Commit graph

178 commits

Author SHA1 Message Date
Mateusz Starzyk
1aec64642c Remove certs module from mbedtls.
Certs will be used only by tests and programs.

Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
2021-03-16 15:51:25 +01:00
Mateusz Starzyk
06b07fb839 Drop support for SSLv3.
Remove options: MBEDTLS_SSL_MINOR_VERSION_0 and
MBEDTLS_SSL_PROTO_SSL3).

Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
2021-03-16 12:19:05 +01:00
Chris Jones
84a773f8e6 Rename ssl_internal.h to ssl_misc.h
Signed-off-by: Chris Jones <christopher.jones@arm.com>
2021-03-10 12:52:37 +00:00
Chris Jones
e2191cd789 Update includes to use library/ instead of include/mbedtls/
Simple find and replace using `#include (<|")mbedtls/(.*)_internal.h(>|")`
and `#include $1$2_internal.h$3`.

Also re-generated visualc files by running
`scripts/generate_visualc_files.pl`.

Signed-off-by: Chris Jones <christopher.jones@arm.com>
2021-03-10 12:52:37 +00:00
Gilles Peskine
1f186ff330 Add missing calls to USE_PSA_DONE
Some functions were not deinitializing the PSA subsystem. This could
lead to resource leaks at the level of individual test cases, and
possibly at the level of the whole test suite depending on the order
and selection of test cases.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-02-22 19:08:14 +01:00
Gilles Peskine
9de97e21fe Make {USE_,}PSA_{INIT,DONE} available in all test suites
Make USE_PSA_INIT() and USE_PSA_DONE() available in all test suites in
all cases, doing nothing if MBEDTLS_USE_PSA_CRYPTO is disabled. Use
those in preference to having explicit
defined(MBEDTLS_USE_PSA_CRYPTO) checks (but there may still be places
left where using the new macros would be better).

Also provide PSA_INIT() by symmetry with PSA_DONE(), functional
whenver MBEDTLS_PSA_CRYPTO_C is enabled, but currently unused.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-02-22 19:08:14 +01:00
Gilles Peskine
5d332f0274
Merge pull request #4105 from paul-elliott-arm/fix_test_leak
Fix for memory leak in ssl tests
2021-02-09 10:03:49 +01:00
Paul Elliott
c7b53747f7 Fix for memory leak in ssl tests
Fix for leaked buffers on error case in build_transforms() in
test_suite_ssl.function

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-02-03 16:15:05 +00:00
Chris Jones
9634bb10d9 Move helper testing functions to tests/src/helpers.c
Moves the functions `test_fail`, `test_set_step`, `test_skip` and the struct
`test_info` from `tests/suites/helpers.function` to `tests/src/helpers.*`.
This is done to open these functions up to the API where they can be used by
other functions in the 'src' test infrastructure module.

As the functions are now contained within the src folder of the testing
infrastructure, the `mbedtls_` prefix has been added to the functions.

Signed-off-by: Chris Jones <christopher.jones@arm.com>
2021-01-20 15:56:42 +00:00
Gilles Peskine
ef94c4fcf4
Merge pull request #3474 from ronald-cron-arm/common-mbedtls_param_failed
Common mbedtls_param_failed()
2020-10-06 22:15:42 +02:00
Hanno Becker
1413bd8ae9 Simplify identification of TLS 1.3 labels in unit test suite
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2020-09-09 12:46:09 +01:00
Hanno Becker
70d7fb0c2d Don't hardcode TLS 1.3 labels in test cases
ssl_tls1_3_keys.c exports a structure containing all labels used
in the TLS 1.3 key schedule, but the TLS 1.3 key scheduling unit
tests so far replicated those labels in the test file. In particular,
wrong label values in ssl_tls1_3_keys.c wouldn't have been caught
by the unit tests.

This commit modifies the TLS 1.3 key schedule unit tests to use
the TLS 1.3 labels as exported by ssl_tls1_3_keys.c. This not only
makes sure that those labels are correct, but also avoids hardcoding
their hex-encoding in the test file.

Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2020-09-09 10:17:37 +01:00
Hanno Becker
493ea7f4ae Remove instances of camelCase in TLS 1.3 key schedule
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2020-09-08 11:08:06 +01:00
Hanno Becker
fb08096b9b Use ASSERT_COMPARE instead of TEST_ASSERT( memcmp( ... ) == 0 )
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2020-09-08 11:07:42 +01:00
Hanno Becker
73c825ae4f Shorten include path in test_suite_ssl.function
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2020-09-08 10:52:58 +01:00
Hanno Becker
2d2c3eb687 Add tests for TLS 1.3 key evolution function
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2020-09-08 10:28:29 +01:00
Hanno Becker
e4849d10a6 Add test vectors for TLS 1.3 Derive-Secret
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2020-09-08 10:28:28 +01:00
Hanno Becker
19498f8fbd Add test vectors for TLS 1.3 traffic key generation
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2020-09-08 10:28:28 +01:00
Hanno Becker
39ff4928ff Add test vectors for TLS 1.3 HKDF-Expand-Label
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2020-09-08 10:28:28 +01:00
Manuel Pégourié-Gonnard
7fe2c5f086 Add mbedtls_ssl_cf_memcpy_offset() with tests
The tests are supposed to be failing now (in all.sh component
test_memsan_constant_flow), but they don't as apparently MemSan doesn't
complain when the src argument of memcpy() is uninitialized, see
https://github.com/google/sanitizers/issues/1296

The next commit will add an option to test constant flow with valgrind, which
will hopefully correctly flag the current non-constant-flow implementation.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-08-19 11:56:02 +02:00
Manuel Pégourié-Gonnard
eaa0739143
Merge pull request #716 from mpg/ct-varlen-hmac
Add constant-flow variable-length HMAC function
2020-08-10 12:40:33 +02:00
Manuel Pégourié-Gonnard
e55653f085 Improve comments about padlen convention
The convention from the TLS RFC is a bit unusual, so even if the test
function's introductory comment mentions that we're taking the RFC's
definition, it doesn't hurt to repeat it in crucial places.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-07-22 11:42:57 +02:00
Manuel Pégourié-Gonnard
c3219006ff Fix suboptimal use of ASSER_ALLOC()
Passing a length of 0 to it is perfectly acceptable, the macro was designed to
handle it correctly.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-07-22 11:31:19 +02:00
Manuel Pégourié-Gonnard
ca8287cbaf Use test_set_step() in loop in cf_hmac test
We only have a single integer available for two nested loops, but the loop
sizes are small enough compared to the integer's range that we can encode both
indexes. Since the integer is displayed in decimal in case of errors, use a
power of 10 to pack the two indexes together.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-07-22 11:31:19 +02:00
Manuel Pégourié-Gonnard
ed0e86428d Factor repeated condition to its own macro
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-07-22 11:31:19 +02:00
Manuel Pégourié-Gonnard
9670a59230 Start testing cf_hmac() for constant flow
Currently this breaks all.sh component test_memsan_constant_flow, just as
expected, as the current implementation is not constant flow.

This will be fixed in the next commit.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-07-22 11:31:18 +02:00
Manuel Pégourié-Gonnard
b51f04466f Fix misleading comment in test function
Everything works at the byte level, not bit level. Flipping the lsb is just
one convenient way to corrupt a byte, but don't really care about individual
bits.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-07-21 10:40:25 +02:00
Manuel Pégourié-Gonnard
864abbff4e Rework how lengths are expressed in CBC test
This is hopefully more readable in the .data file.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-07-21 10:37:14 +02:00
Manuel Pégourié-Gonnard
4adc04a8a3 Give a constant a name in test function
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-07-16 10:00:48 +02:00
Manuel Pégourié-Gonnard
65a6fa3e26 Make cf_hmac() STATIC_TESTABLE
The test function now depends on MBEDTLS_TEST_HOOKS, which is enabled by
config.py full, and since there are already components in all.sh exercising
the full config, this test function is sill exercised even with this new
dependency.

