Commit graph

203 commits

Author SHA1 Message Date
Gilles Peskine
b85b20dfdc Revert "tests: Add a crypto prefix to submodule tests"
This reverts commit b478bb6ddb.

Conflicts:
* tests/CMakeLists.txt: revert the introduction of exe_name, but keep
  the addition of ${CMAKE_SOURCE_DIR}/crypto/library/ to
  target_include_directories.
2020-03-19 14:13:13 +01:00
Gilles Peskine
6bbe783908 Revert "Remove pkcs11-helper option"
This reverts commit d832f187f7.

Conflicts:
* CMakeLists.txt:
  * USE_PKCS11_HELPER_LIBRARY: there has been a change immediately before
    where it was removed. Just re-add what was removed.
* tests/CMakeLists.txt:
  * USE_PKCS11_HELPER_LIBRARY: there has been a change immediately before
    where it was removed. Just re-add what was removed.
2020-03-19 14:07:55 +01:00
Gilles Peskine
5bb8bec1de Revert "Remove zlib"
This reverts commit d874a1fd14.

Conflicts:
* CMakeLists.txt:
  * ENABLE_ZLIB_SUPPORT: there has been a change immediately after
    where it was removed. Just re-add what was removed.
* tests/CMakeLists.txt:
  * ENABLE_ZLIB_SUPPORT: there has been a change immediately after
    where it was removed. Just re-add what was removed.
2020-03-19 14:07:55 +01:00
Gilles Peskine
4fa9f9f744 Revert "programs, tests: Depend only on libmbedcrypto"
This reverts commit 986a15199d.
2020-03-19 14:07:55 +01:00
Gilles Peskine
ea82042ff6 cmake: update interpreter requirement for the test suite generator
The test suite generator has been a Python script for a long time,
but tests/CMakeLists.txt still looked for Perl. The reference to
PYTHON_INTERP only worked due to a call to find_package(PythonInterp)
in the toplevel CMakeLists.txt, and cmake would not have printed the
expected error message if python was not available.
2019-11-13 14:33:34 +00:00
Gilles Peskine
00ed2e1986 cmake: update interpreter requirement for the test suite generator
The test suite generator has been a Python script for a long time,
but tests/CMakeLists.txt still looked for Perl. The reference to
PYTHON_INTERP only worked due to a call to find_package(PythonInterp)
in the toplevel CMakeLists.txt, and cmake would not have printed the
expected error message if python was not available.
2019-09-13 11:04:24 +02:00
Gilles Peskine
27d806fab4 Add ASN.1 parsing tests
Add self-contained ASN.1 parsing tests, so that ASN.1 parsing is not
solely tested through X.509 and TLS.

The tests cover every function and almost complete line coverage in
asn1parse.c.

A few test cases containing negative and edge case INTEGER values are
deliberately deactivated because the historical library behavior is at
odds with official specifications, but changing the behavior might
break interoperability.

Other than that, these tests revealed a couple of minor bugs which
will be fixed in subsequent commits.
2019-09-11 15:46:44 +02:00
Unknown
c9ad5910aa crypto_se_driver: add mock tests
Mock key importing and exporting
2019-08-21 16:56:16 +01:00
Gilles Peskine
72c8c5b352 Merge remote-tracking branch 'upstream-crypto/development' into psa-api-1.0-beta-merge_development_20190801
Conflict resolution:
* `scripts/config.pl`:
  Take the exclusion of `MBEDTLS_PSA_CRYPTO_SE_C` from the API branch.
  Take the removal of `MBEDTLS_PSA_CRYPTO_STORAGE_ITS_C` (obsolete) from
  the development branch.
* `tests/scripts/all.sh`:
  Multiple instances of factoring a sequence of `config.pl` calls into
  a mere `config.pl baremetal` in the development branch, and a change in
  the composition of `baremetal` in the API branch. In each case, take the
  version from development.
* `tests/suites/test_suite_psa_crypto_slot_management.function`:
  A function became non-static in development and disappeared in the API
  branch. Keep the version from the API branch. Functions need to be
  non-static if they're defined but unused in some configurations,
  which is not the case for any function in this file at the moment.
* `tests/suites/test_suite_psa_crypto.function`:
  Consecutive changes in the two branches, reconciled.
2019-07-31 17:47:49 +02:00
Jaeden Amero
77dd25d98f tests: Enable building with add_subdirectory()
When building Mbed Crypto when including it via CMake's
`add_subdirectory()`, the tests are also built by default. This means
all headers the tests need must be public, in order for the build of the
tests to have access to the headers.
2019-06-26 12:46:53 +01:00
Ashley Duncan
d85a7e9b09 Remove use of CMAKE_SOURCE_DIR
Remove use of CMAKE_SOURCE_DIR in case mbedtls is built from within
another CMake project. Define MBEDTLS_DIR to ${CMAKE_CURRENT_SOURCE_DIR}
in the main CMakeLists.txt file and refer to that when defining target
include paths to enable mbedtls to be built as a sub project.

