Commit Graph

3612 Commits

Author SHA1 Message Date
Gilles Peskine
1838e82190 Rename psa_helpers.function to psa_crypto_helpers.h
This file isn't like the other .function files: it isn't concatenated
by a separate preprocessing script, but included via C preprocessing.

Rename this file to .h. This isn't a normal C header, because it
defines auxiliary functions. But the functions aren't big and we only
have one compilation unit per executable, so this is good enough for
what we're doing.
2019-06-20 12:40:56 +02:00
Gilles Peskine
982fe790c1 Remove unused functions
These functions became obsolete when the key export format changed
from including the SubjectPublicKeyInfo to being just the key
material.
2019-06-19 18:23:21 +02:00
Jaeden Amero
c54ee936d7 Merge remote-tracking branch 'origin/pr/2443' into development
* origin/pr/2443: (25 commits)
  Fix documentation of X.509 parsing test
  Add X.509 CRT parsing test for mixed time-encodings
  Improve X.509 CRT parsing test names
  Add negative X.509 parsing tests for v3Ext in v1/v2 CRT
  Add negative X.509 parsing tests for IssuerID/SubjectID in v1 CRT
  Improve name of X.509 CRT parsing test
  Always use the same X.509 alg structure inside and outside of TBS
  Fix test dependencies in X.509 CRT parsing suite
  Fix non-DER length encoding in two X.509 CRT parsing tests
  Fix test case name formatting in X.509 parsing suite
  Use ASN.1 NULL TLVs when testing invalid tags
  Shorten X.509 CRT parsing test names
  Extend negative testing for X.509 Signature parsing
  Extend negative testing for X.509 SignatureAlgorithm parsing
  Extend negative testing for X.509 v3 Extension parsing
  Extend negative testing for X.509 SubjectID parsing
  Extend negative testing for X.509 IssuerID parsing
  Extend negative testing for X.509 SubjectPublicKeyInfo parsing
  Extend negative testing for X.509 Subject parsing
  Extend negative testing for X.509 Validity parsing
  ...
2019-06-14 15:29:14 +01:00
Jaeden Amero
7af080a9f9 Merge remote-tracking branch 'origin/pr/2442' into development
* origin/pr/2442:
  Correct placement of ChangeLog entry
  Improve documentation of mbedtls_x509_get_ext()
  Adapt ChangeLog
  Always return a high-level error code from X.509 module
  Obey bounds of ASN.1 substructures
2019-06-14 15:27:42 +01:00
Gilles Peskine
adcde5e997 Add all.sh component that exercises invalid_param checks
With the change to the full config, there were no longer any tests
that exercise invalid-parameter behavior. The test suite exercises
invalid-parameter behavior by calling TEST_INVALID_PARAM and friends,
relying on the test suite's mbedtls_check_param function. This
function is only enabled if MBEDTLS_CHECK_PARAMS is defined but not
MBEDTLS_CHECK_PARAMS_ASSERT.

Add a component to all.sh that enables MBEDTLS_CHECK_PARAMS but
disables MBEDTLS_CHECK_PARAMS_ASSERT and doesn't define
MBEDTLS_PARAM_FAILED. This way, the xxx_invalid_param() tests do run.
Since sample programs don't provide a mbedtls_check_param function,
this component doesn't build the sample programs.
2019-06-14 13:09:13 +02:00
Jaeden Amero
6b5dc689f7 Merge remote-tracking branch 'origin/pr/2430' into development
* origin/pr/2430:
  Document support for MD2 and MD4 in programs/x509/cert_write
  Correct name of X.509 parsing test for well-formed, ill-signed CRT
  Add test cases exercising successful verification of MD2/MD4/MD5 CRT
  Add test case exercising verification of valid MD2 CRT
  Add MD[245] test CRTs to tree
  Add instructions for MD[245] test CRTs to tests/data_files/Makefile
  Add suppport for MD2 to CSR and CRT writing example programs
  Remove use of MD2 in further x509parse tests
  Convert further x509parse tests to use lower-case hex data
  Correct placement of ChangeLog entry
  Adapt ChangeLog
  Use SHA-256 instead of MD2 in X.509 CRT parsing tests
  Consistently use lower case hex data in X.509 parsing tests
2019-06-14 08:49:31 +01:00
Jaeden Amero
e1b02df515 Merge remote-tracking branch 'origin/pr/2260' into development
* origin/pr/2260:
  Update crypto submodule
  Remove heading spaces in tests/data_files/Makefile
  Re-generate library/certs.c from script
  Add new line at the end of test-ca2.key.enc
  Use strict syntax to annotate origin of test data in certs.c
  Add run to all.sh exercising !MBEDTLS_PEM_PARSE_C + !MBEDTLS_FS_IO
  Allow DHM self test to run without MBEDTLS_PEM_PARSE_C
  ssl-opt.sh: Auto-skip tests that use files if MBEDTLS_FS_IO unset
  Document origin of hardcoded certificates in library/certs.c
  Adapt ChangeLog
  Rename server1.der to server1.crt.der
  Add DER encoded files to git tree
  Add build instructions to generate DER versions of CRTs and keys
  Document "none" value for ca_path/ca_file in ssl_client2/ssl_server2
  ssl_server2: Skip CA setup if `ca_path` or `ca_file` argument "none"
  ssl_client2: Skip CA setup if `ca_path` or `ca_file` argument "none"
  Correct white spaces in ssl_server2 and ssl_client2
  Adapt ssl_client2 to parse DER encoded test CRTs if PEM is disabled
  Adapt ssl_server2 to parse DER encoded test CRTs if PEM is disabled
2019-06-14 08:46:48 +01:00
Gilles Peskine
9e23bea692 Make test suites compatible with #include <assert.h>
Don't use the macro name assert. It's technically permitted as long as
<assert.h> is not included, but it's fragile, because it means the
code and any header that it includes must not include <assert.h>.
2019-06-13 15:13:43 +02:00
Gilles Peskine
e7655df7be Make test suites compatible with #include <assert.h>
Don't use the macro name assert. It's technically permitted as long as
<assert.h> is not included, but it's fragile, because it means the
code and any header that it includes must not include <assert.h>.
2019-06-13 15:12:23 +02:00
Hanno Becker
61cf9e3ca3 Fix documentation of X.509 parsing test 2019-06-13 13:32:44 +01:00
Jaeden Amero
a3daa21d8c Merge remote-tracking branch 'origin/pr/2678' into development
* origin/pr/2678:
  Update crypto submodule to 1.1.0d2
  all.sh: Perform targeted EtM tests for MAC-less configs
  ssl: Don't access non-existent encrypt_then_mac field
2019-06-10 11:00:14 +01:00
Gilles Peskine
5d26e7cbfe Pass -m32 to the linker as well
For unit tests and sample programs, CFLAGS=-m32 is enough to get a
32-bit build, because these programs are all compiled directly
from *.c to the executable in one shot. But with makefile rules that
first build object files and then link them, LDFLAGS=-m32 is also
needed.
2019-06-07 18:15:37 +02:00
Jaeden Amero
b01314683a test: Remove redundant 0-byte decryption test
Remove the "Decrypt empty buffer" test, as ChaCha20 is a stream cipher
and 0 bytes encrypted is identical to a 0 length buffer. The "ChaCha20
Encrypt and decrypt 0 bytes" test will test decryption of a 0 length
buffer.
2019-06-07 12:57:33 +01:00
Jaeden Amero
5ab80efa10 test: Check empty buffer decryption for chachapoly
Previously, even in the Chacha20 and Chacha20-Poly1305 tests, we would
test that decryption of an empty buffer would work with
MBEDTLS_CIPHER_AES_128_CBC.

Make the cipher used with the dec_empty_buf() test configurable, so that
Chacha20 and Chacha20-Poly1305 empty buffer tests can use ciphers other
than AES CBC. Then, make the Chacha20 and Chacha20-Poly1305 empty buffer
tests use the MBEDTLS_CIPHER_CHACHA20 and
MBEDTLS_CIPHER_CHACHA20_POLY1305 cipher suites.
2019-06-07 12:57:33 +01:00
Jaeden Amero
2353b542d9 test: Remove redundant 0-byte decryption test
Remove the "Decrypt empty buffer" test, as ChaCha20 is a stream cipher
and 0 bytes encrypted is identical to a 0 length buffer. The "ChaCha20
Encrypt and decrypt 0 bytes" test will test decryption of a 0 length
buffer.
2019-06-06 11:56:54 +01:00
Jaeden Amero
ab11889958 test: Check empty buffer decryption for chachapoly
Previously, even in the Chacha20 and Chacha20-Poly1305 tests, we would
test that decryption of an empty buffer would work with
MBEDTLS_CIPHER_AES_128_CBC.

Make the cipher used with the dec_empty_buf() test configurable, so that
Chacha20 and Chacha20-Poly1305 empty buffer tests can use ciphers other
than AES CBC. Then, make the Chacha20 and Chacha20-Poly1305 empty buffer
tests use the MBEDTLS_CIPHER_CHACHA20 and
MBEDTLS_CIPHER_CHACHA20_POLY1305 cipher suites.
2019-06-06 11:56:54 +01:00
Gilles Peskine
dd413d3c92 Test shutdown without closing handles
Add some test cases that shut down and restart without explicitly
closing handles, and check that the handles are properly invalidated.
2019-06-05 16:38:42 +02:00
Gilles Peskine
76b29a77fb Close or destroy keys explicitly in tests 2019-06-05 16:38:42 +02:00
Gilles Peskine
1153e7bd57 Replace all calls to mbedtls_psa_crypto_free by PSA_DONE
Replace all calls to mbedtls_psa_crypto_free in tests by PSA_DONE.
This is correct for most tests, because most tests close open keys. A
few tests now fail; these tests need to be reviewed and switched back
to mbedtls_psa_crypto_free if they genuinely expected to end with some
slots still in use.
2019-06-05 16:38:42 +02:00
Gilles Peskine
a6d252a986 New macro PSA_DONE for a clean PSA shutdown
The new macro PSA_DONE calls mbedtls_psa_crypto_free, but before that,
it checks that no key slots are in use. The goal is to allow tests to
verify that functions like psa_close_key properly mark slots as
unused, and more generally to detect key slot leaks. We call
mbedtls_psa_crypto_free at the end of each test case, which could mask
a bug whereby slots are not freed when they should be, but their
content is correctly reclaimed by mbedtls_psa_crypto_free.
2019-06-05 16:38:42 +02:00
Gilles Peskine
952f40962a Create PSA-specific helper function file
Create a specific file for helper functions that are related to the
PSA API. The reason for a separate file is so that it can include
<psa/crypto.h>, without forcing this header inclusion into every test
suite. In this commit, psa_helpers.function doesn't need psa/crypto.h
yet, but this will be the case in a subsequent commit.

