This will be used for comparison in unit tests.
Add a possibility to write certificates with SAN
in cert_write.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
This change affects:
- both PEM and DER files, since they contain the same public key
only in different formats
- "ec_pub.comp.pem" since it's the same as "ec_pub.pem" but in
compressed format
The makefile was also updated accordingly to reflect these
dependencies.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
The test file was created by manually modifying
tests/data_files/pkcs7_data_without_cert_signed.der, using
ASN.1 JavaScript decoder https://lapo.it/asn1js/
Changes made:
The SignerInfos set was truncated to zero length.
All the parent sequences, sets, etc were then adjusted
for their new reduced length.
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
This commit adds well-formed reproducers for the memory management
issues fixed in the following commits:
290f01b3f5e7f8c616d0f7641544ea
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
The contentInfo field of PKCS7 Signed Data structures can
optionally contain the content of the signature. Per RFC 2315
it can also contain any of the PKCS7 data types. Add test and
comments making it clear that the current implementation
only supports the DATA content type and the data must be empty.
Return codes should be clear whether content was invalid or
unsupported.
Identification and fix provided by:
- Demi Marie Obenour <demiobenour@gmail.com>
- Dave Rodgman <dave.rodgman@arm.com>
Signed-off-by: Nick Child <nick.child@ibm.com>
Previously, a loop in pkcs7_get_signers_info_set was not
getting covered by tests. This was because when there are
two or less signers, the loop will not execute.
Therefore, add new data files for another signer and use
three signers to generate a new pkcs7 DER file. Add a test
case to make sure that verification is still successfula and
use the test script to create ASN1 errors throoughout the
stucture:
./generate_pkcs7_tests.py ../data_files/pkcs7_data_3_signed.der
This results in the loop being executed.
Signed-off-by: Nick Child <nick.child@ibm.com>
Additionally fix the generation of test_csr_v3_all_malformed_extension_ns_cert_bitstream_tag.csr.der which was incorectly malformed.
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
- added 2 new certificates: 1 for testing a serial which is full lenght
and another one for a serial which starts with 0x80
- added also proper Makefile and openssl configuration file to generate
these 2 new certificates
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
The already existing "x509_csr_check()" function is extended in order
to support/test also CSR's extensions. The test is performed by
adding an extended key usage.
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
Windows tests are failing pkcs7 verification due to differnt line
endings. Therefore, add make instuctions for building the data
files with Windows EOF instead. As a result, regenerate other data
files so that verification works.
Add these CRLF EOF files to the exception in check_files to ignore
the line endings.
Signed-off-by: Nick Child <nick.child@ibm.com>
Fixes include removing PEM dependency for greater
coverage when PEM config is not set and defining
test dependencies at the appropriate level.
Signed-off-by: Nick Child <nick.child@ibm.com>
OpenSSL provides APIs to generate only the signted data
format PKCS7 i.e. without content type OID. This patch
adds support to parse the data correctly even if formatted
only as signed data
Signed-off-by: Nayna Jain <nayna@linux.ibm.com>
PKCS7 signing format is used by OpenPOWER Key Management, which is
using mbedtls as its crypto library.
This patch adds the limited support of pkcs7 parser and verification
to the mbedtls. The limitations are:
* Only signed data is supported.
* CRLs are not currently handled.
* Single signer is supported.
Signed-off-by: Daniel Axtens <dja@axtens.net>
Signed-off-by: Eric Richter <erichte@linux.ibm.com>
Signed-off-by: Nayna Jain <nayna@linux.ibm.com>
Test certs were originally generated with an old version of Mbed TLS
that used printableString where we now use utf8string (e.g., in the
organizationName). Otherwise the certs are identical.
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
Use escape mechanism defined in RFC 1779 when parsing commas and other
special characters in X509 DN values. Resolves failures when generating
a certificate with a CSR containing a comma in subject value.
Fixes#769.
