Commit graph

3909 commits

Author SHA1 Message Date
Gilles Peskine
178c9aa966 Key derivation: forbid output_key without input_key
If none of the inputs to a key derivation is a
PSA_KEY_DERIVATION_INPUT_SECRET passed with
psa_key_derivation_input_key(), forbid
psa_key_derivation_output_key(). It usually doesn't make sense to
derive a key object if the secret isn't itself a proper key.
2019-09-24 18:39:03 +02:00
Gilles Peskine
1a2904c49a derive_input test function: Try output afterwards
After passing some inputs, try getting one byte of output, just to
check that this succeeds (for a valid sequence of inputs) or fails
with BAD_STATE (for an invalid sequence of inputs). Either output a
1-byte key or a 1-byte buffer depending on the test data.

The test data was expanded as follows:
* Output key type (or not a key): same as the SECRET input if success
  is expected, otherwise NONE.
* Expected status: PSA_SUCCESS after valid inputs, BAD_STATE after any
  invalid input.
2019-09-24 18:39:03 +02:00
Gilles Peskine
2058c07724 derive_input test function: More logical parameter order
No behavior change.
2019-09-24 18:39:03 +02:00
Gilles Peskine
b8965193a0 Use the constant PSA_KEY_TYPE_NONE rather than 0
No behavior change, just a readability improvement.
2019-09-24 18:39:03 +02:00
Gilles Peskine
593773d9f2 Consistently abort key derivation operations on input error 2019-09-24 18:39:03 +02:00
Gilles Peskine
224b0d656a Key derivation: allow both keys and direct inputs
Allow a direct input as the SECRET input step in a key derivation, in
addition to allowing DERIVE keys. This makes it easier for
applications to run a key derivation where the "secret" input is
obtained from somewhere else. This makes it possible for the "secret"
input to be empty (keys cannot be empty), which some protocols do (for
example the IV derivation in EAP-TLS).

Conversely, allow a RAW_DATA key as the INFO/LABEL/SALT/SEED input to a key
derivation, in addition to allowing direct inputs. This doesn't
improve security, but removes a step when a personalization parameter
is stored in the key store, and allows this personalization parameter
to remain opaque.

Add test cases that explore step/key-type-and-keyhood combinations.
2019-09-24 18:39:03 +02:00
Gilles Peskine
6842ba4d7a PSA crypto KDF: test bytes/key input independently of the step type
This commit only makes derive_input more flexible so that the key
derivation API can be tested with different key types and raw data for
each input step. The behavior of the test cases remains the same.
2019-09-24 18:39:03 +02:00
Gilles Peskine
6ddb4d8434 Improve descriptions of derive test cases
Systematically use "PSA key derivation setup" for derive_setup. This
resolves the ambiguity between derive_setup and derive_input calls.
2019-09-24 18:37:19 +02:00
Gilles Peskine
31b0a3c351 Add a test component with malloc(0) returning NULL
Exercise the library functions with calloc returning NULL for a size
of 0. Make this a separate job with UBSan (and ASan) to detect
places where we try to dereference the result of calloc(0) or to do
things like

    buf = calloc(size, 1);
    if (buf == NULL && size != 0) return INSUFFICIENT_MEMORY;
    memcpy(buf, source, size);

which has undefined behavior when buf is NULL at the memcpy call even
if size is 0.

This is needed because other test components jobs either use the system
malloc which returns non-NULL on Linux and FreeBSD, or the
memory_buffer_alloc malloc which returns NULL but does not give as
useful feedback with ASan (because the whole heap is a single C
object).
2019-09-24 18:28:26 +02:00
Gilles Peskine
0a048b2833
Merge pull request #270 from gilles-peskine-arm/test_outcome_file-crypto-fix
Fix test case descriptions
2019-09-24 15:54:54 +02:00
Ron Eldor
af7724e985 Fix endianity issue when reading uint32
The uint32 is given as a bigendian stream, in the tests, however,
the char buffer that collected the stream read it as is,
without converting it. Add a temporary buffer, to call `greentea_getc()`
8 times, and then put it in the correct endianity for input to `unhexify()`.
2019-09-24 11:23:15 +03:00
Ron Eldor
635888b287 Reduce stack usage of test_suite_pkcs1_v15
Reduce the stack usage of the `test_suite_pkcs1_v15` by reducing the
size of the buffers used in the tests, to a reasonable big enough size.
2019-09-24 11:22:51 +03:00
Ron Eldor
6fd1aa050e Increase test suite timeout
Increase the test suite timeouit from 180 seconds, to 800 seconds,
since some tests consume more time, even if all tests are skipped.
2019-09-24 11:22:23 +03:00
Ron Eldor
5b8f120fca Reduce stack usage of test_suite_pkcs1_v21
Reduce the stack usage of the `test_suite_pkcs1_v21` by reducing the
size of the buffers used in the tests, to a reasonable big enough size,
and change the size sent to the API to sizeof output.
2019-09-24 11:22:04 +03:00
Ron Eldor
fdc15bd581 Reduce stack usage of test_suite_rsa
Reduce the stack usage of the `test_suite_rsa` by reducing the
size of the buffers used in the tests, to a reasonable big enough size,
and change the data size to decrypt in the data file.
2019-09-24 11:21:36 +03:00
Ron Eldor
58e3f69dd3 Reduce stack usage of test_suite_pk
Reduce the stack usage of the `test_suite_pk` by reducing the
size of the buffers used in the tests, to a reasonable big enough size.
2019-09-24 11:21:21 +03:00
Jaeden Amero
c21a9f04f9 Merge remote-tracking branch 'origin/pr/2765' into development
* origin/pr/2765: (28 commits)
  Add set+get tests
  Consolidate tests for set with/without values
  config.py testing: also test the get command
  Compatibility redirect: add copyright notice
  Compatibility redirect: if python3 is not available, try python
  Fix config.py output when a symbol has acquired or lost a value
  Remove redundant test case
  cmake: update interpreter requirement for the test suite generator
  cmake: fix Python requirement
  Test script for config.py
  Documentation improvements
  Fix "#define ... not found" error when using the default file name
  Fix "--force set" without a value sneaking a None in
  Fix --force requiring an argument
  Fix Config.unset() making the name known
  Also search config.h near the script
  Report an error if switching to Python fails
  Fix 'config.py set' without --force
  Fix encoding errors
  Print help when invoked with no arguments
  ...
2019-09-23 17:27:44 +01:00
Gilles Peskine
7e88e13d94 Test data: replace "::" by ":"
The current test generator code accepts multiple colons as a
separator, but this is just happenstance due to how the code, it isn't
robust. Replace "::" by ":", which is more future-proof and allows
simple separator-based navigation.
2019-09-20 16:01:59 +02:00
Gilles Peskine
efa2ac879d Uniquify test case descriptions
Make check-test-cases.py pass.

Prior to this commit, there were many repeated test descriptions, but
none with the same test data and dependencies and comments, as checked
with the following command:

    for x in tests/suites/*.data; do perl -00 -ne 'warn "$ARGV: $. = $seen{$_}\n" if $seen{$_}; $seen{$_}=$.' $x; done

Wherever a test suite contains multiple test cases with the exact same
description, add " [#1]", " [#2]", etc. to make the descriptions
unique. We don't currently use this particular arrangement of
punctuation, so all occurrences of " [#" were added by this script.

I used the following ad hoc code:

import sys

def fix_test_suite(data_file_name):
    in_paragraph = False
    total = {}
    index = {}
    lines = None
    with open(data_file_name) as data_file:
        lines = list(data_file.readlines())
        for line in lines:
            if line == '\n':
                in_paragraph = False
                continue
            if line.startswith('#'):
                continue
            if not in_paragraph:
                # This is a test case description line.
                total[line] = total.get(line, 0) + 1
                index[line] = 0
            in_paragraph = True
    with open(data_file_name, 'w') as data_file:
        for line in lines:
            if line in total and total[line] > 1:
                index[line] += 1
                line = '%s [#%d]\n' % (line[:-1], index[line])
            data_file.write(line)

for data_file_name in sys.argv[1:]:
    fix_test_suite(data_file_name)
2019-09-20 15:59:31 +02:00
Gilles Peskine
44393c81aa psa_crypto: Add an ECDH+HKDF test with longer output
A test case for 32+0 was present three times, evidently overeager
copy-paste. Replace the duplicates by test cases that read more than
32 bytes, which exercises HKDF a little more (32 bytes is significant
because HKDF-SHA-256 produces output in blocks of 32 bytes).

