Commit graph

2487 commits

Author SHA1 Message Date
Manuel Pégourié-Gonnard
a4251f4775 Test aes_free( NULL ) unconditionally 2018-12-12 12:04:51 +01:00
Manuel Pégourié-Gonnard
54e7f312d3 Make TEST_VALID_PARAM() available unconditionally 2018-12-12 11:56:09 +01:00
Manuel Pégourié-Gonnard
aae10fa427 Fix some whitespace issues 2018-12-12 10:24:19 +01:00
Manuel Pégourié-Gonnard
cd2b29cd12 Improve wording in documentation and ChangeLog 2018-12-12 10:23:57 +01:00
Manuel Pégourié-Gonnard
9b8ea89ae5 Fix a few style / whitespace issues 2018-12-11 12:28:56 +01:00
Manuel Pégourié-Gonnard
acfdc623d2 Fix test macro that was too lenient
Previously, one could change the definition of AES_VALIDATE_RET() to return
some other code than MBEDTLS_ERR_AES_BAD_INPUT_DATA, and the test suite
wouldn't notice. Now this modification would make the suite fail as expected.
2018-12-11 12:28:56 +01:00
Manuel Pégourié-Gonnard
840af0a9ae Add tests to all.sh for CHECK_PARAMS edge cases 2018-12-11 12:28:56 +01:00
Manuel Pégourié-Gonnard
44c5d58d05 Document AES functions and fix free() functions 2018-12-11 12:28:56 +01:00
Manuel Pégourié-Gonnard
a2b0e27378 Skip param validation tests if custom macro used
The test framework for validation of parameters depends on the macro
MBEDTLS_PARAM_FAILED() being set to its default value when building the
library. So far the test framework attempted to define this macro but this was
the wrong place - this definition wouldn't be picked by the library.

Instead, a different approach is taken: skip those tests when the macro is
defined in config.h, as in that case we have no way to know if it will indeed
end up calling mbedtls_param_failed() as we need it to.

This commit was tested by manually ensuring that aes_invalid_params:

- passes (and is not skipped) in the default configuration
- is skipped when MBEDTLS_PARAM_FAILED() is defined in config.h
2018-12-11 12:28:56 +01:00
Manuel Pégourié-Gonnard
3ef6a6dc5c Fix const-ness in mbedtls_param_failed()
The previous prototype gave warnings are the strings produced by #cond and
__FILE__ are const, so we shouldn't implicitly cast them to non-const.

While at it modifying most example programs:
- include the header that has the function declaration, so that the definition
  can be checked to match by the compiler
- fix whitespace
- make it work even if PLATFORM_C is not defined:
    - CHECK_PARAMS is not documented as depending on PLATFORM_C and there is
      no reason why it should
    - so, remove the corresponding #if defined in each program...
    - and add missing #defines for mbedtls_exit when needed

The result has been tested (make all test with -Werror) with the following
configurations:

- full with    CHECK_PARAMS with    PLATFORM_C
- full with    CHECK_PARAMS without PLATFORM_C
- full without CHECK_PARAMS without PLATFORM_C
- full without CHECK_PARAMS with    PLATFORM_C

Additionally, it has been manually tested that adding

    mbedtls_aes_init( NULL );

near the normal call to mbedtls_aes_init() in programs/aes/aescrypt2.c has the
expected effect when running the program.
2018-12-11 12:28:56 +01:00
Manuel Pégourié-Gonnard
8e661bf6a8 Fix arity of the PARAM_FAILED() macro and function
It was inconsistent between files: sometimes 3 arguments, sometimes one.

Align to 1 argument for the macro and 3 for the function, because:
- we don't need 3 arguments for the macro, it can add __FILE__ and __LINE__
  in its expansion, while the function needs them as parameters to be correct;
- people who re-defined the macro should have flexibility, and 3 arguments
  can give the impression they they don't have as much as they actually do;
- the design document has the macro with 1 argument, so let's stick to that.
2018-12-11 12:28:56 +01:00
Simon Butcher
249b3d6efe Remove use of the macro TEST_FN from the AES test suite
The TEST_FN macro is now redundant and no longer necessary.
2018-12-11 12:28:56 +01:00
Simon Butcher
6542f6c597 Change the use of setjmp/longjmp in parameter failure callback
Change the use of setjmp and longjmp in signalling parameter validation failures
when using the MBEDTLS_CHECK_PARAMS config.h option. This change allows
all calls which might result in a call to the parameter validation failure
handler to always be caught, even without use of the new macros, by placing a
setjmp() in the outer function which calls the test function, which the handler
can jump to.

This has several benefits:
    * it allows us to remove the clang compiler warning (-Wclobbered) caused
      by local auto variables being in the same function as the call to setjmp.
    * removes the need to wrap all function calls in the test functions with the
      TEST_ASSERT() macro. Now all parameter validation function calls should be
      caught.
2018-12-11 12:28:56 +01:00
Simon Butcher
747f5fe3e2 Add disabling of gcc 'clobbered' warning
With gcc, use of setjmp() was triggering warnings about use of auto variables
being clobbered.
2018-12-11 12:28:56 +01:00
Simon Butcher
a646345e3f Add additional parameter validation tests for the AES module
This adds additional tests to validate the AES module parameter validation
checks which are enabled using the MBEDTLS_CHECK_PARAMS option.
2018-12-11 12:28:56 +01:00
Jaeden Amero
faafcd83a8 Merge remote-tracking branch 'upstream-public/pr/2223' into development 2018-12-07 16:16:24 +00:00
Jaeden Amero
fedb407a3f Merge remote-tracking branch 'upstream-public/pr/2208' into development 2018-12-07 16:16:04 +00:00
Jaeden Amero
52ed0b9030 Merge remote-tracking branch 'upstream-public/pr/2101' into development 2018-12-07 16:15:31 +00:00
Jaeden Amero
d07ef47150 Merge remote-tracking branch 'upstream-public/pr/2061' into development 2018-12-07 16:07:21 +00:00
Jaeden Amero
60ca6e58b6 test: Make basic-build-test.sh see summary statuses
We've changed the behavior of "-v" to no longer output test summary
statuses. Update basic-build-test.sh to use the test runner's verbosity
option "-v 2", so that the basic-build-test.sh script can get the summary
statuses it needs.
2018-12-07 13:06:24 +00:00
Jaeden Amero
8ef1f48a52 Merge remote-tracking branch 'upstream-public/pr/2219' into development 2018-12-06 16:16:36 +00:00
Jaeden Amero
3c0941ec64 Merge remote-tracking branch 'upstream-public/pr/2172' into development 2018-12-06 16:09:08 +00:00
Jaeden Amero
41722ec29e Merge remote-tracking branch 'upstream-public/pr/1958' into development 2018-12-06 15:53:56 +00:00
Jaeden Amero
643e0027d6 Merge remote-tracking branch 'upstream-public/pr/1548' into development 2018-12-06 15:51:29 +00:00
Janos Follath
36c5f7fe9b ECDH: Hide context from tests
The tests for the ECDH key exchange that use the context accessed it
directly. This can't work with the new context, where we can't make any
assumptions about the implementation of the context. This commit works
around this problem and comes with the cost of allocating an extra
structures on the stack when executing the test.

One of the tests is testing an older interface for the sake of backward
compatibility. The new ECDH context is not backward compatible and this
test doesn't make any sense for it, therefore we skip this test in
non-legacy mode.
2018-12-06 12:22:46 +00:00
Jaeden Amero
5dfca1e1bd Update library version to 2.15.1 2018-12-01 18:44:29 +00:00
Janos Follath
fc03e8dfa9 ECDH: Adapt tests for mbedtls_ecdh_setup()
The recently added `mbedtls_ecdh_setup()` function is not used in the
tests yet. This commit adapts the tests to the new workflow.

