Commit Graph

2686 Commits

Author SHA1 Message Date
Ronald Cron
72d628f7f5 tests: Add mbedtls_test_ prefix to *hexify functions
Add mbedtls_test_ prefix to hexify() and unhexify()
test helper functions.

Command to change *.function files:
find . -name "*.function" -exec awk -i inplace \
    '{sub(/(un|)hexify\>/,"mbedtls_test_&")}1' {} \;

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-06-12 14:33:08 +02:00
Ronald Cron
e9c09f1efc tests: Add mbedtls_test_ prefix to platform_* functions
Add mbedtls_test_ prefix to platform_setup() and
platform_teardown() test helper functions.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-06-12 14:33:08 +02:00
Ronald Cron
2058d56fcc tests: Move random helper functions
Move helper functions to generate random numbers
from helpers.functions to random.c.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-06-12 14:33:08 +02:00
Ronald Cron
b7eb67fb74 tests: Add random.c and random.h files
The purpose of random.c file is to contain the helper
functions to generate random numbers that have been
in helpers.function so far.

The purpose of random.h is to contain the interface
exposed by random.c thus helper function prototypes.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-06-12 14:33:08 +02:00
Ronald Cron
f40529d5f4 tests: Move generic helper functions
Move generic helper functions from helpers.functions
to helpers.c

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-06-12 14:33:08 +02:00
Ronald Cron
b6d6d4c61a tests: Add helpers.c and helpers.h files
The purpose of helpers.c file is to contain the helper
functions that have been in helpers.function so far and
that are not related to the mechanism of unit test
execution and not related to random number generation
(will be moved in a dedicated file).

The purpose of helpers.h is to contain the interface
exposed by helpers.c thus helper function prototypes.

Make the changes in the build systems (make and cmake)
to build helpers.c and link it to test executables
along with mbedtls library.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-06-12 14:33:00 +02:00
Paul Elliott
6f1eda710c Fix for resource leak in test_suite_ssl
Fix for coverity bugs 349041, 349052

Allocated pointers could potentially be leaked in the case of errors.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2020-06-11 20:27:08 +01:00
nia
1c0c837ddc Define _POSIX_C_SOURCE to be 200112L, as a minimum for C99.
Strict platforms cannot be expected to accept C99 code as valid
when earlier standards versions are selected.

This helps the programs build on Solaris-like platforms (e.g.
illumos).

Fixes #3420

Signed-off-by: nia <nia@netbsd.org>
2020-06-11 18:39:28 +01:00
Janos Follath
5b66d44f5a
Merge pull request #3195 from paul-elliott-arm/development
Add min/max version negotiation to unit tests
2020-06-10 16:03:58 +01:00
Ronald Cron
849930a50e tests: Move generic macros to macros.h
Move generic macros from helpers.function to macros.h.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-06-10 16:03:47 +02:00
Ronald Cron
4b8b199ead tests: Add macros.h include file
Just adding an empty file. The purpose of this header
file is to contain the definition of generic macros
used for the purpose of testing.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-06-10 16:03:47 +02:00
Ronald Cron
f91c495379 tests: helpers: Update static qualifiers
In preparation of moving the content of helpers.function
to its own compilation unit, remove/add static qualifiers
where appropriate.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-06-10 16:03:47 +02:00
Ronald Cron
02c78b7825 tests: Create an include folder
Create an include folder dedicated to include files for
tests. With the upcoming work on tests for PSA crypto
drivers the number of includes specific to tests is going
to increase significantly thus create a dedicated folder.

Don't put the include files in the include folder but in
include/test folder. This way test headers can be included
using a test/* path pattern as mbedtls and psa headers
are included using an mbedtls/* and psa/* path pattern.
This makes explicit the scope of the test headers.

Move the existing includes for tests into include/test and
update the code and build systems (make and cmake)
accordingly.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-06-10 16:03:05 +02:00
Manuel Pégourié-Gonnard
87a51aa08e
Merge pull request #3243 from ndilieto/development
New mbedtls_x509_crt_parse_der_with_ext_cb() routine
2020-06-10 12:59:58 +02:00
Paul Elliott
c857044e94 Add min/max version negotiation to unit tests
Add the min/max version negotiation tests from ssl-opt.sh as unit
tests for the sake of utility and easier running of tests during
development

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2020-06-09 17:00:58 +01:00
Steven Cooreman
223f2877be Add test to check that volatile external keys do not get persisted
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2020-06-08 18:35:16 +02:00
Manuel Pégourié-Gonnard
a7f6d25e12
Merge pull request #3400 from mpg/fix-hmac-drbg-deps-dev
Fix undeclared dependencies on HMAC_DRBG and add test
2020-06-05 11:50:02 +02:00
Manuel Pégourié-Gonnard
e860fef438
Merge pull request #3318 from Jonas4420/development
Fix potential memory leak in EC multiplication
2020-06-05 11:43:52 +02:00
Manuel Pégourié-Gonnard
c03d499a58 Fix undeclared dep on deterministic ECDSA in test
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-06-05 09:21:49 +02:00
Janos Follath
bba4c17b7a
Merge pull request #3315 from hanno-arm/tls13-experimental-macro
Add support for TLS 1.3 record protection routines
2020-06-04 15:51:54 +01:00
Manuel Pégourié-Gonnard
6abc20e0e3
Merge pull request #3378 from mpg/fix-ctr-drbg-deps
Fix undeclared dependencies on CTR_DRBG (and add test)
2020-06-03 10:55:52 +02:00
Gilles Peskine
d6916d74c5
Merge pull request #3121 from gilles-peskine-arm/invasive_testing_strategy-crypto
Invasive testing strategy

Create a new header `common.h`.

Introduce a configuration option `MBEDTLS_TEST_HOOKS` for test-specific code, to be used in accordance with the invasive testing strategy.
2020-06-02 16:55:48 +02:00
Nicola Di Lieto
e58b4638e5 Unsupported extension tests in test_suite_x509parse
All combinations of critical or not, recognized or not by the
callback are now tested as requested in
https://github.com/ARMmbed/mbedtls/pull/3243#discussion_r432647880

In addition pass the OID of the unsupported extension to be parsed
to the callback using the opaque pointer, which makes the tests fail
if the library forwards the wrong pointer to the callback, as
requested in
https://github.com/ARMmbed/mbedtls/pull/3243#discussion_r432647392

Signed-off-by: Nicola Di Lieto <nicola.dilieto@gmail.com>
2020-05-29 23:11:28 +02:00
Manuel Pégourié-Gonnard
d12402ffc0 Fix undeclared deps on MBEDTLS_CTR_DRBG in tests
While at it, declare deps on ENTROPY as well.

A non-regression test will be added in a follow-up commit.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-05-29 11:27:07 +02:00
Nicola Di Lieto
5659e7e889 Add opaque context to mbedtls_x509_crt_ext_cb_t
Signed-off-by: Nicola Di Lieto <nicola.dilieto@gmail.com>
2020-05-28 23:41:38 +02:00
Nicola Di Lieto
17bb60c0f1 Tests for mbedtls_x509_crt_parse_der_with_ext_cb
Signed-off-by: Nicola Di Lieto <nicola.dilieto@gmail.com>
2020-05-28 23:20:47 +02:00
Hanno Becker
b54094bd7c Fix copy-pasta in TLS 1.3 record protection unit test names
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2020-05-28 15:41:44 +01:00
Hanno Becker
e683287710 Adapt SSL record protection unit test to setup TLS 1.3 transforms
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2020-05-28 10:32:23 +01:00
Hanno Becker
b2713abb8f Enhance record encryption unit tests by checking hidden content type
TLS 1.3 and DTLS 1.2 + CID hide the real content type of a record
within the record's inner plaintext, while always using the same
content type for the protected record:
- TLS 1.3 always uses ApplicationData
- DTLS 1.2 + CID always uses a special CID content type.

This commit enhances the record encryption unit test to check
that the record content type is indeed correctly hidden.

Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2020-05-28 10:32:23 +01:00
Hanno Becker
3169dad48b Add unit tests for TLS 1.3 record encryption
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2020-05-28 10:32:23 +01:00
Koh M. Nakagawa
46b8782a72 fix mbedtls_x509_dn_gets to escape non-ASCII characters
Signed-off-by: Koh M. Nakagawa <tsunekou1019@gmail.com>
2020-05-21 01:56:55 +09:00
Jonas
923d579369 Add test cases to check rng failure
Signed-off-by: Jonas <jonas.lejeune4420@gmail.com>
2020-05-13 14:25:47 +09:00
Gilles Peskine
344e15b010 Update SE support to pass a location when registering a driver
Now that lifetimes have structures and secure element drivers handle
all the lifetimes with a certain location, update driver registration
to take a location as argument rather than a lifetime.

This commit updates the tests.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-05-11 11:15:26 +02:00
Gilles Peskine
d9f694960f
Merge pull request #3190 from gilles-peskine-arm/config-full-clarify-development
Clarify that the full config enables everything that can be tested together
2020-05-04 12:29:09 +02:00
Gilles Peskine
dd2feead99
Merge pull request #3229 from gabor-mezei-arm/development
Fix spurious message about outcome file when running all.sh
2020-04-30 18:01:18 +02:00
Kenneth Soerensen
518d435e7b Fix GCC format-signedness warnings
Signed-off-by: Kenneth Soerensen <knnthsrnsn@gmail.com>
2020-04-22 16:01:48 +02:00
gabor-mezei-arm
88d7eee00b Check for empty string in outcome file name
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2020-04-22 11:07:34 +02:00
Gilles Peskine
31f88a29de Strict C99: make sure that fileno() is declared
<stdio.h> only declares the non-ISO-C function fileno() if an
appropriate POSIX symbol is defined or if using a compiler such as GCC
in non-pedantic mode. Define the appropriate POSIX symbol.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-04-20 15:39:36 +02:00
Gilles Peskine
b72df54f9b
Merge pull request #2840 from k-stachowiak/check-bounds-of-test-intex-in-suites
Add lower bound check to function index lookup
2020-04-20 15:19:55 +02:00
Gilles Peskine
5f69cbe2cc
Merge pull request #3155 from ronald-cron-arm/unmet-dependencies-buffer-overflow-fix
Unmet dependencies buffer overflow fix
2020-04-17 10:08:14 +02:00
Jaeden Amero
31f4cd9de2
Merge pull request #3192 from AndrzejKurek/max_pathlen_overflow
Guard from undefined behaviour in case of an INT_MAX max_pathlen
2020-04-16 16:29:44 +01:00
Andrzej Kurek
1605074f97
Guard from undefined behaviour in case of an INT_MAX max_pathlen
When parsing a certificate with the basic constraints extension
the max_pathlen that was read from it was incremented regardless
of its value. However, if the max_pathlen is equal to INT_MAX (which
is highly unlikely), an undefined behaviour would occur.
This commit adds a check to ensure that such value is not accepted
as valid. Relevant tests for INT_MAX and INT_MAX-1 are also introduced.
Certificates added in this commit were generated using the
test_suite_x509write, function test_x509_crt_check. Input data taken 
from the "Certificate write check Server1 SHA1" test case, so the generated
files are like the "server1.crt", but with the "is_ca" field set to 1 and
max_pathlen as described by the file name.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2020-04-15 06:15:45 -04:00
Gilles Peskine
6710e15921 Enable X509_ALLOW_EXTENSIONS_NON_V3 in config full and fix tests
Enable MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3 in the full config. There's
no reason to keep it out. We weren't testing it at all on the CI.

Add a missing dependency on !MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3 to
some test cases that either were testing that v3 extensions are only
accepted in v3 certificates, or where parsing returns a different
error when MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3 is enabled.

Add a few positive and negative test cases with
MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3 enabled.

Fix one test case with MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3 where the
intended output of mbedtls_x509_crt_info had changed in
890819a597 but the test case was missed
because it was never executed.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-04-14 21:32:53 +02:00
Gilles Peskine
72d40fc6ca Fix build failure with MBEDTLS_PLATFORM_NV_SEED_ALT
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-04-14 21:32:53 +02:00
Janos Follath
ac15f842a5 Merge remote-tracking branch 'restricted/pr/684' into mbedtls-2.22.0r0 2020-04-14 08:16:27 +01:00
Andrzej Kurek
8ea6872889
Improve pointer calculations when resizing I/O buffers
This commit introduces two changes:
- Add in_msg and out_msg calculations for buffer upsizing. This was previously
considered as unnecessary, but renegotiation using certain ciphersuites needs
this.
- Improving the way out_msg and in_msg pointers are calculated, so that even 
if no resizing is introduced, the pointers remain the same;

New tests added:
- various renegotiation schemes with a range of MFL's and ciphersuites;
- an ssl-opt.sh test exercising two things that were problematic: renegotiation
with TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8 and a server MFL that's smaller
than the one negotiated by the client.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2020-04-09 04:33:00 -04:00
Janos Follath
876e0259d5 Bump version to Mbed TLS 2.22.0
Signed-off-by: Janos Follath <janos.follath@arm.com>
2020-04-08 17:15:18 +01:00
Ronald Cron
67a8a37b91 unit test: Indicate missing unmet dependencies
The identifiers of the unmet dependencies of a test case are
stored in a buffer of fixed size that can be potentially to
small to store all the unmet dependencies. Indicate in test
reports if some unmet dependencies are missing.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-04-02 14:18:49 +02:00
Ronald Cron
e1a05a534a unit tests main: Fix potential buffer overflow
Fix potential buffer overflow when tracking the unmet dependencies
of a test case. The identifiers of unmet dependencies are stored
in an array of fixed size. Ensure that we don't overrun the array.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-04-02 14:18:26 +02:00
Gilles Peskine
06725c985f Fix intermittent crash in test suites with outcome file enabled
Fix an intermittent crash when running test suites in non-verbose
mode (i.e. with -v off) and with the outcome file enabled. The
array unmet_dependencies was only filled in verbose mode, but was used
in write_outcome_result regardless.

Since unmet_dependencies only ever contains strings that are integers
written out in decimal, store the integer instead. Do this
unconditionally since it doesn't cost any extra memory.

It would be better to record the dependency names, both in the verbose
output and in the outcome file. But the dependency names are not
currently available at runtime.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-03-30 22:00:23 +02:00
Gilles Peskine
5d324b203a Merge remote-tracking branch 'upstream-crypto/development' into HEAD
Conflicts:
* .github/issue_template.md, .github/pull_request_template.md:
  The changes in Mbed Crypto are not relevant to Mbed TLS. Keep the
  mbedtls versions.
2020-03-25 15:47:43 +01:00
Gilles Peskine
3b310c69a5 Add a note to some invasive tests
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-03-24 22:55:48 +01:00
Andrzej Kurek
1b7a780e65
Increase test coverage by adding AES and CAMELLIA empty buffer tests
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2020-03-24 13:18:58 -04:00
Gilles Peskine
5e7d6fd240 Merge 'mbedtls/development' into merge-crypto-unremoved-20200304
Merge the latest state of the target branch (mbedtls/development) into the
pull request to merge mbed-crypto into mbedtls.

Conflicts:

* ChangeLog: add/add conflict. Resolve by using the usual section order.
2020-03-23 18:02:07 +01:00
Gilles Peskine
049fefff90 Add dependencies on !MBEDTLS_SHA512_NO_SHA384 to x509/ssl unit tests
Add dependencies on !MBEDTLS_SHA512_NO_SHA384 to X.509 and SSL unit
tests that use SHA-384 (identified based on having a description that
contains "SHA384" or "SHA-384").
2020-03-23 17:55:32 +01:00
Gilles Peskine
6eb45f99f0 Add missing dependency on MBEDTLS_CIPHER_MODE_CBC 2020-03-23 17:55:32 +01:00
Gilles Peskine
19e841e19f Fix warning about a potentially initialized variable
The variable drop_len is only used under conditions where it has been
initialized, but this is somewhat fragile and not obvious for a
compiler to see.
2020-03-23 17:55:32 +01:00
Gilles Peskine
eccd888717 Rename identifiers containing double-underscore
Rename identifiers containing double-underscore (`__`) to avoid `__`.
The reason to avoid double-underscore is that all identifiers
containing double-underscore are reserved in C++. Rename all such
identifiers that appear in any public header, including ssl_internal.h
which is in principle private but in practice is installed with the
public headers.

