Commit graph

9628 commits

Author SHA1 Message Date
Janos Follath
be4efc2b38 Move the examples to PSA 1.0 2019-08-16 13:37:32 +01:00
Janos Follath
df3b0892ce Use psa_raw_key_agreement
In PSA 1.0 raw key agreement has been moved from
psa_key_derivation_key_agreement() to its own separate function call,
called psa_raw_key_agreement().
2019-08-16 13:37:32 +01:00
Janos Follath
1239d70870 Remove calls to psa_allocate_key
In PSA 1.0 keys are allocated implicitly by other functions
(like psa_import_key) and psa_allocate_key is not needed and does not
exist anymore.
2019-08-16 13:37:32 +01:00
Janos Follath
53b8ec27a2 Make variable naming consistent 2019-08-16 13:37:32 +01:00
Janos Follath
7bb5e6b4da Update psa_create_key to PSA 1.0 2019-08-16 13:37:32 +01:00
Janos Follath
ed73b04c6e Update psa_import_key to PSA 1.0 2019-08-16 13:36:15 +01:00
Janos Follath
bd096101b5 Update psa_generator_abort to PSA 1.0 2019-08-16 11:45:55 +01:00
Janos Follath
6de99db449 Update psa_generator_read to PSA 1.0 2019-08-16 11:45:55 +01:00
Janos Follath
8dee877e8a Update psa_crypto_generator_t to PSA 1.0 2019-08-16 11:45:55 +01:00
Janos Follath
7d7ded85fb Update psa_key_agreement to PSA 1.0 2019-08-16 11:45:55 +01:00
Janos Follath
7374ee6139 Update GENERATOR_INIT macro to PSA 1.0 2019-08-16 11:45:55 +01:00
Janos Follath
3d158ebd2f Update KEYPAIR macros to PSA 1.0 2019-08-16 11:45:53 +01:00
Jaeden Amero
8813fef228 Merge remote-tracking branch 'origin/pr/2756' into development
* origin/pr/2756:
  Update crypto to a repo with latest crypto
  Update Mbed Crypto
  tls: Remove duplicate psa_util.h include
  Remove unused cryptography test files
  Remove crypto C files
  Remove files sourced from Mbed Crypto
  config: Fix Doxygen link to MBEDTLS_PARAM_FAILED
  Use mbedtls-based path for includes
  check-names: Consider crypto-sourced header files
2019-08-16 10:12:09 +01:00
Jaeden Amero
ec1f91799f Update crypto to a repo with latest crypto
Use a version of Mbed Crypto with 100% up-to-date crypto and tool
changes from Mbed TLS. This is necessary in order for the check params
feature to work in deprecated removed builds and for the arm5vte build
to succeed.
2019-08-15 16:42:21 +01:00
Jaeden Amero
c5ad90a6a7 Update Mbed Crypto
Update Mbed Crypto to a version that supports its headers being used
from a parent project.
2019-08-15 15:44:50 +01:00
Jaeden Amero
922013e46d tls: Remove duplicate psa_util.h include
Don't include psa_util.h twice. It's enough to include it once.
2019-08-15 15:44:50 +01:00
Jaeden Amero
70de9dc052 Remove unused cryptography test files 2019-08-15 15:44:50 +01:00
Jaeden Amero
a0aee30644 Remove crypto C files
Remove unused cryptography C files, as these are sourced from Mbed
Crypto now.
2019-08-15 15:44:50 +01:00
Jaeden Amero
815e9a21a3 Remove files sourced from Mbed Crypto
Remove cryptography related files and a few utility header files that
are shared between Mbed TLS and Mbed Crypto. Mbed TLS will use an Mbed
Crypto sourced version of each of these header files in order to ease
the maintenance burden of both libraries, and to make it easier to keep
Mbed TLS and Mbed Crypto in sync.

As part of removing cryptography related files, tell Doxygen to source
information from the removed the headers, so that it will consider them
for inclusion within Doxygen output.

Later, as part of the Mbed TLS 3.0 (API breaking version), we'll
restructure the organization of the 3 libraries a bit, to move some
things out of Mbed Crypto that don't belong there.

Candidates of not belonging in Mbed Crypto, but are in libmbedcrypto.so
for legacy reasons:
 - asn1.h
 - asn1write.h
 - base64.h
 - memory_buffer_alloc.h
 - platform.h
 - platform_time.h
 - platform_util.h
 - threading.h
 - timing.h
 - version.h
2019-08-15 15:44:50 +01:00
Jaeden Amero
dbe4ff80cf config: Fix Doxygen link to MBEDTLS_PARAM_FAILED
Don't use `#` for linking to function-like macros.
2019-08-15 15:44:50 +01:00
Jaeden Amero
6609aef809 Use mbedtls-based path for includes
To help the build system find the correct include files, paths starting
with "mbedtls/" or "psa/" must be used. Otherwise, you can run into
build failures like the following when building Mbed Crypto as a
submodule.