Having done that, the old lifecycle is not tested anymore, so we add a
new test to ensure backward compatibility.
2018-11-30 14:09:57 +00:00
Simon Butcher
51b8a2fa87 Merge remote-tracking branch 'restricted/pr/512' into development 2018-11-29 16:56:02 +00:00
Simon Butcher
658618b6b2 Merge remote-tracking branch 'restricted/pr/516' into development 2018-11-29 16:53:51 +00:00
Ron Eldor
b9b3813649 Separate REGEX of MACRO to groups
Seperate the REGEX into identifier, condition and value, into groups,
to behandled differently.
2018-11-27 16:37:49 +02:00
Ron Eldor
111ba0e949 Fix parsing error of test data
Fix parsing error that contains special character.
The previous implementation replaced the `:` char with `\n`,
and split on `\n`. Test data containing strings with `\n`
were split as well. Fixes #2193.
The split function caused strings containing `\:` to add
another escape char, resulting in `\\:`. This caused the
tests with the `\:` in the string data to fail.
The fix doesn't replace with `\n`, but splits all `:` that
are not preceded with `\`. After that, removes the preceding `\` char.
2018-11-27 13:48:13 +02:00
Andres Amaya Garcia
687d6739b2 Fix resource leak of file desc in test code 2018-11-26 21:23:28 +00:00
Gilles Peskine
d919993b76 CTR_DRBG: deprecate mbedtls_ctr_drbg_update because it ignores errors
Deprecate mbedtls_ctr_drbg_update (which returns void) in favor of a
new function mbedtls_ctr_drbg_update_ret which reports error.
2018-11-26 19:26:00 +01:00
Ron Eldor
d5062dedeb Add conditional dependency to tests
Add a way to check compile time defionitions values, for determining
whether to skip tests.
2018-11-26 14:23:14 +02:00
Ron Eldor
6dbb9aabf8 Test AD too long only when CCM_ALT not defined
Since the AD too long is a limitation on Mbed TLS,
HW accelerators may support this. Run the test for AD too long,
only if `MBEDTLS_CCM_ALT` is not defined.
Addresses comment in #1996.
2018-11-25 10:31:53 +02:00
Simon Butcher
60ee838a8a Merge remote-tracking branch 'public/pr/2224' into development-psa-proposed 2018-11-23 21:18:32 +00:00
Gilles Peskine
c117d5928c check-files: detect merge artifacts
Detect Git merge artifacts. These are lines starting with "<<<<<<",
"|||||||" or ">>>>>>>" followed by a space, or containing just
"=======". For "=======", exempt Markdown files, because this can be
used to underline a title, as a compromise between false negatives and
false positives.
2018-11-23 21:11:52 +01:00
Gilles Peskine
043980585c Factor record_issue into its own method 2018-11-23 21:11:30 +01:00
Jaeden Amero
bb225f7914 Merge remote-tracking branch 'upstream-public/pr/2225' into development-psa-proposed 2018-11-23 17:37:04 +00:00
Jaeden Amero
b1c48d3d83 psa: Include PSA headers for tests and programs
Programs and tests need to be able to use PSA header files when
USE_CRYPTO_SUBMODULE and MBEDTLS_USE_PSA_CRYPTO are set. Add the crypto
submodule include folder, which contains psa headers, after the main
include folder so that psa headers can be found and crypto submodule
headers don't take precedence over mbedtls headers.
2018-11-23 15:22:44 +00:00
Hanno Becker
ee81756a51 Fix wrong cmake invocation in all.sh testing MBEDTLS_USE_PSA_CRYPTO
It should be `cmake -D VAR=1` instead of `cmake -D VAR`.
2018-11-23 15:08:32 +00:00
Simon Butcher
ebeb6cb446 Update library version to 2.15.0 2018-11-23 14:18:15 +00:00
Hanno Becker
46b79c14ad Merge remote-tracking branch 'remote_jaeden/dev/patater/avoid-check-files-todo-dev' into development-psa-proposed 2018-11-23 13:40:44 +00:00
Jaeden Amero
80a23a5bc4 check-files: Don't check same-named files
The check-files script contains the strings "TODO" and "todo" in order to
search for files that contain TODO items. So, any check-files script would
need to be excluded from the list of files that gets checked for "TODO".
Normally, the script excludes itself from checks, but with the addition of
the crypto submodule, there is another copy of the script present from the
project root. We must avoid checking check-files scripts for TODO items.
This also helps if you run check-files from another working tree in your
working tree.
2018-11-23 13:14:38 +00:00
Hanno Becker
4ae8b497c0 Merge branch 'iotssl-2578-psa-sig-verification' into development-psa-proposed 2018-11-23 11:37:00 +00:00
Hanno Becker
a0a96a0c56 Merge branch 'psa_cipher_integration' into development-psa-proposed 2018-11-23 11:26:57 +00:00
Hanno Becker
f8b5f27bce Merge branch 'psa_cipher' into development-psa-proposed 2018-11-23 11:18:02 +00:00
Hanno Becker
485529952f Merge branch 'opaque_psk_implementation' into development-psa-proposed 2018-11-23 11:12:38 +00:00
Hanno Becker
b345ae64f1 Merge branch 'iotssl-2596-opaque-csr-creation' into development-psa-proposed 2018-11-23 11:05:04 +00:00
Andrzej Kurek
967cfd18fd Remove trailing whitespace 2018-11-22 12:05:08 -05:00
Andrzej Kurek
4b11407258 Cosmetic changes
Adjust whitespaces, reduce test dependencies and reduce buffer size passed by 1.
2018-11-22 12:05:08 -05:00
Andrzej Kurek
5f7bad34bb Add CSR write testing using opaque keys
Parse and verify CSR programatically instead of using predetermined data,
to not tamper with randomness in tests.
2018-11-22 12:05:08 -05:00
Manuel Pégourié-Gonnard
2baae9ef71 Add tests for ECDSA verify with short r, s values
This is intended to test transcoding the signature to the format expected by
PSA (fixed-length encoding of r, s) when r and s have respectively:
- full length with initial null byte
- full length without initial null byte
- non-full length with initial null byte
- non-full length without initial null byte

The signatures were generated using:

programs/pkey/pk_sign tests/data_files/server5.key foo

where foo is an empty file, and with a variant of one of the following patches
applied:

diff --git a/library/ecdsa.c b/library/ecdsa.c
index abac015cebc6..e4a27b044516 100644
--- a/library/ecdsa.c
+++ b/library/ecdsa.c
@@ -305,7 +305,9 @@ static int ecdsa_sign_restartable( mbedtls_ecp_group *grp,
                 ret = MBEDTLS_ERR_ECP_RANDOM_FAILED;
                 goto cleanup;
             }
+            printf("\ngenerating r...\n");

+gen:
             MBEDTLS_MPI_CHK( mbedtls_ecp_gen_privkey( grp, pk, f_rng, p_rng ) );

 #if defined(MBEDTLS_ECP_RESTARTABLE)
@@ -317,6 +319,11 @@ mul:
             MBEDTLS_MPI_CHK( mbedtls_ecp_mul_restartable( grp, &R, pk, &grp->G,
                                                   f_rng, p_rng, ECDSA_RS_ECP ) );
             MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( pr, &R.X, &grp->N ) );
+
+            size_t bits = mbedtls_mpi_bitlen( pr );
+            printf("%zu ", bits);
+            if( bits != 255 )
+                goto gen;
         }
         while( mbedtls_mpi_cmp_int( pr, 0 ) == 0 );

or:

diff --git a/library/ecdsa.c b/library/ecdsa.c
index abac015cebc6..d704376e0c42 100644
--- a/library/ecdsa.c
+++ b/library/ecdsa.c
@@ -305,7 +305,9 @@ static int ecdsa_sign_restartable( mbedtls_ecp_group *grp,
                 ret = MBEDTLS_ERR_ECP_RANDOM_FAILED;
                 goto cleanup;
             }
+            printf("\ngenerating r...\n");

+gen:
             MBEDTLS_MPI_CHK( mbedtls_ecp_gen_privkey( grp, pk, f_rng, p_rng ) );

 #if defined(MBEDTLS_ECP_RESTARTABLE)
@@ -353,6 +355,11 @@ modn:
         MBEDTLS_MPI_CHK( mbedtls_mpi_inv_mod( s, pk, &grp->N ) );
         MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( s, s, &e ) );
         MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( s, s, &grp->N ) );
+
+            size_t bits = mbedtls_mpi_bitlen( s );
+            printf("%zu ", bits);
+            if( bits != 247 )
+                goto gen;
     }
     while( mbedtls_mpi_cmp_int( s, 0 ) == 0 );

with the value edited manually between each run to get the desired bit length.
2018-11-22 11:17:37 -05:00
Andrzej Kurek
c05ec9f39c pk_wrap: test if a valid md_alg is passed to ecdsa_verify_wrap
Adjust tests to pass a valid algorithm
2018-11-22 11:17:37 -05:00
Manuel Pégourié-Gonnard
cfdf8f4d8f Implement key_opaque option to ssl_client2 2018-11-22 14:35:11 +00:00
Hanno Becker
e9420c2aff Rename PSA test in ssl-opt.sh 2018-11-22 14:05:54 +00:00
Hanno Becker
a0dc9cf8ec Remove superfluous quotes in ssl-opt.sh 2018-11-22 14:05:54 +00:00
Hanno Becker
9b5853c846 Add runs for specific PSA-supported ciphersuites to ssl-opt.sh
So far, make sure we test the following ciphersuites
without any fallback to non-PSA ciphers:

TLS-ECDHE-ECDSA-WITH-AES-128-CCM
TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8
TLS-ECDHE-ECDSA-WITH-AES-256-CCM
TLS-ECDHE-ECDSA-WITH-AES-256-CCM-8
TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256
TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384
TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA
TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256
TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384
2018-11-22 14:05:54 +00:00
Hanno Becker
9d76d56d81 Omit tests from ssl-opt.sh which force a disabled ciphersuite 2018-11-22 14:05:54 +00:00
Hanno Becker
b1b2c01df4 Add missing newline at the end of test_suite_cipher.gcm.data 2018-11-22 14:03:39 +00:00
Hanno Becker
b0c05e242c Test PSA-based GCM cipher operations 2018-11-22 14:03:39 +00:00
Hanno Becker
5cec718191 Adapt existing Cipher-GCM test cases to new param for auth_crypt_tv 2018-11-22 14:03:39 +00:00
Hanno Becker
a13272d6d2 Test PSA-based CCM cipher operations 2018-11-22 14:03:39 +00:00
Hanno Becker
e43164e8f1 Add AES-*-CBC test vectors for PSA-based cipher contexts 2018-11-22 14:03:39 +00:00
Hanno Becker
6767cca100 Merge branch 'gcm_through_cipher_api_tests' into psa_cipher_ 2018-11-22 14:03:14 +00:00
Hanno Becker
c0c882cd67 Add missing dependencies in test_suite_cipher.gcm 2018-11-22 13:41:53 +00:00
Hanno Becker
ef42f22edd Add NIST AES GCM test vectors to single-step cipher API test suite
The test suites `test_suite_gcm.aes{128,192,256}_en.data` contains
numerous NIST test vectors for AES-*-GCM against which the GCM
API mbedtls_gcm_xxx() is tested.

