Commit Graph

13200 Commits

Author SHA1 Message Date
Gilles Peskine
1a60fa1e3a
Merge pull request #328 from gilles-peskine-arm/psa-ecdsa_deterministic_flag
Remove dependency of crypto_values.h on crypto_extra.h
2019-11-29 18:41:55 +01:00
Gilles Peskine
0168f2f2c1 Better documentation in crypto_compat.h
Note that the identifiers declared in this header are deprecated.

Indicate what API version identifiers were from.
2019-11-29 12:23:46 +01:00
Gilles Peskine
2ff02c361e Document MBEDTLS_TEST_DEPRECATED 2019-11-29 12:17:21 +01:00
Gilles Peskine
895242be1c Add negative test cases for deprecated aliases
Catch more potential plumbing errors such as not returning the right
value or not writing to an output parameter.
2019-11-29 12:15:40 +01:00
Gilles Peskine
972630e240 Remove dependency of crypto_values.h on crypto_extra.h
Define PSA_ALG_ECDSA_DETERMINISTIC_FLAG in crypto_values.h.

This is necessary for the current PSA API specification processing
scripts.
2019-11-29 11:55:48 +01:00
Janos Follath
512fe9673f Fix test assert macro calls
The assert() macro in test is not available anymore. It is superseeded
by TEST_HELPER_ASSERT().
2019-11-29 10:13:32 +00:00
Gilles Peskine
6608e71032 Change ASSERT_ALLOC to take a size in elements, not bytes
`ASSERT_ALLOC(p, length)` now allocates `length` elements, i.e.
`length * sizeof(*p)` bytes.
2019-11-29 10:13:32 +00:00
Gilles Peskine
28405300ee New macro ASSERT_ALLOC to allocate memory in tests
The new macro ASSERT_ALLOC allocates memory with mbedtls_calloc and
fails the test if the allocation fails. It outputs a null pointer if
the requested size is 0. It is meant to replace existing calls to
mbedtls_calloc.
2019-11-29 10:13:32 +00:00
Jaeden Amero
ba9fff2433
Merge pull request #283 from ARMmbed/dev/gilles-peskine-arm/ctr_drbg-aes_fail-crypto
Uncaught AES failure in CTR_DRBG
2019-11-28 15:02:00 +00:00
Gilles Peskine
7bb1a7e0bf
Merge pull request #307 from msopiha-linaro/development
Add ASN.1 ENUMERATED tag support
2019-11-28 10:20:18 +01:00
Gilles Peskine
afaee1cacf Catch AES failure in mbedtls_ctr_drbg_random
The functions mbedtls_ctr_drbg_random() and
mbedtls_ctr_drbg_random_with_add() could return 0 if an AES function
failed. This could only happen with alternative AES
implementations (the built-in implementation of the AES functions
involved never fail), typically due to a failure in a hardware
accelerator.

Bug reported and fix proposed by Johan Uppman Bruce and Christoffer
Lauri, Sectra.
2019-11-28 10:03:08 +01:00
Gilles Peskine
06c28890c9 Add test function for effective key attributes
We're going to create some edge cases where the attributes of a key
are not bitwise identical to the attributes passed during creation.
Have a test function ready for that.
2019-11-26 19:14:18 +01:00
Gilles Peskine
0627f98779 Add tests of deprecated PSA functions
Test psa_asymmetric_sign and psa_asymmetric_verify.
2019-11-26 19:14:07 +01:00
Gilles Peskine
841b14be02 Add tests of deprecated PSA macros
When MBEDTLS_TEST_DEPRECATED is defined, run some additional tests to
validate deprecated PSA macros. We don't need to test deprecated
features extensively, but we should at least ensure that they don't
break the build.

Add some code to component_build_deprecated in all.sh to run these
tests with MBEDTLS_DEPRECATED_WARNING enabled. The tests are also
executed when MBEDTLS_DEPRECATED_WARNING and
MBEDTLS_DEPRECATED_REMOVED are both disabled.
2019-11-26 19:12:35 +01:00
Gilles Peskine
1a96049e30 Make the key_policy test function more flexible 2019-11-26 19:08:55 +01:00
Gilles Peskine
4151094a52 Add backward compatibility aliases for signature-related identifiers
Define deprecated aliases for identifiers that are being renamed.
2019-11-26 19:08:55 +01:00
Gilles Peskine
b951fd9330
Merge pull request #310 from gilles-peskine-arm/memory_buffer_alloc-fatal-pass
Clarify test descriptions in test_suite_memory_buffer_alloc
2019-11-26 18:52:24 +01:00
Gilles Peskine
8f4df81506
Merge pull request #293 from gilles-peskine-arm/entropy-min
Always gather MBEDTLS_ENTROPY_BLOCK_SIZE bytes of entropy
2019-11-26 18:43:45 +01:00
Gilles Peskine
0f212ff145
Merge pull request #320 from gilles-peskine-arm/readme-add-psa-link
Link to the PSA crypto portal page from README.md
2019-11-26 18:40:04 +01:00
Gilles Peskine
89d8c5c447 Rename some signature-related identifiers
Rename some macros and functions related to signature which are
changing as part of the addition of psa_sign_message and
psa_verify_message.