Since this is the first time a test function depends on MBEDTLS_TEST_HOOKS,
fix a bug in check-names.sh that wasn't apparent so far: headers from
library/*.h were not considered when looking for macro definitions. This
became apparent because MBEDTLS_STATIC_TESTABLE is defined in library/common.h
and started being used in library/ssl_msg.c, so was flagged as a likely typo.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-07-15 12:26:21 +02:00
Manuel Pégourié-Gonnard
045f094c81 Add dummy constant-flow HMAC function with tests
The dummy implementation is not constant-flow at all for now, it's just
here as a starting point and a support for developing the tests and putting
the infrastructure in place.

Depending on the implementation strategy, there might be various corner cases
depending on where the lengths fall relative to block boundaries. So it seems
safer to just test all possible lengths in a given range than to use only a
few randomly-chosen values.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-07-15 12:25:52 +02:00
Manuel Pégourié-Gonnard
913a204a33 Fix undeclared dependency of test function
The ssl_tranform structure lacks some members accessed by this function when
CBC is not enabled.

This was found by test-ref-configs.pl and all.sh
test_when_no_ciphersuites_have_mac, so no need to add a new test.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-07-09 10:02:41 +02:00
Manuel Pégourié-Gonnard
527c1ff71a Generate good/bad padding programmatically
Compared to the previous approach of having the bad padding provided as input
to the testing function, this allows to test more kinds of incorrect data,
with less test cases in the .data file and more important no manually-generated
non-trivial data in the test case parameters, making it much easier to
complete the testing matrix.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-07-07 10:43:37 +02:00
Manuel Pégourié-Gonnard
0ac01a1c59 TLS: Add negative tests for non-EtM CBC decryption
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-07-03 12:49:10 +02:00
Ronald Cron
ac6ae35150 tests: suites: Remove hex in name of variables of type data_t
Remove `hex` in name of variables of type data_t to reserve it
for variables of type char* that are the hexadecimal
representation of a data buffer.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-07-01 17:10:15 +02:00
Manuel Pégourié-Gonnard
9dfcae8b94
Merge pull request #3426 from paul-elliott-arm/resource_leak
Fix for resource leak in test_suite_ssl
2020-06-16 10:00:18 +02:00
Manuel Pégourié-Gonnard
b21b1f5e7c
Merge pull request #3387 from ronald-cron-arm/tests-common-code
Add support to build and link common code in tests
2020-06-15 11:33:19 +02:00
Ronald Cron
6c5bd7fd51 tests: Reformating due to rnd_* renaming
Command to find the files in which lines have gone
larger than 79 characters due to the renaming:

grep '.\{80\}' \
    `git diff-tree --no-commit-id --name-only -r HEAD` \
    | grep "\<mbedtls_test_rnd_"

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-06-12 14:33:08 +02:00
Ronald Cron
351f0eee20 tests: Add mbedtls_test_ prefix to rnd_* symbols
Add mbedtls_test_ prefix to rnd_buf_info and
rnd_pseudo_info types, to rnd_std_rand(),
rnd_zero_rand(), rnd_buffer_rand() and
rnd_pseudo_rand() functions.

Command to change *.function files:
find . -name "*.function" -exec awk -i inplace \
    '{sub(/rnd_(buf_info|pseudo_info|std_rand| \
    zero_rand|buffer_rand|pseudo_rand)/, \
    "mbedtls_test_&")}1' {} \;

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-06-12 14:33:08 +02:00
Ronald Cron
de70b165a4 tests: Add mbedtls_test_ prefix to hexcmp()
Add mbedtls_test_ prefix to hexcmp() test helper
function.

Command to change *.function files:
find . -name "*.function" -exec awk -i inplace \
    '{sub(/hexcmp\>/,"mbedtls_test_&")}1' {} \;

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-06-12 14:33:08 +02:00
Paul Elliott
6f1eda710c Fix for resource leak in test_suite_ssl
Fix for coverity bugs 349041, 349052

Allocated pointers could potentially be leaked in the case of errors.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2020-06-11 20:27:08 +01:00
Paul Elliott
c857044e94 Add min/max version negotiation to unit tests
Add the min/max version negotiation tests from ssl-opt.sh as unit
tests for the sake of utility and easier running of tests during
development

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2020-06-09 17:00:58 +01:00
Janos Follath
bba4c17b7a
Merge pull request #3315 from hanno-arm/tls13-experimental-macro
Add support for TLS 1.3 record protection routines
2020-06-04 15:51:54 +01:00
Manuel Pégourié-Gonnard
d12402ffc0 Fix undeclared deps on MBEDTLS_CTR_DRBG in tests
While at it, declare deps on ENTROPY as well.

