Commit Graph

10253 Commits

Author SHA1 Message Date
Teppo Järvelin
3137fb271a Added include platform_util.h to padlock.c to fix compile with all defines variants 2019-10-30 14:07:04 +02:00
Teppo Järvelin
91d7938761 Changed every memcpy to SCA equivalent mbedtls_platform_memcpy
This makes physical attacks more difficult.
2019-10-30 14:07:04 +02:00
Jarno Lamsa
b514cd3626 Remove dependency to MBEDTLS_ERROR_C
The test is already checking for return value
No need to check for MBEDTLS_ERROR_C -dependent print
2019-10-30 10:34:54 +02:00
Jarno Lamsa
d342805134 Added Forced ECC ciphersuite with CCM tests 2019-10-30 10:34:54 +02:00
Jarno Lamsa
c40184b44a Add test for small server packet
To allow testing with ECDHE-ECDSA with DTLS
2019-10-30 10:34:54 +02:00
Jarno Lamsa
0ed68089ee Add test for small client packet
Enable testing with ECDHE-ECDSA with DTLS
2019-10-30 10:34:54 +02:00
Jarno Lamsa
c5118b7664 Add a new keyUsage test for p256 using DTLS 2019-10-30 10:34:54 +02:00
Jarno Lamsa
ff434c2ef3 Add test for enforcing extended master secret
Only add test when both are enforcing. This is configured in baremetal.h
and is checked in the check_cmdline_compat, would render other cases
with baremetal.h to skipped.
2019-10-30 10:34:54 +02:00
Jarno Lamsa
5b944b5793 define MBEDTLS_FS_IO
This is needed for the tests using certificate-files.
2019-10-30 10:34:54 +02:00
Jarno Lamsa
7544195a44 Remove echo FORCE SKIP
This was probably an artifact from testing the cmdline_compat-stuff.
Currently only pollutes the output.
2019-10-30 10:34:54 +02:00
Simon Butcher
aeecf04be3 Merge remote-tracking branch 'public/pr/2907' into baremetal 2019-10-29 15:42:52 +00:00
Simon Butcher
8b2c642994 Merge remote-tracking branch 'public/pr/2904' into baremetal 2019-10-29 15:31:48 +00:00
Simon Butcher
f5a64048b7 Merge remote-tracking branch 'public/pr/2892' into baremetal 2019-10-29 15:30:38 +00:00
Simon Butcher
9d36fa16f8 Merge remote-tracking branch 'public/pr/2891' into baremetal 2019-10-29 15:25:26 +00:00
Simon Butcher
a85b3e4dde Merge remote-tracking branch 'public/pr/2890' into baremetal 2019-10-29 14:41:13 +00:00
Simon Butcher
2f99f3d8a2 Merge remote-tracking branch 'public/pr/2850' into baremetal 2019-10-29 14:24:33 +00:00
Arto Kinnunen
8a8488c1cf Fix mbedtls_ssl_check_record usage with ext buf
Record checking fails if mbedtls_ssl_check_record() is called with
external buffer. Received record sequence number is available in the
incoming record but it is not available in the ssl contexts `in_ctr`-
variable that is used when decoding the sequence number.

To fix the problem, temporarily update ssl context `in_ctr` to
point to the received record header and restore value later.
2019-10-29 11:13:33 +02:00
Teppo Järvelin
7800719551 Adjusted buf allocated from heap in ssl_client2 to be as small as possible 2019-10-25 14:30:33 +03:00
Teppo Järvelin
614efc268e Moved allocation checks to correct place in ssl_server2.c 2019-10-25 11:03:20 +03:00
Arto Kinnunen
4ecfbd3b16 Fix tests to work in Mbed OS test environment
Update x509parse and x509write test suites to include "x509.c" from
correct location.
2019-10-24 15:48:47 +03:00
Teppo Järvelin
99082aeac7 Fixed CI tests by overriding value MBEDTLS_ENTROPY_MAX_SOURCES
Override define MBEDTLS_ENTROPY_MAX_SOURCES from 1 to 3 in baremetal_test.h

