Commit Graph

3135 Commits

Author SHA1 Message Date
Gilles Peskine
8739da830e Fix test data in an old format
Update some test data from the asymmetric_apis_coverage branch that
wasn't updated to the new format from the
psa-asymmetric-format-raw_private_key branch.
2018-11-06 15:15:05 +01:00
Jaeden Amero
c0a0855793
Merge pull request #171 from ARMmbed/asymmetric_apis_coverage
Increase asymmetric APIs coverage
2018-11-06 13:00:35 +00:00
Mohammad AboMokh
2d65cf0b16 Fix sign test dependencies and used algorithm 2018-11-06 11:56:45 +02:00
Jaeden Amero
fe9f771e88
Merge pull request #170 from ARMmbed/increase_psa_key_derivation_code_coverage
add tests that increase key derivation code coverage slightly
2018-11-06 09:17:19 +00:00
Jaeden Amero
40f1cb104f
Merge pull request #182 from ARMmbed/psa-asymmetric-format-raw_private_key
Asymmetric import/export format: raw private EC keys
2018-11-06 09:02:25 +00:00
Mohammad AboMokh
392952df93 Fix test dependencies lists 2018-11-06 08:11:10 +02:00
itayzafrir
27e6945f43 Refactor and rename test hash_verify_bad_paths to hash_verify_bad_args
1. Updated test scenarios.
2. Renamed test and updated test description.
3. Some documentation updates.
4. Test dependency moved to .function file.
2018-11-05 18:36:05 +02:00
itayzafrir
b2dd5ed1e6 Rename test hash_finish_bad_paths to hash_finish_bad_args
Test dependency moved to .function file.
2018-11-05 18:36:05 +02:00
itayzafrir
f86548d674 Add test hash_bad_order
1. New test for testing bad order of hash function calls.
2. Removed test hash_update_bad_paths since it's test scenario
   was moved to the new test.
3. Moved some scenarios from test hash_verify_bad_paths to
   the new test.
2018-11-05 18:36:05 +02:00
itayzafrir
e1f932ba4d Refactor hash multi part test
Refactor test hash_multi_part to test various sizes when
calling psa_hash_update.
2018-11-05 18:36:05 +02:00
itayzafrir
58028321b9 Split test hash_bad_paths into 3 different tests
1. Rename hash_bad_paths to hash_verify_bad_paths
2. Add test hash_update_bad_paths
3. Add test hash_finish_bad_paths

The different scenarios tested as part of hash_bad_paths are
moved to the relevant test.
2018-11-05 18:36:05 +02:00
itayzafrir
4271df932c Add scenario to test case hash_bad_paths
Tests where the verification hash digest is prefixed with
the expected digest but also has extra bytes appended at the end of it.
2018-11-05 18:36:05 +02:00
itayzafrir
69290f0e71 Update hash tests documentation 2018-11-05 18:36:05 +02:00
itayzafrir
02d6295e53 Move positive hash tests into a new test suite
Move hash_finish, hash_verify and hash_multi_part to a
new test suite test_suite_psa_crypto_hash.
2018-11-05 18:36:05 +02:00
itayzafrir
931fa6d663 Remove input parameter validations from hash test functions
Remove from hash_finish, hash_verify and hash_multi_part
2018-11-05 18:34:16 +02:00
itayzafrir
9b3b31dc52 Delete redundant hash test vectors
Due to migration of test vectors from mbedTLS
2018-11-05 18:34:16 +02:00
itayzafrir
a00f1d8b00 Add additional test vectors for hash single part
Test vectors migrated from mbedTLS
2018-11-05 18:34:16 +02:00
itayzafrir
f5b3eb85b5 Add hash test for multipart operation
Test vectors migrated from mbedTLS
2018-11-05 18:34:16 +02:00
itayzafrir
ec93d30b45 Add hash bad paths test
Increase code coverage
2018-11-05 18:34:16 +02:00
itayzafrir
18b1a227ac Add missing algorithms to existing hash tests 2018-11-05 18:34:16 +02:00
Ron Eldor
c242eea732 Change data file suffix for ott
Change the suffix of the data files searched in `mbedtls_test.py`
to `datax` as the generated files have this suffix.
2018-11-05 16:22:36 +02:00
Manuel Pégourié-Gonnard
79bf327a95 Add ARIA and ChachaPoly to basic-build-test
The invocation of `compat.sh` that runs those tests was added in all.sh but
not here, resulting in our reported coverage figures being slightly lower than
what we actually test. Fixing that omission change the figures reported from:

Lines Tested       : 19105 of 22623 84.4%
Functions Tested   : 1392 of 1460 95.3%

to:

Lines Tested       : 19126 of 22623 84.5%
Functions Tested   : 1399 of 1460 95.8%

It requires `$OPENSSL_NEXT` to be set and point to an OpenSSL version in the
1.1.1 line or later.
2018-11-05 14:27:09 +01:00
Hanno Becker
a8b13d79bf Add tests for relaxed CRL-CA name comparison
This commit introduces variants test-ca_utf8.crt,
test-ca_printablestring.crt and test-ca_uppercase.crt
of tests/data_files/test-ca.crt which differ from
test-ca.crt in their choice of string encoding and
upper and lower case letters in the DN field. These
changes should be immaterial to the recovation check,
and three tests are added that crl.pem, which applies
to test-ca.crt, is also considered as applying to
test-ca_*.crt.

The test files were generated using PR #1641 which
- adds a build instruction for test-ca.crt to
  tests/data_files/Makefile which allows easy
  change of the subject DN.
- changes the default string format from `PrintableString`
  to `UTF8String`.

Specifically:
- `test-ca_utf8.crt` was generated by running
      `rm test-ca.crt && make test-ca.crt`
   on PR #1641.
- `test-ca_uppercase.crt`, too, was generated by running
      `rm test-ca.crt && make test-ca.crt`
   on PR #1641, after modifying the subject DN line in the build
   instruction for `test-ca.crt` in `tests/data_files/Makefile`.
-  `test-ca_printable.crt` is a copy of `test-ca.crt`
   because at the time of this commit, `PrintableString` is
   still the default string format.
2018-11-05 11:47:49 +00:00
Simon Butcher
06f88e9c42 Merge remote-tracking branch 'public/pr/2007' into development-proposed 2018-11-04 19:12:57 +00:00
Jaeden Amero
8396a71449 test: Enable multiple levels of verbosity
Enable passing a number to "-v" in order to set the level of verbosity.
Print detailed test failure information at verbosity level 1 or higher.
Display summary messages at the verbosity level 2 or higher. Print
detailed test information at verbosity level 3 or higher, whether the
test failed or not. This enables a more readable output style that
includes detailed failure information when a failure occurs.
2018-11-02 13:25:16 +00:00
Jaeden Amero
f4b521dd10 test: Use GetOpt::Long for argument parsing
Simplify argument parsing by using a core perl library for parsing
arguments.
2018-11-02 13:25:16 +00:00
Jaeden Amero
79e4f4e933 test: Print verbosely on failures in verbose mode
Update the test runner to print detail about why the test failed when it
fails, if the runner is running in verbose mode.
2018-11-02 13:25:16 +00:00
Hanno Becker
710f203541 Merge branch 'iotssl-1770' into development_thomas_dee 2018-11-02 10:52:49 +00:00
Hanno Becker
6e1adee42b Regenerate test files
Previous commits have added or modified build instructions for
server1*, server2*, server5*, test-ca*, cli-rsa* in the Makefile
tests/data_files/Makefile, or the apps they invoke have been changed.

This commit regenerates those files to make sure they are in match with
the build instructions.
2018-11-02 10:52:38 +00:00
Hanno Becker
381c77c0c4 Change serial in test-ca.crt from 0 to 3 to circumvent ASN.1 bug
As of 2.13.1, mbedtls_asn1_write_mpi() doesn't write 0 correctly. #2166.
2018-11-02 10:52:35 +00:00
Hanno Becker
52acdb5926 Add tests for relaxed CRL-CA name comparison
This commit introduces variants test-ca_utf8.crt,
test-ca_printablestring.crt and test-ca_uppercase.crt
of tests/data_files/test-ca.crt which differ from
test-ca.crt in their choice of string encoding and
upper and lower case letters in the DN field. These
changes should be immaterial to the recovation check,
and three tests are added that crl.pem, which applies
to test-ca.crt, is also considered as applying to
test-ca_*.crt.
2018-11-02 10:49:05 +00:00
Hanno Becker
b963081df1 Generate tests/data_files/test-ca_cat[12|21].crt from Makefile 2018-11-02 09:01:52 +00:00
Hanno Becker
386f99c65c Generate cli-rsa* CSRs and CRTs through Mbed TLS applications 2018-11-02 09:01:52 +00:00
Hanno Becker
0dd11396d4 Generate server5.req.ku.sha1 through Mbed TLS application 2018-11-02 09:01:52 +00:00
Hanno Becker
ebc1f40aa0 Generate server2* CSRs and CRTs through Mbed TLS applications 2018-11-02 09:01:52 +00:00
Hanno Becker
b83777532a Generate test-ca* CSRs and CRTs through Mbed TLS applications 2018-11-02 09:01:52 +00:00
Hanno Becker
50cb93a04c Generate server1* CRTs and CSRs through Mbed TLS applications
Previously, CSRs and CRTs from the server1* family in testa/data_files
were generated through OpenSSL. This commit changes the build instructions
to use Mbed TLS' example applications programs/x509/cert_write and
programs/x509/cert_req instead.
2018-11-02 09:01:49 +00:00
Nir Sonnenschein
1caf6d24f2 Fix code style and clarify issue comment
* remove unneeded constants
* clarify comment reference to issue 183
* add additional reference comment
* fix brace spacing issues
2018-11-01 12:27:20 +02:00
Nir Sonnenschein
dd69d8b7ff Streamline test function API by removing parameter
streamline the API for the test test_derive_invalid_generator_state: by removing
the key_data parameter.
This parameter is not important for test flow and can be hard-coded.
2018-11-01 12:24:23 +02:00
Nir Sonnenschein
f8964b9580 updated test to work around https://github.com/ARMmbed/mbedtls-psa/issues/183
test should check the correct error values once this issue is fixed
2018-10-31 18:06:14 +02:00
Gilles Peskine
2257649ce4 Private EC key import: boundary test cases
Add boundary test cases for private key validity for a short
Weierstrass curve (0 < d < n).