A non-regression test will be added in a follow-up commit.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-05-29 11:27:07 +02:00
Hanno Becker
e683287710 Adapt SSL record protection unit test to setup TLS 1.3 transforms
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2020-05-28 10:32:23 +01:00
Hanno Becker
b2713abb8f Enhance record encryption unit tests by checking hidden content type
TLS 1.3 and DTLS 1.2 + CID hide the real content type of a record
within the record's inner plaintext, while always using the same
content type for the protected record:
- TLS 1.3 always uses ApplicationData
- DTLS 1.2 + CID always uses a special CID content type.

This commit enhances the record encryption unit test to check
that the record content type is indeed correctly hidden.

Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2020-05-28 10:32:23 +01:00
Andrzej Kurek
8ea6872889
Improve pointer calculations when resizing I/O buffers
This commit introduces two changes:
- Add in_msg and out_msg calculations for buffer upsizing. This was previously
considered as unnecessary, but renegotiation using certain ciphersuites needs
this.
- Improving the way out_msg and in_msg pointers are calculated, so that even 
if no resizing is introduced, the pointers remain the same;

New tests added:
- various renegotiation schemes with a range of MFL's and ciphersuites;
- an ssl-opt.sh test exercising two things that were problematic: renegotiation
with TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8 and a server MFL that's smaller
than the one negotiated by the client.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2020-04-09 04:33:00 -04:00
Gilles Peskine
5e7d6fd240 Merge 'mbedtls/development' into merge-crypto-unremoved-20200304
Merge the latest state of the target branch (mbedtls/development) into the
pull request to merge mbed-crypto into mbedtls.

Conflicts:

* ChangeLog: add/add conflict. Resolve by using the usual section order.
2020-03-23 18:02:07 +01:00
Gilles Peskine
19e841e19f Fix warning about a potentially initialized variable
The variable drop_len is only used under conditions where it has been
initialized, but this is somewhat fragile and not obvious for a
compiler to see.
2020-03-23 17:55:32 +01:00
Gilles Peskine
eccd888717 Rename identifiers containing double-underscore
Rename identifiers containing double-underscore (`__`) to avoid `__`.
The reason to avoid double-underscore is that all identifiers
containing double-underscore are reserved in C++. Rename all such
identifiers that appear in any public header, including ssl_internal.h
which is in principle private but in practice is installed with the
public headers.

This commit makes check-names.sh pass.

```
perl -i -pe 's/\bMBEDTLS_SSL__ECP_RESTARTABLE\b/MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED/g; s/\bMBEDTLS_KEY_EXCHANGE_(_\w+)_(_\w+)\b/MBEDTLS_KEY_EXCHANGE${1}${2}/g' include/mbedtls/*.h library/*.c programs/*/*.c scripts/data_files/rename-1.3-2.0.txt tests/suites/*.function
```
2020-03-23 17:55:32 +01:00
Piotr Nowicki
438bf3b667 App data with 1/n-1 splitting in test suite
Counting of the fragments has been shifted from the writing section to
the reading. This is more reliable because one reading is made for one
fragment and during one write the library can internally divide data
into two fragments

Signed-off-by: Piotr Nowicki <piotr.nowicki@arm.com>
2020-03-12 16:57:05 +01:00
Jaeden Amero
c31f970a46
Merge pull request #3075 from AndrzejKurek/variable-buffer-size
Variable buffer size
2020-03-10 21:46:35 +04:00
Jaeden Amero
55727c33eb
Merge pull request #3088 from AndrzejKurek/ssl-mocks-coverity
test_suite_ssl: fix coverity issues with uninitialized members
2020-03-09 19:14:47 +04:00
Andrzej Kurek
89bdc580ca
test_suite_ssl: check for errors during queue setup
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2020-03-09 06:31:18 -04:00
Andrzej Kurek
45916ba916
test_suite_ssl: fix coverity issues with uninitialized members
Initialize variables to NULL before doing any operations that might fail.
This fixes a case where the allocation fails on the first context, which 
previously made the code free the second, uninitialized context.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2020-03-05 14:47:01 -05:00
Andrzej Kurek
0afa2a1b65
Add I/O buffer resizing in handshake init and free
Add a conditional buffer resizing feature. Introduce tests exercising
it in various setups (serialization, renegotiation, mfl manipulations).
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2020-03-04 09:28:16 -05:00
Darryl Green
aad82f9bbb
Add variable buffer length tests to all.sh
Exercise the feature alone, with record splitting and DTLS connection ID.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
Signed-off-by: Darryl Green <darryl.green@arm.com>
2020-03-03 10:44:57 -05:00
Piotr Nowicki
bde7ee88a6
Add DTLS handshake fragmentation test
For this test it is good to have a handshake messages length as big as
possible, so for the server the certificate verification mode is
changed from default NONE to REQUIRED. It requires the client to send
certificate date to the server during handshake

