Commit Graph

2637 Commits

Author SHA1 Message Date
Steven Cooreman
5a3c210e15 Update to renamed curve constant
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2020-07-13 17:26:26 +02:00
Steven Cooreman
aec44e9fe8 Merge remote-tracking branch 'mbedtls/development' into montgomery-keys-clarification 2020-07-13 11:48:21 +02:00
Steven Cooreman
0024df6b37 Remove superfluous argument to ecp_write_key
Removed after feedback from PR review.

Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2020-07-13 10:59:40 +02:00
Manuel Pégourié-Gonnard
913a204a33 Fix undeclared dependency of test function
The ssl_tranform structure lacks some members accessed by this function when
CBC is not enabled.

This was found by test-ref-configs.pl and all.sh
test_when_no_ciphersuites_have_mac, so no need to add a new test.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-07-09 10:02:41 +02:00
Manuel Pégourié-Gonnard
62af37d616 Add tests with ARIA, Camellia, 3DES
Started as copies of the AES block, then:

- for ARIA, just s/AES/ARIA/
- for Camellia, just s/AES/Camellia/
- for 3DES, s/AES/3DES/ then s/3DES_128_CBC/DES_EDE3_CBC/ then manually
  subtract 8 to all plaintext lengths that were > 8. This accounts for the
fact that the block size of DES is 8 not 16.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-07-07 11:40:38 +02:00
Manuel Pégourié-Gonnard
7a1cb41ba2 Add test cases with MD5, SHA1, SHA384
All started from a copy of the SHA256 block and modified as follows:

- for MD5, just s/SHA256/MD5/
- for SHA384, adapt the dependency line then s/SHA256/SHA384
- for SHA1, s/SHA256/SHA1/ then manually adapt the plaintext length for the
  cases with "!trunc, B-1" and "!trunc, B", as the MAC length (20) is not a
multiple of the block size (16) for this hash

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-07-07 11:25:27 +02:00
Manuel Pégourié-Gonnard
e79e3bb2da Add test cases with various record sizes
- plaintext length = 0 or 1
- plaintext length + MAC length = -1 or 0 mod block_size
    (using the minimum plaintext length that works)

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-07-07 11:02:59 +02:00
Manuel Pégourié-Gonnard
527c1ff71a Generate good/bad padding programmatically
Compared to the previous approach of having the bad padding provided as input
to the testing function, this allows to test more kinds of incorrect data,
with less test cases in the .data file and more important no manually-generated
non-trivial data in the test case parameters, making it much easier to
complete the testing matrix.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-07-07 10:43:37 +02:00
Manuel Pégourié-Gonnard
fafe8553c6
Merge pull request #3392 from paul-elliott-arm/psa_ecc_dh_macros
PSA: update EC curve and DH group family macros
2020-07-07 09:20:44 +02:00
Steven Cooreman
14f0e526fb Fix Curve25519 ecp_read_key vectors to match description
They did not match their description, probably due to a botched manual
endianness conversion where the nibbles also got swapped.

Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2020-07-06 10:52:38 +02:00
Steven Cooreman
c9b7f78647 Rework mbedtls_ecp_write_key to remove unnecessary output parameter
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2020-07-06 10:52:32 +02:00
Steven Cooreman
6f5cc71ad1 Document masking of Montgomery private keys in psa_export_key
Follow the PSA Crypto specification which was updated between 1.0 beta3
and 1.0.0.
Add corresponding test cases.

Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2020-07-06 10:45:04 +02:00
Steven Cooreman
de8593f2fe Implement and test mbedtls_ecp_write_key
mbedtls_ecp_write_key is a mirror function to mbedtls_ecp_read_key, which
writes a private key back into a byte buffer in the correct format.
This is a helpful convenience function, since the byte order is defined
differently between Montgomery and Weierstrass curves. Since this difference
is accounted for in mbedtls_ecp_read_key, it made sense to add
mbedtls_ecp_write_key for the purpose of abstracting this away such that
psa_export_key doesn't need to take byte order into account.

Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2020-07-06 10:42:38 +02:00
Gilles Peskine
642a4ef0aa
Merge pull request #3463 from gilles-peskine-arm/tests-not-executed
Fix some test cases that weren't getting executed
2020-07-03 15:13:18 +02:00
Manuel Pégourié-Gonnard
0ac01a1c59 TLS: Add negative tests for non-EtM CBC decryption
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-07-03 12:49:10 +02:00
Paul Elliott
75e27032d3 Rename DH Family Macros According to PSA Spec
Rename PSA_DH_GROUP_xxx to PSA_DH_FAMILY_xxx, also rename
PSA_KEY_TYPE_GET_GROUP to PSA_KEY_TYPE_DH_GET_FAMILY and rename
psa_dh_group_t to psa_dh_family_t. Old defines are provided in
include/crypto_compat.h for backward compatibility.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2020-07-02 16:59:49 +01:00
Paul Elliott
8ff510ac26 Rename ECC Family Macros According to PSA Spec
Rename PSA_ECC_CURVE_xxx to PSA_ECC_FAMILY_xxx, also rename
PSA_KEY_TYPE_GET_CURVE to PSA_KEY_TYPE_ECC_GET_FAMILY and rename
psa_ecc_curve_t to psa_ecc_family_t. Old defines are provided in
include/crypto_compat.h for backward compatibility.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2020-07-02 16:59:30 +01:00
Janos Follath
be9a5752c2 Merge tag 'mbedtls-2.23.0' into merge-2.23.0-release-to-development
Mbed TLS 2.23.0
2020-07-01 11:23:17 +01:00
Janos Follath
0435cd8c23 Bump version to Mbed TLS 2.23.0
Executed "./scripts/bump_version.sh --version 2.23.0 --so-crypto 5"

A symbol has been removed from the mbedcrypto library since the last
release:
mbedtls_ecc_group_to_psa ( enum mbedtls_ecp_group_id grpid,
                           size_t* bits )

This is an ABI break and we need to increase the SO version.

Signed-off-by: Janos Follath <janos.follath@arm.com>
2020-06-29 22:41:30 +01:00
Gilles Peskine
82ac38ee5d
Merge pull request #3438 from ronald-cron-arm/programs-use-common-test-code
Add support to build and link test common code in programs
2020-06-29 10:29:36 +02:00
Gilles Peskine
7eefa22fb1 Fix copypasta in test case descriptions
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-06-26 22:54:47 +02:00
Gilles Peskine
b20b873bff Remove metadata tests for features that are not implemented
The metadata tests depend on the corresponding feature because there
is no guarantee that the metadata is correct if the feature is
disabled. There are metadata test cases for some algorithms and key
types that are declared but not supported. These test cases are
present but can never run.

It is debatable whether having these test cases is a good thing in
case they become runnable in the future, or a bad thing because
they're dead code. We're working on detecting test cases that are
never executed for accidental reasons (e.g. typo in a dependency or
missing configuration on the CI), and having test cases that are
deliberately never executed messes this up. So remove these test
cases. If we do implement the corresponding feature, it'll be easy to
add the corresponding metadata test cases.

The features that had metadata tests but no implementations were:

* SHA-512/256 and SHA-512/224 (hypothetical dependency: MBEDTLS_SHA512_256)
* DSA (hypothetical dependency: MBEDTLS_DSA_C)
* SHA-3 and HMAC-SHA-3 (hypothetical dependency: MBEDTLS_SHA3_C)

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-06-26 22:48:06 +02:00
Gilles Peskine
af9dbc9213 Fix dependency in PSA test cases
The test cases were never executed.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-06-26 22:45:30 +02:00
Gilles Peskine
a911b32e2f Fix dependency in AES GCM test case
The test case was never executed.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-06-26 22:40:58 +02:00
Gilles Peskine
961914df12
Merge pull request #3382 from stevew817/feature/volatile-keys-in-SE
Support volatile keys in external SE
2020-06-26 20:27:11 +02:00
Ronald Cron
a0c2539c4c Rework mbedtls_test_unhexify()
Rework mbedtls_test_unhexify to extend its scope of usage.
Return in error when the function detects an error instead
of calling mbedtls_exit().
Improve safety by checking the output buffer is not overrun.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-06-26 10:45:16 +02:00
Ronald Cron
9ed4073ea5 tests: Get rid of mbedtls_test_unhexify() in unit test code
In test functions calling mbedtls_test_unhexify(), change the
type of the associated parameters from `char*` to `data_t`.