I obtained the test data by running our implementation, because we're
confident in our implementation now thanks to other test cases: this
data is useful as a non-regression test.
2019-09-20 15:59:28 +02:00
Gilles Peskine
d9be186a39 psa_crypto: Fix OAEP test
There's a SHA256 test without a label and one with a label, so do the
same for SHA384.
2019-09-20 15:59:24 +02:00
Gilles Peskine
d17cf9d0c4 psa_crypto: Remove duplicate test case
Nothing seems to be missing in its stead.
2019-09-20 15:59:17 +02:00
Gilles Peskine
52c7d998af psa_crypto_se_driver_hal: Fix copypasta in test cases
Before: say CCM twice, do GCM twice.
After: say CCM and do CCM, then say GCM and do GCM.
2019-09-20 15:59:00 +02:00
Gilles Peskine
f3eddd68bb pkcs1_v21: Fix copypasta in test case
There should have been a good-saltlen test case and a bad-saltlen test
case for both sizes 522 and 528, but the 522-bad-saltlen test case was
missing and the 528-good-saltlen test case was repeated. Fix this.
2019-09-20 15:58:54 +02:00
Gilles Peskine
c5dce20b4e cipher.nist_kw: Fix duplicate test case
There are two test vectors in RFC 5649. There was only one in our test
suite, run twice. Put the second test vector instead of repeating the
first.
2019-09-20 15:58:48 +02:00
Gilles Peskine
bfcb69cd5c blowfish: Fix encrypt test case that should have been decrypt
Test vector #15 was encrypted twice. Decrypt it the second time.
2019-09-20 15:58:36 +02:00
Gilles Peskine
e07960cf40 aria: Remove duplicate test cases
No data seems to be missing, just some duplicated cases, perhaps due
to naming inconsistencies "ECB_Xxcrypt" vs "ECB Xxcrypt" which I also
fixed.
2019-09-20 15:58:27 +02:00
Gilles Peskine
c893235ea1
Merge pull request #115 from gilles-peskine-arm/psa-error-compatibility_aliases
Improve how generate_psa_constants handles compatibility aliases
2019-09-19 16:20:08 +02:00
Gilles Peskine
95758f8d61 *.data: remove semicolons from test case descriptions
Don't use semicolons in test case descriptions. The test outcome file
is a semicolon-separated CSV file without quotes to keep things
simple, so fields in that file may not contain semicolons.
2019-09-19 15:26:57 +02:00
Gilles Peskine
a291413a1e
Merge pull request #257 from gilles-peskine-arm/psa-remove_zero_length_keys
Forbid zero-length keys
2019-09-19 13:07:41 +02:00
Gilles Peskine
16a25e005d Add set+get tests
The tests were not covering get for a symbol with a value. No symbol
has an uncommented value in the default config.h. (Actually there's
_CRT_SECURE_NO_DEPRECATE, but that's a bit of a hack that this script
is not expected to handle, so don't use it).

Add tests of "get FOO" after "set FOO" and "set FOO value", so that we
have coverage for "get FOO" when "FOO" has a value.
2019-09-19 12:19:24 +02:00
Gilles Peskine
fd7ad33ee9 Consolidate tests for set with/without values
We currently test setting a symbol with a value even if it didn't
originally had one and vice versa. So there's no need to have separate
lists of symbols to test with. Just test everything we want to test
with each symbol.
2019-09-19 12:18:23 +02:00
Gilles Peskine
9004a1768b Set meaningful test configuration names when running tests
Set MBEDTLS_TEST_PLATFORM and MBEDTLS_TEST_CONFIGURATION to meaningful
values in all.sh. These environment variables are used when
writing an outcome file, which happens if MBEDTLS_TEST_OUTCOME_FILE is
also set.

When running one of the try-multiple-configuration scripts, set
MBEDTLS_TEST_CONFIGURATION to a value that uniquely describes the
configuration.
2019-09-18 17:44:29 +02:00
Gilles Peskine
654bab7635 ssl-opt: remove semicolons from test case descriptions
Don't use semicolons in test case descriptions. The test outcome file
is a semicolon-separated CSV file without quotes to keep things
simple, so fields in that file may not contain semicolons.
2019-09-18 17:44:29 +02:00
Gilles Peskine
560280b17d Test outcome file support: ssl-opt.sh
If the environment variable MBEDTLS_TEST_OUTCOME_FILE is set, then for
each test case, write a line to the file with the given name, of the
form

    PLATFORM;CONFIGURATION;ssl-opt;TEST CASE DESCRIPTION;PASS/FAIL/SKIP;CAUSE

PLATFORM and CONFIGURATION come from the environment variables
MBEDTLS_TEST_PLATFORM and MBEDTLS_TEST_CONFIGURATION. If these
variables are unset, the script uses some easily-calculated values.
2019-09-18 17:44:29 +02:00
Gilles Peskine
51dcc24998 Test outcome file support: test suites
If the environment variable MBEDTLS_TEST_OUTCOME_FILE is set, then for
each test case, write a line to the file with the given name, of the
form

    PLATFORM;CONFIGURATION;TEST SUITE;TEST CASE DESCRIPTION;PASS/FAIL/SKIP;CAUSE

PLATFORM and CONFIGURATION come from the environment variables
MBEDTLS_TEST_PLATFORM and MBEDTLS_TEST_CONFIGURATION.

Errors while writing the test outcome file are not considered fatal,
and are not reported except for an error initially opening the file.
This is in line with other write errors that are not checked.
2019-09-18 17:44:29 +02:00
Gilles Peskine
47b7540fec Give a type name to test_info
Make it possible to pass test_info around rather than always refer to the
global variable.
2019-09-18 17:44:29 +02:00
Gilles Peskine
31fccc80a5 Fix typo in message 2019-09-18 17:44:29 +02:00
Gilles Peskine
3c1c8ea3e7 Prefer unsigned types for non-negative numbers
Use size_t for some variables that are array indices.
Use unsigned for some variables that are counts of "small" things.
2019-09-18 17:44:29 +02:00
Gilles Peskine
a708dae94b Add comment to help syntax highlighting in editors 2019-09-18 17:44:29 +02:00
Jaeden Amero
914a5071b4 Bump Mbed TLS version to 2.19.1 2019-09-18 13:42:36 +01:00
k-stachowiak
9b88efc378 Check len against buffers size upper bound in PSA tests 2019-09-13 15:26:53 +02:00
Gilles Peskine
61695e70f8 config.py testing: also test the get command 2019-09-13 15:17:57 +02:00
Gilles Peskine
89cc74f447 Fix signature size checks in psa_asymmetric_verify for RSA
The signature must have exactly the same length as the key, it can't
be longer. Fix #258

If the signature doesn't have the correct size, that's an invalid
signature, not a problem with an output buffer size. Fix the error code.

Add test cases.
2019-09-13 11:39:11 +02:00
Gilles Peskine
f686042554 Fix config.py output when a symbol has acquired or lost a value
Normally a valueless symbol remains valueless and a symbol with a
value keeps having one. But just in case a symbol does get changed
from valueless to having a value, make sure there's a space between
the symbol and the value. And if a symbol gets changed from having a
value to valueless, strip trailing whitespace.

Add corresponding tests.

Also fix the case of a valueless symbol added with the set method,
which would have resulted in attempting to use None as a string. This
only happened with the Python API, not with the command line API.
2019-09-13 11:04:24 +02:00
Gilles Peskine
e3734bd13a Remove redundant test case 2019-09-13 11:04:24 +02:00
Gilles Peskine
00ed2e1986 cmake: update interpreter requirement for the test suite generator
The test suite generator has been a Python script for a long time,
but tests/CMakeLists.txt still looked for Perl. The reference to
PYTHON_INTERP only worked due to a call to find_package(PythonInterp)
in the toplevel CMakeLists.txt, and cmake would not have printed the
expected error message if python was not available.
2019-09-13 11:04:24 +02:00
Gilles Peskine
878acd6490 Test script for config.py
Run config.py with various options and store the results in files.