This commit makes check-names.sh pass.

```
perl -i -pe 's/\bMBEDTLS_SSL__ECP_RESTARTABLE\b/MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED/g; s/\bMBEDTLS_KEY_EXCHANGE_(_\w+)_(_\w+)\b/MBEDTLS_KEY_EXCHANGE${1}${2}/g' include/mbedtls/*.h library/*.c programs/*/*.c scripts/data_files/rename-1.3-2.0.txt tests/suites/*.function
```
2020-03-23 17:55:32 +01:00
Gilles Peskine
b99bd39b4e Merge mbed-crypto into mbedtls: the merge commit
Merge `unremove-non-crypto` into `mbedtls/development`. The branch
`unremove-non-crypto` was obtained by starting from `mbed-crypto/development`,
then reverting many commits that removed X.509 and TLS functionality when Mbed
Crypto forked from Mbed TLS (the “unremoval”), then make a few tweaks to
facilitate the merge.

The unremoval step restored old versions of some tls files. If a file doesn't
exist in mbed-crypto, check out the mbedtls version, regardless of what
happened during the unremoval of tls files in the crypto tree. Also
unconditionally take the mbedtls version of a few files where the
modifications are completely project-specific and are not relevant in
mbed-crypto:

* `.github/issue_template.md`: completely different. We may want to reconcile
  them independently as a follow-up.
* `.travis.yml`: would only be reverted to an earlier tls version.
* `README.md`: completely different. We may want to reconcile them
  independently as a follow-up.
* `doxygen/input/doc_mainpage.h`: the changes in crypto were minimal and not
  relevant except as a stopgap as mbed-crypto did not have its own product
  versioning in the Doxygen documentation.
* `tests/.jenkins/Jenkinsfile`: completely different.
* `tests/data_files/Makefile`: there were no changes in mbed-crypto,
  but the unremoval step restored an old version.

Shell script for everything to do after the merge apart from the conflict
resolution:
```
tls_files=($(comm -23 <(git ls-tree -r --name-only HEAD) <(git ls-tree -r --name-only $(git merge-base upstream-crypto/development MERGE_HEAD))))
tls_files+=($tls_files .github/issue_template.md .travis.yml README.md doxygen/input/doc_mainpage.h tests/.jenkins/Jenkinsfile tests/data_files/Makefile)
git checkout --theirs HEAD -- $tls_files
git add -- $tls_files
```

Resolve the remaining conflicts:

* `library/CMakeLists.txt`:
    * Keep the TLS definition of `src_crypto`
    * `USE_SHARED_MBEDTLS_LIBRARY`: keep all three libraries, with both
      `include` and `crypto/include` in `target_include_directories`, all with
      version `2.21.0`.
* `programs/Makefile`:
    * Reconcile the APPS lists (add/add from a differently-formatted common
      ancestor): insert the `psa/*` from crypto into the tls list.
    * Keep the `fuzz` target defined only in tls version.
    * Keep the recipe (only in tls version) cleaning `ssl_pthread_server`
      stuff for the `clean` target.
* `scripts/config.py`:
    * `include_in_full`: add/add conflict. Keep both.
* `tests/scripts/all.sh`:
    * `component_test_no_use_psa_crypto_full_cmake_asan`: partially old
      version in crypto. Take the tls version.
    * `component_test_malloc_0_null` and more: take
      `component_test_malloc_0_null` from crypto (with `config.py` rather than
      `config.pl`, and with `$ASAN_FLAGS` rather than an explicit list), but
      add the call to `ssl-opt.sh` from tls. Take the other components from
      crypto.

With this commit, building and running the unit tests with both `make ` and
`cmake` work in the default configuration on Linux. Other platforms, build
systems and configurations are likely not to work, and there is some
regression in test coverage.

There is some loss of functionality because the unremoval step restored older
versions of tls content. This commit contains the latest tls version of
tls-only files, but some changes from the tls side in files that existed on
both sides have regressed. Most problematic changes are hunks that remove some
tls-specific feature and contain either a C preprocessor symbol identifying a
tls-specific module or option, or the name of a tls-specific file. Hunks
that remove a tls-specific preprocessor symbol can be identified with the
regular expression `^-.*MBEDTLS_(ERR_)?(PKCS11|X509|NET|SSL)_`.

Subsequent commits will revert a few parts of the patch from this merge commit
in order to restore the tls functionality that it removes, ensure that the
test coverage includes what was covered in either branch, and fix test
failures.
2020-03-23 17:54:46 +01:00
Gilles Peskine
7dc97048d6 Revert "Remove tests that depend on TLS or X.509"
This reverts commit 9afb2e9921.

Conflicts:
* include/CMakeLists.txt
  * "Make config.h available" comment: there has been a change
    adjacent to where it was removed. Just re-add what was removed.
* tests/CMakeLists.txt:
  * compat.sh: there has been a change immediately before where it was
    removed. Just re-add what was removed.
2020-03-19 14:17:54 +01:00
Piotr Nowicki
438bf3b667 App data with 1/n-1 splitting in test suite
Counting of the fragments has been shifted from the writing section to
the reading. This is more reliable because one reading is made for one
fragment and during one write the library can internally divide data
into two fragments

Signed-off-by: Piotr Nowicki <piotr.nowicki@arm.com>
2020-03-12 16:57:05 +01:00
Jaeden Amero
c31f970a46
Merge pull request #3075 from AndrzejKurek/variable-buffer-size
Variable buffer size
2020-03-10 21:46:35 +04:00
Jaeden Amero
55727c33eb
Merge pull request #3088 from AndrzejKurek/ssl-mocks-coverity
test_suite_ssl: fix coverity issues with uninitialized members
2020-03-09 19:14:47 +04:00
Andrzej Kurek
89bdc580ca
test_suite_ssl: check for errors during queue setup
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2020-03-09 06:31:18 -04:00
Andrzej Kurek
45916ba916
test_suite_ssl: fix coverity issues with uninitialized members
Initialize variables to NULL before doing any operations that might fail.
This fixes a case where the allocation fails on the first context, which 
previously made the code free the second, uninitialized context.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2020-03-05 14:47:01 -05:00
Andrzej Kurek
0afa2a1b65
Add I/O buffer resizing in handshake init and free
Add a conditional buffer resizing feature. Introduce tests exercising
it in various setups (serialization, renegotiation, mfl manipulations).
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2020-03-04 09:28:16 -05:00
Simon Butcher
49f8e3157c Fix warning with gcc7/maximum allocation exceeded
Adds an additional boundary check to the test parameter bytes_arg in
generate_random() in test_suite_psa_crypto.function.

This is to check against a possible underflow, and to avoid a warning,
"argument ... exceeds maximum object size", (-Werror=alloc-size-larger-than)
that GCC 7 generates.

