Commit graph

420 commits

Author SHA1 Message Date
Andrzej Kurek
780dc18f74 Refactor test_suite_ssl tests to enable cache setting
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-07-04 10:18:28 -04:00
Neil Armstrong
db13497490 Reorganize & add more handshake_ciphersuite_select to test all MBEDTLS_KEY_EXCHANGE_XXX cases
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-06-30 09:06:28 +02:00
Neil Armstrong
8c52ed8d1e Add negative testing of ciphersuite selection using Opaque algs & usage
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-06-28 18:12:17 +02:00
Ronald Cron
585cd70d04 tests: ssl: Fix coverity deadcode issue
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-06-28 09:21:13 +02:00
Ronald Cron
cf600bc07c Comment fixes
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-06-27 09:28:49 +02:00
Ronald Cron
e7b9b6b380 tls13: Add checks of overread check failures
In Certificate message parsing tests with
invalid vector lengths, add checks that the
parsing failed on the expected overread check.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-06-27 09:28:49 +02:00
Ronald Cron
e3dac4aaa1 tls13: Add Certificate msg parsing tests with invalid vector lengths
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-06-27 09:28:42 +02:00
Ronald Cron
21a1b2d374 Enable "Sending app data" SSL unit tests for TLS 1.3
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-06-24 12:06:46 +02:00
Przemek Stekiel
0c9e74bd55 Remove mbedtls_psa_hkdf_expand() and mbedtls_psa_hkdf_extract() tests
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-06-21 07:22:33 +02:00
Gilles Peskine
e0469b5908
Merge pull request #931 from AndrzejKurek/clihlo_cookie_pxy_fix
Add a client hello cookie_len overflow test
2022-06-20 19:35:54 +02:00
Andrzej Kurek
ed4d217874 Add missing test dependencies for cookie parsing
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-06-08 11:57:57 -04:00
Andrzej Kurek
078e9bcda6 Add the mbedtls prefix to ssl_check_dtls_clihlo_cookie
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-06-08 11:47:33 -04:00
Ronald Cron
bdddaef9bb test: ssl: Enable client authentication in handshake state tests
The endpoint initialization function was setting up
a certificate but the client certificate was not
used because client authentication was not enabled
(not enabled in the default SSL server configuration).

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-06-07 11:13:49 +02:00
Andrzej Kurek
cfb01948c8 Add cookie parsing tests to test_suite_ssl
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-06-06 15:29:15 -04:00
Jerry Yu
6994e3e0c2 fix various issues
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-06-06 11:50:49 +08:00
Jerry Yu
1443537da3 fix test fail when WANT_READ/WRITE returned
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-06-01 15:53:31 +08:00
Jerry Yu
66adf3155c Update comments
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-05-31 15:23:29 +08:00
Jerry Yu
df0a71a0b0 Add handshake version test
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-05-31 15:06:04 +08:00
Jerry Yu
d9d049d180 revert dbg config
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-05-31 15:06:04 +08:00
Jerry Yu
d8c57feaf9 Add moving state test for TLS1.3
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-05-31 15:06:04 +08:00
Jerry Yu
023ff7acb1 Move dependes_on of move handshakes state
Prepare share move_handshake_state function with
TLSv1.3

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-05-31 15:06:04 +08:00
Shaun Case
8b0ecbccf4 Redo of PR#5345. Fixed spelling and typographical errors found by CodeSpell.
Signed-off-by: Shaun Case <warmsocks@gmail.com>
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2022-05-11 21:25:51 +01:00
Neil Armstrong
4c3b4e079c Initialize & free PSA in test_multiple_psks()
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-05-04 11:08:41 +02:00
Manuel Pégourié-Gonnard
ad47487e25
Merge pull request #5742 from superna9999/5669-review-test-incompatible-psa
Fixup or re-enable tests with Use PSA
2022-04-28 09:57:13 +02:00
Paul Elliott
a2da9c7e45
Merge pull request #5631 from gstrauss/enum-tls-vers
Unify internal/external TLS protocol version enums
2022-04-19 17:05:26 +01:00
Glenn Strauss
59b0d54ba0 Convert tests to use mbedtls_ssl_conf_(min|max)_tls_version()
Replace use of mbedtls_ssl_conf_(min/max)_version()

(PR feedback from @ronald-cron-arm)

Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
2022-04-14 15:40:14 -04:00
Glenn Strauss
39e624ca76 Convert tests to use MBEDTLS_SSL_VERSION_TLS1_*
(PR feedback from @ronald-cron-arm)

Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
2022-04-14 15:40:14 -04:00
Glenn Strauss
e3af4cb72a mbedtls_ssl_(read|write)_version using tls_version
remove use of MBEDTLS_SSL_MINOR_VERSION_*
remove use of MBEDTLS_SSL_MAJOR_VERSION_*
(only remaining use is in tests/suites/test_suite_ssl.data)

Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
2022-04-14 15:40:14 -04:00
Glenn Strauss
60bfe60d0f mbedtls_ssl_ciphersuite_t min_tls_version,max_tls_version
Store the TLS version in tls_version instead of major, minor version num

Note: existing application use which accesses the struct member
(using MBEDTLS_PRIVATE) is not compatible, as the struct is now smaller.

Reduce size of mbedtls_ssl_ciphersuite_t

members are defined using integral types instead of enums in
order to pack structure and reduce memory usage by internal
ciphersuite_definitions[]

Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
2022-04-14 15:40:12 -04:00
Glenn Strauss
2dfcea2b9d mbedtls_ssl_config min_tls_version, max_tls_version
Store the TLS version in tls_version instead of major, minor version num

Note: existing application use which accesses the struct member
(using MBEDTLS_PRIVATE) is not compatible on little-endian platforms,
but is compatible on big-endian platforms.  For systems supporting
only TLSv1.2, the underlying values are the same (=> 3).

New setter functions are more type-safe,
taking argument as enum mbedtls_ssl_protocol_version:
mbedtls_ssl_conf_max_tls_version()
mbedtls_ssl_conf_min_tls_version()

Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
2022-04-14 15:39:43 -04:00
Glenn Strauss
da7851c825 Rename mbedtls_ssl_session minor_ver to tls_version
Store the TLS version instead of minor version number in tls_version.