Fixes https://github.com/ARMmbed/mbedtls/issues/2609

Signed-off-by: Ashley Duncan <ashes.man@gmail.com>
Signed-off-by: Jaeden Amero <jaeden.amero@arm.com>
2019-06-26 12:46:53 +01:00
Gilles Peskine
2c2243dc0b Smoke test for secure element driver registration 2019-06-24 14:29:28 +02:00
Andrzej Kurek
4a71cfa39f Add a link to the seedfile for out-of-tree cmake builds 2019-05-23 03:01:35 -04:00
Andrzej Kurek
346747cd24 Force the usage of crypto submodule
Remove all.sh tests exercising the optional usage of submodule
2019-05-23 03:01:35 -04:00
Andrzej Kurek
d8cf464f7d Add a link to the seedfile for out-of-tree cmake builds 2019-05-06 07:24:02 -04:00
Jaeden Amero
986a15199d programs, tests: Depend only on libmbedcrypto
Update the tests and programs to depend only on libmbedcrypto, since
we'll soon only build libmbedcrypto.
2019-04-25 11:46:21 +01:00
Jaeden Amero
d874a1fd14 Remove zlib
The library no longer uses zlib, so we can remove the option to build
with zlib.
2019-04-18 10:32:56 +01:00
Jaeden Amero
d832f187f7 Remove pkcs11-helper option
In preparation for removing X.509 and PKCS11 from Mbed Crypto, remove
pkcs11-helper. It won't be relevant after X.509 and PKCS11 are removed.
2019-04-18 10:32:56 +01:00
Jaeden Amero
521dbc67da Merge remote-tracking branch 'tls/development' into development
Merge Mbed TLS at f790a6cbee into Mbed Crypto.

Resolve conflicts by performing the following:
    - Reject changes to README.md
    - Don't add crypto as a submodule
    - Remove test/ssl_cert_test from programs/Makefile
    - Add cipher.nist_kw test to tests/CMakeLists.txt
    - Reject removal of crypto-specific all.sh tests
    - Reject update to SSL-specific portion of component_test_valgrind
      in all.sh
    - Reject addition of ssl-opt.sh testing to component_test_m32_o1 in
      all.sh

* tls/development: (87 commits)
  Call mbedtls_cipher_free() to reset a cipher context
  Don't call mbedtls_cipher_setkey twice
  Update crypto submodule
  Minor fixes in get certificate policies oid test
  Add certificate policy oid x509 extension
  cpp_dummy_build: Add missing header psa_util.h
  Clarify comment mangled by an earlier refactoring
  Add an "out-of-box" component
  Run ssl-opt.sh on 32-bit runtime
  Don't use debug level 1 for informational messages
  Skip uncritical unsupported extensions
  Give credit to OSS-Fuzz for #2404
  all.sh: remove component_test_new_ecdh_context
  Remove crypto-only related components from all.sh
  Remove ssl_cert_test sample app
  Make CRT callback tests more robust
  Rename constant in client2.c
  Document and test flags in x509_verify
  Fix style issues and a typo
  Fix a rebase error
  ...
2019-04-17 12:12:24 +01:00
Jack Lloyd
274024f3d5 Fix a rebase error 2019-04-04 07:59:41 -07:00
Jack Lloyd
ffdf28851d Add NIST keywrap as a cipher mode
Closes #2003 see also #1658
2019-04-02 10:02:55 -07:00
Jaeden Amero
c70a3c76bf Merge remote-tracking branch 'tls/development' into development
Resolve conflicts actions:
 - Reject path changes to config.h
 - Reject submodule-related changes in build scripts (Makefile,
   CMakeLists.txt)
 - Add oid test suite to list of tests in tests/CMakeLists.txt,
   rejecting any test filtering related changes (which TLS uses to avoid
   duplicating crypto tests)
 - Add legacy ECDH test to all.sh without including
   all.sh tests that depend on SSL
2019-03-28 16:02:25 +00:00
Jaeden Amero
c73fde725b Merge remote-tracking branch 'origin/pr/2531' into development
Ensure tests pass when the submodule is used by updating the list of
crypto tests to include test_suite_oid in both tests/CMakeLists.txt and
tests/Makefile.