Signed-off-by: Simon Butcher <simon.butcher@arm.com>
2020-03-03 17:28:05 +00:00
Darryl Green
aad82f9bbb
Add variable buffer length tests to all.sh
Exercise the feature alone, with record splitting and DTLS connection ID.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
Signed-off-by: Darryl Green <darryl.green@arm.com>
2020-03-03 10:44:57 -05:00
Piotr Nowicki
bde7ee88a6
Add DTLS handshake fragmentation test
For this test it is good to have a handshake messages length as big as
possible, so for the server the certificate verification mode is
changed from default NONE to REQUIRED. It requires the client to send
certificate date to the server during handshake

Signed-off-by: Piotr Nowicki <piotr.nowicki@arm.com>
2020-02-27 09:31:42 -05:00
Andrzej Kurek
8a6ff15079
test_suite_ssl refactoring: provide default options structure for tests
Create and provide a structure with default options so that the caller won't have
to pass all of the parameters each time the handshake is called. In the future
this can be improved so that the options are passed as a string, just like in
ssl-opt.sh.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2020-02-26 09:10:14 -05:00
Andrzej Kurek
316da1f86e
test_suite_ssl refactoring: merge renegotiation test into handshake
Move the renegotiation test to a shared handshake function to simplify further
addition of tests.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2020-02-26 09:03:47 -05:00
Andrzej Kurek
9e9efdc277
test_suite_ssl refactoring: merge tls & dtls application data tests
Move the app data tests to a shared handshake function to simplify further 
addition of tests.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2020-02-26 09:00:18 -05:00
Piotr Nowicki
95e9eb8d91 Add test for renegotiation in DTLS
Signed-off-by: Piotr Nowicki <piotr.nowicki@arm.com>
2020-02-25 14:15:00 +01:00
Piotr Nowicki
6a7f01c237 Add test with sending application data via DTLS
Signed-off-by: Piotr Nowicki <piotr.nowicki@arm.com>
2020-02-25 14:10:15 +01:00
Andrzej Kurek
da2b67806b
Add a dtls handshake test with context serialization
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2020-02-24 04:56:53 -05:00
Jaeden Amero
a08e699afc
Merge pull request #3036 from AndrzejKurek/dtls-handshake-tests
DTLS handshake tests
2020-02-21 15:18:52 +04:00
Janos Follath
84d2fd4ee2 Bump version to Mbed TLS 2.21.0 2020-02-19 14:35:16 +00:00
Janos Follath
cf4a40ba0a
Merge pull request #370 from yanesca/update-version-2.21.0
Bump version to Mbed TLS 2.21.0
2020-02-19 14:21:11 +00:00
Janos Follath
bc7c2424c9 Bump version to Mbed TLS 2.21.0 2020-02-19 11:51:13 +00:00
Manuel Pégourié-Gonnard
9bbe328752 Test each failure mode of pk_parse_key_pkcs1_der()
(Only the top-level ones, ie, for each call to eg asn1_get_mpi(), ensure
there's at least one test case that makes this call fail in one way, but don't
test the various ways to make asn1_get_mpi fail - that should be covered
elsewhere.)

- the new checks added by the previous commits needed exercising
- existing tests sometimes had wrong descriptions or where passing for the
  wrong reason (eg with the "length mismatch" test, the function actually
failed before reaching the length check)
- while at it, add tests for the rest as well

The valid minimal-size key was generated with:

openssl genrsa 128 2>/dev/null | openssl rsa -outform der 2>/dev/null | xxd -p
2020-02-18 10:31:29 +01:00
Manuel Pégourié-Gonnard
b65370f97d Clean up test function pk_parse_key
- remove incorrect compile-time dependency (the individual cases already have
  correct run-time dependency information)
- remove unused argument
- remove unused stack buffer
- remove useless code block
2020-02-18 10:18:43 +01:00
Andrzej Kurek
941962eb91 Add DTLS handshake tests for the mocked ssl test suite
Starting with TLS 1.1
2020-02-12 09:18:19 -05:00
Andrzej Kurek
15daf50b05 Parametrize the endpoint init and free to prepare for DTLS tests 2020-02-12 09:17:52 -05:00
Andrzej Kurek
1a44a159ef Change the order of endpoint initialization steps
Wrong order caused the `protected_record_size` to be of wrong size, hence
causing the server to receive a malformed message in case of a DTLS test.
2020-02-10 03:53:49 -05:00
Andrzej Kurek
f46b9128b6 Change test queue errors to SSL_WANT_WRITE and SSL_WANT_READ
Simulate real behavior better, so that higher abstraction layers know when
the buffers are empty and full.
2020-02-10 03:53:49 -05:00
Piotr Nowicki
c3fca5e876 Add tests with sending application data to test_suite_ssl 2020-02-07 09:14:04 +01:00
Manuel Pégourié-Gonnard
4d8c836cdc
Merge pull request #346 from gilles-peskine-arm/mpi_copy_shrink
Improve robustness and testing of mbedtls_mpi_copy
2020-02-06 09:52:01 +01:00
Janos Follath
f317dc4918
Merge pull request #350 from gilles-peskine-arm/asn1-tests-parse_prefixes-trailing_garbage
test_suite_asn1parse: improve testing of trailing garbage in parse_prefixes
2020-02-05 15:40:22 +00:00
Jaeden Amero
c64eb63aaa
Merge pull request #3021 from AndrzejKurek/handshake-tests
Handshake tests with mocked I/O callbacks
2020-02-05 13:50:20 +00:00
Andrzej Kurek
cc5169ce32 Add a PSK test to the mocked ssl handshake tests 2020-02-05 07:26:19 -05:00
Gilles Peskine
5da20cc569
Merge pull request #3023 from gilles-peskine-arm/config-crypto
Add crypto-only preset configurations
2020-02-05 11:17:56 +01:00
Andrzej Kurek
f40daa3f05 Add version & ciphersuite tests to ssl handshake
Add tests exercising various protocol versions and ciphersuites
in the mocked ssl handshake.
2020-02-04 09:00:01 -05:00
Gilles Peskine
2579675935 Merge remote-tracking branch 'upstream-public/development' into development
Files deleted by us: keep them deleted.

```
git rm $(git status -s | sed -n 's/^DU //p')
```

Individual files with conflicts:

* `README.md`: keep the crypto version.
* `doxygen/input/doc_mainpage.h`: keep the crypto version (with an obsolete Mbed Crypto version number).
* `include/mbedtls/error.h`:
    * `ERROR`: similar additions made through parallel commits, with only whitespace differences. Align with the tls version.
* `library/CMakeLists.txt`: keep the crypto version.
* `library/Makefile`: keep the crypto version.
* `scripts/generate_errors.pl`: keep the crypto version (the relevant changes were made through parallel commits).
* `tests/scripts/check-test-cases.py`:
    * `Results`: keep the crypto version, which has both the new argument to the constructor (added in crypto only) and the class docstring (added through parallel commits).
* `tests/suites/helpers.function`:
    * `ARRAY_LENGTH`, `ASSERT_ALLOC`: additions in the same location. Keep both, in indifferent order.
* `tests/suites/target_test.function`:
    * `receive_uint32`: keep the crypto version which has an additional bug fix. The tls changes made in tls are irrelevant after this bug fix.
* `visualc/VS2010/mbedTLS.vcxproj`: run `scripts/generate_visualc_files.pl`.

Review of non-conflicting changes:

* `all.sh`: 1 change.
    * zlib test components: don't add them.
* `include/CMakeLists.txt`: 1 change.
    * `target_include_directories`: doesn't work as is (different target name). Don't take the change.
* All other non-conflicting changes: take them.
2020-02-03 18:52:36 +01:00
Gilles Peskine
a9da093617 shrink tests: clearer description 2020-02-03 16:18:30 +01:00
Gilles Peskine
9a6ecee4de Move test functions from Lilliput to Blefuscu
We normally represent bignums in big-endian order and there is no
reason to deviate here.
2020-02-03 16:15:47 +01:00
Andrzej Kurek
b29807413e Refactor certificates and keys in ssl handshake mock tests
Let the caller decide what certificates and keys are loaded (EC/RSA)
instead of loading both for the server, and an unspecified one 
for the client. Use only DER encoding.
2020-02-02 19:25:26 -05:00
Hanno Becker
199b709e53 ASN.1: Add ASN.1 SEQUENCE traversal API 2020-01-31 15:37:26 +00:00
Hanno Becker
12ae27dd0e ASN.1: Introduce helper function to free ASN.1 sequence 2020-01-31 15:37:26 +00:00
Gilles Peskine
f4e672ec9e Add missing compilation guards in test suite
Fix the build when MBEDTLS_USE_PSA_CRYPTO is set but
MBEDTLS_X509_CSR_WRITE_C is not.
2020-01-31 14:22:10 +01:00
Gilles Peskine
7cfcb3fc03 Change the encoding of key types to have a parity bit
Change the encoding of key types, EC curve families and DH group
families to make the low-order bit a parity bit (with even parity).

