Commit graph

974 commits

Author SHA1 Message Date
Hanno Becker
a3389ebb09 Merge branch 'development-restricted' into iotssl-1306-rsa-is-vulnerable-to-bellcore-glitch-attack 2018-03-06 11:55:21 +00:00
Gilles Peskine
d76d8bc9a5 Merge branch 'pr_1352' into development-proposed 2018-02-20 16:42:08 +01:00
Gilles Peskine
e6844ccf2b Merge branch 'pr_1135' into development-proposed 2018-02-14 17:20:42 +01:00
Gilles Peskine
42a97ac693 Merge branch 'pr_1219' into development-proposed 2018-02-14 16:17:21 +01:00
Gilles Peskine
1e3fd69777 Merge remote-tracking branch 'upstream-public/pr/1333' into development-proposed 2018-02-14 15:12:49 +01:00
Antonio Quartulli
8d7d1ea9f6
tests_suite_pkparse: new PKCS8-v2 keys with PRF != SHA1
Extend the pkparse test suite with the newly created keys
encrypted using PKCS#8 with PKCS#5 v2.0 with PRF being
SHA224, 256, 384 and 512.

Signed-off-by: Antonio Quartulli <antonio@openvpn.net>
2018-02-08 17:18:20 +08:00
Antonio Quartulli
bfa440e9fb
tests/pkcs5/pbkdf2_hmac: extend array to accommodate longer results
Some unit tests for pbkdf2_hmac() have results longer than
99bytes when represented in hexadecimal form.

For this reason extend the result array to accommodate
longer strings.

At the same time make memset() parametric to avoid
bugs in the future.

Signed-off-by: Antonio Quartulli <antonio@openvpn.net>
2018-02-08 17:18:19 +08:00
Antonio Quartulli
e87e885756
tests/pkcs5/pbkdf2_hmac: add unit tests for additional SHA algorithms
Test vectors for SHA224,256,384 and 512 have been
generated using Python's hashlib module by the
following oneliner:

import binascii, hashlib
binascii.hexlify(hashlib.pbkdf2_hmac(ALGO, binascii.unhexlify('PASSWORD'), binascii.unhexlify('SALT'), ITER, KEYLEN)))

where ALGO was 'sha224', 'sha256', 'sha384' and 'sha512'
respectively.

Values for PASSWORD, SALT, ITER and KEYLEN were copied from the
existent test vectors for SHA1.

For SHA256 we also have two test vectors coming from RFC7914 Sec 11.

Signed-off-by: Antonio Quartulli <antonio@openvpn.net>
2018-02-08 17:18:19 +08:00
Antonio Quartulli
12ccef2761
pkcs5v2: add support for additional hmacSHA algorithms
Currently only SHA1 is supported as PRF algorithm for PBKDF2
(PKCS#5 v2.0).
This means that keys encrypted and authenticated using
another algorithm of the SHA family cannot be decrypted.

This deficiency has become particularly incumbent now that
PKIs created with OpenSSL1.1 are encrypting keys using
hmacSHA256 by default (OpenSSL1.0 used PKCS#5 v1.0 by default
and even if v2 was forced, it would still use hmacSHA1).

Enable support for all the digest algorithms of the SHA
family for PKCS#5 v2.0.

Signed-off-by: Antonio Quartulli <antonio@openvpn.net>
2018-02-08 17:18:15 +08:00
Ron Eldor
9566ff7913 Fix minor issues raised in PR review
1. Style issues fixes - remove redundant spacing.
2. Remove depency of `MBEDTLS_RSA_C` in `pk_parse_public_keyfile_rsa()`
tests, as the function itself is dependent on it.
2018-02-07 18:59:41 +02:00
Ron Eldor
c15399843e Add some tests for different available profiles
Add tests for suite b profile and for the next profile
2018-02-06 18:47:17 +02:00
Jaeden Amero
3b438d33c1 Update version to 2.7.0 2018-02-02 18:09:45 +00:00
Andres Amaya Garcia
6ff067d73d Add missing stdint.h header to test_suite_pk.func 2018-01-29 20:51:55 +01:00
Andres Amaya Garcia
7ea67274f7 Fix test_suite_pk.function to work on 64-bit ILP32
This change fixes a problem in the tests pk_rsa_alt() and
pk_rsa_overflow() from test_suite_pk.function that would cause a
segmentation fault. The problem is that these tests are only designed
to run in computers where the SIZE_MAX > UINT_MAX.
2018-01-29 20:47:18 +01:00
Jaeden Amero
66954e1c1f Merge branch 'development' into development-restricted 2018-01-25 17:28:31 +00:00
Jaeden Amero
005239e3ed Merge remote-tracking branch 'upstream-public/pr/1294' into development 2018-01-25 14:47:39 +00:00
Jaeden Amero
475325632e Merge branch 'development' into development-restricted 2018-01-24 20:09:36 +00:00
Reut Caspi
e278b36461 Change mbedtls_entropy_func in tests to mbedtls_test_entropy_func
Change function in tests named mbedtls_entropy_func to
mbedtls_test_entropy_func to avoid getting error from the linker when
calling the mbedtls_entropy_func elsewhere.
2018-01-24 20:05:45 +00:00
Jaeden Amero
3c082ce293 Merge branch 'development' into development-restricted 2018-01-24 15:17:15 +00:00
Jaeden Amero
fbeed6e2a5 Merge remote-tracking branch 'upstream-public/pr/1236' into development 2018-01-24 10:43:39 +00:00
Gilles Peskine
9e4f77c606 New MD API: rename functions from _ext to _ret
The _ext suffix suggests "new arguments", but the new functions have
the same arguments. Use _ret instead, to convey that the difference is
that the new functions return a value.
2018-01-22 11:54:42 +01:00
Gilles Peskine
d91f2a26cb Merge branch 'development' into iotssl-1251-2.7
Conflict resolution:

