Commit Graph

817 Commits

Author SHA1 Message Date
Gilles Peskine
5c3247120f RSA: Fix buffer overflow in PSS signature verification
Fix buffer overflow in RSA-PSS signature verification when the hash is
too large for the key size. Found by Seth Terashima, Qualcomm.

Added a non-regression test and a positive test with the smallest
permitted key size for a SHA-512 hash.
2017-10-17 19:16:14 +02:00
Andres Amaya Garcia
b1d78fcf70 Improve leap year test names in x509parse.data 2017-10-12 21:03:15 +01:00
Andres Amaya Garcia
bc041130b0 Correctly handle leap year in x509_date_is_valid()
This patch ensures that invalid dates on leap years with 100 or 400
years intervals are handled correctly.
2017-10-12 21:03:01 +01:00
Hanno Becker
8379554b24 Correct typo: PBDFK -> PBKDF 2017-10-06 14:37:35 +01:00
Hanno Becker
0d0422cbd0 Unify naming schemes for RSA keys 2017-10-06 14:09:58 +01:00
Hanno Becker
734b6d4527 Add suffix for 1024-bit RSA key files
Previously, 2048-bit and 4096-bit RSA key files had their bitsize indicated in their filename, while the original
1024-bit keys hadn't. This commit unifies the naming scheme by always indicating the bitsize in the filename.
2017-10-06 14:05:04 +01:00
Hanno Becker
f700a71acb Add further tests for DER-encoded PKCS8-v2-DES encrypted RSA keys
For uniformity, this commit adds tests for DER encoded PKCS8-v2-DES encrypted RSA keys that were already present for
PKCS8-v2-3DES encrypted RSA keys.
2017-10-06 14:04:22 +01:00
Hanno Becker
5e568e225a Add further tests for new RSA keys
For uniformity, this commit adds tests for DER encoded, SHA1-2DES and SHA1-RC4-128-encrypted RSA keys; for SHA1-3DES encrypted keys, these were already present.
2017-10-06 14:04:15 +01:00
Hanno Becker
0642ed4e45 Add tests for encrypted 2048 and 4096-bit RSA keys 2017-10-06 14:03:24 +01:00
Hanno Becker
7de3ff36df Minor style and typo corrections 2017-10-04 14:51:32 +01:00
Hanno Becker
2b6c3f655a Extend tests/data_files/Makefile to include CRT's for CRT write test 2017-10-04 14:36:38 +01:00
Gilles Peskine
e38900b1a1 Allow comments in test data files 2017-10-02 11:26:09 +02:00
Hanno Becker
b974e98b12 Add test case calling ssl_set_hostname twice
Add a test case calling ssl_set_hostname twice to test_suite_ssl.
When run in CMake build mode ASan, this catches the current leak,
but will hopefully be fine with the new version.
2017-09-30 23:47:44 +01:00
Janos Follath
6cf9af3aab DHM: Add negative tests for parameter checking
A bug in the dhm_check_range() function makes it pass even when the
parameters are not in the range. This commit adds tests for signalling
this problem as well as a couple of other negative tests.
2017-09-21 10:20:23 +01:00
Hanno Becker
d2cc7ce4cb Correct definition of ENTROPY_HAVE_STRONG
Mbed TLS 2.1 doesn't have MBEDTLS_TEST_NULL_ENTROPY macro.
2017-09-08 10:47:33 +01:00
Hanno Becker
7968ad9c31 Guard some tests by presence of strong entropy 2017-09-08 10:20:40 +01:00
Hanno Becker
66580d284d Add internal macro ENTROPY_HAVE_STRONG indicating strong entropy
This commit adds the macro ENTROPY_HAVE_STRONG to the helper test file tests/suites/helpers.function to be able to make
tests depend on the presence of strong entropy.
2017-09-08 10:13:59 +01:00
Hanno Becker
7fdabd3c64 Correct typo in entropy test suite data 2017-09-08 09:13:49 +01:00
Hanno Becker
e4875e015f Initialize RSA context in RSA test suite before first potentially failing operation
The function `mbedtls_rsa_gen_key` from `test_suite_rsa.function` initialized a stack allocated RSA context only after
seeding the CTR DRBG. If the latter operation failed, the cleanup code tried to free the uninitialized RSA context,
potentially resulting in a segmentation fault. Fixes one aspect of #1023.
2017-09-08 09:13:38 +01:00
Simon Butcher
1fe5e8ab44 Update version number to 2.1.9 2017-08-10 11:51:47 +01:00
Simon Butcher
d4d70c4985 Fix threshold checks for MBEDTLS_X509_MAX_INTERMEDIATE_CA 2017-07-28 12:27:54 +01:00
Hanno Becker
88c6f726c5 Check threshold for MBEDTLS_X509_MAX_INTERMEDIATE_CA in X509 tests
The X509 test suite assumes that MBEDTLS_X509_MAX_INTERMEDIATE_CA is below the
hardcoded threshold 20 used in the long certificate chain generating script
tests/data_files/dir-max/long.sh. This commit adds a compile-time check for
that.
2017-07-28 12:20:48 +01:00
Manuel Pégourié-Gonnard
c386317298 Only return VERIFY_FAILED from a single point
Everything else is a fatal error. Also improve documentation about that for
the vrfy callback.
2017-07-28 12:20:48 +01:00
Manuel Pégourié-Gonnard
489939f829 Improve behaviour on fatal errors
If we didn't walk the whole chain, then there may be any kind of errors in the
part of the chain we didn't check, so setting all flags looks like the safe
thing to do.
2017-07-28 12:20:47 +01:00
Manuel Pégourié-Gonnard
4770dbc913 Add test for limit on intermediate certificates
Inspired by test code provided by Nicholas Wilson in PR #351.