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
Reverting some deleted tests and changing the deprecated algo
Deleting deprecated headers from /alt-dummy dir
Corrections to the comments
Removal of deleted functions from compat-2.x.h
Corrections to tests/data_files/Makefile
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
An SSL client can be configured to insist on a minimum size for the
Diffie-Hellman (DHM) parameters sent by the server. Add several test
cases where the server sends parameters with exactly the minimum
size (must be accepted) or parameters that are one bit too short (must
be rejected). Make sure that there are test cases both where the
boundary is byte-aligned and where it isn't.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Add missing tag check for algorithm parameters when comparing the
signature in the description part of the cert against the actual
signature whilst loading a certificate. This was found by a
certificate (created by fuzzing) that openssl would not verify, but
mbedtls would.
Regression test added (one of the client certs modified accordingly)
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
Add a non-regression test for ssl_context_info to ensure the base64
decoder doesn't stop processing when it encounters a 0xFF character.
Signed-off-by: David Brown <david.brown@linaro.org>
The toplevel directory is actually just ../..: the makefile commands
are executed in the subdirectory. $(PWD) earlier was wrong because it
comes from the shell, not from make. Looking up $(MAKEFILE_LIST) is
wrong because it indicates where the makefile is (make -f), not which
directory to work in (make -C).
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
It wasn't working when invoking programs/x509/cert_write or
programs/x509/cert_req due to relying on the current directory rather
than the location of the makefile.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
As a result, the copyright of contributors other than Arm is now
acknowledged, and the years of publishing are no longer tracked in the
source files.
Also remove the now-redundant lines declaring that the files are part of
MbedTLS.
This commit was generated using the following script:
# ========================
#!/bin/sh
# Find files
find '(' -path './.git' -o -path './3rdparty' ')' -prune -o -type f -print | xargs sed -bi '
# Replace copyright attribution line
s/Copyright.*Arm.*/Copyright The Mbed TLS Contributors/I
# Remove redundant declaration and the preceding line
$!N
/This file is part of Mbed TLS/Id
P
D
'
# ========================
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
RFC5280 does not state that the `revocationDate` should be checked.
In addition, when no time source is available (i.e., when MBEDTLS_HAVE_TIME_DATE is not defined), `mbedtls_x509_time_is_past` always returns 0. This results in the CRL not being checked at all.
https://tools.ietf.org/html/rfc5280
Signed-off-by: Raoul Strackx <raoul.strackx@fortanix.com>
This commit was generated using the following script:
# ========================
#!/bin/sh
# Find scripts
find -path './.git' -prune -o '(' -name '*.gdb' -o -name '*.pl' -o -name '*.py' -o -name '*.sh' ')' -print | xargs sed -i '
# Remove Mbed TLS declaration if it occurs before the copyright line
1,/Copyright.*Arm/I {
/This file is part of/,$ {
/Copyright.*Arm/I! d
}
}
# Convert non-standard header in scripts/abi_check.py to the format used in the other scripts
/"""/,/"""/ {
# Cut copyright declaration
/Copyright.*Arm/I {
h
N
d
}
# Paste copyright declaration
/"""/ {
x
/./ {
s/^/# / # Add #
x # Replace orignal buffer with Copyright declaration
p # Print original buffer, insert newline
i\
s/.*// # Clear original buffer
}
x
}
}
/Copyright.*Arm/I {
# Print copyright declaration
p
# Read the two lines immediately following the copyright declaration
N
N
# Insert Apache header if it is missing
/SPDX/! {
i\
# SPDX-License-Identifier: Apache-2.0\
#\
# Licensed under the Apache License, Version 2.0 (the "License"); you may\
# not use this file except in compliance with the License.\
# You may obtain a copy of the License at\
#\
# http://www.apache.org/licenses/LICENSE-2.0\
#\
# Unless required by applicable law or agreed to in writing, software\
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT\
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\
# See the License for the specific language governing permissions and\
# limitations under the License.
# Insert Mbed TLS declaration if it is missing
/This file is part of/! i\
#\
# This file is part of Mbed TLS (https://tls.mbed.org)
}
# Clear copyright declaration from buffer
D
}
'
# ========================
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
Convert all text files to Unix line endings unless they're Windows
stuff.