* ChangeLog: put the new entries in their rightful place.
* library/x509write_crt.c: the change in development was whitespace
  only, so use the one from the iotssl-1251 feature branch.
2018-01-19 11:25:10 +01:00
Gilles Peskine
d40c22ba20 Merge branch 'development' into development-restricted 2018-01-17 08:03:33 +01:00
Hanno Becker
71b0060af7 Merge branch 'development' into iotssl-247 2018-01-15 11:31:34 +00:00
Jaeden Amero
31f3f0b87b Merge branch 'development' into development-restricted 2018-01-10 13:17:02 +00:00
Hanno Becker
d4d60579e4 Address issues found by coverity
1) `mbedtls_rsa_import_raw` used an uninitialized return
   value when it was called without any input parameters.
   While not sensible, this is allowed and should be a
   succeeding no-op.

2) The MPI test for prime generation missed a return value
   check for a call to `mbedtls_mpi_shift_r`. This is neither
   critical nor new but should be fixed.

3) Both the RSA keygeneration example program and the
   RSA test suites contained code initializing an RSA context
   after a potentially failing call to CTR DRBG initialization,
   leaving the corresponding RSA context free call in the
   cleanup section of the respective function orphaned.
   While this defect existed before, Coverity picked up on
   it again because of newly introduced MPI's that were
   also wrongly initialized only after the call to CTR DRBG
   init. The commit fixes both the old and the new issue
   by moving the initializtion of both the RSA context and
   all MPI's prior to the first potentially failing call.
2018-01-10 07:30:47 +00:00
Jaeden Amero
f342cb791b Merge branch 'development' into development-restricted 2018-01-09 13:16:37 +00:00
Hanno Becker
8bc74d6f2f Merge branch 'development' into iotssl-1619 2018-01-03 10:24:02 +00:00
Manuel Pégourié-Gonnard
eb2a6ab518 Merge branch 'development' into development-restricted
* development:
  Timing self test: shorten redundant tests
  Timing self test: increased duration
  Timing self test: increased tolerance
  Timing unit tests: more protection against infinite loops
  Unit test for mbedtls_timing_hardclock
  New timing unit tests
  selftest: allow excluding a subset of the tests
  selftest: allow running a subset of the tests
  selftest: refactor to separate the list of tests from the logic
  Timing self test: print some diagnosis information
  mbedtls_timing_get_timer: don't use uninitialized memory
  timing interface documentation: minor clarifications
  Timing: fix mbedtls_set_alarm(0) on Unix/POSIX
2017-12-26 10:42:50 +01:00
Manuel Pégourié-Gonnard
ae3925c774 Merge remote-tracking branch 'public/pr/1136' into development
* public/pr/1136:
  Timing self test: shorten redundant tests
  Timing self test: increased duration
  Timing self test: increased tolerance
  Timing unit tests: more protection against infinite loops
  Unit test for mbedtls_timing_hardclock
  New timing unit tests
  selftest: allow excluding a subset of the tests
  selftest: allow running a subset of the tests
  selftest: refactor to separate the list of tests from the logic
  Timing self test: print some diagnosis information
  mbedtls_timing_get_timer: don't use uninitialized memory
  timing interface documentation: minor clarifications
  Timing: fix mbedtls_set_alarm(0) on Unix/POSIX
2017-12-26 10:42:20 +01:00
Micha Kraus
ba8316f790 fix bug in get_one_and_zeros_padding()
add test case (“0000000082”) which fails with the old implementation.
2017-12-23 23:40:08 +01:00
Hanno Becker
a47023e4d5 Incorporate comments on merge commit
* Correct order of sections in ChangeLog
* Restore unintentionally removed whitespace and
  formatting improvements.
* Consistently rename MBEDTLS_ERR_RSA_EXPORT_UNSUPPORTED
  to MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION in rsa.h
  documentation.
2017-12-22 17:08:40 +00:00
Hanno Becker
f40cdf9971 Add dependency of new RSA tests on presence of strong entropy source
During the work on the RSA change the issue was brought up,
and a fix was provided on development, that some RSA tests
use CTR DRBG and depend on the presence of a strong entropy
source to succeed. The RSA work introduced more tests using
CTR DRBG, and the dependency needs to be added for them, too.
2017-12-22 11:10:21 +00:00
Hanno Becker
32297e8314 Merge branch 'development' into iotssl-1619 2017-12-22 10:24:32 +00:00
Gilles Peskine
2a26d620fb Timing unit tests: more protection against infinite loops
If timing_timer_simple fails because it detects that timers are likely
to never expire (e.g. going backward or not incrementing), skip all
tests that rely on timers.
2017-12-20 21:57:48 +01:00
Gilles Peskine
078f1a1512 Unit test for mbedtls_timing_hardclock
Do test mbedtls_timing_hardclock. We can't reliably test much about
it, but at least test that it doesn't crash, isn't constant, and
doesn't look completely random.
2017-12-20 21:57:48 +01:00
Gilles Peskine
8064bf3adf New timing unit tests
New set of unit tests for the timing module, instead of just running
the selftest function.