* origin/pr/2531:
  Add changeLog entry
  Add certificate policy of type any policy id
2019-03-27 16:52:08 +00:00
Ron Eldor
11ee07191f Add certificate policy of type any policy id
Add a function for getting the certificate policy. Currently only
"Any Policy" is supported.
2019-03-26 14:41:07 +02:00
Jaeden Amero
0a504c02f6 tests: Add library to include path when used as submodule
Some tests use internal-only header files, which are stored in the
'library' folder, and therefore need the library folder passed in on the
include path. For non-submoudle builds, this is set globally in the
top-level CMakeLists.txt file. For submodule builds, this is set through
target includes to a path only meaningful when Mbed Crypto is built as a
submodule.
2019-03-15 15:47:17 +00:00
Gilles Peskine
e435f23019 Remove psa_crypto_storage_file
Now that we have ITS over files, we no longer need a direct backend
for key storage over files. Remove psa_crypto_storage_file and its
tests.

Switch MBEDTLS_PSA_CRYPTO_STORAGE_ITS_C and MBEDTLS_PSA_ITS_FILE_C on
by default. This preserves functionality and test coverage in the
default configuration, but forgets any key previously stored using the
file backend.
2019-03-15 11:14:51 +01:00
Gilles Peskine
bc1f272750 Tests for PSA ITS over files 2019-03-15 11:14:29 +01:00
Jaeden Amero
b78b300b2e tests: Test crypto via the crypto submodule
Test the crypto implementation via tests from the Mbed Crypto submodule
instead of at the Mbed TLS top level.

The version test is the only test that is tested from both TLS and
Crypto, despite being entirely in libmbedcrypto. This is because the
test data is code-gen'd from the version updating script and the version
between Mbed TLS and Mbed Crypto don't necessarily always agree. The
test data must come from the top level module, as only the top level
module will have test data that matches the expected version.
2019-03-13 13:39:23 +00:00
Jaeden Amero
b478bb6ddb tests: Add a crypto prefix to submodule tests
Prepend ".crypto" to tests that came from the crypto submodule. This
allows, when this project is used as a submodule, for tests with names
the same between the parent and this project when used as a submodule to
both be built and run.
2019-03-11 16:51:37 +00:00
Jaeden Amero
1264c2a86f tests: Exclude version suite when used as a submodule
The version test suite is duplicated between Mbed TLS and Mbed Crypto.
Use TLS's copy and not Crypto's copy when Crypto is used as a submodule
of TLS.

The version test is the only test that is tested from both TLS and
Crypto, despite being entirely in libmbedcrypto. This is because the
test data is code-gen'd from the version updating script and the version
between Mbed TLS and Mbed Crypto don't necessarily always agree. The
test data must come from the top level module, as only the top level
module will have test data that matches the expected version.
2019-03-11 16:50:30 +00:00
Jaeden Amero
120d571e8e tests: Use parent module includes when used as a submodule
For Makefiles, enable overriding where includes can come from in order
to enable the parent module to set the include path. This allows the
parent module to specify that its config.h should be used, even when the
submodule when built standalone would use a different config.h.