The test will fail if someone sets MAX_INTERMEDIATE_CA to a value larger than
18 (default is 8), which is hopefully unlikely and can easily be fixed by
running long.sh again with a larger value if it ever happens.

Current behaviour is suboptimal as flags are not set, but currently the goal
is only to document/test existing behaviour.
2017-07-28 12:19:49 +01:00
Andres AG
ad6cf99d6d Add CRT DER tests with incorrect version 2017-07-26 18:01:54 +01:00
Andres AG
9674a628e5 Add CRL DER tests with incorrect version 2017-07-26 18:01:43 +01:00
Andres AG
7ebf632b3e Add CSR DER tests with incorrect version 2017-07-26 18:01:32 +01:00
Ron Eldor
5ff277ee1e Backport 2.1: check if iv is zero in gcm.
1) found by roberto in mbedtls forum
2) if iv_len is zero, return an error
3) add tests for invalid parameters
2017-07-20 00:30:44 +02:00
Simon Butcher
fbb9837ad5 Update the version number to 2.1.8 2017-06-20 23:31:06 +01:00
Manuel Pégourié-Gonnard
1defa8fd6d Merge remote-tracking branch 'restricted/iotssl-1138-rsa-padding-check-2.1-restricted' into mbedtls-2.1-restricted
* restricted/iotssl-1138-rsa-padding-check-2.1-restricted:
  RSA PKCS1v1.5 verification: check padding length
2017-06-08 20:33:53 +02:00
Manuel Pégourié-Gonnard
ebe391d1cd Merge remote-tracking branch 'hanno/sliding_exponentiation_backport-2.1' into mbedtls-2.1
* hanno/sliding_exponentiation_backport-2.1:
  Adapt ChangeLog
  Abort modular inversion when modulus is one.
  Correct sign in modular exponentiation algorithm.
2017-06-08 19:49:50 +02:00
Gilles Peskine
c4cb493174 Cleaned up negative test predicate for test case
The test infrastructure does support negative predicates for test
cases, thanks to Andreas for letting me know.
2017-06-06 19:09:04 +02:00
Gilles Peskine
7344e1bd05 SHA-1 deprecation: allow it in key exchange
By default, keep allowing SHA-1 in key exchange signatures. Disabling
it causes compatibility issues, especially with clients that use
TLS1.2 but don't send the signature_algorithms extension.

