Dave Rodgman
6f7105818c Improve psa_hash_update negative test
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2021-06-24 18:15:23 +01:00
Janos Follath
59e7aac4d1 Add ecp_check_pub tests for Curve 448
Signed-off-by: Janos Follath <janos.follath@arm.com>
2021-06-24 16:08:40 +01:00
Janos Follath
45af039682 Add DoS test case for ecp_check_pub
A test case for which the loop would take practically forever if it was
reached. The point would be to validate that the loop is not reached.
The test case should cause the CI to time out if starting with the
current code, ecp_check_pubkey_mx() was changed to call
ecp_check_pubkey_x25519() first and run the mbedtls_mpi_size(() test
afterwards, which would make no semantic difference in terms of memory
contents when the function returns, but would open the way for a DoS.

Signed-off-by: Janos Follath <janos.follath@arm.com>
2021-06-24 15:10:15 +01:00
Paul Elliott
e24f1a1a9d Fix missed driver wrapper tests
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-06-24 14:39:05 +01:00
Paul Elliott
16906f9011 Add missing frees to generate nonce test
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-06-24 14:39:05 +01:00
Janos Follath
2f1d7f9deb Remove redundant ecp_check_pub() tests
Signed-off-by: Janos Follath <janos.follath@arm.com>
2021-06-24 14:38:14 +01:00
Dave Rodgman
5ae6f7547c Add negative tests for psa_abort in hash functions
Various functions for PSA hash operations call abort
on failure; test that this is done. The PSA spec does not require
this behaviour, but it makes our implementation more robust in
case the user does not abort the operation as required by the
PSA spec.

Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2021-06-24 11:41:05 +01:00
Gilles Peskine
fedd52ca19
Merge pull request #4707 from gilles-peskine-arm/require-matching-hashlen-rsa-implementation
Require matching hashlen in RSA functions: implementation
2021-06-24 10:28:20 +02:00
Gilles Peskine
5a7be10419 Add output_length parameter to mbedtls_gcm_finish
Without this parameter, it would be hard for callers to know how many bytes
of output the function wrote into the output buffer. It would be possible,
since the cumulated output must have the same length as the cumulated input,
but it would be cumbersome for the caller to keep track.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-06-23 21:51:32 +02:00
Dave Rodgman
647791da5b Add negative tests for psa_abort in cipher and mac functions
Various functions for PSA cipher and mac operations call abort
on failure; test that this is done. The PSA spec does not require
this behaviour, but it makes our implementation more robust in
case the user does not abort the operation as required by the
PSA spec.

Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2021-06-23 18:59:17 +01:00
Gilles Peskine
f06b92d724
Merge pull request #4567 from mstarzyk-mobica/gcm_ad
Enable multiple calls to mbedtls_gcm_update_ad
2021-06-23 19:36:23 +02:00
Paul Elliott
0187651647 Test all set lengths and set/generate nonce orders
Test that the two are completely interchangeable in order.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-06-23 18:30:20 +01:00
Paul Elliott
3bd5dbacc1 Improve generate nonce test
Make sure the generated nonce works to encrypt test data if the
generated nonce is valid.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-06-23 18:30:20 +01:00
Paul Elliott
8fc45169f1 Fix compiler errors on many platforms.
Also added comment to explain why I added a seemingly pointless goto

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-06-23 16:06:59 +01:00
Ronald Cron
4f7cc1bb63
Merge pull request #4713 from gilles-peskine-arm/psa-storage-format-test-lifetimes-3.0
PSA storage format: test lifetimes
Almost straightforward of #4392 thus merging with only one approval.
2021-06-23 15:22:03 +02:00
Janos Follath
aa5938edb3
Merge pull request #4703 from gilles-peskine-arm/mpi_montmul-null-3.0
Fix several bugs with the value 0 in bignum
2021-06-23 13:40:14 +01:00
Mateusz Starzyk
939a54cda3 Fix typos and style issues.
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
2021-06-23 14:30:15 +02:00
Mateusz Starzyk
469c9f35f6 Add GCM tests for empty ciphertext/plaintext and empty AD.
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
2021-06-23 14:30:15 +02:00
Mateusz Starzyk
58d3a7ef97 Add GCM tests with vectors lengths non-dividable by 16.
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
2021-06-23 14:30:15 +02:00
Mateusz Starzyk
032a1ceaf3 Remove init_result check from custom gcm test functions.
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
2021-06-23 14:30:15 +02:00
Mateusz Starzyk
f8a0d4d3bf Fix nested loops set_step in gcm test suite.
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
2021-06-23 14:30:15 +02:00
Mateusz Starzyk
fc60622710 Add customized test functions for GCM update and update_ad.
New functions are used to cover corner cases:
* authentication data is fed to gcm with 0, 1 or 2 calls to gcm_update
* ciphertext is fed to gcm with 0, 1 or 2 calls to gcm_update_ad

AES-GCM NIST test vectors downloaded at 16.06.2021 from:
csrc.nist.gov/groups/STM/cavp/documents/mac/gcmtestvectors.zip

Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
2021-06-23 14:30:03 +02:00
Dave Rodgman
095dadc5bc Fix error in psa_crypto test suite
The cipher_bad_order test happened to pass, but was not testing the
failure case it intended to test.

Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2021-06-23 12:52:11 +01:00
Gilles Peskine
56949f6b63 Make immediate constants unsigned
PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION shifts the location
value (location << 8). This can go outside the range of a 32-bit int
if the location value is above 2^23 as is the case here. Asan
rightfully complained about it. Make the value unsigned to avoid the
integer overflow.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-06-23 13:44:35 +02:00
Gilles Peskine
576464873a Check that attempting to destroy a read-only key fails
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-06-23 13:44:35 +02:00
Gilles Peskine
eb7bdaa177 Add storage tests for lifetimes
Test keys with various persistence levels, enumerated from the
metadata tests.

For read-only keys, do not attempt to create or destroy the key
through the API, only to read a key that has been injected into
storage directly through filesystem access.

Do not test keys with a non-default location, since they require a
driver and we do not yet have a dependency mechanism to require the
presence of a driver for a specific location value.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-06-23 13:44:35 +02:00
Gilles Peskine
fbb914f6e6 Add negative tests for psa_destroy_key
Test a non-existent key identifier in a valid range. Test identifiers
outside the valid range.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-06-23 13:43:08 +02:00
Gilles Peskine
ad2ddfe874 Add negative tests for key creation with an invalid lifetime
Attempting to create a key with an invalid location or with read-only
persistence must be rejected.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-06-23 13:43:08 +02:00
Gilles Peskine
1e1eca3233 Add persistent key tests with a non-default persistence
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-06-23 13:43:08 +02:00
Gilles Peskine
d133bb2909 New macro PSA_KEY_LIFETIME_IS_READ_ONLY
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-06-23 13:43:08 +02:00
Gilles Peskine
90dfc35643 More informative message on invalid classification flags
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-06-23 13:43:08 +02:00
Gilles Peskine
607eb7e411 Add lifetime metadata tests
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-06-23 13:43:08 +02:00
Gilles Peskine
c9d86a05ce
Merge pull request #4665 from yanesca/issue-3990-fix_psa_verify_with_alt
Fix PSA RSA PSS verify with ALT implementations
2021-06-23 11:47:38 +02:00
Manuel Pégourié-Gonnard
f941fb9972 Add test for check_pubkey for x25519
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2021-06-23 11:40:35 +02:00
Paul Elliott
fcb5cdc954 Add per function hits to driver wrappers
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-06-23 09:58:05 +01:00
Manuel Pégourié-Gonnard
f29857ca0a Reject low-order points on Curve25519 early
We were already rejecting them at the end, due to the fact that with the
usual (x, z) formulas they lead to the result (0, 0) so when we want to
normalize at the end, trying to compute the modular inverse of z will
give an error.