Make sure that all text files have a trailing newline.
Remove whitespace at the end of lines.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
When parsing a certificate with the basic constraints extension
the max_pathlen that was read from it was incremented regardless
of its value. However, if the max_pathlen is equal to INT_MAX (which
is highly unlikely), an undefined behaviour would occur.
This commit adds a check to ensure that such value is not accepted
as valid. Relevant tests for INT_MAX and INT_MAX-1 are also introduced.
Certificates added in this commit were generated using the
test_suite_x509write, function test_x509_crt_check. Input data taken
from the "Certificate write check Server1 SHA1" test case, so the generated
files are like the "server1.crt", but with the "is_ca" field set to 1 and
max_pathlen as described by the file name.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
Merge `unremove-non-crypto` into `mbedtls/development`. The branch
`unremove-non-crypto` was obtained by starting from `mbed-crypto/development`,
then reverting many commits that removed X.509 and TLS functionality when Mbed
Crypto forked from Mbed TLS (the “unremoval”), then make a few tweaks to
facilitate the merge.
The unremoval step restored old versions of some tls files. If a file doesn't
exist in mbed-crypto, check out the mbedtls version, regardless of what
happened during the unremoval of tls files in the crypto tree. Also
unconditionally take the mbedtls version of a few files where the
modifications are completely project-specific and are not relevant in
mbed-crypto:
* `.github/issue_template.md`: completely different. We may want to reconcile
them independently as a follow-up.
* `.travis.yml`: would only be reverted to an earlier tls version.
* `README.md`: completely different. We may want to reconcile them
independently as a follow-up.
* `doxygen/input/doc_mainpage.h`: the changes in crypto were minimal and not
relevant except as a stopgap as mbed-crypto did not have its own product
versioning in the Doxygen documentation.
* `tests/.jenkins/Jenkinsfile`: completely different.
* `tests/data_files/Makefile`: there were no changes in mbed-crypto,
but the unremoval step restored an old version.
Shell script for everything to do after the merge apart from the conflict
resolution:
```
tls_files=($(comm -23 <(git ls-tree -r --name-only HEAD) <(git ls-tree -r --name-only $(git merge-base upstream-crypto/development MERGE_HEAD))))
tls_files+=($tls_files .github/issue_template.md .travis.yml README.md doxygen/input/doc_mainpage.h tests/.jenkins/Jenkinsfile tests/data_files/Makefile)
git checkout --theirs HEAD -- $tls_files
git add -- $tls_files
```
Resolve the remaining conflicts:
* `library/CMakeLists.txt`:
* Keep the TLS definition of `src_crypto`
* `USE_SHARED_MBEDTLS_LIBRARY`: keep all three libraries, with both
`include` and `crypto/include` in `target_include_directories`, all with
version `2.21.0`.
* `programs/Makefile`:
* Reconcile the APPS lists (add/add from a differently-formatted common
ancestor): insert the `psa/*` from crypto into the tls list.
* Keep the `fuzz` target defined only in tls version.
* Keep the recipe (only in tls version) cleaning `ssl_pthread_server`
stuff for the `clean` target.
* `scripts/config.py`:
* `include_in_full`: add/add conflict. Keep both.
* `tests/scripts/all.sh`:
* `component_test_no_use_psa_crypto_full_cmake_asan`: partially old
version in crypto. Take the tls version.
* `component_test_malloc_0_null` and more: take
`component_test_malloc_0_null` from crypto (with `config.py` rather than
`config.pl`, and with `$ASAN_FLAGS` rather than an explicit list), but
add the call to `ssl-opt.sh` from tls. Take the other components from
crypto.