SHA-1 is forbidden in certificates by default, since it's vulnerable
to offline collision-based attacks.
2017-06-06 19:09:02 +02:00
Gilles Peskine
e7375ef314 X.509 tests: obey compile-time SHA-1 support option
There is now one test case to validate that SHA-1 is rejected in
certificates by default, and one test case to validate that SHA-1 is
supported if MBEDTLS_TLS_DEFAULT_ALLOW_SHA1 is #defined.
2017-06-06 19:08:23 +02:00
Gilles Peskine
559674ce48 Test that X.509 verification rejects SHA-256 by default 2017-06-06 19:08:23 +02:00
Gilles Peskine
dd57d75dfa Allow SHA-1 in X.509 and TLS tests
SHA-1 is now disabled by default in the X.509 layer. Explicitly enable
it in our tests for now. Updating all the test data to SHA-256 should
be done over time.
2017-06-06 19:08:23 +02:00
Andres AG
53a8e869aa Add negative testing for mbedtls_pem_read_buffer() 2017-05-30 17:01:42 +01:00
Manuel Pégourié-Gonnard
230ee31a54 RSA PKCS1v1.5 verification: check padding length
The test case was generated by modifying our signature code so that it
produces a 7-byte long padding (which also means garbage at the end, so it is
essential to check that the error that is detected first is indeed the
padding rather than the final length check).
2017-05-11 13:33:13 +02:00
Hanno Becker
2938ccbdd8 Abort modular inversion when modulus is one.
The modular inversion function hangs when provided with the modulus 1. This commit refuses this modulus with a BAD_INPUT error code. It also adds a test for this case.
2017-05-11 11:23:48 +01:00
Hanno Becker
2a8d655664 Correct sign in modular exponentiation algorithm.
The modular exponentiation function  handled the sign incorrectly. This commit fixes this and a test case which should have caught it.
2017-05-11 11:23:48 +01:00
Simon Butcher
2323477699 Update version number to 2.1.7 for release 2017-03-08 16:29:31 +00:00
Andres AG
e0545c30dd Fix buffer overflow in mbedtls_mpi_write_string()
Fix a buffer overflow when writting a string representation of an MPI
number to a buffer in hexadecimal. The problem occurs because hex
digits are written in pairs and this is not accounted for in the
calculation of the required buffer size when the number of digits is
odd.
2017-03-02 22:58:05 +00:00
Andres AG
46efbff2c1 Fix failing pkparse test case
The first three test cases from test_suites_pkparse.data failed because
the key file they read requires DES to be read. However, MBEDTLS_DES_C
was missing from the dependency list.
2017-03-02 21:11:16 +00:00
Janos Follath
c7fb230fa4 Add invalid key tests for curve SECP224K1
This curve has special arithmetic on 64 bit platforms and an untested
path lead to trying to free a buffer on the stack.

For the sake of completeness, a test case for a point with non-affine
coordinates has been added as well.
2017-02-28 18:55:25 +00:00
Janos Follath
a841d75aad Add unit tests for X509 certificate date parsing 2017-02-28 14:17:32 +00:00
Simon Butcher
d352e6dfcc Merge branch 'mbedtls-2.1-iotssl-1071-ca-flags'
Fixes a regression introduced by an earlier commit that modified
x509_crt_verify_top() to ensure that valid certificates that are after past or
future valid in the chain are processed. However the change introduced a change
in behaviour that caused the verification flags MBEDTLS_X509_BADCERT_EXPIRED and
MBEDTLS_BADCERT_FUTURE to always be set whenever there is a failure in the
verification regardless of the cause.