Signed-off-by: Piotr Nowicki <piotr.nowicki@arm.com>
2020-02-27 09:31:42 -05:00
Andrzej Kurek
8a6ff15079
test_suite_ssl refactoring: provide default options structure for tests
Create and provide a structure with default options so that the caller won't have
to pass all of the parameters each time the handshake is called. In the future
this can be improved so that the options are passed as a string, just like in
ssl-opt.sh.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2020-02-26 09:10:14 -05:00
Andrzej Kurek
316da1f86e
test_suite_ssl refactoring: merge renegotiation test into handshake
Move the renegotiation test to a shared handshake function to simplify further
addition of tests.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2020-02-26 09:03:47 -05:00
Andrzej Kurek
9e9efdc277
test_suite_ssl refactoring: merge tls & dtls application data tests
Move the app data tests to a shared handshake function to simplify further 
addition of tests.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2020-02-26 09:00:18 -05:00
Piotr Nowicki
95e9eb8d91 Add test for renegotiation in DTLS
Signed-off-by: Piotr Nowicki <piotr.nowicki@arm.com>
2020-02-25 14:15:00 +01:00
Piotr Nowicki
6a7f01c237 Add test with sending application data via DTLS
Signed-off-by: Piotr Nowicki <piotr.nowicki@arm.com>
2020-02-25 14:10:15 +01:00
Andrzej Kurek
da2b67806b
Add a dtls handshake test with context serialization
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2020-02-24 04:56:53 -05:00
Andrzej Kurek
941962eb91 Add DTLS handshake tests for the mocked ssl test suite
Starting with TLS 1.1
2020-02-12 09:18:19 -05:00
Andrzej Kurek
15daf50b05 Parametrize the endpoint init and free to prepare for DTLS tests 2020-02-12 09:17:52 -05:00
Andrzej Kurek
1a44a159ef Change the order of endpoint initialization steps
Wrong order caused the `protected_record_size` to be of wrong size, hence
causing the server to receive a malformed message in case of a DTLS test.
2020-02-10 03:53:49 -05:00
Andrzej Kurek
f46b9128b6 Change test queue errors to SSL_WANT_WRITE and SSL_WANT_READ
Simulate real behavior better, so that higher abstraction layers know when
the buffers are empty and full.
2020-02-10 03:53:49 -05:00
Piotr Nowicki
c3fca5e876 Add tests with sending application data to test_suite_ssl 2020-02-07 09:14:04 +01:00
Andrzej Kurek
cc5169ce32 Add a PSK test to the mocked ssl handshake tests 2020-02-05 07:26:19 -05:00
Andrzej Kurek
f40daa3f05 Add version & ciphersuite tests to ssl handshake
Add tests exercising various protocol versions and ciphersuites
in the mocked ssl handshake.
2020-02-04 09:00:01 -05:00
Andrzej Kurek
b29807413e Refactor certificates and keys in ssl handshake mock tests
Let the caller decide what certificates and keys are loaded (EC/RSA)
instead of loading both for the server, and an unspecified one 
for the client. Use only DER encoding.
2020-02-02 19:25:26 -05:00
Piotr Nowicki
2a1f178d7c Add test for prescribed states of handshake with the custom IO callbacks 2020-01-31 10:06:04 +01:00
Jaeden Amero
79ef1d4e55
Merge pull request #2987 from AndrzejKurek/iotssl-2958-datagram-transport-simulated
Message transport mocks in ssl tests
2020-01-30 10:23:27 +00:00
Piotr Nowicki
d796e19d3b Fix memory allocation fail in TCP mock socket
Because two buffers were aliased too early in the code, it was possible that
after an allocation failure, free() would be called twice for the same pointer.
2020-01-28 13:04:21 +01:00
Piotr Nowicki
890b5ca330 Change non-blocking read/write in TCP mock socket
Previously mocked non-blocking read/write was returning 0 when buffer was empty/full. That was causing ERR_SSL_CONN_EOF error in tests which was using these mocked callbacks. Beside that non-blocking read/write was returning ERR_SSL_WANT_READ/_WRITE depending on block pattern set by test design. Such behavior forced to redesign of these functions so that they could be used in other tests
2020-01-22 14:15:17 +01:00
Piotr Nowicki
fb437d72ef Fix segmentation fault in mbedtls_test_buffer
This error occurs when free space in the buffer is in the middle (the buffer has come full circle) and function mbedtls_test_buffer_put is called. Then the arguments for memcpy are calculated incorrectly and program ends with segmentation fault
2020-01-22 13:25:36 +01:00
Andrzej Kurek
bc483dea84 Add a message-based socket mock connection to the ssl tests
The connection will send/receive full messages.
2020-01-22 06:38:03 -05:00
Andrzej Kurek
13719cdae4 Add a message metadata queue in ssl tests
Add a metadata queue that will be used on top of the ring buffer callbacks.
Add normal and negative tests.
2020-01-22 06:36:39 -05:00
Andrzej Kurek
f7774146b6 ssl test suite: enable dropping bytes from buffer
Add an option to not pass any buffer to mbedtls_test_buffer_get to drop data.
2020-01-22 06:34:59 -05:00
Janos Follath
c673c2cd44 Break up the ssl_mock_tcp unit test
Break the test up to three different tests for the sake of
better readability and maintainability.
2019-12-09 09:10:21 +00:00
Janos Follath
3766ba50de Add non-blocking mock TCP callbacks to SSL tests 2019-12-09 09:10:21 +00:00
Janos Follath
031827feba Add mbedtls_mock_socket to SSL unit tests
In a unit test we want to avoid accessing the network. To test the
handshake in the unit test suite we need to implement a connection
between the server and the client. This socket implementation uses
two ring buffers to mock the transport layer.
2019-12-09 09:10:14 +00:00
Janos Follath
6264e66ba4 Add mbedtls_test_buffer to SSL unit tests
In a unit test we want to avoid accessing the network. To test the
handshake in the unit test suite we need to implement a connection
between the server and the client. This ring buffer implementation will
serve as the said connection.
2019-12-06 07:23:49 +00:00
Hanno Becker
f9b3303eb9 Introduce specific error for ver/cfg mismatch on deserialization
This commit introduces a new SSL error code