Remove obsolete test cases "valid key but wrong curve". With the new
format, the private key representation does not contain an encoding of
the curve.
2018-10-31 14:10:06 +01:00
Nir Sonnenschein
5078930459 fix whitespace issues 2018-10-31 12:16:38 +02:00
Nir Sonnenschein
4eda37bb9e streamline test function API by removing parameter
streamline the API for the test test_derive_invalid_generator_state by removing
the key type paramter (it is assumed to always be PSA_KEY_TYPE_DERIVE)
2018-10-31 12:15:58 +02:00
Mohammad AboMokh
991aee67cf improve test description 2018-10-31 10:36:48 +02:00
Jaeden Amero
d5cea2cd01
Merge pull request #172 from ARMmbed/psa-refine.gitignore
Refine .gitignore and add test_suite_psa_crypto_metadata to cmake build
2018-10-30 11:23:53 +00:00
Gilles Peskine
5b802a366a Private EC key format: remove ASN.1-based sanity checks
In preparation for the import/export format change for private
elliptic curve keys from RFC 5915 to the raw secret value,
remove ASN.1-based sanity checks. For the raw secret value, most byte
strings of the correct length are valid (the details depend on the
curve), so as a sanity check, just check the length.
2018-10-29 19:21:41 +01:00
Gilles Peskine
e783d34543 Private EC key format: change test data to raw private keys
In preparation for the import/export format change for private
elliptic curve keys from RFC 5915 to the raw secret value, transform the
test data to the new format.

Tests will not pass until the implementation has been changed to the
new format and some test cases and test functions have been adjusted.

I used the script below to look for lines containing a
PSA_KEY_TYPE_ECC_KEYPAIR and change the first hex string in the
line with an ASN.1 header that looks like the beginning of an RFC 5915
ECPrivateKey. This always happens to be a private key input.

perl -a -F: -i -pe 'sub pad { local ($_) = @_; s/^00// if length == $digits + 2; die if length > $digits; sprintf("\"%0${digits}s\"", $_) } if ($F[0] !~ /\W/ && /:PSA_KEY_TYPE_ECC_KEYPAIR\( *PSA_ECC_CURVE_[A-Z_]+([0-9]+)/) {$digits = int(($1+7)/8)*2; s/"30(?:[0-7].|81..|82....)02010104(..)([0-9a-f]+)"/pad(substr($2, 0, hex($1)*2))/ie}' tests/suites/test_suite_psa_crypto.data
2018-10-29 19:16:53 +01:00
Gilles Peskine
1010628a99 Add some key pair and public key export tests
Add buffer-too-small tests for export_public_key.

Add some good cases of export and export-public with EC keys.
2018-10-29 15:55:17 +01:00
Gilles Peskine
d8b7d4f87e In export tests, also test PSA_KEY_EXPORT_MAX_SIZE
When testing psa_export_key or psa_export_public_key, test that the
expected result fits in the size given by PSA_KEY_EXPORT_MAX_SIZE.
2018-10-29 15:18:41 +01:00
Gilles Peskine
49c2591916 Improve export_public_key test function
In the test function for export_public_key, don't just check the
length of the result. Compare the actual result to the expected
result.

Take an extra argument that allows using an export buffer that's
larger or smaller than needed. Zero is the size given by
PSA_KEY_EXPORT_MAX_SIZE.

Don't check the output of psa_get_key_information. That's useful in
import_export because it tests both import and export, but not in
import_export_public_key whose goal is only to test public key export.

This commit adjusts the existing test data but does not add new test
cases.
2018-10-29 15:15:31 +01:00
Simon Butcher
7904f94550 Merge remote-tracking branch 'public/pr/1099' into development-proposed 2018-10-28 18:10:37 +00:00
Simon Butcher
02ef525a7b Merge remote-tracking branch 'public/pr/2107' into development-proposed 2018-10-28 16:16:58 +00:00
Simon Butcher
a07d86e8af Merge remote-tracking branch 'public/pr/1902' into development 2018-10-27 18:36:55 +01:00
Simon Butcher
3869384ddb Merge remote-tracking branch 'public/pr/2031' into development 2018-10-27 18:34:18 +01:00
Simon Butcher
78dd2e55bf Merge remote-tracking branch 'public/pr/1806' into development 2018-10-27 17:59:17 +01:00
Simon Butcher
e783f4a767 Merge remote-tracking branch 'public/pr/1609' into development 2018-10-27 17:35:25 +01:00
Simon Butcher
76cf60beb3 Remove merge conflict marker in ssl-opt.sh
Commit 6346a75dfb introduced a merge conflict marker into ssl-opt.sh
by accident. This commit removes it.
2018-10-25 21:51:32 +01:00
Nir Sonnenschein
b46e7ca16b add additional generator tests and generalize key derivation test
Key derivation test now uses an indirect way to test generator validity
as the direct way previously used isn't compatible with the PSA IPC
implementation. Additional bad path test for the generator added
to check basic bad-path scenarios.
2018-10-25 14:46:09 +03:00
Mohammad AboMokh
87576c5c5a Improve line coverage for asymmetric verify function by adding new bad scenarios 2018-10-25 13:49:59 +03:00
Mohammad AboMokh
8ffded300d Improve line coverage for asymmetric sign function by adding new bad scenarios 2018-10-25 13:49:38 +03:00
Simon Butcher
169712e15a Merge remote-tracking branch 'restricted/pr/390' into development 2018-10-24 18:34:30 +01:00
Darryl Green
6c0f94cbd0 Add better handling when deleting files on Windows
Windows complains if you try to delete a file that doesn't exist.
Makefiles now check if the files exist before trying to delete them.
2018-10-23 12:03:31 +01:00
Gilles Peskine
6dee5c9649 Add test_suite_psa_crypto_metadata to cmake builds
This test suite was run by make builds, but I had forgotten to add it
to CMakeLists.txt.
2018-10-22 19:37:04 +02:00
Nir Sonnenschein
e5204c94a1 add tests that increase key derivation code coverage slightly
added tests that increase code coverage for the key derivation functions slightly
by reaching error cases not covered before.
2018-10-22 17:24:55 +03:00
Simon Butcher
c774e32939 Merge remote-tracking branch 'restricted/pr/517' into development 2018-10-22 14:23:29 +01:00
Simon Butcher
837f821bc2 Merge remote-tracking branch 'public/pr/1990' into development 2018-10-22 14:22:56 +01:00
Manuel Pégourié-Gonnard
bcedb92e7b Merge branch 'development' into iotssl-1260-non-blocking-ecc-restricted
* development:
  Add Jenkinsfile for PR job
2018-10-22 09:52:46 +02:00
Darryl Green
ddb4f3bdf7 Add a Jenkinsfile for PR job testing 2018-10-19 16:41:54 +01:00
Darryl Green
b51e267bee Add Jenkinsfile for PR job 2018-10-19 15:25:10 +01:00
Gilles Peskine
e0e9c7c417 New macro PSA_ALG_FULL_LENGTH_MAC
Provide a documented way of constructing the full-length MAC algorithm
from a truncated version.
2018-10-17 18:30:47 +02:00
Gilles Peskine
7fa99d90dd Add metadata tests for truncated MAC and short-tag AEAD 2018-10-17 18:30:47 +02:00
Hanno Becker
198611db32 Add missing return value check in ECDSA test suite
The test case `ecdsa_det_test_vectors` from the ECDSA test suite
called `mbedtls_md()` without checking its return value.
2018-10-17 13:58:19 +01:00
Gilles Peskine
c26eae1a9d Clarify the description of a CCM truncated tag test 2018-10-17 13:54:48 +02:00
Gilles Peskine
85ea2b397c Add some negative tests of CCM and GCM with invalid tag lengths 2018-10-17 13:54:48 +02:00
Gilles Peskine
28dfea6bb9 Add test cases for truncated MAC with a too short/long length 2018-10-17 13:54:47 +02:00
Gilles Peskine
e1f2d7d1ac Document and check the consistency of truncated MAC encodings
Add comments noting that the maximum length of a MAC must fit in
PSA_ALG_MAC_TRUNCATION_MASK. Add a unit test that verifies that the
maximum MAC size fits.
2018-10-17 13:54:47 +02:00
Hanno Becker
0fbbc64fee Add dependency of mbedtls_asn1_write_len() test on ASN.1 parsing 2018-10-16 13:48:23 +01:00
Hanno Becker
19d858e8e6 Add dependency of pkwrite test suite on pkparse module 2018-10-16 13:46:25 +01:00
Gilles Peskine
96f3b4ee42 Remove yotta support from check-files.py
Complements "Remove Yotta support from the docs, tests and build scripts".
2018-10-16 14:10:21 +02:00
Manuel Pégourié-Gonnard
7a28e99fa0 Expand test to ensure no assumption on output
The functions don't require the caller to preserve the content of the output
parameter - let's ensure that they don't assume that.
2018-10-16 11:22:45 +02:00
Manuel Pégourié-Gonnard
6346a75dfb Merge branch 'development' into iotssl-1260-non-blocking-ecc-restricted
* development:
  ssl-opt.sh: change expected output for large srv packet test with SSLv3
  Adapt ChangeLog
  Fix bug in SSL ticket implementation removing keys of age < 1s
  ssl-opt.sh: Add DTLS session resumption tests
  Add ChangeLog entry
  Fix typo
  Fix hmac_drbg failure in benchmark, with threading
  Remove trailing whitespace
  Remove trailing whitespace
  ssl_server2: add buffer overhead for a termination character
  Add missing large and small packet tests for ssl_server2
  Added buffer_size and response_size options for ssl-server2. Added appropriate tests.