    In file included from chachapoly.c:31:0:
    ../../include/mbedtls/chachapoly.h:43:10: fatal error: poly1305.h: No such file or directory
     #include "poly1305.h"
              ^~~~~~~~~~~~
    compilation terminated.
2019-08-15 15:44:50 +01:00
Jaeden Amero
78d9d0c1e9 check-names: Consider crypto-sourced header files
Many identifiers come from Mbed Crypto. Teach check-names.sh to look in
the crypto submodule for identifiers, to avoid incorrect test results.
2019-08-15 15:24:26 +01:00
Gilles Peskine
61fc108d25 Merge remote-tracking branch 'upstream-public/pr/2728' into development 2019-08-14 16:00:58 +02:00
Gilles Peskine
1435767d2a Merge remote-tracking branch 'upstream-public/pr/2753' into development 2019-08-14 16:00:11 +02:00
Gilles Peskine
681edbeaa6 Merge remote-tracking branch 'upstream-public/pr/2777' into development 2019-08-14 15:59:01 +02:00
Gilles Peskine
787d1515eb Merge remote-tracking branch 'upstream-public/pr/2779' into development 2019-08-14 15:58:07 +02:00
Gilles Peskine
26f3e2800d Honor MBEDTLS_CONFIG_FILE in fuzz tests 2019-08-13 18:00:02 +02:00
Gilles Peskine
56c0161b68 Test that a shared library build produces a dynamically linked executable 2019-08-13 17:54:26 +02:00
Gilles Peskine
cf74050fea Test that the shared library build with CMake works 2019-08-13 17:54:26 +02:00
Gilles Peskine
abf9b4dee8 Add a test of MBEDTLS_CONFIG_FILE
configs/README.txt documents that you can use an alternative
configuration file by defining the preprocessor symbol
MBEDTLS_CONFIG_FILE. Test this.
2019-08-13 17:54:26 +02:00
Gilles Peskine
6eece5b666 Exclude DTLS 1.2 only with older OpenSSL
compat.sh used to skip OpenSSL altogether for DTLS 1.2, because older
versions of OpenSSL didn't support it. But these days it is supported.

We don't want to use DTLS 1.2 with OpenSSL unconditionally, because we
still use legacy versions of OpenSSL to test with legacy ciphers. So
check whether the version we're using supports it.
2019-08-13 10:36:14 +02:00
Gilles Peskine
2c897d76ff Document the rationale for the armel build
Call the component xxx_arm5vte, because that's what it does. Explain
"armel", and more generally why this component exists, in a comment.
2019-08-09 16:05:05 +02:00
Gilles Peskine
8a52af9b77 Switch armel build to -Os
Without any -O option, the default is -O0, and then the assembly code
is not used, so this would not be a non-regression test for the
assembly code that doesn't build.
2019-08-08 16:09:02 +02:00
Gilles Peskine
be23b770a8
Merge pull request #2773 from gilles-peskine-arm/pr_2417-changelog
Changelog entry for test certificates update
2019-08-06 10:51:26 +02:00
Gilles Peskine
93e4e03f94 Add a build on ARMv5TE in ARM mode
Non-regression test for
"bn_mul.h: require at least ARMv6 to enable the ARM DSP code"
2019-08-05 11:41:29 +02:00
Gilles Peskine
a5cb7d48f3 Add changelog entry for ARM assembly fix 2019-08-05 11:41:24 +02:00
Aurelien Jarno
5daa34f155 bn_mul.h: require at least ARMv6 to enable the ARM DSP code
Commit 16b1bd8932 "bn_mul.h: add ARM DSP optimized MULADDC code"
added some ARM DSP instructions that was assumed to always be available
when __ARM_FEATURE_DSP is defined to 1. Unfortunately it appears that
the ARMv5TE architecture (GCC flag -march=armv5te) supports the DSP
instructions, but only in Thumb mode and not in ARM mode, despite
defining __ARM_FEATURE_DSP in both cases.

