Commit Graph

4519 Commits

Author SHA1 Message Date
Gilles Peskine
ed9fbc6443 Clearer function name for parity check
Return a name that more clearly returns nonzero=true=good, 0=bad. We'd
normally expect check_xxx to return 0=pass, nonzero=fail so
check_parity was a bad name.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-08-26 11:16:50 +02:00
Gilles Peskine
6c75152b9f Explain the purpose of check_parity
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-08-26 10:24:26 +02:00
Gilles Peskine
34f063ca47 Add missing cleanup to hash multipart operation tests
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-08-26 10:24:13 +02:00
Gilles Peskine
29c4a6cf9f Add negative tests for MAC verification
Add negative tests for psa_mac_verify_finish: too large, too small, or
a changed byte.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-08-26 00:16:03 +02:00
Gilles Peskine
090e16cb8b Don't destroy the key during a MAC verification operation
An early draft of the PSA crypto specification required multipart
operations to keep working after destroying the key. This is no longer
the case: instead, now, operations are guaranteed to fail. Mbed TLS
does not comply yet, and still allows the operation to keep going.
Stop testing Mbed TLS's non-compliant behavior.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-08-26 00:16:03 +02:00
Gilles Peskine
8b356b5652 Test other output sizes for psa_mac_sign_finish
Test psa_mac_sign_finish with a smaller or larger buffer.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-08-26 00:16:03 +02:00
Gilles Peskine
5e65cec5e8 Simplify output bounds check in mac_sign test
Rely on Asan to detect a potential buffer overflow, instead of doing a
manual check. This makes the code simpler and Asan can detect
underflows as well as overflows.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-08-26 00:16:03 +02:00
Gilles Peskine
3d404d677e Test PSA_MAC_FINAL_SIZE in mac_sign exactly
We expect PSA_MAC_FINAL_SIZE to be exact in this implementation, so
check it here.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-08-26 00:16:03 +02:00
Gilles Peskine
cd65f4ccac Add empty-output-buffer test cases for single-part hash functions
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-08-26 00:11:23 +02:00
Gilles Peskine
e92c68a878 Note that a failure in cleanup is intentional
In the cleanup code for persistent_key_load_key_from_storage(), we
only attempt to reopen the key so that it will be deleted if it exists
at that point. It's intentional that we do nothing if psa_open_key()
fails here.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-08-26 00:11:23 +02:00
Gilles Peskine
64f13ef6ab Add missing cleanup to some multipart operation tests
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-08-26 00:11:23 +02:00
Gilles Peskine
a09713c795 test cleanup: Annotate file removal after a failed creation
Let static analyzers know that it's ok if remove() fails here.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-08-25 22:50:18 +02:00
Gilles Peskine
14613bcd75 Fix parity tests to actually fail the test on error
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-08-25 22:30:31 +02:00
Steven Cooreman
ffecb7b982 Implement support for multipart ECB and add tests
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2020-08-25 17:00:24 +02:00
Janos Follath
d4ac4e037b
Merge pull request #736 from mpg/cf-varpos-copy-dev-restricted
Constant-flow copy of HMAC from variable position
2020-08-25 14:35:55 +01:00
Steven Cooreman
a6033e92af Style and language fixes
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2020-08-25 12:32:22 +02:00
Manuel Pégourié-Gonnard
04b7488411 Fix potential use of uninitialised variable
If any of the TEST_ASSERT()s that are before the call to
mbedtls_pk_warp_as_opaque() failed, when reaching the exit label
psa_destroy_key() would be called with an uninitialized argument.

Found by Clang.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-08-25 10:45:51 +02:00
Gilles Peskine
ed19762a22
Merge pull request #3574 from makise-homura/e2k_support
Support building on e2k (Elbrus) architecture
2020-08-25 09:46:36 +02:00
John Durkop
c14be901eb Add new test_depends_curves_psa to all.sh
Add new test (test_depends_curves_psa) to all.sh to confirm
that test is passing when MBEDTLS_USE_PSA_CRYPTO is defined.

Fix #3294

Signed-off-by: John Durkop <john.durkop@fermatsoftware.com>
2020-08-24 08:24:08 -07:00
John Durkop
f35069a82d Fix undefined ref error when ECDSA not defined
Add guards in pk_wrap.c to ensure if ECDSA is not defined, errors
are returned.
Remove warnings in pk.c for unused variables.
Add new test (test_depends_pkalgs_psa) to all.sh to confirm
when USE_PSA_CRYPTO is defined that features are working properly.

Fix #3294

Signed-off-by: John Durkop <john.durkop@fermatsoftware.com>
2020-08-24 08:20:56 -07:00
Gilles Peskine
0f343ac87f
Merge pull request #3528 from gufe44/helpers-redirect-restore-output
Fix bug in redirection of unit test outputs
2020-08-24 10:45:08 +02:00
Manuel Pégourié-Gonnard
8a79b9b68c Fix "unused function" warning in some configs
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-08-24 10:29:30 +02:00
Manuel Pégourié-Gonnard
6edfe60e0d
Merge pull request #2182 from hanno-arm/key_pwd
Add support for password protected key files to ssl_server2 and ssl_client2
2020-08-24 09:42:38 +02:00
Gilles Peskine
0f38590edf Commit the intermediate files cert_md*.csr
They are used to generate cert_md*.crt.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-08-21 20:47:52 +02:00
Gilles Peskine
d1ff7579c8 Fix "make -C tests/data_files"
It wasn't working when invoking programs/x509/cert_write or
programs/x509/cert_req due to relying on the current directory rather
than the location of the makefile.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-08-21 20:43:32 +02:00
Manuel Pégourié-Gonnard
6c77bc6de2 compat.sh: stop using allow_sha1
After the changes of certificates, it's no longer needed.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-08-21 12:34:05 +02:00
Manuel Pégourié-Gonnard
499bf4c0c8 compat.sh: quit using SHA-1 certificates
Replace server2.crt with server2-sha256.crt which, as the name implies, is
just the SHA-256 version of the same certificate.

Replace server1.crt with cert_sha256.crt which, as the name doesn't imply, is
associated with the same key and just have a slightly different Subject Name,
which doesn't matter in this instance.

The other certificates used in this script (server5.crt and server6.crt) are
already signed with SHA-256.

This change is motivated by the fact that recent versions of GnuTLS (or older
versions with the Debian patches) reject SHA-1 in certificates by default, as
they should. There are options to still accept it (%VERIFY_ALLOW_BROKEN and
%VERIFY_ALLOW_SIGN_WITH_SHA1) but:

- they're not available in all versions that reject SHA-1-signed certs;
- moving to SHA-2 just seems cleaner anyway.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-08-21 12:25:30 +02:00
Manuel Pégourié-Gonnard
244d06637f compat.sh: enable CBC-SHA-2 suites for GnuTLS
Recent GnuTLS packages on Ubuntu 16.04 have them disabled.

From /usr/share/doc/libgnutls30/changelog.Debian.gz:

gnutls28 (3.4.10-4ubuntu1.5) xenial-security; urgency=medium

  * SECURITY UPDATE: Lucky-13 issues
    [...]
    - debian/patches/CVE-2018-1084x-4.patch: hmac-sha384 and sha256
      ciphersuites were removed from defaults in lib/gnutls_priority.c,
      tests/priorities.c.

Since we do want to test the ciphersuites, explicitly re-enable them in the
server's priority string. (This is a no-op with versions of GnuTLS where those
are already enabled by default.)

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-08-21 12:06:47 +02:00
gufe44
067f6e01f1 Fix bug in redirection of unit test outputs
Avoid replacing handle. stdout is defined as a macro on several platforms.

Signed-off-by: gufe44 <gu981@protonmail.com>
2020-08-21 08:32:26 +02:00
Dan Handley
50118144c6 Update remaining copyright notices to use Linux Foundation guidance
Update copyright notices to newly added files since merge of original
PR #3546 "Update copyright notices to use Linux Foundation guidance".
Generated using the same script.