However, one level higher at the cipher API, no tests exist which
exercise mbedtls_cipher_auth_{encrypt/decrypt}() for GCM ciphers,
although test_suite_cipher.function contains the test auth_crypt_tv
which does precisely that and is already used e.g. in
test_suite_cipher.ccm.

This commit replicates the test vectors from
test_suite_gcm.aes{128,192,256}_en.data in test_suite_cipher.gcm.data
and adds a run of auth_crypt_tv for each of them.

The conversion was mainly done through the sed command line

```
s/gcm_decrypt_and_verify:\([^:]*\):\([^:]*\):\([^:]*\):\([^:]*\):
\([^:]*\):\([^:]*\):\([^:]*\):\([^:]*\):\([^:]*\):\([^:]*\)/auth_crypt_tv:
\1:\2:\4:\5:\3:\7:\8:\9/
```
2018-11-22 13:41:07 +00:00
Manuel Pégourié-Gonnard
23a1ccd23f Fix test that wasn't actually effective
psa_destroy_key() returns success even if the slot is empty.
2018-11-22 12:21:20 +01:00
Manuel Pégourié-Gonnard
fa9a1ca967 Improve description of a test 2018-11-22 09:59:34 +01:00
Manuel Pégourié-Gonnard
69baf70984 Align names to use "opaque" only everywhere
It's better for names in the API to describe the "what" (opaque keys) rather
than the "how" (using PSA), at least since we don't intend to have multiple
function doing the same "what" in different ways in the foreseeable future.
2018-11-22 09:59:34 +01:00
Manuel Pégourié-Gonnard
3686771dfa Implement pk_sign() for opaque ECDSA keys 2018-11-22 09:59:34 +01:00
Manuel Pégourié-Gonnard
d97390e97d Add tests for unsupported operations/functions 2018-11-22 09:59:34 +01:00
Manuel Pégourié-Gonnard
920c063bad Implement can_do for opaque ECC keypairs
Unfortunately the can_do wrapper does not receive the key context as an
argument, so it cannot check psa_get_key_information(). Later we might want to
change our internal structures to fix this, but for now we'll just restrict
opaque PSA keys to be ECDSA keypairs, as this is the only thing we need for
now. It also simplifies testing a bit (no need to test each key type).
2018-11-22 09:59:34 +01:00
Manuel Pégourié-Gonnard
0184b3c69b Add support for get_(bit)len on opaque keys 2018-11-22 09:59:34 +01:00
Manuel Pégourié-Gonnard
01a12c49aa Add key generation to opaque test function
While at it, clarify who's responsible for destroying the underlying key. That
can't be us because some keys cannot be destroyed and we wouldn't know. So
let's leave that up to the caller.
2018-11-22 09:59:34 +01:00
Manuel Pégourié-Gonnard
7b5fe041f1 Implement alloc/free wrappers for pk_opaque_psa 2018-11-22 09:59:34 +01:00
Hanno Becker
1d911cd59d Automatically allocate opaque PSK key slots in ssl_{client/server}2
Previously, command line arguments `psk_slot` and `psk_list_slot`
could be used to indicate the PSA key slots that the example
applications should use to store the PSK(s) provided.

This commit changes this approach to use the utility function
`mbedtls_psa_get_free_key_slot()` to obtain free key slots from
the PSA Crypto implementation automatically, so that users only
need to pass boolean flags `psk_opaque` and `psk_list_opaque`
on the command line to enable / disable PSA-based opaque PSKs.
2018-11-21 21:12:58 +00:00
Hanno Becker
28c79dc3d0 Add tests to ssl-opt.sh exercising server-side opaque PSK 2018-11-21 21:12:58 +00:00
Hanno Becker
f7027514fb Add tests to ssl-opt.sh exercising client-side opaque PSK 2018-11-21 21:12:58 +00:00
Hanno Becker
6e02197e24 Refer to PSA through MBEDTLS_USE_PSA_CRYPTO, not USE_PSA, in all.sh 2018-11-21 21:08:43 +00:00
Hanno Becker
1cfc5ddb11 Initialize PSA Crypto implementation at the start of each test suite 2018-11-21 21:08:43 +00:00
Manuel Pégourié-Gonnard
655c0a8d76 Add build using PSA to all.sh 2018-11-21 21:08:40 +00:00
Jaeden Amero
acaabe796e crypto: Test without crypto as a submodule
Add a test to ensure that when the crypto submodule is not used, the crypto
library is not created and that libmbedcrypto.a does not contain symbols
from files contained within the crypto submodule.
2018-11-21 12:54:57 +00:00
Jaeden Amero
ed93bdc8aa crypto: Test with crypto as a submodule
- Check that libmbedcrypto was not built at the top level.
- Check that we've built libmbedcrypto with the correct files. Build
  libmbedcrypto with debug symbols and verify that files used are from the
  crypto submodule.
- Check that config.h is handled properly. Enable a feature at the top
  level that the crypto library submodule has disabled in its config.h, and
  check that the library symboles indicate that the feature is present in
  libmbedcrypto.
- Ensure basic functionality of the resulting build with a run of
  `make test` and `ssl-opt.sh`.
2018-11-21 12:54:57 +00:00
Jaeden Amero
30b340a760 crypto: Add mbedtls-psa as a submodule
mbedtls-psa contains an implementation of libmbedcrypto, including the PSA
Crypto API.
2018-11-21 12:54:57 +00:00
Ron Eldor
8672cb7909 Set result to False on Failure
Add a member for holding a failed result,
and notify_complete with this member value, when finished.
2018-11-21 14:02:12 +02:00
Jaeden Amero
2d0e00fca8 all.sh: Cleanup CMakeFiles
all.sh's cleanup function would not entirely remove CMakeFiles due to a
missing -o in its fine command. Add a -o after prune, so that the find for
CMakeFiles can succeed.
2018-11-20 18:46:43 +00:00
Simon Butcher
c1b9892177 Update library version number to 2.14.0 2018-11-19 18:31:40 +00:00
Manuel Pégourié-Gonnard
f560a2d6fc Disable test that trigger bug in old GnuTLS
This is temporary until we fix the GnuTLS version available in our CI.
2018-11-19 13:24:23 +01:00
Ron Eldor
7a977881b4 Change buf size to a valid size
Change the size of `buf` to a valid hash size, in `ecdsa_prim_random()`
2018-11-19 13:51:00 +02:00
Simon Butcher
cdd1a6c872 Merge remote-tracking branch 'restricted/pr/510' into development-restricted-proposed 2018-11-12 14:29:14 +00:00
Simon Butcher
53b45ec881 Merge remote-tracking branch 'public/pr/2079' into development-restricted-proposed 2018-11-07 12:58:44 +00:00
Simon Butcher
241823aab8 Merge remote-tracking branch 'public/pr/1641' into development-restricted-proposed 2018-11-07 12:55:47 +00:00
Simon Butcher
42ab4ae033 Merge remote-tracking branch 'public/pr/2167' into development-restricted-proposed 2018-11-07 12:54:45 +00:00
Ron Eldor
c242eea732 Change data file suffix for ott
Change the suffix of the data files searched in `mbedtls_test.py`
to `datax` as the generated files have this suffix.
2018-11-05 16:22:36 +02:00
Manuel Pégourié-Gonnard
79bf327a95 Add ARIA and ChachaPoly to basic-build-test
The invocation of `compat.sh` that runs those tests was added in all.sh but
not here, resulting in our reported coverage figures being slightly lower than
what we actually test. Fixing that omission change the figures reported from:

Lines Tested       : 19105 of 22623 84.4%
Functions Tested   : 1392 of 1460 95.3%

to:

Lines Tested       : 19126 of 22623 84.5%
Functions Tested   : 1399 of 1460 95.8%

It requires `$OPENSSL_NEXT` to be set and point to an OpenSSL version in the
1.1.1 line or later.
2018-11-05 14:27:09 +01:00
Hanno Becker
a8b13d79bf Add tests for relaxed CRL-CA name comparison
This commit introduces variants test-ca_utf8.crt,
test-ca_printablestring.crt and test-ca_uppercase.crt
of tests/data_files/test-ca.crt which differ from
test-ca.crt in their choice of string encoding and
upper and lower case letters in the DN field. These
changes should be immaterial to the recovation check,
and three tests are added that crl.pem, which applies
to test-ca.crt, is also considered as applying to
test-ca_*.crt.

The test files were generated using PR #1641 which
- adds a build instruction for test-ca.crt to
  tests/data_files/Makefile which allows easy
  change of the subject DN.
- changes the default string format from `PrintableString`
  to `UTF8String`.