If we wanted to support those points, we'd a special case in
ecp_normalize_mxz(). But it's actually permitted by all sources
(RFC 7748 say we MAY reject 0 as a result) and recommended by some to
reject those points (either to ensure contributory behaviour, or to
protect against timing attack when the underlying field arithmetic is
not constant-time).

Since our field arithmetic is indeed not constant-time, let's reject
those points before they get mixed with sensitive data (in
ecp_mul_mxz()), in order to avoid exploitable leaks caused by the
special cases they would trigger. (See the "May the Fourth" paper
https://eprint.iacr.org/2017/806.pdf)

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2021-06-23 10:14:58 +02:00
Paul Elliott
5b065cb8cd Fix typo
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-06-23 08:51:24 +01:00
Paul Elliott
534d0b4484 Finish / Verify state checks
Ensure finish only called when encrypting and verify only called for
decrypting, and add tests to ensure this.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-06-22 22:14:48 +01:00
Paul Elliott
7220cae93c Ensure generate nonce unavailable in decrypt
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-06-22 22:14:47 +01:00
Gilles Peskine
e9bc857327
Merge pull request #4552 from hanno-arm/mbedtls_3_0_key_export
Implement modified key export API for Mbed TLS 3.0
2021-06-22 18:52:37 +02:00
Gilles Peskine
6e3187b212 RSA: Use hashlen as the hash input size as documented
Where hashlen was previously ignored when the hash length could be
inferred from an md_alg parameter, the two must now match.

Adapt the existing tests accordingly. Adapt the sample programs accordingly.

This commit does not add any negative testing.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-06-22 18:39:53 +02:00
Paul Elliott
5e3bb13111 Add set_lengths argument to all tests.
Run all tests that do not require set_lengths with and without setting
lengths.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-06-22 16:31:09 +01:00
Paul Elliott
1c96429282 Remove encrypt/decrypt tests
Tests were not really providing any more coverage than already provided.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-06-22 16:31:09 +01:00
Paul Elliott
c23a9a0799 Add state checks for multipart AEAD
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-06-22 16:31:09 +01:00
Paul Elliott
d3f8241369 Add multipart tests
Test range of multipart sizes for all tests, rather than having to
define specific tests.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-06-22 16:31:09 +01:00
Paul Elliott
8eb9dafda1 Add generate nonce test
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-06-22 16:31:09 +01:00
Paul Elliott
388f606acd Use correct size defines for buffers
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-06-22 16:31:09 +01:00
Gilles Peskine
2a3041f74e Fix copypasta in test data
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-06-22 12:47:21 +02:00
Gilles Peskine
bd5d6ef8de Fix copypasta in test cases
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-06-22 12:47:21 +02:00
Gilles Peskine
8998770771 Annotate the choice of representation of 0 in more places
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-06-22 12:47:21 +02:00
Gilles Peskine
8f70d3f4e2 Improve coverage of mbedtls_mpi_cmp_mpi
Test with and without leading zeros on each side.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-06-22 12:47:21 +02:00
Gilles Peskine
722c62c81a Fix copypasta in test function argument name
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-06-22 12:47:21 +02:00
Gilles Peskine
5afc5e4305 Unify G=1 and G=-1 test cases
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-06-22 12:47:21 +02:00
Gilles Peskine
d96b3650ec In test cases where the result is 0, express it as "0", not ""
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-06-22 12:47:21 +02:00
Gilles Peskine
997be0aba3 Fix multiplication with negative result and a low-order 0 limb
Fix a bug introduced in "Fix multiplication producing a negative zero" that
caused the sign to be forced to +1 when A > 0, B < 0 and B's low-order limb
is 0.

Add a non-regression test. More generally, systematically test combinations
of leading zeros, trailing zeros and signs.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-06-22 12:47:21 +02:00
Gilles Peskine
e109175d05 mpi_shrink test: just set the top bit
No need to bypass the API to fill limbs. It's a better test to just
set the top bit that we want to have set, and it's one less bypass of
the API.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-06-22 12:47:21 +02:00
Gilles Peskine
3f1c3c9605 Tweak grouping of GCD test cases
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-06-22 12:47:21 +02:00
Gilles Peskine
9466d81fe8 Make GCD test descriptions more uniform
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-06-22 12:47:21 +02:00
Gilles Peskine
7cba859235 mbedtls_mpi_read_string: make an empty bignum for an empty string
In mbedtls_mpi_read_string, if the string is empty, return an empty bignum
rather than a bignum with one limb with the value 0.

Both representations are correct, so this is not, in principle, a
user-visible change. The change does leak however through
mbedtls_mpi_write_string in base 16 (but not in other bases), as it writes a
bignum with 0 limbs as "" but a bignum with the value 0 and at least one
limb as "00".

This change makes it possible to construct an empty bignum through
mbedtls_mpi_read_string, which is especially useful to construct test
cases (a common use of mbedtls_mpi_read_string, as most formats use in
production encode numbers in binary, to be read with mbedtls_mpi_read_binary
or mbedtls_mpi_read_binary_le).

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-06-22 12:47:21 +02:00
Gilles Peskine
45adf6fca9 DHM: test some edge cases for the generator
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-06-22 12:47:21 +02:00
Gilles Peskine
058d009a61 Add RSA tests with message=0
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-06-22 12:47:21 +02:00
Gilles Peskine
f4998b0a20 Fix multiplication producing a negative zero
Fix mbedtls_mpi_mul_mpi() when one of the operands is zero and the
other is negative. The sign of the result must be 1, since some
library functions do not treat {-1, 0, NULL} or {-1, n, {0}} as
representing the value 0.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-06-22 12:47:21 +02:00
Gilles Peskine
3da1a8ff39 Fix null pointer dereference in mbedtls_mpi_exp_mod
Fix a null pointer dereference in mbedtls_mpi_exp_mod(X, A, N, E, _RR) when
A is the value 0 represented with 0 limbs.

Make the code a little more robust against similar bugs.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-06-22 12:44:05 +02:00
Gilles Peskine
3637488eb4 Add many test cases involving 0
Test both 0 represented with 0 limbs ("0 (null)") and 0 represented
with 1 limb ("0 (1 limb)"), because occasionally there are bugs with
0-limb bignums and occasionally there are bugs with removing leading
zero limbs.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-06-22 12:44:05 +02:00
Gilles Peskine
342f71b512 Test mbedtls_mpi_exp_mod both with and without _RR
mbedtls_mpi_exp_mod can be called in three ways regarding the speed-up
parameter _RR: null (unused), zero (will be updated), nonzero (will be
used). Systematically test all three.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-06-22 12:44:05 +02:00
Gilles Peskine
424390c517 mbedtls_mpi_exp_mod test: don't read RR from test data
Remove the RR parameter to the mbedtls_mpi_exp_mod test function.
It was never used in the test data, so there is no loss of functionality.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-06-22 12:44:05 +02:00
Gilles Peskine
9e9314ff93 Add some GCD tests
Add GCD tests with negative arguments and with large non-co-prime arguments.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-06-22 12:44:05 +02:00
Gilles Peskine
d0722f8e71 Test mbedtls_mpi_safe_cond_{assign,swap} with the basic functions
Test mbedtls_mpi_safe_cond_assign() and mbedtls_mpi_safe_cond_swap()
with their "unsafe" counterparts mbedtls_mpi_copy() and
mbedtls_mpi_swap(). This way we don't need to repeat the coverage of
test cases.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-06-22 12:44:05 +02:00
Gilles Peskine
fc1eeefc99 Overhaul testing of mbedtls_mpi_swap
Similarly to "Overhaul testing of mbedtls_mpi_copy", simplify the code
to test mbedtls_mpi_swap to have just one function for distinct MPIs
and one function for swapping an MPI with itself, covering all cases
of size (0, 1, >1) and sign (>0, <0).