Signed-off-by: Dan Handley <dan.handley@arm.com>
2020-08-20 11:20:12 +01:00
Dan Handley
abccfc1684 Merge development into development-restricted
* development:
  Update copyright notices to use Linux Foundation guidance
  Undef ASSERT before defining it to ensure that no previous definition has sneaked in through included files.
  Add ChangeLog entry for X.509 CN-type vulnerability
  Improve documentation of cn in x509_crt_verify()
  Fix comparison between different name types
  Add test: DNS names should not match IP addresses
  Remove obsolete buildbot reference in compat.sh
  Fix misuse of printf in shell script
  Fix added proxy command when IPv6 is used
  Simplify test syntax
  Fix logic error in setting client port
  ssl-opt.sh: include test name in log files
  ssl-opt.sh: remove old buildbot-specific condition
  ssl-opt.sh: add proxy to all DTLS tests

Signed-off-by: Dan Handley <dan.handley@arm.com>
2020-08-20 11:07:12 +01:00
Manuel Pégourié-Gonnard
73afa37507 Add option to test constant-flow with valgrind
Currently the new component in all.sh fails because
mbedtls_ssl_cf_memcpy_offset() is not actually constant flow - this is on
purpose to be able to verify that the new test works.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-08-20 10:22:41 +02:00
Manuel Pégourié-Gonnard
feb0396d20 Fix memory leak in test_suite_x509write with PSA crypto
The documentation of mbedtls_pk_wrap_as_opaque is quite clear:

 * \param handle    Output: a PSA key handle.
 *                  It's the caller's responsibility to call
 *                  psa_destroy_key() on that handle after calling
 *                  mbedtls_pk_free() on the PK context.

But the test failed to call psa_destroy_key().

While at it, also use PSA_DONE(): it ensures that if we fail to destroy the
key, we'll get an explicit error message about it without the need for
valgrind.

This is a preliminary to adding a valgrind-based test for constant-flow code:
we need to make sure the rest of the tests are fully valgrind-clean, which
they weren't.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-08-20 10:21:32 +02:00
danh-arm
e8582ba0f3
Merge pull request #3546 from bensze01/copyright
Update copyright notices to use Linux Foundation guidance
2020-08-19 15:59:42 +01:00
Manuel Pégourié-Gonnard
7fe2c5f086 Add mbedtls_ssl_cf_memcpy_offset() with tests
The tests are supposed to be failing now (in all.sh component
test_memsan_constant_flow), but they don't as apparently MemSan doesn't
complain when the src argument of memcpy() is uninitialized, see
https://github.com/google/sanitizers/issues/1296

The next commit will add an option to test constant flow with valgrind, which
will hopefully correctly flag the current non-constant-flow implementation.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-08-19 11:56:02 +02:00
Bence Szépkúti
1e14827beb Update copyright notices to use Linux Foundation guidance
As a result, the copyright of contributors other than Arm is now
acknowledged, and the years of publishing are no longer tracked in the
source files.

Also remove the now-redundant lines declaring that the files are part of
MbedTLS.

This commit was generated using the following script:

# ========================
#!/bin/sh

# Find files
find '(' -path './.git' -o -path './3rdparty' ')' -prune -o -type f -print | xargs sed -bi '

# Replace copyright attribution line
s/Copyright.*Arm.*/Copyright The Mbed TLS Contributors/I

# Remove redundant declaration and the preceding line
$!N
/This file is part of Mbed TLS/Id
P
D
'
# ========================

Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2020-08-19 10:35:41 +02:00
makise-homura
e74f372330 Get back -Wsigned-one-bit-field and fix sources according to it
Signed-off-by: makise-homura <akemi_homura@kurisa.ch>
2020-08-18 23:57:48 +03:00
Hanno Becker
721f7c1e64 Add minimal client authentication test to ssl-opt.sh
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2020-08-17 12:17:32 +01:00
Hanno Becker
2f54a3c2e4 Add tests to ssl-opt.sh exercising new key_pwd[2] parameters
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2020-08-17 12:17:28 +01:00
Hanno Becker
226eedb5f3 Add password protected version of key for data_files/server{2,5}.key
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2020-08-17 12:14:00 +01:00
Manuel Pégourié-Gonnard
98944cd756
Merge pull request #3404 from mpg/improve-ssl-opt-logs
Improve ssl-opt.sh logs
2020-08-17 12:04:36 +02:00
Raoul Strackx
a4e86141f1 Always revoke certificate on CRL
RFC5280 does not state that the `revocationDate` should be checked.

In addition, when no time source is available (i.e., when MBEDTLS_HAVE_TIME_DATE is not defined), `mbedtls_x509_time_is_past` always returns 0. This results in the CRL not being checked at all.

https://tools.ietf.org/html/rfc5280
Signed-off-by: Raoul Strackx <raoul.strackx@fortanix.com>
2020-08-17 09:05:03 +02:00
Gilles Peskine
71f4fa13bb
Merge pull request #721 from gilles-peskine-arm/x509parse_crl-empty_entry-development
Fix buffer overflow in x509_get_entries (oss-fuzz 24123)
2020-08-14 23:22:31 +02:00
Hanno Becker
fa452c4566 Fix guard in ECJPAKE tests in ssl-opt.sh
Three tests were guarded by `MBEDTLS_KEY_EXCHANGE_ECJPAKE`,
not `MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED`, as it should be.

Curiously, the guard still functioned as intended, perhaps
because `MBEDTLS_KEY_EXCHANGE_ECJPAKE` is a prefix of
`MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED`.

Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2020-08-14 15:42:49 +01:00
Hanno Becker
ee63af6f8f Adapt ssl-opt.sh to modified ciphersuite log format
The debug output for supported ciphersuites has been changed
from `deadbeef` to `0xdeadbeef` in a previous commit, but the
test script `ssl-opt.sh` grepping for lines in the debug log
to determine test success/failure hadn't been adjusted accordingly.

This commit fixes this.

Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2020-08-14 15:41:23 +01:00
Manuel Pégourié-Gonnard
8ca03a7b68
Merge pull request #3554 from mpg/x509-verify-non-dns-san-dev
X509 verify non-DNS SANs
2020-08-14 11:32:22 +02:00
Manuel Pégourié-Gonnard
c4af324a4b Merge branch 'development' into development-restricted
* development: (55 commits)
  Log change as bugfix
  Add changelog entry
  Clarify updates to the persistent state in storage
  With multiple applicable transparent drivers, the order is unspecified
  Minor clarifications
  Give some examples of purpsoses of pure-software transparent driver
  Fix typos
  Add a link to the PSA API specification
  Explain locations vs lifetimes
  Initialize key pointer in ecdh to NULL
  Add buffer zeroization when ecp_write_key fails
  Simplified key slot deletion
  Style fixes
  Use arc4random_buf instead of rand on NetBSD
  Apply review feedback
  Update open question section about public key storage
  Remove the paragraph about declaring application needs
  Change driver persistent data to a callback interface
  Rework and expand key management in opaque drivers
  Fix typos and copypasta
  ...
2020-08-14 10:11:21 +02:00
Gilles Peskine
3890f7cd3d
Merge pull request #3540 from gufe44/netbsd-rand-arc4random_buf
Use arc4random_buf instead of rand on NetBSD
2020-08-13 15:27:45 +02:00
Gilles Peskine
9ec3648ab3
Merge pull request #3495 from mpg/check-generated-files
Add update option to check-generated-files
2020-08-13 11:24:23 +02:00
Manuel Pégourié-Gonnard
7d2a4d873f Add test: DNS names should not match IP addresses
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-08-11 10:23:52 +02:00
Manuel Pégourié-Gonnard
eaa0739143
Merge pull request #716 from mpg/ct-varlen-hmac
Add constant-flow variable-length HMAC function
2020-08-10 12:40:33 +02:00
Gilles Peskine
210bea38f3 Add the decomposition of the base case as a comment
Put the base good case first, then the bad cases derived from it.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-08-06 17:12:03 +02:00
Gilles Peskine
67a85d1d3b
Merge pull request #3492 from stevew817/rework/key_slot_contains_key_buffer
Rework PSA Crypto core to store keys in export representation
2020-08-05 21:16:11 +02:00
Steven Cooreman
d4867877f1 Initialize key pointer in ecdh to NULL
Since it is being dereferenced by free on exit it should be inited to NULL.
Also added a small test that would trigger the issue.

Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2020-08-05 17:38:47 +02:00
gufe44
c2620dac02 Use arc4random_buf instead of rand on NetBSD
Avoid old implementation of rand returning numbers with cyclical lower bits. Allow tests to pass.

Signed-off-by: gufe44 <gu981@protonmail.com>
2020-08-03 17:56:50 +02:00
Steven Cooreman
3fa684ed91 Allow importing Montgomery public keys in PSA Crypto
PSA Crypto was checking the byte length of a to-be-imported public ECP key
against the expected length for Weierstrass keys, forgetting that
Curve25519/Curve448 exists.

Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2020-07-30 15:35:14 +02:00
Ronald Cron
d8902b6e3d tests: Replace "TEST_ASSERT(!memcmp ...)" by ASSERT_COMPARE
The usage of "!memcmp()" is at least not recommended
and better to use the macro dedicated for buffer
comparisons.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-07-30 14:18:02 +02:00
Manuel Pégourié-Gonnard
882148ed5c Remove obsolete buildbot reference in compat.sh
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-07-27 09:46:53 +02:00
Manuel Pégourié-Gonnard
a3b994fa4d Fix misuse of printf in shell script
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-07-27 09:45:32 +02:00
Manuel Pégourié-Gonnard
0b2112d304 Add comment on memsan + constant-flow testing 2020-07-27 09:33:49 +02:00
Manuel Pégourié-Gonnard
8779e9a70b Fix added proxy command when IPv6 is used
For explicit proxy commands (included with `-p "$P_PXY <args>` in the test
case), it's the test's writer responsibility to handle IPv6; only fix the
proxy command when we're auto-adding it.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-07-24 11:33:49 +02:00
Manuel Pégourié-Gonnard
ea6a740923
Merge pull request #717 from mpg/non-etm-cbc-negative-testing
Add negative tests for non-EtM CBC decryption
2020-07-22 13:33:49 +02:00
Manuel Pégourié-Gonnard
e55653f085 Improve comments about padlen convention
The convention from the TLS RFC is a bit unusual, so even if the test
function's introductory comment mentions that we're taking the RFC's
definition, it doesn't hurt to repeat it in crucial places.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-07-22 11:42:57 +02:00
Manuel Pégourié-Gonnard
c3219006ff Fix suboptimal use of ASSER_ALLOC()
Passing a length of 0 to it is perfectly acceptable, the macro was designed to
handle it correctly.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-07-22 11:31:19 +02:00
Manuel Pégourié-Gonnard
ca8287cbaf Use test_set_step() in loop in cf_hmac test
We only have a single integer available for two nested loops, but the loop
sizes are small enough compared to the integer's range that we can encode both
indexes. Since the integer is displayed in decimal in case of errors, use a
power of 10 to pack the two indexes together.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-07-22 11:31:19 +02:00
Manuel Pégourié-Gonnard
ed0e86428d Factor repeated condition to its own macro
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-07-22 11:31:19 +02:00
Manuel Pégourié-Gonnard
9670a59230 Start testing cf_hmac() for constant flow
Currently this breaks all.sh component test_memsan_constant_flow, just as
expected, as the current implementation is not constant flow.

This will be fixed in the next commit.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-07-22 11:31:18 +02:00
Gilles Peskine
d3beca9e38 Test Everest with only Curve25519 enabled
tests/scripts/curves.pl tests the library with a single curve enabled.
This uses the legacy ECDH context and the default ECDH implementation.
For Curve25519, there is an alternative implementation, which is
Everest. Test this. This also tests the new ECDH context, which
Everest requires.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-07-22 03:17:24 +02:00
Gilles Peskine
a2611604d4 curves.pl: test with each elliptic curve enabled
Previously curves.pl tested with all elliptic curves enabled except
one, for each curve. This catches tests that are missing dependencies
on one of the curve that they use, but does not catch misplaced
conditional directives around parts of the library.

Now, we additionally test with a single curve, for each curve. This
catches missing or extraneous guards around code that is specific to
one particular curve or to a class of curves.

Signed-off-by: Gilles Peskine <gilles.peskine@arm.com>
2020-07-22 03:17:24 +02:00
Gilles Peskine
7ab66a6bf1 Add missing dependencies for ECDH_xxx key exchanges
ECDH_ECDSA requires ECDSA and ECDH_RSA requires RSA.

Signed-off-by: Gilles Peskine <gilles.peskine@arm.com>
2020-07-22 03:17:23 +02:00
Manuel Pégourié-Gonnard
b51f04466f Fix misleading comment in test function
Everything works at the byte level, not bit level. Flipping the lsb is just
one convenient way to corrupt a byte, but don't really care about individual
bits.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-07-21 10:40:25 +02:00
Manuel Pégourié-Gonnard
864abbff4e Rework how lengths are expressed in CBC test
This is hopefully more readable in the .data file.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-07-21 10:37:14 +02:00
Gilles Peskine
b2281e1cf0 x509parse_crl: more negative test cases
Add a few more negative test cases for mbedtls_x509_crl_parse.
The test data is manually adapted from the existing positive test case
"X509 CRL ASN1 (TBSCertList, sig present)" which decomposes as

305c
 3047                                   tbsCertList TBSCertList
  020100                                version INTEGER OPTIONAL
  300d                                  signatureAlgorithm AlgorithmIdentifier
   06092a864886f70d01010e
   0500
  300f                                  issuer Name
   310d300b0603550403130441424344
  170c303930313031303030303030          thisUpdate Time
  3014                                  revokedCertificates
   3012                                 entry 1
    8202abcd                            userCertificate CertificateSerialNumber
    170c303831323331323335393539        revocationDate Time
 300d                                   signatureAlgorithm AlgorithmIdentifier
  06092a864886f70d01010e
  0500
 03020001                               signatureValue BIT STRING

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-07-16 18:18:22 +02:00
Manuel Pégourié-Gonnard
a80651c483 Add a pre-commit hook that checks generated files
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-07-16 10:54:38 +02:00
Manuel Pégourié-Gonnard
2774fc45ff Add -u option to check-generated-files.sh
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-07-16 10:54:38 +02:00
Manuel Pégourié-Gonnard
4adc04a8a3 Give a constant a name in test function
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-07-16 10:00:48 +02:00
Manuel Pégourié-Gonnard
6240defd17 Add MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN
This option allows to test the constant-flow nature of selected code, using
MemSan and the fundamental observation behind ctgrind that the set of
operations allowed on undefined memory by dynamic analysers is the same as the
set of operations allowed on secret data to avoid leaking it to a local
attacker via side channels, namely, any operation except branching and
dereferencing.

(This isn't the full story, as on some CPUs some instructions have variable
execution depending on the inputs, most notably division and on some cores
multiplication. However, testing that no branch or memory access depends on
secret data is already a good start.)

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-07-15 12:26:22 +02:00
Manuel Pégourié-Gonnard
65a6fa3e26 Make cf_hmac() STATIC_TESTABLE
The test function now depends on MBEDTLS_TEST_HOOKS, which is enabled by
config.py full, and since there are already components in all.sh exercising
the full config, this test function is sill exercised even with this new
dependency.

Since this is the first time a test function depends on MBEDTLS_TEST_HOOKS,
fix a bug in check-names.sh that wasn't apparent so far: headers from
library/*.h were not considered when looking for macro definitions. This
became apparent because MBEDTLS_STATIC_TESTABLE is defined in library/common.h
and started being used in library/ssl_msg.c, so was flagged as a likely typo.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-07-15 12:26:21 +02:00
Manuel Pégourié-Gonnard
045f094c81 Add dummy constant-flow HMAC function with tests
The dummy implementation is not constant-flow at all for now, it's just
here as a starting point and a support for developing the tests and putting
the infrastructure in place.