Solving a conflict in tests/ssl-opt.sh: two set of tests were added at the
same place (just after large packets):
- restartable ECC tests (in this branch)
- server-side large packets (in development)

Resolution was to move the ECC tests after the newly added server large packet
ones.
2018-10-15 11:26:17 +02:00
Andrzej Kurek
9580528248 ssl-opt.sh: fix typo in mtu settings 2018-10-11 08:55:37 -04:00
Andrzej Kurek
b459346f67 ssl-opt.sh: add a check for i686 targets
Run DTLS fragmenting tests on non-i686 targets only.
Remove reduntant gnutls requirements.
2018-10-11 08:43:30 -04:00
Andrzej Kurek
7782605491 ssl-opt.sh: add comments regarding ciphersuite forcing 2018-10-11 07:34:08 -04:00
Andrzej Kurek
7c6df832ed ssl-opt.sh: revert unnecessary "autoreduction" checks
return to the initial check for "resend"
2018-10-11 07:06:12 -04:00
Andrzej Kurek
7311c78074 ssl-opt.sh: force ciphersuites to reduce mtu size 2018-10-11 06:49:41 -04:00
Hanno Becker
e5fecec7bf Add test for MBEDTLS_PLATFORM_{CALLOC/FREE}_MACRO to all.sh
This commit adds a test to tests/scripts/all.sh exercising an
ASan build of the default configuration with

MBEDTLS_PLATFORM_MEMORY enabled,
MBEDTLS_PLATFORM_CALLOC_MACRO set to std calloc
MBEDTLS_PLATFORM_FREE_MACRO   set to std free

(This should functionally be indistinguishable from a default build)
2018-10-11 11:04:20 +01:00
Darryl Green
ac2ead0e68 Improve deterministic test for prime testing
Extend the mbedtls_mpi_is_prime_det test to check that it reports
the number as prime when testing rounds-1 rounds, then reports the
number as composite when testing the full number of rounds.
2018-10-09 16:36:53 +01:00
Janos Follath
a0b67c2f3e Bignum: Deprecate mbedtls_mpi_is_prime()
When using a primality testing function the tolerable error rate depends
on the scheme in question, the required security strength and wether it
is used for key generation or parameter validation. To support all use
cases we need more flexibility than what the old API provides.
2018-10-09 16:36:53 +01:00
Janos Follath
64eca05ec2 Bignum: Add tests for primality testing
Primality tests have to deal with different distribution when generating
primes and when validating primes.
These new tests are testing if mbedtls_mpi_is_prime() is working
properly in the latter setting.

The new tests involve pseudoprimes with maximum number of
non-witnesses. The non-witnesses were generated by printing them
from mpi_miller_rabin(). The pseudoprimes were generated by the
following function:

void gen_monier( mbedtls_mpi* res, int nbits )
{
    mbedtls_mpi p_2x_plus_1, p_4x_plus_1, x, tmp;

    mbedtls_mpi_init( &p_2x_plus_1 );
    mbedtls_mpi_init( &p_4x_plus_1 );
    mbedtls_mpi_init( &x ); mbedtls_mpi_init( &tmp );

    do
    {
        mbedtls_mpi_gen_prime( &p_2x_plus_1, nbits >> 1, 0,
                               rnd_std_rand, NULL );
        mbedtls_mpi_sub_int( &x, &p_2x_plus_1, 1 );
        mbedtls_mpi_div_int( &x, &tmp, &x, 2 );

        if( mbedtls_mpi_get_bit( &x, 0 ) == 0 )
            continue;

        mbedtls_mpi_mul_int( &p_4x_plus_1, &x, 4 );
        mbedtls_mpi_add_int( &p_4x_plus_1, &p_4x_plus_1, 1 );

        if( mbedtls_mpi_is_prime( &p_4x_plus_1, rnd_std_rand,
                                  NULL ) == 0 )
            break;

    } while( 1 );

    mbedtls_mpi_mul_mpi( res, &p_2x_plus_1, &p_4x_plus_1 );
}
2018-10-09 16:36:53 +01:00
Janos Follath
a3cb7eb8ad Bignum: Add test for improved prime generation 2018-10-09 16:33:27 +01:00
Andrzej Kurek
35f2f300ca ssl-opt.sh: change expected pattern from 'resend' to 'autoreduction' 2018-10-09 08:52:14 -04:00
Andrzej Kurek
0fc9cf40cf ssl-opt.sh: increase proxy mtu sizes to contain entire datagrams 2018-10-09 03:09:41 -04:00
Gilles Peskine
be00a71c90 Add tests for shorter-tag AEAD (CCM, GCM) 2018-10-08 14:45:35 +02:00
Gilles Peskine
23cc2ff9a8 Add support for non-default-tag-size AEAD (CCM and GCM) 2018-10-08 14:42:11 +02:00
Gilles Peskine
7da96b0d91 Reorder parameters of AEAD unit tests to be more logical
Pass the nonce first, then the AD, then the input. This is the order
in which the data is processed and it's the order of the parameters to
the API functions.
2018-10-08 14:42:11 +02:00
Gilles Peskine
d911eb7915 Add support for truncated MAC algorithms 2018-10-08 14:42:11 +02:00
Gilles Peskine
a7aa442c7c Add tests for mac_sign 2018-10-08 14:42:11 +02:00
Gilles Peskine
f18c146d6b Remove a redundant test case 2018-10-08 14:42:11 +02:00
Gilles Peskine
695a34654a Add tests for PKCS#1 v1.5 decoding
Functional tests for various payload sizes and output buffer sizes.

When the padding is bad or the plaintext is too large for the output
buffer, verify that function writes some outputs. This doesn't
validate that the implementation is time-constant, but it at least
validates that it doesn't just return early without outputting anything.
2018-10-08 11:13:21 +02:00
Simon Butcher
03de21059d Add additional test case for alternative CSR headers
Add a test case for alternative headers possible for CSR's, as defined in
RFC7468.
2018-10-06 17:19:31 +01:00
Andrzej Kurek
948fe80f42 ssl-opt.sh: adjust test timeouts to fit slower targets 2018-10-06 05:07:47 -04:00
Andrzej Kurek
52f8491dc2 ssl-opt.sh: adjust tests to fit slower targets
Adjust mtu sizes to be able to pass tests using a full configuration
2018-10-05 07:53:40 -04:00
Gilles Peskine
c426352ec5 check-files: exclude .git and third-party files
Exclude ".git" directories anywhere. This avoids spurious errors in git
checkouts that contain branch names that look like a file
check-files.py would check.

Exclude "mbed-os" anywhere and "examples" from the root. Switch to the
new mechanism to exclude "yotta/module". These are directories where
we store third-party files that do not need to match our preferences.

Exclude "cov-int" from the root. Fix #1691
2018-10-02 19:01:16 +02:00
Gilles Peskine
95c5575e12 check-files: exclude .git and third-party files
Exclude ".git" directories anywhere. This avoids spurious errors in git
checkouts that contain branch names that look like a file
check-files.py would check. Fix #1713

Exclude "mbed-os" anywhere and "examples" from the root. Switch to the
new mechanism to exclude "yotta/module". These are directories where
we store third-party files that do not need to match our preferences.