Specifically:
- `test-ca_utf8.crt` was generated by running
      `rm test-ca.crt && make test-ca.crt`
   on PR #1641.
- `test-ca_uppercase.crt`, too, was generated by running
      `rm test-ca.crt && make test-ca.crt`
   on PR #1641, after modifying the subject DN line in the build
   instruction for `test-ca.crt` in `tests/data_files/Makefile`.
-  `test-ca_printable.crt` is a copy of `test-ca.crt`
   because at the time of this commit, `PrintableString` is
   still the default string format.
2018-11-05 11:47:49 +00:00
Simon Butcher
06f88e9c42 Merge remote-tracking branch 'public/pr/2007' into development-proposed 2018-11-04 19:12:57 +00:00
Jaeden Amero
8396a71449 test: Enable multiple levels of verbosity
Enable passing a number to "-v" in order to set the level of verbosity.
Print detailed test failure information at verbosity level 1 or higher.
Display summary messages at the verbosity level 2 or higher. Print
detailed test information at verbosity level 3 or higher, whether the
test failed or not. This enables a more readable output style that
includes detailed failure information when a failure occurs.
2018-11-02 13:25:16 +00:00
Jaeden Amero
f4b521dd10 test: Use GetOpt::Long for argument parsing
Simplify argument parsing by using a core perl library for parsing
arguments.
2018-11-02 13:25:16 +00:00
Jaeden Amero
79e4f4e933 test: Print verbosely on failures in verbose mode
Update the test runner to print detail about why the test failed when it
fails, if the runner is running in verbose mode.
2018-11-02 13:25:16 +00:00
Hanno Becker
710f203541 Merge branch 'iotssl-1770' into development_thomas_dee 2018-11-02 10:52:49 +00:00
Hanno Becker
6e1adee42b Regenerate test files
Previous commits have added or modified build instructions for
server1*, server2*, server5*, test-ca*, cli-rsa* in the Makefile
tests/data_files/Makefile, or the apps they invoke have been changed.

This commit regenerates those files to make sure they are in match with
the build instructions.
2018-11-02 10:52:38 +00:00
Hanno Becker
381c77c0c4 Change serial in test-ca.crt from 0 to 3 to circumvent ASN.1 bug
As of 2.13.1, mbedtls_asn1_write_mpi() doesn't write 0 correctly. #2166.
2018-11-02 10:52:35 +00:00
Hanno Becker
52acdb5926 Add tests for relaxed CRL-CA name comparison
This commit introduces variants test-ca_utf8.crt,
test-ca_printablestring.crt and test-ca_uppercase.crt
of tests/data_files/test-ca.crt which differ from
test-ca.crt in their choice of string encoding and
upper and lower case letters in the DN field. These
changes should be immaterial to the recovation check,
and three tests are added that crl.pem, which applies
to test-ca.crt, is also considered as applying to
test-ca_*.crt.
2018-11-02 10:49:05 +00:00
Hanno Becker
b963081df1 Generate tests/data_files/test-ca_cat[12|21].crt from Makefile 2018-11-02 09:01:52 +00:00
Hanno Becker
386f99c65c Generate cli-rsa* CSRs and CRTs through Mbed TLS applications 2018-11-02 09:01:52 +00:00
Hanno Becker
0dd11396d4 Generate server5.req.ku.sha1 through Mbed TLS application 2018-11-02 09:01:52 +00:00
Hanno Becker
ebc1f40aa0 Generate server2* CSRs and CRTs through Mbed TLS applications 2018-11-02 09:01:52 +00:00
Hanno Becker
b83777532a Generate test-ca* CSRs and CRTs through Mbed TLS applications 2018-11-02 09:01:52 +00:00
Hanno Becker
50cb93a04c Generate server1* CRTs and CSRs through Mbed TLS applications
Previously, CSRs and CRTs from the server1* family in testa/data_files
were generated through OpenSSL. This commit changes the build instructions
to use Mbed TLS' example applications programs/x509/cert_write and
programs/x509/cert_req instead.
2018-11-02 09:01:49 +00:00
Simon Butcher
7904f94550 Merge remote-tracking branch 'public/pr/1099' into development-proposed 2018-10-28 18:10:37 +00:00
Simon Butcher
02ef525a7b Merge remote-tracking branch 'public/pr/2107' into development-proposed 2018-10-28 16:16:58 +00:00
Simon Butcher
a07d86e8af Merge remote-tracking branch 'public/pr/1902' into development 2018-10-27 18:36:55 +01:00
Simon Butcher
3869384ddb Merge remote-tracking branch 'public/pr/2031' into development 2018-10-27 18:34:18 +01:00
Simon Butcher
78dd2e55bf Merge remote-tracking branch 'public/pr/1806' into development 2018-10-27 17:59:17 +01:00
Simon Butcher
e783f4a767 Merge remote-tracking branch 'public/pr/1609' into development 2018-10-27 17:35:25 +01:00
Simon Butcher
76cf60beb3 Remove merge conflict marker in ssl-opt.sh
Commit 6346a75dfb introduced a merge conflict marker into ssl-opt.sh
by accident. This commit removes it.
2018-10-25 21:51:32 +01:00
Simon Butcher
169712e15a Merge remote-tracking branch 'restricted/pr/390' into development 2018-10-24 18:34:30 +01:00
Simon Butcher
c774e32939 Merge remote-tracking branch 'restricted/pr/517' into development 2018-10-22 14:23:29 +01:00
Simon Butcher
837f821bc2 Merge remote-tracking branch 'public/pr/1990' into development 2018-10-22 14:22:56 +01:00
Manuel Pégourié-Gonnard
bcedb92e7b Merge branch 'development' into iotssl-1260-non-blocking-ecc-restricted
* development:
  Add Jenkinsfile for PR job
2018-10-22 09:52:46 +02:00
Darryl Green
b51e267bee Add Jenkinsfile for PR job 2018-10-19 15:25:10 +01:00
Hanno Becker
198611db32 Add missing return value check in ECDSA test suite
The test case `ecdsa_det_test_vectors` from the ECDSA test suite
called `mbedtls_md()` without checking its return value.
2018-10-17 13:58:19 +01:00
Hanno Becker
0fbbc64fee Add dependency of mbedtls_asn1_write_len() test on ASN.1 parsing 2018-10-16 13:48:23 +01:00
Hanno Becker
19d858e8e6 Add dependency of pkwrite test suite on pkparse module 2018-10-16 13:46:25 +01:00
Gilles Peskine
96f3b4ee42 Remove yotta support from check-files.py
Complements "Remove Yotta support from the docs, tests and build scripts".
2018-10-16 14:10:21 +02:00
Manuel Pégourié-Gonnard
7a28e99fa0 Expand test to ensure no assumption on output
The functions don't require the caller to preserve the content of the output
parameter - let's ensure that they don't assume that.
2018-10-16 11:22:45 +02:00
Manuel Pégourié-Gonnard
6346a75dfb Merge branch 'development' into iotssl-1260-non-blocking-ecc-restricted
* development:
  ssl-opt.sh: change expected output for large srv packet test with SSLv3
  Adapt ChangeLog
  Fix bug in SSL ticket implementation removing keys of age < 1s
  ssl-opt.sh: Add DTLS session resumption tests
  Add ChangeLog entry
  Fix typo
  Fix hmac_drbg failure in benchmark, with threading
  Remove trailing whitespace
  Remove trailing whitespace
  ssl_server2: add buffer overhead for a termination character
  Add missing large and small packet tests for ssl_server2
  Added buffer_size and response_size options for ssl-server2. Added appropriate tests.

Solving a conflict in tests/ssl-opt.sh: two set of tests were added at the
same place (just after large packets):
- restartable ECC tests (in this branch)
- server-side large packets (in development)

Resolution was to move the ECC tests after the newly added server large packet
ones.
2018-10-15 11:26:17 +02:00
Andrzej Kurek
9580528248 ssl-opt.sh: fix typo in mtu settings 2018-10-11 08:55:37 -04:00
Andrzej Kurek
b459346f67 ssl-opt.sh: add a check for i686 targets
Run DTLS fragmenting tests on non-i686 targets only.
Remove reduntant gnutls requirements.
2018-10-11 08:43:30 -04:00
Andrzej Kurek
7782605491 ssl-opt.sh: add comments regarding ciphersuite forcing 2018-10-11 07:34:08 -04:00
Andrzej Kurek
7c6df832ed ssl-opt.sh: revert unnecessary "autoreduction" checks
return to the initial check for "resend"
2018-10-11 07:06:12 -04:00
Andrzej Kurek
7311c78074 ssl-opt.sh: force ciphersuites to reduce mtu size 2018-10-11 06:49:41 -04:00
Hanno Becker
e5fecec7bf Add test for MBEDTLS_PLATFORM_{CALLOC/FREE}_MACRO to all.sh
This commit adds a test to tests/scripts/all.sh exercising an
ASan build of the default configuration with

MBEDTLS_PLATFORM_MEMORY enabled,
MBEDTLS_PLATFORM_CALLOC_MACRO set to std calloc
MBEDTLS_PLATFORM_FREE_MACRO   set to std free

(This should functionally be indistinguishable from a default build)
2018-10-11 11:04:20 +01:00
Darryl Green
ac2ead0e68 Improve deterministic test for prime testing
Extend the mbedtls_mpi_is_prime_det test to check that it reports
the number as prime when testing rounds-1 rounds, then reports the
number as composite when testing the full number of rounds.
2018-10-09 16:36:53 +01:00
Janos Follath
a0b67c2f3e Bignum: Deprecate mbedtls_mpi_is_prime()
When using a primality testing function the tolerable error rate depends
on the scheme in question, the required security strength and wether it
is used for key generation or parameter validation. To support all use
cases we need more flexibility than what the old API provides.
2018-10-09 16:36:53 +01:00
Janos Follath
64eca05ec2 Bignum: Add tests for primality testing
Primality tests have to deal with different distribution when generating
primes and when validating primes.
These new tests are testing if mbedtls_mpi_is_prime() is working
properly in the latter setting.

