Force using IPv4 in the GNU_CLI SRTP tests, as introduced for
other tests in #1918.
Signed-off-by: Johan Pascal <johan.pascal@belledonne-communications.com>
Since `gnutls-cli` resolves `localhost` as an IPv6 address, and the server
is bound to IPv4 address, gnutl-cli fails to negotiate DTLS sessions.
Force the server to bind to IPv6 address, as a workaround.
Signed-off-by: Johan Pascal <johan.pascal@belledonne-communications.com>
1. Add DTLS-SRTP tests in `ssl-opts.sh`
2. Add logs for the tests to filter.
3. Add function to get the profile informations.
Signed-off-by: Johan Pascal <johan.pascal@belledonne-communications.com>
Removed comment referencing test driver header path and the inclusion of
the test driver directory from the build since it is not required
for that test.
Signed-off-by: John Durkop <john.durkop@fermatsoftware.com>
Changed the test name from test_ to build_ to better reflect
what the test is currently performing.
Signed-off-by: John Durkop <john.durkop@fermatsoftware.com>
Added a new test to all.sh to confirm that using MBEDTLS_PSA_CRYPTO_CONFIG
with no test driver and the library is configured with normal configurations
that the test works.
Minor updates to other PSA crypto tests to cleanup msg output for consistency.
Signed-off-by: John Durkop <john.durkop@fermatsoftware.com>
Updated the test_psa_want_ecdsa_disabled_software to enable and disable
the correct macros to accomplish the desired test. The previous version
left out the disabling of additional macros to ensure items related
to MBEDTLS_ECDSA_C were also unset. The test was also missing the setting
of the accelerators MBEDTLS_PSA_ACCEL_ALG_ECDSA and DETERMINISTIC_ECDSA.
With the accelerators enabled the test portion had to be temporarily
disabled until the accelerator code is completed so the test will work
properly.
Updated the signature driver source to fix a compiler warning when
MBEDTLS_ECDSA_C is unset.
Signed-off-by: John Durkop <john.durkop@fermatsoftware.com>
Add context-info.sh to the test scripts linked into the cmake build
directory, so that these tests are available as well.
Signed-off-by: David Brown <david.brown@linaro.org>
Add a non-regression test for ssl_context_info to ensure the base64
decoder doesn't stop processing when it encounters a 0xFF character.
Signed-off-by: David Brown <david.brown@linaro.org>
Allows required targets to have prefixes added to them, so that external
projects can avoid target names clashing.
Signed-off-by: Raef Coles <raef.coles@arm.com>
The calculation of the expected key size when not using the test_size_function
was not correct. The function has now been updated to handle all cases
properly to ensure the expected key size is correct for key pairs, public
keys, and symmetric keys.
Cleaned up some comments and removed unused includes.
Signed-off-by: John Durkop <john.durkop@fermatsoftware.com>
Replaced generic values for the test driver with specific
ones for a 256-bit ECC private/public key pair.
Signed-off-by: John Durkop <john.durkop@fermatsoftware.com>
Updated get_expected_key_size in psa_crypto_driver_wrappers to properly
handle using the new size_function from PSA crypto drivers. Created
initial infrastructure to support size_function for the PSA crypto
drivers.
Signed-off-by: John Durkop <john.durkop@fermatsoftware.com>
The psa crypto library was generically using PSA_WANT_ALG_xxx, but
should have been using the correct MBEDTLS_PSA_BUILTIN_ALG_xxx
definition since that code is the builtin version. There were also
a couple of spots that needed to ensure the code block was enabled
for either ECDSA or DETERMINISTIC_ECDSA, not just one of them.
Fixed all the new ALG_ECDSA_DETERMINISTIC names to be
ALG_DETERMINISTIC_ECDSA instead.
Fixed test to use correct definitions.
Signed-off-by: John Durkop <john.durkop@fermatsoftware.com>
The ccm tests were previously relying on unspecified behaviour in
the underlying implementation (i.e. that it rejects certain buffer
sizes without reading the buffer).
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
Need to make sure the new MBEDTLS_PSA_ACCEL_XXX defines are not checked
since they should be defined by the PSA driver. Updated the list-macros.sh
script to modify the instances of those found to match the corresponding
MBEDTLS_PSA_BUILTIN_XXX that are defined in config_psa.h
Fixed definition of MBEDTLS_PSA_BUILTIN_ALG_ECDSA_DETERMINISTIC, name was
incorrect. Also fixed a missing space in the comments of crypto_config.h
Signed-off-by: John Durkop <john.durkop@fermatsoftware.com>
Provided a clearer comment for the description for ignoring
MBEDTLS_PSA_CRYPTO_CONFIG for full build setting.