That way the `unhexify` operation is done by the test
framework and not by the unit test code.

Use for the new parameters of type data_t the name of the
local variable that use to store the `unhexify` version of
the `char*` parameter.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-06-26 10:45:16 +02:00
Ronald Cron
c7ba560481 tests: ccm: Prepare to char* to data_t* type change
In preparation of changing the type of some parameters
of mbedtls_ccm_star_encrypt_and_tag/auth_decrypt from
`char *` to `data_t` to get rid of the calls to
mbedtls_test_unhexify():

- Change the name of parameters and local variables to
  clarify which ones are related to the outputs of the
  library functions under test and which ones are
  related to the expected values of those outputs.

- Use two different buffers to store the plain and cipher
  text as expected by the library functions.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-06-26 10:45:16 +02:00
Ronald Cron
df02eb00e0 tests: aes.ofb: Prepare to char* to data_t* type change
In preparation of changing the type of some parameters
of aes_encrypt_ofb() from `char *` to `data_t` to get rid
of the calls to mbedtls_test_unhexify():

- Change the name of parameters and local variables to
  clarify which ones are related to the outputs of the
  library functions under test and which ones are
  related to the expected values of those outputs.

- Add assertion on fragment_size parameter

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-06-26 10:45:16 +02:00
Ronald Cron
7370185ae3 tests: nist_kw: Prepare to char* to data_t* type change
In preparation of changing the type of some parameters
of mbedtls_nist_kw_wrap/unwrap() from `char *` to `data_t`
to get rid of the calls to mbedtls_test_unhexify():

- Change the name of parameters and local variables to
  clarify which ones are related to the outputs of the
  library functions under test and which ones are
  related to the expected values of those outputs.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-06-26 10:45:16 +02:00
Ronald Cron
7e512718fe tests: chacha20: Prepare to char* to data_t* type change
In preparation of changing the type of some parameters of
test_chacha20() from `char *` to `data_t` to get rid of the
calls to mbedtls_test_unhexify():

- Reduce the size of output[] buffer to 375 as its content
  is "ASCII expended" into a buffer of 751 bytes.
- Align naming of variables to store and check the
  output of mbedtls_chacha20_crypt(). No *dst* variables
  anynore, only *output* variables.
- Use two different buffers to store the expected output
  of mbedtls_chacha20_crypt() (expected_output_str[]) and
  the ASCII string representation of the output of
  mbedtls_chacha20_crypt() (output_string[]). Both were
  stored in dst_str[] before.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-06-26 10:45:16 +02:00
Ronald Cron
4030833bfe tests: hkdf: Prepare to char* to data_t* type change
In preparation of changing the type of some parameters
of test_hkdf() from `char *` to `data_t` to get rid of the
calls to mbedtls_test_unhexify():

- Align naming of variables related to the expected okm
- Rename `okm_hex[]` to `okm_string[]`
- Added TEST_ASSERT( expected_okm_len <= sizeof( okm ) ) to check
  that the okm[] buffer is large enough for the okm output.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-06-26 10:45:16 +02:00
Ronald Cron
e85a2c30bd tests: aria: Prepare to char* to data_t* type change
In preparation of changing the type of some parameters
of some test functions from `char *` to `data_t` to get
rid of the calls to mbedtls_test_unhexify():