Note: struct member size changed from unsigned char to uint16_t
Due to standard structure padding, the structure size does not change
unless alignment is 1-byte (instead of 2-byte or more)

Note: existing application use which accesses the struct member
(using MBEDTLS_PRIVATE) is compatible on little-endian platforms,
but not compatible on big-endian platforms.  The enum values for
the lower byte of MBEDTLS_SSL_VERSION_TLS1_2 and of
MBEDTLS_SSL_VERSION_TLS1_3 matches MBEDTLS_SSL_MINOR_VERSION_3 and
MBEDTLS_SSL_MINOR_VERSION_4, respectively.

Note: care has been taken to preserve serialized session format,
which uses only the lower byte of the TLS version.

Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
2022-04-14 15:23:57 -04:00
Glenn Strauss
07c641605e Rename mbedtls_ssl_transform minor_ver to tls_version
Store the TLS version in tls_version instead of minor version number.

Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
2022-04-14 15:23:54 -04:00
Glenn Strauss
dff84620a0 Unify internal/external TLS protocol version enums
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
2022-04-14 13:45:20 -04:00
Neil Armstrong
06baf04870 Initialize PSA to fix move_handshake_to_state when USE_PSA is enabled
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-04-14 16:21:15 +02:00
Neil Armstrong
537e915a6e Enable DTLS renegotiation, resize_buffers, _serialize_mfl & renegotiate_mfl tests with PSA
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-04-14 15:40:26 +02:00
Neil Armstrong
181fe694ef Enable handshake_serialization & handshake_fragmentation tests with PSA
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-04-14 15:39:01 +02:00
Neil Armstrong
993eea3362 Enable app_data_tls & app_data_dtls tests with PSA
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-04-14 15:37:23 +02:00
Neil Armstrong
0739336dd2 Enable mbedtls_endpoint_sanity tests with PSA
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-04-14 15:36:17 +02:00
Andrzej Kurek
83e60eef4d tests: fix bitflip comment
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-04-14 08:51:41 -04:00
Andrzej Kurek
57f58b0e65 Prefer TEST_EQUAL over TEST_ASSERT in test suites
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-04-08 16:51:03 -04:00
Gilles Peskine
b4f874d1da raw_key_agreement_fail: Add a nominal run
Ensure that the nominal run works properly, so that it's apparent that the
injected failure is responsible for the failure of the handshake.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-08 16:50:38 -04:00
Gilles Peskine
6cbc9986fb Remove redundant empty slot count check
USE_PSA_DONE() already checks that there are no used key slots.

The call to TEST_ASSERT() wouldn't have worked properly on failure anyway,
since it would jump back to the exit label.

Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-04-08 16:47:19 -04:00
Andrzej Kurek
28f883eba5 Remove RSA & DTLS dependency in raw key agreement test
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-04-08 16:46:57 -04:00
Andrzej Kurek
cb33bc5d0b Change the bit to flip to guarantee failure
For weistrass curves the pair is encoded as 0x04 || x || y.
Flipping one of the bits in the first byte should be a sure failure.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-04-06 11:26:39 -04:00
Andrzej Kurek
39d88d4918 Change the number of expected free key slots
TLS code now uses PSA to generate an ECDH private key.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-04-06 11:26:39 -04:00
Andrzej Kurek
41b7e66e61 Tests: add missing requirements for the raw key agreement test
SECP384R1 is needed for the default loaded
certificate.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-04-06 11:26:39 -04:00
Andrzej Kurek
cc28e9a252 Tests: add missing group termination
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-04-06 11:26:39 -04:00
Andrzej Kurek
65ded569e0 Update raw key agreement test dependencies
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-04-06 11:26:39 -04:00
Andrzej Kurek
b3427823bd Test failing raw_key_agreement in ssl mock tests
Force a bitflip in server key to make the raw key
agreement fail, and then verify that no key slots
are left open at the end. Use a Weierstrass curve
to have a high chance of failure upon encountering
such bitflip.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-04-06 11:24:17 -04:00
Andrzej Kurek
74394a5c39 Add a group_list argument to mocked ssl tests
This will be used to force a group list in certain tests
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-04-06 11:23:34 -04:00
Ronald Cron
0e980e8e84
Merge pull request #5640 from ronald-cron-arm/version-negotiation-2
TLS 1.2/1.3 version negotiation - 2
2022-04-01 12:29:06 +02:00
Manuel Pégourié-Gonnard
33a9d61885
Merge pull request #5638 from paul-elliott-arm/ssl_cid_accessors
Accessors to own CID within mbedtls_ssl_context
2022-04-01 11:36:00 +02:00
Manuel Pégourié-Gonnard
6a25159c69
Merge pull request #5648 from gabor-mezei-arm/5403_hkdf_use_internal_psa_implementations
HKDF 2: use internal implementations in TLS 1.3
2022-04-01 11:15:29 +02:00
Paul Elliott
02758a51df Add tls CID tests
Add tests to test tls coneection id functionality, including the new
'own cid' accessor.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2022-03-31 19:21:41 +01:00
Ronald Cron
37bdaab64f tls: Simplify the logic of the config version check and test it
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-31 09:26:58 +02:00
Manuel Pégourié-Gonnard
3304f253d7
Merge pull request #5653 from paul-elliott-arm/handshake_over
Add mbedtls_ssl_is_handshake_over()
2022-03-30 12:16:40 +02:00
Ronald Cron
f660655b84 TLS: Allow hybrid TLS 1.2/1.3 in default configurations
This implies that when both TLS 1.2 and TLS 1.3
are included in the build all the TLS 1.2 tests
using the default configuration now go through
a version negotiation on the client side.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-29 18:58:31 +02:00
Gabor Mezei
07732f7015
Translate from mbedtls_md_type_t to psa_algorithm_t
Do the translation as early as possible from mbedtls_md_type_t to psa_algorithm_t.

Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-03-26 17:04:19 +01:00
Gabor Mezei
5d9a1fe9e9
PSA code depends on MBEDTLS_SSL_PROTO_TLS1_3
With TLS 1.3 support MBEDTLS_PSA_CRYPTO_C is enabled so PSA support
is always enabled.

Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-03-26 15:47:15 +01:00
Manuel Pégourié-Gonnard
cefa904759
Merge pull request #5622 from paul-elliott-arm/timing_delay_accessor
Accessor for mbedtls_timing_delay_context final delay
2022-03-25 09:14:41 +01:00
Paul Elliott
42d5e51a98 Make test function name more accurate
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2022-03-24 19:41:28 +00:00
Paul Elliott
27b0d94e25 Use mbedtls_ssl_is_handshake_over()
Switch over to using the new function both internally and in tests.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2022-03-24 14:43:52 +00:00
Gabor Mezei
1e64f7a643
Use MBEDTLS_USE_PSA_CRYPTO macro guard for testing instead of MBEDTLS_PSA_CRYPTO_C
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-03-21 17:00:54 +01:00
Gabor Mezei
892c4aa295
Update hkdf test cases to handle PSA code
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-03-21 17:00:54 +01:00
Paul Elliott
b9af2db4cf Add accessor for timing final delay
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2022-03-21 15:26:19 +00:00
Manuel Pégourié-Gonnard
f4042f076b
Merge pull request #5573 from superna9999/5176-5177-5178-5179-tsl-record-hmac
TLS record HMAC
2022-03-21 11:36:44 +01:00
Neil Armstrong
8f92bf3a26 Only make PSA HMAC key exportable when NULL or CBC & not EtM in build_transforms()
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-03-18 11:10:09 +01:00
Manuel Pégourié-Gonnard
8d4bc5eeb9
Merge pull request #5481 from gabor-mezei-arm/5401_implement_hkdf_extract_based_on_psa_hmac
HKDF 1a: Implement Extract in TLS 1.3 based on PSA HMAC
2022-03-17 11:55:48 +01:00
Gabor Mezei
88f3b2e502
Update old style test function parameter handling
Use data_t type for hex string parameters.

Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-03-16 16:53:23 +01:00
Manuel Pégourié-Gonnard
10e5cdbbbf
Merge pull request #5454 from gstrauss/cert_cb-user_data
server certificate selection callback
2022-03-10 11:51:42 +01:00
Gilles Peskine
9c656ec718 Fix unused function warning
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-02-26 19:56:12 +01:00
Glenn Strauss
36872dbd0b Provide means to reset handshake cert list
Extend mbedtls_ssl_set_hs_own_cert() to reset handshake cert list
if cert provided is null.  Previously, mbedtls_ssl_set_hs_own_cert()
only provided a way to append to the handshake certificate list,
without providing a way to replace the handshake certificate list.

Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
2022-02-25 19:55:48 -05:00
Neil Armstrong
e858996413 Use PSA version of mbedtls_ct_hmac() in mbedtls_ssl_decrypt_buf()
Due to mbedtls_ct_hmac() implementation the decryption MAC key
must be exportable.

Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-02-25 15:17:50 +01:00
Neil Armstrong
2968d306e4 Implement mbedtls_ct_hmac() using PSA hash API
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-02-25 15:16:50 +01:00
Neil Armstrong
cf8841a076 Remove non-PSA MAC keys in mbedtls_ssl_transform when MBEDTLS_USE_PSA_CRYPTO is defined
Also remove last usage of non-PSA MAC keys in ssl_decrypt_non_etm_cbc() SSL test.

Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-02-25 15:16:49 +01:00
Neil Armstrong
4f091290bd Remove Obsolete SSLs tests with truncated MAC tags & NULL/CBC cipher
These tests are related to an obsolete feature removed from the library.

Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-02-25 15:16:49 +01:00
Neil Armstrong
f4cc062935 Setup MAC PSA keys in build_transforms() to pass ssl_crypt_record() with PSA crypto
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-02-25 15:16:49 +01:00
Neil Armstrong
46a1760922 Allow USE_PSA_CRYPTO for handshake TLS tests
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-02-25 15:16:49 +01:00
Gabor Mezei
4fded1359a
Use PSA_INIT()
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-02-21 15:47:24 +01:00
Gabor Mezei
5d7d201b87
Update test
Testing the hash length in this context is not applicable because there is no way
to specify it when calling mbedtls_psa_hkdf_extract.
Change to test invalid `alg` parameter.

Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-02-21 15:46:33 +01:00
Gabor Mezei
ebc9368173
typo
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-02-21 15:44:51 +01:00
Gabor Mezei
298a2d6109
Use ASSERT_ALLOC
Change the calloc functions to ASSERT_ALLOC to check the
return value of calloc as well.

Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-02-21 15:43:52 +01:00
Gabor Mezei
62bf024025
Make the mbedtls_psa_hkdf_extract function more PSA compatible
Change the return value to `psa_status_t`.
Add `prk_size` and `prk_len` parameters.

Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-02-21 15:42:57 +01:00
Gabor Mezei
73cb6f54de
Add tests for mbedtls_psa_hkdf_extrct
The tests are based on the the test of mbedtls_hkdf_extract.

Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-02-21 15:41:42 +01:00
Gilles Peskine
49d7ddf7f3 Serializing a context does not save the user data
The user data is typically a pointer to a data structure or a handle which
may no longer be valid after the session is restored. If the user data needs
to be preserved, let the application do it. This way, it is a conscious
decision for the application to save/restore either the pointer/handle
itself or the object it refers to.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-02-21 15:14:01 +01:00
Gilles Peskine
80dae04f24 Make user_data fields private
Add accessor functions.

Add unit tests for the accessor functions.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-02-21 15:14:01 +01:00
Gilles Peskine
1255b0de98 Positive unit testing for SSL context version functions
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-02-21 15:14:01 +01:00
Paul Elliott
436b72690d
Merge pull request #5362 from yuhaoth/pr/enable-tls13-only-build
TLS1.3:Enable tls13 only build
2022-02-21 11:22:37 +00:00
Jerry Yu
baa4934e7b Add check tests
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-02-21 09:06:00 +08:00
Jerry Yu
53d23e2c95 Guards tls_prf functions with TLS1_2
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-02-21 09:06:00 +08:00
Gabor Mezei
cbe5ba500a
Add tests for mbedtls_psa_hkdf_expand
Add test cases which test psa_import_key and psa_mac_sign_setup
function call if they return error.

Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-02-17 17:01:49 +01:00
Gabor Mezei
8e3602569b
Typo
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-02-17 11:50:02 +01:00
Gabor Mezei
d917081b8b
Typo
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-02-15 16:25:27 +01:00
Gabor Mezei
7381242748
Use PSA_INIT()
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-02-15 16:24:58 +01:00
Gabor Mezei
b35759ded8
Add tests for mbedtls_psa_hkdf_expand
The tests are based on the test of mbedtls_hkdf_expand.

Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-02-10 10:57:24 +01:00
Przemyslaw Stekiel
5648d577a4 Optimize psa_cipher_encrypt_helper()
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2022-02-03 14:55:24 +01:00
Przemyslaw Stekiel
8c010eb467 Fix comments, code style, remove debug code
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2022-02-03 14:55:24 +01:00
Przemyslaw Stekiel
d66387f8fa Init psa status to PSA_ERROR_CORRUPTION_DETECTED
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2022-02-03 09:16:41 +01:00
Przemyslaw Stekiel
f4facef9ba Adapt ssl_decrypt_non_etm_cbc() test for psa crypto and remove redundant test cases
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2022-02-03 09:16:41 +01:00
Przemyslaw Stekiel
77aec8d181 Rename ssl_psa_status_to_mbedtls->psa_ssl_status_to_mbedtls
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2022-01-31 20:22:53 +01:00
Przemyslaw Stekiel
89dad93a78 Rename psa_status_to_mbedtls->ssl_psa_status_to_mbedtls and add conversion for PSA_ERROR_INVALID_SIGNATURE
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2022-01-31 15:39:24 +01:00
Przemyslaw Stekiel
4a36dd3da6 ssl test ssl_decrypt_non_etm_cbc(): add missing ret check
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2022-01-31 15:38:29 +01:00
Przemyslaw Stekiel
f4ca3f0e52 ssl test build_transforms(): in psa mode distinguish encrypt/decrypt keys
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2022-01-31 15:38:29 +01:00
Przemyslaw Stekiel
f57b45660d Rename tls_mbedtls_cipher_to_psa() to be consistent with function naming convention.
New function name:  mbedtls_ssl_cipher_to_psa().

Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2022-01-31 15:38:29 +01:00
Przemyslaw Stekiel
93cf4eea67 Adapt test_suite_ssl for psa crypto
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2022-01-31 15:38:29 +01:00
Andrzej Kurek
03e01461ad Make KEY_ID_ENCODES_OWNER compatible with USE_PSA_CRYPTO
Fix library references, tests and programs.
Testing is performed in the already present all.sh test.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-01-03 12:53:24 +01:00
Ronald Cron
6f135e1148 Rename MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL to MBEDTLS_SSL_PROTO_TLS1_3
As we have now a minimal viable implementation of TLS 1.3,
let's remove EXPERIMENTAL from the config option enabling
it.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-12-10 13:47:55 +01:00
Paul Elliott
46a6c20d0c Add checked returns to tests without them.
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-12-09 18:16:13 +00:00
Xiaofei Bai
d25fab6f79 Update based on comments
Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com>
2021-12-02 06:36:27 +00:00
Xiaofei Bai
746f9481ea Fix 1_3/13 usages in macros and function names
Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com>
2021-11-26 08:08:36 +00:00
Gilles Peskine
161d661d90
Merge pull request #5222 from paul-elliott-arm/fix_test_suite_ssl
Fix test_suite_ssl compilation errors with GCC11
2021-11-25 22:02:43 +01:00
Paul Elliott
21c8fe5c6e Fix compilation errors.
Under gcc11(+) both message and received would cause errors for
potentially being used uninitialised. We fixed many of these issues in
another PR, but this one is only seen under certain configs.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-11-24 17:19:51 +00:00
Gabor Mezei
be7b21da22
Merge branch 'development' into 3649_move_constant_time_functions_into_separate_module 2021-11-24 10:44:13 +01:00
Brett Warren
7f813d5d88 add group api tests
Signed-off-by: Brett Warren <brett.warren@arm.com>
2021-10-29 14:07:46 +01:00
Gabor Mezei
22c9a6fccc
Rename internal header constant_time.h to constant_time_internal.h
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2021-10-20 12:15:20 +02:00
Gabor Mezei
90437e3762
Rename constant-time functions to have mbedtls_ct prefix
Rename functions to better suite with the module name.

Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2021-10-20 11:59:27 +02:00
gabor-mezei-arm
9c1203fd67
Delete ssl_invasive.h due to duplicated function declarations
All function declaration provided by ssl_invasive.h is needed only for
testing purposes and all of them are provided by constant_time.h as well.

Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-09-28 16:28:44 +02:00
gabor-mezei-arm
9fa43ce238
Rename function to have suitable name
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-09-28 16:14:47 +02:00
Dave Rodgman
2aec149e13
Merge pull request #4248 from hanno-arm/tls13_populate_transform
Fix and test compliance of TLS 1.3 record protection
2021-08-11 16:41:51 +01:00
Gilles Peskine
8bb9b80d18
Merge pull request #4806 from hanno-arm/ssl_session_serialization_version
Store TLS version in SSL session structure
2021-08-02 12:45:55 +02:00
Hanno Becker
1f91878281 Specify padding granularity in TLS 1.3 record protection KATs
Still check that encryption and decryption are inverse to each other
if the granularity does not match the one used in the KAT.

Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-08-02 04:54:03 +01:00
Hanno Becker
41537452f4 Add comment regarding the wire-version used in TLS 1.3 records
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-08-02 04:54:03 +01:00
Hanno Becker
80e760e006 Fix memory leak in TLS 1.3 record protection unit test
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-08-02 04:54:02 +01:00
Hanno Becker
a77d005d39 Add known answer tests for TLS 1.3 record protection
This commit adds four known answer tests for TLS 1.3 record protection
from the following sources:

- RFC 8448 "Example Handshake Traces for TLS 1.3"
- tls13.ulfheim.net "The New Illustrated TLS Connection"

It extends the test coverage of the existing record protection tests
in the following ways:

- The existing record protection tests hand-craft record transform
  structures; the new tests use the function

     mbedtls_ssl_tls13_populate_transform()

  from library source to create an TLS 1.3 transform from raw
  key material and connection information.
- The existing record protection tests only check that encryption
  and decryption are inverse to each other; as such, they don't
  catch non-compliant implementations of encryption and decryption
  which happen to be inverse to each other. By adding a known answer
  test for TLS 1.3 record protection, can gain confidence that our
  implementation is indeed standards-compliant.

Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-08-02 04:53:58 +01:00
Manuel Pégourié-Gonnard
b637150dfe
Merge pull request #4730 from TRodziewicz/finish_removing_tls_1.0_and_1.1
Remove all TLS 1.0 and 1.1 instances and add some compatibility tests
2021-07-27 09:42:53 +02:00
Hanno Becker
fadbdbb576 Store TLS version in SSL session structure
Instances of `mbedtls_ssl_session` represent data enabling session resumption.

With the introduction of TLS 1.3, the format of this data changes. We therefore
need TLS-version field as part of `mbedtlsl_ssl_session` which allows distinguish
1.2 and 1.3 sessions.

This commit introduces such a TLS-version field to mbedtls_ssl_session.

The change has a few ramifications:

- Session serialization/deserialization routines need to be adjusted.

  This is achieved by adding the TLS-version after the header of
  Mbed TLS version+config, and by having the subsequent structure
  of the serialized data depend on the value of this field.

  The details are described in terms of the RFC 8446 presentation language.

  The 1.2 session (de)serialization are moved into static helper functions,
  while the top-level session (de)serialization only parses the Mbed TLS
  version+config header and the TLS-version field, and dispatches according
  to the found version.

  This way, it will be easy to add support for TLS 1.3 sessions in the future.

- Tests for session serialization need to be adjusted

- Once we add support for TLS 1.3, with runtime negotiation of 1.2 vs. 1.3,
  we will need to have some logic comparing the TLS version of the proposed session
  to the negotiated TLS version. For now, however, we only support TLS 1.2,
  and no such logic is needed. Instead, we just store the TLS version in the
  session structure at the same point when we populate mbedtls_ssl_context.minor_ver.

The change introduces some overlap between `mbedtls_ssl_session.minor_ver` and
`mbedtls_ssl_context.minor_ver`, which should be studied and potentially resolved.
However, with both fields being private and explicitly marked so, this can happen
in a later change.

Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-07-23 06:25:48 +01:00
TRodziewicz
299510e889 Correction to comments and changelog removed
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
2021-07-09 16:55:11 +02:00
TRodziewicz
2abf03c551 Remove all TLS 1.0 and 1.1 instances and add some compatibility tests
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
2021-06-28 14:36:37 +02:00
Hanno Becker
bc00044279 Rename MBEDTLS_ERR_SSL_BAD_HS_PROTOCOL_VERSION
New name is MBEDTLS_ERR_SSL_BAD_PROTOCOL_VERSION.

Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-06-28 12:35:07 +01:00
Manuel Pégourié-Gonnard
508d3a5824
Merge pull request #4664 from tom-daubney-arm/rm_truncated_HMAC_ext
Remove truncated HMAC extension
2021-06-22 11:53:10 +02:00
Manuel Pégourié-Gonnard
84dea01f36 Add RNG params to private key parsing
This is necessary for the case where the public part of an EC keypair
needs to be computed from the private part - either because it was not
included (it's an optional component) or because it was compressed (a
format we can't parse).

This changes the API of two public functions: mbedtls_pk_parse_key() and
mbedtls_pk_parse_keyfile().

Tests and programs have been adapted. Some programs use a non-secure RNG
(from the test library) just to get things to compile and run; in a
future commit this should be improved in order to demonstrate best
practice.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2021-06-17 09:38:38 +02:00
Thomas Daubney
c46bf3c79c Modifies tests in test_suite_ssl.function
Commit removes conditional compilation
code blocks relating to
MBEDTLS_SSL_TRUNCATED_HMAC config option.

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
2021-06-16 16:19:53 +01:00
Manuel Pégourié-Gonnard
68237d718a
Merge pull request #4548 from hanno-arm/tls13_key_schedule_upstream
TLS 1.3 Key schedule: Second level secret generation
2021-06-08 09:10:58 +02:00
Ronald Cron
ea62d2f391
Merge pull request #4369 from hanno-arm/relax_psk_config
Implement relaxed semantics for static PSK configuration in Mbed TLS 3.0
2021-05-31 10:03:56 +02:00
Hanno Becker
55bc2c53af Test TLS 1.3 PSK binder calculation helper
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-05-24 11:20:30 +01:00
Hanno Becker
a4f40a0f48 Test TLS 1.3 second level key derivation helpers
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-05-24 11:20:27 +01:00
Shawn Carey
03092f5821 avoid -Wmaybe-uninitialized when buiding with gcc11
Signed-off-by: Shawn Carey <shawn.carey@netfoundry.io>
2021-05-19 11:39:02 -04:00
Hanno Becker
fd86ca8626 Rename SOME_MODES_USE_MAC -> SOME_SUITES_USE_MAC
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-05-15 06:07:48 +01:00
Hanno Becker
6667ffdd86 Test new semantics for static PSK configuration
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-04-21 07:05:35 +01:00
Mateusz Starzyk
c301bd56f0 Merge branch 'development_3.0' into drop_old_tls_options 2021-04-15 13:55:20 +02:00
Dave Rodgman
73e3e2cb1a Merge remote-tracking branch 'origin/development' into development_new
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>

Conflicts:
        include/mbedtls/check_config.h: nearby edits
	library/entropy.c: nearby edits
	programs/random/gen_random_havege.c: modification vs. removal
	programs/ssl/ssl_test_lib.h: nearby edits
	programs/test/cpp_dummy_build.cpp: nearby edits
	visualc/VS2010/mbedTLS.vcxproj: automatically generated file,
            regenerated with scripts/generate_visualc_files.pl
2021-04-07 16:31:09 +01:00
Manuel Pégourié-Gonnard
4dfb83c0d7
Merge pull request #4164 from chris-jones-arm/move-internal-headers
Unify internal headers in library/
2021-03-29 11:18:54 +02:00
Mateusz Starzyk
1aec64642c Remove certs module from mbedtls.
Certs will be used only by tests and programs.

Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
2021-03-16 15:51:25 +01:00
Mateusz Starzyk
06b07fb839 Drop support for SSLv3.
Remove options: MBEDTLS_SSL_MINOR_VERSION_0 and
MBEDTLS_SSL_PROTO_SSL3).

Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
2021-03-16 12:19:05 +01:00
Chris Jones
84a773f8e6 Rename ssl_internal.h to ssl_misc.h
Signed-off-by: Chris Jones <christopher.jones@arm.com>
2021-03-10 12:52:37 +00:00
Chris Jones
e2191cd789 Update includes to use library/ instead of include/mbedtls/
Simple find and replace using `#include (<|")mbedtls/(.*)_internal.h(>|")`
and `#include $1$2_internal.h$3`.

Also re-generated visualc files by running
`scripts/generate_visualc_files.pl`.

Signed-off-by: Chris Jones <christopher.jones@arm.com>
2021-03-10 12:52:37 +00:00
Gilles Peskine
1f186ff330 Add missing calls to USE_PSA_DONE
Some functions were not deinitializing the PSA subsystem. This could
lead to resource leaks at the level of individual test cases, and
possibly at the level of the whole test suite depending on the order
and selection of test cases.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-02-22 19:08:14 +01:00
Gilles Peskine
9de97e21fe Make {USE_,}PSA_{INIT,DONE} available in all test suites
Make USE_PSA_INIT() and USE_PSA_DONE() available in all test suites in
all cases, doing nothing if MBEDTLS_USE_PSA_CRYPTO is disabled. Use
those in preference to having explicit
defined(MBEDTLS_USE_PSA_CRYPTO) checks (but there may still be places
left where using the new macros would be better).

Also provide PSA_INIT() by symmetry with PSA_DONE(), functional
whenver MBEDTLS_PSA_CRYPTO_C is enabled, but currently unused.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-02-22 19:08:14 +01:00
Gilles Peskine
5d332f0274
Merge pull request #4105 from paul-elliott-arm/fix_test_leak
Fix for memory leak in ssl tests
2021-02-09 10:03:49 +01:00
Paul Elliott
c7b53747f7 Fix for memory leak in ssl tests
Fix for leaked buffers on error case in build_transforms() in
test_suite_ssl.function

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-02-03 16:15:05 +00:00
Chris Jones
9634bb10d9 Move helper testing functions to tests/src/helpers.c
Moves the functions `test_fail`, `test_set_step`, `test_skip` and the struct
`test_info` from `tests/suites/helpers.function` to `tests/src/helpers.*`.
This is done to open these functions up to the API where they can be used by
other functions in the 'src' test infrastructure module.

As the functions are now contained within the src folder of the testing
infrastructure, the `mbedtls_` prefix has been added to the functions.

Signed-off-by: Chris Jones <christopher.jones@arm.com>
2021-01-20 15:56:42 +00:00
Gilles Peskine
ef94c4fcf4
Merge pull request #3474 from ronald-cron-arm/common-mbedtls_param_failed
Common mbedtls_param_failed()
2020-10-06 22:15:42 +02:00
Hanno Becker
1413bd8ae9 Simplify identification of TLS 1.3 labels in unit test suite
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2020-09-09 12:46:09 +01:00
Hanno Becker
70d7fb0c2d Don't hardcode TLS 1.3 labels in test cases
ssl_tls1_3_keys.c exports a structure containing all labels used
in the TLS 1.3 key schedule, but the TLS 1.3 key scheduling unit
tests so far replicated those labels in the test file. In particular,
wrong label values in ssl_tls1_3_keys.c wouldn't have been caught
by the unit tests.

This commit modifies the TLS 1.3 key schedule unit tests to use
the TLS 1.3 labels as exported by ssl_tls1_3_keys.c. This not only
makes sure that those labels are correct, but also avoids hardcoding
their hex-encoding in the test file.

Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2020-09-09 10:17:37 +01:00
Hanno Becker
493ea7f4ae Remove instances of camelCase in TLS 1.3 key schedule
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2020-09-08 11:08:06 +01:00
Hanno Becker
fb08096b9b Use ASSERT_COMPARE instead of TEST_ASSERT( memcmp( ... ) == 0 )
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2020-09-08 11:07:42 +01:00
Hanno Becker
73c825ae4f Shorten include path in test_suite_ssl.function
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2020-09-08 10:52:58 +01:00
Hanno Becker
2d2c3eb687 Add tests for TLS 1.3 key evolution function
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2020-09-08 10:28:29 +01:00
Hanno Becker
e4849d10a6 Add test vectors for TLS 1.3 Derive-Secret
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2020-09-08 10:28:28 +01:00
Hanno Becker
19498f8fbd Add test vectors for TLS 1.3 traffic key generation
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2020-09-08 10:28:28 +01:00
Hanno Becker
39ff4928ff Add test vectors for TLS 1.3 HKDF-Expand-Label
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2020-09-08 10:28:28 +01:00
Manuel Pégourié-Gonnard
7fe2c5f086 Add mbedtls_ssl_cf_memcpy_offset() with tests
The tests are supposed to be failing now (in all.sh component
test_memsan_constant_flow), but they don't as apparently MemSan doesn't
complain when the src argument of memcpy() is uninitialized, see
https://github.com/google/sanitizers/issues/1296