The selftest function sometimes fails on a heavily loaded
machine (such as a typical continuous integration system). Because of
the all-in-one nature of the test and because the exact load pattern
can be hard to reproduce, it is difficult to diagnose failures of CI
runs with selftest. The new tests are more separated and I strove to
point out potential failure modes in comments.

* mbedtls_timing_hardclock: not tested. This function gives so few
  guarantees that there isn't much to test, and it is hard to test
  reliably because clock cycles don't easily relate to time in any
  remotely portable way. This function isn't used in the library
  anyway, it's only there for benchmark programs.
* mbedtls_timing_get_timer: tested by setting a timer and verifying
  that it reaches its target, and by verifying that a timer started
  later than another always has a smaller elapsed time.
* mbedtls_set_alarm: tested by setting an alarm, busy-waiting for it
  and measuring the elapsed time with a timer.
* mbedtls_timing_set_delay, mbedtls_timing_get_delay: tested by
  setting a delay object and watching it go through its two delay
  values, using a timer to check that the delays are passed at the
  expected time.

The tests pass under light to moderate load, but some of them can be
defeated with sufficiently heavy load. This is unavoidable since the
test process to be effectively suspended for any length of time,
making us think that a timer has gone on for too long.
2017-12-20 21:57:48 +01:00
Manuel Pégourié-Gonnard
1827368b01 Merge branch 'development' into development-restricted
* development:
  Don't split error code description across multiple lines
  Register new error code in error.h
  Move deprecation to separate section in ChangeLog
  Extend scope of ERR_RSA_UNSUPPORTED_OPERATION error code
  Adapt RSA test suite
  Adapt ChangeLog
  Deprecate usage of RSA primitives with wrong key type
2017-12-19 11:28:36 +01:00
Manuel Pégourié-Gonnard
4712119687 Merge remote-tracking branch 'restricted/pr/397' into development
* restricted/pr/397:
  Don't split error code description across multiple lines
  Register new error code in error.h
  Move deprecation to separate section in ChangeLog
  Extend scope of ERR_RSA_UNSUPPORTED_OPERATION error code
  Adapt RSA test suite
  Adapt ChangeLog
  Deprecate usage of RSA primitives with wrong key type
2017-12-19 11:27:22 +01:00
Gilles Peskine
880c6e74a1 Merge branch 'development' into development-restricted 2017-12-04 18:00:26 +00:00
Gilles Peskine
e3783da0b2 Merge remote-tracking branch 'upstream-public/pr/1172' into development 2017-12-01 22:36:21 +01:00
Gilles Peskine
7fb29b17c7 Merge branch 'development' into development-restricted 2017-11-28 18:46:09 +01:00
Gilles Peskine
4daffe236a Merge branch 'pr_1025' into development
Merge PR #1025 + ChangeLog entry
2017-11-28 18:23:53 +01:00
Gilles Peskine
ea8d697fa2 Merge remote-tracking branch 'upstream-public/pr/1089' into development
Resolve trivial conflict due to additions in the same place in
tests/data_files/Makefile; minor comment/whitespace presentation
improvements.
2017-11-28 17:32:32 +01:00
Gilles Peskine
f2421210a5 Merge remote-tracking branch 'upstream-public/pr/828' into development 2017-11-28 17:22:37 +01:00
Gilles Peskine
9c8ac0ce2c Merge remote-tracking branch 'upstream-restricted/pr/404' into development-restricted 2017-11-28 15:50:02 +01:00
Gilles Peskine
2507267cd4 Merge branch 'development' into development-restricted 2017-11-24 16:05:49 +01:00
Gilles Peskine
e7707228b4 Merge remote-tracking branch 'upstream-public/pr/1062' into development 2017-11-24 15:35:50 +01:00
Manuel Pégourié-Gonnard
bfa8df4c7e Merge remote-tracking branch 'restricted/pr/416' into development-restricted
* restricted/pr/416:
  RSA PSS: remove redundant check; changelog
  RSA PSS: fix first byte check for keys of size 8N+1
  RSA PSS: fix minimum length check for keys of size 8N+1
  RSA: Fix another buffer overflow in PSS signature verification
  RSA: Fix buffer overflow in PSS signature verification
2017-11-23 12:10:01 +01:00
Darryl Green
f5bcbede92 Add tests for invalid private parameters in mbedtls_ecdsa_sign() 2017-11-17 17:09:31 +00:00