Updated message output for test_psa_crypto_config_basic and
test_psa_want_ecdsa_disabled_software so it is more clear and
concise in what the test is doing. Removed inclusion of the
MBEDTLS_PSA_ACCEL_ALG_ECDSA since it should not have been used
for that particular tests.
Signed-off-by: John Durkop <john.durkop@fermatsoftware.com>
The CCM specification (NIST SP 800-38C) mandates that the formatting of
the additional data length l(a) changes when it is greater _or equal_ to
2^16 - 2^8 (>= 0xFF00). Since such lengths are not supported in mbed TLS,
the operation should fail in such cases.
This commit fixes an off-by-one error which allowed encryption/decryption
to be executed when l(a) was equal to 0xFF00, resulting in an
incorrect/non-standard length format being used.
Fixes#3719.
Signed-off-by: Fredrik Strupe <fredrik.strupe@silabs.com>
* Stores bits in psa_persistent_key_storage_format.
* psa_load_persistent_key_into_slot still imports plaintext keys which
ensures that the bits value gets set.
* Updates key specification to match new implementation.
* Expands persistent store and load tests with to check for bits
attribute.
* Removes bits storage from psa_se_key_data_storage_t.
Signed-off-by: Torstein Nesse <torstein.nesse@silabs.com>
With the introduction of new tests for PSA crypto config features
the test needs to now be able to set and unset values from the
psa/crypto_config.h file. This change updates from passing the defines
as a build arguement to modifying the header files using config.py.
Signed-off-by: John Durkop <john.durkop@fermatsoftware.com>
* #3742 After input of a key as SECRET in the derivation, allow the
derivation result to be used as key.
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
* #3741 Allow key agreement inside derivation with a key that's allowed
for the relevant agreement.
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
Test import and key generation, each followed by a key agreement. Only
good cases in this commit.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
... as opposed to PSA_ERROR_BAD_STATE.
The spec on psa_cipher_finish() states that PSA_ERROR_INVALID_ARGUMENT
should be returned when:
"The total input size passed to this operation is not valid for this
particular algorithm. For example, the algorithm is a based on block
cipher and requires a whole number of blocks, but the total input size
is not a multiple of the block size."
Currently, there is a distinction between encryption and decryption
on whether INVALID_ARGUMENT or BAD_STATE is returned, but this is not
a part of the spec.
This fix ensures that PSA_ERROR_INVALID_ARGUMENT is returned
consistently on invalid cipher input sizes.
Signed-off-by: Fredrik Strupe <fredrik.strupe@silabs.com>
Python should not be required for the build when the no_test target is
used. This commit adds the generated file to the source tree and the
check-generated-files script, and removes the generation from (c)make.
Fixes#3524
Signed-off-by: Cameron Nemo <cnemo@tutanota.com>
The toplevel directory is actually just ../..: the makefile commands
are executed in the subdirectory. $(PWD) earlier was wrong because it
comes from the shell, not from make. Looking up $(MAKEFILE_LIST) is
wrong because it indicates where the makefile is (make -f), not which
directory to work in (make -C).
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Initial changes to PSA crypto core to support configuration
of ECDSA algorithm using PSA crypto configuration mechanism.
Guards using MBEDTLS_ECDSA_C and MBEDTLS_ECDSA_DETERMINISTIC have
been changed to be based off PSA_WANT_ALG_ECDSA and
PSA_WANT_ALG_ECDSA_DETERMINISTIC. Added new tests to all.sh to
confirm new settings are working properly. Current code does not
pass the tests since built in signature verification is not in place.
Signed-off-by: John Durkop <john.durkop@fermatsoftware.com>
* Reworked the cipher context once again to be more robustly defined
* Removed redundant memset
* Unified behaviour on failure between driver and software in cipher_finish
* Cipher test driver setup function now also returns early when its status
is overridden, like the other test driver functions
* Removed redundant test cases
* Added bad-order checking to verify the driver doesn't get called where
the spec says it won't.
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
Once an operation has been 'accepted' by a driver, the remainder is bound
to the same driver, since driver-specific context structs cannot be shared.