Move PSA_ASSERT to psa_helpers.function, since that's the sort of
things it's for.

Include "psa_helpers.function" from the PSA crypto tests.

In the ITS test, don't include "psa_helpers". The ITS tests are
meant to stand alone from the rest of the library.
2019-06-05 16:38:42 +02:00
Jaeden Amero
6b1683dd5d all.sh: Perform targeted EtM tests for MAC-less configs
When testing a configuration where no ciphersuites have MAC, via
component_test_when_no_ciphersuites_have_mac(), perform a targeted test
of only encrypt-then-MAC tests within ssl-opt.sh.
2019-06-05 14:42:50 +01:00
Jaeden Amero
2de07f1dd1 ssl: Don't access non-existent encrypt_then_mac field
When MBEDTLS_SSL_ENCRYPT_THEN_MAC is enabled, but not
MBEDTLS_SSL_SOME_MODES_USE_MAC, mbedtls_ssl_derive_keys() and
build_transforms() will attempt to use a non-existent `encrypt_then_mac`
field in the ssl_transform.

    Compile [ 93.7%]: ssl_tls.c
    [Error] ssl_tls.c@865,14: 'mbedtls_ssl_transform {aka struct mbedtls_ssl_transform}' ha
s no member named 'encrypt_then_mac'
    [ERROR] ./mbed-os/features/mbedtls/src/ssl_tls.c: In function 'mbedtls_ssl_derive_keys'
:
    ./mbed-os/features/mbedtls/src/ssl_tls.c:865:14: error: 'mbedtls_ssl_transform {aka str
uct mbedtls_ssl_transform}' has no member named 'encrypt_then_mac'
         transform->encrypt_then_mac = session->encrypt_then_mac;
                  ^~

Change mbedtls_ssl_derive_keys() and build_transforms() to only access
`encrypt_then_mac` if `encrypt_then_mac` is actually present.

Add a regression test to detect when we have regressions with
configurations that do not include any MAC ciphersuites.

Fixes d56ed2491b ("Reduce size of `ssl_transform` if no MAC ciphersuite is enabled")
2019-06-05 14:09:29 +01:00
Gilles Peskine
d2d45c1738 Convert cipher and pk to PSA attribute-based key creation
This fixes the build under MBEDTLS_USE_PSA_CRYPTO.
2019-06-05 11:34:54 +02:00
Gilles Peskine
baea7aac89 Convert remaining obsolete function call 2019-06-05 11:34:54 +02:00
Hanno Becker
7717c41adc Add X.509 CRT parsing test for mixed time-encodings 2019-06-04 17:26:46 +01:00
Hanno Becker
8671e81b7a Improve X.509 CRT parsing test names 2019-06-04 17:26:46 +01:00
Hanno Becker
04b10c073e Add negative X.509 parsing tests for v3Ext in v1/v2 CRT 2019-06-04 17:26:46 +01:00
Hanno Becker
d51d4856e6 Add negative X.509 parsing tests for IssuerID/SubjectID in v1 CRT 2019-06-04 17:26:46 +01:00
Hanno Becker
7ca07e3459 Improve name of X.509 CRT parsing test 2019-06-04 17:26:46 +01:00
Hanno Becker
764fbdf97d Always use the same X.509 alg structure inside and outside of TBS 2019-06-04 17:26:46 +01:00
Hanno Becker
60dd6fc944 Fix test dependencies in X.509 CRT parsing suite
Most tests use an sha256WithRSAEncryption OID which isn't recognized
unless RSA and SHA-256 are enabled.
2019-06-04 17:26:43 +01:00
Hanno Becker
31af3b874b Fix non-DER length encoding in two X.509 CRT parsing tests
Lengths below 128 Bytes must be encoded as a single 'XX' byte in DER,
but two tests in the X.509 CRT parsing suite used the BER but non-DER
encoding '81 XX' (the first byte 10000001 indicating that the length
is to follow (high bit) and has length 1 byte (low bit)).
2019-06-04 17:26:06 +01:00
Hanno Becker
19db19e41f Fix test case name formatting in X.509 parsing suite 2019-06-04 17:25:44 +01:00
Hanno Becker
0f5acc18c5 Use ASN.1 NULL TLVs when testing invalid tags
Previously, a test exercising the X.509 CRT parser's behaviour
on unexpected tags would use a '00' byte in place of the tag
for the expected structure. This makes reviewing the examples
harder because the binary data isn't valid DER-encoded ASN.1.

This commit uses the ASN.1 NULL TLV '05 00' to test invalid
tags, and adapts surrounding structures' length values accordingly.
This eases reviewing because now the ASN.1 structures are still
well-formed at the place where the mismatch occurs.
2019-06-04 17:25:44 +01:00
Hanno Becker
2389d1684b Shorten X.509 CRT parsing test names 2019-06-04 17:25:40 +01:00
Hanno Becker
44199b69b4 Extend negative testing for X.509 Signature parsing 2019-06-04 17:19:47 +01:00
Hanno Becker
5f88a77e2d Extend negative testing for X.509 SignatureAlgorithm parsing 2019-06-04 17:19:47 +01:00
Hanno Becker
05987e33f1 Extend negative testing for X.509 v3 Extension parsing 2019-06-04 17:19:47 +01:00
Hanno Becker
be3850a2b3 Extend negative testing for X.509 SubjectID parsing 2019-06-04 17:19:47 +01:00
Hanno Becker
9f06b50b66 Extend negative testing for X.509 IssuerID parsing 2019-06-04 17:19:47 +01:00
Hanno Becker
bb955e5195 Extend negative testing for X.509 SubjectPublicKeyInfo parsing 2019-06-04 17:19:47 +01:00
Hanno Becker
28ae6b1ba8 Extend negative testing for X.509 Subject parsing 2019-06-04 17:19:46 +01:00
Hanno Becker
18459d420f Extend negative testing for X.509 Validity parsing 2019-06-04 17:19:46 +01:00
Hanno Becker
5e2cf38ff6 Extend negative testing for X.509 Issuer parsing 2019-06-04 17:19:46 +01:00
Hanno Becker
a328fffdaa Extend negative testing for X.509 AlgorithmIdentifier parsing 2019-06-04 17:19:43 +01:00
Hanno Becker
e7d8f96f9f Extend negative testing for X.509 Serial number parsing 2019-06-04 16:23:46 +01:00
Hanno Becker
a9ef412cee Extend negative testing for X.509 Version parsing 2019-06-04 16:23:46 +01:00
Hanno Becker
a5c481e384 Extend negative testing for X.509 TBS header parsing 2019-06-04 16:23:46 +01:00
Hanno Becker
6ccfb18ab1 Always return a high-level error code from X.509 module
Some functions within the X.509 module return an ASN.1 low level
error code where instead this error code should be wrapped by a
high-level X.509 error code as in the bulk of the module.

Specifically, the following functions are affected:
- mbedtls_x509_get_ext()
- x509_get_version()
- x509_get_uid()

This commit modifies these functions to always return an
X.509 high level error code.

Care has to be taken when adapting `mbetls_x509_get_ext()`:
Currently, the callers `mbedtls_x509_crt_ext()` treat the
return code `MBEDTLS_ERR_ASN1_UNEXPECTED_TAG` specially to
gracefully detect and continue if the extension structure is not
present. Wrapping the ASN.1 error with
`MBEDTLS_ERR_X509_INVALID_EXTENSIONS` and adapting the check
accordingly would mean that an unexpected tag somewhere
down the extension parsing would be ignored by the caller.

The way out of this is the following: Luckily, the extension
structure is always the last field in the surrounding structure,
so if there is some data remaining, it must be an Extension
structure, so we don't need to deal with a tag mismatch gracefully
in the first place.

We may therefore wrap the return code from the initial call to
`mbedtls_asn1_get_tag()` in `mbedtls_x509_get_ext()` by
`MBEDTLS_ERR_X509_INVALID_EXTENSIONS` and simply remove
the special treatment of `MBEDTLS_ERR_ASN1_UNEXPECTED_TAG`
in the callers `x509_crl_get_ext()` and `x509_crt_get_ext()`.

This renders `mbedtls_x509_get_ext()` unsuitable if it ever
happened that an Extension structure is optional and does not
occur at the end of its surrounding structure, but for CRTs
and CRLs, it's fine.

The following tests need to be adapted:
- "TBSCertificate v3, issuerID wrong tag"
  The issuerID is optional, so if we look for its presence
  but find a different tag, we silently continue and try
  parsing the subjectID, and then the extensions. The tag '00'
  used in this test doesn't match either of these, and the
  previous code would hence return LENGTH_MISMATCH after
  unsucessfully trying issuerID, subjectID and Extensions.
  With the new code, any data remaining after issuerID and
  subjectID _must_ be Extension data, so we fail with
  UNEXPECTED_TAG when trying to parse the Extension data.
- "TBSCertificate v3, UIDs, invalid length"
  The test hardcodes the expectation of
  MBEDTLS_ERR_ASN1_INVALID_LENGTH, which needs to be
  wrapped in MBEDTLS_ERR_X509_INVALID_FORMAT now.

Fixes #2431.
2019-06-04 13:59:48 +01:00
Hanno Becker
12f62fb82c Obey bounds of ASN.1 substructures
When parsing a substructure of an ASN.1 structure, no field within
the substructure must exceed the bounds of the substructure.
Concretely, the `end` pointer passed to the ASN.1 parsing routines
must be updated to point to the end of the substructure while parsing
the latter.

This was previously not the case for the routines
- x509_get_attr_type_and_value(),
- mbedtls_x509_get_crt_ext(),
- mbedtls_x509_get_crl_ext().
These functions kept using the end of the parent structure as the
`end` pointer and would hence allow substructure fields to cross
the substructure boundary. This could lead to successful parsing
of ill-formed X.509 CRTs.