perl -i -pe '%t = (
PSA_KEY_USAGE_SIGN => PSA_KEY_USAGE_SIGN_HASH,
PSA_KEY_USAGE_VERIFY => PSA_KEY_USAGE_VERIFY_HASH,
PSA_ASYMMETRIC_SIGNATURE_MAX_SIZE => PSA_SIGNATURE_MAX_SIZE,
PSA_ASYMMETRIC_SIGN_OUTPUT_SIZE => PSA_SIGN_OUTPUT_SIZE,
psa_asymmetric_sign => psa_sign_hash,
psa_asymmetric_verify => psa_verify_hash,
); s/\b(@{[join("|", keys %t)]})\b/$t{$1}/ge' $(git ls-files . ':!:**/crypto_compat.h')
2019-11-26 18:20:59 +01:00
Gilles Peskine
7b0ab6d34a Simplify support for deprecated constants of various types
Generalize MBEDTLS_DEPRECATED_NUMERIC_CONSTANT into macros that can
accommodate types other than int.
2019-11-26 18:20:58 +01:00
Gilles Peskine
7a894f2142 Move backward compatibility aliases to their own header
Move backward compatibility aliases to a separate header. Reserve
crypto_extra.h for implementation-specific extensions that we intend
to keep supporting.

This is better documentation for users. New users should simply ignore
backward compatibility aliases, and old users can look at
crypto_compat.h to see what is deprecated without bothering about new
features appearing in crypto_extra.h.

This facilitates maintenance because scripts such as
generate_psa_constants that want to ignore backward compability
aliases can simply exclude crypto_compat.h from their parsing.
2019-11-26 18:20:58 +01:00
Gilles Peskine
4eca19bbd6
Merge pull request #324 from gilles-peskine-arm/psa-test_psa_constant_names-refactor_and_ka
test_psa_constant_names: support key agreement, better code structure
2019-11-26 16:01:31 +01:00
Gilles Peskine
987e271b16 If python3 fails, make it clear that this isn't fatal 2019-11-26 13:30:16 +01:00
Gilles Peskine
df78e496b7 Error out rather than call python on the perl script 2019-11-26 13:30:00 +01:00
Gilles Peskine
cbd91e013c Fix entropy_threshold when MBEDTLS_TEST_NULL_ENTROPY is enabled
Don't use the default entropy sources so as not to depend on their
characteristics.
2019-11-25 19:50:54 +01:00
Gilles Peskine
ae679390a2 Fix entropy_calls when MBEDTLS_ENTROPY_NV_SEED is enabled 2019-11-25 19:44:42 +01:00
Gilles Peskine
8fa1348276 Enumerate metadata test functions explicitly
When gathering test cases from test_suite_psa_crypto_metadata, look up
the test function explicitly. This way test_psa_constant_names will
error out if we add a new test function that needs coverage here.

This change highlights an omission in the previous version:
asymmetric_signature_wildcard was silently ignored as a source of
algorithm expressions to test. Fix that.
2019-11-25 17:10:12 +01:00
Jaeden Amero
5f0ccd5a3c
Merge pull request #2931 from piotr-now/memory-info
Avoid allocating 0-length buffers for PSK. Add memory debug information to ssl_client2.
2019-11-25 15:57:22 +00:00
Piotr Nowicki
7d01ef6562 Added buffer-based mbedtls allocator support to ssl_client2 2019-11-25 15:52:48 +01:00
Piotr Nowicki
9926eaf695 Do not allow configuring zero-length PSK
fix error when calloc is called with size 0
2019-11-25 15:49:53 +01:00
Gilles Peskine
d2cea9f57c Add some more KDF test cases 2019-11-25 15:44:24 +01:00
Gilles Peskine
7961668738 Support key agreement
Key agreement algorithms were excluded back when they were constructed
with a macro conveying the key agreement itself taking the KDF as an
argument, because that was hard to support. Now the encoding has
changed and key agreement algorithms are constructed with
PSA_ALG_KEY_AGREEMENT taking two arguments, one that identifies the
raw key agreement and one that identifies the KDF. This is easy to
process, so add support.
2019-11-25 15:44:24 +01:00
Gilles Peskine
2bcfc714d2 Error out if a test case uses an unknown macro name
Insist that test cases must only use macro names that are declared in
a header. This may catch errors such as not parsing the intended
files.