The next commit will add an option to test constant flow with valgrind, which
will hopefully correctly flag the current non-constant-flow implementation.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-08-19 11:56:02 +02:00
Manuel Pégourié-Gonnard
eaa0739143
Merge pull request #716 from mpg/ct-varlen-hmac
Add constant-flow variable-length HMAC function
2020-08-10 12:40:33 +02:00
Manuel Pégourié-Gonnard
e55653f085 Improve comments about padlen convention
The convention from the TLS RFC is a bit unusual, so even if the test
function's introductory comment mentions that we're taking the RFC's
definition, it doesn't hurt to repeat it in crucial places.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-07-22 11:42:57 +02:00
Manuel Pégourié-Gonnard
c3219006ff Fix suboptimal use of ASSER_ALLOC()
Passing a length of 0 to it is perfectly acceptable, the macro was designed to
handle it correctly.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-07-22 11:31:19 +02:00
Manuel Pégourié-Gonnard
ca8287cbaf Use test_set_step() in loop in cf_hmac test
We only have a single integer available for two nested loops, but the loop
sizes are small enough compared to the integer's range that we can encode both
indexes. Since the integer is displayed in decimal in case of errors, use a
power of 10 to pack the two indexes together.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-07-22 11:31:19 +02:00
Manuel Pégourié-Gonnard
ed0e86428d Factor repeated condition to its own macro
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-07-22 11:31:19 +02:00
Manuel Pégourié-Gonnard
9670a59230 Start testing cf_hmac() for constant flow
Currently this breaks all.sh component test_memsan_constant_flow, just as
expected, as the current implementation is not constant flow.

This will be fixed in the next commit.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-07-22 11:31:18 +02:00
Manuel Pégourié-Gonnard
b51f04466f Fix misleading comment in test function
Everything works at the byte level, not bit level. Flipping the lsb is just
one convenient way to corrupt a byte, but don't really care about individual
bits.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-07-21 10:40:25 +02:00
Manuel Pégourié-Gonnard
864abbff4e Rework how lengths are expressed in CBC test
This is hopefully more readable in the .data file.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-07-21 10:37:14 +02:00
Manuel Pégourié-Gonnard
4adc04a8a3 Give a constant a name in test function
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-07-16 10:00:48 +02:00
Manuel Pégourié-Gonnard
65a6fa3e26 Make cf_hmac() STATIC_TESTABLE
The test function now depends on MBEDTLS_TEST_HOOKS, which is enabled by
config.py full, and since there are already components in all.sh exercising
the full config, this test function is sill exercised even with this new
dependency.

Since this is the first time a test function depends on MBEDTLS_TEST_HOOKS,
fix a bug in check-names.sh that wasn't apparent so far: headers from
library/*.h were not considered when looking for macro definitions. This
became apparent because MBEDTLS_STATIC_TESTABLE is defined in library/common.h
and started being used in library/ssl_msg.c, so was flagged as a likely typo.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-07-15 12:26:21 +02:00
Manuel Pégourié-Gonnard
045f094c81 Add dummy constant-flow HMAC function with tests
The dummy implementation is not constant-flow at all for now, it's just
here as a starting point and a support for developing the tests and putting
the infrastructure in place.

Depending on the implementation strategy, there might be various corner cases
depending on where the lengths fall relative to block boundaries. So it seems
safer to just test all possible lengths in a given range than to use only a
few randomly-chosen values.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-07-15 12:25:52 +02:00
Manuel Pégourié-Gonnard
913a204a33 Fix undeclared dependency of test function
The ssl_tranform structure lacks some members accessed by this function when
CBC is not enabled.

This was found by test-ref-configs.pl and all.sh
test_when_no_ciphersuites_have_mac, so no need to add a new test.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-07-09 10:02:41 +02:00
Manuel Pégourié-Gonnard
527c1ff71a Generate good/bad padding programmatically
Compared to the previous approach of having the bad padding provided as input
to the testing function, this allows to test more kinds of incorrect data,
with less test cases in the .data file and more important no manually-generated
non-trivial data in the test case parameters, making it much easier to
complete the testing matrix.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-07-07 10:43:37 +02:00
Manuel Pégourié-Gonnard
0ac01a1c59 TLS: Add negative tests for non-EtM CBC decryption
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-07-03 12:49:10 +02:00
Ronald Cron
ac6ae35150 tests: suites: Remove hex in name of variables of type data_t
Remove `hex` in name of variables of type data_t to reserve it
for variables of type char* that are the hexadecimal
representation of a data buffer.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-07-01 17:10:15 +02:00
Manuel Pégourié-Gonnard
9dfcae8b94
Merge pull request #3426 from paul-elliott-arm/resource_leak
Fix for resource leak in test_suite_ssl
2020-06-16 10:00:18 +02:00
Manuel Pégourié-Gonnard
b21b1f5e7c
Merge pull request #3387 from ronald-cron-arm/tests-common-code
Add support to build and link common code in tests
2020-06-15 11:33:19 +02:00
Ronald Cron
6c5bd7fd51 tests: Reformating due to rnd_* renaming
Command to find the files in which lines have gone
larger than 79 characters due to the renaming:

grep '.\{80\}' \
    `git diff-tree --no-commit-id --name-only -r HEAD` \
    | grep "\<mbedtls_test_rnd_"

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-06-12 14:33:08 +02:00
Ronald Cron
351f0eee20 tests: Add mbedtls_test_ prefix to rnd_* symbols
Add mbedtls_test_ prefix to rnd_buf_info and
rnd_pseudo_info types, to rnd_std_rand(),
rnd_zero_rand(), rnd_buffer_rand() and
rnd_pseudo_rand() functions.

Command to change *.function files:
find . -name "*.function" -exec awk -i inplace \
    '{sub(/rnd_(buf_info|pseudo_info|std_rand| \
    zero_rand|buffer_rand|pseudo_rand)/, \
    "mbedtls_test_&")}1' {} \;

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-06-12 14:33:08 +02:00
Ronald Cron
de70b165a4 tests: Add mbedtls_test_ prefix to hexcmp()
Add mbedtls_test_ prefix to hexcmp() test helper
function.

