Commit graph

8022 commits

Author SHA1 Message Date
Manuel Pégourié-Gonnard
e28397a376
Merge pull request #6938 from aditya-deshpande-arm/check-names-exclusions
check_names.py: Compare identifiers in excluded files against symbols parsed by nm
2023-01-30 09:21:58 +01:00
Manuel Pégourié-Gonnard
169d9e6eb4
Merge pull request #6802 from gilles-peskine-arm/test_suite_psa_crypto_metadata-20221215
Add metadata tests for CCM* and TLS1.2-ECJPAKE-to-PMS
2023-01-27 10:05:00 +01:00
Gilles Peskine
b82977a429
Merge pull request #6962 from davidhorstmann-arm/fix-check-python-errors
Fix check python errors
2023-01-26 21:54:25 +01:00
Gilles Peskine
81505e4a16
Merge pull request #6917 from yanrayw/6658-not-print-Terminated-ubuntu-22.04
Fix the problem of printing "Terminated" in compat.sh under Ubuntu-22.04
2023-01-26 21:53:33 +01:00
David Horstmann
f0c75796be Fix a missing type hint warning
Signed-off-by: David Horstmann <david.horstmann@arm.com>
2023-01-24 18:53:15 +00:00
Manuel Pégourié-Gonnard
00d3e96042
Merge pull request #6855 from mpg/driver-only-ecdsa-starter
Driver-only ECDSA starter
2023-01-24 13:06:17 +01:00
Manuel Pégourié-Gonnard
4455fd2449
Merge pull request #6531 from AndrzejKurek/depends-py-kex-fixes
Depends.py - add exclusive domain tests to key exchange testing
2023-01-24 09:32:05 +01:00
Manuel Pégourié-Gonnard
d84902f4ef Add issue numbers to TODO comments
In the python script I didn't use the word TODO because pylint doesn't
like that, but morally it's the same.

I removed the comment about "do we need a subset of compat.sh?" because
it turns out that `ssl-opt.sh` is already exercising all the key
exchanges:

    % sed -n 's/.*force_ciphersuite=TLS-\([^ ]*\)-WITH.*/\1/p' tests/ssl-opt.sh | sort -u
    DHE-PSK
    DHE-RSA
    ECDH-ECDSA
    ECDHE-ECDSA
    ECDHE-PSK
    ECDHE-RSA
    ECJPAKE
    PSK
    RSA
    RSA-PSK

(the only omission is ECDH-RSA which is not of interest here and does
not actually differ from ECDH-ECDSA). So, we don't need a subset of
compat.sh because we're already getting enough testing from ssl-opt.sh
(not to mention test_suite_ssl).