  `MBEDTLS_ERR_SSL_VERSION_MISMATCH`

which can be used to indicate operation failure due to a
mismatch of version or configuration.

It is put to use in the implementation of `mbedtls_ssl_session_load()`
to signal the attempt to de-serialize a session which has been serialized
in a build of Mbed TLS using a different version or configuration.
2019-08-23 12:51:21 +03:00
Hanno Becker
fe1275e3fe Improve test for detection of ver/cfg corruption in serialized data
This commit improves the test exercising the behaviour of
session deserialization when facing an unexpected version
or config, by testing ver/cfg corruption at any bit in the
ver/cfg header of the serialized data; previously, it had
only tested the first bit of each byte.
2019-08-23 12:51:21 +03:00
Hanno Becker
363b646dd8 Use US spelling 'serialize' instead of UK spelling 'serialise' 2019-08-23 12:51:21 +03:00
Hanno Becker
bb54d5a3b1 Use consistent spelling of 'serialise/serialize' in SSL test suite 2019-08-23 12:51:21 +03:00
Hanno Becker
861d0bbbf2 Add negative tests for unexpected ver/cfg in session deserialization 2019-08-23 12:51:21 +03:00
Manuel Pégourié-Gonnard
aa75583ced Re-enable test that now works with new format
Previously the test didn't work because of embedded pointer values that
are not predictable. Now it works as we no longer serialize such values.
2019-08-23 12:50:17 +03:00
Manuel Pégourié-Gonnard
ee13a732d6 Fix serialization tests for !SSL_KEEP_PEER_CERT
The chosen fix matches what's currently done in the baremetal branch - except
the `#ifdef` have been adapted because now in baremetal the digest is not kept
if renegotiation is disabled.
2019-08-23 12:48:41 +03:00
Manuel Pégourié-Gonnard
686adb4d54 Normalize spelling to serialiZation
We have explicit recommendations to use US spelling for technical writing, so
let's apply this to code as well for uniformity. (My fingers tend to prefer UK
spelling, so this needs to be fixed in many places.)