mbedtls_entropy_init adds 2 sources already so max must be 3 so that
one source can be added with mbedtls_entropy_add_source.
2019-10-24 15:03:33 +03:00
Arto Kinnunen
0fa65aabf0 Review corrections
-Guard additional static variables with AES_ONLY_ENCRYPT
-Update config.h description about memory savings
-Update test: fix typo in all.sh and adjust compiler flags
2019-10-24 12:19:50 +03:00
Arto Kinnunen
c0a8bd40fc Tests for AES encypt only 2019-10-24 12:19:43 +03:00
Arto Kinnunen
1480444e8e Add config option for AES encryption only
-Add config option for AES encyption only to config.h. Feature is
 disabled by default.
-Enable AES encrypt only feature in baremetal.h configuration
-Remove AES encypt only feature from full config
2019-10-24 12:19:33 +03:00
Arto Kinnunen
366c13eaad Update AES 128-bit key test
Flag out 192/256-bit key tests from test_suite_cipher.gcm
2019-10-24 09:49:23 +03:00
Arto Kinnunen
4c003ca80c Update AES 128-key test
- Unset MBEDTLS_PADLOCK_C in aes_only_128_bit_keys test to get RAM
  optimised version tested
- Use compiler flag "-O1" instead of "-Wall -Wextra" to see warnings
2019-10-24 09:49:23 +03:00
Arto Kinnunen
5ed870da72 Adjust AES RAM usage according to config options
Do not reserve additionl space for mbedtls_aes_context if config
option AES_ONLY_128_BIT_KEY_LENGTH is used and PADLOCK_C is not used.
This reduces RAM usage by 96 bytes.

In baremetal configuration reserve space for 10 128-bit keys in order
to save 112 bytes of heap.
2019-10-24 09:49:23 +03:00
Arto Kinnunen
5bdafa21e0 Update version_features.c 2019-10-24 09:49:23 +03:00
Arto Kinnunen
265d162d07 Update AES-128 bit configuration
- Do not include MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH to full config
  as it requires also MBEDTLS_CTR_DRBG_USE_128_BIT_KEY

- Update check_config to check availability of flags:
   MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
   MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
2019-10-24 09:49:23 +03:00
Arto Kinnunen
60b11064c5 Update configuration
Move MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH to proper place in config.h
2019-10-24 09:49:23 +03:00
Arto Kinnunen
4ab702b24a Add AES 128-bit key dependency to tests
- Do not run tests that are using 192/256-bit keys if only
  128-bit keys are allowed for AES.
- Add AES 128-bit-only test to all.sh
2019-10-24 09:49:23 +03:00
Arto Kinnunen
77b9cfcea9 AES: add config option for 128-bit keys
Add configuration options to support only 128-bit key lengths in AES
calculation.
2019-10-24 09:49:23 +03:00
Simon Butcher
e2bf54d3d1 Merge remote-tracking branch 'public/pr/2877' into baremetal 2019-10-23 14:53:29 +01:00
Simon Butcher
713e5c365d Merge remote-tracking branch 'public/pr/2880' into baremetal 2019-10-23 14:52:27 +01:00
Simon Butcher
a26fb4c64f Merge remote-tracking branch 'public/pr/2870' into baremetal 2019-10-23 14:51:37 +01:00
Teppo Järvelin
3d414bfb65 Increased MEMORY_HEAP_SIZE to 140000 in ssl_server2 to get CI passing. 2019-10-22 14:44:13 +03:00
Teppo Järvelin
11e881b536 Changed entropy to be allocated from stack to heap in ssl_server2 2019-10-22 14:44:13 +03:00
Teppo Järvelin
8e0e48199b Changed main buf to be allocated from heap in ssl_client2 2019-10-22 14:44:13 +03:00
Teppo Järvelin
8e0fe19a6a Various changes to get CI passing after changes in ssl_server and client stack to heap 2019-10-22 14:43:56 +03:00
Manuel Pégourié-Gonnard
66491e1840 Fix undefined references to hardware_poll()
Ultimately, mbedtls_hardware_poll() is going to be provided by the
OS/environment when running on target. But for on-host programs and tests, we
need to define (a fake version) in each program that we want to be able to
link.