- Align the name of source data length local variable
  with the name of the local variable containing the
  source data, respectively src_str and src_str_len.
- Change the type of length, index local variables
  from int to size_t.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-06-26 10:45:16 +02:00
Gilles Peskine
dda104558b
Merge pull request #3419 from ndilieto/development
Pass "certificate policies" extension to callback
2020-06-23 09:35:45 +02:00
Manuel Pégourié-Gonnard
25c7dbe342
Merge pull request #3435 from paul-elliott-arm/fix_dangerous_parameters
Remove Dangerous Parameter Passing
2020-06-22 09:37:00 +02:00
Manuel Pégourié-Gonnard
d335f2b6cb
Merge pull request #3421 from niacat/posix_c_source
Define _POSIX_C_SOURCE to be 200112L, as a minimum for C99.
2020-06-18 13:01:38 +02:00
Nicola Di Lieto
b77fad8ebe test_suite_x509parse.function improvement
as suggested in
https://github.com/ARMmbed/mbedtls/pull/3419#discussion_r441433697

also removed two no longer necessary void casts

Signed-off-by: Nicola Di Lieto <nicola.dilieto@gmail.com>
2020-06-17 17:59:49 +02:00
Nicola Di Lieto
c84b1e6aa0 Pass "certificate policies" extension to callback
Pass the "certificate policies" extension to the callback supplied to
mbedtls_x509_crt_parse_der_with_ext_cb() if it contains unsupported
policies. This allows the callback to fully replicate the behaviour
of the deprecated MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION
configuration.

Signed-off-by: Nicola Di Lieto <nicola.dilieto@gmail.com>
2020-06-17 17:55:29 +02:00
Steven Cooreman
f5a5e45ed1 Refactor equality-testing asserts in SE driver tests to TEST_EQUAL
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2020-06-17 13:54:18 +02:00
Steven Cooreman
a50f28338b Add test to check key ID's from the vendor range are accepted
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2020-06-17 13:52:42 +02:00
Paul Elliott
6a81eb6106 Remove Dangerous Parameter Passing
Another coverity bug - #350039

When this test discovers a key of the wrong type, it still throws it
through the export function in order to check that it too will detect
this as a not permitted action. For the buffer and buffer length
arguments it passes in a local pointer (which will most likely be NULL),
and the sizeof that pointer, as it knows that they will never be used.
Coverity rightly (imho) flagged this as suspicious - if we are going to
pass in incorrect parameters, at least make them obviously incorrect, and
ones that will not potentially cause errors if the code later changes.
There is, for example safety checks for zero length buffer, but less
protection for an insufficiently sized one.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2020-06-16 14:34:55 +01:00
Manuel Pégourié-Gonnard
9dfcae8b94
Merge pull request #3426 from paul-elliott-arm/resource_leak
Fix for resource leak in test_suite_ssl
2020-06-16 10:00:18 +02:00
Manuel Pégourié-Gonnard
b21b1f5e7c
Merge pull request #3387 from ronald-cron-arm/tests-common-code
Add support to build and link common code in tests
2020-06-15 11:33:19 +02:00
Ronald Cron
6c5bd7fd51 tests: Reformating due to rnd_* renaming
Command to find the files in which lines have gone
larger than 79 characters due to the renaming:

grep '.\{80\}' \
    `git diff-tree --no-commit-id --name-only -r HEAD` \
    | grep "\<mbedtls_test_rnd_"

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-06-12 14:33:08 +02:00
Ronald Cron
351f0eee20 tests: Add mbedtls_test_ prefix to rnd_* symbols
Add mbedtls_test_ prefix to rnd_buf_info and
rnd_pseudo_info types, to rnd_std_rand(),
rnd_zero_rand(), rnd_buffer_rand() and
rnd_pseudo_rand() functions.