sed -i 's/\([Ss]eriali\)s/\1z/g' **/*.[ch] **/*.function **/*.data ChangeLog
2019-08-23 12:48:41 +03:00
Manuel Pégourié-Gonnard
1f6033a479 Fix undeclared dependency on FS_IO in test code
Found by 'all.sh test_no_platform' and by 'tests/scripts/test-ref-configs.pl'.
2019-08-23 12:48:41 +03:00
Manuel Pégourié-Gonnard
220403b954 Fix style issues and typos in test code 2019-08-23 12:48:41 +03:00
Manuel Pégourié-Gonnard
b40799035b Fix another wrong check for errors in test code 2019-08-23 12:48:41 +03:00
Manuel Pégourié-Gonnard
f9deaece43 Add test that save-load is the identity
This test works regardless of the serialisation format and embedded pointers
in it, contrary to the load-save test, though it requires more maintenance of
the test code (sync the member list with the struct definition).
2019-08-23 12:48:41 +03:00
Manuel Pégourié-Gonnard
6b840704c4 Fix populate_session() and its usage in tests
Not checking the return value allowed a bug to go undetected, fix the bug and
check the return value.
2019-08-23 12:48:41 +03:00
Manuel Pégourié-Gonnard
a3d831b9e6 Add test for session_load() from small buffers
This uncovered a bug that led to a double-free (in practice, in general could
be free() on any invalid value): initially the session structure is loaded
with `memcpy()` which copies the previous values of pointers peer_cert and
ticket to heap-allocated buffers (or any other value if the input is
attacker-controlled). Now if we exit before we got a chance to replace those
invalid values with valid ones (for example because the input buffer is too
small, or because the second malloc() failed), then the next call to
session_free() is going to call free() on invalid pointers.

This bug is fixed in this commit by always setting the pointers to NULL right
after they've been read from the serialised state, so that the invalid values
can never be used.

(An alternative would be to NULL-ify them when writing, which was rejected
mostly because we need to do it when reading anyway (as the consequences of
free(invalid) are too severe to take any risk), so doing it when writing as
well is redundant and a waste of code size.)

Also, while thinking about what happens in case of errors, it became apparent
to me that it was bad practice to leave the session structure in an
half-initialised state and rely on the caller to call session_free(), so this
commit also ensures we always clear the structure when loading failed.
2019-08-23 12:48:41 +03:00
Manuel Pégourié-Gonnard
f5fa0aa664 Add test for session_save() on small buffers 2019-08-23 12:48:41 +03:00
Manuel Pégourié-Gonnard
5b1674e0ba Disable test for load-save identity
This test appeared to be passing for the wrong reason, it's actually not
appropriate for the current implementation. The serialised data contains
values of pointers to heap-allocated buffers. There is no reason these should
be identical after a load-save pair. They just happened to be identical when I
first ran the test due to the place of session_free() in the test code and the
fact that the libc's malloc() reused the same buffers. The test no longer
passes if other malloc() implementations are used (for example, when compiling
with asan which avoids re-using the buffer, probably for better error
detection).

So, disable this test for now (we can re-enable it when we changed how
sessions are serialised, which will be done in a future PR, hence the name of
the dummy macro in depends_on). In the next commit we're going to add a test
that save-load is the identity instead - which will be more work in testing as
it will require checking each field manually, but at least is reliable.
2019-08-23 12:48:41 +03:00