The test cases are exactly the same as for mbedtls_mpi_copy with the
following replacements:
* `Copy` -> `Swap`
* ` to ` -> ` with `
* `_copy` -> `_swap`

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-06-22 12:44:05 +02:00
Gilles Peskine
90ec8e857c Overhaul testing of mbedtls_mpi_copy
Replace the two test functions mbedtls_mpi_copy_sint (supporting signed
inputs but always with exactly one limb) and mbedtls_mpi_copy_binary
(supporting arbitrary-sized inputs but not negative inputs) by a single
function that supports both arbitrary-sized inputs and arbitrary-signed
inputs. This will allows testing combinations like negative source and
zero-sized destination.

Also generalize mpi_copy_self to support arbitrary inputs.

Generate a new list of test cases systematically enumerating all
possibilities among various categories: zero with 0 or 1 limb, negative or
positive with 1 limb, negative or positive with >1 limb. I used the
following Perl script:

```
sub rhs { $_ = $_[0]; s/bead/beef/; s/ca5cadedb01dfaceacc01ade/face1e55ca11ab1ecab005e5/; $_ }
%v = (
    "zero (null)" => "",
    "zero (1 limb)" => "0",
    "small positive" => "bead",
    "large positive" => "ca5cadedb01dfaceacc01ade",
    "small negative" => "-bead",
    "large negative" => "-ca5cadedb01dfaceacc01ade",
);
foreach $s (sort keys %v) {
    foreach $d (sort keys %v) {
        printf "Copy %s to %s\nmbedtls_mpi_copy:\"%s\":\"%s\"\n\n",
               $s, $d, $v{$s}, rhs($v{$d});
    }
}
foreach $s (sort keys %v) {
    printf "Copy self: %s\nmpi_copy_self:\"%s\"\n\n", $s, $v{$s};
}
```

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-06-22 12:44:05 +02:00
Gilles Peskine
dffc710008 Test the validity of the sign bit after constructing an MPI object
This is mostly to look for cases where the sign bit may have been left at 0
after zerozing memory, or a value of 0 with the sign bit set to -11. Both of
these mostly work fine, so they can go otherwise undetected by unit tests,
but they can break when certain combinations of functions are used.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-06-22 12:44:05 +02:00
Gilles Peskine
20edee7b17 Use mbedtls_test_read_mpi in test suites
Replace calls to mbedtls_mpi_read_string() with a wrapper
mbedtls_test_read_mpi() when reading test data except for the purpose
of testing mbedtls_mpi_read_string() itself. The wrapper lets the test
data control precisely how many limbs the constructed MPI has.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-06-22 12:44:05 +02:00
Gilles Peskine
ebc49e5bff New test helper mbedtls_test_read_mpi
This test helper reads an MPI from a string and guarantees control over the
number of limbs of the MPI, allowing test cases to construct values with or
without leading zeros, including 0 with 0 limbs.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-06-22 12:43:00 +02:00
Gilles Peskine
5fb6f700ba Clarify a few test descriptions (mostly involving 0)
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-06-22 12:43:00 +02:00
Gilles Peskine
36ff66c4b4
Merge pull request #4316 from gabor-mezei-arm/3258_implement_one-shot_MAC
Implement one-shot MAC
2021-06-22 12:18:25 +02:00
Manuel Pégourié-Gonnard
3e7ddb2bb6
Merge pull request #4604 from gilles-peskine-arm/default-hashes-curves-3.0
Update the default hash and curve selection for X.509 and TLS
2021-06-22 12:08:37 +02:00
Manuel Pégourié-Gonnard
508d3a5824
Merge pull request #4664 from tom-daubney-arm/rm_truncated_HMAC_ext
Remove truncated HMAC extension
2021-06-22 11:53:10 +02:00
Manuel Pégourié-Gonnard
32750ef5c2
Merge pull request #4685 from mpg/improve-all-sh-robustness
all.sh: Clean up old files before generating them
2021-06-22 11:14:49 +02:00
Dave Rodgman
8f2b66a39a
Merge pull request #4676 from JoeSubbiani/MissingContextFree-test_suite_aes.function
Add missing free context in at the end of aes_crypt_xts_size()
2021-06-22 09:24:08 +01:00
Manuel Pégourié-Gonnard
a805d57261
Merge pull request #4588 from TRodziewicz/remove_MD2_MD4_RC4_Blowfish_and_XTEA
Remove MD2, MD4, RC4, Blowfish and XTEA
2021-06-22 09:27:41 +02:00
TRodziewicz
4a28ade6e9 Changing the key length to 32 bytes in one of the PSA cipher setup tests
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
2021-06-21 17:44:19 +02:00
TRodziewicz
f41dc7cb35 Removal of RC4 certs and fixes to docs and tests
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
2021-06-21 13:27:29 +02:00
Janos Follath
4c0b60e5fa Fix exercise key test
Hash and sign algorithms require the alignment of the input length with
the hash length at verification as well not just when signing.

Signed-off-by: Janos Follath <janos.follath@arm.com>
2021-06-21 10:39:36 +01:00
Janos Follath
ae50d28e4c Fix verify_hash tests for PSA RSA PSS
The psa_verify_hash() is the pre-hashed version of the API and supposed
to work on hashes generated by the user. There were tests passing that
were getting "hashes" of sizes different from the expected.

Transform these into properly failing tests.

Signed-off-by: Janos Follath <janos.follath@arm.com>
2021-06-21 10:39:36 +01:00
Joe Subbiani
3f9e64c03c Fix improper spacing
Spacing between brackets did not follow the appropriate coding style

Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>
2021-06-21 09:10:55 +01:00
Ronald Cron
fb01081212 psa: mac: Add driver dispatch tests for psa_mac_verify
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-06-21 09:19:22 +02:00
Ronald Cron
094b06a572 psa: mac: Add driver dispatch tests for psa_mac_compute
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-06-21 09:19:22 +02:00
Hanno Becker
a7991f2e11 Remove all occurrences of TLS < 1.2 PRF identifier
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-06-18 18:40:19 +01:00
Hanno Becker
11a4c1abcd Adapt key export test in ssl-opt.sh to reduced output
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-06-18 18:40:19 +01:00
Manuel Pégourié-Gonnard
ae35830295
Merge pull request #4661 from mpg/make-blinding-mandatory
Make blinding mandatory
2021-06-18 18:32:13 +02:00
Dave Rodgman
8c8166a7f1
Merge pull request #4640 from TRodziewicz/move_part_of_timing_module_out_of_the_library_and_to_test
Move part of timing module out of the library
2021-06-18 16:35:58 +01:00
gabor-mezei-arm
534bb99f17 Add test for one-shot MAC functions
Tests for psa_mac_compute and psa_mac_verify functions.

Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-06-18 16:58:30 +02:00
Manuel Pégourié-Gonnard
87db8a2676 Clean up old files before generating them
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2021-06-18 13:30:14 +02:00
TRodziewicz
75628d51b3 Code review fixes
Reverting some deleted tests and changing the deprecated algo
Deleting deprecated headers from /alt-dummy dir
Corrections to the comments
Removal of deleted functions from compat-2.x.h
Corrections to tests/data_files/Makefile

Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
2021-06-18 12:59:38 +02:00
Gilles Peskine
4a02cef402 Test restartable ECC with a curve that supports it
The default curve is now Curve25519, which doesn't support restartable ECC.
So run the restartable ECC tests with a curve that does support it. Use
secp256r1 which is required for these tests anyway for the server's
certificate.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-06-17 21:46:29 +02:00
Gilles Peskine
799eee65fd Update the expected default curve in ssl-opt.sh
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-06-17 21:46:29 +02:00
Gilles Peskine
3beb72eeaf Add mbedtls_debug_print_mpi test case for 0
There was already a test case for 0 but with a non-empty representation
(X->n == 1). Add a test case with X->n == 0 (freshly initialized mpi).

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-06-17 21:46:29 +02:00
Gilles Peskine
c5b9510114 Clarify test case descriptions
Reorder test cases and make their descriptions more explicit. No
change in test data.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-06-17 21:46:29 +02:00
Gilles Peskine
12b5b38981 Fix "PSA - ECDH with [non-default curve]"
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-06-17 21:46:14 +02:00
JoeSubbiani
57face2f0b Free context in at the end of aes_crypt_xts_size()
in file tests/suite/test_suite_aes.function, aes_crypt_xts_size()
did not free the context upon the function exit.
The function now frees the context on exit.

Fixes #4176

Signed-off-by: JoeSubbiani <Joe.Subbiani@arm.com>
2021-06-17 15:55:00 +01:00
Gilles Peskine
a354867399 In the SPM test build, fail if a symbol wasn't renamed
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-06-17 11:40:51 +02:00
Gilles Peskine
d1dcfd53aa Do a test build with MBEDTLS_PSA_CRYPTO_SPM
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-06-17 11:40:51 +02:00
Gilles Peskine
532327b429
Merge pull request #4576 from gilles-peskine-arm/psa_key_derivation-bad_workflow-20210527
PSA key derivation bad-workflow tests
2021-06-17 09:55:39 +02:00
Manuel Pégourié-Gonnard
d51aaad4c9 Remove config option MBEDTLS_ECP_NO_INTERNAL_RNG
It was used to remove the code used when mbedtls_ecp_mul() received a
NULL RNG parameter. This code is no longer relevant (as the RNG may no
longer be NULL) and will be unconditionally removed in the next commit.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2021-06-17 09:38:38 +02:00
Manuel Pégourié-Gonnard
84dea01f36 Add RNG params to private key parsing
This is necessary for the case where the public part of an EC keypair
needs to be computed from the private part - either because it was not
included (it's an optional component) or because it was compressed (a
format we can't parse).

This changes the API of two public functions: mbedtls_pk_parse_key() and
mbedtls_pk_parse_keyfile().

Tests and programs have been adapted. Some programs use a non-secure RNG
(from the test library) just to get things to compile and run; in a
future commit this should be improved in order to demonstrate best
practice.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2021-06-17 09:38:38 +02:00
Manuel Pégourié-Gonnard
39be1410fd Add RNG parameter to check_pair functions
- mbedtls_ecp_check_pub_priv() because it calls ecp_mul()
- mbedtls_pk_check_pair() because it calls the former

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2021-06-17 09:38:38 +02:00
Manuel Pégourié-Gonnard
f8c24bf507 Fix signature of check_pub_priv
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2021-06-17 09:38:38 +02:00
Manuel Pégourié-Gonnard
aa3ed6f987 Make RNG parameters mandatory in ECP functions
Fix trivial faulty calls in ECP test suite and ECP/ECJPAKE self-tests (by
adding a dummy RNG).

Several tests suites are not passing yet, as a couple of library
function do call ecp_mul() with a NULL RNG. The complexity of the fixes
range from "simple refactoring" to "requires API changes", so these will
be addressed in separate commits.

This makes the option MBEDTLS_ECP_NO_INTERNAL_RNG, as well as the whole
"internal RNG" code, obsolete. This will be addressed in a future
commit, after getting the test suites to pass again.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2021-06-17 09:38:38 +02:00
Manuel Pégourié-Gonnard
7861ecf838 Make RNG parameters mandatory in ECDH functions
Again, no check in the code - will be checked by ECP

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2021-06-17 09:38:38 +02:00
Manuel Pégourié-Gonnard
1a87722bb6 Make RNG parameters mandatory in DHM functions
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2021-06-17 09:38:38 +02:00
Thomas Daubney
c46bf3c79c Modifies tests in test_suite_ssl.function
Commit removes conditional compilation
code blocks relating to
MBEDTLS_SSL_TRUNCATED_HMAC config option.

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
2021-06-16 16:19:53 +01:00
Thomas Daubney
ce9e716a2b Modifies tests in context-info.sh
Commit modifies tests involving
MBEDTLS_SSL_TRUNCATED_HMAC in the
context-info.sh script.

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
2021-06-16 16:19:53 +01:00
Thomas Daubney
5f43f978f0 Removes tests from ssl-opt.sh
Commit removes tests from ssl-opt.sh
that were specific to
MBEDTLS_SSL_TRUNCATED_HMAC extention.

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
2021-06-16 16:19:53 +01:00
Mateusz Starzyk
af4ecddd4f Pass associated data split as check_multipart argument.
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
2021-06-16 14:34:09 +02:00
Mateusz Starzyk
658f4fd6d8 Cover multiple calls to mbedtls_gcm_update_ad in gcm test suite.
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
2021-06-16 14:34:09 +02:00
TRodziewicz
8f91c721d3 Code review follow-up corrections
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
2021-06-16 10:34:45 +02:00
TRodziewicz
10e8cf5fef Remove MD2, MD4, RC4, Blowfish and XTEA
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
2021-06-16 10:34:25 +02:00
Gilles Peskine
17575dcb03
Merge pull request #4629 from TRodziewicz/rename_functions_whose_deprecated_variants_have_been_removd
Rename the _ret() functions
2021-06-15 20:32:07 +02:00
Gilles Peskine
db9c18d1be Import crypto_spe.h from TF-M
https://git.trustedfirmware.org/TF-M/trusted-firmware-m.git/plain/secure_fw/partitions/crypto/crypto_spe.h?h=refs/heads/master

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-06-15 18:39:26 +02:00
TRodziewicz
d854083773 Move part of timing module out of the library
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
2021-06-15 15:47:44 +02:00
TRodziewicz
28a4a963fc Corrections to the docs wording and changes to aux scripts
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
2021-06-15 00:18:32 +02:00
Gilles Peskine
e5702489f5 mbedtls_dhm_get_value parameter order: context first, output last
mbedtls_dhm_get_value can be seen as either a copy function or a getter
function. Given the name and the semantics, it's more of a getter, even if
it "gets" by doing a copy. Therefore, put the context first, and the
selector next, leaving the output for last.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-06-15 00:14:28 +02:00
Gilles Peskine
1628a9c140 MBEDTLS_DEBUG_C is compatible with every whole-module ALT except DHM
It would be possible to make SSL debugging compatible with MBEDTLS_DHM_ALT,
but too much low-priority work right now, so don't require it.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-06-15 00:14:28 +02:00
Gilles Peskine
5c3f18d37c MBEDTLS_PK_PARSE_EC_EXTENDED is incompatible with MBEDTLS_ECP_ALT
... unless the alt implementation defines a group structure that's mostly
compatible with the built-in one and supports partially filled group
structures in the same way.

