yuzu-emu/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-emu/mbedtls.git synced 2024-11-23 05:55:40 +01:00
Code Issues Packages Projects Releases Wiki Activity
16,452 Commits 88 Branches 205 Tags 69 MiB
8e1ca4df2e
Commit Graph

3284 Commits

Author SHA1 Message Date
Andrzej Kurek
28a7c06281 Test drivers: rename import call source to driver location 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-02-04 09:14:39 -05:00
Andrzej Kurek
981a0ceeee Formatting and documentation fixes 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-02-04 09:14:39 -05:00
Andrzej Kurek
96c8f9e89d Add tests for import hooks in the driver wrappers 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-02-04 09:14:39 -05:00
Manuel Pégourié-Gonnard
ca664c74a6
Merge pull request #5255 from AndrzejKurek/chacha-iv-len-16-fixes-2.x 
Backport 2.28: Return an error from `mbedtls_cipher_set_iv` for an invalid IV length with ChaCha20 and ChaCha20+Poly
 2022-02-03 11:31:34 +01:00
Andrzej Kurek
e001596d83 Add missing MBEDTLS_ASN1_WRITE_C dependency in test_suite_psa_crypto 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-01-26 07:45:43 -05:00
Andrzej Kurek
c60cc1d7be Add missing dependency on MBEDTLS_GCM_C in cipher tests 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-01-26 07:45:43 -05:00
Dave Rodgman
d41dab39c5 Bump version to 2.28.0 
Executed ./scripts/bump_version.sh --version 2.28.0 --so-tls 14

Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2021-12-15 11:55:31 +00:00
Dave Rodgman
08412e2a67 Merge remote-tracking branch 'restricted/development_2.x-restricted' into mbedtls-2.28.0rc0-pr 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2021-12-14 12:52:51 +00:00
Paul Elliott
5752b4b7d0 Add expected output for tests 
Expected output generated by OpenSSL (see below) apart from the case
where both password and salt are either NULL or zero length, as OpenSSL
does not support this. For these test cases we have had to use our own
output as that which is expected. Code to generate test cases is as
follows:

 #include <openssl/pkcs12.h>
 #include <openssl/evp.h>
 #include <string.h>

int Keygen_Uni( const char * test_name, unsigned char *pass, int
    passlen, unsigned char *salt,
                    int saltlen, int id, int iter, int n,
                                    unsigned char *out, const EVP_MD
                                    *md_type )
{
   size_t index;

   printf( "%s\n", test_name );

   int ret = PKCS12_key_gen_uni( pass, passlen, salt, saltlen, id, iter,
                                        n, out, md_type );

   if( ret != 1 )
   {
         printf( "Key generation returned %d\n", ret );
      }
   else
   {
         for( index = 0; index < n; ++index )
         {
                  printf( "%02x", out[index] );
               }

         printf( "\n" );
      }

   printf( "\n" );

}

int main(void)
{
   unsigned char out_buf[48];
   unsigned char pass[64];
   int pass_len;
   unsigned char salt[64];
   int salt_len;

   /* If ID=1, then the pseudorandom bits being produced are to be used
      as key material for performing encryption or decryption.

            If ID=2, then the pseudorandom bits being produced are to be
            used as an IV (Initial Value) for encryption or decryption.

                  If ID=3, then the pseudorandom bits being produced are
                  to be used as an integrity key for MACing.
                     */

   int id = 1;
   int iter = 3;

   memset( out_buf, 0, sizeof( out_buf ) );
   memset( pass, 0, sizeof( pass ) );
   memset( salt, 0, sizeof( salt ) );

   Keygen_Uni( "Zero length pass and salt", pass, 0, salt, 0, id, iter,
       sizeof(out_buf),
                      out_buf, EVP_md5( ) );

   memset( out_buf, 0, sizeof( out_buf ) );

   Keygen_Uni( "NULL pass and salt", NULL, 0, NULL, 0, id, iter,
       sizeof(out_buf),
                      out_buf, EVP_md5( ) );

   memset( out_buf, 0, sizeof( out_buf ) );

   salt[0] = 0x01;
   salt[1] = 0x23;
   salt[2] = 0x45;
   salt[3] = 0x67;
   salt[4] = 0x89;
   salt[5] = 0xab;
   salt[6] = 0xcd;
   salt[7] = 0xef;

   Keygen_Uni( "Zero length pass", pass, 0, salt, 8, id, iter,
       sizeof(out_buf),
                      out_buf, EVP_md5( ) );

   memset( out_buf, 0, sizeof( out_buf ) );

   Keygen_Uni( "NULL pass", NULL, 0, salt, 8, id, iter, sizeof(out_buf),
                      out_buf, EVP_md5( ) );

   memset( out_buf, 0, sizeof( out_buf ) );
   memset( salt, 0, sizeof( salt ) );

   pass[0] = 0x01;
   pass[1] = 0x23;
   pass[2] = 0x45;
   pass[3] = 0x67;
   pass[4] = 0x89;
   pass[5] = 0xab;
   pass[6] = 0xcd;
   pass[7] = 0xef;