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-01-23 13:03:13 +01:00
Manuel Pégourié-Gonnard
bc19a0b0d8 Fix missing SHA-224 in test driver build
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-01-23 12:54:24 +01:00
Manuel Pégourié-Gonnard
5a2e02635a Improve a few comments & documentation
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-01-23 12:51:52 +01:00
Andrzej Kurek
98682b50a4 Remove obsolete comment from depends.py
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2023-01-23 06:16:23 -05:00
Janos Follath
3e0769b598
Merge pull request #6832 from daverodgman/fast-unaligned-ct
Improve efficiency of some constant time functions
2023-01-23 10:55:35 +00:00
Dave Rodgman
58c721e894 Add TEST_CF_SECRET to mbedtls_ct_memcpy_if_eq test
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-01-21 11:13:55 +00:00
Dave Rodgman
22b0d1adbf Test memcmp with differences starting after the first byte
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-01-21 10:29:00 +00:00
Dave Rodgman
95ec58cc12 Remove not-needed stdio include from tests
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-01-20 14:04:48 +00:00
Dave Rodgman
39188c0a2a Add unit tests for mbedtls_ct_memcmp and mbedtls_ct_memcpy_if_eq
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-01-20 14:04:48 +00:00
Dave Rodgman
1a034dcc20 Add regression test
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-01-20 13:18:05 +00:00
Dave Rodgman
dc3b1540cd Fix test guards
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-01-20 11:39:00 +00:00
Andrzej Kurek
723b8779f9 Add missing key exchange requirements to test_suite_ssl
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2023-01-19 18:31:00 -05:00
Andrzej Kurek
a86cef32cf Add missing KEX DHE-RSA requirement for one ssl test
This specific cipher is used to test record splitting.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2023-01-19 18:27:57 -05:00
Andrzej Kurek
9113df8c8f Add missing RSA-type dependencies in test_suite_ssl
These tests are not run in development because of the
overlapping !TLS_1_3 requirement and usage of full config.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2023-01-19 18:26:31 -05:00
Gilles Peskine
2566679eb8 Add metadata test case for PSA_ALG_TLS12_ECJPAKE_TO_PMS
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-01-19 12:11:20 +01:00
Gilles Peskine
4db02f2324 Add SECRET input validation test cases for PSA_WANT_ALG_TLS12_ECJPAKE_TO_PMS
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-01-19 12:11:19 +01:00
Gilles Peskine
763ffdd2a6 Add metadata test case for PSA_ALG_CCM_STAR_NO_TAG
The following shell command (requiring GNU grep) looks for algorithms and
key types, as well as IS and GET macros, that lack metadata tests:
```
for x in $(grep -Pho '(?<=^#define )PSA_(ALG|KEY_TYPE)_(?!CATEGORY_|NONE\b|\w+_(BASE|FLAG|MASK|CASE))\w+' include/psa/crypto_values.h include/psa/crypto_extra.h); do grep -qw $x tests/suites/test_suite_psa_crypto_metadata.* || echo $x; done
```

This may have false negatives: it only checks that the constants are
mentioned at least once, not that the tests are written correctly.

This has false positives:
* Types and algorithms that Mbed TLS does not support.
* PSA_ALG_ECDSA_IS_DETERMINISTIC, PSA_ALG_DSA_IS_DETERMINISTIC are peculiar
  auxiliary macros that only apply to very specific algorithms and aren't
  tested like the other IS macros.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-01-19 12:11:19 +01:00
Gilles Peskine
bba2630549 Add ECJPAKE secret input types to psa/crypto_config.h
Add PSA_WANT_KEY_TYPE_PASSWORD and PSA_WANT_KEY_TYPE_PASSWORD_HASH to
psa/crypto_config.h, since the types PSA_KEY_TYPE_PASSWORD and
PSA_KEY_TYPE_PASSWORD_HASH are used by ECJPAKE.

The two key types are always enabled, like PSA_KEY_TYPE_DERIVE.

Add the key types to the metadata test suite as well.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-01-19 12:11:19 +01:00
Gilles Peskine
cafda872f3 Fix documentation
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-01-19 12:11:18 +01:00
Gilles Peskine
0e9e4422ab NotSupported is specifically about key types
Rename NotSupported to KeyTypeNotSupported, because it's only about testing
key management. For algorithms, not-supported is handled by OpFail.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-01-19 12:11:17 +01:00
Ronald Cron
340d4c80af
Merge pull request #6616 from lpy4105/6551-tls13-SessionTicket-kex-change-check
This PR needs some change logs but there is a follow-up PR (issue #6935) that would change the change logs we would had here thus we will do them all while working on #6935.
2023-01-17 16:48:27 +00:00
Andrzej Kurek
714ae6551e Add missing key exchange requirements to test_suite_ssl
Some of the tests use mbedtls_test_cli_key_rsa_der and
mbedtls_test_cli_crt_rsa_der, and these can be used with
specific ciphersuites.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2023-01-17 10:38:11 -05:00
Andrzej Kurek
1ff7336e2c depends.py: enable key exchange tests
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2023-01-17 10:38:10 -05:00
Aditya Deshpande
0584df4131 Minor changes to account for CodeParser.parse_identifiers being used in list_internal_identifiers.py
Signed-off-by: Aditya Deshpande <aditya.deshpande@arm.com>
2023-01-16 16:36:31 +00:00
Dave Rodgman
461b8254d0
Merge pull request #6865 from scop/patch-1
Use `grep -E` instead of `egrep`
2023-01-16 15:21:24 +00:00
Aditya Deshpande
dd8ac67792 Update check_names.py so that identifiers in excluded files are still compared against the output of nm.
This fixes the issue where excluding a file containing identifiers from checks would cause check_symbols_in_header to fail.