It would be possible to rewrite the SpecifiedECDomain parsing code to avoid
requiring support for partially filled group structures, but that's too
complicated to do now.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-06-15 00:13:02 +02:00
Gilles Peskine
ad7f53cdb3 Define public fields of mbedtls_ecp_group in alt test header
And don't define configuration macros that only apply to the built-in
implementation.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-06-15 00:12:37 +02:00
Gilles Peskine
71acc6e8d9 New function mbedtls_dhm_get_value to copy a field of a DHM context
Reduce the need to break the DHM abstraction by accessing the context directly.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-06-15 00:12:37 +02:00
Gilles Peskine
487bbf6805 DHM: new functions to query the length of the modulus
Add two functions mbedtls_dhm_get_len() and mbedtls_dhm_get_bitlen() to
query the length of the modulus in bytes or bits.

Remove the len field: the cost of calling mbedtls_dhm_get_len() each time
it's needed is negligible, and this improves the abstraction of the DHM
module.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-06-15 00:12:37 +02:00
Gilles Peskine
cc73cc55e8 Test the build with whole-module alternative implementations
Use headers defining dummy context types.

The test does not pass yet. I plan to fix this in subsequent commits.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-06-15 00:12:18 +02:00
Gilles Peskine
a0ebaefef9 Create threading_alt.h header for testing
Follow-up to "Create xxx_alt.h headers for testing". The inclusion of
threading_alt.h in include/mbedtls/threading.h does not follow the
same pattern as the others so it was missed by the script.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-06-15 00:10:37 +02:00
Gilles Peskine
c5048db24c Create xxx_alt.h headers for testing
These headers define the context types that alternative implementations must
provide. The context types are dummy types, suitable for building but not
meant to be usable by an implementation.

This is the output of the following script:

```
perl -0777 -ne '
m@^#if !defined\((MBEDTLS_\w+_ALT)\).*\n((?:.*\n)*?)#else.*\n#include "(.*_alt\.h)"\n#endif@m or next;
$symbol = $1; $content = $2; $header = $3;
$header_symbol = $header; $header_symbol =~ y/a-z./A-Z_/;
m@/\*[ *\n]*Copyright .*?\*/@s or die; $copyright = $&;
open OUT, ">tests/include/alt-dummy/$header" or die;
$content =~ s@//.*@@mg;
$content =~ s@/\*.*?\*/@@sg;
$content =~ s@\{.*?\}@{\n    int dummy;\n}@sg;
$content =~ s@ +$@@mg;
$content =~ s@\n{3,}@\n\n@g; $content =~ s@\A\n+@@; $content =~ s@\n*\Z@\n@;
print OUT "/* $header with dummy types for $symbol */\n$copyright\n\n#ifndef $header_symbol\n#define $header_symbol\n\n$content\n\n#endif /* $header */\n" or die;
close OUT or die;
' include/mbedtls/*.h
```

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-06-15 00:10:37 +02:00
Gilles Peskine
814d0129ec Test calculated MBEDTLS_ECP_MAX_xxx constants in unit tests
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-06-15 00:10:37 +02:00
Gilles Peskine
af5bd67f6e Fix copypasta in test data
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-06-14 18:05:37 +02:00
Gilles Peskine
c7319cda78 Use UNUSED wherever applicable in derive_input tests
Exhaustivity check:
```
<tests/suites/test_suite_psa_crypto.data awk -F: '$1=="derive_input" { for (step=1; step<=3; step++) { if ($(4*step-1) == "0") { if ($(4*step) != "UNUSED" || $(4*step+1) != "\"\"" || $(4*step+2) != "UNUSED") print NR, step, $(4*step), $(4*step+1), $(4*step+2) } } }'
```

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-06-14 18:01:42 +02:00
Ronald Cron
c4c761e35e Merge remote-tracking branch 'mbedtls/development' into mbedtls_private_with_python
Conflicts:
    include/mbedtls/ssl.h
    include/psa/crypto_struct.h

Conflicts fixed by using the code from development branch
and manually re-applying the MBEDTLS_PRIVATE wrapping.
2021-06-14 16:17:32 +02:00
Gilles Peskine
93038fab2c Key derivation: add test cases where the secret is missing
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-06-11 22:38:22 +02:00
Janos Follath
21f84643f8
Merge pull request #4317 from yanesca/psa-jpake-interface
J-PAKE interface definition for PSA Crypto
2021-06-11 13:47:25 +01:00
Gilles Peskine
02b76b7d18
Merge pull request #4619 from TRodziewicz/remove_MBEDTLS_X509_CHECK_x_KEY_USAGE_options
Remove MBEDTLS_X509_CHECK_*_KEY_USAGE options but enable the code
2021-06-10 17:43:36 +02:00
TRodziewicz
3ecb92e680 Remove _X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
2021-06-09 13:28:16 +02:00
TRodziewicz
26371e4793 Rename the _ret() functions
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
2021-06-08 16:45:41 +02:00
Janos Follath
1f9e9e95c9 PSA PAKE: fix old constant name in test
Signed-off-by: Janos Follath <janos.follath@arm.com>
2021-06-08 14:48:37 +01:00
Ronald Cron
3a0375fff4 Fail if a padding disabled by the build-time configuration is selected
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-06-08 14:11:57 +02:00
Ronald Cron
266b6d2121 tests: Assert success of calls to mbedtls_rsa_set_padding()
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-06-08 14:11:19 +02:00
Ronald Cron
c1905a1c3d Change mbedtls_rsa_init() signature
Remove padding parameters as mbedtls_rsa_init()
cannot return an error code when padding
parameters are invalid.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-06-08 14:11:19 +02:00
Ronald Cron
ea7631be1c Change mbedtls_rsa_set_padding() signature
mbedtls_rsa_set_padding() now returns the error
code MBEDTLS_ERR_RSA_INVALID_PADDING when
padding parameters are invalid.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-06-08 14:11:10 +02:00
Manuel Pégourié-Gonnard
16fdab79a5
Merge pull request #4382 from hanno-arm/max_record_payload_api
Remove MFL query API and add API for maximum plaintext size of incoming records
2021-06-08 11:07:27 +02:00
Manuel Pégourié-Gonnard
dacd044938
Merge pull request #4516 from TRodziewicz/Remove__CHECK_PARAMS_option
Remove MBEDTLS_CHECK_PARAMS option
2021-06-08 09:30:48 +02:00
Manuel Pégourié-Gonnard
68237d718a
Merge pull request #4548 from hanno-arm/tls13_key_schedule_upstream
TLS 1.3 Key schedule: Second level secret generation
2021-06-08 09:10:58 +02:00
Hanno Becker
59d3670fa5 Fix ssl-opt.sh test cases grepping for MFL configuration output
Use and grep for the new max in/out record payload length API instead.

Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-06-08 05:35:29 +01:00
TRodziewicz
0730cd5d9e Merge branch 'development' into Remove__CHECK_PARAMS_option 2021-06-07 15:41:49 +02:00
TRodziewicz
34428a6849 Remove duplicated ASSERT_ALLOC define
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
2021-06-07 15:33:15 +02:00
TRodziewicz
442fdc22ea Remove MBEDTLS_X509_CHECK_*_KEY_USAGE options but enable the code
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
2021-06-07 13:52:23 +02:00
Mateusz Starzyk
854a25c7a4 Merge branch 'development' into mbedtls_private_with_python
Conflicts:
         include/mbedtls/ecp.h

Conflict resolved by using the code from development branch
and manually applying the MBEDTLS_PRIVATE wrapping.
2021-06-07 09:49:01 +02:00
Chris Kay
d259e347e6 Add CMake package config file
This change enables automatic detection and consumption of Mbed TLS
library targets from within other CMake projects. By generating an
`MbedTLSConfig.cmake` file, consuming projects receive a more complete
view of these targets, allowing them to be used as dependencies which
properly inherit the transitive dependencies of the libraries.