For CMake, always look in the parent's include folder and our own. List
the parent's include folder first, so that preference is given to parent
include files.
2019-03-11 16:50:25 +00:00
Jaeden Amero
9afb2e9921 Remove tests that depend on TLS or X.509 2019-03-11 16:49:26 +00:00
Jaeden Amero
2b9eb0bd6c Merge remote-tracking branch 'tls/development' into development
* origin/development: (113 commits)
  Update query_config.c
  Fix failure in SSLv3 per-version suites test
  Adjust DES exclude lists in test scripts
  Clarify 3DES changes in ChangeLog
  Fix documentation for 3DES removal
  Exclude 3DES tests in test scripts
  Fix wording of ChangeLog and 3DES_REMOVE docs
  Reduce priority of 3DES ciphersuites
  Fix unused variable warning in ssl_parse_certificate_coordinate()
  Update the crypto submodule to a78c958
  Fix ChangeLog entry to correct release version
  Fix typo in x509write test data
  Add ChangeLog entry for unused bits in bitstrings
  Improve docs for named bitstrings and their usage
  Add tests for (named) bitstring to suite_asn1write
  Add new function mbedtls_asn1_write_named_bitstring()
  Add missing compile time guard in ssl_client2
  Update programs/ssl/query_config.c
  ssl_client2: Reset peer CRT info string on reconnect
  Add further debug statements on assertion failures
  ...
2019-03-07 12:02:18 +00:00
Jaeden Amero
41e1986ed0 Merge remote-tracking branch 'origin/pr/2293' into development
* origin/pr/2293:
  Declare test_suite_aes.ofb to CMake
  Add a facility to skip running some test suites
  run-test-suites: update the documentation
2019-03-05 16:30:37 +00:00
Jaeden Amero
67ea2c5e6d Merge branch 'development-psa-proposed' into development
Resolve conflicts by performing the following.

- Take the upstream Mbed TLS ChangeLog verbatim.
- Reject changes to Makefiles and CMake that are related to using Mbed
  Crypto as a submodule. It doesn't make sense to use Mbed Crypto as a
  submodule of itself.
- Reject README changes, as Mbed Crypto has its own, different README.
- Reject PSA-related changes to config.h. We don't want to disable the
  availability of the PSA Crypto API by default in the Mbed Crypto
  config.h.
- Don't inadvertently revert dead code removal in
  mbedtls_cipher_write_tag() which was added in f2a7529403 ("Fix
  double return statement in cipher.c")
- Where Mbed Crypto already had some MBEDTLS_USE_PSA_CRYPTO code (from
  past companion PRs) take the latest version from Mbed TLS which
  includes integration with MBEDTLS_CHECK_PARAMS.
- Update the version of the shared library files to match what's
  currently present in Mbed TLS.
- Reject removal of testing with PSA from config full tests.
- Resolve conflicts in test tests/suites/helpers.function, where both
  Mbed Crypto and Mbed TLS both added documentation for TEST_ASSERT.
  Combine text from both documentation efforts.
- Reject adding a submodule of ourselves.
- Reject addition of submodule tests in all.sh.
- Reject addition of submodule to library path in
  tests/scripts/run-test-suites.pl.
- Avoid using USE_CRYPTO_SUBMODULE=1 in
  component_test_use_psa_crypto_full_cmake_asan() in all.sh.
2019-02-14 15:58:43 +00:00
Andrzej Kurek
c470b6b021 Merge development commit 8e76332 into development-psa
Additional changes to temporarily enable running tests:
ssl_srv.c and test_suite_ecdh use mbedtls_ecp_group_load instead of
mbedtls_ecdh_setup
test_suite_ctr_drbg uses mbedtls_ctr_drbg_update instead of 
mbedtls_ctr_drbg_update_ret
2019-01-31 08:20:20 -05:00
Gilles Peskine
6a78573088 CMake: psa_constant_names and test_psa_constant_names
Build and install psa_constant_names.

Make sure that test_psa_constant_names passes in an out-of-tree build.
2019-01-29 16:08:46 +00:00
Simon Butcher
1efda39f8a Merge remote-tracking branch 'public/pr/2297' into development 2018-12-20 12:16:29 +00:00
Krzysztof Stachowiak
e0215d7869 Add Cipher module parameter validation 2018-12-19 17:34:13 +01:00
k-stachowiak
8ffc92a1e8 Add parameter validation for the GCM module 2018-12-19 17:30:38 +01:00
Gilles Peskine
c8fff7b2e7 Declare test_suite_aes.ofb to CMake 2018-12-14 18:30:41 +01:00
Gilles Peskine
ac372cc687 Add a facility to skip running some test suites
With the build option SKIP_TEST_SUITES=..., the specified test suites
are built, but skipped when running tests. Usage:
    make check SKIP_TEST_SUITES=timing,gcm
or
    cmake -D SKIP_TEST_SUITES=timing,gcm ...

