Commit graph

16877 commits

Author SHA1 Message Date
Manuel Pégourié-Gonnard
b637150dfe
Merge pull request #4730 from TRodziewicz/finish_removing_tls_1.0_and_1.1
Remove all TLS 1.0 and 1.1 instances and add some compatibility tests
2021-07-27 09:42:53 +02:00
Gilles Peskine
b4b184a6f8 Remove reference to compat-1.2.h
This has been irrelevant since Mbed TLS 2.0.0.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-07-26 18:39:24 +02:00
Ronald Cron
3c62693c99
Merge pull request #4701 from gilles-peskine-arm/make_generated_files-non_english-3.0
psa_generate_test: tweak MSVC detection to work with non-English Visual Studio
2021-07-23 14:05:08 +02:00
Hanno Becker
fadbdbb576 Store TLS version in SSL session structure
Instances of `mbedtls_ssl_session` represent data enabling session resumption.

With the introduction of TLS 1.3, the format of this data changes. We therefore
need TLS-version field as part of `mbedtlsl_ssl_session` which allows distinguish
1.2 and 1.3 sessions.

This commit introduces such a TLS-version field to mbedtls_ssl_session.

The change has a few ramifications:

- Session serialization/deserialization routines need to be adjusted.

  This is achieved by adding the TLS-version after the header of
  Mbed TLS version+config, and by having the subsequent structure
  of the serialized data depend on the value of this field.

  The details are described in terms of the RFC 8446 presentation language.

  The 1.2 session (de)serialization are moved into static helper functions,
  while the top-level session (de)serialization only parses the Mbed TLS
  version+config header and the TLS-version field, and dispatches according
  to the found version.

  This way, it will be easy to add support for TLS 1.3 sessions in the future.

- Tests for session serialization need to be adjusted

- Once we add support for TLS 1.3, with runtime negotiation of 1.2 vs. 1.3,
  we will need to have some logic comparing the TLS version of the proposed session
  to the negotiated TLS version. For now, however, we only support TLS 1.2,
  and no such logic is needed. Instead, we just store the TLS version in the
  session structure at the same point when we populate mbedtls_ssl_context.minor_ver.

The change introduces some overlap between `mbedtls_ssl_session.minor_ver` and
`mbedtls_ssl_context.minor_ver`, which should be studied and potentially resolved.
However, with both fields being private and explicitly marked so, this can happen
in a later change.

Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-07-23 06:25:48 +01:00
Gilles Peskine
3b9bea0757
Merge pull request #4750 from yutotakano/fix-reserved-identifier-clash
Replace reserved identifier clashes with suitable replacements
2021-07-22 16:20:56 +02:00
Hanno Becker
5d26efdea3 Add ChangeLog entry
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-07-22 11:37:05 +01:00
Hanno Becker
0379942744 Explicitly mark mbedtls_ssl_config.respect_cli_pref as private
This was always intended to be explicitly marked private.

Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-07-22 11:37:05 +01:00
Hanno Becker
95832d8872 Explicitly mark mbedtls_ssl_session.exported as private
This was an oversight during concurrent merging
in the run-up to Mbed TLS 3.0.

Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-07-22 11:37:01 +01:00
Gilles Peskine
d8d19327d5 Fix mixup about the directory containing the success indicator file
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-07-22 12:30:14 +02:00
Ronald Cron
dfce58f32d
Merge pull request #4753 from JoeSubbiani/TestBlockSizes_dev
Test block sizes are powers of 2
2021-07-22 11:19:18 +02:00
Gilles Peskine
6ee3b7ed1f More robust failure detection for the coverage report generation
The previous implementation was hard to understand and could in principle
fail to notice if there was a test case failure and the writing of the
line "Note: $TOTAL_FAIL failures." failed. KISS.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-07-22 11:08:30 +02:00
Gilles Peskine
b969570650 Explain the final error checking
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-07-22 10:56:39 +02:00
Gilles Peskine
a1c9fbe6d3
Merge pull request #4626 from SiliconLabs/arch_silabs_3399
Enable Curve448 support via the PSA API
2021-07-20 21:37:15 +02:00
TRodziewicz
3daaea858b Changing the places of the mbedtls_test_hook_test_fail callback declaration
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
2021-07-20 13:36:16 +02:00
Ronald Cron
ac6cc9fbc4
Merge pull request #4784 from gilles-peskine-arm/psa-storage-format-test-strategy-20210511-3.0
3.0: Updates to the storage format test strategy after starting implementation
2021-07-15 18:25:19 +02:00
Gilles Peskine
8ec3c8f015 Do not require test data to be in the repository
What matters is that we validate that test data is not removed. Keeping the
test data is the most obvious way, but not the only way.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-07-15 16:22:14 +02:00
Gilles Peskine
b91f81a55b Discuss lifetimes, in particular persistence levels
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-07-15 16:22:14 +02:00
Gilles Peskine
77f8e5cb59 Add considerations on key material representations
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-07-15 16:22:14 +02:00
Gilles Peskine
d131e400f0 Clarification: forward and backward compatibility
The import-and-save and load-and-check parts of the tests don't have to be
actually the same test cases.

Introduce the terms “forward compatibility” and “backward compatibility” and
relate them to import-and-save and load-and-check actions.

These are clarifications of intent that do not represent an intended change
in the strategy or intended coverage.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-07-15 16:22:14 +02:00
Gilles Peskine
f31c6c111e Typo
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-07-15 16:22:14 +02:00
TRodziewicz
12c77410eb Removing unneded extern declaration of a callback and including common.h where the cb is needed
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
2021-07-15 16:12:54 +02:00
Joe Subbiani
5ccdc556b1 Remove trailing whitespace
Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>
2021-07-15 09:03:51 +01:00
Joe Subbiani
113d80c219 Simplify the test and description
Previously the check was convoluted. This has been simplified
and given a more appropriate suggestion as per gilles suggestion

Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>
2021-07-14 15:16:09 +01:00
Paul Elliott
64df5f88c5 Add Changelog entry
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-07-14 12:39:54 +01:00
Paul Elliott
a417f56d28 Add non regression test for cipher output size
Call the output size macros specifically with asymmetric keys, which
would cause a crash (and thus test fail) should this fix get regressed.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-07-14 12:39:54 +01:00
Paul Elliott
6603e2b81c Add fix to update output size macro as well.
Same issue with zero block length applies here.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-07-14 12:39:54 +01:00
Paul Elliott
c22950c9d0 Change PSA Cipher macro safety to use block length
Although checking if the key was symmetric was correct, its easier to
read if we just check the block length is not zero before we use it in a
division.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-07-14 12:39:54 +01:00
Archana
554e64e689
Add a changelog for Armmbed#4626
Signed-off-by: Archana <archana.madhavan@silabs.com>
2021-07-14 16:12:22 +05:30
Yuto Takano
ff58686e88 Add ChangeLog entry for reserved identifier replacments
Signed-off-by: Yuto Takano <yuto.takano@arm.com>
2021-07-14 10:25:57 +01:00
Yuto Takano
538a0cbcf4 Replace _RR with prec_RR to prevent reserved identifier clashes
Signed-off-by: Yuto Takano <yuto.takano@arm.com>
2021-07-14 10:20:09 +01:00
TRodziewicz
c9890e9a8c Rewording comments
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
2021-07-14 10:16:26 +02:00
Gilles Peskine
fc70b5252b Save the coverage report to a file
Save the "Test Report Summary" to a file. This can help both CI scripts and
human readers who want the summary after the fact without having to copy the
console output.