This is fairly fragile, as it seems Mbed TLS's libraries do not appear
to properly model their dependencies on other targets, including
third-party dependencies. It is, however, sufficient for building and
linking the compiled Mbed TLS libraries when there are no third-party
dependencies involved. Further work is needed for more complex
use-cases, but this will likely meet the needs of most projects.

Resolves #298. Probably useful for #2857.

Signed-off-by: Chris Kay <chris.kay@arm.com>
2021-06-04 16:02:48 +01:00
Hanno Becker
d60b6c62d5 Remove per-version ciphersuite configuration API
This commit removes the API

```
    mbedtls_ssl_conf_ciphersuites_for_version()
```

which allows to configure lists of acceptable ciphersuites
for each supported version of SSL/TLS: SSL3, TLS 1.{0,1,2}.

With Mbed TLS 3.0, support for SSL3, TLS 1.0 and TLS 1.1
is dropped. Moreover, upcoming TLS 1.3 support has a different
notion of cipher suite and will require a different API.

This means that it's only for TLS 1.2 that we require
a ciphersuite configuration API, and

```
   mbedtls_ssl_conf_ciphersuites()
```

can be used for that. The version-specific ciphersuite
configuration API `mbedtls_ssl_conf_ciphersuites_for_version()`,
in turn, is no longer needed.

Signed-off-by: Hanno Becker <hanno.becker@arm.com>
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2021-06-04 12:20:10 +02:00
Manuel Pégourié-Gonnard
0c1a42a147
Merge pull request #4611 from gilles-peskine-arm/random-range-uniformity-3.0
Fix non-uniform random generation in a range
2021-06-04 10:43:15 +02:00
Manuel Pégourié-Gonnard
f9f9cc217c
Merge pull request #4579 from tom-daubney-arm/rm_ecdh_legacy_context_config_option
Remove `MBEDTLS_ECDH_LEGACY_CONTEXT` config option
2021-06-04 10:02:59 +02:00
Gilles Peskine
ceefe5d269 Lift function call out of inner loop
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-06-03 18:10:04 +02:00
Gilles Peskine
9077e435c6 Fix mistakes in test case descriptions
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-06-03 18:10:04 +02:00
Gilles Peskine
c7eeeb1e8d Fix long-standing obsolete comment
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-06-03 18:10:04 +02:00
Gilles Peskine
3270b14d4b DHM: add test case with x_size < 0
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-06-03 18:10:04 +02:00
Gilles Peskine
19e36207ba DHM tests: add some explanations
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-06-03 18:10:04 +02:00
Gilles Peskine
03299dcf5b DHM: add notes about leading zeros
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-06-03 18:10:04 +02:00
Gilles Peskine
0cb493d239 Note that the "0 limb in ..." tests rely on undocumented behavior
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-06-03 18:10:04 +02:00
Gilles Peskine
0ad640ab83 MPI random test: Add test cases with lower_bound > upper_bound
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-06-03 18:10:04 +02:00
Gilles Peskine
d463edf8c5 MPI random test: fix small-range test stats check when min > 1
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-06-03 18:10:04 +02:00
Gilles Peskine
951b5695e3 MPI random test: Add a few more small-range tests
Do more iterations with small values. This makes it more likely that a
mistake on bounds will be detected.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-06-03 18:10:04 +02:00
Gilles Peskine
fbb90098e8 Fix copypasta in test case description
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-06-03 18:10:04 +02:00
Gilles Peskine
eedefa5627 Better document and slightly simplify >>2^n heuristic
Slightly simplify is_significantly_above_a_power_of_2() to make it
easier to understand:
* Remove the explicit negative answer for x <= 4. The only functional
  difference this makes is that is_significantly_above_a_power_of_2(3)
  is now true.
* Shift the most significant bit of x to position 8 rather than 15.
  This makes the final comparison easier to explain.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-06-03 18:10:04 +02:00
Gilles Peskine
422e867acb MPI random: add unit tests with a previously nonzero value
Add unit tests for mbedtls_mpi_fill_random() and mbedtls_mpi_random()
when the resulting MPI object previously had a nonzero value. I wrote
those to catch a bug that I introduced during the development of
mbedtls_mpi_random() (but does not appear in a committed version).

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-06-03 18:10:04 +02:00
Gilles Peskine
1a7df4eda0 Fix mbedtls_mpi_random when N has leading zeros
mbedtls_mpi_random() uses mbedtls_mpi_cmp_mpi_ct(), which requires its
two arguments to have the same storage size. This was not the case
when the upper bound passed to mbedtls_mpi_random() had leading zero
limbs.

Fix this by forcing the result MPI to the desired size. Since this is
not what mbedtls_mpi_fill_random() does, don't call it from
mbedtls_mpi_random(), but instead call a new auxiliary function.

Add tests to cover this and other conditions with varying sizes for
the two arguments.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-06-03 18:10:04 +02:00
Gilles Peskine
da7ee01589 DHM: use mbedtls_mpi_random for blinding and key generation
Instead of generating blinding values and keys in a not-quite-uniform way
(https://github.com/ARMmbed/mbedtls/issues/4245) with copy-pasted code,
use mbedtls_mpi_random().

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-06-03 18:10:04 +02:00
Gilles Peskine
2baf2b0532 Test mbedtls_dhm_make_params with different x_size
mbedtls_dhm_make_params() with x_size != size of P is not likely to be
useful, but it's supported, so test it.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-06-03 18:10:04 +02:00
Gilles Peskine
b27db0acff Repeat a few DH tests
Repeat a few tests that use random data. This way the code is
exercised with a few different random values.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-06-03 18:10:04 +02:00
Gilles Peskine
02db8f4cf7 Test range and format of dhm_make_params output
Improve the validation of the output from mbedtls_dhm_make_params:
* Test that the output in the byte buffer matches the value in the
  context structure.
* Test that the calculated values are in the desired range.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-06-03 18:10:04 +02:00
Gilles Peskine
1e918f44c9 mbedtls_mpi_random: check for invalid arguments
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-06-03 18:10:04 +02:00
Gilles Peskine
02ac93a1a3 Move mbedtls_mpi_random to the bignum module
Since mbedtls_mpi_random() is not specific to ECC code, move it from
the ECP module to the bignum module.

This increases the code size in builds without short Weierstrass
curves (including builds without ECC at all) that do not optimize out
unused functions.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-06-03 18:10:04 +02:00
Gilles Peskine
8cfffb30b3 mbedtls_ecp_gen_privkey_sw: generalize to mbedtls_mpi_random
Rename mbedtls_ecp_gen_privkey_sw to mbedtls_mpi_random since it has
no particular connection to elliptic curves beyond the fact that its
operation is defined by the deterministic ECDSA specification. This is
a generic function that generates a random MPI between 1 inclusive and
N exclusive.

Slightly generalize the function to accept a different lower bound,
which adds a negligible amount of complexity.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-06-03 18:10:04 +02:00
Gilles Peskine
7888073147 mbedtls_ecp_gen_privkey_sw: range and coverage tests
Add unit tests for private key generation on short Weierstrass curves.
These tests validate that the result is within the desired range.
Additionally, they validate that after performing many iterations, the
range is covered to an acceptable extent: for tiny ranges, all values
must be reached; for larger ranges, all value bits must reach both 0
and 1.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-06-03 18:10:04 +02:00
Gilles Peskine
67986d0613 mbedtls_ecp_gen_privkey_mx: make bit manipulations unconditional
Don't calculate the bit-size of the initially generated random number.
This is not necessary to reach the desired distribution of private
keys, and creates a (tiny) side channel opportunity.