The list can be separated by any of space, comma or semicolon, and each
element can be a regular expression in ERE syntax except that "." stands
for itself. Skipping "foo" skips not only "foo" itself but also
any "foo.bar", but does not skip "foobar".
2018-12-14 18:29:28 +01:00
Gilles Peskine
5ec7b078ea Add tests for the new slot management mechanism
Add unit tests for handle allocation and release.
2018-12-11 16:48:12 +01:00
Gilles Peskine
b309eec4a5 Move library initialization tests to a new test suite 2018-11-22 13:41:38 +01:00
Netanel Gonen
9468bb241c Add Tests for psa crypto entropy incjection 2018-11-21 16:23:41 +02:00
Darryl Green
d49a499d03 psa: Implement persistent keys
Allow use of persistent keys, including configuring them, importing and
exporting them, and destroying them.

When getting a slot using psa_get_key_slot, there are 3 scenarios that
can occur if the keys lifetime is persistent:

1. Key type is PSA_KEY_TYPE_NONE, no persistent storage entry:
   -  The key slot is treated as a standard empty key slot
2. Key type is PSA_KEY_TYPE_NONE, persistent storage entry exists:
   -  Attempt to load the key from persistent storage
3. Key type is not PSA_KEY_TYPE_NONE:
   -  As checking persistent storage on every use of the key could
      be expensive, the persistent key is assumed to be saved in
      persistent storage, the in-memory key is continued to be used.
2018-11-20 15:40:25 +00:00
Darryl Green
db2b8db715 psa: Add storage implementation for files
Add new functions, psa_load_persistent_key(),
psa_free_persistent_key_data(), and psa_save_persistent_key(), for
managing persistent keys. These functions load to or save from our
internal representation of key slots. Serialization is a concern of the
storage backend implementation and doesn't abstraction-leak into the
lifetime management code.

An initial implementation for files is provided. Additional storage
backends can implement this interface for other storage types.
2018-11-20 15:21:22 +00:00
itayzafrir
02d6295e53 Move positive hash tests into a new test suite
Move hash_finish, hash_verify and hash_multi_part to a
new test suite test_suite_psa_crypto_hash.
2018-11-05 18:36:05 +02:00
Gilles Peskine
6dee5c9649 Add test_suite_psa_crypto_metadata to cmake builds
This test suite was run by make builds, but I had forgotten to add it
to CMakeLists.txt.
2018-10-22 19:37:04 +02:00
Moran Peker
b4d0ddd2d3 psa_export_public_key 2018-09-05 12:13:20 +03:00
Azim Khan
63ab501aa7 Fix generate_test_code.py argument --helpers-file in CMakeLists.txt 2018-08-06 11:42:56 +01:00
Mohammad Azim Khan
78befd9019 Rename generate_code.py -> generate_test_code.py 2018-08-06 11:40:58 +01:00
Mohammad Azim Khan
9540261a76 Incorporated code review comments 2018-08-06 11:40:58 +01:00
Mohammad Azim Khan
8c4d5ba763 Update CMakeList.txt with new test suites code generator 2018-08-06 11:40:57 +01:00
Simon Butcher
2c92949e0a Merge remote-tracking branch 'public/pr/1198' into development 2018-07-24 17:20:17 +01:00
Ron Eldor
8dd03cd1aa Add tests for the nist key wrapping feature
Add tests for Key wrapping.
Test vectors taken from the standards.
2018-07-24 16:43:20 +01:00
Nicholas Wilson
61fa436ad3 Address review comments - tidy usage of macros to use minimal values 2018-06-28 17:09:21 +01:00
Nicholas Wilson
2682edf205 Fix build using -std=c99
In each place where POSIX/GNU functions are used, the file must declare
that it wants POSIX functionality before including any system headers.
2018-06-25 12:00:26 +01:00
Manuel Pégourié-Gonnard
0dadba2b58 Merge branch 'development' into iotssl-2257-chacha-poly-primitives
* development: (182 commits)
  Change the library version to 2.11.0
  Fix version in ChangeLog for fix for #552
  Add ChangeLog entry for clang version fix. Issue #1072
  Compilation warning fixes on 32b platfrom with IAR
  Revert "Turn on MBEDTLS_SSL_ASYNC_PRIVATE by default"
  Fix for missing len var when XTS config'd and CTR not
  ssl_server2: handle mbedtls_x509_dn_gets failure
  Fix harmless use of uninitialized memory in ssl_parse_encrypted_pms
  SSL async tests: add a few test cases for error in decrypt
  Fix memory leak in ssl_server2 with SNI + async callback
  SNI + SSL async callback: make all keys async
  ssl_async_resume: free the operation context on error
  ssl_server2: get op_name from context in ssl_async_resume as well
  Clarify "as directed here" in SSL async callback documentation
  SSL async callbacks documentation: clarify resource cleanup
  Async callback: use mbedtls_pk_check_pair to compare keys
  Rename mbedtls_ssl_async_{get,set}_data for clarity
  Fix copypasta in the async callback documentation
  SSL async callback: cert is not always from mbedtls_ssl_conf_own_cert
  ssl_async_set_key: detect if ctx->slots overflows
  ...
2018-06-19 11:13:50 +02:00
Jaeden Amero
e9ecf00007 aes: Remove AES-XEX
AES-XEX is a building block for other cryptographic standards and not yet a
standard in and of itself. We'll just provide the standardized AES-XTS
algorithm, and not AES-XEX. The AES-XTS algorithm and interface provided
can be used to perform the AES-XEX algorithm when the length of the input
is a multiple of the AES block size.
2018-06-13 12:03:29 +01:00
Aorimn
5f77801ac3 Implement AES-XTS mode
XTS mode is fully known as "xor-encrypt-xor with ciphertext-stealing".
This is the generalization of the XEX mode.
This implementation is limited to an 8-bits (1 byte) boundary, which
doesn't seem to be what was thought considering some test vectors [1].