This provides a pretty good gate mechanism for the fallback logic, too.
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
ssl_tls1_3_keys.c exports a structure containing all labels used
in the TLS 1.3 key schedule, but the TLS 1.3 key scheduling unit
tests so far replicated those labels in the test file. In particular,
wrong label values in ssl_tls1_3_keys.c wouldn't have been caught
by the unit tests.
This commit modifies the TLS 1.3 key schedule unit tests to use
the TLS 1.3 labels as exported by ssl_tls1_3_keys.c. This not only
makes sure that those labels are correct, but also avoids hardcoding
their hex-encoding in the test file.
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
Moved the new component_test_depends_pkalgs_psa to after the
component_test_depends_pkalgs test to be more consistent.
Signed-off-by: John Durkop <john.durkop@fermatsoftware.com>
The pk_ec_test_vec() was incorrectly using MBEDTLS_MD_SHA1 for the
parameter to mbedtls_pk_verify(). It should use MBEDTLS_MD_NONE since
that parameter is ignored for this test case.
Signed-off-by: John Durkop <john.durkop@fermatsoftware.com>
Needed to make additional fixes so that when MBEDTLS_USE_PSA_CRYPTO
is defined, the depends-hashes test will succeed. There are two
versions of the ecdsa_verify_wrap() function, one with
MBEDTLS_USE_PSA_CRYPTO and when when it is not enabled. The non PSA
version is not using the md_alg parameter since it is not required.
The PSA version was using that parameter to derive a different value
it needed for PSA_ALG_ECDSA. The arguement of PSA_ALG_ECDSA is
ignored for psa_sign_hash and psa_verify_hash. It is present because
it is used and must be a valid hash, not zero, for psa_sign_hash
(but not psa_verify_hash) with PSA_ALG_DETERMINISTIC_ECDSA, and it is
needed for psa_sign_message and psa_verify_message which are not
implemented yet. The local parameter now uses PSA_ALG_ECDSA_ANY for
the verify function to avoid using the md_alg parameter and avoids
returning incorrect error codes.
Fixes#3587
Signed-off-by: John Durkop <john.durkop@fermatsoftware.com>
The relevant test functions are already marked as depending on
`MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL`, so there's no need
to re-state this dependency for each test case.
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
* Moved test data to .data file
* Bundled test driver hook variables in a struct
* Style fixes
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
Trying to compile in the PSA accelerator test driver under MBEDTLS_TEST_HOOKS
turned out to be awkward regarding existing builds. We'll put it under a
custom (not in config.h) define instead, since it's something that only
should happen in test.
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
Also adjusted the different makefiles accordingly.
Note: driver lifetime is currently statically defined in the header, but
this will be replaced in the future based on autogeneration of lifetime
values by a script (TBD)
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
The test function mbedtls_mpi_lt_mpi_ct did not initialize ret in test
code. If there was a bug in library code whereby the library function
mbedtls_mpi_lt_mpi_ct() did not set ret when it should, we might have
missed it if ret happened to contain the expected value. So initialize
ret to a value that we never expect.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
To test the proper handling of owner identifier as of key
identifiers, add owner identifier(s) to tests having
key identifier(s) as test parameters. Just don't do it for
tests related to tests invalid values of key identifiers
as there is no owner identifier invalid values.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
Delete key files based on declaration by test cases and
not based on a hardcoded list of identifiers as in
test_suite_psa_crypto_slot_management.function. This fixes
the fact that in case of error the file associated to the
key identifier PSA_KEY_ID_VENDOR_MAX was not purged
(register_key_smoke_test test function).
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
Remove systematic deletion of key file associated to key
identifier 0 as this file is not created under the hood
anymore by the library.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
Fix PSA code and unit tests for the unit tests
to pass with key identifiers encoding owner
identifiers.
The changes in PSA code just make the enablement
of key identifiers encoding owner identifiers
platform independent. Previous to this commit,
such key identifiers were used only in the case
of PSA SPM platforms.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
With PSA crypto v1.0.0, a volatile key identifier may
contain a owner identifier but no file is associated
to it. Thus rename the type psa_key_file_id_t to
mbedtls_svc_key_id_t to avoid a direct link with a
file when a key identifier involves an owner
identifier.
The new type name is prefixed by mbedtls to highlight
that the type is specific to Mbed TLS implementation
and not defined in the PSA Cryptography API
specification.