Exclude "cov-int" from the root. Fix #1691
2018-10-02 13:13:24 +02:00
Simon Butcher
6e3606e4f6 Fix run-test-suites.pl to screen for files
Changes run-test-suites.pl to filter out directories, and select only files
as on OSX, test coverage tests create .dSYM directories which were being
accidentally selected to execute.
2018-09-30 21:53:16 +01:00
Gilles Peskine
427df37f84 Don't try to disable ASLR
We don't need to disable ASLR, so don't try. If gdb tries but fails,
the test runs normally, but all.sh then trips up because it sees
`warning: Error disabling address space randomization: Operation not permitted`
and interprets it as an error that indicates a test failure.
2018-09-28 14:31:16 +02:00
Gilles Peskine
5c39d7a972 Remove redundant check in all.sh
test -s can't fail if the subsequent grep succeeds.
2018-09-28 14:31:16 +02:00
Gilles Peskine
bd90a8c002 In keep-going mode, don't hard-fail on some tests
Add if_build_succeeded in front of the invocation of some test runs
where it was missing.
2018-09-28 14:31:16 +02:00
Jaeden Amero
65593d2ddd rsa: pss: Add no possible salt size tests
Add signing tests with 528-bit and 520-bit RSA keys with SHA-512. These
selections of key and hash size should lead to an error returned, as
there is not enough room for our chosen minimum salt size of two bytes
less than the hash size. These test the boundary around an available
salt length of 0 or -1 bytes.

The RSA keys were generated with OpenSSL 1.1.1-pre8.

    $ openssl genrsa 520
    Generating RSA private key, 520 bit long modulus (2 primes)
    .............++++++++++++
    .................++++++++++++
    e is 65537 (0x010001)
    -----BEGIN RSA PRIVATE KEY-----
    MIIBPwIBAAJCANWgb4bludh0KFQBZcqWb6iJOmLipZ0L/XYXeAuwOfkWWjc6jhGd
    B2b43lVnEPM/ZwGRU7rYIjd155fUUdSCBvO/AgMBAAECQgDOMq+zy6XZEjWi8D5q
    j05zpRGgRRiKP/qEtB6BWbZ7gUV9DDgZhD4FFsqfanwjWNG52LkM9D1OQmUOtGGq
    a9COwQIhD+6l9iIPrCkblQjsK6jtKB6zmu5NXcaTJUEGgW68cA7PAiENaJGHhcOq
    /jHqqi2NgVbc5kWUD/dzSkVzN6Ub0AvIiBECIQIeL2Gw1XSFYm1Fal/DbQNQUX/e
    /dnhc94X7s118wbScQIhAMPVgbDc//VurZ+155vYc9PjZlYe3QIAwlkLX3HYKkGx
    AiEND8ndKyhkc8jLGlh8aRP8r03zpDIiZNKqCKiijMWVRYQ=
    -----END RSA PRIVATE KEY-----

    $ openssl genrsa 528
    Generating RSA private key, 528 bit long modulus (2 primes)
    .........++++++++++++
    ....++++++++++++
    e is 65537 (0x010001)
    -----BEGIN RSA PRIVATE KEY-----
    MIIBQgIBAAJDAKJVTrpxW/ZuXs3z1tcY4+XZB+hmbnv1p2tBUQbgTrgn7EyyGZz/
    ZkkdRUGQggWapbVLDPXu9EQ0AvMEfAsObwJQgQIDAQABAkJhHVXvFjglElxnK7Rg
    lERq0k73yqfYQts4wCegTHrrkv3HzqWQVVi29mGLSXTqoQ45gzWZ5Ru5NKjkTjko
    YtWWIVECIgDScqoo7SCFrG3zwFxnGe7V3rYYr6LkykpvczC0MK1IZy0CIgDFeINr
    qycUXbndZvF0cLYtSmEA+MoN7fRX7jY5w7lZYyUCIUxyiOurEDhe5eY5B5gQbJlW
    ePHIw7S244lO3+9lC12U1QIhWgzQ8YKFObZcEejl5xGXIiQvBEBv89Y1fPu2YrUs
    iuS5AiFE64NJs8iI+zZxp72esKHPXq/chJ1BvhHsXI0y1OBK8m8=
    -----END RSA PRIVATE KEY-----
2018-09-27 18:23:08 +01:00
Jaeden Amero
80d99ea038 rsa: pss: Extend tests for variable salt length
Since we wish to generate RSASSA-PSS signatures even when hashes are
relatively large for the chosen RSA key size, we need some tests. Our
main focus will be on 1024-bit keys and the couple key sizes larger than
it. For example, we test for a signature generated using a salt length
of 63 when a 1032-bit key is used. Other tests check the boundary
conditions around other key sizes. We want to make sure we don't use a
salt length larger than the hash length (because FIPS 186-4 requires
this). We also want to make sure we don't use a salt that is too small
(no smaller than 2 bytes away from the hash length).

Test RSASSA-PSS signatures with:
 - 1024-bit key and SHA-512 (slen 62)
 - 1032-bit key and SHA-512 (slen 63)
 - 1040-bit key and SHA-512 (slen 64)
 - 1048-bit key and SHA-512 (slen 64)

The tests also verify that we can properly verify the RSASSA-PSS
signatures we've generated.

We've manually verified that OpenSSL 1.1.1-pre8 can verify the
RSASSA-PSS signatures we've generated.

    $ openssl rsa -in rsa1024.pem -pubout -out pub1024.pem
    writing RSA key
    $ openssl rsa -in rsa1032.pem -pubout -out pub1032.pem
    writing RSA key
    $ openssl rsa -in rsa1040.pem -pubout -out pub1040.pem
    writing RSA key
    $ openssl rsa -in rsa1048.pem -pubout -out pub1048.pem
    writing RSA key
    $ cat message.bin | openssl dgst -sha512 -sigopt rsa_padding_mode:pss -sigopt rsa_pss_saltlen:62 -verify pub1024.pem -signature valid1024.bin
    Verified OK
    $ cat message.bin | openssl dgst -sha512 -sigopt rsa_padding_mode:pss -sigopt rsa_pss_saltlen:63 -verify pub1032.pem -signature valid1032.bin
    Verified OK
    $ cat message.bin | openssl dgst -sha512 -sigopt rsa_padding_mode:pss -sigopt rsa_pss_saltlen:64 -verify pub1040.pem -signature valid1040.bin
    Verified OK
    $ cat message.bin | openssl dgst -sha512 -sigopt rsa_padding_mode:pss -sigopt rsa_pss_saltlen:64 -verify pub1048.pem -signature valid1048.bin
    Verified OK

We've also added a new test that ensures we can properly validate a
RSASSA-PSS 1032-bit signature with SHA-512 generated by OpenSSL. This
has been added as the "RSASSA-PSS Verify OpenSSL-generated Signature
1032-bit w/SHA-512" test. The signature to verify was generated with the
following command line.

    $ cat message.bin | openssl dgst -sha512 -sigopt rsa_padding_mode:pss -sigopt rsa_pss_saltlen:63 -sign rsa1032.pem > valid.bin

The RSA private keys used by these tests were generated with OpenSSL
1.1.1-pre8.

    $ openssl genrsa 1024
    Generating RSA private key, 1024 bit long modulus (2 primes)
    ........................................++++++
    ......++++++
    e is 65537 (0x010001)
    -----BEGIN RSA PRIVATE KEY-----
    MIICWwIBAAKBgQDDyYc1SFQ1kcH5R+QSwz2la50blKWML0EKimIOm08dkZdkPr9S
    f19isgK51noyZU0F8yapth4BBu/fSClnPE89I2VZluJCQFmRarR6pn5AbBKWeeWX
    nKRnCIZmCP+iH2GYQ7lZtEQuQiWYovqrVKjO8fExmSZ30s9byvK1Vk90GQIDAQAB
    AoGAG1BnO4i+rsaJ8DQWXoO8evJ7dZiUS+1fvo+1xGHodLCWFVcnq+O3M/avqKuC
    WruFNlpIv453ux7zogvYMt3YE+ny//kgh5gUh0O1mXPbZtF4gGxsqXdV13lMW9dK
    ZH2ltN94MwynrXl74m2P4uCHWIHLE9+ZyWRzwH/c/o1E4n0CQQDo+VpxbBJ9UUfc
    wkGnwf6NVIez6LbpXkioMzTSHQDHmtCpDimUHAxTBlsgBZ3pXp5AYGFBb3rBLtyh
    mDue4ozDAkEA1yNIspfn5dxDKfarh0sXmCWE4KtDF0Bwqb6YPA8EAyDW+JPEDScX
    yzBEOAyzIwtxM2IescVaPqVtDnzuaUtd8wJAdOP3XwUsWbgYaEkHDBank12gIMJY
    U8q8hbf7fpiStZOVsdyrO+a+wEFmIzDuRBL3L7Gr2lsGqjrK9EEfWN6uZQJAOJml
    1Ka2cfkDCpVFB3EwIe0tClbEbeecPGxSbOqeaZxIMlnd6H/yeJiYOg7NSlkGTThx
    Tt/XIEgxavBfYQBdFQJAMFmLr9DL5lWAZNAHspJ8R5NdoOcsrKV9tb24cu0YapuZ
    rSPwmebskHyinvoBsD2CthUtpSo3NE+xZ6HcfYca9w==
    -----END RSA PRIVATE KEY-----