Command to change *.function files:
find . -name "*.function" -exec awk -i inplace \
    '{sub(/hexcmp\>/,"mbedtls_test_&")}1' {} \;

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-06-12 14:33:08 +02:00
Paul Elliott
6f1eda710c Fix for resource leak in test_suite_ssl
Fix for coverity bugs 349041, 349052

Allocated pointers could potentially be leaked in the case of errors.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2020-06-11 20:27:08 +01:00
Paul Elliott
c857044e94 Add min/max version negotiation to unit tests
Add the min/max version negotiation tests from ssl-opt.sh as unit
tests for the sake of utility and easier running of tests during
development

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2020-06-09 17:00:58 +01:00
Janos Follath
bba4c17b7a
Merge pull request #3315 from hanno-arm/tls13-experimental-macro
Add support for TLS 1.3 record protection routines
2020-06-04 15:51:54 +01:00
Manuel Pégourié-Gonnard
d12402ffc0 Fix undeclared deps on MBEDTLS_CTR_DRBG in tests
While at it, declare deps on ENTROPY as well.

A non-regression test will be added in a follow-up commit.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-05-29 11:27:07 +02:00
Hanno Becker
e683287710 Adapt SSL record protection unit test to setup TLS 1.3 transforms
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2020-05-28 10:32:23 +01:00
Hanno Becker
b2713abb8f Enhance record encryption unit tests by checking hidden content type
TLS 1.3 and DTLS 1.2 + CID hide the real content type of a record
within the record's inner plaintext, while always using the same
content type for the protected record:
- TLS 1.3 always uses ApplicationData
- DTLS 1.2 + CID always uses a special CID content type.

This commit enhances the record encryption unit test to check
that the record content type is indeed correctly hidden.

Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2020-05-28 10:32:23 +01:00
Andrzej Kurek
8ea6872889
Improve pointer calculations when resizing I/O buffers
This commit introduces two changes:
- Add in_msg and out_msg calculations for buffer upsizing. This was previously
considered as unnecessary, but renegotiation using certain ciphersuites needs
this.
- Improving the way out_msg and in_msg pointers are calculated, so that even 
if no resizing is introduced, the pointers remain the same;

New tests added:
- various renegotiation schemes with a range of MFL's and ciphersuites;
- an ssl-opt.sh test exercising two things that were problematic: renegotiation
with TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8 and a server MFL that's smaller
than the one negotiated by the client.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2020-04-09 04:33:00 -04:00
Gilles Peskine
5e7d6fd240 Merge 'mbedtls/development' into merge-crypto-unremoved-20200304
Merge the latest state of the target branch (mbedtls/development) into the
pull request to merge mbed-crypto into mbedtls.

Conflicts:

* ChangeLog: add/add conflict. Resolve by using the usual section order.
2020-03-23 18:02:07 +01:00
Gilles Peskine
19e841e19f Fix warning about a potentially initialized variable
The variable drop_len is only used under conditions where it has been
initialized, but this is somewhat fragile and not obvious for a
compiler to see.
2020-03-23 17:55:32 +01:00
Gilles Peskine
eccd888717 Rename identifiers containing double-underscore
Rename identifiers containing double-underscore (`__`) to avoid `__`.
The reason to avoid double-underscore is that all identifiers
containing double-underscore are reserved in C++. Rename all such
identifiers that appear in any public header, including ssl_internal.h
which is in principle private but in practice is installed with the
public headers.

This commit makes check-names.sh pass.

```
perl -i -pe 's/\bMBEDTLS_SSL__ECP_RESTARTABLE\b/MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED/g; s/\bMBEDTLS_KEY_EXCHANGE_(_\w+)_(_\w+)\b/MBEDTLS_KEY_EXCHANGE${1}${2}/g' include/mbedtls/*.h library/*.c programs/*/*.c scripts/data_files/rename-1.3-2.0.txt tests/suites/*.function
```
2020-03-23 17:55:32 +01:00
Piotr Nowicki
438bf3b667 App data with 1/n-1 splitting in test suite
Counting of the fragments has been shifted from the writing section to
the reading. This is more reliable because one reading is made for one
fragment and during one write the library can internally divide data
into two fragments

Signed-off-by: Piotr Nowicki <piotr.nowicki@arm.com>
2020-03-12 16:57:05 +01:00
Jaeden Amero
c31f970a46
Merge pull request #3075 from AndrzejKurek/variable-buffer-size
Variable buffer size
2020-03-10 21:46:35 +04:00
Jaeden Amero
55727c33eb
Merge pull request #3088 from AndrzejKurek/ssl-mocks-coverity
test_suite_ssl: fix coverity issues with uninitialized members
2020-03-09 19:14:47 +04:00
Andrzej Kurek
89bdc580ca
test_suite_ssl: check for errors during queue setup
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2020-03-09 06:31:18 -04:00
Andrzej Kurek
45916ba916
test_suite_ssl: fix coverity issues with uninitialized members
Initialize variables to NULL before doing any operations that might fail.
This fixes a case where the allocation fails on the first context, which 
previously made the code free the second, uninitialized context.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2020-03-05 14:47:01 -05:00
Andrzej Kurek
0afa2a1b65
Add I/O buffer resizing in handshake init and free
Add a conditional buffer resizing feature. Introduce tests exercising
it in various setups (serialization, renegotiation, mfl manipulations).
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2020-03-04 09:28:16 -05:00
Darryl Green
aad82f9bbb
Add variable buffer length tests to all.sh
Exercise the feature alone, with record splitting and DTLS connection ID.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
Signed-off-by: Darryl Green <darryl.green@arm.com>
2020-03-03 10:44:57 -05:00
Piotr Nowicki
bde7ee88a6
Add DTLS handshake fragmentation test
For this test it is good to have a handshake messages length as big as
possible, so for the server the certificate verification mode is
changed from default NONE to REQUIRED. It requires the client to send
certificate date to the server during handshake

Signed-off-by: Piotr Nowicki <piotr.nowicki@arm.com>
2020-02-27 09:31:42 -05:00