Commit Graph

16701 Commits

Author SHA1 Message Date
Morph
3ef96cc1ad SHA: Use SHA-NI intrinsics to speed up SHA256 hashing 2022-05-06 22:22:19 -04:00
Valdemar Bucilko
00d92c2989 x64 intrinsics for msvc in bn_mul, timing and aesni modules
AES-NI implementation for MSVC x64 using intrinsics.
Implement rdtsc timing function using intrinsics for x64.
Use 128bit-result multiply on msvc/x64.
2022-05-06 21:46:45 -04:00
Morph
6e270b44b1 CMakeLists: Disable building programs and tests
This caused issues when building mbedtls on MSVC for yuzu.
2022-05-06 21:46:22 -04:00
Morph
81b04fbb3f config: Enable CMAC
AES-CMAC generation is used within yuzu.
2022-05-06 21:46:22 -04:00
Paul Elliott
bd7e048844
Merge pull request #5816 from paul-elliott-arm/travis_project_2.28
Backport 2.28: Revert Coverity project name change in Travis
2022-05-06 19:11:01 +01:00
Paul Elliott
211c69dab8 Revert Coverity project name change
Although Coverity have now changed their URL to point at the new
project, they did not change the project name, it would seem.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2022-05-06 14:10:42 +01:00
Paul Elliott
9c4f159f75
Merge pull request #5805 from paul-elliott-arm/travis_coverity_fix_2.28
Backport 2.28: Rotate coverity secret token in travis
2022-05-05 18:10:52 +01:00
Paul Elliott
9a0c8ed030
Merge pull request #5802 from wernerlewis/asn1_memcpy_null_2.28
[Backport 2.28] Fix memcpy() UB in mbedtls_asn1_named_data()
2022-05-04 23:20:34 +01:00
Werner Lewis
6342debc72 Add ChangeLog entry
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
2022-05-04 16:27:54 +01:00
Paul Elliott
08f803f9e9 Change coverity secret token in travis
Travis stopped being able to push builds to coverity due to the token
apparently being no longer valid. Rotating the token to see if that
fixes things.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2022-05-04 14:19:44 +01:00
Werner Lewis
12ddae870c Fix memcpy() UB in mbedtls_asn1_named_data()
Removes a case in mbedtls_asn1_named_data() where memcpy() could be
called with a null pointer and zero length. A test case is added for
this code path, to catch the undefined behavior when running tests with
UBSan.

Signed-off-by: Werner Lewis <werner.lewis@arm.com>
2022-05-04 12:23:26 +01:00
Gilles Peskine
585a412129
Merge pull request #5760 from tom-daubney-arm/2-28_correct_x509_flag_parse_tests
[Backport 2.28] Set flag to proper value in x509 parse tests
2022-04-28 18:27:41 +02:00
Gilles Peskine
9aa892b833
Merge pull request #5754 from gilles-peskine-arm/psa-storage-format-test-exercise-2.28
Backport 2.28: PSA storage format: exercise key
2022-04-28 18:20:09 +02:00
Gilles Peskine
f87d84361c
Merge pull request #5740 from gilles-peskine-arm/psa-crypto-config-file-2.28
Backport 2.28: Support alternative MBEDTLS_PSA_CRYPTO_CONFIG_FILE
2022-04-28 18:17:45 +02:00
Gilles Peskine
4d6070ca6d
Merge pull request #5778 from mpg/doc-allowed-pks-2.28
[Backport 2.28] Fix documentation of allowed_pks field in mbedtls_x509_crt_profile
2022-04-28 18:13:52 +02:00
Gilles Peskine
238f976ad1 Note that MBEDTLS_CONFIG_FILE can't be defined inside the config file
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-26 18:13:01 +02:00
Gilles Peskine
8290976801 Fix references to mbedtls_config.h
These were a mistake when backporting the change from the development
branch, where mbedtls/config.h has been renamed to mbedtls/mbedtls_config.h.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-26 18:10:11 +02:00
Manuel Pégourié-Gonnard
2b28e4ecee Clarify wording of documentation
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-04-25 11:57:09 +02:00
Hanno Becker
c61543dc71 Adapt ChangeLog
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-04-25 11:57:09 +02:00
Hanno Becker
f501cb57a5 Clarify documentation of mbedtls_x509_crt_profile
This commit fixes #1992: The documentation of mbedtls_x509_crt_profile
previously stated that the bitfield `allowed_pks` defined which signature
algorithms shall be allowed in CRT chains. In actual fact, however,
the field also applies to guard the public key of the end entity
certificate.