This script also supports the now-removed config.pl.

This is a framework to run non-regression tests on config.py: run it
with the old version, run it with the new version, and compare the
output.

This is deliberately not a functional test suite so that we don't need
to maintain a set of known outputs. When something changes in
config.py (or config.h), run the script before, run it after, and
check manually whether any differences in the output are acceptable.
2019-09-13 11:04:24 +02:00
Gilles Peskine
5d46f6a89b Invoke config.py instead of config.pl
git grep -Fl /config.pl | xargs sed -i -e 's!/config\.pl!/config.py!g'

Also:
* Change one comment in include/mbedtls/check_config.h.
* Change PERL to PYTHON in CMakeLists.txt.
2019-09-13 11:04:23 +02:00
Gilles Peskine
4019f0e914 Immediately reject 0-size signature buffer when signing
In psa_asymmetric_sign, immediately reject an empty signature buffer.
This can never be right.

Add test cases (one RSA and one ECDSA).

Change the SE HAL mock tests not to use an empty signature buffer.
2019-09-12 22:05:59 +02:00
Gilles Peskine
043b281714 Add a few test cases for non-byte-aligned raw data keys
Add tests for derivation.

Test both 7 bits and 9 bits, in case the implementation truncated the
bit size down and 7 was rejected as 0 rather than because it isn't a
multiple of 8.

There is no corresponding test for import because import determines
the key size from the key data, which is always a whole number of bytes.
2019-09-12 19:05:00 +02:00
Gilles Peskine
a782b95806 Add test cases for zero-length keys
Check that zero-length keys cannot be imported, generated or derived.
2019-09-12 19:01:52 +02:00
Gilles Peskine
491181bd9d Remove test cases that use zero-length keys
If there isn't already a test with a raw data key of the now-minimal
length (1 byte), change the test case to a 1-byte key.
2019-09-12 18:50:58 +02:00
Jaeden Amero
62be28b525 Merge remote-tracking branch 'origin/pr/2469' into development
* origin/pr/2469:
  Enable MBEDTLS_MEMORY_DEBUG in memory buffer alloc test in all.sh
  Remove unnecessary memory buffer alloc unsets
  Disable DTLS proxy tests for MEMORY_BUFFER_ALLOC test
  all.sh: restructure memory allocator tests
  Add missing dependency in memory buffer alloc set in all.sh
  Don't set MBEDTLS_MEMORY_DEBUG through `scripts/config.pl full`
  Add cfg dep MBEDTLS_MEMORY_DEBUG->MBEDTLS_MEMORY_BUFFER_ALLOC_C
  Fix memory leak in CSR test suite on failure
  Fix a memory leak in x509write test suite
  Add all.sh run with full config and ASan enabled
  Add all.sh run with MBEDTLS_MEMORY_BUFFER_ALLOC_C enabled
  Update documentation of exceptions for `config.pl full`
  Adapt all.sh to removal of buffer allocator from full config
  Disable memory buffer allocator in full config
  Check dependencies of MBEDTLS_MEMORY_BACKTRACE in check_config.h
2019-09-12 16:45:55 +01:00
Gilles Peskine
2dedcc5989 Change X.509 test cases to not rely on asn1parse limitations
Tweak test data for one test case to not rely on mbedtls_asn1_get_int
lacking support for leading zeros. Instead, use a number that is
actually out of range for int.

Tweak test data for one test case to not rely on
mbedtls_asn1_get_bitstring_null rejecting bitstrings shorter than two
octets. Instead, try bit strings that are genuinely invalid, or have a
nonzero number of unused bits.

Add a test case with a correct empty signature. This is commented out
because asn1parse currently does not support this. Uncomment it when
asn1parse is updated to support this.
2019-09-11 17:23:07 +02:00
Gilles Peskine
2cd8ecc08b New test helper macro ASSERT_ALLOC_WEAK
The new macro ASSERT_ALLOC_WEAK does not fail the test case if the
memory allocation fails. This is useful for tests that allocate a
large amount of memory, but that aren't useful on platforms where
allocating such a large amount is not possible.

Ideally this macro should mark the test as skipped. We don't yet have
a facility for that but we're working on it. Once we have a skip
functionality, this macro should be changed to use it.
2019-09-11 15:46:45 +02:00
Gilles Peskine
a902303587 Test mbedtls_asn1_store_named_data 2019-09-11 15:46:45 +02:00
Gilles Peskine
9311cf5093 asn1write: test NULL, OID and AlgorithmIdentifier 2019-09-11 15:46:45 +02:00
Gilles Peskine
91d8d023c2 Fix typo that prevented mbedtls_asn1_write_len tests from running 2019-09-11 15:46:45 +02:00
Gilles Peskine
3f37dca794 asn1write: Test short and large buffers more systematically
Use the test-many-sizes framework for string writes as
well (previously, it was only used for booleans and integers). This
way, more edge cases are tested with less test code.

This commit removes buffer overwrite checks. Instead of these checks,
run the test suite under a memory sanitizer (which we do in our CI).
2019-09-11 15:46:45 +02:00
Gilles Peskine
3a032c36c1 Add test cases for BOOLEANs and INTEGERs
Omit negative integers and MPIs that would result in values that look
like negative INTEGERs, since the library doesn't respect the
specifications there, but fixing it has a serious risk of breaking
interoperability when ASN.1 is used in X.509 and other
cryptography-related applications.
2019-09-11 15:46:44 +02:00
Gilles Peskine
27d806fab4 Add ASN.1 parsing tests
Add self-contained ASN.1 parsing tests, so that ASN.1 parsing is not
solely tested through X.509 and TLS.

The tests cover every function and almost complete line coverage in
asn1parse.c.

A few test cases containing negative and edge case INTEGER values are
deliberately deactivated because the historical library behavior is at
odds with official specifications, but changing the behavior might
break interoperability.

Other than that, these tests revealed a couple of minor bugs which
will be fixed in subsequent commits.
2019-09-11 15:46:44 +02:00
Gilles Peskine
5605591cc1 Report step number when a test case fails
Allow test code to declare a "step number". Report the current step
number when a test fails.
2019-09-11 15:46:44 +02:00
Jaeden Amero
cc5aeee278
Merge pull request #248 from RonEld/stack_overflow_in_hmac_fix
Fix a buffer overflow in hmac_setup_internal
2019-09-11 13:55:18 +01:00
Ron Eldor
5a0f45b61b Modify tests
1. Rephrase test description and move it to the section where
all other same tests are located.
2. Add another test for short key.
2019-09-11 14:09:08 +03:00
Ron Eldor
16cca804fb Add non regression test
Add a test that adds a very long key for an unsupported algorithm.
2019-09-11 10:14:48 +03:00
Andrzej Kurek
9f409f6aec Enable MBEDTLS_MEMORY_DEBUG in memory buffer alloc test in all.sh 2019-09-10 04:28:55 -04:00
Gilles Peskine
75cc771d3a Run psa_collect_statuses.py in all.sh
Since it needs a slightly different build, even if that's only for the
tests, make it its own component.
2019-09-06 19:47:17 +02:00
Gilles Peskine
51681556cf PSA return status coverage script
Add infrastructure to run unit tests and collect the return values for
every PSA API function that returns psa_status_t.