The fix maintains both behaviours:

 * Ensure that valid certificates after future and past are verified
 * Ensure that the correct verification flags are set.
2017-02-27 20:24:55 +00:00
Simon Butcher
f26f0e3d02 Merge branch 'mbedtls-2.1-iotssl-1077-dos-crl'
Modifies the function mbedtls_x509_crl_parse() to ensure that a CRL in PEM
format with trailing characters after the footer does not result in the
execution of an infinite loop.
2017-02-26 01:31:47 +00:00
Andres AG
b8ba86162a Add PK tests to avoid hashlen overflow for RSA 2017-02-25 20:37:43 +00:00
Nicholas Wilson
0a5ff55537 Allow test suites to be run on Windows
For a start, they don't even compile with Visual Studio due to strcasecmp
being missing.  Secondly, on Windows Perl scripts aren't executable and have
to be run using the Perl interpreter directly; thankfully CMake is able to
find cygwin Perl straight away without problems.
2017-02-20 21:47:29 +00:00
Andres AG
f083b31fb3 Fix generate_code.pl to handle escaped : 2017-02-02 14:43:44 +00:00
Andres AG
3da3b6eccb Add tests for out flags from x509_crt_verify_top()
The tests load certificate chains from files. The CA chains contain a
past or future certificate and an invalid certificate. The test then
checks that the flags set are MBEDTLS_X509_BADCERT_EXPIRED or
MBEDTLS_X509_BADCERT_FUTURE.
2017-01-20 16:38:25 +00:00
Andres AG
978bdf9575 Add test for infinite loop in CRL parse 2017-01-19 17:13:36 +00:00
Andres AG
d5d6a3054b Add tests for overreads in pem_read_buffer() 2016-11-21 11:09:47 +00:00
Nicholas Wilson
44ea01110c Allow test suites to be run on Windows
For a start, they don't even compile with Visual Studio due to strcasecmp
being missing.  Secondly, on Windows Perl scripts aren't executable and have
to be run using the Perl interpreter directly; thankfully CMake is able to
find cygwin Perl straight away without problems.
2016-11-10 15:38:52 +00:00
Simon Butcher
016a0d3b6f Update library version number to 2.1.6 2016-10-17 15:44:26 +01:00
Simon Butcher
8bd467c47d Merge branch 'mbedtls-2.1' 2016-10-17 13:51:27 +01:00
Andres AG
53d77130fc Add check for validity of date in x509_get_time() 2016-10-13 16:24:12 +01:00
Simon Butcher
d9d0cda9fe Merge branch 'mbedtls-2.1' 2016-10-13 10:35:52 +01:00
Janos Follath
95b303648c Restore P>Q in RSA key generation (#558)
The PKCS#1 standard says nothing about the relation between P and Q
but many libraries guarantee P>Q and mbed TLS did so too in earlier
versions.