The svc in the type name stands for service as this
is the key identifier type from the point of view of
the service providing the Cryptography services.
The service can be completely provided by the present
library or partially in case of a multi-client service.
As a consequence rename as well:
. MBEDTLS_PSA_CRYPTO_KEY_FILE_ID_ENCODES_OWNER to
MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER
. PSA_KEY_ID_INIT to MBEDTLS_SVC_KEY_ID_INIT
. PSA_KEY_FILE_GET_KEY_ID to MBEDTLS_SVC_KEY_ID_GET_KEY_ID
. psa_key_file_id_make to mbedtls_svc_key_id_make
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
Define always psa_key_id_t as defined in the PSA
Cryptography API specification independently of
whether the MBEDTLS_PSA_CRYPTO_KEY_FILE_ID_ENCODES_OWNER
configuration file is set or not.
As a consequence, get rid of `psa_app_key_id_t` that is
not needed anymore.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
The purpose of this commit and the following is for
psa_key_id_t to always be as defined by the PSA
Cryptography API specification.
Currently psa_key_id_t departs from its specification
definition when MBEDTLS_PSA_CRYPTO_KEY_FILE_ID_ENCODES_OWNER
configuration flag is set. In that configuration, it is set
to be equal to psa_key_file_id_t which in that configuration
encodes an owner identifier along the key identifier.
Type psa_key_file_id_t was meant to be the key identifier type
used throughout the library code. If
MBEDTLS_PSA_CRYPTO_KEY_FILE_ID_ENCODES_OWNER is set it
includes both a key and owner identifier, otherwise it is
equal to psa_key_id_t.
It has not been the key identifier type throughout the
library so far because when the PSA Cryptography
specification was developped the library Doxygen
documentation was used to generate the PSA Cryptography API
specification thus the need to use psa_key_id_t and not
psa_key_file_id_t.
As this constraint does not hold anymore, move
to psa_key_file_id_t as the key identifier type throughout
the library code.
By the way, this commit updates the key identifier
initialization in the tests to be compatible with a
composit key identifier. A psa_key_id_make()
inline function is introduced to initialize key
identifiers (composit ot not) at runtime.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
GCC up to 4.x defaults to C89. On our CI, we run the arm-none-eabi-gcc
version from Ubuntu 16.04 on Travis, and that's 4.9, so the gcc-arm
builds started failing on Travis when we introduced a C99 construct in
the configurations that we test on arm on Travis. Other builds, and
Jenkins CI, are not affected because they use GCC 5.x or newer.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
If test_fail is called multiple times in the same test case, report
the location of the first failure, not the last one.
With this change, you no longer need to take care in tests that use
auxiliary functions not to fail in the main function if the auxiliary
function has failed.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Fix `printf "$foo"` which treats the value of `foo` as a printf format
rather than a string.
I used the following command to find potentially problematic lines:
```
git ls-files '*.sh' | xargs egrep 'printf +("?[^"]*|[^ ]*)\$'
```
The remaining ones are false positives for this regexp.
The errors only had minor consequences: the output of `ssl-opt.sh`
contained lines like
```
Renegotiation: gnutls server strict, client-initiated .................. ./tests/ssl-opt.sh: 741: printf: %S: invalid directive
PASS
```
and in case of failure the GnuTLS command containing a substring like
`--priority=NORMAL:%SAFE_RENEGOTIATION` was not included in the log
file. With the current tests, there was no risk of a test failure
going undetected.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Showing a regexp to say that by default all tests are executed is not
particularly helpful.
If we ever add a default exclusion list or a default filter, we can
edit the documentation again.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Return a name that more clearly returns nonzero=true=good, 0=bad. We'd
normally expect check_xxx to return 0=pass, nonzero=fail so
check_parity was a bad name.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
An early draft of the PSA crypto specification required multipart
operations to keep working after destroying the key. This is no longer
the case: instead, now, operations are guaranteed to fail. Mbed TLS
does not comply yet, and still allows the operation to keep going.
Stop testing Mbed TLS's non-compliant behavior.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Rely on Asan to detect a potential buffer overflow, instead of doing a
manual check. This makes the code simpler and Asan can detect
underflows as well as overflows.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
In the cleanup code for persistent_key_load_key_from_storage(), we
only attempt to reopen the key so that it will be deleted if it exists
at that point. It's intentional that we do nothing if psa_open_key()
fails here.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
If any of the TEST_ASSERT()s that are before the call to
mbedtls_pk_warp_as_opaque() failed, when reaching the exit label
psa_destroy_key() would be called with an uninitialized argument.