This patch fixes the build issue by requiring at least ARMv6 in addition
to the DSP feature.
2019-08-03 14:18:54 +02:00
Gilles Peskine
55603ee268 Changelog entry for test certificates update 2019-08-03 14:08:46 +02:00
Gilles Peskine
01655daeee
Merge pull request #2417 from RonEld/2734
Update soon to be expired crl
2019-08-03 13:38:14 +02:00
Gilles Peskine
82966d26c3
Merge pull request #2734 from hanno-arm/skip_test
Add TEST_ASSUME macro to allow skipping tests at runtime
2019-08-03 13:37:51 +02:00
Gilles Peskine
83d49bb84e
Merge pull request #2760 from dgreen-arm/fix-rev-parse-in-abi-script
Change worktree_rev to HEAD for rev-parse
2019-08-03 13:36:52 +02:00
Darryl Green
762351be1b Change worktree_rev to HEAD for rev-parse
Due to how the checking script is run in docker, worktree_rev is
ambiguous when running rev-parse. We're running it in the checked
out worktree, so we can use HEAD instead, which is unambiguous.
2019-07-25 14:33:33 +01:00
Hanno Becker
bf84d503b3 Adapt ChangeLog 2019-07-19 13:03:10 +01:00
Hanno Becker
59c92ed89b ECP restart: Don't calculate address of sub ctx if ctx is NULL
All modules using restartable ECC operations support passing `NULL`
as the restart context as a means to not use the feature.

The restart contexts for ECDSA and ECP are nested, and when calling
restartable ECP operations from restartable ECDSA operations, the
address of the ECP restart context to use is calculated by adding
the to the address of the ECDSA restart context the offset the of
the ECP restart context.

If the ECP restart context happens to not reside at offset `0`, this
leads to a non-`NULL` pointer being passed to restartable ECP
operations from restartable ECDSA-operations; those ECP operations
will hence assume that the pointer points to a valid ECP restart
address and likely run into a segmentation fault when trying to
dereference the non-NULL but close-to-NULL address.

The problem doesn't arise currently because luckily the ECP restart
context has offset 0 within the ECDSA restart context, but we should
not rely on it.

This commit fixes the passage from restartable ECDSA to restartable ECP
operations by propagating NULL as the restart context pointer.

Apart from being fragile, the previous version could also lead to
NULL pointer dereference failures in ASanDbg builds which dereferenced
the ECDSA restart context even though it's not needed to calculate the
address of the offset'ed ECP restart context.

dummy
2019-07-19 13:03:10 +01:00
Ron Eldor
991a05b411 Add support for all SHA modes in cert_write
Add support for `MBEDTLS_SHA_224` and `MBEDTLS_SHA_384` in
`cert_write`, to support generating such certificates in
`tests/data_files/Makefile`.
2019-07-14 09:17:57 +03:00
Jaeden Amero
ff645d9838 Merge remote-tracking branch 'origin/pr/2727' into development
* origin/pr/2727:
  tests: Limit each log to 10 GiB
2019-07-11 16:19:02 +01:00
Jaeden Amero
8306508250 Merge remote-tracking branch 'origin/pr/2660' into development
* origin/pr/2660:
  Fix parsing issue when int parameter is in base 16
  Refactor receive_uint32()
  Refactor get_byte function
  Make the script portable to both pythons
  Update the test encoding to support python3
  update the test script
2019-07-11 16:17:38 +01:00
Jaeden Amero
072959f5c2 Merge remote-tracking branch 'origin/pr/1622' into development
* origin/pr/1622: (29 commits)
  Do not build fuzz on windows
  No booleans and import config
  Removing space before opening parenthesis
  Style corrections
  Syntax fix
  Fixes warnings from MSVC
  Add a linker flag to enable gcov in basic-build-test.sh
  checks MBEDTLS_PEM_PARSE_C
  Restore programs/fuzz/Makefile after in-tree cmake
  Move fuzz directory to programs
  Documentation for corpus generation
  Restore tests/fuzz/Makefile after in-tree cmake
  Adding ifdefs to avoid warnings for unused globals
  Adds LDFLAGS fsanitize=address
  Ignore compiled object files and executables
  Also clean the fuzz subdirectory
  copyediting README.md
  Protecting client/server fuzz targts with ifdefs
  Makefile support 1
  Fuzz README and direct compilation
  ...
2019-07-11 16:17:18 +01:00
Philippe Antoine
a864db0dd6 Do not build fuzz on windows 2019-07-10 20:37:57 +02:00
Ron Eldor
9eeb8611b1 Update certificates to expire in 2029
Update certificates that expire on 2021, to prolong their validity,
to make tests pass three years ahead.
2019-07-10 16:46:34 +03:00