    $ openssl genrsa 1032
    Generating RSA private key, 1032 bit long modulus (2 primes)
    ....................++++++
    .................................++++++
    e is 65537 (0x010001)
    -----BEGIN RSA PRIVATE KEY-----
    MIICYAIBAAKBggCqlKuRtMJr4lfkaVKCKMSwtrTJnnOoSicrMQGJLAdAaRE3K4Ps
    SnuBkfC6S0y0yztzIHTpbGaCl+EyO4rQgip+FRGC3vA4caZqR7cEuShFxhlBQtTu
    2hmQPgQENYH3qDXcKIEXhj0hlEw67e1RhFjxowpBx2OKpOCYqI/fLCCXJw0CAwEA
    AQKBgWcY+CFWePOvl6OrrHySm16a7uW06P5b4xSNx/naLH/XgNoxaMiVs9P6Gt7d
    x/y1oLbSdRbnt4VSun8b0ah4I6qEyk3MdfiNnhy24LlCuv0TOLbQVibjH+5Q+iP2
    995ssUrkfPa/QAA95nPVaDhcsATSh32JagE0rkItukalyc/IGQJBDfrttwmtohBS
    I+XndkpfMdB656N73HtKVsJJnhFzFHvNyxZbj7AaJSgZDLaHRlapNkkYmPyjMNuK
    9antVBcmjtcCQQwznFZ5epDGQSklYNDvZ19xrCyZ/KumJgw45PFn39F563qeJV+b
    28VJ5BgfmioZsfMKgLKS1e8a11ueZY6qb7C7AkEExSw7mmfOtrbwXNAfwry8qKBn
    TZdD4iW5eM3Zy6ZyxNOxik1vt+0T5Jy3g8igrY1LYqGsAfhFAYRm0raSTNvxPQJB
    AUcOIYfKq4n2nKZLQtUuT7IJQwpEiHx3E2SJpDUqHDbVzxrr8tzQ4BFijpwQekQC
    e94np4r0V3rJ/c/R9mQmGa0CQQrd2veAgj1F7Rma7zE4vYhvCf0XB1rshw972xGo
    BTAU4BagC7/vht1YXhhdz1FC36DrWm3veTwLLuNUQTJWsYIH
    -----END RSA PRIVATE KEY-----

    $ openssl genkey 1040
    Generating RSA private key, 1040 bit long modulus
    ........++++++
    ........++++++
    e is 65537 (0x10001)
    -----BEGIN RSA PRIVATE KEY-----
    MIICZgIBAAKBgwDSNAU4Ix3NWmHt+Dq5Sy5LOnhDlMTtNaQkwFDClBV7diX5rKgl
    jCHi0Keqm3ydtXZATmMJDbpQ2Zj5o+xysaXPKNgyUauTNBx9LBqQQD1w9nvBqeQT
    vGL6zMtSRB4kw/K8n97KGngwEucLlSgXYmBYDE4QJsWCCejcxN478/W+VWXpAgMB
    AAECgYMAutjQ1uCoKhSwPgbLtE92vBoiMvh3v99Ro/VrFDrriY4xHWlzIcUZjfMp
    Rsblk45sqabD85VHS3zQtP8YO69bkvK+r5upGfzLtzX8r5BVuO1+7oO+/jbRHLYJ
    ieBoFZbUc27YcKzR35Iv78d+KjygYIsWgt7W2Yqf6qt98r43WcrYsQJCAPx/S0kL
    TT73Kdsj+1r7tfL8YgpHI0LYuP8xDP3BJL523CKrb0vjWjjd0x8k1/ZNMQ9nqzo3
    XoP04FWeTLXcQ+h1AkIA1R6GgKtx3AHhqKaKKYY2uxZYz6uNc85SimJpdyLUhauQ
    za/F4ndot2GDn/k0IEWK5V8VppRl28DHtSTcmjhf+SUCQT4RVIJaItztiP5zc+BD
    q9BVNgxsvEA8Yg1pE1Z1WgDv2uEy3yL6ej0sWi93sRa8lujAhRjEb5lkYpjpVtYF
    lTPZAkIAlt1yB3nWMxEd5l5mZbi927iZDAF8M+N1aML7t7tvSGTIL+LjKUqwVUhx
    ffhSXxn7lh22XOKmLGcOuHussnt/7QUCQS2GWdSBu7DGZ5uIvZVj+5KPTwv3Pw9+
    uuj12Z3shojl1iVije7nsBK1q3NbrXksEiQ4QJIoK2V2quqD58O2/K8T
    -----END RSA PRIVATE KEY-----

    $ openssl genrsa 1048
    Generating RSA private key, 1048 bit long modulus (2 primes)
    ...............................++++++
    .++++++
    e is 65537 (0x010001)
    -----BEGIN RSA PRIVATE KEY-----
    MIICaQIBAAKBhADHXQ+foX0dJLk5U3pDQBfzkMZgRETDWhM2DWsfyYa69AFZuEJ1
    03uIMnjfUGTdnrDymw0yWsx5DEtZZyc32786y4j14vLVTJGcr9ByJyxJRZHVLhWJ
    kzFeceLKYLHHT+/489d4QrQV1OcXNKSYIGpc2TFch7I+WD4l60ypcFa0XJaFbQID
    AQABAoGDSqKtUa6sXze7XBnDYN/i151wluOX9qaHIKo/W4Qfu2fUBZm0z9Wfnqp+
    k+PODyX0yq5/b0WM3RhcMRksFn5fBgzYHEmAj8IHhDsjavNtiv8nIl6EF2PfuT1p
    6iEpo8IS15dp6j5AKH4Zmnq6TRYiqdaz/ry/kpQrmeJym83KksujZWUCQg85t5gJ
    UWvswuNIG2tHWEqiKZvSAnq4owO53lsK3LSl04447bjB+sPqHb1+HVC4QyPjYs/0
    3z9aUYLa+pu5IXpz1wJCDRgWT4vQ1Y0BmZjIyxfEwDVOYripRirMowgWiU+YLCrh
    FOc5k+MGmJMEN7TuxErewk0yzLy658xMn4kRseshAGhbAkIBClKPIuPbWfwfB4hI
    FkHkJ5xsNzdQJ1mMIaEd22olNcd0ylMD8s0tocuSbRGXuF9uDlVsHDE85PD43fmN
    tmKhOVUCQgG6H5c2VcEU7BUaNcGzzNudLE2RFaKPmpYWRwKtYODSdwWOyeVbmE8f
    dPrz/lodlewCyqR+cBiKtcCFD7Rr0tp+6QJCALZlz954leZ6UKkdeOiTb+fVFpsq
    DNNALCL4VJ7XcJJMpjgSKYv9sr1C43nifr1M4YDH+B3NFRF+FWdVodaseOKF
    -----END RSA PRIVATE KEY-----
2018-09-27 18:23:08 +01:00
Jaeden Amero
3725bb2d6d rsa: pss: Enable use of big hashes with small keys
It should be valid to RSASSA-PSS sign a SHA-512 hash with a 1024-bit or
1032-bit RSA key, but with the salt size being always equal to the hash
size, this isn't possible: the key is too small.

To enable use of hashes that are relatively large compared to the key
size, allow reducing the salt size to no less than the hash size minus 2
bytes. We don't allow salt sizes smaller than the hash size minus 2
bytes because that too significantly changes the security guarantees the
library provides compared to the previous implementation which always
used a salt size equal to the hash size. The new calculated salt size
remains compliant with FIPS 186-4.

We also need to update the "hash too large" test, since we now reduce
the salt size when certain key sizes are used. We used to not support
1024-bit keys with SHA-512, but now we support this by reducing the salt
size to 62. Update the "hash too large" test to use a 1016-bit RSA key
with SHA-512, which still has too large of a hash because we will not
reduce the salt size further than 2 bytes shorter than the hash size.

The RSA private key used for the test was generated using "openssl
genrsa 1016" using OpenSSL 1.1.1-pre8.