This commit changes the documentation to state that `allowed_pks`
applies to the public keys of all CRTs in the provided chain.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-04-25 11:57:09 +02:00
Gilles Peskine
500e48f095 Consistently use "ARC4" in PSA docs and comments
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-25 09:49:39 +02:00
Gilles Peskine
988391d1cb
Merge pull request #5769 from mpg/ecdsa-range-test-2.28
[Backport 2.28]  Expand negative coverage of ECDSA verification
2022-04-22 16:43:41 +02:00
Gilles Peskine
8e9e1f6819
Merge pull request #5744 from mpg/benchmark-ecc-heap-2.28
[backport 2.28]  Improve benchmarking of ECC heap usage
2022-04-22 16:43:04 +02:00
Manuel Pégourié-Gonnard
5aeb61ccb4 Improve readability and relevance of values
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-04-22 10:38:38 +02:00
Manuel Pégourié-Gonnard
bcaba030ec Expand negative coverage of ECDSA verification
Motivated by CVE-2022-21449, to which we're not vulnerable, but we
didn't have a test for it. Now we do.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-04-22 10:38:38 +02:00
Gilles Peskine
35de7b013a
Merge pull request #5741 from gilles-peskine-arm/depends-curves-positive-only-2.28
Backport 2.28: Don't test with all-but-one elliptic curves
2022-04-21 12:34:47 +02:00
Gilles Peskine
f7a101af3c
Merge pull request #5730 from gilles-peskine-arm/ssl-opt-auto-psk-2.28
Backport 2.28: Run ssl-opt.sh in more reduced configurations
2022-04-21 12:03:43 +02:00
Gilles Peskine
b973ae43db Use MAX_SIZE macros instead of hard-coding IV/nonce max size
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-21 11:14:52 +02:00
Gilles Peskine
b534759e19 Remove redundant initialization of iv_length
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-21 11:14:30 +02:00
Gilles Peskine
62de767b27 test_psa_crypto_config_accel_ecdsa: disable obsolete hashes
MD2 and MD4 were declared as enabled (PSA_WANT_ALG_MD{2,4} defined) but not
actually implemented in the test driver (MBEDTLS_MD{2,4}_C) not defined. Fix
this inconsistency caued deterministic ECDSA tests using those hashes to
fail. Now MD2 and MD4 are consistently off and the offending test cases
don't run.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-21 11:05:16 +02:00
Thomas Daubney
b84f8d4e88 Corrects flag set in tests
Corrects flag value from 0xFFFFFFF to 0xFFFFFFFF in
x509 parse tests.

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
2022-04-21 08:35:29 +01:00
Gilles Peskine
784e65b7e2 Add RC4 positive test
Only 128-bit keys are supported.

Test data from RFC 6229.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-20 20:58:04 +02:00
Gilles Peskine
4da5a85f80 cipher_alg_without_iv: also test multipart operations
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-20 20:58:04 +02:00
Gilles Peskine
69d9817a66 cipher_alg_without_iv: generalized to also do decryption
Test set_iv/generate_iv after decrypt_setup. Test successful decryption.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-20 20:58:04 +02:00
Gilles Peskine
5f50420dc8 cipher_encrypt_alg_without_iv: validate size macros independently
Validate the size macros directly from the output length in the test data,
rather than using the value returned by the library. This is equivalent
since the value returned by the library is checked to be identical.

Enforce that SIZE() <= MAX_SIZE(), in addition to length <= SIZE(). This is
stronger than the previous code which merely enforced length <= SIZE() and
length <= MAX_SIZE().

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-20 20:58:04 +02:00
Gilles Peskine
4a83c1047f Fix RC4 multipart PSA
RC4 doesn't take an IV.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-20 20:58:04 +02:00
Gilles Peskine
c768600de7 Mbed TLS supports RC4 only with 128-bit keys
In PSA tests, don't try to exercise RC4 keys with other sizes. Do test that
attempts to use RC4 keys of other sizes fail with NOT_SUPPORTED (import does
work, which is not really useful, but removing import support would
technically break backward compatibility).