This commit fixes this.

Care has to be taken when adapting `mbedtls_x509_get_crt_ext()`
and `mbedtls_x509_get_crl_ext()`, as the underlying function
`mbedtls_x509_get_ext()` returns `0` if no extensions are present
but doesn't set the variable which holds the bounds of the Extensions
structure in case the latter is present. This commit addresses
this by returning early from `mbedtls_x509_get_crt_ext()` and
`mbedtls_x509_get_crl_ext()` if parsing has reached the end of
the input buffer.

The following X.509 parsing tests need to be adapted:
- "TBSCertificate, issuer two inner set datas"
  This test exercises the X.509 CRT parser with a Subject name
  which has two empty `AttributeTypeAndValue` structures.
  This is supposed to fail with `MBEDTLS_ERR_ASN1_OUT_OF_DATA`
  because the parser should attempt to parse the first structure
  and fail because of a lack of data. Previously, it failed to
  obey the (0-length) bounds of the first AttributeTypeAndValue
  structure and would try to interpret the beginning of the second
  AttributeTypeAndValue structure as the first field of the first
  AttributeTypeAndValue structure, returning an UNEXPECTED_TAG error.
- "TBSCertificate, issuer, no full following string"
  This test exercises the parser's behaviour on an AttributeTypeAndValue
  structure which contains more data than expected; it should therefore
  fail with MBEDTLS_ERR_ASN1_LENGTH_MISMATCH. Because of the missing bounds
  check, it previously failed with UNEXPECTED_TAG because it interpreted
  the remaining byte in the first AttributeTypeAndValue structure as the
  first byte in the second AttributeTypeAndValue structure.
- "SubjectAltName repeated"
  This test should exercise two SubjectAltNames extensions in succession,
  but a wrong length values makes the second SubjectAltNames extension appear
  outside of the Extensions structure. With the new bounds in place, this
  therefore fails with a LENGTH_MISMATCH error. This commit adapts the test
  data to put the 2nd SubjectAltNames extension inside the Extensions
  structure, too.
2019-06-04 10:15:09 +01:00
Hanno Becker
4cbea4b07e Remove heading spaces in tests/data_files/Makefile 2019-06-03 17:46:56 +01:00
Hanno Becker
471ad477bb Add new line at the end of test-ca2.key.enc 2019-06-03 17:46:56 +01:00
Hanno Becker
a545be2622 Add run to all.sh exercising !MBEDTLS_PEM_PARSE_C + !MBEDTLS_FS_IO 2019-06-03 17:46:56 +01:00
Hanno Becker
91e72c3121 ssl-opt.sh: Auto-skip tests that use files if MBEDTLS_FS_IO unset
This should allow to run ssl-opt.sh successfully in the default
configuration minus MBEDTLS_PEM_PARSE_C minus MBEDTLS_FS_IO.
2019-06-03 17:46:56 +01:00
Hanno Becker
58fc28ce1a Rename server1.der to server1.crt.der 2019-06-03 17:46:56 +01:00
Hanno Becker
8843c250c0 Add DER encoded files to git tree 2019-06-03 17:46:56 +01:00
Hanno Becker
e21387e014 Add build instructions to generate DER versions of CRTs and keys 2019-06-03 17:46:56 +01:00
Hanno Becker
d0ac5faa72 Insert records with unexpected CID in CID tests in ssl-opt.sh 2019-06-03 16:07:50 +01:00
Hanno Becker
8c07beeb84 Rename MBEDTLS_SSL_CID->MBEDTLS_SSL_DTLS_CONNECTION_ID in SSL suite 2019-06-03 16:07:50 +01:00
Hanno Becker
a0e20d04b2 Rename MBEDTLS_SSL_CID to MBEDTLS_SSL_DTLS_CONNECTION_ID
Files modified via

sed -i 's/MBEDTLS_SSL_CID\([^_]\|$\)/MBEDTLS_SSL_DTLS_CONNECTION_ID\1/g' **/*.c **/*.h **/*.sh **/*.function
2019-06-03 16:07:50 +01:00
Hanno Becker
c2045b0764 Add CID test not using datagram packing to ssl-opt.sh 2019-06-03 16:07:50 +01:00
Hanno Becker
78c9137b0c Add Proxy tests for Connection ID to ssl-opt.sh
Also, shorten test names to avoid them being truncated on the cmd line.
2019-06-03 16:07:50 +01:00
Hanno Becker
22a59fdca8 Remove indicators and warnings about unfinished CID implementation 2019-06-03 16:07:50 +01:00
Hanno Becker
b3e9dd53ba Fix mismatching debug grep in ssl-opt.sh CID tests 2019-06-03 16:07:50 +01:00
Hanno Becker
b42ec0df02 Add support for change of CID to ssl_client2 / ssl_server2
And add tests for various CID configuration changes during
renegotiation to ssl-opt.sh.
2019-06-03 16:07:50 +01:00
Hanno Becker
2749a67d1f Reintroduce grepping for debug messages in CID tests in ssl-opt.sh 2019-06-03 16:07:50 +01:00
Hanno Becker
e2c2314ab4 Add missing dependencies in unit tests for CID-based record enc/dec
Changes generated via:
% sed -i '/.*CID [0-9]+[0-9]/{n;s/depends_on:/depends_on:MBEDTLS_SSL_CID:/}' test_suite_ssl.data
2019-06-03 14:47:36 +01:00
Hanno Becker
43c24b8da9 Fix missing compile-time guards around CID-only constants 2019-06-03 14:47:36 +01:00
Hanno Becker
8a7f972202 Skip copying CIDs to SSL transforms until CID feature is complete
This commit temporarily comments the copying of the negotiated CIDs
into the established ::mbedtls_ssl_transform in mbedtls_ssl_derive_keys()
until the CID feature has been fully implemented.

While mbedtls_ssl_decrypt_buf() and mbedtls_ssl_encrypt_buf() do
support CID-based record protection by now and can be unit tested,
the following two changes in the rest of the stack are still missing
before CID-based record protection can be integrated:
- Parsing of CIDs in incoming records.
- Allowing the new CID record content type for incoming records.
- Dealing with a change of record content type during record
  decryption.

Further, since mbedtls_ssl_get_peer_cid() judges the use of CIDs by
the CID fields in the currently transforms, this change also requires
temporarily disabling some grepping for ssl_client2 / ssl_server2
debug output in ssl-opt.sh.
2019-06-03 14:47:36 +01:00
Hanno Becker
d856c82993 Add unit tests for record protection using CID 2019-06-03 14:47:36 +01:00
Hanno Becker
6c87b3f9df Record enc/dec tests: Don't take turns in sending / receiving roles
Part of the record encryption/decryption tests is to gradually
increase the space available at the front and/or at the back of
a record and observe when encryption starts to succeed. If exactly
one of the two parameters is varied at a time, the expectation is
that encryption will continue to succeed once it has started
succeeding (that's not true if both pre- and post-space are varied
at the same time).

Moreover, previously the test would take turns when choosing which
transform should be used for encryption, and which for decryption.

With the introduction of the CID feaature, this switching of transforms
doesn't align with the expectation of eventual success of the encryption,
since the overhead of encryption might be different for the parties,
because both parties may use different CIDs for their outgoing records.

This commit modifies the tests to not take turns between transforms,
but to always use the same transforms for encryption and decryption
during a single round of the test.
2019-06-03 14:47:36 +01:00
Hanno Becker
4a9b028c08 Correct name of X.509 parsing test for well-formed, ill-signed CRT 2019-06-03 14:45:21 +01:00
Hanno Becker
20a4ade3f5 Add test cases exercising successful verification of MD2/MD4/MD5 CRT 2019-06-03 14:45:21 +01:00
Hanno Becker
7b8abee4f5 Add test case exercising verification of valid MD2 CRT
The X.509 parsing test suite test_suite_x509parse contains a test
exercising X.509 verification for a valid MD4/MD5 certificate in a
profile which doesn't allow MD4/MD5. This commit adds an analogous
test for MD2.
2019-06-03 14:45:16 +01:00
Hanno Becker
fcffdccb85 Grep for dbug msgs witnessing use of CID in ssl_client2/ssl_server2 2019-06-03 14:43:16 +01:00
Hanno Becker
9ecb6c676c Grep for dbg msg witnessing copying of CIDs to SSL transform 2019-06-03 14:43:16 +01:00
Hanno Becker
a6a4c7623c Grep for dbg msg witnessing parsing of CID extension in ServerHello 2019-06-03 14:43:16 +01:00
Hanno Becker
4bc9e9d3f6 Grep for dbg msg witnessing writing of CID extension in ServerHello 2019-06-03 14:43:16 +01:00
Hanno Becker
7dee2c6369 Grep for dbg msg witnessing parsing of CID extension in ClientHello 2019-06-03 14:43:16 +01:00
Hanno Becker
6b78c83829 Grep for dbg msg witnessing writing of CID extension in ClientHello 2019-06-03 14:43:16 +01:00
Hanno Becker
f157a97b75 Modify CID tests in ssl-opt.sh to grep for CID config debug msgs 2019-06-03 14:43:16 +01:00
Hanno Becker
5f925be378 Indicate ssl-opt.sh CID tests only test the stub CID code 2019-06-03 14:42:08 +01:00
Hanno Becker
9bae30d00d Fix use of requires_config_enabled in ssl-opt.sh
requires_config_enabled doesn't support multiple config options.
Tests having multiple configuration dependencies must be prefixed
with multiple invocations of requires_config_enabled instead.
2019-06-03 14:42:08 +01:00
Hanno Becker
d029a2b57f Fix typo in CID test in ssl-opt.sh 2019-06-03 14:42:08 +01:00
Hanno Becker
7cf463e3cc Add basic Connection ID tests to ssl-opt.sh 2019-06-03 14:42:08 +01:00
Hanno Becker
53756b3228 Add MD[245] test CRTs to tree 2019-06-03 14:22:59 +01:00
Hanno Becker
2e0f71f977 Add instructions for MD[245] test CRTs to tests/data_files/Makefile 2019-06-03 14:22:53 +01:00
Gilles Peskine
a3b93ff893 Make docstring style consistent
Use PEP 257 indented docstring style, mostly: always with """, with the
terminating """ on a separate line if the docstring is more than one
line, and with all lines indented to the opening """.