    ./tests/scripts/psa_collect_statuses.py >statuses.txt
2019-09-06 19:28:47 +02:00
Gilles Peskine
1983512803 Add backward compatibility alias for PSA_ERROR_CORRUPTION_DETECTED
This was renamed from PSA_ERROR_TAMPERING_DETECTED. Add a backward
compatibility alias in case somebody was already using it.
2019-09-06 17:48:56 +02:00
Gilles Peskine
5c196fb599 Readability improvements
No indented semantic change.
2019-09-06 17:35:51 +02:00
Andrzej Kurek
4b3a45e190 Remove unnecessary memory buffer alloc unsets
This define is turned off by default
2019-09-06 07:47:56 -04:00
Andrzej Kurek
1e56d2c3de Disable DTLS proxy tests for MEMORY_BUFFER_ALLOC test 2019-09-06 07:44:37 -04:00
Andrzej Kurek
69f20aae77 all.sh: restructure memory allocator tests
Run basic tests and ssl-opt with memory backtrace disabled, then
run basic tests only with it enabled.
2019-09-06 07:44:37 -04:00
Hanno Becker
d7064202ea Add missing dependency in memory buffer alloc set in all.sh 2019-09-06 07:44:37 -04:00
Hanno Becker
bf2dacb8fe Fix memory leak in CSR test suite on failure 2019-09-06 07:44:37 -04:00
Hanno Becker
2fcdd7446e Fix a memory leak in x509write test suite
This leak wasn't discovered by the CI because the only test in
all.sh exercising the respective path enabled the custom memory
buffer allocator implementations of calloc() and free(), hence
bypassing ASan.
2019-09-06 07:44:37 -04:00
Hanno Becker
0163551aa0 Add all.sh run with full config and ASan enabled 2019-09-06 07:44:37 -04:00
Hanno Becker
0fb9ba2760 Add all.sh run with MBEDTLS_MEMORY_BUFFER_ALLOC_C enabled
With the removal of MBEDTLS_MEMORY_BUFFER_ALLOC_C from the
full config, there are no tests for it remaining in all.sh.
This commit adds a build as well as runs of `make test` and
`ssl-opt.sh` with MBEDTLS_MEMORY_BUFFER_ALLOC_C enabled to all.sh.
2019-09-06 07:44:37 -04:00
Unknown
790c281f51 Adapt all.sh to removal of buffer allocator from full config
Previously, numerous all.sh tests manually disabled the buffer allocator
or memory backtracting after setting a full config as the starting point.

With the removal of MBEDTLS_MEMORY_BACKTRACE and MBEDTLS_MEMORY_BUFFER_ALLOC_C
from full configs, this is no longer necessary.
2019-09-06 07:44:37 -04:00
Jaeden Amero
92348d1c49 Merge remote-tracking branch 'crypto/development' into development-restricted
* crypto/development: (77 commits)
  all.sh: disable MEMORY_BUFFER_ALLOC in cmake asan build
  Unify gcc and clang cmake flags to test with UBsan
  Add an input check in psa_its_set
  Remove storage errors from psa_generate_random
  Update getting_started.md
  Update based on Jaeden's comments.
  Update getting_started.md
  Fix return code warnings
  Update getting_started.md
  Fix warnings
  Add PSA_ERROR_STORAGE_FAILURE to psa_cipher_generate_iv
  Remove errorneous insert
  Add STORAGE_FAILURE everywhere + add missing codes
  Add storage failure to psa_mac_verify_finish
  Add storage failure to psa_mac_sign_finish
  Add PSA_ERROR_STORAGE_FAILURE to psa_aead_*_setup functions
  Added PSA_ERROR_BAD_STATE to functions with operations
  Added extra bad state case to psa_hash_setup
  Add missing return codes to psa_generate_key
  Add PSA_ERROR_BUFFER_TOO_SMALL to psa_mac_compute
  ...
2019-09-06 08:56:21 +01:00
Jaeden Amero
c9c4ca3f40 Merge remote-tracking branch 'origin/development' into development-restricted
* origin/development:
  Fix copypasta in msg
  When not using PSA crypto, disable it
  Disable MEMORY_BUFFER_ALLOC with ASan
  Remove config.pl calls with no effect
  ssl-opt.sh: wait for proxy to start before running the script further
  Adapt ChangeLog
  Fix mpi_bigendian_to_host() on bigendian systems
2019-09-05 18:14:14 +01:00
Jaeden Amero
c12cb5236b
Merge pull request #239 from AndrzejKurek/psa-its-file-fixes
Remove a potential call to fwrite with null buffer. Add UBsan testing
2019-09-05 16:40:08 +01:00
Unknown
f094b53e8e all.sh: disable MEMORY_BUFFER_ALLOC in cmake asan build
Enabling MBEDTLS_MEMORY_BUFFER_ALLOC_C bypasses ASan leak checks
because system calloc() and free() aren't used.
2019-09-05 09:34:57 -04:00
Jaeden Amero
4714fd8998 Merge remote-tracking branch 'origin/pr/2815' into development
* origin/pr/2815:
  ssl-opt.sh: wait for proxy to start before running the script further
2019-09-05 14:24:07 +01:00
Jaeden Amero
ba7f4d1484 Merge remote-tracking branch 'origin/pr/2771' into development
* origin/pr/2771:
  Fix copypasta in msg
  When not using PSA crypto, disable it
  Disable MEMORY_BUFFER_ALLOC with ASan
  Remove config.pl calls with no effect
2019-09-05 14:23:55 +01:00
Janos Follath
651eac8c5e Make tests use the new deterministic ECDSA function
In preparation of deprecating the old and less secure deterministic
ECDSA signature function we need to remove it from the test. At the
same time, the new function needs to be tested. Modifying the tests
to use the new function achieves both of these goals.
2019-09-05 11:18:58 +01:00
Jaeden Amero
c04305f036 Merge remote-tracking branch 'crypto/development' into development-restricted
* crypto/development: (863 commits)
  crypto_platform: Fix typo
  des: Reduce number of self-test iterations
  Fix -O0 build for Aarch64 bignum multiplication.
  Make GNUC-compatible compilers use the right mbedtls_t_udbl again on Aarch64 builds.
  Add optimized bignum multiplication for Aarch64.
  Enable 64-bit limbs for all Aarch64 builds.
  HMAC DRBG: Split entropy-gathering requests to reduce request sizes
  psa: Use application key ID where necessary
  psa: Adapt set_key_id() for when owner is included
  psa: Add PSA_KEY_ID_INIT
  psa: Don't duplicate policy initializer
  crypto_extra: Use const seed for entropy injection
  getting_started: Update for PSA Crypto API 1.0b3
  Editorial fixes.
  Cross reference 'key handles' from INVALID_HANDLE
  Update documentation for psa_destroy_key
  Update documentation for psa_close_key
  Update psa_open_key documentation
  Remove duplicated information in psa_open_key
  Initialize key bits to max size + 1 in psa_import_key
  ...
2019-09-05 11:11:38 +01:00
Jaeden Amero
4013b98df0
Merge pull request #166 from k-stachowiak/IOTCRYPT-440-add-missing-dec_empty_buf-tests
Add missing dec_empty_buf tests
2019-09-04 10:18:11 +01:00
Gilles Peskine
dc3a179995 Fix copypasta in msg 2019-09-03 14:11:36 +02:00
Gilles Peskine
6ce30722d0 When not using PSA crypto, disable it
In the test with the full config without MBEDTLS_USE_PSA_CRYPTO, don't
build MBEDTLS_PSA_CRYPTO_C, since it isn't supposed to be used.
2019-09-03 14:11:36 +02:00
Gilles Peskine
751bb4c0e1 Disable MEMORY_BUFFER_ALLOC with ASan
MBEDTLS_MEMORY_BUFFER_ALLOC_C makes ASan mostly ineffective since it
hides allocations. So disable it when testing with ASan.
2019-09-03 14:11:36 +02:00
Gilles Peskine
c6f1c84663 Remove config.pl calls with no effect
When MBEDTLS_MEMORY_BUFFER_ALLOC_C is disabled, other
MBEDTLS_MEMORY_xxx options have no effect, so don't bother unsetting
them explicitly.
2019-09-03 14:11:36 +02:00
Unknown
d364f4c7dd ssl-opt.sh: wait for proxy to start before running the script further 2019-09-02 10:42:57 -04:00
Jaeden Amero
4cf0e7e4d2 Merge remote-tracking branch 'origin/development' into development-restricted
* origin/development: (42 commits)
  Handle deleting non-existant files on Windows
  Update submodule
  Use 3rdparty headers from the submodule
  Add Everest components to all.sh
  3rdparty: Add config checks for Everest
  Fix macros in benchmark.c
  Update generated files
  3rdparty: Fix inclusion order of CMakeLists.txt
  Fix trailing whitespace
  ECDH: Fix inclusion of platform.h for proper use of MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED
  ECDH: Fix use of ECDH API in full handshake benchmark
  ECDH: Removed unnecessary calls to mbedtls_ecp_group_load in ECDH benchmark
  ECDH: Fix Everest x25519 make_public
  Fix file permissions
  3rdparty: Rename THIRDPARTY_OBJECTS
  3rdparty: Update description of MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED
  3rdparty: Fix Makefile coding conventions
  ECDSA: Refactor return value checks for mbedtls_ecdsa_can_do
  Add a changelog entry for Everest ECDH (X25519)
  Document that curve lists can include partially-supported curves
  ...
2019-08-30 16:24:18 +01:00
Jaeden Amero
49fcbeab14 Merge remote-tracking branch 'origin/pr/2799' into development
Manually edit ChangeLog to ensure correct placement of ChangeLog notes.