The new tests involve pseudoprimes with maximum number of
non-witnesses. The non-witnesses were generated by printing them
from mpi_miller_rabin(). The pseudoprimes were generated by the
following function:

void gen_monier( mbedtls_mpi* res, int nbits )
{
    mbedtls_mpi p_2x_plus_1, p_4x_plus_1, x, tmp;

    mbedtls_mpi_init( &p_2x_plus_1 );
    mbedtls_mpi_init( &p_4x_plus_1 );
    mbedtls_mpi_init( &x ); mbedtls_mpi_init( &tmp );

    do
    {
        mbedtls_mpi_gen_prime( &p_2x_plus_1, nbits >> 1, 0,
                               rnd_std_rand, NULL );
        mbedtls_mpi_sub_int( &x, &p_2x_plus_1, 1 );
        mbedtls_mpi_div_int( &x, &tmp, &x, 2 );

        if( mbedtls_mpi_get_bit( &x, 0 ) == 0 )
            continue;

        mbedtls_mpi_mul_int( &p_4x_plus_1, &x, 4 );
        mbedtls_mpi_add_int( &p_4x_plus_1, &p_4x_plus_1, 1 );

        if( mbedtls_mpi_is_prime( &p_4x_plus_1, rnd_std_rand,
                                  NULL ) == 0 )
            break;

    } while( 1 );

    mbedtls_mpi_mul_mpi( res, &p_2x_plus_1, &p_4x_plus_1 );
}
2018-10-09 16:36:53 +01:00
Janos Follath
a3cb7eb8ad Bignum: Add test for improved prime generation 2018-10-09 16:33:27 +01:00
Andrzej Kurek
35f2f300ca ssl-opt.sh: change expected pattern from 'resend' to 'autoreduction' 2018-10-09 08:52:14 -04:00
Andrzej Kurek
0fc9cf40cf ssl-opt.sh: increase proxy mtu sizes to contain entire datagrams 2018-10-09 03:09:41 -04:00
Gilles Peskine
695a34654a Add tests for PKCS#1 v1.5 decoding
Functional tests for various payload sizes and output buffer sizes.

When the padding is bad or the plaintext is too large for the output
buffer, verify that function writes some outputs. This doesn't
validate that the implementation is time-constant, but it at least
validates that it doesn't just return early without outputting anything.
2018-10-08 11:13:21 +02:00
Simon Butcher
03de21059d Add additional test case for alternative CSR headers
Add a test case for alternative headers possible for CSR's, as defined in
RFC7468.
2018-10-06 17:19:31 +01:00
Andrzej Kurek
948fe80f42 ssl-opt.sh: adjust test timeouts to fit slower targets 2018-10-06 05:07:47 -04:00
Andrzej Kurek
52f8491dc2 ssl-opt.sh: adjust tests to fit slower targets
Adjust mtu sizes to be able to pass tests using a full configuration
2018-10-05 07:53:40 -04:00
Gilles Peskine
95c5575e12 check-files: exclude .git and third-party files
Exclude ".git" directories anywhere. This avoids spurious errors in git
checkouts that contain branch names that look like a file
check-files.py would check. Fix #1713

Exclude "mbed-os" anywhere and "examples" from the root. Switch to the
new mechanism to exclude "yotta/module". These are directories where
we store third-party files that do not need to match our preferences.

Exclude "cov-int" from the root. Fix #1691
2018-10-02 13:13:24 +02:00
Simon Butcher
6e3606e4f6 Fix run-test-suites.pl to screen for files
Changes run-test-suites.pl to filter out directories, and select only files
as on OSX, test coverage tests create .dSYM directories which were being
accidentally selected to execute.
2018-09-30 21:53:16 +01:00
Gilles Peskine
427df37f84 Don't try to disable ASLR
We don't need to disable ASLR, so don't try. If gdb tries but fails,
the test runs normally, but all.sh then trips up because it sees
`warning: Error disabling address space randomization: Operation not permitted`
and interprets it as an error that indicates a test failure.
2018-09-28 14:31:16 +02:00
Gilles Peskine
5c39d7a972 Remove redundant check in all.sh
test -s can't fail if the subsequent grep succeeds.
2018-09-28 14:31:16 +02:00
Gilles Peskine
bd90a8c002 In keep-going mode, don't hard-fail on some tests
Add if_build_succeeded in front of the invocation of some test runs
where it was missing.
2018-09-28 14:31:16 +02:00
Jaeden Amero
65593d2ddd rsa: pss: Add no possible salt size tests
Add signing tests with 528-bit and 520-bit RSA keys with SHA-512. These
selections of key and hash size should lead to an error returned, as
there is not enough room for our chosen minimum salt size of two bytes
less than the hash size. These test the boundary around an available
salt length of 0 or -1 bytes.

The RSA keys were generated with OpenSSL 1.1.1-pre8.

    $ openssl genrsa 520
    Generating RSA private key, 520 bit long modulus (2 primes)
    .............++++++++++++
    .................++++++++++++
    e is 65537 (0x010001)
    -----BEGIN RSA PRIVATE KEY-----
    MIIBPwIBAAJCANWgb4bludh0KFQBZcqWb6iJOmLipZ0L/XYXeAuwOfkWWjc6jhGd
    B2b43lVnEPM/ZwGRU7rYIjd155fUUdSCBvO/AgMBAAECQgDOMq+zy6XZEjWi8D5q
    j05zpRGgRRiKP/qEtB6BWbZ7gUV9DDgZhD4FFsqfanwjWNG52LkM9D1OQmUOtGGq
    a9COwQIhD+6l9iIPrCkblQjsK6jtKB6zmu5NXcaTJUEGgW68cA7PAiENaJGHhcOq
    /jHqqi2NgVbc5kWUD/dzSkVzN6Ub0AvIiBECIQIeL2Gw1XSFYm1Fal/DbQNQUX/e
    /dnhc94X7s118wbScQIhAMPVgbDc//VurZ+155vYc9PjZlYe3QIAwlkLX3HYKkGx
    AiEND8ndKyhkc8jLGlh8aRP8r03zpDIiZNKqCKiijMWVRYQ=
    -----END RSA PRIVATE KEY-----

    $ openssl genrsa 528
    Generating RSA private key, 528 bit long modulus (2 primes)
    .........++++++++++++
    ....++++++++++++
    e is 65537 (0x010001)
    -----BEGIN RSA PRIVATE KEY-----
    MIIBQgIBAAJDAKJVTrpxW/ZuXs3z1tcY4+XZB+hmbnv1p2tBUQbgTrgn7EyyGZz/
    ZkkdRUGQggWapbVLDPXu9EQ0AvMEfAsObwJQgQIDAQABAkJhHVXvFjglElxnK7Rg
    lERq0k73yqfYQts4wCegTHrrkv3HzqWQVVi29mGLSXTqoQ45gzWZ5Ru5NKjkTjko
    YtWWIVECIgDScqoo7SCFrG3zwFxnGe7V3rYYr6LkykpvczC0MK1IZy0CIgDFeINr
    qycUXbndZvF0cLYtSmEA+MoN7fRX7jY5w7lZYyUCIUxyiOurEDhe5eY5B5gQbJlW
    ePHIw7S244lO3+9lC12U1QIhWgzQ8YKFObZcEejl5xGXIiQvBEBv89Y1fPu2YrUs
    iuS5AiFE64NJs8iI+zZxp72esKHPXq/chJ1BvhHsXI0y1OBK8m8=
    -----END RSA PRIVATE KEY-----
2018-09-27 18:23:08 +01:00
Jaeden Amero
80d99ea038 rsa: pss: Extend tests for variable salt length
Since we wish to generate RSASSA-PSS signatures even when hashes are
relatively large for the chosen RSA key size, we need some tests. Our
main focus will be on 1024-bit keys and the couple key sizes larger than
it. For example, we test for a signature generated using a salt length
of 63 when a 1032-bit key is used. Other tests check the boundary
conditions around other key sizes. We want to make sure we don't use a
salt length larger than the hash length (because FIPS 186-4 requires
this). We also want to make sure we don't use a salt that is too small
(no smaller than 2 bytes away from the hash length).

Test RSASSA-PSS signatures with:
 - 1024-bit key and SHA-512 (slen 62)
 - 1032-bit key and SHA-512 (slen 63)
 - 1040-bit key and SHA-512 (slen 64)
 - 1048-bit key and SHA-512 (slen 64)

The tests also verify that we can properly verify the RSASSA-PSS
signatures we've generated.

We've manually verified that OpenSSL 1.1.1-pre8 can verify the
RSASSA-PSS signatures we've generated.