Command to change *.function files:
find . -name "*.function" -exec awk -i inplace \
    '{sub(/rnd_(buf_info|pseudo_info|std_rand| \
    zero_rand|buffer_rand|pseudo_rand)/, \
    "mbedtls_test_&")}1' {} \;

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-06-12 14:33:08 +02:00
Ronald Cron
2dbba99708 tests: Reformating due to hexcmp() renaming
Command to find the files in which lines have gone
larger than 79 characters due to the renaming:

grep '.\{80\}' \
`git diff-tree --no-commit-id --name-only -r HEAD` \
| grep hexcmp

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-06-12 14:33:08 +02:00
Ronald Cron
de70b165a4 tests: Add mbedtls_test_ prefix to hexcmp()
Add mbedtls_test_ prefix to hexcmp() test helper
function.

Command to change *.function files:
find . -name "*.function" -exec awk -i inplace \
    '{sub(/hexcmp\>/,"mbedtls_test_&")}1' {} \;

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-06-12 14:33:08 +02:00
Ronald Cron
f73ab008d2 tests: Reformating due to unhexify_alloc() renaming
Command to find the files in which lines have gone
larger than 79 characters due to the renaming:

grep '.\{80\}' \
    `git diff-tree --no-commit-id --name-only -r HEAD` \
    | grep unhexify_alloc

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-06-12 14:33:08 +02:00
Ronald Cron
a256c7025f tests: Add mbedtls_test_ prefix to unhexify_alloc()
Add mbedtls_test_ prefix to unhexify_alloc() test helper
functions.

Command to change *.function files:
find . -name "*.function" -exec awk -i inplace \
    '{sub(/unhexify_alloc\>/,"mbedtls_test_&")}1' {} \;

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-06-12 14:33:08 +02:00
Ronald Cron
690f3ebe92 tests: Add mbedtls_test_ prefix to zero_alloc()
Add mbedtls_test_ prefix to zero_alloc() test helper
function.

Command to change *.function files:
find . -name "*.function" -exec awk -i inplace \
    '{sub(/zero_alloc/,"mbedtls_test_&")}1' {} \;

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-06-12 14:33:08 +02:00
Ronald Cron
ff31eab938 tests: Reformating due to *hexify functions renaming
Command to find the files in which lines have gone
larger than 79 characters due to the renaming:

grep '.\{80\}' \
`git diff-tree --no-commit-id --name-only -r HEAD` \
| grep hexify

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-06-12 14:33:08 +02:00
Ronald Cron
72d628f7f5 tests: Add mbedtls_test_ prefix to *hexify functions
Add mbedtls_test_ prefix to hexify() and unhexify()
test helper functions.

Command to change *.function files:
find . -name "*.function" -exec awk -i inplace \
    '{sub(/(un|)hexify\>/,"mbedtls_test_&")}1' {} \;

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-06-12 14:33:08 +02:00
Ronald Cron
e9c09f1efc tests: Add mbedtls_test_ prefix to platform_* functions
Add mbedtls_test_ prefix to platform_setup() and
platform_teardown() test helper functions.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-06-12 14:33:08 +02:00
Ronald Cron
2058d56fcc tests: Move random helper functions
Move helper functions to generate random numbers
from helpers.functions to random.c.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-06-12 14:33:08 +02:00
Ronald Cron
b7eb67fb74 tests: Add random.c and random.h files
The purpose of random.c file is to contain the helper
functions to generate random numbers that have been
in helpers.function so far.

The purpose of random.h is to contain the interface
exposed by random.c thus helper function prototypes.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-06-12 14:33:08 +02:00
Ronald Cron
f40529d5f4 tests: Move generic helper functions
Move generic helper functions from helpers.functions
to helpers.c

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-06-12 14:33:08 +02:00
Ronald Cron
b6d6d4c61a tests: Add helpers.c and helpers.h files
The purpose of helpers.c file is to contain the helper
functions that have been in helpers.function so far and
that are not related to the mechanism of unit test
execution and not related to random number generation
(will be moved in a dedicated file).

The purpose of helpers.h is to contain the interface
exposed by helpers.c thus helper function prototypes.