This commit does not change the text to keep the first paragraph single-line.
2019-06-03 11:23:56 +02:00
Hanno Becker
ba698da57a Remove use of MD2 in further x509parse tests 2019-06-03 09:54:07 +01:00
Hanno Becker
32b48ea364 Convert further x509parse tests to use lower-case hex data 2019-06-03 09:48:39 +01:00
Jaeden Amero
3b025ac52b test: Always use make clean by itself
When running make with parallelization, running both "clean" and "lib"
with a single make invocation can lead to each target building in
parallel. It's bad if lib is partially done building something, and then
clean deletes what was built. This can lead to errors later on in the
lib target.

    $ make -j9 clean lib
      CC    aes.c
      CC    aesni.c
      CC    arc4.c
      CC    aria.c
      CC    asn1parse.c
      CC    ./library/error.c
      CC    ./library/version.c
      CC    ./library/version_features.c
      AR    libmbedcrypto.a
    ar: aes.o: No such file or directory
    Makefile:120: recipe for target 'libmbedcrypto.a' failed
    make[2]: *** [libmbedcrypto.a] Error 1
    Makefile:152: recipe for target 'libmbedcrypto.a' failed
    make[1]: *** [libmbedcrypto.a] Error 2
    Makefile:19: recipe for target 'lib' failed
    make: *** [lib] Error 2
    make: *** Waiting for unfinished jobs....

To avoid this sort of trouble, always invoke clean by itself without
other targets throughout the library. Don't run clean in parallel with
other rules. The only place where clean was run in parallel with other
targets was in list-symbols.sh.
2019-05-31 12:47:07 +01:00
Hanno Becker
01346c645b Use SHA-256 instead of MD2 in X.509 CRT parsing tests
- Replace 'RSA with MD2' OID '2a864886f70d010102' by
  'RSA with SHA-256' OID '2a864886f70d01010b':
  Only the last byte determines the hash, and
  `MBEDTLS_OID_PKCS1_MD2 == MBEDTLS_OID_PKCS1 "\x02"`
  `MBEDTLS_OID_PKCS1_SHA256 == MBEDTLS_OID_PKCS1 "\x0b"`
  See oid.h.
- Replace MD2 dependency by SHA256 dependency.
- Adapt expected CRT info output.
2019-05-30 11:16:39 +01:00
Hanno Becker
d0d78d7c4a Consistently use lower case hex data in X.509 parsing tests 2019-05-30 11:16:39 +01:00
Gilles Peskine
54f544581a Pacify Pylint
Pass Pylint by cleaning up the code where possible and silencing
Pylint where I know better.

No behavior change.
2019-05-29 09:58:59 +02:00
Gilles Peskine
42a0a0aeea Obey Python naming and method structure conventions
* Rename internal methods and fields to start with an underscore.
* Rename global constants to uppercase.
* Change methods that don't use self to be class methods or static
  methods as appropriate.

No behavior change in this commit.
2019-05-29 09:58:59 +02:00
Gilles Peskine
2938268fb4 Merge remote-tracking branch 'upstream-crypto/development' into psa-api-1.0-beta-merge_development_20190524
Conflicts:
* library/ssl_cli.c, library/ssl_tls.c:
  Removed on the development branch. Keep them removed.
* include/psa/crypto_extra.h, library/psa_crypto_storage.c,
  tests/suites/test_suite_psa_crypto.data,
  tests/suites/test_suite_psa_crypto.function,
  tests/suites/test_suite_psa_crypto_persistent_key.data,
  tests/suites/test_suite_psa_crypto_slot_management.data,
  tests/suites/test_suite_psa_crypto_slot_management.function:
  Modified on the development branch only to implement the enrollment
  algorithm, which has been reimplemented on the API branch.
  Keep the API branch.
2019-05-29 09:57:29 +02:00
Gilles Peskine
3027ba6429 Enrollment algorithm in policy: add tests of psa_copy_key 2019-05-27 14:08:28 +02:00
Gilles Peskine
bcdd44b9be Enrollment algorithm in policy: add support in psa_copy_key tests
Add parameters to psa_copy_key tests for the enrollment algorithm (alg2).

This commit only tests with alg2=0, which is equivalent to not setting
an enrollment algorithm.
2019-05-27 14:08:28 +02:00
Gilles Peskine
b4e0cda8db Enrollment algorithm in policy: update persistent key tests
The storage format has changed, so update the test data accordingly.
2019-05-27 14:08:28 +02:00
Gilles Peskine
183442c854 Enrollment algorithm in policy: test persistent keys 2019-05-27 14:08:27 +02:00
Gilles Peskine
96f0b3b1d3 Keys may allow a second algorithm
Add a second permitted algorithm to key policies.

This commit includes smoke tests that do not cover psa_copy_key.
2019-05-27 14:08:27 +02:00
Gilles Peskine
d3bb7bb2f2 Persistent key reload: test more metadata
In the tests for opening a persistent key after closing it, also read
back and check the key data if permitted by policy, and the key
policy.
2019-05-24 17:02:25 +02:00
Gilles Peskine
1ecf92c2f8 Align test functions to usage/alg parameter order
Manually cherry-picked from ca5bed742f
by taking that patch, replacing KEYPAIR by KEY_PAIR
throughout (renaming applied in this branch), and discarding parts
about import_twice in test_suite_psa_crypto (this test function was
removed from this branch).
2019-05-24 16:38:14 +02:00
Jaeden Amero
2ab5cf658f Merge remote-tracking branch 'origin/pr/2403' into development
* origin/pr/2403: (24 commits)
  crypto: Update to Mbed Crypto 8907b019e7
  Create seedfile before running tests
  crypto: Update to Mbed Crypto 81f9539037
  ssl_cli.c : add explicit casting to unsigned char
  Generating visualc files - let Mbed TLS take precedence over crypto
  Add a link to the seedfile for out-of-tree cmake builds
  Adjust visual studio file generation to always use the crypto submodule
  all.sh: unparallelize mingw tests
  all.sh - disable parallelization for shared target tests
  config.pl: disable PSA_ITS_FILE and PSA_CRYPTO_STORAGE for baremetal
  all.sh: unset crypto storage define in a psa full config cmake asan test
  all.sh: unset FS_IO-dependent defines for tests that do not have it
  curves.pl - change test script to not depend on the implementation
  Export the submodule flag to sub-cmakes
  Disable MBEDTLS_ECP_RESTARTABLE in full config
  Export the submodule flag to sub-makes
  Force the usage of crypto submodule
  Fix crypto submodule usage in Makefile
  Documentation rewording
  Typo fixes in documentation
  ...
2019-05-23 09:08:55 +01:00
Jaeden Amero
a542bb6de6 Merge remote-tracking branch 'origin/pr/2647' into development
* origin/pr/2647:
  list-symbols.sh: if the build fails, print the build transcript
  Document "check-names.sh -v"
  all.sh: invoke check-names.sh in print-trace-on-exit mode
  Print a command trace if the check-names.sh exits unexpectedly
2019-05-23 09:08:41 +01:00
Gilles Peskine
3c8ccc068f Create seedfile before running tests
With MBEDTLS_USE_PSA_CRYPTO and MBEDTLS_ENTROPY_NV_SEED enabled, the
tests need a seedfile. Since test_suite_entropy is no longer there to
create it, and MBEDTLS_USE_PSA_CRYPTO is now enabled in the full
config, create tests/seedfile explicitly in basic-build-test.sh.
2019-05-23 03:01:35 -04:00
Andrzej Kurek
4a71cfa39f Add a link to the seedfile for out-of-tree cmake builds 2019-05-23 03:01:35 -04:00
Andrzej Kurek
62faadd6a3 all.sh: unparallelize mingw tests
Sometimes, when building the shared target with crypto submodule, one could
get an "No rule to make target '../crypto/library/libmbedcrypto.so'" error.
This is due to two reasons - building in parallel and (probably) an
incomplete/incorrect list of dependencies for certain targets. The proposed
solution is to disable parallel builds with crypto submodule for now.
An issue has been raised here: https://github.com/ARMmbed/mbedtls/issues/2634
2019-05-23 03:01:35 -04:00
Andrzej Kurek
87615770c7 all.sh - disable parallelization for shared target tests
Sometimes, when building the shared target with crypto submodule, one could
get an "No rule to make target '../crypto/library/libmbedcrypto.so'" error.
This is due to two reasons - building in parallel and (probably) an
incomplete/incorrect list of dependencies for certain targets. The proposed
solution is to disable parallel builds with crypto submodule for now.
An issue has been raised here: https://github.com/ARMmbed/mbedtls/issues/2634
2019-05-23 03:01:35 -04:00
Andrzej Kurek
324b2f76ca all.sh: unset crypto storage define in a psa full config cmake asan test 2019-05-23 03:01:35 -04:00
Andrzej Kurek
73757080c1 all.sh: unset FS_IO-dependent defines for tests that do not have it 2019-05-23 03:01:35 -04:00
Andrzej Kurek
098b16ca83 curves.pl - change test script to not depend on the implementation
Currently the top-level makefile deploys commands to both Mbed TLS and
the submodule. Running make in the "tests" directory builds only the TLS tests.
The top level CMake on the other hand does not have the "tests" target defined,
so it also cannot be used, hence the raw "make".
2019-05-23 03:01:35 -04:00
Andrzej Kurek
346747cd24 Force the usage of crypto submodule
Remove all.sh tests exercising the optional usage of submodule
2019-05-23 03:01:35 -04:00
Manuel Pégourié-Gonnard
971dea3745 Enable USE_PSA_CRYPTO with config.pl full
Previously it was disabled as too experimental, which no longer holds. Also,
this option introduces new APIs, so it's not only about an internal
alternative (as the comment in config.pl used to state) - people who request a
full config should get all of the available APIs.

Adapt all.sh: now all builds with full config will also test this option, and
builds with the default config will test without it. Just to be sure, let's
have a build with full config minus this option.