Signed-off-by: Aditya Deshpande <aditya.deshpande@arm.com>
2023-01-16 14:57:48 +00:00
Pengyu Lv
2bfd716293 simplify test case dependencies and test commands
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-01-16 13:44:10 +08:00
Tom Cosgrove
fc0e79e70f Have compat.sh and ssl-opt.sh not return success for > 255 errors
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2023-01-13 12:13:41 +00:00
Yanray Wang
128859725a Redirect stdout/stderr to SRV_OUT
Under Ubuntu-22.04, wait command prints out Terminated message.
Therefore server process is handled with identical ways like other
processes in compat.sh. In addition, PROCESS_ID is renamed as
SRV_PID to improve code readability.

Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-01-13 11:58:11 +08:00
Yanray Wang
05f940b255 Remove Terminated message from stdout
Under Ubuntu-22.04, wait command prints out Terminated message
if the process has been killed by kill command. This messes up
the output in compat.sh

Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-01-13 11:54:59 +08:00
Pengyu Lv
c1334d934c correct test case dependencies
Now the config dependencies used for ticket_flags
test cases are TLS 1.2 specified. Correct them to
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_*

Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-01-13 11:06:01 +08:00
Pengyu Lv
06cf66d2ab unroll test cases to improve coverage of check_test_cases in all.sh
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-01-13 11:05:58 +08:00
Pengyu Lv
302feb3955 add cases to test session resumption with different ticket_flags
This commit add test cases to test if the check of kex change mode
in SessionTicket works well.

Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-01-13 11:05:56 +08:00
Dave Rodgman
378ecdd859 Rename VS2010 directory to VS2013 and update Makefiles etc
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-01-11 18:56:11 +00:00
Gilles Peskine
c848d226bf Switch code style check to enforcement mode
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-01-11 14:50:14 +01:00
Gilles Peskine
449bd8303e Switch to the new code style
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-01-11 14:50:10 +01:00
Gilles Peskine
c55c343670
Merge pull request #6884 from gilles-peskine-arm/check-files-unicode
Reject bad characters in source code
2023-01-11 13:46:59 +01:00
Ronald Cron
83c5ad4873
Merge pull request #6787 from yuhaoth/pr/workaround-gnutls_anti_replay_fail
TLS 1.3: EarlyData: Workaround anti replay fail from GnuTLS
2023-01-11 09:05:36 +01:00
Gilles Peskine
3900bddd77
Merge pull request #6823 from mpg/unify-openssl-variables
Use OPENSSL everywhere, not OPENSSL_CMD
2023-01-10 22:10:19 +01:00
Manuel Pégourié-Gonnard
28d4d43416
Merge pull request #6863 from valeriosetti/issue6830
Remove uses of mbedtls_ecp_curve_info in TLS (with USE_PSA)
2023-01-10 10:01:17 +01:00
Manuel Pégourié-Gonnard
6e666c2e79 Remove obsolete comment
Was explaining why we didn't use the OPENSSL name, but we are using it
now...

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-01-10 09:38:58 +01:00
Manuel Pégourié-Gonnard
3368724ade
Merge pull request #6870 from valeriosetti/issue6831
Document/test dependencies on ECP & Bignum
2023-01-10 09:25:41 +01:00
Valerio Setti
2c12185b88 test: fix dependencies on function and data files
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2023-01-09 18:00:39 +01:00