    $ openssl genrsa 1016
    Generating RSA private key, 1016 bit long modulus (2 primes)
    ..............++++++
    ....++++++
    e is 65537 (0x010001)
    -----BEGIN RSA PRIVATE KEY-----
    MIICVwIBAAKBgACu54dKTbLxUQBEQF2ynxTfDze7z2H8vMmUo9McqvhYp0zI8qQK
    yanOeqmgaA9iz52NS4JxFFM/2/hvFvyd/ly/hX2GE1UZpGEf/FnLdHOGFhmnjj7D
    FHFegEz/gtbzLp9X3fOQVjYpiDvTT0Do20EyCbFRzul9gXpdZcfaVHNLAgMBAAEC
    gYAAiWht2ksmnP01B2nF8tGV1RQghhUL90Hd4D/AWFJdX1C4O1qc07jRBd1KLDH0
    fH19WocLCImeSZooGCZn+jveTuaEH14w6I0EfnpKDcpWVAoIP6I8eSdAttrnTyTn
    Y7VgPrcobyq4WkCVCD/jLUbn97CneF7EHNspXGMTvorMeQJADjy2hF5SginhnPsk
    YR5oWawc6n01mStuLnloI8Uq/6A0AOQoMPkGl/CESZw+NYfe/BnnSeckM917cMKL
    DIKAtwJADEj55Frjj9tKUUO+N9eaEM1PH5eC7yakhIpESccs/XEsaDUIGHNjhctK
    mrbbWu+OlsVRA5z8yJFYIa7gae1mDQJABjtQ8JOQreTDGkFbZR84MbgCWClCIq89
    5R3DFZUiAw4OdS1o4ja+Shc+8DFxkWDNm6+C63g/Amy5sVuWHX2p9QI/a69Cxmns
    TxHoXm1w9Azublk7N7DgB26yqxlTfWJo+ysOFmLEk47g0ekoCwLPxkwXlYIEoad2
    JqPh418DwYExAkACcqrd9+rfxtrbCbTXHEizW7aHR+fVOr9lpXXDEZTlDJ57sRkS
    SpjXbAmylqQuKLqH8h/72RbiP36kEm5ptmw2
    -----END RSA PRIVATE KEY-----
2018-09-27 18:23:08 +01:00
Gilles Peskine
e04d4e6d13 Don't try to disable ASLR
We don't need to disable ASLR, so don't try. If gdb tries but fails,
the test runs normally, but all.sh then trips up because it sees
`warning: Error disabling address space randomization: Operation not permitted`
and interprets it as an error that indicates a test failure.
2018-09-27 13:57:46 +02:00
Gilles Peskine
2bb56095ec Remove redundant check in all.sh
test -s can't fail if the subsequent grep succeeds.
2018-09-27 13:57:46 +02:00
Gilles Peskine
3e954cf84d In keep-going mode, don't hard-fail on some tests
Add if_build_succeeded in front of the invocation of some test runs
where it was missing.
2018-09-27 13:57:45 +02:00
Gilles Peskine
f7ab5ad13a Skip calling memset when the size is 0
memset(NULL, c, 0) has undefined behavior, so don't do it. clang-asan
complains.
2018-09-27 13:57:45 +02:00
Gilles Peskine
899c652195 In keep-going mode, don't hard-fail on some auxiliary script
Add record_status in front of the invocation of several scripts where
it was missing.
2018-09-27 13:57:45 +02:00
Gilles Peskine
1596554c99 Fix "make WINDOWS_BUILD=1 clean" on non-Windows hosts
The clean rule was not using the correct names for the compiled
executable files.
2018-09-27 13:57:45 +02:00
Gilles Peskine
79722b0672 Fix incorrect test dependencies for MBEDTLS_PKCS1_V21 2018-09-27 13:57:45 +02:00
Gilles Peskine
bd7dea9e64 Use ASSERT_COMPARE instead of memcmp in PSA tests
This commit fixes some missing size comparison. In
aead_encrypt_decrypt, aead_encrypt and aead_decrypt, the test code
would not have noticed if the library function had reported an output
length that was not the expected length.
2018-09-27 13:57:19 +02:00
Gilles Peskine
3c22596d9b New macro ASSERT_COMPARE to compare two buffers
ASSERT_COMPARE tests that the two buffers have the same size and
content. The intended use is to replace TEST_ASSERT( size1 == size2 )
followed by memcmp on the content. Keep using memcmp when comparing
two buffers that have the same size by construction.
2018-09-27 13:56:31 +02:00
Gilles Peskine
8cebbba7e6 Use ASSERT_ALLOC instead of mbedtls_calloc in PSA tests
This commit resolves a bug whereby some test cases failed on systems
where mbedtls_calloc returns NULL when the size of 0, because the test
case asserted `pointer != NULL` regardless of the size.
2018-09-27 13:54:18 +02:00
Gilles Peskine
b75125c5ff New macro ASSERT_ALLOC to allocate memory in tests
The new macro ASSERT_ALLOC allocates memory with mbedtls_calloc and
fails the test if the allocation fails. It outputs a null pointer if
the requested size is 0. It is meant to replace existing calls to
mbedtls_calloc.
2018-09-27 13:52:29 +02:00
Gilles Peskine
8954d0c274 Write documentation for TEST_ASSERT 2018-09-27 13:51:25 +02:00
Simon Butcher
0592ea772a Merge remote-tracking branch 'public/pr/1140' into development 2018-09-27 11:37:42 +01:00
Simon Butcher
c86993e33c Merge remote-tracking branch 'public/pr/1970' into development 2018-09-27 09:48:54 +01:00
Simon Butcher
3ad2efdc82 Remove Yotta support from the docs, tests and build scripts
Yotta is no longer supported by Mbed TLS, so has been removed. Specifically, the
following changes have been made:
 * references to yotta have been removed from the main readme and build
   instructions
 * the yotta module directory and build script has been removed
 * yotta has been removed from test scripts such as all.sh and check-names.sh
 * yotta has been removed from other files that that referenced it such as the
   doxyfile and the bn_mul.h header
 * yotta specific configurations and references have been removed from config.h
2018-09-26 17:55:09 +01:00
Gilles Peskine
487cdf5516 In keep-going mode, don't hard-fail on some auxiliary script
Add record_status in front of the invocation of several scripts where
it was missing.
2018-09-26 16:50:38 +02:00
Gilles Peskine
2561a50ea4 Fix "make WINDOWS_BUILD=1 clean" on non-Windows hosts
The clean rule was not using the correct names for the compiled
executable files.
2018-09-26 16:50:31 +02:00
Gilles Peskine
159ebf3b8e
Merge pull request #142 from ARMmbed/psa-metadata_validation
Algorithm and key type encoding validation
2018-09-24 10:38:39 +02:00
Janos Follath
7c025a9f50 Generalize dh_flag in mbedtls_mpi_gen_prime
Setting the dh_flag to 1 used to indicate that the caller requests safe
primes from mbedtls_mpi_gen_prime. We generalize the functionality to
make room for more flags in that parameter.
2018-09-21 16:30:07 +01:00
Jaeden Amero
3bfe5f0388
Merge pull request #150 from ARMmbed/psa-rsa-verify-error
Don't return INVALID_PADDING on an invalid RSA signature
2018-09-21 16:15:10 +01:00
Jaeden Amero
40363fe3f5
Merge pull request #139 from ARMmbed/psa-PSA_ALG-block_cipher_padding
Correct and simplify block-based cipher modes
2018-09-21 09:38:27 +01:00
Gilles Peskine
fa764b161b Add curve sizes to ECC curve metadata validation tests 2018-09-20 12:00:21 +02:00
Gilles Peskine
3052f53c37 Add block sizes to HMAC metadata validation tests 2018-09-20 12:00:21 +02:00
Gilles Peskine
d9c8260f23 Add dependencies to metadata validation tests
If some algorithms are excluded in the build, it's ok for the corresponding
macros not to give the correct results. Therefore the corresponding test cases
should depend on the implementation of the algorithm. For example, it's ok for
PSA_HASH_MAX_SIZE to be less than PSA_HASH_SIZE(PSA_ALG_SHA_512) if we build
without SHA-512 support, and we indeed do this. It's even ok for an
implementation to return 0 for PSA_ALG_IS_HASH(PSA_ALG_SHA_512) if it doesn't
support SHA-512; we return 1 anyway but the tests are less
implementation-specific if we don't enforce it.

This commit adds dependencies on symbols that don't exist in Mbed TLS,
for algorithms that Mbed TLS doesn't implement. These are:
MBEDTLS_SHA512_256 for SHA-512/256, MBEDTLS_SHA3_C for SHA-3,
MBEDTLS_DSA_C and MBEDTLS_DSA_DETERMINISTIC for DSA, and
MBEDTLS_ECP_DP_xxx_ENABLED for elliptic curves that have a PSA
encoding but are not supported in Mbed TLS.
2018-09-20 12:00:21 +02:00
Gilles Peskine
49cd329908 Key type validation tests
For all key types, validate feature test macros (PSA_KEY_TYPE_IS_xxx).

For asymmetric keys (public key or key pair), validate the
corresponding public/pair type.

For ECC keys, validate GET_CURVE.
2018-09-20 12:00:21 +02:00
Gilles Peskine
17351eb7f2 Algorithm validation tests
For all algorithms, validate feature test macros (PSA_ALG_IS_xxx).

For hash algorithms, validate the exact hash size, and validate
xxx_GET_HASH macros on dependent algorithms.

For MAC algorithms, validate the MAC size. For AEAD algorithms,
validate the tag size.

There is a separate test case for each HMAC algorithm, which is
necessary because each has its own MAC size. For other hash-dependent
algorithms, there is no interesting variation to test here, so only
one hash gets tested.
2018-09-20 12:00:21 +02:00
Gilles Peskine
44fed61e01 Create infrastructure for metadata validation unit tests 2018-09-20 12:00:21 +02:00
Gilles Peskine
daea26f70f Correct and simplify block-based cipher modes
OFB and CFB are streaming modes. XTS is a not a cipher mode but it
doesn't use a separate padding step. This leaves only CBC as a block
cipher mode that needs a padding step.