This ensures that distinct key type values always have a Hamming
distance of at least 2, which makes it easier for implementations to
resist single bit flips.
2020-01-31 10:24:21 +01:00
Gilles Peskine
7d7c8dc8b0 Test parsing invalid key type in storage 2020-01-31 10:24:21 +01:00
Gilles Peskine
f65ed6f254 Change key types to a 16-bit encoding
All key types now have an encoding on 32 bits where the bottom 16 bits
are zero. Change to using 16 bits only.

Keep 32 bits for key types in storage, but move the significant
half-word from the top to the bottom.

Likewise, change EC curve and DH group families from 32 bits out of
which the top 8 and bottom 16 bits are zero, to 8 bits only.

Reorder psa_core_key_attributes_t to avoid padding.
2020-01-31 10:24:21 +01:00
Gilles Peskine
b87b719467 Remove old values of curve encodings
Remove the values of curve encodings that are based on the TLS registry
and include the curve size, keeping only the new encoding that merely
encodes a curve family in 8 bits.

Keep the old constant names as aliases for the new values and
deprecate the old names.
2020-01-31 10:24:21 +01:00
Gilles Peskine
80d26fb56f Switch psa_crypto tests to the new curve encoding 2020-01-31 10:24:21 +01:00
Gilles Peskine
89177e862b Convert USE_PSA_CRYPTO pk interface to the new PSA EC curve encoding 2020-01-31 10:15:32 +01:00
Gilles Peskine
33b1c69908 pk tests: USE_PSA_CRYPTO: test several curves 2020-01-31 10:15:32 +01:00
Gilles Peskine
85f47c9d69 pk tests: USE_PSA_CRYPTO: test attributes of the PSA key 2020-01-31 10:15:32 +01:00
Gilles Peskine
45c29ce4c0 Move size-specific curve/group constants to crypto_compat.h 2020-01-31 10:15:32 +01:00
Gilles Peskine
228abc5773 Define EC curve family constants
Define constants for ECC curve families and DH group families. These
constants have 0x0000 in the lower 16 bits of the key type.

Support these constants in the implementation and in the PSA metadata
tests.

Switch the slot management and secure element driver HAL tests to the
new curve encodings. This requires SE driver code to become slightly
more clever when figuring out the bit-size of an imported EC key since
it now needs to take the data size into account.

Switch some documentation to the new encodings.

Remove the macro PSA_ECC_CURVE_BITS which can no longer be implemented.
2020-01-31 10:15:32 +01:00
Gilles Peskine
025fccdc32 Change the encoding of EC curves and DH groups to include the size
Change the representation of psa_ecc_curve_t and psa_dh_group_t from
the IETF 16-bit encoding to a custom 24-bit encoding where the upper 8
bits represent a curve family and the lower 16 bits are the key size
in bits. Families are based on naming and mathematical similarity,
with sufficiently precise families that no two curves in a family have
the same bit size (for example SECP-R1 and SECP-R2 are two different
families).

As a consequence, the lower 16 bits of a key type value are always
either the key size or 0.
2020-01-31 10:15:32 +01:00
Gilles Peskine
4295e8b9c5 Rework PSA curve to mbedlts group id conversion
Don't rely on the bit size encoded in the PSA curve identifier, in
preparation for removing that.

For some inputs, the error code on EC key creation changes from
PSA_ERROR_INVALID_ARGUMENT to PSA_ERROR_NOT_SUPPORTED or vice versa.
There will be further such changes in subsequent commits.
2020-01-31 10:15:32 +01:00
Gilles Peskine
7bfcfac164 Change key type encodings to avoid bit 16
Key types are now encoded through a category in the upper 4 bits (bits
28-31) and a type-within-category in the next 11 bits (bits 17-27),
with bit 16 unused and bits 0-15 only used for the EC curve or DH
group.

For symmetric keys, bits 20-22 encode the block size (0x0=stream,
0x3=8B, 0x4=16B).
2020-01-31 10:15:32 +01:00
Piotr Nowicki
2a1f178d7c Add test for prescribed states of handshake with the custom IO callbacks 2020-01-31 10:06:04 +01:00
Gilles Peskine
88e08464f5 Add dedicated test cases for psa_hash_compare
psa_hash_compare is tested for good cases and invalid-signature cases
in hash_compute_compare. Also test invalid-argument cases. Also run a
few autonomous test cases with valid arguments.
2020-01-30 12:27:14 +01:00
Gilles Peskine
29eb80d26c Remove some spurious dependencies on MBEDTLS_SHA256_C 2020-01-30 12:27:14 +01:00
Gilles Peskine
7b8efaffaa Add missing dependencies on MBEDTLS_MD_C
The PSA implementations of deterministic ECDSA, of all RSA signatures
and of RSA OAEP use the MD module.
2020-01-30 12:27:14 +01:00
Gilles Peskine
aead02cce9 Remove obsolete dependencies on MBEDTLS_MD_C
The PSA implementation of hash algorithms, HMAC algorithms and KDF
algorithms using HMAC no longer use the MD module.
2020-01-30 12:27:14 +01:00
Gilles Peskine
0a749c8fa3 Implement and test psa_hash_compute, psa_hash_compare 2020-01-30 12:27:12 +01:00
Jaeden Amero
79ef1d4e55
Merge pull request #2987 from AndrzejKurek/iotssl-2958-datagram-transport-simulated
Message transport mocks in ssl tests
2020-01-30 10:23:27 +00:00
Manuel Pégourié-Gonnard
f712e163b0
Merge pull request #179 from mpg/sha512-no-sha384
Add option to build SHA-512 without SHA-384
2020-01-30 10:32:20 +01:00
Janos Follath
8b38978b85
Merge pull request #349 from gilles-peskine-arm/coverity-20200115-crypto
Fix minor defects found by Coverity
2020-01-29 15:05:11 +00:00
Janos Follath
ba1150f822 Merge pull request #2995 from gilles-peskine-arm/coverity-20200115-tls into development 2020-01-29 14:51:24 +00:00
Jaeden Amero
bfc73bcfd2
Merge pull request #2988 from piotr-now/iotssl-2954-custom-io-callbacks-to-ssl-unit-test
Changes in custom IO callbacks used in unit tests
2020-01-28 14:46:13 +00:00
Piotr Nowicki
d796e19d3b Fix memory allocation fail in TCP mock socket
Because two buffers were aliased too early in the code, it was possible that
after an allocation failure, free() would be called twice for the same pointer.
2020-01-28 13:04:21 +01:00
Piotr Nowicki
890b5ca330 Change non-blocking read/write in TCP mock socket
Previously mocked non-blocking read/write was returning 0 when buffer was empty/full. That was causing ERR_SSL_CONN_EOF error in tests which was using these mocked callbacks. Beside that non-blocking read/write was returning ERR_SSL_WANT_READ/_WRITE depending on block pattern set by test design. Such behavior forced to redesign of these functions so that they could be used in other tests
2020-01-22 14:15:17 +01:00
Piotr Nowicki
fb437d72ef Fix segmentation fault in mbedtls_test_buffer
This error occurs when free space in the buffer is in the middle (the buffer has come full circle) and function mbedtls_test_buffer_put is called. Then the arguments for memcpy are calculated incorrectly and program ends with segmentation fault
2020-01-22 13:25:36 +01:00
Andrzej Kurek
bc483dea84 Add a message-based socket mock connection to the ssl tests
The connection will send/receive full messages.
2020-01-22 06:38:03 -05:00
Andrzej Kurek
13719cdae4 Add a message metadata queue in ssl tests
Add a metadata queue that will be used on top of the ring buffer callbacks.
Add normal and negative tests.
2020-01-22 06:36:39 -05:00
Andrzej Kurek
f7774146b6 ssl test suite: enable dropping bytes from buffer
Add an option to not pass any buffer to mbedtls_test_buffer_get to drop data.
2020-01-22 06:34:59 -05:00
Gilles Peskine
95c893d17f More systematic handling of trailing garbage in parse_prefixes
Before, the string to parse may contain trailing garbage (there was
never more than one byte), and there was a separate argument
indicating the length of the content. Now, the string to parse is the
exact content, and the test code runs an extra test step with a
trailing byte added.
2020-01-21 21:29:37 +01:00
Gilles Peskine
ef4183858a Document how tested prefix lengths are chosen 2020-01-21 21:29:37 +01:00
Gilles Peskine
9c673233bc Fix outcome file leak if execute_tests exits early
If there was a fatal error (bizarre behavior from the standard
library, or missing test data file), execute_tests did not close the
outcome file. Fix this.
2020-01-21 18:03:56 +01:00
Gilles Peskine
84984ae220 Add missing return code check on calls to mbedtls_md() 2020-01-21 16:52:08 +01:00
Gilles Peskine
9018b11302 Check that mbedtls_mpi_grow succeeds 2020-01-21 16:30:53 +01:00
Gilles Peskine
292672eb12 If ASSERT_ALLOC_WEAK fails, mark the test as skipped, not passed
This was the intended behavior of ASSERT_ALLOC_WEAK all along, but
skipping was not implemented yet when ASSERT_ALLOC_WEAK was
introduced.
2020-01-21 16:20:04 +01:00
Gilles Peskine
42a1acfd0e get_len_step: Fix end-of-buffer calculation when buffer_size==0
Fix get_len_step when buffer_size==0. The intent of this test is to
ensure (via static or runtime buffer overflow analysis) that
mbedtls_asn1_get_len does not attempt to access beyond the end of the
buffer. When buffer_size is 0 (reached from get_len when parsing a
1-byte buffer), the buffer is buf[1..1] because allocating a 0-byte
buffer might yield a null pointer rather than a valid pointer. In this
case the end of the buffer is p==buf+1, not buf+buffer_size which is
buf+0.