Update documentation of MBEDTLS_USE_PSA_CRYPTO to reflect the status of the
new APIs it enables in Mbed TLS and why they're still opt-in.
2019-05-23 03:01:35 -04:00
Manuel Pégourié-Gonnard
de7636e2dd Enable MBEDTLS_PSA_CRYPTO_C by default
Also enable it in scripts/config.pl full, as well as two storage options that
were only blacklisted from full config because they depended on
MBEDTLS_PSA_CRYPTO_C.
2019-05-23 03:01:35 -04:00
Manuel Pégourié-Gonnard
d8167e85d6 Build from submodule by default (make, cmake)
Adapt tests in all.sh:
- tests with submodule enabled (default) no longer need to enable it
  explicitly, and no longer need runtime tests, as those are now handled by
all other test cases in this script
- tests with submodule disabled (old default) now need to disable it
  explicitly, and execute some runtime tests, as those are no longer tested
anywhere else in this script

Adapt documentation in Readme: remove the section "building with submodule"
and replace it with a new section before the other building sections.
Purposefully don't document how to build not from the submodule, as that
option is going away soon.
2019-05-23 03:01:35 -04:00
Gilles Peskine
9a52cf3d97 list-symbols.sh: if the build fails, print the build transcript
If "make clean lib" fails in list-symbols.sh, print the transcript
from running make.
2019-05-22 18:22:58 +02:00
Gilles Peskine
0c12e308af Document "check-names.sh -v" 2019-05-22 18:22:45 +02:00
Ron Eldor
56f071fb9e Add negative test for malformed SAN
Add a negative test for a malformed SAN extension.
2019-05-22 17:36:58 +03:00
Jaeden Amero
496c176d90
Merge pull request #266 from ARMmbed/psa-policy_alg2-poc
Keys may allow a second algorithm
2019-05-22 11:55:01 +01:00
Gilles Peskine
52315e4c16 Enrollment algorithm in policy: add tests of psa_copy_key 2019-05-21 18:31:59 +02:00
Gilles Peskine
705cbfd802 Enrollment algorithm in policy: add support in psa_copy_key tests
Add parameters to psa_copy_key tests for the enrollment algorithm (alg2).

This commit only tests with alg2=0, which is equivalent to not setting
an enrollment algorithm.
2019-05-21 18:31:59 +02:00
Gilles Peskine
468c96cccc Enrollment algorithm in policy: update persistent key tests
The storage format has changed, so update the test data accordingly.
2019-05-21 17:06:35 +02:00
Gilles Peskine
6fbfdb9e06 Enrollment algorithm in policy: test persistent keys 2019-05-21 17:06:35 +02:00
Gilles Peskine
cbce4d8889 Persistent key reload: test more metadata
In the tests for opening a persistent key after closing it, also read
back and check the key data if permitted by policy, and the key
policy.
2019-05-21 17:06:35 +02:00
Gilles Peskine
2c86ebc2f8 EC key pair import: check the buffer size
When importing a private elliptic curve key, require the input to have
exactly the right size. RFC 5915 requires the right size (you aren't
allowed to omit leading zeros). A different buffer size likely means
that something is wrong, e.g. a mismatch between the declared key type
and the actual data.
2019-05-21 17:06:27 +02:00
Gilles Peskine
536e20571a New macro to get the bit size of an elliptic curve 2019-05-21 17:06:03 +02:00
Gilles Peskine
ca5bed742f Align test functions to usage/alg parameter order 2019-05-21 17:06:03 +02:00
Gilles Peskine
d6f371b1ba Keys may allow a second algorithm
Add a second permitted algorithm to key policies.

This commit includes smoke tests that do not cover psa_copy_key.
2019-05-21 17:06:03 +02:00
Jaeden Amero
3d07ffade2 Merge remote-tracking branch 'tls/development' into development
Resolve conflicts by performing the following operations:
    - Reject changes to files removed during the creation of Mbed Crypto
      from Mbed TLS.
    - Reject the addition of certificates that would not be used by any
      tests, including rejecting the addition of Makefile rules to
      generate these certificates.
    - Reject changes to error.c referencing modules that are not part of
      Mbed Crypto.

* origin/development: (80 commits)
  Style fix
  Fix test data
  Update test data
  Add some negative test cases
  Fix minor issues
  Add ChangeLog entry about listing all SAN
  Remove unneeded whitespaces
  Fix mingw CI failures
  Initialize psa_crypto in ssl test
  Check that SAN is not malformed when parsing
  Documentation fixes
  Fix ChangeLog entry
  Fix missing tls version test failures
  Fix typo
  Fix ChangeLog entry location
  Add changeLog entry
  Add test for export keys functionality
  Add function to retrieve the tls_prf type
  Add tests for the public tls_prf API
  Add public API for tls_prf
  ...
2019-05-21 08:57:44 +01:00
Jaeden Amero
31d1432233 Merge remote-tracking branch 'origin/pr/2530' into development
* origin/pr/2530: (27 commits)
  Style fix
  Fix test data
  Update test data
  Add some negative test cases
  Fix minor issues
  Add ChangeLog entry about listing all SAN
  Check that SAN is not malformed when parsing
  Documentation fixes
  Fix ChangeLog entry
  Fail in case critical crt policy not supported
  Update SAN parsing documentation
  change the type of hardware_module_name member
  Change mbedtls_x509_subject_alternative_name
  Add length checking in certificate policy parsing
  Rephrase x509_crt extension member description
  Rephrase changeLog entries
  Remove redundant memset()
  Propogate error when parsing SubjectAltNames
  Tidy up style in x509_info_subject_alt_name
  Print unparseable SubjectAlternativeNames
  ...
2019-05-20 18:02:25 +01:00
Jaeden Amero
9ebcf9b00a Merge remote-tracking branch 'origin/pr/2538' into development
* origin/pr/2538:
  Remove unneeded whitespaces
  Fix mingw CI failures
  Initialize psa_crypto in ssl test
  Fix missing tls version test failures
  Fix typo
  Fix ChangeLog entry location
  Add changeLog entry
  Add test for export keys functionality
  Add function to retrieve the tls_prf type
  Add tests for the public tls_prf API
  Add public API for tls_prf
  Add eap-tls key derivation in the examples.
  Add ChangeLog entry
  Add an extra key export function
  Have the temporary buffer allocated dynamically
  Zeroize secret data in the exit point
  Add a single exit point in key derivation function
2019-05-20 10:58:36 +01:00
Ron Eldor
76a9c4a81f Fix test data
Fix test data to test what it actually intends to test.
2019-05-20 11:58:59 +03:00
Ron Eldor
8a59d6b964 Update test data
Update the test data for the negative certificate policies
extension tests with correct lengths, to test the correct behaviour.
Add another test.
2019-05-19 14:11:20 +03:00
Gilles Peskine
35ef36b62f Rename psa_generate_random_key back to psa_generate_key
generate_key is a more classical name. The longer name was only
introduced to avoid confusion with getting a key from a generator,
which is key derivation, but we no longer use the generator
terminology so this reason no longer applies.

perl -i -pe 's/psa_generate_random_key/psa_generate_key/g' $(git ls-files)
2019-05-17 10:56:57 +02:00
Gilles Peskine
c93b80c350 Rename *KEYPAIR* to *KEY_PAIR*
Be consistent with PUBLIC_KEY.

perl -i -pe 's/KEYPAIR/KEY_PAIR/g' $(git ls-files)
2019-05-17 10:56:57 +02:00
Gilles Peskine
dcaefae849 Parametrize Diffie-Hellman keys by a group identifier
Parametrize finite-field Diffie-Hellman key types with a DH group
identifier, in the same way elliptic curve keys are parametrized with
an EC curve identifier.

Define the DH groups from the TLS registry (these are the groups from
RFC 7919).

Replicate the macro definitions and the metadata tests from elliptic
curve identifiers to DH group identifiers.

Define PSA_DH_GROUP_CUSTOM as an implementation-specific extension for
which domain parameters are used to specify the group.
2019-05-16 19:51:10 +02:00
Gilles Peskine
be697d8324 Shorten the name of psa_key_agreement_raw_shared_secret
There is less of a risk of confusion with the KA+KDF function now.
2019-05-16 18:55:25 +02:00
Gilles Peskine
cf7292e257 Wrap and reindent some lines
After renaming several identifiers, re-wrap and re-indent some lines
to make the code prettier.
2019-05-16 18:55:25 +02:00
Gilles Peskine
51ae0e4b79 Rename "generator" to "operation"
Generators are now key derivation operations.

Keep "random generator" intact.
2019-05-16 18:55:25 +02:00
Gilles Peskine
cbe6650394 Rename generator-related internal identifiers
perl -pe 's/crypto_generator/key_derivation/gi' $(git ls-files)
    perl -pe 's/_generator/_key_derivation/gi' $(git ls-files)
2019-05-16 18:55:25 +02:00
Gilles Peskine
03410b5c5f Rename PSA_KDF_STEP_xxx -> PSA_KEY_DERIVATION_INPUT_xxx
More consistent with the new function names.
2019-05-16 18:55:25 +02:00
Gilles Peskine
a99d3fbd05 Rename generator functions to psa_key_derivation_xxx
Generators are mostly about key derivation (currently: only about key
derivation). "Generator" is not a commonly used term in cryptography.
So favor "derivation" as terminology. Call a generator a key
derivation operation structure, since it behaves like other multipart
operation structures. Furthermore, the function names are not fully
consistent.