Since CBC is the only mode that uses a separate padding step, and is
likely to remain the only mode in the future, encode the padding mode
directly in the algorithm constant, rather than building up an
algorithm value from a chaining mode and a padding mode. This greatly
simplifies the interface as well as some parts of the implementation.
2018-09-20 11:58:22 +02:00
Gilles Peskine
821adfe51c Add exercise tests for RSA public keys and for PSS 2018-09-17 14:33:43 +02:00
Gilles Peskine
acec7b6fa1 exercise_export_key: fix public key case
Public keys are always exportable, even if their usage doesn't include
the EXPORT flag.
2018-09-17 14:33:43 +02:00
Gilles Peskine
81ba4abb02 Fix bad algorithm and key type values in some tests 2018-09-17 11:20:27 +02:00
itayzafrir
90d8c7a728 Ensure the module is initialized in key based functions 2018-09-16 12:15:47 +03:00
itayzafrir
0adf0fc31c Ensure the module is initialized in psa_generate_random 2018-09-16 12:15:46 +03:00
Jaeden Amero
c0454a7369 Merge pull request #135 from ARMmbed/export_sanity_tests
Document asymmetric key export formats
2018-09-14 10:02:30 +01:00
Gilles Peskine
dea46cf8f1 Clarify comment in test
In RSAPrivateKey, Version is an INTEGER. The version must be 0.
2018-09-14 10:02:29 +01:00
Gilles Peskine
8a1a8f31e3 Add test cases for PEM import
This is not a standard PSA feature, it's an extension provided by the
current implementation.
2018-09-14 10:02:29 +01:00
Gilles Peskine
c6290c043e Minor documentation improvements 2018-09-14 10:02:29 +01:00
Gilles Peskine
b67f308c4f Fix re-import size in import_export test with non-canonical input 2018-09-14 10:02:29 +01:00
Gilles Peskine
ae3d2a2c26 Avoid non-standard C constructs
Don't rely on static initialization of a flexible array member, that's
a GNU extension. The previous code also triggered a Clang warning
"suggest braces around initialization of subobject" (-Wmissing-braces)
for `struct {char a[]} = {"foo"}`.
2018-09-14 10:02:29 +01:00
Gilles Peskine
8f609239d5 Do export sanity checks in import_export as well
This is not useful to validate the implementation when importing
canonical input, which is the case for most import/export test cases,
but it helps validate the sanity checks themselves.
2018-09-14 10:02:29 +01:00
Gilles Peskine
dd2f95b855 Improve and augment export sanity checks
Implement sanity checks of exported public keys, using ASN.1 parsing.
Rewrite the sanity checks of key pairs using ASN.1 parsing, so as to
check more things with simpler code.
2018-09-14 10:02:29 +01:00
Jaeden Amero
df3b74f168 Merge pull request #125 from ARMmbed/key_slot_index-fix
Fix off-by-one errors in key slot index limits
2018-09-14 10:02:29 +01:00
Gilles Peskine
d14664a79b Move export key sanity check from generate to exercise
Move the code to perform sanity checks on the exported key from
generate_key to exercise_key. This way the sanity checks can be
performed after importing or deriving a key as well.

In addition to checking the exported key if its usage allows it, check
the exported public key if the key is asymmetric.
2018-09-14 10:02:29 +01:00
Gilles Peskine
9a05634558 psa_crypto_free: destroy the last slot
The last slot in the array was not freed due to an off-by-one error.

Amend the fill_slots test to serve as a non-regression test for this
issue: without this bug fix, it would cause a memory leak.
2018-09-14 10:02:29 +01:00
Gilles Peskine
996deb18cc Fix buffer overflow in the slot array
Slots are numbered from 1, but the slot array is a C array so it's
numbered from 0.

Add a non-regression test.
2018-09-14 10:02:29 +01:00
Gilles Peskine
c32f0304db Fix bad key type constant that worked by accident 2018-09-14 10:02:29 +01:00
Darryl Green
10ccc641ac Add missing dependencies on MBEDTLS_ECDSA_C 2018-09-14 10:02:28 +01:00
Darryl Green
efb52d53bf Add missing dependency on MBEDTLS_PKCS1_V15 2018-09-14 10:02:28 +01:00
Darryl Green
77b33b2926 Add missing dependencies on MBEDTLS_SHA256_C 2018-09-14 10:02:28 +01:00
Darryl Green
9c862253cc Add handling for zero-length buffers in tests
The buffer can be NULL if the length is zero, so we only check it's not NULL if the length is nonzero
2018-09-14 10:02:28 +01:00
Jaeden Amero
80e317af15 all.sh: Test the Mbed Crypto exporter
Ensure that the exporter creates a "crypto" folder where "make test"
runs and passes. Ensure that cleanup also runs without error.
2018-09-12 16:50:07 +03:00
Jaeden Amero
22e232ec04 Merge pull request #109 from ARMmbed/IAR-feature-psa
Ensure release testing job passes IAR tests
2018-09-12 16:50:07 +03:00
Gilles Peskine
9f900a8b25 Merge pull request #105 from ARMmbed/psa-derive_hkdf
PSA key derivation: simple-ish interface, HKDF
2018-09-12 16:50:07 +03:00
Gilles Peskine
08542d8037 Fix psa_generator_import_key for DES
In psa_generator_import_key, if generating a DES or 3DES key, set the
parity bits.

Add tests for deriving a DES key. Also test deriving an AES key while
I'm at it.
2018-09-12 16:50:07 +03:00
Gilles Peskine
d54931c7c4 HKDF: be more robust if we reach the maximum ouptut length
In psa_generator_hkdf_read, return BAD_STATE if we're trying to
construct more output than the algorithm allows. This can't happen
through the API due to the capacity limit, but it could potentially
happen in an internal call.

Also add a test case that verifies that we can set up HKDF with its
maximum capacity and read up to the maximum capacity.
2018-09-12 16:50:05 +03:00
Gilles Peskine
0386fbaa70 Key derivation: test deriving a key from the KDF output 2018-09-12 16:48:24 +03:00
Gilles Peskine
f24af9602f Key derivation with HKDF: add a few negative tests 2018-09-12 16:45:46 +03:00
Gilles Peskine
96ee5c70b9 HKDF: positive tests 2018-09-12 16:45:45 +03:00
Gilles Peskine
ea0fb4975c Add framework for simple key derivation
New key type PSA_KEY_TYPE_DERIVE. New usage flag PSA_KEY_USAGE_DERIVE.
New function psa_key_derivation.

No key derivation algorithm is implemented yet. The code may not
compile with -Wunused.

Write some unit test code for psa_key_derivation. Most of it cannot be
used yet due to the lack of a key derivation algorithm.
2018-09-12 16:44:04 +03:00
Moran Peker
f2ffdb87f6 Fix generate_key and hash_setup tests vectors
-Add depends_on MBEDTLS_CIPHER_MODE_CTR for CTR test_suite_psa_crypto
-Change bad type/hash alg parameter to *_CATEGORY_*
2018-09-12 16:41:12 +03:00
Moran Peker
cb088e7059 Replace ssize_t by ptrdiff_t
ssize_t is a POSIX thing, not standard C
2018-09-12 16:41:12 +03:00
Gilles Peskine
731606c580 Add OAEP tests with non-empty labels 2018-09-12 16:41:12 +03:00
Gilles Peskine
b3fc05d776 psa_asymmetric_{encrypt,decrypt}: reject salt when not allowed
In psa_asymmetric_encrypt and psa_asymmetric_decrypt, if the algorithm
does not use a salt, require the salt to be empty.
2018-09-12 16:41:12 +03:00
Gilles Peskine
55c94dd500 Asymmetric encrypt/decrypt tests: check output length
In asymmetric_encrypt_decrypt, use the buffer size advertized by the
library for the ciphertext, and the length of the plaintext for the
re-decrypted output.

Test the output length if known. Require it to be 0 on error for
encrypt/decrypt functions. If the output length is unknown, test at
least that it's within the buffer limits.
2018-09-12 16:41:12 +03:00
Gilles Peskine
6842812188 Asymmetric encryption tests: allow label argument
Add a label argument to all asymmetric encryption test functions
(currently empty in all tests, but that will change soon).

In asymmetric_encrypt and asymmetric_decrypt, with an empty label,
test with both a null pointer and a non-null pointer.
2018-09-12 16:41:12 +03:00
Gilles Peskine
072ac56a03 Implement OAEP
Implement RSAES-OAEP encryption and decryption.

Test it to the same level as PKCS#1 v1.5.
2018-09-12 16:41:12 +03:00
Gilles Peskine
71ac7b11a7 Allow RSA PSS with any input size
Although RSASSA-PSS defines its input as a message to be hashed, we
implement a sign-the-hash function. This function can take an input
which isn't a hash, so don't restrict the size of the input, any more
than Mbed TLS does.

Remove a redundant check that hash_length fits in unsigned int for the
sake of Mbed TLS RSA functions.

Test that PSS accepts inputs of various lengths. For PKCS#1 v1.5
signature in raw mode, test the maximum input length.
2018-09-12 16:41:12 +03:00
Gilles Peskine
f64ee8a7f1 Fix "unknown MAC algorithm" to actually use a MAC algorithm 2018-09-12 16:41:12 +03:00
Gilles Peskine
ef0cb40736 Fix bug in exercise_mac_key that almost always broke the SIGN case
That case isn't used in the test suite yet.
2018-09-12 16:41:12 +03:00
Gilles Peskine
f969b3ac74 Change a generate_key test to exercise with PSS
This required tweaking exercise_signature_key to use a payload size
for the signature based on the algorithm, since our implementation of
PSS requires that the input size matches the hash size. This would
also be the case for PKCS#1 v1.5 with a specified hash.
2018-09-12 16:41:11 +03:00
Gilles Peskine
1c211b3e01 Fix some test dependencies
* No test depends on MBEDTLS_PK_C except via MBEDTLS_PK_PARSE_C, so
  remove MBEDTLS_PK_C and keep only MBEDTLS_PK_PARSE_C.
* Add MBEDTLS_PK_WRITE_C for pk export tests.
* Add MBEDTLS_GENPRIME for RSA key generation tests.
* Add dependencies to AEAD tests.
* Add missing dependencies to many RSA tests.
2018-09-12 16:41:11 +03:00
Gilles Peskine
66763a008a asymmetric_decrypt test: remove redundant argument
The expected output size is the size of the expected output, it
doesn't need to be passed separately.
2018-09-12 16:41:11 +03:00
Gilles Peskine
d00444cf33 Improve test coverage of PKCS#1 v1.5 encrypt/decrypt
* Add a test for decryption with invalid padding.
* Add a test for encryption with input too large.
* In negative tests, pass input whose length matches the key length,
  unless that's what the test is about.
2018-09-12 16:41:11 +03:00
Gilles Peskine
fe11951c16 Rename psa cipher functions to psa_cipher_xxx
Make function names for multipart operations more consistent (cipher
edition).