The test passed because calling mbedtls_asn1_get_len(&p,end,...) with
end < p happens to work, but this is not guaranteed.
2020-01-21 16:12:07 +01:00
Janos Follath
2e9f108fbd Bump version to Mbed TLS 2.20.0 2020-01-21 14:08:26 +00:00
Gilles Peskine
7428b45126 Better coverage for copy and swap
Cover more cases: different signs, different zeronesses, repeated
argument.
2020-01-20 21:01:51 +01:00
Gilles Peskine
72d7609f82 Bignum copy/shrink: More precise test case descriptions 2020-01-20 17:19:03 +01:00
Janos Follath
83f33d33eb Bump version to Mbed TLS 2.20.0 2020-01-20 14:52:29 +00:00
Janos Follath
d27a88438f Merge branch 'development' into development-restricted 2020-01-15 15:55:11 +00:00
Manuel Pégourié-Gonnard
86a39bdbc5 Improve readability of test dependencies
- Always put MBEDTLS_SHA512_NO_SHA384 immediately after MBEDTLS_SHA512_C
- Remove duplicate occurrences of MBEDTLS_SHA512_NO_SHA384 on the same line
2020-01-07 10:24:17 +01:00
Manuel Pégourié-Gonnard
6ba5a3fc57 Declare test dependencies on !SHA512_NO_SHA384 2020-01-06 11:40:23 +01:00
Gilles Peskine
180850a229
Merge pull request #291 from gilles-peskine-arm/ctr_drbg-test_aes_128
Test MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
2019-12-20 10:43:44 +01:00
Gilles Peskine
7a1925c453 Add a few EC public key import/export test cases
Test a Brainpool curve and a curve whose bit size is not a multiple of 8.
2019-12-12 09:00:27 +01:00
Gilles Peskine
f8210f2bd5 Test the block size for symmetric keys
Also insist on their category.

Fix a missing implementation of PSA_BLOCK_CIPHER_BLOCK_SIZE for
ChaCha20.
2019-12-12 09:00:27 +01:00
Gilles Peskine
92f2da9d67 More precise descriptions for format and parse tests 2019-12-12 09:00:27 +01:00
Gilles Peskine
fb745bf618 Fix memory failure handling in test_format_storage_data_check
Fail the test instead of crashing if a memory allocation fails.

Free memory even if the test fails.
2019-12-12 09:00:26 +01:00
Gilles Peskine
667c111416 Sanity checks for key attributes in exercise_key 2019-12-12 09:00:26 +01:00
Janos Follath
c673c2cd44 Break up the ssl_mock_tcp unit test
Break the test up to three different tests for the sake of
better readability and maintainability.
2019-12-09 09:10:21 +00:00
Janos Follath
3766ba50de Add non-blocking mock TCP callbacks to SSL tests 2019-12-09 09:10:21 +00:00
Janos Follath
031827feba Add mbedtls_mock_socket to SSL unit tests
In a unit test we want to avoid accessing the network. To test the
handshake in the unit test suite we need to implement a connection
between the server and the client. This socket implementation uses
two ring buffers to mock the transport layer.
2019-12-09 09:10:14 +00:00
Gilles Peskine
81f7909497
Merge pull request #325 from gilles-peskine-arm/psa-sign_hash
Rename psa_asymmetric_{sign_verify} to psa_{sign,verify}_hash
2019-12-06 10:10:14 +01:00
Janos Follath
6264e66ba4 Add mbedtls_test_buffer to SSL unit tests
In a unit test we want to avoid accessing the network. To test the
handshake in the unit test suite we need to implement a connection
between the server and the client. This ring buffer implementation will
serve as the said connection.
2019-12-06 07:23:49 +00:00
Gilles Peskine
2ff02c361e Document MBEDTLS_TEST_DEPRECATED 2019-11-29 12:17:21 +01:00
Gilles Peskine
895242be1c Add negative test cases for deprecated aliases
Catch more potential plumbing errors such as not returning the right
value or not writing to an output parameter.
2019-11-29 12:15:40 +01:00
Janos Follath
512fe9673f Fix test assert macro calls
The assert() macro in test is not available anymore. It is superseeded
by TEST_HELPER_ASSERT().
2019-11-29 10:13:32 +00:00
Gilles Peskine
6608e71032 Change ASSERT_ALLOC to take a size in elements, not bytes
`ASSERT_ALLOC(p, length)` now allocates `length` elements, i.e.
`length * sizeof(*p)` bytes.
2019-11-29 10:13:32 +00:00
Gilles Peskine
28405300ee New macro ASSERT_ALLOC to allocate memory in tests
The new macro ASSERT_ALLOC allocates memory with mbedtls_calloc and
fails the test if the allocation fails. It outputs a null pointer if
the requested size is 0. It is meant to replace existing calls to
mbedtls_calloc.
2019-11-29 10:13:32 +00:00
Gilles Peskine
7bb1a7e0bf
Merge pull request #307 from msopiha-linaro/development
Add ASN.1 ENUMERATED tag support
2019-11-28 10:20:18 +01:00
Gilles Peskine
06c28890c9 Add test function for effective key attributes
We're going to create some edge cases where the attributes of a key
are not bitwise identical to the attributes passed during creation.
Have a test function ready for that.
2019-11-26 19:14:18 +01:00
Gilles Peskine
0627f98779 Add tests of deprecated PSA functions
Test psa_asymmetric_sign and psa_asymmetric_verify.
2019-11-26 19:14:07 +01:00
Gilles Peskine
841b14be02 Add tests of deprecated PSA macros
When MBEDTLS_TEST_DEPRECATED is defined, run some additional tests to
validate deprecated PSA macros. We don't need to test deprecated
features extensively, but we should at least ensure that they don't
break the build.