This changes the way the result is derived from the random number, but
does not affect the resulting distribution.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-06-03 18:10:04 +02:00
Gilles Peskine
96449ceebe mbedtls_ecp_gen_privkey_mx: remove the exception for all-zero
The library rejected an RNG input of all-bits-zero, which led to the
key 2^{254} (for Curve25519) having a 31/32 chance of being generated
compared to other keys. This had no practical impact because the
probability of non-compliance was 2^{-256}, but needlessly
complicated the code.

The exception was added in 98e28a74e3 to
avoid the case where b - 1 wraps because b is 0. Instead, change the
comparison code to avoid calculating b - 1.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-06-03 18:10:04 +02:00
Gilles Peskine
6ff8a01a57 Add unit tests for mbedtls_ecp_gen_privkey_mx
Test the exact output from known RNG input. This is overly
constraining, but ensures that the code has good properties.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-06-03 18:10:04 +02:00
Gilles Peskine
ecacc3c9d2 Make the fallback behavior of mbedtls_test_rnd_buffer_rand optional
If a fallback is not explicitly configured in the
mbedtls_test_rnd_buf_info structure, fail after the buffer is
exhausted.

There is no intended behavior change in this commit: all existing uses
of mbedtls_test_rnd_buffer_rand() have been updated to set
mbedtls_test_rnd_std_rand as the fallback.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-06-03 18:10:04 +02:00
Gilles Peskine
0b1b0abe33 Update references in some test function documentation
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-06-03 18:10:04 +02:00
Janos Follath
9c6b147d98 PSA PAKE: Add J-PAKE to the interface
Signed-off-by: Janos Follath <janos.follath@arm.com>
2021-06-03 12:07:47 +01:00
Manuel Pégourié-Gonnard
1b1327cc0d
Merge pull request #4581 from TRodziewicz/remove_supp_for_extensions_in_pre-v3_X.509_certs
Remove MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3 option
2021-06-02 13:48:03 +02:00
Thomas Daubney
3726db4750 Removes obsolete test
Removal of obsolete test in
test_suite_ecdh.function and corresponding
.data file.

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
2021-06-01 19:03:08 +01:00
Thomas Daubney
42aaf7a718 Removes component_test_new_ecdh_context in all.sh
Commit removes the
component_test_new_new_ecdh_context in all.sh.

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
2021-06-01 17:48:40 +01:00
Paul Elliott
b2ce2ed6d8 Merge remote-tracking branch 'upstream/development' into psa-m-aead
Conflicts:
* None
2021-06-01 17:13:19 +01:00
Thomas Daubney
8f4eacaac6 Removes MBEDTLS_ECDH_LEGACY_CONTEXT from config.h
Commit removes the definition of
MBEDTLS_ECDH_LEGACY_CONTEXT from config.h.
Additionally removes the unset calls to
MBEDTLS_ECDH_LEGACY_CONTEXT in all.sh.

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
2021-06-01 15:28:26 +01:00
Gilles Peskine
bbd617be5f Remove duplicated definition of ASSERT_ALLOC
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-05-31 20:33:17 +02:00
Gilles Peskine
b2827693b5 Remove spurious dependencies on PEM
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-05-31 20:33:15 +02:00
Ronald Cron
ea62d2f391
Merge pull request #4369 from hanno-arm/relax_psk_config
Implement relaxed semantics for static PSK configuration in Mbed TLS 3.0
2021-05-31 10:03:56 +02:00
TRodziewicz
dee975af7d Remove MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3 option
Remove define

Add ChangeLog file and migration guide entry

Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
2021-05-28 15:27:01 +02:00
TRodziewicz
358e588b32 Temporary addition of an empty assert to satisfy the compiler
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
2021-05-28 12:58:46 +02:00
TRodziewicz
bcd2b4b972 Addition of ommited part of code review follow-up
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
2021-05-28 12:56:57 +02:00
TRodziewicz
9b279f98bc Removal of the rsa_invalid_param() from the test
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
2021-05-27 17:38:53 +02:00
TRodziewicz
2d0769d149 Simplification of the tests
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
2021-05-27 17:36:54 +02:00
TRodziewicz
7019955c76 Removal of the TEST_VALID_PARAM macro and its usages
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
2021-05-27 17:35:04 +02:00
TRodziewicz
062f353804 Changes after code review
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
2021-05-27 17:34:14 +02:00
Ronald Cron
7146cb9488
Merge pull request #4559 from gilles-peskine-arm/psa-storage-format-test-algorithms-3.0
PSA storage format test: algorithms
2021-05-27 17:33:57 +02:00
Ronald Cron
875b5fb7fa Refactor optional parameter check tests
Remove tests related to NULL pointers,
keep tests related to invalid enum values.
Remove test code related to MBEDTLS_CHECK_PARAMS.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
2021-05-27 17:27:14 +02:00
Mateusz Starzyk
e7dce558c9 Merge branch 'development' into mbedtls_private_with_python
Conflicts:
	include/mbedtls/ssl.h

Conflicts resolved by using code from development branch and
manually re-applying MBEDTLS_PRIVATE wrapping.
2021-05-27 16:02:46 +02:00
Mateusz Starzyk
b4a012929d Add test/helpers include to test drivers. Remove config.h include.
"test/helpers.h" defines MBEDTLS_ALLOW_PRIVATE_ACCESS. Drivers can include
that header instead of defining the MBEDTLS_ALLOW_PRIVATE_ACCESS themselves.
"test/helpers.h" includes config header as well. Remove obsolete config
includes from src/drivers.

Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
2021-05-27 14:53:06 +02:00
Mateusz Starzyk
b1982728a5 Document MBEDTLS_ALLOW_PRIVATE_ACCESS inside test/helpers.h.
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
2021-05-27 14:46:48 +02:00
Mateusz Starzyk
3911e70eaa Remove obsolete MBEDTLS_ALLOW_PRIVATE_ACCESS from helpers function.
MBEDTLS_ALLOW_PRIVATE_ACCESS is already defined inside test/helpers.h

Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
2021-05-27 14:44:31 +02:00
Ronald Cron
142c205ffc
Merge pull request #4513 from Patater/psa-without-genprime-fix
psa: Support RSA signature without MBEDTLS_GENPRIME
2021-05-27 14:19:24 +02:00
Gilles Peskine
4023c0153d Add bad-workflow key derivation tests
Add HKDF tests where the sequence of inputs differs from the nominal
case: missing step, duplicate step, step out of order, or invalid step.

There were already similar tests for TLS 1.2 PRF. Add one with a key
agreement which has slightly different code.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-05-27 13:33:22 +02:00
Gilles Peskine
1c77edda15 More explicit names for some bad-workflow key derivation tests
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-05-27 11:55:02 +02:00
TRodziewicz
46cccb8f39 _SSL_DTLS_BADMAC_LIMIT config.h option removed
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
2021-05-26 13:36:21 +02:00
Gilles Peskine
b7abba28e3
Merge pull request #4515 from tom-daubney-arm/remove_rsa_mode_params_2
Remove rsa mode params part 2
2021-05-25 20:36:33 +02:00
Gilles Peskine
45f1cd7834 key_storage_read: pass exercise as a flag rather than a boolean
This will allow adding other flags in the future.

No intended behavior change.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-05-25 20:12:00 +02:00
Gilles Peskine
0225d3a0ce Add missing test suites to CMakeLists.txt
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-05-25 20:11:48 +02:00
Gilles Peskine
ae4c460df6 Do support multiple files generated from the same script
The call to `tests/scripts/generate_psa_tests.py` added by the commit
"generate_psa_tests.py: allow generating each file independently"
assumed that the `check` function supports multiple file names, but in
fact it does not do so. When `generate_psa_tests.py` started generating
more than one file, `check-generated-files.sh` did not detect changes to
files other than the first one listed by `generate_psa_tests.py --list`.