This commit comes with tests, extracted from [1], and benchmarks.
Although, benchmarks aren't really nice here, as they work with a buffer
of a multiple of 16 bytes, which isn't a challenge for XTS compared to
XEX.

[1] http://csrc.nist.gov/groups/STM/cavp/documents/aes/XTSTestVectors.zip
2018-06-13 12:03:27 +01:00
Aorimn
fb67fae83a Add AES-XEX tests cases
The test cases come from the XTS test vectors given by the CAVP initiative
from NIST (see [1]).
As mentioned in a previous commit, XEX is a simpler case of XTS.
Therefore, to construct the test_suite_aes.xex.data file, extraction of
the XEX-possible cases has been done on the given test vectors.
All of the extracted test vectors pass the tests on a Linux x86_64 machine.

[1] http://csrc.nist.gov/groups/STM/cavp/documents/aes/XTSTestVectors.zip
2018-06-13 12:01:50 +01:00
Simon Butcher
e47d6fd97e Merge remote-tracking branch 'public/pr/1497' into development 2018-06-12 16:53:04 +01:00
Thomas Fossati
656864b360 Add an HKDF (RFC 5869) implementation 2018-06-11 13:10:14 +01:00
Manuel Pégourié-Gonnard
39b1904b9f Merge branch 'development' into iotssl-2257-chacha-poly-primitives
* development: (97 commits)
  Updated version number to 2.10.0 for release
  Add a disabled CMAC define in the no-entropy configuration
  Adapt the ARIA test cases for new ECB function
  Fix file permissions for ssl.h
  Add ChangeLog entry for PR#1651
  Fix MicroBlaze register typo.
  Fix typo in doc and copy missing warning
  Fix edit mistake in cipher_wrap.c
  Update CTR doc for the 64-bit block cipher
  Update CTR doc for other 128-bit block ciphers
  Slightly tune ARIA CTR documentation
  Remove double declaration of mbedtls_ssl_list_ciphersuites
  Update CTR documentation
  Use zeroize function from new platform_util
  Move to new header style for ALT implementations
  Add ifdef for selftest in header file
  Fix typo in comments
  Use more appropriate type for local variable
  Remove useless parameter from function
  Wipe sensitive info from the stack
  ...
2018-06-07 12:02:55 +02:00
Simon Butcher
246cb05a92 Merge remote-tracking branch 'public/pr/1410' into development 2018-06-01 19:25:56 +01:00
Manuel Pégourié-Gonnard
dca3a5d884 Rename aead_chacha20_poly1305 to chachapoly
While the old name is explicit and aligned with the RFC, it's also very long,
so with the mbedtls_ prefix prepended we get a 31-char prefix to each
identifier, which quickly conflicts with our 80-column policy.