Depending on the implementation strategy, there might be various corner cases
depending on where the lengths fall relative to block boundaries. So it seems
safer to just test all possible lengths in a given range than to use only a
few randomly-chosen values.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-07-15 12:25:52 +02:00
Steven Cooreman
5a3c210e15 Update to renamed curve constant
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2020-07-13 17:26:26 +02:00
Steven Cooreman
aec44e9fe8 Merge remote-tracking branch 'mbedtls/development' into montgomery-keys-clarification 2020-07-13 11:48:21 +02:00
Steven Cooreman
0024df6b37 Remove superfluous argument to ecp_write_key
Removed after feedback from PR review.

Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2020-07-13 10:59:40 +02:00
Manuel Pégourié-Gonnard
913a204a33 Fix undeclared dependency of test function
The ssl_tranform structure lacks some members accessed by this function when
CBC is not enabled.

This was found by test-ref-configs.pl and all.sh
test_when_no_ciphersuites_have_mac, so no need to add a new test.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-07-09 10:02:41 +02:00
Manuel Pégourié-Gonnard
62af37d616 Add tests with ARIA, Camellia, 3DES
Started as copies of the AES block, then:

- for ARIA, just s/AES/ARIA/
- for Camellia, just s/AES/Camellia/
- for 3DES, s/AES/3DES/ then s/3DES_128_CBC/DES_EDE3_CBC/ then manually
  subtract 8 to all plaintext lengths that were > 8. This accounts for the
fact that the block size of DES is 8 not 16.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-07-07 11:40:38 +02:00
Manuel Pégourié-Gonnard
7a1cb41ba2 Add test cases with MD5, SHA1, SHA384
All started from a copy of the SHA256 block and modified as follows:

- for MD5, just s/SHA256/MD5/
- for SHA384, adapt the dependency line then s/SHA256/SHA384
- for SHA1, s/SHA256/SHA1/ then manually adapt the plaintext length for the
  cases with "!trunc, B-1" and "!trunc, B", as the MAC length (20) is not a
multiple of the block size (16) for this hash

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-07-07 11:25:27 +02:00
Manuel Pégourié-Gonnard
e79e3bb2da Add test cases with various record sizes
- plaintext length = 0 or 1
- plaintext length + MAC length = -1 or 0 mod block_size
    (using the minimum plaintext length that works)

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-07-07 11:02:59 +02:00
Manuel Pégourié-Gonnard
527c1ff71a Generate good/bad padding programmatically
Compared to the previous approach of having the bad padding provided as input
to the testing function, this allows to test more kinds of incorrect data,
with less test cases in the .data file and more important no manually-generated
non-trivial data in the test case parameters, making it much easier to
complete the testing matrix.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-07-07 10:43:37 +02:00
Manuel Pégourié-Gonnard
fafe8553c6
Merge pull request #3392 from paul-elliott-arm/psa_ecc_dh_macros
PSA: update EC curve and DH group family macros
2020-07-07 09:20:44 +02:00
Steven Cooreman
ed3c9ec71a Added support for AES-ECB to the PSA Crypto implementation
PSA_ALG_ECB_NO_PADDING came in to the PSA Crypto API spec v1.0.0, but
was not implemented yet in the mbed TLS implementation.

Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2020-07-06 14:16:10 +02:00
Steven Cooreman
14f0e526fb Fix Curve25519 ecp_read_key vectors to match description
They did not match their description, probably due to a botched manual
endianness conversion where the nibbles also got swapped.

Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2020-07-06 10:52:38 +02:00
Steven Cooreman
c9b7f78647 Rework mbedtls_ecp_write_key to remove unnecessary output parameter
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2020-07-06 10:52:32 +02:00
Steven Cooreman
6f5cc71ad1 Document masking of Montgomery private keys in psa_export_key
Follow the PSA Crypto specification which was updated between 1.0 beta3
and 1.0.0.
Add corresponding test cases.

Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2020-07-06 10:45:04 +02:00
Steven Cooreman
de8593f2fe Implement and test mbedtls_ecp_write_key
mbedtls_ecp_write_key is a mirror function to mbedtls_ecp_read_key, which
writes a private key back into a byte buffer in the correct format.
This is a helpful convenience function, since the byte order is defined
differently between Montgomery and Weierstrass curves. Since this difference
is accounted for in mbedtls_ecp_read_key, it made sense to add
mbedtls_ecp_write_key for the purpose of abstracting this away such that
psa_export_key doesn't need to take byte order into account.

Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2020-07-06 10:42:38 +02:00
Gilles Peskine
642a4ef0aa
Merge pull request #3463 from gilles-peskine-arm/tests-not-executed
Fix some test cases that weren't getting executed
2020-07-03 15:13:18 +02:00
Gilles Peskine
2426506fa0
Merge pull request #3458 from gilles-peskine-arm/analyze_outcomes-count_test_cases-1
Test outcome analysis: check that all available test cases have been executed
2020-07-03 15:12:44 +02:00
Manuel Pégourié-Gonnard
0ac01a1c59 TLS: Add negative tests for non-EtM CBC decryption
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-07-03 12:49:10 +02:00
Manuel Pégourié-Gonnard
527b87890d
Merge pull request #3454 from gilles-peskine-arm/include-common-h-development
Include common.h from all library source files
2020-07-03 09:44:18 +02:00
Gilles Peskine
bbb3664957 Documentation improvements
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-07-03 09:32:50 +02:00
Paul Elliott
75e27032d3 Rename DH Family Macros According to PSA Spec
Rename PSA_DH_GROUP_xxx to PSA_DH_FAMILY_xxx, also rename
PSA_KEY_TYPE_GET_GROUP to PSA_KEY_TYPE_DH_GET_FAMILY and rename
psa_dh_group_t to psa_dh_family_t. Old defines are provided in
include/crypto_compat.h for backward compatibility.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2020-07-02 16:59:49 +01:00
Paul Elliott
8ff510ac26 Rename ECC Family Macros According to PSA Spec
Rename PSA_ECC_CURVE_xxx to PSA_ECC_FAMILY_xxx, also rename
PSA_KEY_TYPE_GET_CURVE to PSA_KEY_TYPE_ECC_GET_FAMILY and rename
psa_ecc_curve_t to psa_ecc_family_t. Old defines are provided in
include/crypto_compat.h for backward compatibility.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2020-07-02 16:59:30 +01:00
Gilles Peskine
76dd3aa5bb Add comments explaining include paths
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-07-02 15:59:45 +02:00
Gilles Peskine
0d7216511f Fix erroneous skip of test cases for disabled ciphersuites
Test cases that force a specific ciphersuites are only executed if
this ciphersuite is enabled. But there are test cases (for RC4) whose
goal is to check that the ciphersuite is not used. These test cases
must run even if (or only if) the ciphersuite is disable, so add an
exception for these test cases.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-07-02 11:38:21 +02:00
Ronald Cron
a123614699 tests: Move mbedtls_param_failed() to test common code
This makes the implementation of mbedtls_param_failed()
for testing purpose available to programs. Thus removing
the ad-hoc implementations in programs.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-07-02 09:59:38 +02:00
Ronald Cron
579fd28527 tests: Isolate mbedtls_param_failed() long jump
In preparation of moving mbedtls_param_failed() to test
common code, isolate mbedtls_param_failed() long
jump data and set up from unit test data and code.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-07-02 09:59:32 +02:00
Ronald Cron
76883ec853 tests: Isolate mbedtls_param_failed() call check
In preparation of moving mbedtls_param_failed() to test
common code, isolate mbedtls_param_failed() call check
from unit test data.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-07-02 09:39:37 +02:00
Ronald Cron
4e66587545 tests: Move mbedtls_param_failed() call location record
In preparation of moving mbedtls_param_failed() to test
common code, move mbedtls_param_failed() call location
record into a context dedicated to mbedtls_param_failed().