   Keygen_Uni( "Zero length salt", pass, 8, salt, 0, id, iter,
       sizeof(out_buf),
                      out_buf, EVP_md5( ) );

   memset( out_buf, 0, sizeof( out_buf ) );

   Keygen_Uni( "NULL salt", pass, 8, NULL, 0, id, iter, sizeof(out_buf),
                      out_buf, EVP_md5( ) );

   memset( out_buf, 0, sizeof( out_buf ) );

   salt[0] = 0x01;
   salt[1] = 0x23;
   salt[2] = 0x45;
   salt[3] = 0x67;
   salt[4] = 0x89;
   salt[5] = 0xab;
   salt[6] = 0xcd;
   salt[7] = 0xef;

   Keygen_Uni( "Valid pass and salt", pass, 8, salt, 8, id, iter,
       sizeof(out_buf),
                      out_buf, EVP_md5( ) );

   return 0;
}

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2021-12-13 11:15:28 +00:00
Paul Elliott
270a264b78 Simplify Input usage macros 
Also ensure they are used in test data rather than values

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2021-12-13 11:14:45 +00:00
Paul Elliott
73051b4176 Rename (and relabel) pkcs12 test case 
Remove surplus _test suffix. Change labeling from Pcks12 to PCKS#12 as
it should be.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2021-12-13 11:14:45 +00:00
Paul Elliott
8ca8f2d163 Remove incorrect test dependency 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2021-12-13 11:14:45 +00:00
Paul Elliott
1a3540afbe Fix missing test dependancies 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2021-12-13 11:14:45 +00:00
Paul Elliott
13d5a3429a Add PKCS12 tests 
Only regression tests for the empty password bugs for now. Further tests
will follow later.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2021-12-13 11:14:23 +00:00
Gilles Peskine
3fc0d30447 Don't fail until everything is initialized 
Can't call mbedtls_cipher_free(&invalid_ctx) in cleanup if
mbedtls_cipher_init(&invalid_ctx) hasn't been called.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-12-10 14:45:41 +01:00
Paul Elliott
68b64cd64c Add checked return to cipher setup 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2021-12-09 21:37:23 +00:00
Gabor Mezei
f554ce21b8
Delete base64_invasive.h due to functions are moved to the constant-time module 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2021-12-08 16:20:27 +01:00
Gabor Mezei
46f79c388d
Move mbedtls_ct_uchar_mask_of_range function to the constant-time module 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2021-12-08 16:19:41 +01:00
Gabor Mezei
7464f37e7b
Rename functions to have suitable name 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2021-12-08 16:19:23 +01:00
Andrzej Kurek
e6728203d2 Add a missing test case to ChaCha20 tests - decrypt empty buffer 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2021-12-02 09:32:15 +01:00
Andrzej Kurek
d353043380 Return an error for IV lengths other than 12 with ChaCha20+Poly1305 
The implementation was silently overwriting the IV length to 12
even though the caller passed a different value.
Change the behavior to signal that a different length is not supported.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2021-12-02 09:31:58 +01:00
Andrzej Kurek
5375fd9a3f Return an error for IV lengths other than 12 with ChaCha20 
The implementation was silently overwriting the IV length to 12
even though the caller passed a different value.
Change the behavior to signal that a different length is not supported.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2021-12-02 09:29:49 +01:00
Ronald Cron
9130eadde8 tests: psa: Add dependencies on built-in hash 
Add dependencies on built-in hash of signature/
signature verification and asymmetric
encryption/decryption tests. The dependency is
not added for tests based on SHA-256 as SHA-256
is always present when PSA is involved (necessary
to the PSA core) and that way most of PSA signature
/verification tests are still run when PSA hash
operations are accelerated.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2021-11-30 14:49:19 +01:00
Ronald Cron
41f275018a tests: psa: Fix the dependencies on some driver wrappers fallback tests 
The driver wrappers fallback tests depend on the builtin
support not builtin or driver.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2021-11-30 13:24:47 +01:00
Ronald Cron
a23d9bb97d tests: psa: Fix MD5 support not available dependencies 
MD5 should not be supported by the library and any driver.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2021-11-30 13:24:47 +01:00
Ronald Cron
92becc6659 tests: ssl: Add misssing dependencies on SHA-1 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2021-11-30 13:24:47 +01:00
Ronald Cron
ae2e4a7225 tests: Fix x509parse test dependency 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2021-11-30 13:24:47 +01:00
Ronald Cron
f7e83d5bfb tests: psa: Remove wrong test function dependencies 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2021-11-30 13:24:47 +01:00
Ronald Cron
732a6e250d test: psa driver wrapper: Add non regression test for psa_cipher_encrypt() 
Add non regression test for invalid usage of
the output buffer in psa_cipher_encrypt().
The output buffer should not be used to pass
the IV to the driver as a local attacker could
be able to control the used IV.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2021-11-26 15:35:49 +01:00
Ronald Cron
3563210c10 test: psa driver wrapper: Add cipher_encrypt negative testing 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2021-11-26 15:35:49 +01:00
Ronald Cron
6fbc057786 test: psa driver wrapper: Add non regression test for psa_cipher_generate_iv() 
Add non regression test for invalid usage of
the output buffer in psa_cipher_generate_iv().
The output buffer should not be used to pass
the IV to the driver as a local attacker could
be able to control the used IV.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2021-11-26 15:35:49 +01:00
Ronald Cron
33c6968d0f test: psa cipher: Add unexpected IV setting/generation negative tests 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2021-11-26 15:35:49 +01:00
Paul Elliott
954578644f Fix compilation errors. 
Under gcc11(+) both message and received would cause errors for
potentially being used uninitialised. We fixed many of these issues in
another PR, but this one is only seen under certain configs.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2021-11-25 18:08:23 +00:00
Gilles Peskine
3107b337e1
Merge pull request #5154 from gabor-mezei-arm/3649_bp2x_move_constant_time_functions_into_separate_module 
[Backport 2.x] Move constant-time functions into a separate module
 2021-11-24 19:33:03 +01:00
Bence Szépkúti
358e0ea464 Indicate nonce sizes invalid for ChaCha20-Poly1305 
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
 2021-11-17 14:03:08 +01:00
Dave Rodgman
dc4e4b72c0 Fix derive_input test ignoring parameter 
Fix derive_input test hardcoding key type instead of using test argument.

Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2021-11-17 10:02:52 +00:00
Dave Rodgman
bc92abed8c Update test to handle changed error code 
Update test to handle changed error code from psa_key_derivation_output_key

Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2021-11-17 10:02:51 +00:00
Gabor Mezei
c0ae1cf45a
Rename internal header constant_time.h to constant_time_internal.h 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2021-11-11 11:33:19 +01:00
Gabor Mezei
18a44949d0
Rename constant-time functions to have mbedtls_ct prefix 
Rename functions to better suite with the module name.

Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2021-11-11 11:32:01 +01:00
gabor-mezei-arm
6e4ace6b40
Delete ssl_invasive.h due to duplicated function declarations 
All function declaration provided by ssl_invasive.h is needed only for
testing purposes and all of them are provided by constant_time.h as well.

Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2021-11-11 10:59:05 +01:00
gabor-mezei-arm
e41e3e8a8b Rename function to have suitable name 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2021-11-11 09:57:28 +01:00
Przemyslaw Stekiel
5929996569 Add generated test data 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2021-11-09 14:41:28 +01:00
Przemyslaw Stekiel
98e38678c2 Adapt generate_key() test code to mbedTLS standards 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2021-11-09 12:01:19 +01:00
Przemyslaw Stekiel
0810108f12 Fix issues pointed by CI 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2021-11-09 12:01:14 +01:00
Przemyslaw Stekiel
32a8b84814 Remove key generation when given argument is invalid from NotSupported class 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2021-11-09 11:55:58 +01:00
Przemyslaw Stekiel
997caf835c Add test class for key generation 
Genertae test_suite_psa_crypto_generate_key.generated.data.
Use test_suite_psa_crypto_generate_key.function as a test function.

Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2021-11-09 11:55:58 +01:00
Gilles Peskine
adcfdbf2c6 Fix test bug: some classification flags were not tested 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-11-03 14:29:20 +01:00
Gilles Peskine
31b95155ba Ensure that all flags are actually tested 
At least twice, we added a classification flag but forgot to test it in the
relevant test functions. Add some protection so that this doesn't happen
again. In each classification category, put a macro xxx_FLAG_MASK_PLUS_ONE
at the end. In the corresponding test function, keep track of the flags that
are tested, and check that their mask is xxx_FLAG_MASK_PLUS_ONE - 1 which is
all the bits of the previous flags set.

Now, if we add a flag without testing it, the test
TEST_EQUAL( classification_flags_tested, xxx_FLAG_MASK_PLUS_ONE - 1 )
will fail. It will also fail if we make the set of flag numbers
non-consecutive, which is ok.

This reveals that three algorithm flags had been added but not tested (in
two separate occasions). Also, one key type flag that is no longer used by
the library was still defined but not tested, which is not a test gap but is
inconsistent. It's for DSA, which is relevant to the PSA encoding even if
Mbed TLS doesn't implement it, so keep the flag and do test it.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-11-03 14:25:41 +01:00
Gilles Peskine
e65be27eea Correct block size for MD2 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-11-03 13:19:02 +01:00
Gilles Peskine
cc14ce08c2 Add PSA_ALG_IS_HASH_AND_SIGN to the metadata tests 
The status of signature wildcards with respect to PSA_ALG_IS_HASH_AND_SIGN
is unclear in the specification. A wildcard is usually instantiated with a
specific hash, making the implementation hash-and-sign, but it could also be
instantiated with a non-hash-and-sign algorithm. For the time being, go with
what's currently implemented, which is that they are considered
hash-and-sign.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-11-03 13:19:02 +01:00