The new name is shorter, it's what a lot of people use when speaking about
that construction anyway, and hopefully should not introduce confusion at
it seems unlikely that variants other than 20/1305 be standardised in the
foreseeable future.
2018-05-24 13:37:31 +02:00
Daniel King
8fe4701abe Add ChaCha20+Poly1305 to the Cipher module 2018-05-24 13:37:31 +02:00
Daniel King
b8025c5826 Implement AEAD-ChaCha20-Poly1305.
This implementation is based off the description in RFC 7539.

The ChaCha20 code is also updated to provide a means of generating
keystream blocks with arbitrary counter values. This is used to
generated the one-time Poly1305 key in the AEAD construction.
2018-05-24 13:37:31 +02:00
Daniel King
adc32c0b50 Add Poly1305 authenticator algorithm (RFC 7539)
Test vectors are included from RFC 7539.

Poly1305 is also added to the benchmark program.
2018-05-24 13:37:31 +02:00
Daniel King
bd92062269 Add ChaCha20 to the Cipher module 2018-05-24 13:37:31 +02:00
Daniel King
34b822ce7b Initial implementation of ChaCha20 2018-05-24 13:37:31 +02:00
Gilles Peskine
8405257035 Support out-of-tree testing with CMake
Create extra symbolic links with CMake so that SSL testing (ssl-opt.sh
and compat.sh) works in out-of-tree builds.
2018-03-21 12:28:59 +01:00
Manuel Pégourié-Gonnard
442f03b9e1 cmake: keep test list in alphabetic order 2018-02-27 12:39:12 +01:00
Markku-Juhani O. Saarinen
8df81e029f Test suite for ARIA 2018-02-27 12:39:12 +01:00
Ron Eldor
f3612483cc Support verbose output of the test suites
generate add ctest test-suites, with the --verbose argument to be given
to the test suites.
The verbose output will be shown **only** if ctest is run with `-v` parameter
The verbose argument is to the test-suites, only when run through `ctest`
2017-06-25 11:24:18 +03:00
Simon B
d473c1f359 Remove need for elevated command line in Windows
Changes use of mklink in Windows test builds, to create junctions instead of
directory symbolic links. This removes the need for an elevated command prompt
when running cmake to create the Visual Studio project files.
2016-11-17 16:04:33 +00:00
Simon B
9b3e3c4942 Fix config of compiler warning flags with MSVC
Compiler warnings were being configured twice and not suppressed on the
test suites with Microsoft Visual Studio.
2016-11-10 15:37:33 +00:00
Simon Butcher
53da6ae842 Add CMAC test suite to CMakeLists.txt 2016-10-11 12:25:04 +01:00
Paul Bakker
50157ff5ab Add new timing test suite that runs the timing self test 2016-08-25 16:36:35 +01:00
Simon Butcher
c21bec8af4 Merge branch 'development' 2016-05-16 16:15:20 +01:00
Janos Follath
8a49a019b0 Add tests for the bug IOTSSL-619.
The main goal with these tests is to test the bug in question and
they are not meant to test the entire PKCS#1 v1.5 behaviour. To
achieve full test coverage, further test cases are needed.
2016-03-09 21:06:19 +00:00
Nicholas Wilson
733676b978 Allow test suites to be run on Windows
For a start, they don't even compile with Visual Studio due to strcasecmp
being missing.  Secondly, on Windows Perl scripts aren't executable and have
to be run using the Perl interpreter directly; thankfully CMake is able to
find cygwin Perl straight away without problems.
2015-11-14 13:09:01 +00:00
Manuel Pégourié-Gonnard
4d8685b4ff Add skeleton for EC J-PAKE module 2015-09-07 12:43:09 +02:00
Manuel Pégourié-Gonnard
89eb1970e9 mklink needs /d for directories 2015-07-08 21:39:43 +01:00
Manuel Pégourié-Gonnard
3083053dd2 More cmake for windows tune-ups 2015-07-01 17:06:28 +02:00
Manuel Pégourié-Gonnard
7e2d68c1b2 cmake: -W flags only for GCC and Clang 2015-07-01 13:41:35 +02:00
Manuel Pégourié-Gonnard
216a1831de Fix whitespace in CMakeLists.txt
- all spaces no tabs
- indent with 4 spaces everywhere
2015-06-25 10:59:57 +02:00
Manuel Pégourié-Gonnard
ec4a339c2a Remove tests for xxx_hmac() 2015-03-25 21:37:15 +01:00
Manuel Pégourié-Gonnard
b6b16bddc3 Drop pbkdf2 module (superseded by pkcs5) 2015-03-11 11:31:51 +00:00
Manuel Pégourié-Gonnard
2a0718d947 Merge branch 'development' into dtls
* development: (46 commits)
  Fix url again
  Fix small bug in base64_encode()
  Fix depend that was checked but not documented
  Fix dependency that was not checked
  Minor gitginore fixes
  Move some ignore patterns to subdirectories
  Ignore CMake/MSVC-related build files.
  Re-categorize changelog entry
  Fix misattribution
  Minor nits with stdout/stderr.
  Add cmake compatibility targets
  Add script for polarssl symlink creation
  Fix more stdio inclusion issues
  Add debug info for cert/suite selection
  Fix possible portability issue
  Fix bug in ssl_get_verify_result()
  aescrypt2.c local char array not initial
  Update Changelog
  Fix mips64 bignum implementation
  Fix usage string of ssl_client2
  ...