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-07-02 09:39:37 +02:00
Ronald Cron
55d97f2ca8 tests: Remove usage of mbedtls_test_hexify for comparison
Do not hexify binary data to compare them, do compare
them directly. That simplifies the check code and save
memory.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-07-02 09:39:30 +02:00
Ronald Cron
ac6ae35150 tests: suites: Remove hex in name of variables of type data_t
Remove `hex` in name of variables of type data_t to reserve it
for variables of type char* that are the hexadecimal
representation of a data buffer.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-07-01 17:10:15 +02:00
Ronald Cron
ab500cb73c tests: Improve the documentation of mbedtls_test_unhexify()
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-07-01 17:10:15 +02:00
Janos Follath
be9a5752c2 Merge tag 'mbedtls-2.23.0' into merge-2.23.0-release-to-development
Mbed TLS 2.23.0
2020-07-01 11:23:17 +01:00
Janos Follath
0435cd8c23 Bump version to Mbed TLS 2.23.0
Executed "./scripts/bump_version.sh --version 2.23.0 --so-crypto 5"

A symbol has been removed from the mbedcrypto library since the last
release:
mbedtls_ecc_group_to_psa ( enum mbedtls_ecp_group_id grpid,
                           size_t* bits )

This is an ABI break and we need to increase the SO version.

Signed-off-by: Janos Follath <janos.follath@arm.com>
2020-06-29 22:41:30 +01:00
Gilles Peskine
82ac38ee5d
Merge pull request #3438 from ronald-cron-arm/programs-use-common-test-code
Add support to build and link test common code in programs
2020-06-29 10:29:36 +02:00
Gilles Peskine
7eefa22fb1 Fix copypasta in test case descriptions
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-06-26 22:54:47 +02:00
Gilles Peskine
b20b873bff Remove metadata tests for features that are not implemented
The metadata tests depend on the corresponding feature because there
is no guarantee that the metadata is correct if the feature is
disabled. There are metadata test cases for some algorithms and key
types that are declared but not supported. These test cases are
present but can never run.

It is debatable whether having these test cases is a good thing in
case they become runnable in the future, or a bad thing because
they're dead code. We're working on detecting test cases that are
never executed for accidental reasons (e.g. typo in a dependency or
missing configuration on the CI), and having test cases that are
deliberately never executed messes this up. So remove these test
cases. If we do implement the corresponding feature, it'll be easy to
add the corresponding metadata test cases.

The features that had metadata tests but no implementations were:

* SHA-512/256 and SHA-512/224 (hypothetical dependency: MBEDTLS_SHA512_256)
* DSA (hypothetical dependency: MBEDTLS_DSA_C)
* SHA-3 and HMAC-SHA-3 (hypothetical dependency: MBEDTLS_SHA3_C)

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-06-26 22:48:06 +02:00
Gilles Peskine
af9dbc9213 Fix dependency in PSA test cases
The test cases were never executed.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-06-26 22:45:30 +02:00
Gilles Peskine
a911b32e2f Fix dependency in AES GCM test case
The test case was never executed.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-06-26 22:40:58 +02:00
Gilles Peskine
961914df12
Merge pull request #3382 from stevew817/feature/volatile-keys-in-SE
Support volatile keys in external SE
2020-06-26 20:27:11 +02:00
Gilles Peskine
3d863f2631 Document the fields of TestCasesOutcomes
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-06-26 18:31:26 +02:00
Gilles Peskine
8d3c70a279 Check test case coverage
Check that every available test case in the test suites and ssl-opt.sh
has been executed at least once.

For the time being, only report a warning, because our coverage is
incomplete. Once we've updated all.sh to have full coverage, this
warning should become an error.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-06-26 18:29:34 +02:00
Gilles Peskine
15c2cbfed5 New script for test outcome analysis
This is a new script designed to analyze test outcomes collected
during a whole CI run.

This commit introduces the script, the code to read the outcome file,
and a very simple framework to report errors. It does not perform any
actual analysis yet.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-06-26 18:29:34 +02:00
Gilles Peskine
6f6ff3346d check_test_cases: move some functions into the logical class
With previous refactorings, some functions are now solely meant to be
called from other functions in a particular class. Move them into this
class.

No behavior change.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-06-26 18:29:30 +02:00
Gilles Peskine
78c45dbb0f check_test_cases: move "walk" functions into a class
Make the structure more Pythonic: use classes for abstraction and
refinement, rather than higher-order functions.

Convert walk(function, state, data) into instance.walk(data) where
instance has a method that implements function and state is a field of
instance.

No behavior change.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-06-26 18:29:25 +02:00
Ronald Cron
a0c2539c4c Rework mbedtls_test_unhexify()
Rework mbedtls_test_unhexify to extend its scope of usage.
Return in error when the function detects an error instead
of calling mbedtls_exit().
Improve safety by checking the output buffer is not overrun.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-06-26 10:45:16 +02:00
Ronald Cron
9ed4073ea5 tests: Get rid of mbedtls_test_unhexify() in unit test code
In test functions calling mbedtls_test_unhexify(), change the
type of the associated parameters from `char*` to `data_t`.

That way the `unhexify` operation is done by the test
framework and not by the unit test code.

Use for the new parameters of type data_t the name of the
local variable that use to store the `unhexify` version of
the `char*` parameter.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-06-26 10:45:16 +02:00
Ronald Cron
c7ba560481 tests: ccm: Prepare to char* to data_t* type change
In preparation of changing the type of some parameters
of mbedtls_ccm_star_encrypt_and_tag/auth_decrypt from
`char *` to `data_t` to get rid of the calls to
mbedtls_test_unhexify():

- Change the name of parameters and local variables to
  clarify which ones are related to the outputs of the
  library functions under test and which ones are
  related to the expected values of those outputs.

- Use two different buffers to store the plain and cipher
  text as expected by the library functions.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-06-26 10:45:16 +02:00
Ronald Cron
df02eb00e0 tests: aes.ofb: Prepare to char* to data_t* type change
In preparation of changing the type of some parameters
of aes_encrypt_ofb() from `char *` to `data_t` to get rid
of the calls to mbedtls_test_unhexify():

- Change the name of parameters and local variables to
  clarify which ones are related to the outputs of the
  library functions under test and which ones are
  related to the expected values of those outputs.

- Add assertion on fragment_size parameter

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-06-26 10:45:16 +02:00
Ronald Cron
7370185ae3 tests: nist_kw: Prepare to char* to data_t* type change
In preparation of changing the type of some parameters
of mbedtls_nist_kw_wrap/unwrap() from `char *` to `data_t`
to get rid of the calls to mbedtls_test_unhexify():

- Change the name of parameters and local variables to
  clarify which ones are related to the outputs of the
  library functions under test and which ones are
  related to the expected values of those outputs.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-06-26 10:45:16 +02:00
Ronald Cron
7e512718fe tests: chacha20: Prepare to char* to data_t* type change
In preparation of changing the type of some parameters of
test_chacha20() from `char *` to `data_t` to get rid of the
calls to mbedtls_test_unhexify():

- Reduce the size of output[] buffer to 375 as its content
  is "ASCII expended" into a buffer of 751 bytes.
- Align naming of variables to store and check the
  output of mbedtls_chacha20_crypt(). No *dst* variables
  anynore, only *output* variables.
- Use two different buffers to store the expected output
  of mbedtls_chacha20_crypt() (expected_output_str[]) and
  the ASCII string representation of the output of
  mbedtls_chacha20_crypt() (output_string[]). Both were
  stored in dst_str[] before.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-06-26 10:45:16 +02:00
Ronald Cron
4030833bfe tests: hkdf: Prepare to char* to data_t* type change
In preparation of changing the type of some parameters
of test_hkdf() from `char *` to `data_t` to get rid of the
calls to mbedtls_test_unhexify():

- Align naming of variables related to the expected okm
- Rename `okm_hex[]` to `okm_string[]`
- Added TEST_ASSERT( expected_okm_len <= sizeof( okm ) ) to check
  that the okm[] buffer is large enough for the okm output.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-06-26 10:45:16 +02:00
Ronald Cron
e85a2c30bd tests: aria: Prepare to char* to data_t* type change
In preparation of changing the type of some parameters
of some test functions from `char *` to `data_t` to get
rid of the calls to mbedtls_test_unhexify():

- Align the name of source data length local variable
  with the name of the local variable containing the
  source data, respectively src_str and src_str_len.
- Change the type of length, index local variables
  from int to size_t.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-06-26 10:45:16 +02:00
Ronald Cron
ddaf99c9d4 build: Add top-level mbedtls_test target
In preparation of linking common test objects in programs,
add the top-level mbedtls_test target.