A previous commit took care of ssl_client2 and ssl_server2. But if we want to
be able to compile all programs, we need to modify each of them. This doesn't
seem useful, so instead let's just build the programs we need for testing -
this means only udp_proxy needs fixing in addition to what's already done.

This issue went unnoticed in the PR that introduced the new all.sh component,
because at that time the platform_memxxx() functions were not actually used in
the library (nor in programs), so the linker could live with
mbedtls_hardware_poll() not being defined, as it wasn't called anywhere. This
changed when we started using the new platform_memxxx() functions in the
library.
2019-10-22 12:50:13 +02:00
Jarno Lamsa
08d6cf2070 Modify the test_baremetal in all.sh
Allow it to run the whole ssl-opt.sh instead of filtering only to
Default, DTLS
2019-10-22 13:32:26 +03:00
Jarno Lamsa
33281d5546 Add requires entries for tests
To be able to pass the ssl_opt.sh with the baremetal configuration
2019-10-22 13:32:26 +03:00
Manuel Pégourié-Gonnard
3d01f2313b Use plain memset() in HMAC-DRBG seeding
The line above the memset() relies on the fact that V is all-zero at that
point (see the comment above), so it doesn't contain a sensitive value.
2019-10-22 10:03:07 +02:00
Manuel Pégourié-Gonnard
895454da01 Use plain memset() for public data in ssl_tls.c
- out_ctr is public because it's transmited over the wire in DTLS (and in TLS
  it can be inferred by a passive network attacker just by counting records).
- handshake mask is not a secret because it can be inferred by a passive
  network attacker just logging record sequence number seen so far.
2019-10-22 10:03:07 +02:00
Manuel Pégourié-Gonnard
ee0c35fbf5 Use plain memset() for session ID and Hello.Random
Those are public values (transmitted in the clear over the wire).
2019-10-22 10:03:07 +02:00
Manuel Pégourié-Gonnard
6bf30be457 Use plain memset() for signature transcoding
By nature, signatures don't need to be kept secret.
2019-10-22 10:03:07 +02:00
Manuel Pégourié-Gonnard
54526c3c89 Use plain memset() for freshly allocated objects
This commits reverts to plain memset() for cases like:

    some_type foo;
    memset( &foo, 0, sizeof( foo ) );

(Sometimes there is code between declaration in memset(), but it doesn't
matter as long as it doesn't touch foo.)

The reasoning is the same as in the previous commit: the stack shouldn't
contain sensitive data as we carefully wipe it after use.
2019-10-22 10:03:07 +02:00
Manuel Pégourié-Gonnard
994193326b Use plain memset() in context init functions
We call xxx_init() on a structure when it has been freshly allocated (on the
stack or heap).

At this point it contains random-looking data none of which should be
sensitive, as all sensitive data is wiped using mbedtls_platform_zeroize()
when we're done using it and the memory area is going to be reclaimed (by
exiting the function or free()ing the buffer).
2019-10-22 10:03:07 +02:00
Manuel Pégourié-Gonnard
14f33e74c0 Use platform_memset() in platform_zeroize()
We're using zeroize in many places in order to erase secrets, so we really
need it to be as secure as possible.
2019-10-22 10:03:07 +02:00
Manuel Pégourié-Gonnard
5220781b98 Fix missing include in some files
Add it in all files that use mbedtls_plaform_memset() but didn't already
include platfom_util.h.

In some configurations it just happened to work, either because it was
included indirectly or because the part of the code that used that function
was disabled, but it some configurations it broke, so let's fix it properly.
2019-10-22 10:03:07 +02:00