This commit restores this behaviour.
2016-10-13 00:58:09 +01:00
Andres AG
effb5582dd Add test for bounds in X509 DER write funcs 2016-10-11 16:52:06 +01:00
Simon Butcher
8b459923ac Add missing dependencies to X509 Parse test suite for P-384 curve
The test script curves.pl was failing on testing dependencies for the P-384
curve on the new test cases introduced by ede75f0 and 884b4fc.
2016-07-15 12:53:25 +01:00
Janos Follath
e223527da0 X509: Future CA among trusted: add more tests 2016-07-14 12:02:56 +01:00
Janos Follath
38921c8837 X509: Future CA among trusted: add unit tests 2016-07-14 12:02:50 +01:00
Simon Butcher
64f5df5545 Changed version number to version 2.1.5 2016-06-27 19:37:08 +01:00
Janos Follath
f06edd695a Remove unused code from PKCS1v15 test suite 2016-05-18 19:36:04 +01:00
Simon Butcher
282e1d9130 Add missing config dependencies to PKCS1 V15 tests 2016-05-18 19:36:03 +01:00
Janos Follath
329149e575 Add tests to cover PKCS1 v1.5 signature functions.
The reported memory leak should have been spotted by
make memcheck
But it wasn't. Keeping the tests for better coverage.
2016-05-18 19:36:03 +01:00
Janos Follath
c184d9d34f Fix the broken pkcs1 v1.5 test.
The random buffer handed over to the test function was too small
and the remaining bytes were generated by the default (platform
dependant) function.
2016-05-18 19:36:03 +01:00
Janos Follath
b645c45865 Add tests for the bug IOTSSL-619.
The main goal with these tests is to test the bug in question and
they are not meant to test the entire PKCS#1 v1.5 behaviour. To
achieve full test coverage, further test cases are needed.
2016-05-18 19:30:09 +01:00
Simon Butcher
0705dd0588 Adds test for odd bit length RSA key size
Also tidy up ChangeLog following review.
2016-04-19 09:19:46 +01:00
Janos Follath
f6f5441fd1 x509: trailing bytes in DER: correct a unit test
One of the unit test was failing, because it was testing behavior
that was part of the bug. Updated the return value to the correct one
2016-03-15 23:48:25 +00:00
Janos Follath
79a1da6948 Improved on the previous fix and added a test case to cover both types
of carries.
2016-01-08 14:48:01 +01:00
Janos Follath
5429c0a7d0 Improved on the fix of #309 and extended the test to cover subroutines. 2016-01-08 14:48:00 +01:00
Janos Follath
d0e0c03520 Tests and fix added for #309 (inplace mpi doubling). 2016-01-08 14:47:16 +01:00
Simon Butcher
543e4366bc Change version number to 2.1.4
Changed version for library files and yotta module
2016-01-04 22:41:11 +00:00
Manuel Pégourié-Gonnard
3cb2074a82 Add test case for root with max_pathlen=0
This was already working but not tested so far

(Test case from previous commit still failing.)

Test certificates generated with:

programs/pkey/gen_key type=ec ec_curve=secp256r1 filename=cert91.key
programs/pkey/gen_key type=ec ec_curve=secp256r1 filename=cert92.key

programs/x509/cert_write serial=91 output_file=cert91.crt is_ca=1 \
    issuer_key=cert91.key issuer_name="CN=Root 9,O=mbed TLS,C=UK" \
    selfsign=1 max_pathlen=0
programs/x509/cert_write serial=92 output_file=cert92.crt \
    issuer_key=cert91.key issuer_name="CN=Root 9,O=mbed TLS,C=UK" \
    subject_key=cert92.key subject_name="CN=EE 92,O=mbed TLS,C=UK"

mv cert9?.crt tests/data_files/dir4
rm cert9?.key
2015-11-19 11:25:30 +01:00
Manuel Pégourié-Gonnard
922cd9ba36 Add test case for first intermediate max_pathlen=0
!!! This test case is currently failing !!!
(See fix in next-next commit.)

Test certificates generated with the following script:

programs/pkey/gen_key type=ec ec_curve=secp256r1 filename=cert81.key
programs/pkey/gen_key type=ec ec_curve=secp256r1 filename=cert82.key
programs/pkey/gen_key type=ec ec_curve=secp256r1 filename=cert83.key

programs/x509/cert_write serial=81 output_file=cert81.crt is_ca=1 \
    issuer_key=cert81.key issuer_name="CN=Root 8,O=mbed TLS,C=UK" \
    selfsign=1
programs/x509/cert_write serial=82 output_file=cert82.crt is_ca=1 \
    issuer_key=cert81.key issuer_name="CN=Root 8,O=mbed TLS,C=UK" \
    subject_key=cert82.key subject_name="CN=Int 82,O=mbed TLS,C=UK" \
    max_pathlen=0
programs/x509/cert_write serial=83 output_file=cert83.crt \
    issuer_key=cert82.key issuer_name="CN=Int 82,O=mbed TLS,C=UK" \
    subject_key=cert83.key subject_name="CN=EE 83,O=mbed TLS,C=UK"