In this commit, I rename the functions to consistently have the prefix
"psa_key_derivation_". I used the following command:

    perl -i -pe '%t = (
        psa_crypto_generator_t => "psa_key_derivation_operation_t",
        psa_crypto_generator_init => "psa_key_derivation_init",
        psa_key_derivation_setup => "psa_key_derivation_setup",
        psa_key_derivation_input_key => "psa_key_derivation_input_key",
        psa_key_derivation_input_bytes => "psa_key_derivation_input_bytes",
        psa_key_agreement => "psa_key_derivation_key_agreement",
        psa_set_generator_capacity => "psa_key_derivation_set_capacity",
        psa_get_generator_capacity => "psa_key_derivation_get_capacity",
        psa_generator_read => "psa_key_derivation_output_bytes",
        psa_generate_derived_key => "psa_key_derivation_output_key",
        psa_generator_abort => "psa_key_derivation_abort",
        PSA_CRYPTO_GENERATOR_INIT => "PSA_KEY_DERIVATION_OPERATION_INIT",
        PSA_GENERATOR_UNBRIDLED_CAPACITY => "PSA_KEY_DERIVATION_UNLIMITED_CAPACITY",
        ); s/\b(@{[join("|", keys %t)]})\b/$t{$1}/ge' $(git ls-files)
2019-05-16 18:55:21 +02:00
Jaeden Amero
d35249e66f
Merge pull request #109 from gilles-peskine-arm/psa-key_attributes-set_persistent
Individual setters for persistent key attributes
2019-05-16 17:28:53 +01:00
Jaeden Amero
99e8d26a75
Merge pull request #104 from gilles-peskine-arm/psa-global_key_id
Make key ids global and define their range
2019-05-16 17:11:59 +01:00
Ron Eldor
11818f2c17 Add some negative test cases
Add some invalid certificate tests for certifiate policies extension.
2019-05-16 18:17:02 +03:00
Jaeden Amero
16ab39102e
Merge pull request #102 from gilles-peskine-arm/psa-aead_multipart-delay
Multipart AEAD buffer output sizes
2019-05-16 13:34:21 +01:00
Jaeden Amero
76be7f9c70
Merge pull request #108 from gilles-peskine-arm/psa-copy_key-policy
Add policy usage flag to copy a key
2019-05-16 12:08:13 +01:00
Jaeden Amero
826e326d2e
Merge pull request #107 from gilles-peskine-arm/psa-curve_size_macro
PSA: EC curve size macro
2019-05-16 11:59:41 +01:00
Gilles Peskine
c9d910bed6 EC key pair import: check the buffer size
When importing a private elliptic curve key, require the input to have
exactly the right size. RFC 5915 requires the right size (you aren't
allow to omit leading zeros). A different buffer size likely means
that something is wrong, e.g. a mismatch between the declared key type
and the actual data.
2019-05-16 00:18:48 +02:00
Gilles Peskine
6c9514427b New macro to get the bit size of an elliptic curve 2019-05-16 00:16:46 +02:00
Gilles Peskine
049c7535af Split long lines after psa_import_key refactoring 2019-05-15 23:16:07 +02:00
Gilles Peskine
73676cbc50 Put handle parameter last: psa_import_key
In psa_import_key, change the order of parameters to pass
the pointer where the newly created handle will be stored last.
This is consistent with most other library functions that put inputs
before outputs.
2019-05-15 23:16:07 +02:00
Gilles Peskine
98dd779eb5 Put handle parameter last: psa_generate_derived_key
In psa_generate_derived_key, change the order of parameters to pass
the pointer where the newly created handle will be stored last.
This is consistent with most other library functions that put inputs
before outputs.
2019-05-15 20:15:31 +02:00
Gilles Peskine
dd835cbea6 Add a few tests for persistent attributes
psa_set_key_lifetime and psa_set_key_id aren't pure setters: they also
set the other attribute in some conditions. Add dedicated tests for
this behavior.
2019-05-15 19:14:05 +02:00
Gilles Peskine
c87af66325 Replace psa_make_key_persistent by id/lifetime setters in tests
Remove all internal uses of psa_make_key_persistent.
2019-05-15 19:14:05 +02:00
Gilles Peskine
f9fbc38e66 Declare key id 0 as invalid
In keeping with other integral types, declare 0 to be an invalid key
identifier.

Documented, implemented and tested.
2019-05-15 18:42:09 +02:00
Gilles Peskine
13f97dc164 all.sh: invoke check-names.sh in print-trace-on-exit mode 2019-05-15 17:55:33 +02:00
Gilles Peskine
36428d34c9 Print a command trace if the check-names.sh exits unexpectedly
We've observed that sometimes check-names.sh exits unexpectedly with
status 2 and no error message. The failure is not reproducible. This
commits makes the script print a trace if it exits unexpectedly.
2019-05-15 17:29:15 +02:00
Ron Eldor
6b9b1b88fb Initialize psa_crypto in ssl test
Call `psa_crypto_init()` in `tls_prf` ssl test in case
`MBEDTLS_USE_PSA_CRYPTO` is defined since tls_prf may use psa crypto.
2019-05-15 17:04:33 +03:00
Ron Eldor
d2f25f7ea8 Fix missing tls version test failures
Add checks for tls_prf tests with the relevant tls version configuration.
2019-05-15 14:54:22 +03:00
Ron Eldor
f75e252909 Add test for export keys functionality
Add test in `ssl-opts.sh` that the export keys callback
is actually called.
2019-05-15 13:57:39 +03:00
Ron Eldor
824ad7b351 Add tests for the public tls_prf API
Add tests for `mbedtls_ssl_tls_prf` wiht and without
the function types dependencies.
2019-05-15 13:57:39 +03:00
Gilles Peskine
003a4a97d3 Use PSA_AEAD_{ENCRYPT,DECRYPT}_OUTPUT_SIZE in tests 2019-05-14 16:11:07 +02:00
Gilles Peskine
c160d9ec83 psa_copy_key: enforce PSA_KEY_USAGE_COPY
Implement the check and add a negative test.
2019-05-14 14:32:03 +02:00
Gilles Peskine
f9f4a4849c Update psa_copy_key tests to use PSA_KEY_USAGE_COPY
Pass the new flag to the existing tests and add a few more test cases
to explore more variations of flag sets.
2019-05-14 14:24:49 +02:00
Jaeden Amero
81f9539037
Merge pull request #105 from ARMmbed/test-link-seedfile-02
Add a link to the seedfile for out-of-tree cmake builds
2019-05-14 08:42:46 +01:00
Ron Eldor
890819a597 Change mbedtls_x509_subject_alternative_name
Make `mbedtls_x509_subject_alternative_name` to be a single item
rather than a list. Adapt the subject alternative name parsing function,
to receive a signle `mbedtls_x509_buf` item from the subject_alt_names
sequence of the certificate.
2019-05-13 19:23:07 +03:00
Jaeden Amero
1fe90fab30
Merge pull request #101 from gilles-peskine-arm/psa-key_attributes-verify_attributes
Check unused attributes in import and copy
2019-05-13 11:48:40 +01:00
Janos Follath
22f605fbab Print unparseable SubjectAlternativeNames
In x509_info_subject_alt_name() we silently dropped names that we
couldn't parse because they are not supported or are malformed. (Being
malformed might mean damaged file, but can be a sign of incompatibility
between applications.)

This commit adds code notifying the user that there is something, but
we can't parse it.
2019-05-10 10:57:44 +01:00
Ron Eldor
3c4734a2a5 Add Wisun Fan device certificate
Add certificate with Wisun fan device extended key usage,
support parsing it and add tests.
2019-05-07 17:06:47 +03:00
Ron Eldor
74d9acc144 Add support for certificate policies extension
Add support for certificate policies, as defined in rfc 5280.
Currently support only `anyPolicy` policy.
2019-05-07 17:05:45 +03:00
Ron Eldor
b2dc3fa72e Suppport otherName of type hardware module name
Add support of parsing of subject alternative name, of type otherName.
Currently supports only hardware module name, as defined in rfc 4108.
2019-05-07 17:04:57 +03:00
Gilles Peskine
f9666595e1 Implement and test the new key identifier range
Only allow creating keys in the application (user) range. Allow
opening keys in the implementation (vendor) range as well.

Compared with what the implementation allowed, which was undocumented:
0 is now allowed; values from 0x40000000 to 0xfffeffff are now
forbidden.
2019-05-06 18:56:30 +02:00
Gilles Peskine
225010fdf7 Remove lifetime parameter from psa_open_key
Change the scope of key identifiers to be global, rather than
per lifetime. As a result, you now need to specify the lifetime of a
key only when creating it.
2019-05-06 18:52:22 +02:00
Gilles Peskine
ee32cd4af6 Slot management tests: more robust storage purge
Record what key ids have been used in a test case and purge them. The
cleanup code no longer requires the key identifiers used in the tests
to be in a certain small range.
2019-05-06 18:39:37 +02:00
Jack Lloyd
3ded1c81b1 Test the return value in the OID->X.509 map functions 2019-05-06 12:16:32 -04:00
Jack Lloyd
5ed7fff8ce Add a test of the OID->MD map functions 2019-05-06 12:16:18 -04:00
Jack Lloyd
5d9c9636fa Add support for RSA PKCSv1.5 signatures using RIPEMD-160 2019-05-06 12:15:17 -04:00
Gilles Peskine
26869f2d9b Implement ChaCha20 and ChaCha20-Poly1305
Smoke tests: test data for ChaCha20 calculated with PyCryptodome; test
vector from RFC 7539 for ChaCha20-Poly1305.
2019-05-06 15:59:44 +02:00
Gilles Peskine
3e79c8ecfd Declare ChaCha20 cipher and AEAD
Declare algorithms for ChaCha20 and ChaCha20-Poly1305, and a
corresponding (common) key type.

Don't declare Poly1305 as a separate algorithm because it's a one-time
authenticator, not a MAC, so the API isn't suitable for it (no way to
use a nonce).
2019-05-06 15:59:44 +02:00
Gilles Peskine
423005ea93 Cipher tests: pass the IV from the test data
Don't hard-code an IV in cipher test functions. It restricts what can
be used as test data.
2019-05-06 15:59:44 +02:00
Gilles Peskine
679693ee49 Algorithm encoding: add flag bit PSA_ALG_AEAD_FROM_BLOCK_FLAG
Make it easy to distinguish generic constructions on top of block
ciphers, such as CCM or GCM, from specialized algorithms such as
Chacha20-Poly1305.
2019-05-06 15:10:16 +02:00
Andrzej Kurek
d8cf464f7d Add a link to the seedfile for out-of-tree cmake builds 2019-05-06 07:24:02 -04:00
Gilles Peskine
4a6446482a Test psa_copy_key with wrong type or size in attributes
Split the test function copy_key into two: one for success and one for
failure.