This target consists of the common test objects.

It is necessary to declare it at the top-level as both
tests and programs will depend on it and it is necessary
to synchronize the compilation of those objects for tests
and programs for the case of parallel building.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-06-26 10:45:09 +02:00
Ronald Cron
f5ea29adcb tests: Improve naming of build common test variables
Use the mbedtls_test_ prefix for (c)make variables
related to test common code.

This aligns with the prefix used for the common test
functions.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-06-26 10:32:20 +02:00
Manuel Pégourié-Gonnard
6d3f20d66b
Merge pull request #3337 from ronald-cron-arm/include_directories
CMake build system: Declare include directories at the target level.
2020-06-26 09:18:37 +02:00
Gilles Peskine
d34e9e450f check_test_cases: parametrize iteration functions by the action
Parametrize the code that iterates over test case descriptions by the
function to apply on each description.

No behavior change.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-06-25 16:19:39 +02:00
Gilles Peskine
fb4f933f8e Rename Python scripts to use '_' and not '-'
You can't import a Python script whose name includes '-'.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-06-25 14:22:06 +02:00
Gilles Peskine
68a98516f6 basic-in-docker: call all.sh for sanity checks
Call all.sh for sanity checks, rather than maintain an explicit list.
This was done in .travis.yml in 3c7ffd7a40

Travis has diverged from basic-in-docker. This commit updates the
description of basic-in-docker to no longer refer to Travis. Alignment
with Travis may be desirable but that is beyond the scope of this commit.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-06-25 14:22:06 +02:00
Janos Follath
4d1884916b Merge branch 'development-restricted' into mbedtls-2.23.0r0 2020-06-25 09:17:25 +01:00
Manuel Pégourié-Gonnard
70fce9831e Simplify test syntax
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-06-25 09:54:46 +02:00
Manuel Pégourié-Gonnard
69b01f7694 Fix logic error in setting client port
We need to do this after we possibly added the proxy.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-06-25 09:52:54 +02:00
Gilles Peskine
04c6b61f43
Merge pull request #2639 from mpg/use-all-sh-checks-for-pre-push
Use all.sh and its component list in pre-push hook
2020-06-23 14:37:16 +02:00
Gilles Peskine
dda104558b
Merge pull request #3419 from ndilieto/development
Pass "certificate policies" extension to callback
2020-06-23 09:35:45 +02:00
Ronald Cron
855274113a cmake: Remove global include directories
Remove the declaration of ./include and ./library
as include directories for all targets.

Prefer being more local and declare include directories
at the target level using target_include_directories().

Note that there is no need to declare explicitely
./include as an include directory for tests as they
inherit it from the "mbed librairies".

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-06-22 16:33:22 +02:00
Gilles Peskine
c96d4e2739
Merge pull request #3410 from mpg/make-coverage-script-deterministic
Make basic-build-test.sh more deterministic
2020-06-22 12:30:48 +02:00
Manuel Pégourié-Gonnard
5430447a6e Adjust comments about SEED synchronisation
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-06-22 10:31:35 +02:00
Manuel Pégourié-Gonnard
25c7dbe342
Merge pull request #3435 from paul-elliott-arm/fix_dangerous_parameters
Remove Dangerous Parameter Passing
2020-06-22 09:37:00 +02:00
Janos Follath
0c00407432
Merge pull request #3430 from bensze01/license
[Forward-port] Add Apache-2.0 headers to all source files
2020-06-18 15:54:26 +01:00
Manuel Pégourié-Gonnard
d335f2b6cb
Merge pull request #3421 from niacat/posix_c_source
Define _POSIX_C_SOURCE to be 200112L, as a minimum for C99.
2020-06-18 13:01:38 +02:00
Nicola Di Lieto
b77fad8ebe test_suite_x509parse.function improvement
as suggested in
https://github.com/ARMmbed/mbedtls/pull/3419#discussion_r441433697

also removed two no longer necessary void casts

Signed-off-by: Nicola Di Lieto <nicola.dilieto@gmail.com>
2020-06-17 17:59:49 +02:00
Nicola Di Lieto
c84b1e6aa0 Pass "certificate policies" extension to callback
Pass the "certificate policies" extension to the callback supplied to
mbedtls_x509_crt_parse_der_with_ext_cb() if it contains unsupported
policies. This allows the callback to fully replicate the behaviour
of the deprecated MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION
configuration.

Signed-off-by: Nicola Di Lieto <nicola.dilieto@gmail.com>
2020-06-17 17:55:29 +02:00
Steven Cooreman
f5a5e45ed1 Refactor equality-testing asserts in SE driver tests to TEST_EQUAL
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2020-06-17 13:54:18 +02:00
Steven Cooreman
a50f28338b Add test to check key ID's from the vendor range are accepted
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2020-06-17 13:52:42 +02:00
danh-arm
c4b6656a91
Merge pull request #3405 from AndrzejKurek/variable-buffers-cid-serialization
Update iv and len context pointers manually when reallocating buffers
2020-06-17 12:26:24 +01:00
Gilles Peskine
392faa2e41
Merge pull request #2669 from RonEld/iotssl_2864
Show failure in ssl-opt.sh  when key export fails
2020-06-16 21:38:13 +02:00
Andrzej Kurek
b657783269
Update iv and len context pointers manually when reallocating buffers
These fields might be shifted accordingly in `ssl_parse_record_header()`
when receiving a connection with CID, so they require a manual update
after calling the generic `mbedtls_ssl_reset_in_out_pointers()`.

This commit also adds a regression test which is run by all.sh.

Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2020-06-16 11:54:51 -04:00
Bence Szépkúti
869746577a Add Apache-2.0 headers to all source files
Also normalize the first line of the copyright headers.

This commit was generated using the following script:

# ========================
#!/bin/sh

# Find scripts
find -path './.git' -prune -o '(' -name '*.c' -o -name '*.cpp' -o -name '*.fmt' -o -name '*.h' ')' -print | xargs sed -i '

# Normalize the first line of the copyright headers (no text on the first line of a block comment)
/^\/\*.*Copyright.*Arm/I {
  i\
/*
  s/^\// /
}

/Copyright.*Arm/I {

  # Print copyright declaration
  p

  # Read the two lines immediately following the copyright declaration
  N
  N

  # Insert Apache header if it is missing
  /SPDX/! i\
 *  SPDX-License-Identifier: Apache-2.0\
 *\
 *  Licensed under the Apache License, Version 2.0 (the "License"); you may\
 *  not use this file except in compliance with the License.\
 *  You may obtain a copy of the License at\
 *\
 *  http://www.apache.org/licenses/LICENSE-2.0\
 *\
 *  Unless required by applicable law or agreed to in writing, software\
 *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT\
 *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\
 *  See the License for the specific language governing permissions and\
 *  limitations under the License.

  # Clear copyright declaration from buffer
  D
}
'
# ========================

Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2020-06-16 17:38:44 +02:00
Paul Elliott
6a81eb6106 Remove Dangerous Parameter Passing
Another coverity bug - #350039

When this test discovers a key of the wrong type, it still throws it
through the export function in order to check that it too will detect
this as a not permitted action. For the buffer and buffer length
arguments it passes in a local pointer (which will most likely be NULL),
and the sizeof that pointer, as it knows that they will never be used.
Coverity rightly (imho) flagged this as suspicious - if we are going to
pass in incorrect parameters, at least make them obviously incorrect, and
ones that will not potentially cause errors if the code later changes.
There is, for example safety checks for zero length buffer, but less
protection for an insufficiently sized one.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2020-06-16 14:34:55 +01:00
Manuel Pégourié-Gonnard
9dfcae8b94
Merge pull request #3426 from paul-elliott-arm/resource_leak
Fix for resource leak in test_suite_ssl
2020-06-16 10:00:18 +02:00
Bence Szépkúti
c7da1fe381 Add Apache-2.0 headers to all scripts
This commit was generated using the following script:

# ========================
#!/bin/sh

# Find scripts
find -path './.git' -prune -o '(' -name '*.gdb' -o -name '*.pl' -o -name '*.py' -o -name '*.sh' ')' -print | xargs sed -i '