Make the changes in the build systems (make and cmake)
to build helpers.c and link it to test executables
along with mbedtls library.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-06-12 14:33:00 +02:00
Paul Elliott
6f1eda710c Fix for resource leak in test_suite_ssl
Fix for coverity bugs 349041, 349052

Allocated pointers could potentially be leaked in the case of errors.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2020-06-11 20:27:08 +01:00
nia
1c0c837ddc Define _POSIX_C_SOURCE to be 200112L, as a minimum for C99.
Strict platforms cannot be expected to accept C99 code as valid
when earlier standards versions are selected.

This helps the programs build on Solaris-like platforms (e.g.
illumos).

Fixes #3420

Signed-off-by: nia <nia@netbsd.org>
2020-06-11 18:39:28 +01:00
Janos Follath
5b66d44f5a
Merge pull request #3195 from paul-elliott-arm/development
Add min/max version negotiation to unit tests
2020-06-10 16:03:58 +01:00
Ronald Cron
849930a50e tests: Move generic macros to macros.h
Move generic macros from helpers.function to macros.h.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-06-10 16:03:47 +02:00
Ronald Cron
4b8b199ead tests: Add macros.h include file
Just adding an empty file. The purpose of this header
file is to contain the definition of generic macros
used for the purpose of testing.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-06-10 16:03:47 +02:00
Ronald Cron
f91c495379 tests: helpers: Update static qualifiers
In preparation of moving the content of helpers.function
to its own compilation unit, remove/add static qualifiers
where appropriate.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-06-10 16:03:47 +02:00
Ronald Cron
02c78b7825 tests: Create an include folder
Create an include folder dedicated to include files for
tests. With the upcoming work on tests for PSA crypto
drivers the number of includes specific to tests is going
to increase significantly thus create a dedicated folder.

Don't put the include files in the include folder but in
include/test folder. This way test headers can be included
using a test/* path pattern as mbedtls and psa headers
are included using an mbedtls/* and psa/* path pattern.
This makes explicit the scope of the test headers.

Move the existing includes for tests into include/test and
update the code and build systems (make and cmake)
accordingly.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-06-10 16:03:05 +02:00
Manuel Pégourié-Gonnard
87a51aa08e
Merge pull request #3243 from ndilieto/development
New mbedtls_x509_crt_parse_der_with_ext_cb() routine
2020-06-10 12:59:58 +02:00
Paul Elliott
c857044e94 Add min/max version negotiation to unit tests
Add the min/max version negotiation tests from ssl-opt.sh as unit
tests for the sake of utility and easier running of tests during
development

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2020-06-09 17:00:58 +01:00
Steven Cooreman
223f2877be Add test to check that volatile external keys do not get persisted
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2020-06-08 18:35:16 +02:00
Manuel Pégourié-Gonnard
a7f6d25e12
Merge pull request #3400 from mpg/fix-hmac-drbg-deps-dev
Fix undeclared dependencies on HMAC_DRBG and add test
2020-06-05 11:50:02 +02:00
Manuel Pégourié-Gonnard
e860fef438
Merge pull request #3318 from Jonas4420/development
Fix potential memory leak in EC multiplication
2020-06-05 11:43:52 +02:00
Manuel Pégourié-Gonnard
c03d499a58 Fix undeclared dep on deterministic ECDSA in test
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-06-05 09:21:49 +02:00
Janos Follath
bba4c17b7a
Merge pull request #3315 from hanno-arm/tls13-experimental-macro
Add support for TLS 1.3 record protection routines
2020-06-04 15:51:54 +01:00
Manuel Pégourié-Gonnard
6abc20e0e3
Merge pull request #3378 from mpg/fix-ctr-drbg-deps
Fix undeclared dependencies on CTR_DRBG (and add test)
2020-06-03 10:55:52 +02:00
Gilles Peskine
d6916d74c5
Merge pull request #3121 from gilles-peskine-arm/invasive_testing_strategy-crypto
Invasive testing strategy

Create a new header `common.h`.