* origin/pr/2799: (42 commits)
  Handle deleting non-existant files on Windows
  Update submodule
  Use 3rdparty headers from the submodule
  Add Everest components to all.sh
  3rdparty: Add config checks for Everest
  Fix macros in benchmark.c
  Update generated files
  3rdparty: Fix inclusion order of CMakeLists.txt
  Fix trailing whitespace
  ECDH: Fix inclusion of platform.h for proper use of MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED
  ECDH: Fix use of ECDH API in full handshake benchmark
  ECDH: Removed unnecessary calls to mbedtls_ecp_group_load in ECDH benchmark
  ECDH: Fix Everest x25519 make_public
  Fix file permissions
  3rdparty: Rename THIRDPARTY_OBJECTS
  3rdparty: Update description of MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED
  3rdparty: Fix Makefile coding conventions
  ECDSA: Refactor return value checks for mbedtls_ecdsa_can_do
  Add a changelog entry for Everest ECDH (X25519)
  Document that curve lists can include partially-supported curves
  ...
2019-08-30 15:50:45 +01:00
Darryl Green
9b9a790be6 Handle deleting non-existant files on Windows
If we try to delete a non-existant file using del on Windows, as
can happen when running make clean, del will throw an error. Make
the Makefiles more robust by only deleting files if they exist.
2019-08-30 15:45:46 +01:00
Jaeden Amero
d031378ff5 Merge remote-tracking branch 'origin/development' into development-restricted
* origin/development:
  Update library version to 2.19.0
  ssl-opt.sh: Add var's of context s11n tests for ChaChaPoly,CCM,GCM
  ssl-opt.sh: Duplicate context serialization tests for CID
  Fix SSL context deserialization
2019-08-30 15:30:58 +01:00
Jaeden Amero
379964a7b6 Merge remote-tracking branch 'origin/pr/2814' into development
* origin/pr/2814:
  Update library version to 2.19.0
2019-08-30 14:40:57 +01:00
Darryl Green
fe997c646b Update library version to 2.19.0 2019-08-30 13:02:16 +01:00
Hanno Becker
e0b90ece55 ssl-opt.sh: Add var's of context s11n tests for ChaChaPoly,CCM,GCM
This commit splits each test in ssl-opt.sh related to context serialization
in three tests, exercising the use of CCM, GCM and ChaChaPoly separately.

The reason is that the choice of primitive affects the presence and size
of an explicit IV, and we should test that space for those IVs is correctly
restored during context deserialization; in fact, this was not the case
previously, as fixed in the last commit, and was not caught by the tests
because only ChaChaPoly was tested.
2019-08-30 12:14:38 +01:00
Hanno Becker
1b18fd3afe ssl-opt.sh: Duplicate context serialization tests for CID
This commit introduces a variant of each existing test for
context serialization in ssl-opt.sh that also uses the DTLS
Connection ID feature.
2019-08-30 12:14:38 +01:00
Janos Follath
4f055f4ca2 Use 3rdparty headers from the submodule 2019-08-29 16:12:38 +01:00
Gilles Peskine
0c6b79979c Add Everest components to all.sh
Test a native build and a 32-bit build. For variety, the native build
is with CMake and clang, and the 32-bit build is with GNU make and
gcc.
2019-08-29 16:12:38 +01:00
Christoph M. Wintersteiger
37eb90617a 3rdparty: Fix Makefile coding conventions 2019-08-29 16:12:38 +01:00
Christoph M. Wintersteiger
655ddababa 3rdparty: Add additional build facilities for 3rd-party code 2019-08-29 16:12:38 +01:00
Christoph M. Wintersteiger
9b33e7d7d7 ECDH: Exclude FStar and Hacl* from exported symbol checks 2019-08-29 16:12:38 +01:00
Christoph M. Wintersteiger
346932a099 Fix preprocessor directive recognition in list-enum-consts.pl 2019-08-29 16:12:38 +01:00
Christoph M. Wintersteiger
e0e8eb3114 ECDH: Add #ifdef filter to tests/scripts/list-enum-consts.pl
This allows the use of #ifdef ... #endif in enum definitions (e.g.,
mbedtls_ecdh_variant in ecdh.h).
2019-08-29 16:12:38 +01:00
Christoph M. Wintersteiger
977d89ab29 ECDH: Include Everest Curve25519 in build scripts 2019-08-29 16:12:38 +01:00
Jaeden Amero
f0716542c4
Merge pull request #140 from yanesca/everest_integration
Everest integration
2019-08-29 16:02:49 +01:00
Jaeden Amero
64f264332f Merge remote-tracking branch 'origin/development' into development-restricted
* origin/development:
  Update the crypto submodule
  Use multipart PSA key derivation API
  platform: Include stdarg.h where needed
  Update Mbed Crypto to contain mbed-crypto#152
  CMake: Add a subdirectory build regression test
  README: Enable builds as a CMake subproject
  ChangeLog: Enable builds as a CMake subproject
  Remove use of CMAKE_SOURCE_DIR
  Update library version to 2.18.0
2019-08-29 14:14:05 +01:00
Jaeden Amero
21db2a94a4
Merge pull request #229 from k-stachowiak/IOTCRYPT-791-remove-legacy-psa-key-derivation
Remove legacy psa key derivation
2019-08-29 11:31:23 +01:00
Jaeden Amero
4e0db5642a Merge branch 'mbedtls-2.18' into development
Bring Mbed TLS 2.18.0 and 2.18.1 release changes back into the
development branch. We had branched to release 2.18.0 and 2.18.1 in
order to allow those releases to go out without having to block work on
the `development` branch.

Manually resolve conflicts in the Changelog by moving all freshly addded
changes to a new, unreleased version entry.

Reject changes to include/mbedtls/platform.h made in the mbedtls-2.18
branch, as that file is now sourced from Mbed Crypto.

* mbedtls-2.18:
  platform: Include stdarg.h where needed
  Update Mbed Crypto to contain mbed-crypto#152
  CMake: Add a subdirectory build regression test
  README: Enable builds as a CMake subproject
  ChangeLog: Enable builds as a CMake subproject
  Remove use of CMAKE_SOURCE_DIR
  Update library version to 2.18.0
2019-08-27 11:18:28 +01:00
Jaeden Amero
f1cdceae0d Merge remote-tracking branch 'origin/development' into development-restricted
* origin/development: (114 commits)
  Don't redefine calloc and free
  Add changelog entry to record checking
  Fix compiler warning
  Add debug messages
  Remove duplicate entries from ChangeLog
  Fix parameter name in doxygen
  Add missing guards for mac usage
  Improve reability and debugability of large if
  Fix a typo in a comment
  Fix MSVC warning
  Fix compile error in reduced configurations
  Avoid duplication of session format header
  Implement config-checking header to context s11n
  Provide serialisation API only if it's enabled
  Fix compiler warning: comparing signed to unsigned
  Actually reset the context on save as advertised
  Re-use buffer allocated by handshake_init()
  Enable serialisation tests in ssl-opt.sh
  Change requirements for setting timer callback
  Add setting of forced fields when deserializing
  ...
2019-08-27 10:09:10 +01:00
Manuel Pégourié-Gonnard
862b3196d6 Enable serialisation tests in ssl-opt.sh
They currently pass in a default build.
2019-08-23 13:11:31 +03:00
Jarno Lamsa
c2376f049a Add tests for re-init flow for context serialization 2019-08-23 13:05:42 +03:00
Jarno Lamsa
a0b2cd6f82 ssl-opt.sh tests for serialization are currently using stub implementation 2019-08-23 12:53:40 +03:00
Jarno Lamsa
cbee1b3bda Add missing slashes to tests 2019-08-23 12:53:40 +03:00
Jarno Lamsa
2937d81eb8 Add serialization tests to ssl-opt.sh 2019-08-23 12:53:40 +03:00
Hanno Becker
f9b3303eb9 Introduce specific error for ver/cfg mismatch on deserialization
This commit introduces a new SSL error code

  `MBEDTLS_ERR_SSL_VERSION_MISMATCH`

which can be used to indicate operation failure due to a
mismatch of version or configuration.