With this commit, building and running the unit tests with both `make ` and
`cmake` work in the default configuration on Linux. Other platforms, build
systems and configurations are likely not to work, and there is some
regression in test coverage.
There is some loss of functionality because the unremoval step restored older
versions of tls content. This commit contains the latest tls version of
tls-only files, but some changes from the tls side in files that existed on
both sides have regressed. Most problematic changes are hunks that remove some
tls-specific feature and contain either a C preprocessor symbol identifying a
tls-specific module or option, or the name of a tls-specific file. Hunks
that remove a tls-specific preprocessor symbol can be identified with the
regular expression `^-.*MBEDTLS_(ERR_)?(PKCS11|X509|NET|SSL)_`.
Subsequent commits will revert a few parts of the patch from this merge commit
in order to restore the tls functionality that it removes, ensure that the
test coverage includes what was covered in either branch, and fix test
failures.
Add pk_write test cases where the ASN.1 INTEGER encoding of the
private value would not have the mandatory size for the OCTET STRING
that contains the value.
ec_256_long_prv.pem is a random secp256r1 private key, selected so
that the private value is >= 2^255, i.e. the top bit of the first byte
is set (which would cause the INTEGER encoding to have an extra
leading 0 byte).
ec_521_short_prv.pem is a random secp521r1 private key, selected so
that the private value is < 2^519, i.e. the first byte is 0 and the
top bit of the second byte is 0 (which would cause the INTEGER
encoding to have one less 0 byte at the start).
Conflicts and changes:
* Files that do not exist in Mbed Crypto and have changed in Mbed TLS:
These files should not exist in Mbed Crypto. Keep them deleted.
* tests/data_files/test-ca.server1.db: new file in Mbed TLS, don't create
it in Mbed Crypto.
* tests/data_files/rsa_pkcs1_1024_clear.pem: do create this file in
Mbed Crypto. I don't see why it would be kept out.
* tests/data_files/Makefile: don't take any of the changes in sections
that have been removed in Crypto. Do take in the certificate
expiration date updates and the extra .crt.der rules (even if Crypto
doesn't actually use those certificates: removing them would be out
of scope of the present merge).
* tests/suites/helpers.function: consecutive additions, take
both (order indifferent).
* restricted/pr/573:
Remove redundant config.pl call
Add a test for signing content with a long ECDSA key
Add documentation notes about the required size of the signature buffers
Add missing MBEDTLS_ECP_C dependencies in check_config.h
Change size of preallocated buffer for pk_sign() calls
* origin/pr/2430:
Document support for MD2 and MD4 in programs/x509/cert_write
Correct name of X.509 parsing test for well-formed, ill-signed CRT
Add test cases exercising successful verification of MD2/MD4/MD5 CRT
Add test case exercising verification of valid MD2 CRT
Add MD[245] test CRTs to tree
Add instructions for MD[245] test CRTs to tests/data_files/Makefile
Add suppport for MD2 to CSR and CRT writing example programs
Remove use of MD2 in further x509parse tests
Convert further x509parse tests to use lower-case hex data
Correct placement of ChangeLog entry
Adapt ChangeLog
Use SHA-256 instead of MD2 in X.509 CRT parsing tests
Consistently use lower case hex data in X.509 parsing tests
Due to the way the current PK API works, it may have not been clear
for the library clients, how big output buffers they should pass
to the signing functions. Depending on the key type they depend on
MPI or EC specific compile-time constants.
Inside the library, there were places, where it was assumed that
the MPI size will always be enough, even for ECDSA signatures.
However, for very small sizes of the MBEDTLS_MPI_MAX_SIZE and
sufficiently large key, the EC signature could exceed the MPI size
and cause a stack overflow.
This test establishes both conditions -- small MPI size and the use
of a long ECDSA key -- and attempts to sign an arbitrary file.
This can cause a stack overvlow if the signature buffers are not
big enough, therefore the test is performed for an ASan build.