# Remove Mbed TLS declaration if it occurs before the copyright line
1,/Copyright.*Arm/I {
  /This file is part of/,$ {
    /Copyright.*Arm/I! d
  }
}

# Convert non-standard header in scripts/abi_check.py to the format used in the other scripts
/"""/,/"""/ {

  # Cut copyright declaration
  /Copyright.*Arm/I {
    h
    N
    d
  }

  # Paste copyright declaration
  /"""/ {
    x
    /./ {
      s/^/# /    # Add #
      x          # Replace orignal buffer with Copyright declaration
      p          # Print original buffer, insert newline
      i\

      s/.*//     # Clear original buffer
    }
    x
  }
}

/Copyright.*Arm/I {

  # Print copyright declaration
  p

  # Read the two lines immediately following the copyright declaration
  N
  N

  # Insert Apache header if it is missing
  /SPDX/! {
    i\
# SPDX-License-Identifier: Apache-2.0\
#\
# Licensed under the Apache License, Version 2.0 (the "License"); you may\
# not use this file except in compliance with the License.\
# You may obtain a copy of the License at\
#\
# http://www.apache.org/licenses/LICENSE-2.0\
#\
# Unless required by applicable law or agreed to in writing, software\
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT\
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\
# See the License for the specific language governing permissions and\
# limitations under the License.

    # Insert Mbed TLS declaration if it is missing
    /This file is part of/! i\
#\
# This file is part of Mbed TLS (https://tls.mbed.org)
  }

  # Clear copyright declaration from buffer
  D
}
'
# ========================

Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2020-06-15 12:05:47 +02:00
Bence Szépkúti
700ee44545 Add missing copyright dates to scripts and sources
To find any files with a missing copyright declaration, use the following script:

# ========================
#!/bin/sh

# Find files with copyright declarations, and list their file extensions
exts=$(grep -Ril --exclude-dir .git --exclude-dir 3rdparty\
                 --exclude-dir programs/fuzz 'Copyright.*Arm' | sed '
  s/.*\///
  s/.*\./*./
  s/.*/-name "&"/
' | sort -u | sed -n '
  :l
    N
    $!bl
  s/\n/ -o /gp
')

# Find files with file extensions that ususally include copyright extensions,
# but don't include a copyright declaration themselves.
eval "find\
  '(' -path './.git' -o -path './3rdparty' -o -path './programs/fuzz' ')' -prune\
  -o ! -path './tests/data_files/format_pkcs12.fmt'\
     ! -path './programs/psa/psa_constant_names_generated.c'\
     '(' $exts ')' -print" | xargs grep -Li 'Copyright.*Arm'
# ========================

Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2020-06-15 12:05:46 +02:00
Manuel Pégourié-Gonnard
b21b1f5e7c
Merge pull request #3387 from ronald-cron-arm/tests-common-code
Add support to build and link common code in tests
2020-06-15 11:33:19 +02:00
Ron Eldor
65d8c2651d Show failure in ssl-opts.sh when key export fails
1. When `ssl_server2` export key functionality fails,
don't exit the server, but reset it, to have the
server recover for next connection.
2. Add text filters for `export keys functionality` test in ssl-opt.sh
to check for additional output, to verify if the export suceeded.

This was discovered in the `ssl-opt.sh` script, where the server exited,
before the test tried to kill the server priocess, resulting in a
`kill: No such process` message.

Fixes #2662

Signed-off-by: Ron Eldor <Ron.Eldor@arm.com>
2020-06-15 11:21:41 +03:00
Ronald Cron
6c5bd7fd51 tests: Reformating due to rnd_* renaming
Command to find the files in which lines have gone
larger than 79 characters due to the renaming:

grep '.\{80\}' \
    `git diff-tree --no-commit-id --name-only -r HEAD` \
    | grep "\<mbedtls_test_rnd_"

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-06-12 14:33:08 +02:00
Ronald Cron
351f0eee20 tests: Add mbedtls_test_ prefix to rnd_* symbols
Add mbedtls_test_ prefix to rnd_buf_info and
rnd_pseudo_info types, to rnd_std_rand(),
rnd_zero_rand(), rnd_buffer_rand() and
rnd_pseudo_rand() functions.

Command to change *.function files:
find . -name "*.function" -exec awk -i inplace \
    '{sub(/rnd_(buf_info|pseudo_info|std_rand| \
    zero_rand|buffer_rand|pseudo_rand)/, \
    "mbedtls_test_&")}1' {} \;

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-06-12 14:33:08 +02:00
Ronald Cron
2dbba99708 tests: Reformating due to hexcmp() renaming
Command to find the files in which lines have gone
larger than 79 characters due to the renaming:

grep '.\{80\}' \
`git diff-tree --no-commit-id --name-only -r HEAD` \
| grep hexcmp

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-06-12 14:33:08 +02:00
Ronald Cron
de70b165a4 tests: Add mbedtls_test_ prefix to hexcmp()
Add mbedtls_test_ prefix to hexcmp() test helper
function.

Command to change *.function files:
find . -name "*.function" -exec awk -i inplace \
    '{sub(/hexcmp\>/,"mbedtls_test_&")}1' {} \;

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-06-12 14:33:08 +02:00
Ronald Cron
f73ab008d2 tests: Reformating due to unhexify_alloc() renaming
Command to find the files in which lines have gone
larger than 79 characters due to the renaming:

grep '.\{80\}' \
    `git diff-tree --no-commit-id --name-only -r HEAD` \
    | grep unhexify_alloc

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-06-12 14:33:08 +02:00
Ronald Cron
a256c7025f tests: Add mbedtls_test_ prefix to unhexify_alloc()
Add mbedtls_test_ prefix to unhexify_alloc() test helper
functions.

Command to change *.function files:
find . -name "*.function" -exec awk -i inplace \
    '{sub(/unhexify_alloc\>/,"mbedtls_test_&")}1' {} \;

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-06-12 14:33:08 +02:00
Ronald Cron
690f3ebe92 tests: Add mbedtls_test_ prefix to zero_alloc()
Add mbedtls_test_ prefix to zero_alloc() test helper
function.

Command to change *.function files:
find . -name "*.function" -exec awk -i inplace \
    '{sub(/zero_alloc/,"mbedtls_test_&")}1' {} \;

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-06-12 14:33:08 +02:00
Ronald Cron
ff31eab938 tests: Reformating due to *hexify functions renaming
Command to find the files in which lines have gone
larger than 79 characters due to the renaming:

grep '.\{80\}' \
`git diff-tree --no-commit-id --name-only -r HEAD` \
| grep hexify

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-06-12 14:33:08 +02:00
Ronald Cron
72d628f7f5 tests: Add mbedtls_test_ prefix to *hexify functions
Add mbedtls_test_ prefix to hexify() and unhexify()
test helper functions.

Command to change *.function files:
find . -name "*.function" -exec awk -i inplace \
    '{sub(/(un|)hexify\>/,"mbedtls_test_&")}1' {} \;

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-06-12 14:33:08 +02:00
Ronald Cron
e9c09f1efc tests: Add mbedtls_test_ prefix to platform_* functions
Add mbedtls_test_ prefix to platform_setup() and
platform_teardown() test helper functions.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-06-12 14:33:08 +02:00
Ronald Cron
2058d56fcc tests: Move random helper functions
Move helper functions to generate random numbers
from helpers.functions to random.c.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-06-12 14:33:08 +02:00
Ronald Cron
b7eb67fb74 tests: Add random.c and random.h files
The purpose of random.c file is to contain the helper
functions to generate random numbers that have been
in helpers.function so far.

The purpose of random.h is to contain the interface
exposed by random.c thus helper function prototypes.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-06-12 14:33:08 +02:00
Ronald Cron
f40529d5f4 tests: Move generic helper functions
Move generic helper functions from helpers.functions
to helpers.c

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-06-12 14:33:08 +02:00
Ronald Cron
b6d6d4c61a tests: Add helpers.c and helpers.h files
The purpose of helpers.c file is to contain the helper
functions that have been in helpers.function so far and
that are not related to the mechanism of unit test
execution and not related to random number generation
(will be moved in a dedicated file).