Found by Clang.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
Add new test (test_depends_curves_psa) to all.sh to confirm
that test is passing when MBEDTLS_USE_PSA_CRYPTO is defined.
Fix#3294
Signed-off-by: John Durkop <john.durkop@fermatsoftware.com>
Add guards in pk_wrap.c to ensure if ECDSA is not defined, errors
are returned.
Remove warnings in pk.c for unused variables.
Add new test (test_depends_pkalgs_psa) to all.sh to confirm
when USE_PSA_CRYPTO is defined that features are working properly.
Fix#3294
Signed-off-by: John Durkop <john.durkop@fermatsoftware.com>
It wasn't working when invoking programs/x509/cert_write or
programs/x509/cert_req due to relying on the current directory rather
than the location of the makefile.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Replace server2.crt with server2-sha256.crt which, as the name implies, is
just the SHA-256 version of the same certificate.
Replace server1.crt with cert_sha256.crt which, as the name doesn't imply, is
associated with the same key and just have a slightly different Subject Name,
which doesn't matter in this instance.
The other certificates used in this script (server5.crt and server6.crt) are
already signed with SHA-256.
This change is motivated by the fact that recent versions of GnuTLS (or older
versions with the Debian patches) reject SHA-1 in certificates by default, as
they should. There are options to still accept it (%VERIFY_ALLOW_BROKEN and
%VERIFY_ALLOW_SIGN_WITH_SHA1) but:
- they're not available in all versions that reject SHA-1-signed certs;
- moving to SHA-2 just seems cleaner anyway.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
Recent GnuTLS packages on Ubuntu 16.04 have them disabled.
From /usr/share/doc/libgnutls30/changelog.Debian.gz:
gnutls28 (3.4.10-4ubuntu1.5) xenial-security; urgency=medium
* SECURITY UPDATE: Lucky-13 issues
[...]
- debian/patches/CVE-2018-1084x-4.patch: hmac-sha384 and sha256
ciphersuites were removed from defaults in lib/gnutls_priority.c,
tests/priorities.c.
Since we do want to test the ciphersuites, explicitly re-enable them in the
server's priority string. (This is a no-op with versions of GnuTLS where those
are already enabled by default.)
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
Update copyright notices to newly added files since merge of original
PR #3546 "Update copyright notices to use Linux Foundation guidance".
Generated using the same script.
Signed-off-by: Dan Handley <dan.handley@arm.com>
* development:
Update copyright notices to use Linux Foundation guidance
Undef ASSERT before defining it to ensure that no previous definition has sneaked in through included files.
Add ChangeLog entry for X.509 CN-type vulnerability
Improve documentation of cn in x509_crt_verify()
Fix comparison between different name types
Add test: DNS names should not match IP addresses
Remove obsolete buildbot reference in compat.sh
Fix misuse of printf in shell script
Fix added proxy command when IPv6 is used
Simplify test syntax
Fix logic error in setting client port
ssl-opt.sh: include test name in log files
ssl-opt.sh: remove old buildbot-specific condition
ssl-opt.sh: add proxy to all DTLS tests
Signed-off-by: Dan Handley <dan.handley@arm.com>
Currently the new component in all.sh fails because
mbedtls_ssl_cf_memcpy_offset() is not actually constant flow - this is on
purpose to be able to verify that the new test works.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
The documentation of mbedtls_pk_wrap_as_opaque is quite clear:
* \param handle Output: a PSA key handle.
* It's the caller's responsibility to call
* psa_destroy_key() on that handle after calling
* mbedtls_pk_free() on the PK context.
But the test failed to call psa_destroy_key().
While at it, also use PSA_DONE(): it ensures that if we fail to destroy the
key, we'll get an explicit error message about it without the need for
valgrind.
This is a preliminary to adding a valgrind-based test for constant-flow code:
we need to make sure the rest of the tests are fully valgrind-clean, which
they weren't.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
The tests are supposed to be failing now (in all.sh component
test_memsan_constant_flow), but they don't as apparently MemSan doesn't
complain when the src argument of memcpy() is uninitialized, see
https://github.com/google/sanitizers/issues/1296
The next commit will add an option to test constant flow with valgrind, which
will hopefully correctly flag the current non-constant-flow implementation.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>