Conflicts:
	include/polarssl/ssl.h
	library/CMakeLists.txt
	library/Makefile
	programs/Makefile
	programs/ssl/ssl_client2.c
	programs/ssl/ssl_server2.c
	visualc/VS2010/PolarSSL.sln
	visualc/VS2010/mbedTLS.vcxproj
	visualc/VS6/mbedtls.dsp
	visualc/VS6/mbedtls.dsw
2015-01-29 11:29:12 +00:00
Manuel Pégourié-Gonnard
9014b6f227 Rename project in CMake
TODO: to create symlinks to the old names!
2015-01-27 15:44:46 +00:00
Manuel Pégourié-Gonnard
edb7ed3a43 Merge commit 'd7e2483' into dtls
* commit 'd7e2483': (57 commits)
  Skip signature_algorithms ext if PSK only
  Fix bug in ssl_client2 reconnect option
  Cosmetics in ssl_server2
  Improve debugging message.
  Fix net_usleep for durations greater than 1 second
  Use pk_load_file() in X509
  Create ticket keys only if enabled
  Fix typo in #ifdef
  Clarify documentation a bit
  Fix comment on resumption
  Update comment from draft to RFC
  Use more #ifdef's on CLI_C and SRV_C in ssl_tls.c
  Add recursion.pl to all.sh
  Allow x509_crt_verify_child() in recursion.pl
  Set a compile-time limit to X.509 chain length
  Fix 3DES -> DES in all.sh (+ time estimates)
  Add curves.pl to all.sh
  Rework all.sh to use MSan instead of valgrind
  Fix depends on individual curves in tests
  Add script to test depends on individual curves
  ...

Conflicts:
	CMakeLists.txt
	programs/ssl/ssl_client2.c
2015-01-20 16:52:28 +00:00
Manuel Pégourié-Gonnard
f9c8a606b5 Merge commit '8b9bcec' into dtls
* commit '8b9bcec':
  Stop assuming chars are signed
  Fix len miscalculation in buffer-based allocator
  Fix NULL dereference in buffer-based allocator
  Add test_suite_memory_buffer_alloc
  Add memory_buffer_alloc_self_test()
  Fix missing bound check
  Add test for ctr_drbg_update() input sanitizing
  Refactor for clearer correctness/security
  Stop assuming chars are signed

Conflicts:
	library/ssl_tls.c
2015-01-20 16:38:39 +00:00
Paul Bakker
d7e2483bfc Merge miscellaneous fixes into development 2015-01-13 16:04:38 +01:00
Manuel Pégourié-Gonnard
765bb31d24 Add test_suite_memory_buffer_alloc 2015-01-13 14:58:00 +01:00
Manuel Pégourié-Gonnard
98aa19148c Adjust warnings in different modes 2014-11-14 16:45:48 +01:00
Manuel Pégourié-Gonnard
4956fd7437 Test and fix anti-replay functions 2014-10-21 16:32:34 +02:00
Manuel Pégourié-Gonnard
39141fed63 Add warnings in debug build, and -Werror with ASan
- warnings in debug build allows the to be caught earlier
- -Werror with ASan make tests/scripts/all.sh a bit shorter
2014-08-14 18:33:00 +02:00
Paul Bakker
508e573231 Merge tests for asn1write, XTEA and Entropy modules 2014-06-12 21:26:33 +02:00