    $ openssl rsa -in rsa1024.pem -pubout -out pub1024.pem
    writing RSA key
    $ openssl rsa -in rsa1032.pem -pubout -out pub1032.pem
    writing RSA key
    $ openssl rsa -in rsa1040.pem -pubout -out pub1040.pem
    writing RSA key
    $ openssl rsa -in rsa1048.pem -pubout -out pub1048.pem
    writing RSA key
    $ cat message.bin | openssl dgst -sha512 -sigopt rsa_padding_mode:pss -sigopt rsa_pss_saltlen:62 -verify pub1024.pem -signature valid1024.bin
    Verified OK
    $ cat message.bin | openssl dgst -sha512 -sigopt rsa_padding_mode:pss -sigopt rsa_pss_saltlen:63 -verify pub1032.pem -signature valid1032.bin
    Verified OK
    $ cat message.bin | openssl dgst -sha512 -sigopt rsa_padding_mode:pss -sigopt rsa_pss_saltlen:64 -verify pub1040.pem -signature valid1040.bin
    Verified OK
    $ cat message.bin | openssl dgst -sha512 -sigopt rsa_padding_mode:pss -sigopt rsa_pss_saltlen:64 -verify pub1048.pem -signature valid1048.bin
    Verified OK

We've also added a new test that ensures we can properly validate a
RSASSA-PSS 1032-bit signature with SHA-512 generated by OpenSSL. This
has been added as the "RSASSA-PSS Verify OpenSSL-generated Signature
1032-bit w/SHA-512" test. The signature to verify was generated with the
following command line.

    $ cat message.bin | openssl dgst -sha512 -sigopt rsa_padding_mode:pss -sigopt rsa_pss_saltlen:63 -sign rsa1032.pem > valid.bin

The RSA private keys used by these tests were generated with OpenSSL
1.1.1-pre8.

    $ openssl genrsa 1024
    Generating RSA private key, 1024 bit long modulus (2 primes)
    ........................................++++++
    ......++++++
    e is 65537 (0x010001)
    -----BEGIN RSA PRIVATE KEY-----
    MIICWwIBAAKBgQDDyYc1SFQ1kcH5R+QSwz2la50blKWML0EKimIOm08dkZdkPr9S
    f19isgK51noyZU0F8yapth4BBu/fSClnPE89I2VZluJCQFmRarR6pn5AbBKWeeWX
    nKRnCIZmCP+iH2GYQ7lZtEQuQiWYovqrVKjO8fExmSZ30s9byvK1Vk90GQIDAQAB
    AoGAG1BnO4i+rsaJ8DQWXoO8evJ7dZiUS+1fvo+1xGHodLCWFVcnq+O3M/avqKuC
    WruFNlpIv453ux7zogvYMt3YE+ny//kgh5gUh0O1mXPbZtF4gGxsqXdV13lMW9dK
    ZH2ltN94MwynrXl74m2P4uCHWIHLE9+ZyWRzwH/c/o1E4n0CQQDo+VpxbBJ9UUfc
    wkGnwf6NVIez6LbpXkioMzTSHQDHmtCpDimUHAxTBlsgBZ3pXp5AYGFBb3rBLtyh
    mDue4ozDAkEA1yNIspfn5dxDKfarh0sXmCWE4KtDF0Bwqb6YPA8EAyDW+JPEDScX
    yzBEOAyzIwtxM2IescVaPqVtDnzuaUtd8wJAdOP3XwUsWbgYaEkHDBank12gIMJY
    U8q8hbf7fpiStZOVsdyrO+a+wEFmIzDuRBL3L7Gr2lsGqjrK9EEfWN6uZQJAOJml
    1Ka2cfkDCpVFB3EwIe0tClbEbeecPGxSbOqeaZxIMlnd6H/yeJiYOg7NSlkGTThx
    Tt/XIEgxavBfYQBdFQJAMFmLr9DL5lWAZNAHspJ8R5NdoOcsrKV9tb24cu0YapuZ
    rSPwmebskHyinvoBsD2CthUtpSo3NE+xZ6HcfYca9w==
    -----END RSA PRIVATE KEY-----

    $ openssl genrsa 1032
    Generating RSA private key, 1032 bit long modulus (2 primes)
    ....................++++++
    .................................++++++
    e is 65537 (0x010001)
    -----BEGIN RSA PRIVATE KEY-----
    MIICYAIBAAKBggCqlKuRtMJr4lfkaVKCKMSwtrTJnnOoSicrMQGJLAdAaRE3K4Ps
    SnuBkfC6S0y0yztzIHTpbGaCl+EyO4rQgip+FRGC3vA4caZqR7cEuShFxhlBQtTu
    2hmQPgQENYH3qDXcKIEXhj0hlEw67e1RhFjxowpBx2OKpOCYqI/fLCCXJw0CAwEA
    AQKBgWcY+CFWePOvl6OrrHySm16a7uW06P5b4xSNx/naLH/XgNoxaMiVs9P6Gt7d
    x/y1oLbSdRbnt4VSun8b0ah4I6qEyk3MdfiNnhy24LlCuv0TOLbQVibjH+5Q+iP2
    995ssUrkfPa/QAA95nPVaDhcsATSh32JagE0rkItukalyc/IGQJBDfrttwmtohBS
    I+XndkpfMdB656N73HtKVsJJnhFzFHvNyxZbj7AaJSgZDLaHRlapNkkYmPyjMNuK
    9antVBcmjtcCQQwznFZ5epDGQSklYNDvZ19xrCyZ/KumJgw45PFn39F563qeJV+b
    28VJ5BgfmioZsfMKgLKS1e8a11ueZY6qb7C7AkEExSw7mmfOtrbwXNAfwry8qKBn
    TZdD4iW5eM3Zy6ZyxNOxik1vt+0T5Jy3g8igrY1LYqGsAfhFAYRm0raSTNvxPQJB
    AUcOIYfKq4n2nKZLQtUuT7IJQwpEiHx3E2SJpDUqHDbVzxrr8tzQ4BFijpwQekQC
    e94np4r0V3rJ/c/R9mQmGa0CQQrd2veAgj1F7Rma7zE4vYhvCf0XB1rshw972xGo
    BTAU4BagC7/vht1YXhhdz1FC36DrWm3veTwLLuNUQTJWsYIH
    -----END RSA PRIVATE KEY-----

    $ openssl genkey 1040
    Generating RSA private key, 1040 bit long modulus
    ........++++++
    ........++++++
    e is 65537 (0x10001)
    -----BEGIN RSA PRIVATE KEY-----
    MIICZgIBAAKBgwDSNAU4Ix3NWmHt+Dq5Sy5LOnhDlMTtNaQkwFDClBV7diX5rKgl
    jCHi0Keqm3ydtXZATmMJDbpQ2Zj5o+xysaXPKNgyUauTNBx9LBqQQD1w9nvBqeQT
    vGL6zMtSRB4kw/K8n97KGngwEucLlSgXYmBYDE4QJsWCCejcxN478/W+VWXpAgMB
    AAECgYMAutjQ1uCoKhSwPgbLtE92vBoiMvh3v99Ro/VrFDrriY4xHWlzIcUZjfMp
    Rsblk45sqabD85VHS3zQtP8YO69bkvK+r5upGfzLtzX8r5BVuO1+7oO+/jbRHLYJ
    ieBoFZbUc27YcKzR35Iv78d+KjygYIsWgt7W2Yqf6qt98r43WcrYsQJCAPx/S0kL
    TT73Kdsj+1r7tfL8YgpHI0LYuP8xDP3BJL523CKrb0vjWjjd0x8k1/ZNMQ9nqzo3
    XoP04FWeTLXcQ+h1AkIA1R6GgKtx3AHhqKaKKYY2uxZYz6uNc85SimJpdyLUhauQ
    za/F4ndot2GDn/k0IEWK5V8VppRl28DHtSTcmjhf+SUCQT4RVIJaItztiP5zc+BD
    q9BVNgxsvEA8Yg1pE1Z1WgDv2uEy3yL6ej0sWi93sRa8lujAhRjEb5lkYpjpVtYF
    lTPZAkIAlt1yB3nWMxEd5l5mZbi927iZDAF8M+N1aML7t7tvSGTIL+LjKUqwVUhx
    ffhSXxn7lh22XOKmLGcOuHussnt/7QUCQS2GWdSBu7DGZ5uIvZVj+5KPTwv3Pw9+
    uuj12Z3shojl1iVije7nsBK1q3NbrXksEiQ4QJIoK2V2quqD58O2/K8T
    -----END RSA PRIVATE KEY-----