Take care to exit with a nonzero status if there is a failure while
generating the test report summary.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-07-13 23:27:01 +02:00
Gilles Peskine
bbced87390 Show the udp_proxy seed in the console log
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-07-13 23:26:00 +02:00
Gilles Peskine
a3d2264b88 Only run an unbridled parallel make (make -j) if MAKEFLAGS is unset
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-07-13 23:23:23 +02:00
Gilles Peskine
6ee3bc09ed Fix typo in test dependencies
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-07-13 20:34:55 +02:00
Gilles Peskine
e9ad95a63c Error out if enumerating the generated data files fails
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-07-13 18:36:05 +02:00
Gilles Peskine
8b427c851e Use python3 when building on non-Windows for Windows
The makefiles look for python3 on Unix-like systems where python is often
Python 2. This uses sh code so it doesn't work on Windows. On Windows, the
makefiles just assume that python is Python 3.

The code was incorrectly deciding not to try python3 based on WINDOWS_BUILD,
which indicates that the build is *for* Windows. Switch to checking WINDOWS,
which indicates that the build is *on* Windows.

Fix #4774

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-07-13 18:26:08 +02:00
Gilles Peskine
5df77c63fb Fix race condition when running generate_psa_tests.py
Fix a race condition in parallel builds: when generating *.data files with
generate_psa_tests.py, make instantiated the recipe once per output file,
potentially resulting in multiple instances of generate_psa_tests.py running
in parallel. This not only was inefficient, but occasionally caused the
output to be corrupted (https://github.com/ARMmbed/mbedtls/issues/4773). Fix
this by ensuring the recipe only runs once.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-07-13 18:02:27 +02:00
Gilles Peskine
bf4d0ce88d Remove obsolete MBEDTLS_xxx dependencies
This file had temporary MBEDTLS_xxx dependencies because it was created when
support for PSA_WANT_xxx was still incomplete. Switch to the PSA_WANT_xxx
dependencies

This fixes the bug that "PSA storage read: AES-GCM+CTR" was never executed
because there was a typo in a dependency.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-07-13 17:12:53 +02:00
TRodziewicz
829fe7038d Correction to callback declaration and usage
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
2021-07-13 12:23:12 +02:00
TRodziewicz
18cddc08c7 Reverting comments deleted in previous PR
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
2021-07-13 12:19:15 +02:00
Archana
c590611e97
Add requested montgomery curve tests
* Add tests to validate MSB not ok for Curve25519 and
  Curve448.
* Add a test to generate key for for Curve448.

Signed-off-by: Archana <archana.madhavan@silabs.com>
2021-07-12 20:47:11 +05:30
Yuto Takano
36c8ddc4cc Replace _B with B to prevent reserved identifier clashes
Signed-off-by: Yuto Takano <yuto.takano@arm.com>
2021-07-12 16:02:07 +01:00
Archana
8584f5b68b
test: psa: Improve description of curve 448 tests
Improve the description of some curve 448 tests

Signed-off-by: Archana <archana.madhavan@silabs.com>
2021-07-12 20:11:08 +05:30
Archana
277572fa2b Fix coding style issue
Signed-off-by: Archana <archana.madhavan@silabs.com>
2021-07-12 09:00:57 +05:30
Archana
ef6aa5c46d Support Curve448 via the PSA API
Enable Curve448 support
Add test vectors to evaluate
* RFC 7748
* a known-answer public key export test.
* a known-answer ECDH (X448) test.

Signed-off-by: Archana <archana.madhavan@silabs.com>
2021-07-12 08:07:14 +05:30
Archana
1d2e2bb8cc Add missing Curve448 support for PSA keys
mbedtls_ecp_read_key and mbedtls_ecp_write_key are updated to include
support for Curve448 as prescribed by RFC 7748 §5.

Test suites have been updated to validate curve448 under Montgomery
curves.

Signed-off-by: Archana <archana.madhavan@silabs.com>
2021-07-12 08:02:54 +05:30
TRodziewicz
c3366a4185 Added mis-removed test and removed unneeded tests
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
2021-07-09 16:57:20 +02:00
TRodziewicz
299510e889 Correction to comments and changelog removed
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
2021-07-09 16:55:11 +02:00
TRodziewicz
7871c2e736 Adding new macro for tests failing
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
2021-07-09 14:27:04 +02:00