Add failure tests where the attributes specify an incorrect type or size.
2019-05-03 17:14:08 +02:00
Gilles Peskine
8fb3a9ead4 Test psa_import_key: test for size in attributes
Add tests where psa_import_key is called with attributes specifying an
incorrect size.
2019-05-03 16:59:21 +02:00
Adrian L. Shaw
5a5a79ae2a Rename psa_generate_key() and psa_generator_import_key() 2019-05-03 15:44:28 +01:00
Jaeden Amero
8bf196b303
Merge pull request #98 from yanesca/curve25519_negative_tests
Curve25519 negative tests
2019-05-02 09:16:35 +01:00
Jaeden Amero
75d9a333ce Merge remote-tracking branch 'origin/pr/1633' into development
* origin/pr/1633: (26 commits)
  Fix uninitialized variable access in debug output of record enc/dec
  Adapt PSA code to ssl_transform changes
  Ensure non-NULL key buffer when building SSL test transforms
  Catch errors while building SSL test transforms
  Use mbedtls_{calloc|free}() in SSL unit test suite
  Improve documentation of mbedtls_record
  Adapt record length value after encryption
  Alternative between send/recv transform in SSL record test suite
  Fix memory leak on failure in test_suite_ssl
  Rename ssl_decrypt_buf() to mbedtls_ssl_decrypt_buf() in comment
  Add record encryption/decryption tests for ARIA to SSL test suite
  Improve documentation of mbedtls_ssl_transform
  Double check that record expansion is as expected during decryption
  Move debugging output after record decryption
  Add encryption/decryption tests for small records
  Add tests for record encryption/decryption
  Reduce size of `ssl_transform` if no MAC ciphersuite is enabled
  Remove code from `ssl_derive_keys` if relevant modes are not enabled
  Provide standalone version of `ssl_decrypt_buf`
  Provide standalone version of `ssl_encrypt_buf`
  ...
2019-05-02 09:08:43 +01:00
Jaeden Amero
7b3603c6d8 Merge remote-tracking branch 'tls/development' into development
Resolve merge conflicts by performing the following actions:

- Reject changes to deleted files.
- Reject changes to generate_errors.pl and generate_visualc_files.pl.
  Don't add an 'include-crypto' option which would attempt to use the
  non-existent crypto submodule.
- list-identifiers.sh had the `--internal` option added to it, which
  lists identifiers only in internal headers. Add PSA-specific internal
  headers to list-identifiers.sh.

* origin/development: (40 commits)
  Document the scripts behaviour further
  Use check_output instead of Popen
  all.sh: Require i686-w64-mingw32-gcc version >= 6
  generate_visualc_files.pl: add mbedtls source shadowing by crypto
  generate_errors.pl: refactor and simplify the code
  Start unused variable with underscore
  Correct documentation
  generate_errors.pl: typo fix
  revert changes to generate_features.pl and generate_query_config.pl
  Check that the report directory is a directory
  Use namespaces instead of full classes
  Fix pylint issues
  Don't put abi dumps in subfolders
  Add verbose switch to silence all output except the final report
  Fetch the remote crypto branch, rather than cloning it
  Prefix internal functions with underscore
  Add RepoVersion class to make handling of many arguments easier
  Reduce indentation levels
  Improve documentation
  Use optional arguments for setting repositories
  ...
2019-05-01 14:12:43 +01:00
Janos Follath
05a708f7e2 Add negative tests for Curve25519
If we provide low order element as a public key and the implementation
maps the point in infinity to the origin, we can force the common secret
to be zero.

According to the standard (RFC 7748) this is allowed but in this case
the primitive must not be used in a protocol that requires contributory
behaviour.

Mbed Crypto returns an error when the result is the point in the
infinity and does not map it to the origin. This is safe even if used in
protocols that require contributory behaviour.

This commit adds test cases that verify that Mbed Crypto returns an
error when low order public keys are processed.

The low order elements in the test cases were taken from this website:
https://cr.yp.to/ecdh.html
2019-04-30 14:58:15 +01:00
Janos Follath
182b0b9966 Add test for ECP multiplication
The tests we had for ECP point multiplication were tailored for test
vectors symulating crypto operations and tested a series of operations
against public test vectors.

This commit adds a test function that exercises a single multiplication.
This is much better suited for negative testing than the preexisting
test.

Only one new test case is added that exercises a fraction of an existing
test, just to make sure that the test is consistent with the existing
test functions.
2019-04-30 14:53:49 +01:00
Manuel Pégourié-Gonnard
df2bfcfe57 Use 'config.pl baremetal' in all.sh 2019-04-29 12:44:12 +02:00
Gilles Peskine
aa02c17dfa Add buffer size macro for psa_get_key_domain_parameters 2019-04-28 11:48:29 +02:00
Gilles Peskine
e56e878207 Remove extra parameter from psa_generate_key
Read extra data from the domain parameters in the attribute structure
instead of taking an argument on the function call.

Implement this for RSA key generation, where the public exponent can
be set as a domain parameter.

Add tests that generate RSA keys with various public exponents.
2019-04-26 17:37:50 +02:00
Gilles Peskine
a1ace9c494 Call psa_reset_key_attributes after psa_get_key_attributes
After calling psa_get_key_attributes(), call
psa_reset_key_attributes() if the key may have domain parameters,
because that's the way to free the domain parameter substructure in
the attribute structure. Keep not calling reset() in some places where
the key can only be a symmetric key which doesn't have domain
parameters.
2019-04-26 16:15:31 +02:00
Gilles Peskine
3a4f1f8e46 Set the key size as an attribute
Instead of passing a separate parameter for the key size to
psa_generate_key and psa_generator_import_key, set it through the
attributes, like the key type and other metadata.
2019-04-26 13:49:28 +02:00
Hanno Becker
78d1f70ab6 Ensure non-NULL key buffer when building SSL test transforms 2019-04-25 12:58:21 +01:00
Hanno Becker
a5780f1993 Catch errors while building SSL test transforms 2019-04-25 12:58:21 +01:00
Hanno Becker
3ee5421f9c Use mbedtls_{calloc|free}() in SSL unit test suite 2019-04-25 12:58:21 +01:00
Hanno Becker
907ab20b38 Alternative between send/recv transform in SSL record test suite 2019-04-25 12:58:21 +01:00
Hanno Becker
81e16a34f5 Fix memory leak on failure in test_suite_ssl 2019-04-25 12:58:21 +01:00
Hanno Becker
d0fa2d7563 Add record encryption/decryption tests for ARIA to SSL test suite 2019-04-25 12:58:21 +01:00
Hanno Becker
b3268dac00 Add encryption/decryption tests for small records
This commit adds tests to check the behavior of the record encryption
routine `ssl_encrypt_buf` when the buffer surrounding the plaintext is
too small to hold the expansion in the beginning and end (due to IV's,
padding, and MAC).

Each test starts successively increases the space available at the
beginning, end, or both, of the record buffer, and checks that the
record encryption either fails with a BUFFER_TOO_SMALL error, or
that it succeeds. Moreover, if it succeeds, it is checked that
decryption succeeds, too, and results in the original record.
2019-04-25 12:58:21 +01:00
Hanno Becker
a18d1320da Add tests for record encryption/decryption
This commit adds tests exercising mutually inverse pairs of
record encryption and decryption transformations for the various
transformation types allowed in TLS: Stream, CBC, and AEAD.
2019-04-25 12:58:21 +01:00
Jaeden Amero
dfcf84aea5 tests: Update generator with Mbed Crypto comments
Update comments in the top of the test code generator script with the
name of the parent project.
2019-04-25 11:46:21 +01:00
Jaeden Amero
ef24980e66 Remove unused test data files 2019-04-25 11:46:21 +01:00
Jaeden Amero
bb1f701212 config: Remove X.509 options
Note that this fails check-names.sh because options that TLS and X.509
files use are no longer present in config.h.
2019-04-25 11:46:21 +01:00
Jaeden Amero
1c66e48670 config: Remove TLS and NET options
Remove TLS and NET options from config files and scripts.

Note that this fails check-names.sh because options that TLS and NET
files use are no longer present in config.h.
2019-04-25 11:46:21 +01:00
Jaeden Amero
7fcc7bc576 check-names: Enable referencing Mbed TLS macros
Add a macro whitelist which enables us to refer to Mbed TLS macros that
are no longer present in Mbed Crypto.
2019-04-25 11:46:21 +01:00
Jaeden Amero
1ad37309e4 Remove irrelevant configs
Remove configuration files that are TLS-specific or otherwise not
relevant to a pure-crypto library.
2019-04-25 11:46:21 +01:00
Jaeden Amero
8298d70bee Only build libmbedcrypto
Update build scripts and tools to only build or update libmbedcrypto.
2019-04-25 11:46:21 +01:00
Jaeden Amero
986a15199d programs, tests: Depend only on libmbedcrypto
Update the tests and programs to depend only on libmbedcrypto, since
we'll soon only build libmbedcrypto.
2019-04-25 11:46:21 +01:00
Jaeden Amero
0688e4f266 Remove programs that depend on TLS or X.509 2019-04-25 11:46:08 +01:00
Gilles Peskine
2c2cf0e36d Update remaining test cases to use key attributes
Finish updating the tests to use psa_key_attributes_t and
psa_import_key instead of psa_key_policy_t and
psa_import_key_to_handle.
2019-04-24 15:47:30 +02:00
Gilles Peskine
4440688a69 Update key management tests to use attributes
Remove test cases which are no longer relevant because they involve a
slot which is allocated but not filled with key material.
2019-04-24 15:47:29 +02:00
Gilles Peskine
34e23d2109 Persistent key gray-box tests: add test cases with restart
Also test the behavior if the crypto subsystem is restarted after
creating the persistent key.
2019-04-24 15:46:04 +02:00
Gilles Peskine
5c648abe44 Update persistent_key_load_key_from_storage to use attributes
Update persistent_key_load_key_from_storage to the new attribute-based
key creation interface. I tweaked the code a little to make it simpler
and more robust without changing the core logic.
2019-04-24 15:46:04 +02:00
Gilles Peskine
ca25db91f5 Update copy_key tests to the new attribute-based interface 2019-04-24 15:46:04 +02:00
Gilles Peskine
4cf3a43dbd Simplify and expand invalid-handle tests
Simplify invalid-handle tests and make them test more things. Call
these tests in several test functions after destroying a key.
2019-04-24 15:46:04 +02:00
Gilles Peskine
c4344042f4 Remove tests for empty slots
With the attribute-based key creation API, it is no longer possible to
have a handle to a slot that does not hold key material. Remove all
corresponding tests.
2019-04-24 15:46:04 +02:00
Gilles Peskine
8c8f2ab66b Implement psa_get_key_attributes
Implement attribute querying.