The purpose of helpers.h is to contain the interface
exposed by helpers.c thus helper function prototypes.

Make the changes in the build systems (make and cmake)
to build helpers.c and link it to test executables
along with mbedtls library.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-06-12 14:33:00 +02:00
Paul Elliott
6f1eda710c Fix for resource leak in test_suite_ssl
Fix for coverity bugs 349041, 349052

Allocated pointers could potentially be leaked in the case of errors.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2020-06-11 20:27:08 +01:00
nia
1c0c837ddc Define _POSIX_C_SOURCE to be 200112L, as a minimum for C99.
Strict platforms cannot be expected to accept C99 code as valid
when earlier standards versions are selected.

This helps the programs build on Solaris-like platforms (e.g.
illumos).

Fixes #3420

Signed-off-by: nia <nia@netbsd.org>
2020-06-11 18:39:28 +01:00
Janos Follath
5b66d44f5a
Merge pull request #3195 from paul-elliott-arm/development
Add min/max version negotiation to unit tests
2020-06-10 16:03:58 +01:00
Ronald Cron
849930a50e tests: Move generic macros to macros.h
Move generic macros from helpers.function to macros.h.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-06-10 16:03:47 +02:00
Ronald Cron
4b8b199ead tests: Add macros.h include file
Just adding an empty file. The purpose of this header
file is to contain the definition of generic macros
used for the purpose of testing.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-06-10 16:03:47 +02:00
Ronald Cron
f91c495379 tests: helpers: Update static qualifiers
In preparation of moving the content of helpers.function
to its own compilation unit, remove/add static qualifiers
where appropriate.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-06-10 16:03:47 +02:00
Ronald Cron
02c78b7825 tests: Create an include folder
Create an include folder dedicated to include files for
tests. With the upcoming work on tests for PSA crypto
drivers the number of includes specific to tests is going
to increase significantly thus create a dedicated folder.

Don't put the include files in the include folder but in
include/test folder. This way test headers can be included
using a test/* path pattern as mbedtls and psa headers
are included using an mbedtls/* and psa/* path pattern.
This makes explicit the scope of the test headers.

Move the existing includes for tests into include/test and
update the code and build systems (make and cmake)
accordingly.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-06-10 16:03:05 +02:00
Manuel Pégourié-Gonnard
87a51aa08e
Merge pull request #3243 from ndilieto/development
New mbedtls_x509_crt_parse_der_with_ext_cb() routine
2020-06-10 12:59:58 +02:00
danh-arm
15fee93121
Merge pull request #3363 from bensze01/zeroize
Remove hardcoded line number from the zeroize test
2020-06-10 11:31:38 +01:00
okhowang(王沛文)
3c1b090e58 Use FindPython3 when cmake version >= 3.15.0
Signed-off-by: okhowang(王沛文) <okhowang@tencent.com>
2020-06-10 10:21:50 +08:00
Paul Elliott
c857044e94 Add min/max version negotiation to unit tests
Add the min/max version negotiation tests from ssl-opt.sh as unit
tests for the sake of utility and easier running of tests during
development

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2020-06-09 17:00:58 +01:00
Bence Szépkúti
5620d71d58 Remove hardcoded line number from the zeroize test
Instead, we insert a comment containing GDB_BREAK_HERE in the line we
want to break at, and let the gdb script search for it.

Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2020-06-09 12:52:04 +02:00
Steven Cooreman
223f2877be Add test to check that volatile external keys do not get persisted
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2020-06-08 18:35:16 +02:00
Steven Cooreman
8335f41cda Enable figuring out number of cores when running on OS X
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2020-06-08 18:20:08 +02:00
Manuel Pégourié-Gonnard
e050191ef5 Make basic-build-test.sh deterministic
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-06-08 13:04:10 +02:00
Manuel Pégourié-Gonnard
d06125c649 ssl-opt.sh: include test name in log files
This is a convenience for when we get log files from failed CI runs, or attach
them to bug reports, etc.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-06-08 12:06:21 +02:00
Manuel Pégourié-Gonnard
3f3302f183 ssl-opt.sh: remove old buildbot-specific condition
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-06-08 11:49:05 +02:00
Manuel Pégourié-Gonnard
f45578648a ssl-opt.sh: add proxy to all DTLS tests
A lot of DTLS test are timing-sensitive, especially those that contain
assertions about retransmission. Sometimes some DTLS test fails intermittently
on the CI with no clear apparent reason; we need more information in the log
to understand the cause of those failures.

Adding a proxy means we'll get timing information from the proxy logs.

An alternative would be to add timing information to the debug output of
ssl_server2 and ssl_client2. But that's more complex because getting
sub-second timing info is outside the scope of the C standard, and our current
timing module only provides a APi for sub-second intervals, not absolute time.
Using the proxy is easier as it's a single point that sees all messages, so
elapsed time is fine here, and it's already implemented in the proxy output.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-06-08 11:40:06 +02:00
Manuel Pégourié-Gonnard
304b099534 all.sh: clean up some uses of "local" variables
While pure sh doesn't have a concept of local variables, we can partially
emulate them by unsetting variables before we exit the function, and use the
convention of giving them lowercase names to distinguish from global
variables.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-06-08 11:01:59 +02:00
Manuel Pégourié-Gonnard
f1f180a6a1 all.sh: keep dd output in non-quiet mode
Since dd prints everything on stderr, both normal status update and actual
errors when they occur, redirecting that to /dev/null is a trade-off that's
acceptable in quiet mode (typically used on a developer's machine and the
developer will re-run in non-quiet mode if anything fails without sufficient
detail in the output), but not that much in non-quiet mode.

For example, if our dd invocation fails because the disk in full on a CI
machine, we want the error to be reported at the time we invoke dd, and not
later when a seemingly unrelated test fails due to an incorrect seedfile.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-06-08 10:46:35 +02:00
Manuel Pégourié-Gonnard
21b3d12066
Merge pull request #3374 from danh-arm/dh/branch-cov
Enable branch coverage in basic_build_test.sh
2020-06-08 10:15:06 +02:00
Manuel Pégourié-Gonnard
53fb66db12 Add support for RESTARTABLE with internal RNG
Currently we draw pseudo-random numbers at the beginning and end of the main
loop. With ECP_RESTARTABLE, it's possible that between those two occasions we
returned from the multiplication function, hence lost our internal DRBG
context that lives in this function's stack frame. This would result in the
same pseudo-random numbers being used for blinding in multiple places. While
it's not immediately clear that this would give rise to an attack, it's also
absolutely not clear that it doesn't. So let's avoid that by using a DRBG
context that lives inside the restart context and persists across
return/resume cycles. That way the RESTARTABLE case uses exactly the
same pseudo-random numbers as the non-restartable case.

Testing and compile-time options:

- The case ECP_RESTARTABLE && !ECP_NO_INTERNAL_RNG is already tested by
  component_test_no_use_psa_crypto_full_cmake_asan.
- The case ECP_RESTARTABLE && ECP_NO_INTERNAL_RNG didn't have a pre-existing
  test so a component is added.

Testing and runtime options: when ECP_RESTARTABLE is enabled, the test suites
already contain cases where restart happens and cases where it doesn't
(because the operation is short enough or because restart is disabled (NULL
restart context)).

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-06-08 09:09:20 +02:00
Manuel Pégourié-Gonnard
1a3f9edc08 Add config.h option MBEDTLS_ECP_NO_INTERNAL_RNG
No effect so far, except on dependency checking, as the feature it's meant to
disable isn't implemented yet (so the descriptions in config.h and the
ChangeLog entry are anticipation for now).

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-06-08 09:09:20 +02:00
Manuel Pégourié-Gonnard
a7f6d25e12
Merge pull request #3400 from mpg/fix-hmac-drbg-deps-dev
Fix undeclared dependencies on HMAC_DRBG and add test
2020-06-05 11:50:02 +02:00
Manuel Pégourié-Gonnard
e860fef438
Merge pull request #3318 from Jonas4420/development
Fix potential memory leak in EC multiplication
2020-06-05 11:43:52 +02:00