Make this check easily overridden in a derived class.
2019-11-25 15:44:24 +01:00
Gilles Peskine
98a710c5b2 Fix the collection of ECC curves and DH groups
PSA_ECC_CURVE_xxx and PSA_DH_GROUP_xxx were not collected from
headers, only from test suites.
2019-11-25 15:44:23 +01:00
Gilles Peskine
8c8694c14d add_test_case_line: data-driven dispatch
No behavior change.
2019-11-25 15:44:23 +01:00
Gilles Peskine
84a45817a4 Allow gather_inputs to work with a derived Inputs class
No behavior change.
2019-11-25 15:44:23 +01:00
Gilles Peskine
a5000f1dc6 Make a class for error data
No behavior change.
2019-11-25 15:44:23 +01:00
Gilles Peskine
2460933a6f Move test running and reporting functions into their own class
This makes the structure of the code more apparent.

No behavior change.
2019-11-25 15:44:23 +01:00
Gilles Peskine
b86b6d32f9 Path options that affect run_c as separate arguments
No behavior change.
2019-11-25 15:44:23 +01:00
Gilles Peskine
c231711dbc Move value collection into its own function
No behavior change.
2019-11-25 15:44:21 +01:00
Gilles Peskine
ffe2d6e71b Move the type_word->name_set mapping into its own method
No behavior change.
2019-11-25 15:44:04 +01:00
Gilles Peskine
4408dfd0fc Minor docstring improvements
No behavior change.
2019-11-22 17:44:25 +01:00
Jaeden Amero
b37886935e Merge remote-tracking branch 'origin/development' into development-restricted
* origin/development:
  Remove unused test data file
  Remove component designed to test MAX_SIGNATURE_SIZE
  Use MBEDTLS_PK_SIGNATURE_MAX_SIZE in pkey sample programs
  Use MBEDTLS_PK_SIGNATURE_MAX_SIZE in X.509
  Update crypto submodule
  x509write_csr: Reduce stack usage of mbedtls_x509write_csr_pem()
  Fix mbedtls_ssl_check_record usage with ext buf
  Shorter version of mbedtls_ssl_send_fatal_handshake_failure
  Resolve #2801 - remove repetitive assignment to ssl->in_msg (the first value was never used)
  Resolve #2800 - move declaration to avoid unused variable warning in case MBEDTLS_SSL_PROTO_DTLS was undefined
  Resolve #2717 - remove erroneous sizeof (the operator was applied to constant integer number)
  Fix potential resource leak in sslserver2 example
  X.509: Add numerous negative parsing tests for CertificatePolicy ext
  X.509: Adapt negative parsing test for no data in CrtPolicy ext
  X.509: Move negative tests for CertificatePolicy parsing
  X.509: Remove CRT policy parsing test 'bool len missing'
2019-11-22 10:27:25 +00:00
Jaeden Amero
67ab98dcc0 Merge remote-tracking branch 'restricted/pr/661' into development-restricted
* restricted/pr/661:
  Fix buffer size in an AES example
2019-11-22 10:26:08 +00:00
Jaeden Amero
5d74241b54 Merge remote-tracking branch 'origin/pr/2854' into development
* origin/pr/2854:
  Shorter version of mbedtls_ssl_send_fatal_handshake_failure
  Resolve #2801 - remove repetitive assignment to ssl->in_msg (the first value was never used)
  Resolve #2800 - move declaration to avoid unused variable warning in case MBEDTLS_SSL_PROTO_DTLS was undefined
  Resolve #2717 - remove erroneous sizeof (the operator was applied to constant integer number)
2019-11-22 10:20:19 +00:00
Jaeden Amero
ed7b8b73ad
Merge pull request #2868 from k-stachowiak/fix-resource-leak-in-ssl-example
Fix potential resource leak in sslserver2 example
2019-11-22 09:57:32 +00:00
Gilles Peskine
69f93b5040 Move the names of input files to global variables
No behavior change.
2019-11-21 16:49:50 +01:00
Gilles Peskine
8f5a5018e8 Describe options in alphabetical order
No behavior change.
2019-11-21 16:49:10 +01:00
Gilles Peskine
5a6dc895f2 Simplify expression normalization
No need to split lines, or remove whitespace after removing
whitespace. No behavior change.
2019-11-21 16:48:47 +01:00