Test attribute getters and setters. Use psa_get_key_attributes instead
of the deprecated functions psa_get_key_policy or
psa_get_key_information in most tests.
2019-04-24 15:46:04 +02:00
Gilles Peskine
ff5f0e7221 Implement atomic-creation psa_{generate,generator_import}_key
Implement the new, attribute-based psa_generate_key and
psa_generator_import_key.
2019-04-24 15:46:03 +02:00
Gilles Peskine
4747d19d18 Implement atomic-creation psa_import_key
Implement the new, attribute-based psa_import_key and some basic
functions to access psa_key_attributes_t. Replace
psa_import_key_to_handle by psa_import_key in a few test functions.

This commit does not handle persistence attributes yet.
2019-04-24 15:45:50 +02:00
Gilles Peskine
87a5e565f4 Rename functions that inject key material to an allocated handle
This commit starts a migration to a new interface for key creation.
Today, the application allocates a handle, then fills its metadata,
and finally injects key material. The new interface fills metadata
into a temporary structure, and a handle is allocated at the same time
it gets filled with both metadata and key material.

This commit was obtained by moving the declaration of the old-style
functions to crypto_extra.h and renaming them with the to_handle
suffix, adding declarations for the new-style functions in crypto.h
under their new name, and running

    perl -i -pe 's/\bpsa_(import|copy|generator_import|generate)_key\b/$&_to_handle/g' library/*.c tests/suites/*.function programs/psa/*.c
    perl -i -pe 's/\bpsa_get_key_lifetime\b/$&_from_handle/g' library/*.c tests/suites/*.function programs/psa/*.c

Many functions that are specific to the old interface, and which will
not remain under the same name with the new interface, are still in
crypto.h for now.

All functional tests should still pass. The documentation may have
some broken links.
2019-04-24 15:24:45 +02:00
Jaeden Amero
1cd7bea2b1 Merge remote-tracking branch 'origin/pr/2586' into development
* origin/pr/2586:
  all.sh: Require i686-w64-mingw32-gcc version >= 6
2019-04-24 11:23:54 +01:00
Jaeden Amero
9679cb48d5 Merge remote-tracking branch 'origin/pr/2549' into development
* origin/pr/2549:
  Document the scripts behaviour further
  Add --internal option to list-identifiers.sh
2019-04-24 11:22:24 +01:00
Darryl Green
1ae4886c82 Document the scripts behaviour further 2019-04-18 13:09:25 +01:00
Jaeden Amero
d874a1fd14 Remove zlib
The library no longer uses zlib, so we can remove the option to build
with zlib.
2019-04-18 10:32:56 +01:00
Jaeden Amero
d832f187f7 Remove pkcs11-helper option
In preparation for removing X.509 and PKCS11 from Mbed Crypto, remove
pkcs11-helper. It won't be relevant after X.509 and PKCS11 are removed.
2019-04-18 10:32:56 +01:00
Gilles Peskine
882e57ecba psa_constant_names: support key agreement algorithms 2019-04-18 09:42:21 +02:00
Gilles Peskine
f8a9d942a5 Test multipart key agreement with ECDH+HKDF
Basic coverage with one algorithm only and a restricted choice of
output lengths.
2019-04-18 09:42:21 +02:00
Gilles Peskine
f0cba73b99 New test function for raw agreement
Change test cases with test data for raw agreement to this new test
function.
2019-04-18 09:42:21 +02:00
Gilles Peskine
f8831c27f3 Remove obsolete test case "ECDH-only public key"
Since the format change for EC public key import from
SubjectPublicKeyInfo to the ECPoint content, it is no longer possible
to import a key with metadata marking it as ECDH-only. This test was
converted systematically but now no longer has any purpose since the
public key is now like any other public key.
2019-04-18 09:42:21 +02:00
Gilles Peskine
77f40d83c1 Quick fix of key agreement setup tests for the new derivation API
Allow either the key derivation step or the key agreement step to
fail.

These tests should be split into three groups: key derivation setup
tests with an algorithm that includes a key agreement step, and
multipart key agreement failure tests, and raw key agreement failure
tests.
2019-04-18 09:42:21 +02:00
Gilles Peskine
04ee2d2295 Update key agreement policy tests for the new derivation API
Separate test functions for raw key agreement and key agreement with
KDF.
2019-04-18 09:42:21 +02:00
Gilles Peskine
2e46e9cf21 Add exercise_key for raw key agreement 2019-04-18 09:42:21 +02:00
Jaeden Amero
117b8a4516 all.sh: Require i686-w64-mingw32-gcc version >= 6
Require mingw gcc version 6 or greater in order to ensure
BCryptGenRandom() is available.
2019-04-17 15:23:17 +01:00
Jaeden Amero
521dbc67da Merge remote-tracking branch 'tls/development' into development
Merge Mbed TLS at f790a6cbee into Mbed Crypto.

Resolve conflicts by performing the following:
    - Reject changes to README.md
    - Don't add crypto as a submodule
    - Remove test/ssl_cert_test from programs/Makefile
    - Add cipher.nist_kw test to tests/CMakeLists.txt
    - Reject removal of crypto-specific all.sh tests
    - Reject update to SSL-specific portion of component_test_valgrind
      in all.sh
    - Reject addition of ssl-opt.sh testing to component_test_m32_o1 in
      all.sh

* tls/development: (87 commits)
  Call mbedtls_cipher_free() to reset a cipher context
  Don't call mbedtls_cipher_setkey twice
  Update crypto submodule
  Minor fixes in get certificate policies oid test
  Add certificate policy oid x509 extension
  cpp_dummy_build: Add missing header psa_util.h
  Clarify comment mangled by an earlier refactoring
  Add an "out-of-box" component
  Run ssl-opt.sh on 32-bit runtime
  Don't use debug level 1 for informational messages
  Skip uncritical unsupported extensions
  Give credit to OSS-Fuzz for #2404
  all.sh: remove component_test_new_ecdh_context
  Remove crypto-only related components from all.sh
  Remove ssl_cert_test sample app
  Make CRT callback tests more robust
  Rename constant in client2.c
  Document and test flags in x509_verify
  Fix style issues and a typo
  Fix a rebase error
  ...
2019-04-17 12:12:24 +01:00
Jaeden Amero
f790a6cbee Merge remote-tracking branch 'origin/pr/2536' into development
* origin/pr/2536:
  Update crypto submodule
  Minor fixes in get certificate policies oid test
  Add certificate policy oid x509 extension
2019-04-17 10:52:54 +01:00
Jaeden Amero
5c7915b0ed Merge remote-tracking branch 'origin/pr/2582' into development
* origin/pr/2582:
  Call mbedtls_cipher_free() to reset a cipher context
  Don't call mbedtls_cipher_setkey twice
2019-04-17 10:46:45 +01:00
Jaeden Amero
c41a3285de Merge remote-tracking branch 'origin/pr/2559' into development
* origin/pr/2559:
  Clarify comment mangled by an earlier refactoring
  Add an "out-of-box" component
  Run ssl-opt.sh on 32-bit runtime
2019-04-16 15:09:42 +01:00
Jaeden Amero
7a1c4eb826 Merge remote-tracking branch 'origin/pr/2567' into development
* origin/pr/2567:
  Don't use debug level 1 for informational messages
2019-04-16 15:08:39 +01:00
Gilles Peskine
424840e033 Call mbedtls_cipher_free() to reset a cipher context
mbedtls_cipher_reset() only restarts the operation, it doesn't
dissociate the key from the context.
2019-04-16 16:06:34 +02:00
Jaeden Amero
fe7106755e Merge remote-tracking branch 'origin/pr/2539' into development
Resolve conflicts by performing the following:
  - Ensure calls to mbedtls_x509_crt_verify_* are made with callbacks

* origin/pr/2539:
  Make CRT callback tests more robust
  Rename constant in client2.c
  Fix typo
  Add test for configuration specific CRT callback
  Fix doxygen documentation of mbedtls_ssl_set_verify()
  Add test exercising context-specific CRT callback to ssl-opt.sh
  Add cmd to use context-specific CRT callback in ssl_client2
  Implement context-specific verification callbacks
  Add context-specific CRT verification callbacks
  Improve documentation of mbedtls_ssl_conf_verify()
2019-04-16 15:05:18 +01:00
Jaeden Amero
ff34d43720 Merge remote-tracking branch 'origin/pr/2532' into development
* origin/pr/2532: (29 commits)
  Document and test flags in x509_verify
  Fix style issues and a typo
  Fix name to function call
  Address comments for x509 tests
  Address review comments regarding ssl_client2 and ssl tests
  Remove mbedtls_ from the static function name
  Change docs according to review comments
  Change the verify function naming
  Fix ssl_client2 and ssl_server2 if !PLATFORM_C
  Correct placement of usage macro in ssl_client2
  Update version_features.c
  Remove trailing whitespace in test_suite_x509parse.function
  Update query_config.c
  Add ssl-opt.sh tests for trusted CA callbacks
  Only run X.509 CRT verification tests with CA callback tests if !CRL
  Minor fixes to CA callback tests
  Declare CA callback type even if feature is disabled
  Implement X.509 CRT verification using CA callback
  Add prototype for CRT verification with static and dynamic CA list
  Make use of CA callback if present when verifying peer CRT chain
  ...
2019-04-16 14:42:11 +01:00
Jaeden Amero
24c71d3a5c Merge remote-tracking branch 'origin/pr/2502' into development
* origin/pr/2502:
  all.sh: remove component_test_new_ecdh_context
  Remove crypto-only related components from all.sh
2019-04-16 14:41:20 +01:00
Jaeden Amero
137c5b7297 Merge remote-tracking branch 'origin/pr/2477' into development
* origin/pr/2477:
  Fix typo in data_file generator code
2019-04-16 14:38:58 +01:00
Gilles Peskine
139ec3b913 Don't call mbedtls_cipher_setkey twice
The documentation doesn't explicitly say whether it's allowed or not.
This currently works with the default software implementation, but
only by accident. It isn't guaranteed to work with new ciphers or with
alternative implementations of individual ciphers, and it doesn't work
with the PSA wrappers. So don't do it.
2019-04-16 15:25:20 +02:00