Introduce a configuration option `MBEDTLS_TEST_HOOKS` for test-specific code, to be used in accordance with the invasive testing strategy.
2020-06-02 16:55:48 +02:00
Nicola Di Lieto
e58b4638e5 Unsupported extension tests in test_suite_x509parse
All combinations of critical or not, recognized or not by the
callback are now tested as requested in
https://github.com/ARMmbed/mbedtls/pull/3243#discussion_r432647880

In addition pass the OID of the unsupported extension to be parsed
to the callback using the opaque pointer, which makes the tests fail
if the library forwards the wrong pointer to the callback, as
requested in
https://github.com/ARMmbed/mbedtls/pull/3243#discussion_r432647392

Signed-off-by: Nicola Di Lieto <nicola.dilieto@gmail.com>
2020-05-29 23:11:28 +02:00
Manuel Pégourié-Gonnard
d12402ffc0 Fix undeclared deps on MBEDTLS_CTR_DRBG in tests
While at it, declare deps on ENTROPY as well.

A non-regression test will be added in a follow-up commit.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-05-29 11:27:07 +02:00
Nicola Di Lieto
5659e7e889 Add opaque context to mbedtls_x509_crt_ext_cb_t
Signed-off-by: Nicola Di Lieto <nicola.dilieto@gmail.com>
2020-05-28 23:41:38 +02:00
Nicola Di Lieto
17bb60c0f1 Tests for mbedtls_x509_crt_parse_der_with_ext_cb
Signed-off-by: Nicola Di Lieto <nicola.dilieto@gmail.com>
2020-05-28 23:20:47 +02:00
Hanno Becker
b54094bd7c Fix copy-pasta in TLS 1.3 record protection unit test names
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2020-05-28 15:41:44 +01:00
Hanno Becker
e683287710 Adapt SSL record protection unit test to setup TLS 1.3 transforms
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2020-05-28 10:32:23 +01:00
Hanno Becker
b2713abb8f Enhance record encryption unit tests by checking hidden content type
TLS 1.3 and DTLS 1.2 + CID hide the real content type of a record
within the record's inner plaintext, while always using the same
content type for the protected record:
- TLS 1.3 always uses ApplicationData
- DTLS 1.2 + CID always uses a special CID content type.

This commit enhances the record encryption unit test to check
that the record content type is indeed correctly hidden.

Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2020-05-28 10:32:23 +01:00
Hanno Becker
3169dad48b Add unit tests for TLS 1.3 record encryption
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2020-05-28 10:32:23 +01:00
Koh M. Nakagawa
46b8782a72 fix mbedtls_x509_dn_gets to escape non-ASCII characters
Signed-off-by: Koh M. Nakagawa <tsunekou1019@gmail.com>
2020-05-21 01:56:55 +09:00
Jonas
923d579369 Add test cases to check rng failure
Signed-off-by: Jonas <jonas.lejeune4420@gmail.com>
2020-05-13 14:25:47 +09:00
Gilles Peskine
344e15b010 Update SE support to pass a location when registering a driver
Now that lifetimes have structures and secure element drivers handle
all the lifetimes with a certain location, update driver registration
to take a location as argument rather than a lifetime.