    $ openssl genrsa 1048
    Generating RSA private key, 1048 bit long modulus (2 primes)
    ...............................++++++
    .++++++
    e is 65537 (0x010001)
    -----BEGIN RSA PRIVATE KEY-----
    MIICaQIBAAKBhADHXQ+foX0dJLk5U3pDQBfzkMZgRETDWhM2DWsfyYa69AFZuEJ1
    03uIMnjfUGTdnrDymw0yWsx5DEtZZyc32786y4j14vLVTJGcr9ByJyxJRZHVLhWJ
    kzFeceLKYLHHT+/489d4QrQV1OcXNKSYIGpc2TFch7I+WD4l60ypcFa0XJaFbQID
    AQABAoGDSqKtUa6sXze7XBnDYN/i151wluOX9qaHIKo/W4Qfu2fUBZm0z9Wfnqp+
    k+PODyX0yq5/b0WM3RhcMRksFn5fBgzYHEmAj8IHhDsjavNtiv8nIl6EF2PfuT1p
    6iEpo8IS15dp6j5AKH4Zmnq6TRYiqdaz/ry/kpQrmeJym83KksujZWUCQg85t5gJ
    UWvswuNIG2tHWEqiKZvSAnq4owO53lsK3LSl04447bjB+sPqHb1+HVC4QyPjYs/0
    3z9aUYLa+pu5IXpz1wJCDRgWT4vQ1Y0BmZjIyxfEwDVOYripRirMowgWiU+YLCrh
    FOc5k+MGmJMEN7TuxErewk0yzLy658xMn4kRseshAGhbAkIBClKPIuPbWfwfB4hI
    FkHkJ5xsNzdQJ1mMIaEd22olNcd0ylMD8s0tocuSbRGXuF9uDlVsHDE85PD43fmN
    tmKhOVUCQgG6H5c2VcEU7BUaNcGzzNudLE2RFaKPmpYWRwKtYODSdwWOyeVbmE8f
    dPrz/lodlewCyqR+cBiKtcCFD7Rr0tp+6QJCALZlz954leZ6UKkdeOiTb+fVFpsq
    DNNALCL4VJ7XcJJMpjgSKYv9sr1C43nifr1M4YDH+B3NFRF+FWdVodaseOKF
    -----END RSA PRIVATE KEY-----
2018-09-27 18:23:08 +01:00
Jaeden Amero
3725bb2d6d rsa: pss: Enable use of big hashes with small keys
It should be valid to RSASSA-PSS sign a SHA-512 hash with a 1024-bit or
1032-bit RSA key, but with the salt size being always equal to the hash
size, this isn't possible: the key is too small.

To enable use of hashes that are relatively large compared to the key
size, allow reducing the salt size to no less than the hash size minus 2
bytes. We don't allow salt sizes smaller than the hash size minus 2
bytes because that too significantly changes the security guarantees the
library provides compared to the previous implementation which always
used a salt size equal to the hash size. The new calculated salt size
remains compliant with FIPS 186-4.

We also need to update the "hash too large" test, since we now reduce
the salt size when certain key sizes are used. We used to not support
1024-bit keys with SHA-512, but now we support this by reducing the salt
size to 62. Update the "hash too large" test to use a 1016-bit RSA key
with SHA-512, which still has too large of a hash because we will not
reduce the salt size further than 2 bytes shorter than the hash size.

The RSA private key used for the test was generated using "openssl
genrsa 1016" using OpenSSL 1.1.1-pre8.

    $ openssl genrsa 1016
    Generating RSA private key, 1016 bit long modulus (2 primes)
    ..............++++++
    ....++++++
    e is 65537 (0x010001)
    -----BEGIN RSA PRIVATE KEY-----
    MIICVwIBAAKBgACu54dKTbLxUQBEQF2ynxTfDze7z2H8vMmUo9McqvhYp0zI8qQK
    yanOeqmgaA9iz52NS4JxFFM/2/hvFvyd/ly/hX2GE1UZpGEf/FnLdHOGFhmnjj7D
    FHFegEz/gtbzLp9X3fOQVjYpiDvTT0Do20EyCbFRzul9gXpdZcfaVHNLAgMBAAEC
    gYAAiWht2ksmnP01B2nF8tGV1RQghhUL90Hd4D/AWFJdX1C4O1qc07jRBd1KLDH0
    fH19WocLCImeSZooGCZn+jveTuaEH14w6I0EfnpKDcpWVAoIP6I8eSdAttrnTyTn
    Y7VgPrcobyq4WkCVCD/jLUbn97CneF7EHNspXGMTvorMeQJADjy2hF5SginhnPsk
    YR5oWawc6n01mStuLnloI8Uq/6A0AOQoMPkGl/CESZw+NYfe/BnnSeckM917cMKL
    DIKAtwJADEj55Frjj9tKUUO+N9eaEM1PH5eC7yakhIpESccs/XEsaDUIGHNjhctK
    mrbbWu+OlsVRA5z8yJFYIa7gae1mDQJABjtQ8JOQreTDGkFbZR84MbgCWClCIq89
    5R3DFZUiAw4OdS1o4ja+Shc+8DFxkWDNm6+C63g/Amy5sVuWHX2p9QI/a69Cxmns
    TxHoXm1w9Azublk7N7DgB26yqxlTfWJo+ysOFmLEk47g0ekoCwLPxkwXlYIEoad2
    JqPh418DwYExAkACcqrd9+rfxtrbCbTXHEizW7aHR+fVOr9lpXXDEZTlDJ57sRkS
    SpjXbAmylqQuKLqH8h/72RbiP36kEm5ptmw2
    -----END RSA PRIVATE KEY-----
2018-09-27 18:23:08 +01:00
Simon Butcher
0592ea772a Merge remote-tracking branch 'public/pr/1140' into development 2018-09-27 11:37:42 +01:00
Simon Butcher
c86993e33c Merge remote-tracking branch 'public/pr/1970' into development 2018-09-27 09:48:54 +01:00
Simon Butcher
3ad2efdc82 Remove Yotta support from the docs, tests and build scripts
Yotta is no longer supported by Mbed TLS, so has been removed. Specifically, the
following changes have been made:
 * references to yotta have been removed from the main readme and build
   instructions
 * the yotta module directory and build script has been removed
 * yotta has been removed from test scripts such as all.sh and check-names.sh
 * yotta has been removed from other files that that referenced it such as the
   doxyfile and the bn_mul.h header
 * yotta specific configurations and references have been removed from config.h
2018-09-26 17:55:09 +01:00
Gilles Peskine
487cdf5516 In keep-going mode, don't hard-fail on some auxiliary script
Add record_status in front of the invocation of several scripts where
it was missing.
2018-09-26 16:50:38 +02:00
Gilles Peskine
2561a50ea4 Fix "make WINDOWS_BUILD=1 clean" on non-Windows hosts
The clean rule was not using the correct names for the compiled
executable files.
2018-09-26 16:50:31 +02:00
Janos Follath
7c025a9f50 Generalize dh_flag in mbedtls_mpi_gen_prime
Setting the dh_flag to 1 used to indicate that the caller requests safe
primes from mbedtls_mpi_gen_prime. We generalize the functionality to
make room for more flags in that parameter.
2018-09-21 16:30:07 +01:00
Manuel Pégourié-Gonnard
125af948c3 Merge branch 'development-restricted' into iotssl-1260-non-blocking-ecc-restricted
* development-restricted: (578 commits)
  Update library version number to 2.13.1
  Don't define _POSIX_C_SOURCE in header file
  Don't declare and define gmtime()-mutex on Windows platforms
  Correct preprocessor guards determining use of gmtime()
  Correct documentation of mbedtls_platform_gmtime_r()
  Correct typo in documentation of mbedtls_platform_gmtime_r()
  Correct POSIX version check to determine presence of gmtime_r()
  Improve documentation of mbedtls_platform_gmtime_r()
  platform_utils.{c/h} -> platform_util.{c/h}
  Don't include platform_time.h if !MBEDTLS_HAVE_TIME
  Improve wording of documentation of MBEDTLS_PLATFORM_GMTIME_R_ALT
  Fix typo in documentation of MBEDTLS_PLATFORM_GMTIME_R_ALT
  Replace 'thread safe' by 'thread-safe' in the documentation
  Improve documentation of MBEDTLS_HAVE_TIME_DATE
  ChangeLog: Add missing renamings gmtime -> gmtime_r
  Improve documentation of MBEDTLS_HAVE_TIME_DATE
  Minor documentation improvements
  Style: Add missing period in documentation in threading.h
  Rename mbedtls_platform_gmtime() to mbedtls_platform_gmtime_r()
  Guard decl and use of gmtime mutex by HAVE_TIME_DATE and !GMTIME_ALT
  ...
2018-09-11 12:39:14 +02:00
Simon Butcher
53546ea099 Update library version number to 2.13.1 2018-09-06 19:10:26 +01:00
Manuel Pégourié-Gonnard
82986c1015 Disable 3d test with no good openssl version
While these tests and the issue with it are pre-existing:
- we previously didn't understand that the issue was an openssl bug
- failures seem to have become more frequent since the recent changes

So let's disable these fragile tests in order to get a clean CI. We still have
the tests against gnutls-serv for interop testing.
2018-09-03 10:50:21 +02:00
Manuel Pégourié-Gonnard
c1eda67fac Disable fragmentation tests with openssl bugs
While making the initial commit, I thought $OPENSSL_LEGACY was not affect by
this bug, but it turns out I was wrong. All versions of OpenSSL installed on
the CI are. Therefore, the corresponding tests are disabled for the same
reason as the gnutls-cli tests above it.

This commit is only about the tests that were added in the recent
fragmentation work. One of those two tests had a particularly
annoying mode of failure: it failed consistently with seed=1 (use in the
release version of all.sh), once #1951 was applied. This has nothing
particular to do with #1951, except that by changing retransmission behaviour
1951 made the proxy run into a path that triggered the OpenSSL bug with this
seed, while it previously did that only with other seeds.