Fix this: change `check` to support either a single directory (with
detection of added/removed files) or a list of files (which is assumed
to be static).

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-05-25 20:11:48 +02:00
Gilles Peskine
20f55f6726 Abbreviate algorithms in test descriptions
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-05-25 19:40:35 +02:00
Gilles Peskine
c5d086f6ae Don't generate non-existent dependency symbols
Filter our algorithm constructors that don't have a dependency symbol
of their own.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-05-25 19:40:08 +02:00
Gilles Peskine
537d5fa48a Expand psa_generate_tests to support constructor arguments
In macro_collector.py, base InputsForTest on PSAMacroEnumerator rather
than PSAMacroCollector. It didn't make much sense to use
PSAMacroCollector anymore since InputsForTest didn't use anything
other than the constructor.

psa_generate_tests now generates arguments for more macros.
In particular, it now collects macro arguments from
test_suite_psa_crypto_metadata. Algorithms with parameters are now
supported.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-05-25 19:39:53 +02:00
Gilles Peskine
3c9d423fe7 Speed up the generation of storage format test cases
First build a list of all keys, then construct all the corresponding
test cases. This allows all required information to be obtained in
one go, which is a significant performance gain as the information
includes numerical values obtained by compiling a C program.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-05-25 19:39:02 +02:00
Gilles Peskine
3d404b8a10 Use InputsForTest in generate_psa_tests
In generate_psa_tests, use InputsForTest rather than PSAMacroCollector
to gather values. This way, the enumeration of values to test includes
values used in metadata tests in addition to constructors parsed from
header files. This allows greater coverage of values built from
constructors with arguments. This doesn't make a difference yet, but
it will once algorithm constructors with arguments are supported in
generate_psa_tests.

Make the injection of numerical values optional. They are useful for
test_psa_constant_names, so keep them there. Don't use them for
not-supported tests: they might make sense, but the current code
wouldn't work since it doesn't know how to make up fake key material
or what dependencies to generate. Don't use them for storage tests:
they only make sense for supported values.

Don't inject 'PSA_SUCCESS': that's superfluous.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-05-25 19:39:02 +02:00
Gilles Peskine
b4edff9cd8 Move InputsForTest to macro_collector.py
This is useful to generate PSA tests for more than constant names.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-05-25 19:39:02 +02:00
Gilles Peskine
95649ed779 Add type annotations
Prepare to move InputsForTest to macro_collector.py.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-05-25 19:39:02 +02:00
Gilles Peskine
c893a570a8 Fix copypasta in documentation
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-05-25 19:39:02 +02:00
TRodziewicz
4ca18aae38 Corrections after the code review
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
2021-05-24 13:38:00 +02:00
TRodziewicz
97e41723fa Remove the _SSL_FALLBACK_ tests
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
2021-05-24 12:50:42 +02:00
TRodziewicz
6370dbeb1d Remove the _SSL_FALLBACK_ parts
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
2021-05-24 12:49:59 +02:00
TRodziewicz
ef73f01927 Removing strayed dtls1 after doing tests
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
2021-05-24 12:49:04 +02:00
TRodziewicz
28126050f2 Removal of constants and functions and a new ChangeLog file
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
2021-05-24 12:48:12 +02:00
TRodziewicz
0f82ec6740 Remove the TLS 1.0 and 1.1 support
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
2021-05-24 12:45:20 +02:00
Hanno Becker
55bc2c53af Test TLS 1.3 PSK binder calculation helper
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-05-24 11:20:30 +01:00
Hanno Becker
a4f40a0f48 Test TLS 1.3 second level key derivation helpers
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-05-24 11:20:27 +01:00
Mateusz Starzyk
28c8cce051 Add conditional error.h include to test helpers function.
`mbedtls_test_hook_error_add` is referenced inside main_test.function.
Including the `error.h` is necessary to build suites which define both
MBEDTLS_TEST_HOOKS and MBEDTLS_ERROR_C, such as:
build_psa_accel_alg_ecdh

Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
2021-05-21 18:10:44 +02:00
Mateusz Starzyk
f2b11a9a77 Add MBEDTLS_ALLOW_PRIVATE_ACCESS to tests drivers
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
2021-05-21 18:10:44 +02:00
Mateusz Starzyk
2c09c9bca9 Introduce MBEDTLS_PRIVATE macro.
Public structs members are considered private and should not
be used by users application.

MBEDTLS_PRIVATE(member) macro is intended to clearly indicate
which members are private.

Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
2021-05-21 18:07:06 +02:00
Ronald Cron
f823722af4
Merge pull request #4532 from gilles-peskine-arm/host_test-int32-3.0
Fix build error in host_test.function when int32_t is not int
2021-05-21 16:02:28 +02:00
Manuel Pégourié-Gonnard
ea047c8590
Merge pull request #4429 from gilles-peskine-arm/openssl-dhparam-robustness-3.0
Fix SSL tests scripts with recent OpenSSL server with Diffie-Hellman
2021-05-21 10:16:38 +02:00
Ronald Cron
ca72287583
Merge pull request #4304 from mstarzyk-mobica/convert_NO_SHA384_to_positive
Modify config option for SHA384.
2021-05-21 08:04:33 +02:00
Paul Elliott
60aa203e30 Remove temporary AEAD CCM implementation
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-05-20 22:44:32 +01:00
Jaeden Amero
424fa93efd psa: Support RSA signature without MBEDTLS_GENPRIME
On space-constrained platforms, it is a useful configuration to be able
to import/export and perform RSA key pair operations, but to exclude RSA
key generation, potentially saving flash space. It is not possible to
express this with the PSA_WANT_ configuration system at the present
time. However, in previous versions of Mbed TLS (v2.24.0 and earlier) it
was possible to configure a software PSA implementation which was
capable of making RSA signatures but not capable of generating RSA keys.
To do this, one unset MBEDTLS_GENPRIME.

Since the addition of MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR, this
expressivity was lost. Expressing that you wanted to work with RSA key
pairs forced you to include the ability to generate key pairs as well.

Change psa_crypto_rsa.c to only call mbedtls_rsa_gen_key() if
MBEDTLS_GENPRIME is also set. This restores the configuration behavior
present in Mbed TLS v2.24.0 and earlier versions.

It left as a future exercise to add the ability to PSA to be able to
express a desire for a software or accelerator configuration that
includes RSA key pair operations, like signature, but excludes key pair
generation.

Without this change, linker errors will occur when attempts to call,
which doesn't exist when MBEDTLS_GENPRIME is unset.
    psa_crypto_rsa.c.obj: in function `rsa_generate_key':
    psa_crypto_rsa.c:320: undefined reference to `mbedtls_rsa_gen_key'

Fixes #4512

Signed-off-by: Jaeden Amero <jaeden.amero@arm.com>
2021-05-20 17:08:59 +01:00
Jaeden Amero
ff143c0a34 psa: Add missing RSA test dependency
The test "PSA generate key: RSA, 1024 bits, good, encrypt (OAEP
SHA-256)" had a dependency on MBEDTLS_GENPRIME, but this was not listed
in the dependencies. Add MBEDTLS_GENPRIME to the test's dependencies to
ensure it has what it needs to run.

Signed-off-by: Jaeden Amero <jaeden.amero@arm.com>
2021-05-20 17:08:59 +01:00
Gilles Peskine
3248be4b3a
Merge pull request #4462 from netfoundry/gcc11.fixes
build with gcc11
2021-05-20 15:54:23 +02:00