It is put to use in the implementation of `mbedtls_ssl_session_load()`
to signal the attempt to de-serialize a session which has been serialized
in a build of Mbed TLS using a different version or configuration.
2019-08-23 12:51:21 +03:00
Hanno Becker
fe1275e3fe Improve test for detection of ver/cfg corruption in serialized data
This commit improves the test exercising the behaviour of
session deserialization when facing an unexpected version
or config, by testing ver/cfg corruption at any bit in the
ver/cfg header of the serialized data; previously, it had
only tested the first bit of each byte.
2019-08-23 12:51:21 +03:00
Hanno Becker
363b646dd8 Use US spelling 'serialize' instead of UK spelling 'serialise' 2019-08-23 12:51:21 +03:00
Hanno Becker
bb54d5a3b1 Use consistent spelling of 'serialise/serialize' in SSL test suite 2019-08-23 12:51:21 +03:00
Hanno Becker
861d0bbbf2 Add negative tests for unexpected ver/cfg in session deserialization 2019-08-23 12:51:21 +03:00
Manuel Pégourié-Gonnard
aa75583ced Re-enable test that now works with new format
Previously the test didn't work because of embedded pointer values that
are not predictable. Now it works as we no longer serialize such values.
2019-08-23 12:50:17 +03:00
Manuel Pégourié-Gonnard
eef4c753f1 Adapt buffering test to new ticket size
The size of the ticket used in this test dropped from 192 to 143 bytes, so
move all sizes used in this test down 50 bytes. Also, we now need to adapt the
server response size as the default size would otherwise collide with the new
mtu value.
2019-08-23 12:50:17 +03:00
Manuel Pégourié-Gonnard
ee13a732d6 Fix serialization tests for !SSL_KEEP_PEER_CERT
The chosen fix matches what's currently done in the baremetal branch - except
the `#ifdef` have been adapted because now in baremetal the digest is not kept
if renegotiation is disabled.
2019-08-23 12:48:41 +03:00
Manuel Pégourié-Gonnard
686adb4d54 Normalize spelling to serialiZation
We have explicit recommendations to use US spelling for technical writing, so
let's apply this to code as well for uniformity. (My fingers tend to prefer UK
spelling, so this needs to be fixed in many places.)

sed -i 's/\([Ss]eriali\)s/\1z/g' **/*.[ch] **/*.function **/*.data ChangeLog
2019-08-23 12:48:41 +03:00
Manuel Pégourié-Gonnard
1f6033a479 Fix undeclared dependency on FS_IO in test code
Found by 'all.sh test_no_platform' and by 'tests/scripts/test-ref-configs.pl'.
2019-08-23 12:48:41 +03:00
Manuel Pégourié-Gonnard
220403b954 Fix style issues and typos in test code 2019-08-23 12:48:41 +03:00
Manuel Pégourié-Gonnard
b40799035b Fix another wrong check for errors in test code 2019-08-23 12:48:41 +03:00
Manuel Pégourié-Gonnard
f9deaece43 Add test that save-load is the identity
This test works regardless of the serialisation format and embedded pointers
in it, contrary to the load-save test, though it requires more maintenance of
the test code (sync the member list with the struct definition).
2019-08-23 12:48:41 +03:00
Manuel Pégourié-Gonnard
6b840704c4 Fix populate_session() and its usage in tests
Not checking the return value allowed a bug to go undetected, fix the bug and
check the return value.
2019-08-23 12:48:41 +03:00
Manuel Pégourié-Gonnard
a3d831b9e6 Add test for session_load() from small buffers
This uncovered a bug that led to a double-free (in practice, in general could
be free() on any invalid value): initially the session structure is loaded
with `memcpy()` which copies the previous values of pointers peer_cert and
ticket to heap-allocated buffers (or any other value if the input is
attacker-controlled). Now if we exit before we got a chance to replace those
invalid values with valid ones (for example because the input buffer is too
small, or because the second malloc() failed), then the next call to
session_free() is going to call free() on invalid pointers.

This bug is fixed in this commit by always setting the pointers to NULL right
after they've been read from the serialised state, so that the invalid values
can never be used.

(An alternative would be to NULL-ify them when writing, which was rejected
mostly because we need to do it when reading anyway (as the consequences of
free(invalid) are too severe to take any risk), so doing it when writing as
well is redundant and a waste of code size.)

Also, while thinking about what happens in case of errors, it became apparent
to me that it was bad practice to leave the session structure in an
half-initialised state and rely on the caller to call session_free(), so this
commit also ensures we always clear the structure when loading failed.
2019-08-23 12:48:41 +03:00
Manuel Pégourié-Gonnard
f5fa0aa664 Add test for session_save() on small buffers 2019-08-23 12:48:41 +03:00
Manuel Pégourié-Gonnard
5b1674e0ba Disable test for load-save identity
This test appeared to be passing for the wrong reason, it's actually not
appropriate for the current implementation. The serialised data contains
values of pointers to heap-allocated buffers. There is no reason these should
be identical after a load-save pair. They just happened to be identical when I
first ran the test due to the place of session_free() in the test code and the
fact that the libc's malloc() reused the same buffers. The test no longer
passes if other malloc() implementations are used (for example, when compiling
with asan which avoids re-using the buffer, probably for better error
detection).