Other 3d interop test are also susceptible to triggering this OpenSSL bug or
others (or bugs in GnuTLS), but they are left untouched by this commit as:
- they were pre-existing to the recent DTLS branches;
- they don't seem to have the particularly annoying seed=1 mode of failure.
However it's probably desirable to do something about them at some point in
the future.
2018-09-03 10:49:35 +02:00
Simon Butcher
4d075cd7d0 Update library version number to 2.13.0 2018-08-31 15:59:10 +01:00
Simon Butcher
552754a6ee Merge remote-tracking branch 'public/pr/1988' into development 2018-08-30 00:57:28 +01:00
Simon Butcher
68dbc94720 Merge remote-tracking branch 'public/pr/1951' into development 2018-08-30 00:56:56 +01:00
Simon Butcher
e50128a692 Merge remote-tracking branch 'public/pr/1994' into development 2018-08-30 00:56:18 +01:00
Nir Sonnenschein
acedc91f8f Fix build issue on clang 2018-08-29 23:57:45 +03:00
Nir Sonnenschein
85fcb58997 Refactor test code for CTR DRBG to clarify test functions
previously a single function was used for most test cases (ctr_drbg_validate) making it harder to understand what the exact scenario is as a result it was split into easier to understand functions.
2018-08-29 23:38:57 +03:00
Hanno Becker
108992e776 Add MTU auto-reduction test with valgrind 2018-08-29 17:19:09 +01:00
Hanno Becker
37029ebc63 Skip MTU auto-reduction test when running valgrind 2018-08-29 17:19:06 +01:00
Nir Sonnenschein
6275be3483 Re-factor test functions and add support for data_t parameters
the testing functions were re-factored so that the common code was extracted to a single static function (removing the need for unclear goto statements).
As part of the re-factor the test functions now use data_t for parameters (support for this was introduced in previous rebase),
2018-08-29 10:25:30 +03:00
Nir Sonnenschein
ce266e4ca2 use single define for 128bit key for ctr_drbg and update test dependencies
the change is designed to make configuring 128bit keys for ctr_drbg more similar to other configuration options. Tests have been updated accordingly.
also clarified test naming.
2018-08-29 10:11:46 +03:00
Hanno Becker
39b8bc9aef Change wording of debug message 2018-08-28 17:52:49 +01:00
Hanno Becker
7c48dd11db ssl-opt.sh: Add function extracting val or default val from config.h 2018-08-28 16:09:22 +01:00
Hanno Becker
dc1e950170 DTLS reordering: Add test for buffering a proper fragment
This commit adds a test to ssl-opt.sh which exercises the behavior
of the library in the situation where a single proper fragment
of a future handshake message is received prior to the next
expected handshake message (concretely, the client receives
the first fragment of the server's Certificate message prior
to the server's ServerHello).
2018-08-28 16:02:33 +01:00
Simon Butcher
14dac0953e Merge remote-tracking branch 'public/pr/1918' into development 2018-08-28 12:21:41 +01:00
Simon Butcher
1846e406c8 Merge remote-tracking branch 'public/pr/1939' into development 2018-08-28 12:19:56 +01:00
Simon Butcher
9598845d11 Merge remote-tracking branch 'public/pr/1955' into development 2018-08-28 12:00:18 +01:00
Hanno Becker
e604556feb ssl-opt.sh: Don't hardcode varname in requires_config_value_xxx() 2018-08-28 11:24:55 +01:00
Hanno Becker
b841b4f107 ssl-opt.sh: Remove reference to Github issue 2018-08-28 10:25:51 +01:00
Hanno Becker
3b8b40c16d ssl-opt.sh: Add function to skip next test 2018-08-28 10:25:41 +01:00
Simon Butcher
6f032a60c9 Merge remote-tracking branch 'public/pr/1963' into development 2018-08-28 10:21:06 +01:00
Simon Butcher
badeb07872 Merge remote-tracking branch 'public/pr/1967' into development 2018-08-28 10:20:23 +01:00
Hanno Becker
b9a0086975 ssl-opt.sh: Explain use of --insecure in GnuTLS client tests 2018-08-28 10:20:22 +01:00
Andrzej Kurek
6a4f224ac3 ssl-opt.sh: change expected output for large srv packet test with SSLv3
This test also exercises a protection against BEAST
and should expect message splitting.
2018-08-27 08:00:13 -04:00
Hanno Becker
2f5aa4c64e all.sh: Add builds allowing to test dropping buffered messages
This commit adds two builds to all.sh which use a value of
MBEDTLS_SSL_DTLS_MAX_BUFFERING that allows to run the
reordering tests in ssl-opt.sh introduced in the last commit.
2018-08-24 14:48:11 +01:00
Hanno Becker
a1adcca1da ssl-opt.sh: Add tests exercising freeing of buffered messages
This commit adds tests to ssl-opt.sh which trigger code-paths
responsible for freeing future buffered messages when the buffering
limitations set by MBEDTLS_SSL_DTLS_MAX_BUFFERING don't allow the
next expected message to be reassembled.

These tests only work for very specific ranges of
MBEDTLS_SSL_DTLS_MAX_BUFFERING and will therefore be skipped
on a run of ssl-opt.sh in ordinary configurations.
2018-08-24 14:48:11 +01:00
Hanno Becker
5cd017f931 ssl-opt.sh: Allow numerical constraints for tests
This commit adds functions requires_config_value_at_most()
and requires_config_value_at_least() which can be used to
only run tests when a numerical value from config.h
(e.g. MBEDTLS_SSL_IN_CONTENT_LEN) is within a certain range.
2018-08-24 14:48:11 +01:00
Hanno Becker
0e96585bdd Merge branch 'datagram_packing' into message_reordering 2018-08-24 12:16:41 +01:00
Hanno Becker
69ca0ad5c4 ssl-opt.sh: Remove wrong test exercising MTU implications of MFL
The negotiated MFL is always the one suggested by the client, even
if the server has a smaller MFL configured locally. Hence, in the test
where the client asks for an MFL of 4096 bytes while the server locally
has an MFL of 512 bytes configured, the client will still send datagrams
of up to ~4K size.
2018-08-24 12:14:00 +01:00
Hanno Becker
6b6f602174 Merge branch 'iotssl-165-dtls-hs-fragmentation-new' into datagram_packing 2018-08-24 11:55:03 +01:00
Hanno Becker
c92b5c8a0d ssl-opt.sh: Add tests checking that MFL implies bounds on MTU
This commit introduces some tests to ssl-opt.sh checking that
setting the MFL limits the MTU to MFL + { Maximum Record Expansion }.
2018-08-24 11:48:01 +01:00
Manuel Pégourié-Gonnard
34aa187df6 Force IPv4 for gnutls-cli DTLS tests
Depending on the settings of the local machine, gnutls-cli will either try
IPv4 or IPv6 when trying to connect to localhost. With TLS, whatever it tries
first, it will notice if any failure happens and try the other protocol if
necessary. With DTLS it can't do that. Unfortunately for now there isn't
really any good way to specify an address and hostname independently, though
that might come soon: https://gitlab.com/gnutls/gnutls/issues/344

A work around is to specify an address directly and then use --insecure to
ignore certificate hostname mismatch; that is OK for tests that are completely
unrelated to certificate verification (such as the recent fragmenting tests)
but unacceptable for others.

For that reason, don't specify a default hostname for gnutls-cli, but instead
let each test choose between `--insecure 127.0.0.1` and `localhost` (or
`--insecure '::1'` if desired).

Alternatives include:
- having test certificates with 127.0.0.1 as the hostname, but having an IP as
  the CN is unusual, and we would need to change our test certs;
- have our server open two sockets under the hood and listen on both IPv4 and
  IPv6 (that's what gnutls-serv does, and IMO it's a good thing) but that
obviously requires development and testing (esp. for windows compatibility)
- wait for a newer version of GnuTLS to be released, install it on the CI and
  developer machines, and use that in all tests - quite satisfying but can't
be done now (and puts stronger requirements on test environment).
2018-08-23 19:07:15 +02:00
Hanno Becker
3546201dbc Merge branch 'datagram_packing' into message_reordering 2018-08-22 10:25:40 +01:00
Hanno Becker
a67dee256d Merge branch 'iotssl-2402-basic-pmtu-adaptation' into datagram_packing 2018-08-22 10:06:38 +01:00
Manuel Pégourié-Gonnard
b8eec192f6 Implement PMTU auto-reduction in handshake 2018-08-22 10:50:30 +02:00
Hanno Becker
170e2d89da Merge branch 'iotssl-165-dtls-hs-fragmentation-new' into datagram_packing 2018-08-22 09:44:54 +01:00
Manuel Pégourié-Gonnard
c1d54b74ec Add tests with non-blocking I/O
Make sure we behave properly when f_send() or f_recv() return
MBEDTLS_ERR_SSL_WANT_{WRITE,READ}.
2018-08-22 10:02:59 +02:00
Manuel Pégourié-Gonnard
3d183cefb5 Allow client-side resend in proxy MTU tests
From Hanno:
When a server replies to a cookieless ClientHello with a HelloVerifyRequest,
it is supposed to reset the connection and wait for a subsequent ClientHello
which includes the cookie from the HelloVerifyRequest.
In testing environments, it might happen that the reset of the server
takes longer than for the client to replying to the HelloVerifyRequest
with the ClientHello+Cookie. In this case, the ClientHello gets lost
and the client will need retransmit. This may happen even if the underlying
datagram transport is reliable.
2018-08-22 09:56:22 +02:00