mv cert8?.crt tests/data_files/dir4
rm cert8?.key
2015-11-19 11:25:27 +01:00
Simon Butcher
ef43d41f67 Changed version number to 2.1.3
Changed for library
2015-11-04 22:08:33 +00:00
Simon Butcher
5b289208cb Remove debugging code left in test case
Removed debug code from tests/suites/test_suite_x509parse.function
2015-11-04 21:50:54 +00:00
Manuel Pégourié-Gonnard
e34dcd7ec5 Use own implementation of strsep()
Not available on windows, and strtok() is not a good option
2015-11-02 06:48:40 +09:00
Manuel Pégourié-Gonnard
1d9348a06f Fix a style issue 2015-11-02 05:56:08 +09:00
Manuel Pégourié-Gonnard
fd1f9e735e Fix whitespace at EOL issues 2015-11-02 05:55:58 +09:00
Manuel Pégourié-Gonnard
841caf1b74 Use symbolic constants in test data 2015-11-02 05:55:39 +09:00
Janos Follath
36f1234d96 Additional corner cases for testing pathlen constrains. Just in case. 2015-11-02 05:55:15 +09:00
Janos Follath
c7bea3158a Added test case for pathlen constrains in intermediate certificates 2015-11-02 05:55:02 +09:00
Manuel Pégourié-Gonnard
93080dfacf Fix missing check for RSA key length on EE certs
- also adapt tests to use lesser requirement for compatibility with old
  testing material
2015-10-28 13:22:32 +01:00
Manuel Pégourié-Gonnard
c4e7d8a381 Bump version to 2.1.2
Yotta version bumped to 2.1.3, as we had to do one more patch release to the
yotta registry to accommodate for dependencies updates.
2015-10-05 19:13:36 +01:00
Manuel Pégourié-Gonnard
50a739f8c3 Add test for base64 output length 2015-09-30 16:31:10 +02:00
Manuel Pégourié-Gonnard
8cea8ad8b8 Bump version to 2.1.1 2015-09-17 11:58:45 +02:00
Manuel Pégourié-Gonnard
aac5502553 Bump version to 2.1.0 2015-09-04 14:33:31 +02:00
Simon Butcher
52754594b6 Merging iotssl-457-badtail with development branch 2015-09-03 13:06:01 +01:00
Manuel Pégourié-Gonnard
fdbdd72b8b Skip to trusted certs early in the chain
This helps in the case where an intermediate certificate is directly trusted.
In that case we want to ignore what comes after it in the chain, not only for
performance but also to avoid false negatives (eg an old root being no longer
trusted while the newer intermediate is directly trusted).

closes #220
2015-09-01 17:24:42 +02:00
Manuel Pégourié-Gonnard
560fea3767 Add tests for verify callback
As we're about to change the chain construction logic, we want to make sure
the callback will still be called exactly when it should, and not on the
(upcoming) ignored certs in the chain.
2015-09-01 17:24:42 +02:00
Manuel Pégourié-Gonnard
4d04cdcd12 Fix RSA mutex fix
Once the mutex is acquired, we must goto cleanup rather that return.
Since cleanup adjusts the return value, adjust that in test cases.

Also, at cleanup we don't want to overwrite 'ret', or we'll loose track of
errors.

see #257
2015-08-31 09:31:55 +02:00
Manuel Pégourié-Gonnard
38db006e0c Finish test in pkwrite 2015-08-19 10:24:34 +02:00
Manuel Pégourié-Gonnard
04b7eec539 Fix pkwrite test that were failing on mingw32
Apparently fread() writes some junk after the contents of the file. Don't look
at it.
2015-08-18 19:49:40 +02:00
Manuel Pégourié-Gonnard
052d10c9d5 Accept a trailing space at end of PEM lines
With certs being copy-pasted from webmails and all, this will probably become
more and more common.

closes #226
2015-07-31 11:11:26 +02:00
Paul Bakker
4cb87f409d Prepare for 2.0.0 release 2015-07-10 14:09:43 +01:00
Manuel Pégourié-Gonnard
a16e7c468c Rename a debug function 2015-06-29 20:14:19 +02:00