So, disable this test for now (we can re-enable it when we changed how
sessions are serialised, which will be done in a future PR, hence the name of
the dummy macro in depends_on). In the next commit we're going to add a test
that save-load is the identity instead - which will be more work in testing as
it will require checking each field manually, but at least is reliable.
2019-08-23 12:48:41 +03:00
Manuel Pégourié-Gonnard
3caa6caf4a Improve load-save test with tickets and certs 2019-08-23 12:48:41 +03:00
Manuel Pégourié-Gonnard
6eac11b007 Start adding unit test for session serialisation
This initial test ensures that a load-save function is the identity. It is so
far incomplete in that it only tests sessions without tickets or certificate.
This will be improved in the next commits.
2019-08-23 12:48:41 +03:00
Manuel Pégourié-Gonnard
a7c3765760 Add tests for session copy without serialisation 2019-08-23 12:48:41 +03:00
Manuel Pégourié-Gonnard
8faa70e810 Use more specific name in debug message for testing
While 'session hash' is currently unique, so suitable to prove that the
intended code path has been taken, it's a generic enough phrase that in the
future we might add other debug messages containing it in completely unrelated
code paths. In order to future-proof the accuracy of the test, let's use a
more specific string.
2019-08-23 12:45:33 +03:00
Manuel Pégourié-Gonnard
7fa1407adb Remove redundant debug message.
Two consecutive messages (ie no branch between them) at the same level are not
needed, so only keep the one that has the most information.
2019-08-23 12:45:33 +03:00
Jaeden Amero
833899ee37 Merge remote-tracking branch 'origin/development' into development-restricted
* origin/development: (51 commits)
  Fix possibly-lossy conversion warning from MSVC
  Reintroduce length 0 check for records
  Don't use memcpy() for 2-byte copy operation
  Remove integer parsing macro
  Fix alignment in record header parsing routine
  Don't disallow 'record from another epoch' log msg in proxy ref test
  Make sure 'record from another epoch' is displayed for next epoch
  Implement record checking API
  Mark ssl_parse_record_header() as `const` in SSL context
  Make mbedtls_ssl_in_hdr_len() CID-unaware
  Remove duplicate setting of ssl->in_msgtype and ssl->in_msglen
  Move update of in_xxx fields in ssl_get_next_record()
  Move update of in_xxx fields outside of ssl_prepare_record_content()
  Reduce dependency of ssl_prepare_record_content() on in_xxx fields
  Move ssl_update_in_pointers() to after record hdr parsing
  Mark DTLS replay check as `const` on the SSL context
  Move updating the internal rec ptrs to outside of rec hdr parsing
  Mark ssl_decrypt_buf() as `const in the input SSL context
  Adapt ssl_prepare_record_content() to use SSL record structure
  Use record length from record structure when fetching content in TLS
  ...
2019-08-22 17:10:45 +01:00
Jaeden Amero
beec142010 Merge remote-tracking branch 'origin/pr/2790' into development
* origin/pr/2790: (40 commits)
  Fix possibly-lossy conversion warning from MSVC
  Reintroduce length 0 check for records
  Don't use memcpy() for 2-byte copy operation
  Remove integer parsing macro
  Fix alignment in record header parsing routine
  Don't disallow 'record from another epoch' log msg in proxy ref test
  Make sure 'record from another epoch' is displayed for next epoch
  Implement record checking API
  Mark ssl_parse_record_header() as `const` in SSL context
  Make mbedtls_ssl_in_hdr_len() CID-unaware
  Remove duplicate setting of ssl->in_msgtype and ssl->in_msglen
  Move update of in_xxx fields in ssl_get_next_record()
  Move update of in_xxx fields outside of ssl_prepare_record_content()
  Reduce dependency of ssl_prepare_record_content() on in_xxx fields
  Move ssl_update_in_pointers() to after record hdr parsing
  Mark DTLS replay check as `const` on the SSL context
  Move updating the internal rec ptrs to outside of rec hdr parsing
  Mark ssl_decrypt_buf() as `const in the input SSL context
  Adapt ssl_prepare_record_content() to use SSL record structure
  Use record length from record structure when fetching content in TLS
  ...
2019-08-22 11:09:15 +01:00
Darryl Green
74c932e596 Parametrize key bits in import mock test 2019-08-21 16:56:16 +01:00
Jaeden Amero
4abb40cab3 Clean up core storage between tests 2019-08-21 16:56:16 +01:00
Unknown
f740b0abbb crypto_se_driver: add verification mock test 2019-08-21 16:56:16 +01:00
Unknown
b7656a8a85 crypto_se_driver: add signing mock test 2019-08-21 16:56:16 +01:00
Unknown
136901c24c crypto_se_driver: add public key exporting test 2019-08-21 16:56:16 +01:00
Unknown
903b5da51c crypto_se_driver: add an error injection mechanism to the mocks 2019-08-21 16:56:16 +01:00
Unknown
9fd6b0cb6f crypto_se_driver: add key generation mock and test 2019-08-21 16:56:16 +01:00
Unknown
c9ad5910aa crypto_se_driver: add mock tests
Mock key importing and exporting
2019-08-21 16:56:16 +01:00
Jaeden Amero
b090d5dc2a
Merge pull request #231 from dgreen-arm/api-to-development
Merge psa api branch into development
2019-08-21 11:50:57 +01:00
Darryl Green
572a16e694 Merge branch 'psa-api-1.0-beta' into api-to-development 2019-08-21 10:31:12 +01:00
Unknown
712f7a804e Add a check for double underscores in identifiers in check-names.sh 2019-08-21 03:34:00 -04:00
Unknown
e2e19959d7 Rename AEAD macro to not use double underscores
This pattern (identifiers containing a double underscore anywhere in them)
is reserved.
2019-08-21 03:33:04 -04:00
Gilles Peskine
09a24b3dda Add Everest components to all.sh
Test a native build and a 32-bit build. For variety, the native build
is with CMake and clang, and the 32-bit build is with GNU make and
gcc.
2019-08-19 13:37:46 +01:00
Christoph M. Wintersteiger
02174b90dc 3rdparty: Fix Makefile coding conventions 2019-08-19 13:37:46 +01:00
Christoph M. Wintersteiger
6ea2dea1c5 3rdparty: Add additional build facilities for 3rd-party code 2019-08-19 13:37:46 +01:00
Christoph M. Wintersteiger
8a0f5bb3c1 Make check-names.sh find the right names in 3rdparty
Essentially adds the Everest .h and .c files to the various variables. This
should be generalized at some point, but there is no infrastructure for this
yet.
2019-08-19 13:36:44 +01:00
Christoph M. Wintersteiger
1083a25a29 ECDH: Exclude FStar and Hacl* from exported symbol checks 2019-08-19 13:36:44 +01:00
Christoph M. Wintersteiger
7cc4c68eb6 Fix preprocessor directive recognition in list-enum-consts.pl 2019-08-19 13:36:44 +01:00
Christoph M. Wintersteiger
6817b9e819 ECDH: Add #ifdef filter to tests/scripts/list-enum-consts.pl
This allows the use of #ifdef ... #endif in enum definitions (e.g.,
mbedtls_ecdh_variant in ecdh.h).
2019-08-19 13:36:44 +01:00
Christoph M. Wintersteiger
d5fd766c49 ECDH: Include Everest Curve25519 in build scripts 2019-08-19 13:36:44 +01:00
Jaeden Amero
89e7655691 Merge remote-tracking branch 'crypto/pr/212' into development
* crypto/pr/212: (337 commits)
  Make TODO comments consistent
  Fix PSA tests
  Fix psa_generate_random for >1024 bytes
  Add tests to generate more random than MBEDTLS_CTR_DRBG_MAX_REQUEST
  Fix double free in psa_generate_key when psa_generate_random fails
  Fix copypasta in test data
  Avoid a lowercase letter in a macro name
  Correct some comments
  Fix PSA init/deinit in mbedtls_xxx tests when using PSA
  Make psa_calculate_key_bits return psa_key_bits_t
  Adjust secure element code to the new ITS interface
  More refactoring: consolidate attribute validation
  Fix policy validity check on key creation.
  Add test function for import with a bad policy
  Test key creation with an invalid type (0 and nonzero)
  Remove "allocated" flag from key slots
  Take advantage of psa_core_key_attributes_t internally #2
  Store the key size in the slot in memory
  Take advantage of psa_core_key_attributes_t internally: key loading
  Switch storage functions over to psa_core_key_attributes_t
  ...
2019-08-16 11:02:31 +01:00
Jaeden Amero
58f11d010b Merge branch 'development' into development-restricted
* development:
  Update crypto to a repo with latest crypto
  Update Mbed Crypto
  tls: Remove duplicate psa_util.h include
  Remove unused cryptography test files
  Remove crypto C files
  Remove files sourced from Mbed Crypto
  config: Fix Doxygen link to MBEDTLS_PARAM_FAILED
  Use mbedtls-based path for includes
  check-names: Consider crypto-sourced header files
2019-08-16 10:14:40 +01:00
Jaeden Amero
9d20e1f2c4 Merge remote-tracking branch 'tls/development' into development
Resolve conflicts by performing the following actions:
- Reject changes to ChangeLog, as Mbed Crypto doesn't have one
- Reject changes to tests/compat.sh, as Mbed Crypto doesn't have it
- Reject changes to programs/fuzz/onefile.c, as Mbed Crypto doesn't have
  it
- Resolve minor whitespace differences in library/ecdsa.c by taking the
  version from Mbed TLS upstream.