This commit updates the tests.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-05-11 11:15:26 +02:00
Gilles Peskine
d9f694960f
Merge pull request #3190 from gilles-peskine-arm/config-full-clarify-development
Clarify that the full config enables everything that can be tested together
2020-05-04 12:29:09 +02:00
Gilles Peskine
dd2feead99
Merge pull request #3229 from gabor-mezei-arm/development
Fix spurious message about outcome file when running all.sh
2020-04-30 18:01:18 +02:00
Kenneth Soerensen
518d435e7b Fix GCC format-signedness warnings
Signed-off-by: Kenneth Soerensen <knnthsrnsn@gmail.com>
2020-04-22 16:01:48 +02:00
gabor-mezei-arm
88d7eee00b Check for empty string in outcome file name
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2020-04-22 11:07:34 +02:00
Gilles Peskine
31f88a29de Strict C99: make sure that fileno() is declared
<stdio.h> only declares the non-ISO-C function fileno() if an
appropriate POSIX symbol is defined or if using a compiler such as GCC
in non-pedantic mode. Define the appropriate POSIX symbol.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-04-20 15:39:36 +02:00
Gilles Peskine
b72df54f9b
Merge pull request #2840 from k-stachowiak/check-bounds-of-test-intex-in-suites
Add lower bound check to function index lookup
2020-04-20 15:19:55 +02:00
Gilles Peskine
5f69cbe2cc
Merge pull request #3155 from ronald-cron-arm/unmet-dependencies-buffer-overflow-fix
Unmet dependencies buffer overflow fix
2020-04-17 10:08:14 +02:00
Jaeden Amero
31f4cd9de2
Merge pull request #3192 from AndrzejKurek/max_pathlen_overflow
Guard from undefined behaviour in case of an INT_MAX max_pathlen
2020-04-16 16:29:44 +01:00
Andrzej Kurek
1605074f97
Guard from undefined behaviour in case of an INT_MAX max_pathlen
When parsing a certificate with the basic constraints extension
the max_pathlen that was read from it was incremented regardless
of its value. However, if the max_pathlen is equal to INT_MAX (which
is highly unlikely), an undefined behaviour would occur.
This commit adds a check to ensure that such value is not accepted
as valid. Relevant tests for INT_MAX and INT_MAX-1 are also introduced.
Certificates added in this commit were generated using the
test_suite_x509write, function test_x509_crt_check. Input data taken 
from the "Certificate write check Server1 SHA1" test case, so the generated
files are like the "server1.crt", but with the "is_ca" field set to 1 and
max_pathlen as described by the file name.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2020-04-15 06:15:45 -04:00
Gilles Peskine
6710e15921 Enable X509_ALLOW_EXTENSIONS_NON_V3 in config full and fix tests
Enable MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3 in the full config. There's
no reason to keep it out. We weren't testing it at all on the CI.

Add a missing dependency on !MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3 to
some test cases that either were testing that v3 extensions are only
accepted in v3 certificates, or where parsing returns a different
error when MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3 is enabled.

Add a few positive and negative test cases with
MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3 enabled.

Fix one test case with MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3 where the
intended output of mbedtls_x509_crt_info had changed in
890819a597 but the test case was missed
because it was never executed.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-04-14 21:32:53 +02:00
Gilles Peskine
72d40fc6ca Fix build failure with MBEDTLS_PLATFORM_NV_SEED_ALT
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-04-14 21:32:53 +02:00
Janos Follath
ac15f842a5 Merge remote-tracking branch 'restricted/pr/684' into mbedtls-2.22.0r0 2020-04-14 08:16:27 +01:00
Andrzej Kurek
8ea6872889
Improve pointer calculations when resizing I/O buffers
This commit introduces two changes:
- Add in_msg and out_msg calculations for buffer upsizing. This was previously
considered as unnecessary, but renegotiation using certain ciphersuites needs
this.
- Improving the way out_msg and in_msg pointers are calculated, so that even 
if no resizing is introduced, the pointers remain the same;

New tests added:
- various renegotiation schemes with a range of MFL's and ciphersuites;
- an ssl-opt.sh test exercising two things that were problematic: renegotiation
with TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8 and a server MFL that's smaller
than the one negotiated by the client.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2020-04-09 04:33:00 -04:00
Janos Follath
876e0259d5 Bump version to Mbed TLS 2.22.0
Signed-off-by: Janos Follath <janos.follath@arm.com>
2020-04-08 17:15:18 +01:00
Ronald Cron
67a8a37b91 unit test: Indicate missing unmet dependencies
The identifiers of the unmet dependencies of a test case are
stored in a buffer of fixed size that can be potentially to
small to store all the unmet dependencies. Indicate in test
reports if some unmet dependencies are missing.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-04-02 14:18:49 +02:00
Ronald Cron
e1a05a534a unit tests main: Fix potential buffer overflow
Fix potential buffer overflow when tracking the unmet dependencies
of a test case. The identifiers of unmet dependencies are stored
in an array of fixed size. Ensure that we don't overrun the array.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-04-02 14:18:26 +02:00