Add some code to component_build_deprecated in all.sh to run these
tests with MBEDTLS_DEPRECATED_WARNING enabled. The tests are also
executed when MBEDTLS_DEPRECATED_WARNING and
MBEDTLS_DEPRECATED_REMOVED are both disabled.
2019-11-26 19:12:35 +01:00
Gilles Peskine
1a96049e30 Make the key_policy test function more flexible 2019-11-26 19:08:55 +01:00
Gilles Peskine
b951fd9330
Merge pull request #310 from gilles-peskine-arm/memory_buffer_alloc-fatal-pass
Clarify test descriptions in test_suite_memory_buffer_alloc
2019-11-26 18:52:24 +01:00
Gilles Peskine
8f4df81506
Merge pull request #293 from gilles-peskine-arm/entropy-min
Always gather MBEDTLS_ENTROPY_BLOCK_SIZE bytes of entropy
2019-11-26 18:43:45 +01:00
Gilles Peskine
89d8c5c447 Rename some signature-related identifiers
Rename some macros and functions related to signature which are
changing as part of the addition of psa_sign_message and
psa_verify_message.

perl -i -pe '%t = (
PSA_KEY_USAGE_SIGN => PSA_KEY_USAGE_SIGN_HASH,
PSA_KEY_USAGE_VERIFY => PSA_KEY_USAGE_VERIFY_HASH,
PSA_ASYMMETRIC_SIGNATURE_MAX_SIZE => PSA_SIGNATURE_MAX_SIZE,
PSA_ASYMMETRIC_SIGN_OUTPUT_SIZE => PSA_SIGN_OUTPUT_SIZE,
psa_asymmetric_sign => psa_sign_hash,
psa_asymmetric_verify => psa_verify_hash,
); s/\b(@{[join("|", keys %t)]})\b/$t{$1}/ge' $(git ls-files . ':!:**/crypto_compat.h')
2019-11-26 18:20:59 +01:00
Gilles Peskine
cbd91e013c Fix entropy_threshold when MBEDTLS_TEST_NULL_ENTROPY is enabled
Don't use the default entropy sources so as not to depend on their
characteristics.
2019-11-25 19:50:54 +01:00
Gilles Peskine
ae679390a2 Fix entropy_calls when MBEDTLS_ENTROPY_NV_SEED is enabled 2019-11-25 19:44:42 +01:00
Gilles Peskine
d2cea9f57c Add some more KDF test cases 2019-11-25 15:44:24 +01:00
Gilles Peskine
bbf67b98bb Remove selftest dependency in the test suite
The test suites should always run self-tests for all enabled features.
Otherwise we miss failing self-tests in CI runs, because we don't
always run the selftest program independently.

There was one spurious dependency to remove:
MBEDTLS_CTR_DRBG_USE_128_BIT_KEY for ctr_drbg, which was broken but
has now been fixed.
2019-11-21 13:49:20 +01:00
Gilles Peskine
87ef0c24af Merge branch 'development' into development-restricted 2019-11-20 20:09:34 +01:00
Jaeden Amero
61c8a371e0
Merge pull request #2836 from hanno-arm/x509_crt_policies_tests
X.509: Enhance negative testing for CertificatePolicy extension
2019-11-20 15:45:57 +00:00
Gilles Peskine
9afbfdc833 Merge remote-tracking branch 'myfork-public/development' into merge-crypto-development-20191115
First deal with deleted files.

* Files deleted by us: keep them deleted.
* Files deleted by them, whether modified by us or not: keep our version.

```
git rm $(git status -s | sed -n 's/^DU //p')
git reset -- $(git status -s | sed -n 's/^D  //p')
git checkout -- $(git status -s | sed -n 's/^ D //p')
git add -- $(git status -s | sed -n 's/^UD //p')
```

Individual files with conflicts:

* `3rdparty/everest/library/Hacl_Curve25519_joined.c`: spurious conflict because git mistakenly identified this file as a rename. Keep our version.
* `README.md`: conflict due to their change in a paragraph that doesn't exist in our version. Keep our version of this paragraph.
* `docs/architecture/Makefile`: near-identical additions. Adapt the definition of `all_markdown` and include the clean target.
* `doxygen/input/docs_mainpage.h`: conflict in the version number. Keep our version number.
* `include/mbedtls/config.h`: two delete/modify conflicts. Keep the removed chunks out.
* `library/CMakeLists.txt`: discard all their changes as they are not relevant.
* `library/Makefile`:
    * Discard the added chunk about the crypto submodule starting with `INCLUDING_FROM_MBEDTLS:=1`.
    * delete/modify: keep the removed chunk out.
    * library build: This is almost delete/modify. Their changes are mostly not applicable. Do keep the `libmbedcrypto.$(DLEXT): | libmbedcrypto.a` order dependency.
    * `.c.o`: `-o` was added on both sides but in a different place. Change to their place.
* `library/error.c`: to be regenerated.
* `library/version_features.c`: to be regenerated.
* `programs/Makefile`: Most of the changes are not relevant. The one relevant change is in the `clean` target for Windows; adapt it by removing `/S` from our version.
* `programs/test/query_config.c`: to be regenerated.
* `scripts/config.py`: added in parallel on both sides. Keep our version.
* `scripts/footprint.sh`: parallel changes. Keep our version.
* `scripts/generate_visualc_files.pl`: one delete/modify conflict. Keep the removed chunks out.
* `tests/Makefile`: discard all of their changes.
* `tests/scripts/all.sh`:
    * `pre_initialize_variables` add `append_outcome`: add it.
    * `pre_initialize_variables` add `ASAN_CFLAGS`: already there, keep our version.
    * `pre_parse_command_line` add `--no-append-outcome`: add it.
    * `pre_parse_command_line` add `--outcome-file`: add it.
    * `pre_print_configuration`: add `MBEDTLS_TEST_OUTCOME_FILE`.
    * Several changes in SSL-specific components: keep our version without them.
    * Several changes where `config.pl` was changed to `config.py` and there was an adjacent difference: keep our version.
    * Changes regarding the inclusion of `MBEDTLS_MEMORY_xxx`: ignore them here, they will be normalized in a subsequent commit.
    * `component_test_full_cmake_gcc_asan`: add it without the TLS tests.
    * `component_test_no_use_psa_crypto_full_cmake_asan`: keep the fixed `msg`, discard other changes.
    * `component_test_memory_buffer_allocator_backtrace`, `component_test_memory_buffer_allocator`: add them without the TLS tests.
    * `component_test_m32_everest`: added in parallel on both sides. Keep our version.
* `tests/scripts/check-names.sh`, `tests/scripts/list-enum-consts.pl`, `tests/scripts/list-identifiers.sh`, ``tests/scripts/list-macros.sh`: discard all of their changes.
* `tests/scripts/test-ref-configs.pl`: the change in the conflict is not relevant, so keep our version there.
* `visualc/VS2010/*.vcxproj`: to be regenerated.

Regenerate files:

```
scripts/generate_visualc_files.pl
git add visualc/VS2010/*.vcxproj
scripts/generate_errors.pl
git add library/error.c
scripts/generate_features.pl
git add library/version_features.c
scripts/generate_query_config.pl
git add programs/test/query_config.c
```

Rejected changes in non-conflicting files:

* `CMakeLists.txt`: discard their addition which has already been side-ported.
* `doxygen/mbedtls.doxyfile`: keep the version number change. Discard the changes related to `../crypto` paths.

Keep the following changes after examination:

* `.travis.yml`: all of their changes are relevant.
* `include/mbedtls/error.h`: do keep their changes. Even though Crypto doesn't use TLS errors, it must not encroach on TLS's allocated numbers.
* `tests/scripts/check-test-cases.py`: keep the code dealing with `ssl-opt.sh`. It works correctly when the file is not present.
2019-11-15 11:47:14 +01:00
Gilles Peskine
f0d87001d0
Merge pull request #315 from gilles-peskine-arm/pk_signature_max_size
Define MBEDTLS_PK_SIGNATURE_MAX_SIZE
2019-11-13 12:13:57 +01:00
Gilles Peskine
cb0101ff33
Merge pull request #298 from gilles-peskine-arm/config-symmetric-only
Test a build without any asymmetric cryptography
2019-11-12 19:37:13 +01:00
Gilles Peskine
a719db8b04 Add pk_utils and pk_sign tests with different curves
This reveals that MBEDTLS_PK_SIGNATURE_MAX_SIZE is too small.
2019-11-12 13:21:53 +01:00
Gilles Peskine
e48fe55c24 test_suite_pk: pk_genkey: support a variable key size or curve
No intended behavior change.
2019-11-12 13:21:52 +01:00
Gilles Peskine
eba088a8ac test_suite_pk: check the signature size after pk_sign
Add a check that the signature size from pk_sign is less than the
documented maximum size.