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-20 20:58:04 +02:00
Gilles Peskine
ce78c9600f Rename and document mac_or_tag_lengths -> permitted_truncations
No behavior change.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-20 20:58:04 +02:00
Gilles Peskine
b8bd61a6ed No need to recalculate iv_length
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-20 20:58:04 +02:00
Gilles Peskine
913c01f978 Fix digits in octal constant
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-20 20:58:04 +02:00
Gilles Peskine
65bc92a425 Don't try to perform operations when driver support is lacking
We test some configurations using drivers where the driver doesn't
support certain hash algorithms, but declares that it supports
compound algorithms that use those hashes. Until this is fixed,
in those configurations, don't try to actually perform operations.

The built-in implementation of asymmetric algorithms that use a
hash internally only dispatch to the internal md module, not to
PSA. Until this is supported, don't try to actually perform
operations when the operation is built-in and the hash isn't.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-20 20:58:04 +02:00
Gilles Peskine
6e8a4b87ea
Merge pull request #5747 from AndrzejKurek/raw-key-agreement-fail-2-28
Backport 2.28: Add a test for a raw key agreement failure
2022-04-19 14:00:34 +02:00
Gilles Peskine
36019d5182 Use terse output from lsof
This both simplifies parsing a little, and suppresses warnings. Suppressing
warnings is both good and bad: on the one hand it resolves problems such as
https://github.com/Mbed-TLS/mbedtls/issues/5731, on the other hand it may
hide clues as to why lsof wouldn't be working as expected.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-16 11:21:38 +02:00
Gilles Peskine
e8133cbecc test_cmake_out_of_source: validate that ssl-opt passed
If the ssl-opt test case was skipped, the test was ineffective.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-16 11:21:38 +02:00
Gilles Peskine
719a652834 Fix REMOVE_ARC4 test case dependencies
When ARC4 ciphersuites are compiled in, but removed from the default list,
requires_ciphersuite_enabled does not consider them to be enabled. Therefore
test cases for MBEDTLS_REMOVE_ARC4_CIPHERSUITES, which must run in such
configurations, must not use requires_ciphersuite_enabled.

Instead, require the corresponding cryptographic mechanisms. In addition,
for the test case "RC4: both enabled", bypass the automatic ciphersuite
support detection based on force_ciphersuite= that would otherwise cause
this test case to be skipped. (This automatic detection doesn't cause the
negative tests to be skipped because it has an exception whenthe handshake
is supposed to fail.)

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-15 20:10:37 +02:00
Gilles Peskine
041388af2a Short-tag AEAD with the nominal length are encoded as nominal AEAD
`PSA_ALG_AEAD_WITH_SHORTENED_TAG(aead_alg, len) == aead_alg` when
`len == PSA_AEAD_TAG_LENGTH(aead_alg)`. So skip this case when testing
the printing of constants.

This fixes one test case due to the way arguments of
`PSA_ALG_AEAD_WITH_SHORTENED_TAG` are enumerated (all algorithms are tested
for a value of `len` which isn't problematic, and all values of `len` are
tested for one algorithm).

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-15 16:15:48 +02:00
Gilles Peskine
9d3706fb7f exercise_key: support combined key agreement+derivation algorithms
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-15 16:15:48 +02:00
Gilles Peskine
8ddced5b1b Only exercise Brainpool curve keys on one algorithm
There's nothing wrong with ECC keys on Brainpool curves,
but operations with them are very slow. So we only exercise them
with a single algorithm, not with all possible hashes. We do
exercise other curves with all algorithms so test coverage is
perfectly adequate like this.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-15 16:15:48 +02:00
Gilles Peskine
cb451702b4 Public keys can't be used as private-key inputs to key agreement
The PSA API does not use public key objects in key agreement
operations: it imports the public key as a formatted byte string.
So a public key object with a key agreement algorithm is not
a valid combination.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-15 16:15:48 +02:00
Gilles Peskine
32611243d4 Don't exercise OAEP with small key and large hash
RSA-OAEP requires the key to be larger than a function of the hash size.
Ideally such combinations would be detected as a key/algorithm
incompatibility. However key/algorithm compatibility is currently tested
between the key type and the algorithm without considering the key size, and
this is inconvenient to change. So as a workaround, dispense
OAEP-with-too-small-hash from exercising, without including it in the
automatic operation-failure test generation.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-15 16:15:48 +02:00