* origin/development:
  Honor MBEDTLS_CONFIG_FILE in fuzz tests
  Test that a shared library build produces a dynamically linked executable
  Test that the shared library build with CMake works
  Add a test of MBEDTLS_CONFIG_FILE
  Exclude DTLS 1.2 only with older OpenSSL
  Document the rationale for the armel build
  Switch armel build to -Os
  Add a build on ARMv5TE in ARM mode
  Add changelog entry for ARM assembly fix
  bn_mul.h: require at least ARMv6 to enable the ARM DSP code
  Adapt ChangeLog
  ECP restart: Don't calculate address of sub ctx if ctx is NULL
2019-08-15 15:49:46 +01:00
Jaeden Amero
70de9dc052 Remove unused cryptography test files 2019-08-15 15:44:50 +01:00
Jaeden Amero
78d9d0c1e9 check-names: Consider crypto-sourced header files
Many identifiers come from Mbed Crypto. Teach check-names.sh to look in
the crypto submodule for identifiers, to avoid incorrect test results.
2019-08-15 15:24:26 +01:00
k-stachowiak
3794dec52b Change the expected error for two key derivation tests 2019-08-14 19:23:24 +02:00
Gilles Peskine
4017d882dd Merge remote-tracking branch 'upstream-restricted/development-proposed' into development-restricted-proposed 2019-08-14 18:38:42 +02:00
Gilles Peskine
60b29d6bfd Merge remote-tracking branch 'upstream-restricted/pr/503' into development-restricted-proposed 2019-08-14 18:37:59 +02:00
Hanno Becker
b2a86c3e01 Don't disallow 'record from another epoch' log msg in proxy ref test
It happens regularly in test runs that the server example application
shuts down a connection, goes into waiting mode for a new connection,
and then receives the encrypted ClosureAlert from the client. The only
reason why this does currently not trigger the 'record from another epoch'
message is that we handle ClientHello parsing outside of the main record
stack because we want to be able to detect SSLv2 ClientHellos. However,
this is likely to go away, and once it happens, we'll see the log message.
Further, when record checking is used, every record, including the mentioned
closure alert, is passed to the record checking API before being passed to
the rest of the stack, which leads to the log message being printed.

In summary, grepping for 'record from another epoch' is a fragile way
of checking whether a reordered message has arrived. A more reliable
way is to grep for 'Buffer record from epoch' which is printed when
a record from a future epoch is actually buffered, and 'ssl_buffer_message'
which is the function buffering a future handshake message.
2019-08-14 15:08:08 +01:00
Gilles Peskine
61fc108d25 Merge remote-tracking branch 'upstream-public/pr/2728' into development 2019-08-14 16:00:58 +02:00
Gilles Peskine
681edbeaa6 Merge remote-tracking branch 'upstream-public/pr/2777' into development 2019-08-14 15:59:01 +02:00
Gilles Peskine
317f940304
Merge pull request #144 from gilles-peskine-arm/oss-fuzz-fix-build-crypto
Fix full build including non-boolean with Asan: crypto part
2019-08-14 15:30:18 +02:00
k-stachowiak
012dcc4b87 Remove PSA_PRE_1_0_KEY_DERIVATION and the corresponding code 2019-08-13 18:42:40 +02:00
Gilles Peskine
56c0161b68 Test that a shared library build produces a dynamically linked executable 2019-08-13 17:54:26 +02:00
Gilles Peskine
cf74050fea Test that the shared library build with CMake works 2019-08-13 17:54:26 +02:00
Gilles Peskine
abf9b4dee8 Add a test of MBEDTLS_CONFIG_FILE
configs/README.txt documents that you can use an alternative
configuration file by defining the preprocessor symbol
MBEDTLS_CONFIG_FILE. Test this.
2019-08-13 17:54:26 +02:00
Gilles Peskine
5da7b3e55c Drivers must have a psa_destroy_key method
Drivers that allow destroying a key must have a destroy method. This
test bug was previously not caught because of an implementation bug
that lost the error triggered by the missing destroy method.
2019-08-13 16:04:34 +02:00
Gilles Peskine
8fe253ae4a SE keys: test that psa_destroy_key removes the key from storage 2019-08-13 15:11:25 +02:00
Gilles Peskine
6eece5b666 Exclude DTLS 1.2 only with older OpenSSL
compat.sh used to skip OpenSSL altogether for DTLS 1.2, because older
versions of OpenSSL didn't support it. But these days it is supported.

We don't want to use DTLS 1.2 with OpenSSL unconditionally, because we
still use legacy versions of OpenSSL to test with legacy ciphers. So
check whether the version we're using supports it.
2019-08-13 10:36:14 +02:00
Gilles Peskine
8df72f271f SE generate/sign/verify tests: also test export_public
Add a flow where the key is imported or fake-generated in the secure
element, then call psa_export_public_key and do the software
verification with the public key.
2019-08-09 16:43:36 +02:00
Gilles Peskine
af906f852c RAM test driver: implement export_public 2019-08-09 16:43:36 +02:00
Gilles Peskine
c068ded015 RAM test driver: improve key creation
Factor common code of ram_import and ram_fake_generate into a common
auxiliary function.

Reject key types that aren't supported by this test code.

Report the bit size correctly for EC key pairs.
2019-08-09 16:43:36 +02:00
Gilles Peskine
eecadde6ad SE support: Test sign and verify hooks with a passthrough driver 2019-08-09 16:43:35 +02:00
Gilles Peskine
11792086cc SE keys: implement and smoke-test p_generate 2019-08-09 16:43:35 +02:00
Gilles Peskine
f3801fff77 Update import_key and generate_key SE methods to the current API
The methods to import and generate a key in a secure element drivers
were written for an earlier version of the application-side interface.
Now that there is a psa_key_attributes_t structure that combines all
key metadata including its lifetime (location), type, size, policy and
extra type-specific data (domain parameters), pass that to drivers
instead of separate arguments for each piece of metadata. This makes
the interface less cluttered.

Update parameter names and descriptions to follow general conventions.

Document the public-key output on key generation more precisely.
Explain that it is optional in a driver, and when a driver would
implement it. Declare that it is optional in the core, too (which
means that a crypto core might not support drivers for secure elements
that do need this feature).

Update the implementation and the tests accordingly.
2019-08-09 16:43:35 +02:00
Gilles Peskine
2c897d76ff Document the rationale for the armel build
Call the component xxx_arm5vte, because that's what it does. Explain
"armel", and more generally why this component exists, in a comment.
2019-08-09 16:05:05 +02:00
Gilles Peskine
49bd58274e Test the call to p_validate_slot_number when registering a key 2019-08-09 15:05:32 +02:00
Gilles Peskine
d772958ffc New function mbedtls_psa_register_se_key
Register an existing key in a secure element.

Minimal implementation that doesn't call any driver method and just
lets the application declare whatever it wants.
2019-08-09 15:05:21 +02:00
Gilles Peskine
e88c2c1338 Pass the key creation method to drivers
Pass the key creation method (import/generate/derive/copy) to the
driver methods to allocate or validate a slot number. This allows
drivers to enforce policies such as "this key slot can only be used
for keys generated inside the secure element".
2019-08-09 14:59:31 +02:00
Gilles Peskine
b231d996a0
Merge pull request #202 from gilles-peskine-arm/psa-se_driver-choose_key_slot_number
Let applications create a key in a specific secure element slot
2019-08-09 14:29:54 +02:00
Gilles Peskine
fdbc544b22
Merge pull request #192 from gilles-peskine-arm/psa-test-policy_bad_algorithm
Add some negative tests for policy checks
2019-08-09 13:32:45 +02:00
Janos Follath
849b05afb8 Fix PSA tests
The test framework has changed, but it did not cause any merge
conflicts. Still it affected new code in the tests.
2019-08-09 10:22:32 +01:00
Gilles Peskine
8a52af9b77 Switch armel build to -Os
Without any -O option, the default is -O0, and then the assembly code
is not used, so this would not be a non-regression test for the
assembly code that doesn't build.
2019-08-08 16:09:02 +02:00
Janos Follath
8aa7e9bc56 Merge branch 'psa-api-1.0-beta' into merge-psa-api-branch-into-development 2019-08-08 14:40:23 +01:00
Gilles Peskine
0a1104474b Test restarting after creating a key in a specific slot 2019-08-08 11:02:30 +02:00
Gilles Peskine
46d9439a5e Support slot_number attribute when creating a key
Allow the application to choose the slot number in a secure element,
rather than always letting the driver choose.

With this commit, any application may request any slot. In an
implementation with isolation, it's up to the service to filter key
creation requests and apply policies to limit which applications can
request which slot.
2019-08-08 11:02:30 +02:00