Reduce the stack consumption in pk_sign_verify.
2019-11-12 11:10:54 +01:00
Gilles Peskine
f85e4e67bd test_suite_pk: fix use of sig_len without initialization
In pk_sign_verify, if mbedtls_pk_sign() failed, sig_len was passed to
mbedtls_pk_verify_restartable() without having been initialized. This
worked only because in the only test case that expects signature to
fail, the verify implementation doesn't look at sig_len before failing
for the expected reason.

The value of sig_len if sign() fails is undefined, so set sig_len to
something sensible.
2019-11-12 11:09:26 +01:00
Janos Follath
0b1ae0e972 mpi_lt_mpi_ct: Add further tests
The existing tests did not catch a failure that came up at integration
testing. Adding the missing test cases to trigger the bug.
2019-11-05 15:13:00 +00:00
Janos Follath
53fc7b0309 mpi_lt_mpi_ct: Fix test numbering 2019-11-05 15:13:00 +00:00
Gilles Peskine
c212166171 pk_write test cases with short/long private key
Add pk_write test cases where the ASN.1 INTEGER encoding of the
private value would not have the mandatory size for the OCTET STRING
that contains the value.

ec_256_long_prv.pem is a random secp256r1 private key, selected so
that the private value is >= 2^255, i.e. the top bit of the first byte
is set (which would cause the INTEGER encoding to have an extra
leading 0 byte).

ec_521_short_prv.pem is a random secp521r1 private key, selected so
that the private value is < 2^519, i.e. the first byte is 0 and the
top bit of the second byte is 0 (which would cause the INTEGER
encoding to have one less 0 byte at the start).
2019-11-05 15:32:53 +01:00
Janos Follath
0e4792ef47 mpi_lt_mpi_ct perform tests for both limb size
The corner case tests were designed for 32 and 64 bit limbs
independently and performed only on the target platform. On the other
platform they are not corner cases anymore, but we can still exercise
them.
2019-11-05 11:42:20 +00:00
Janos Follath
f17c8006ae mbedtls_mpi_lt_mpi_ct: add tests for 32 bit limbs
The corner case tests were designed for 64 bit limbs and failed on 32
bit platforms because the numbers in the test ended up being stored in a
different number of limbs and the function (correctly) returnd an error
upon receiving them.
2019-11-04 10:39:20 +00:00
Janos Follath
0ac9557c86 Add more tests for mbedtls_mpi_lt_mpi_ct 2019-11-04 10:39:20 +00:00
Janos Follath
b7e1b494ef mpi_lt_mpi_ct test: hardcode base 16 2019-11-04 10:39:20 +00:00
Janos Follath
0e5532d6cf Change mbedtls_mpi_cmp_mpi_ct to check less than
The signature of mbedtls_mpi_cmp_mpi_ct() meant to support using it in
place of mbedtls_mpi_cmp_mpi(). This meant full comparison functionality
and a signed result.

To make the function more universal and friendly to constant time
coding, we change the result type to unsigned. Theoretically, we could
encode the comparison result in an unsigned value, but it would be less
intuitive.

Therefore we won't be able to represent the result as unsigned anymore
and the functionality will be constrained to checking if the first
operand is less than the second. This is sufficient to support the
current use case and to check any relationship between MPIs.

The only drawback is that we need to call the function twice when
checking for equality, but this can be optimised later if an when it is
needed.
2019-11-04 10:39:20 +00:00
Janos Follath
385d5b8682 Add tests to constant time mpi comparison 2019-11-04 10:39:20 +00:00
Gilles Peskine
22589f0a72
Merge pull request #305 from gilles-peskine-arm/ctr_drbg-grab_nonce_from_entropy-set_nonce_length
CTR_DRBG: grab a nonce from the entropy source if needed
2019-11-04 10:39:42 +01:00
Mykhailo Sopiha
6af7bf91f2 Add test cases for ASN.1 ENUMERATED tag
Add test cases for writing and parsing ASN.1 ENUMERATED
tag values.

Signed-off-by: Mykhailo Sopiha <mykhailo.sopiha@linaro.org>
2019-10-31 19:17:36 +02:00
Gilles Peskine
08c674dfe3
Merge pull request #288 from gilles-peskine-arm/psa-ecdsa_longer_hash
Add ECDSA tests with hash and key of different lengths
2019-10-31 17:03:28 +01:00
Gilles Peskine
cf5abd812a Enable more test cases without MBEDTLS_MEMORY_DEBUG
None of the test cases in tests_suite_memory_buffer_alloc actually
need MBEDTLS_MEMORY_DEBUG. Some have additional checks when
MBEDTLS_MEMORY_DEBUG but all are useful even without it. So enable
them all and #ifdef out the parts that require DEBUG.
2019-10-31 15:07:45 +01:00
Gilles Peskine
02348c6fce More accurate test case description 2019-10-31 15:07:35 +01:00
Gilles Peskine
5033db293b Clarify that the "FATAL" message is expected
The test case "Memory buffer small buffer" emits a message
"FATAL: verification of first header failed". In this test case, it's
actually expected, but it looks weird to see this message from a
passing test. Add a comment that states this explicitly, and modify
the test description to indicate that the failure is expected, and
change the test function name to be more accurate.

Fix #309
2019-10-31 15:07:08 +01:00
Gilles Peskine
ccde952df0
Merge pull request #259 from k-stachowiak/bounds-check-asn1-len
Check `len` against buffers size upper bound in PSA tests
2019-10-29 17:47:47 +01:00
Gilles Peskine
69971662bf CTR_DRBG: define a constant for the default entropy nonce length
The default entropy nonce length is either zero or nonzero depending
on the desired security strength and the entropy length.

The implementation calculates the actual entropy nonce length from the
actual entropy length, and therefore it doesn't need a constant that
indicates the default entropy nonce length. A portable application may
be interested in this constant, however. And our test code could
definitely use it.

Define a constant MBEDTLS_CTR_DRBG_ENTROPY_NONCE_LEN and use it in
test code. Previously, test_suite_ctr_drbg had knowledge about the
default entropy nonce length built in and test_suite_psa_crypto_init
failed. Now both use MBEDTLS_CTR_DRBG_ENTROPY_NONCE_LEN.

This change means that the test ctr_drbg_entropy_usage no longer
validates that the default entropy nonce length is sensible. So add a
new test that checks that the default entropy length and the default
entropy nonce length are sufficient to ensure the expected security
strength.
2019-10-23 19:47:05 +02:00
Gilles Peskine
e9a3454e09 CTR_DRBG: grab a nonce from the entropy source if needed
Change the default entropy nonce length to be nonzero in some cases.
Specifically, the default nonce length is now set in such a way that
the entropy input during the initial seeding always contains enough
entropy to achieve the maximum possible security strength per
NIST SP 800-90A given the key size and entropy length.

If MBEDTLS_CTR_DRBG_ENTROPY_LEN is kept to its default value,
mbedtls_ctr_drbg_seed() now grabs extra entropy for a nonce if
MBEDTLS_CTR_DRBG_USE_128_BIT_KEY is disabled and either
MBEDTLS_ENTROPY_FORCE_SHA256 is enabled or MBEDTLS_SHA512_C is
disabled. If MBEDTLS_CTR_DRBG_USE_128_BIT_KEY is enabled, or if
the entropy module uses SHA-512, then the default value of
MBEDTLS_CTR_DRBG_ENTROPY_LEN does not require a second call to the
entropy function to achieve the maximum security strength.

This choice of default nonce size guarantees NIST compliance with the
maximum security strength while keeping backward compatibility and
performance high: in configurations that do not require grabbing more
entropy, the code will not grab more entropy than before.
2019-10-23 19:46:57 +02:00
Gilles Peskine
0ed378aa02 CTR_DRBG: explicitly set entropy_nonce_len=0 when desired
No behavior change. Prepare for a future version that will set the
entropy nonce length to a nonzero value by default.
2019-10-23 19:46:56 +02:00
Gilles Peskine
c949de06ec Test mbedtls_ctr_drbg_set_nonce_len
Test mbedtls_ctr_drbg_set_nonce_len (good cases only, which is in
keeping with the coverage of other functions).
2019-10-23 19:46:56 +02:00