Rename symmetric cipher multipart operation functions so that they all
start with psa_cipher_:

* psa_encrypt_setup -> psa_cipher_encrypt_setup
* psa_decrypt_setup -> psa_cipher_decrypt_setup
* psa_encrypt_set_iv -> psa_cipher_set_iv
* psa_encrypt_generate_iv -> psa_cipher_generate_iv
2018-09-12 16:41:11 +03:00
Gilles Peskine
365b984e38 Add asymmetric_verify tests with public keys
Change most asymmetric_verify to use public keys (they were all using
key pairs before). Keep one test with an RSA key pair and one with an
EC key pair.
2018-09-12 16:41:11 +03:00
Gilles Peskine
656896e4c3 Add positive asymmetric encryption tests
Revise the test function asymmetric_encrypt_fail into
asymmetric_encrypt and use it for positive tests as well. Get the
expected output length from PSA_ASYMMETRIC_ENCRYPT_OUTPUT_SIZE. Check
the actual output length against test data.

Add positive test cases for encryption: one with an RSA public
key (this is the only test for encryption with a public key rather
than a key pair) and one with a key pair.
2018-09-12 16:41:11 +03:00
Gilles Peskine
89167cb597 Split psa_mac_setup -> psa_mac_{sign,verify}_setup
Make function names for multipart operations more consistent (MAC
setup edition).

Split psa_mac_setup into two functions psa_mac_sign_setup and
psa_mac_verify_setup. These functions behave identically except that
they require different usage flags on the key. The goal of the split
is to enforce the key policy during setup rather than at the end of
the operation (which was a bit of a hack).

In psa_mac_sign_finish and psa_mac_verify_finish, if the operation is
of the wrong type, abort the operation before returning BAD_STATE.
2018-09-12 16:41:11 +03:00
Gilles Peskine
6b530867e4 Test importing a key pair as a public key and vice versa 2018-09-12 16:41:11 +03:00
Gilles Peskine
acd4be36fa Rename psa_mac_{finish,verify} -> psa_mac_{sign,verify}_finish
Make function names for multipart operations more consistent (MAC
finish edition).
2018-09-12 16:41:11 +03:00
Gilles Peskine
da8191d1cd Rename psa_hash_start -> psa_hash_setup
Make function names for multipart operations more consistent (hash
edition).
2018-09-12 16:41:11 +03:00
Gilles Peskine
3ff2162d14 Remove salt from asymmetric_{sign,verify}
No common signature algorithm uses a salt (RSA-PKCS#1v1.5, RSA-PSS,
DSA, ECDSA, EdDSA). We don't even take an IV for MAC whereas MAC
algorithms with IV are uncommon but heard of. So remove the salt
parameter from psa_asymmetric_sign and psa_asymmetric_verify.
2018-09-12 16:41:11 +03:00
Gilles Peskine
2a91d612f5 Merge remote-tracking branch 'psa/pr/94' into feature-psa 2018-09-12 16:41:11 +03:00
Gilles Peskine
9911b02f32 Add sign_verify test and use it to smoke-test PSS 2018-09-12 16:41:11 +03:00
Gilles Peskine
ab4152b3d4 Diversify export tests without the export usage flag
Test both with a symmetric key and with a key pair.
2018-09-12 16:41:11 +03:00
Gilles Peskine
76f5c7b6a8 Tests: cover policy checks for all operations
Add tests of key policy checks for MAC, cipher, AEAD, asymmetric
encryption and asymmetric signature. For each category, test
with/without the requisite usage flag in each direction, and test
algorithm mismatch.
2018-09-12 16:41:11 +03:00
Janos Follath
25c4fa8fb0 Fix copy paste error PSA test suite
At this point it fixes memory leaks as well. These memory leaks are the
fault of the 'psa_cipher_finish()' function and the calls fixed in this
commit (among with many others in the test suite) will become obsolete
after fixing 'psa_cipher_finish()'.
2018-09-12 16:41:11 +03:00
mohammad1603
2701005b46 Modifications for psa-crypto in order to integrate with SPM
Add required includes in tests and psa_crypto.c file in order to be able to compilef for the SPM solution.
Some functions needed to be deprecated from psa_crypto.c since they already implemented in the SPM.
2018-09-12 16:41:11 +03:00
mohammad1603
3d91abefac Use PSA_BLOCK_CIPHER_BLOCK_SIZE() macro to get the cipher block size
Use PSA_BLOCK_CIPHER_BLOCK_SIZE() macro to get the cipher block size instead of accessing the operation struct
additionally, for SPM case, the 'block_size' member is not a member in the operation struct
2018-09-12 16:41:11 +03:00
Moran Peker
ed34695e08 Fix tests in test_suite_psa_crypto to set policy usage 2018-09-12 16:41:11 +03:00
Gilles Peskine
02b750781f Factor duplicated code into exercise_key
Also fail the test if the test code lacks a way to exercise the key.
2018-09-12 16:41:11 +03:00
Gilles Peskine
480416af9d Fix argument validation in asn1_write_10x
1 << bits doesn't work when bits is too large. Found by ASan.
2018-09-12 16:41:11 +03:00
Gilles Peskine
0b352bcf95 Test that creating RSA keys larger than the maximum fails
Test keypair import, public key import and key generation.
2018-09-12 16:41:11 +03:00
Gilles Peskine
69c1267fd2 Use PSA_xxx_MAX_SIZE for hash/MAC/signature size in tests
In tests that had a hard-coded buffer size, use PSA_MAC_MAX_SIZE or
PSA_ASYMMETRIC_SIGNATURE_MAX_SIZE as appropriate.

Test that PSA_xxx_MAX_SIZE is larger than the size used in tests that
expect a specific output.
2018-09-12 16:41:11 +03:00
Gilles Peskine
860ce9d9e5 Document what the signature tests are doing a bit better
Add a check that the purported output length is less than the buffer
size in sign_fail.
2018-09-12 16:41:11 +03:00
Gilles Peskine
d35a1cce7f Correct the documentation of mem_is_zero 2018-09-12 16:41:11 +03:00
Gilles Peskine
eae6eee24c Change ECDSA signature representation to r||s
Change the representation of an ECDSA signature from the ASN.1 DER
encoding used in TLS and X.509, to the concatenation of r and s
in big-endian order with a fixed size. A fixed size helps memory and
buffer management and this representation is generally easier to use
for anything that doesn't require the ASN.1 representation. This is
the same representation as PKCS#11 (Cryptoki) except that PKCS#11
allows r and s to be truncated (both to the same length), which
complicates the implementation and negates the advantage of a
fixed-size representation.
2018-09-12 16:41:11 +03:00
Gilles Peskine
ca45c35e65 Fix exercise_signature_key for ECDSA
mbedtls_ecdsa_verify fails when the input is all-bits-zero (mbedtls
issue #1792). Use a different input.
2018-09-12 16:41:11 +03:00
Gilles Peskine
a680c7a9fc Add import-and-exercise tests for some signature algorithms 2018-09-12 16:41:10 +03:00
Gilles Peskine
a81d85b732 Sort out ECDSA mechanisms
* Distinguish randomized ECDSA from deterministic ECDSA.
* Deterministic ECDSA needs to be parametrized by a hash.
* Randomized ECDSA only uses the hash for the initial hash step,
  but add ECDSA(hash) algorithms anyway so that all the signature
  algorithms encode the initial hashing step.
* Add brief documentation for the ECDSA signature mechanisms.
* Also define DSA signature mechanisms while I'm at it. There were
  already key types for DSA.
2018-09-12 16:24:51 +03:00
Gilles Peskine
55bf3d1171 Sort out RSA mechanisms
* PSS needs to be parametrized by a hash.
* Don't use `_MGF1` in the names of macros for OAEP and PSS. No one
  ever uses anything else.
* Add brief documentation for the RSA signature mechanisms.
2018-09-12 16:24:51 +03:00
Gilles Peskine
559d2f6d3e Add bad-type import tests with coinciding key sizes
Add a negative test for import where the expected key is an EC key
with the correct key size, but the wrong curve. Change the test that
tries to import an RSA key when an EC key is expected to have the
expected key size.
2018-09-12 16:24:50 +03:00
Gilles Peskine
a9a3c23ccd Fix a config dependency in a test case 2018-09-12 16:24:50 +03:00
Gilles Peskine
202d0793a2 Add import test cases with a key pair of the wrong type 2018-09-12 16:24:50 +03:00
Mohammad AboMokh
65fa0b8433 fix if condition to validate encrypt key usage 2018-09-12 16:24:50 +03:00
Mohammad AboMokh
adb9b2372b fix PSA_BLOCK_CIPHER_BLOCK_SIZE() argument in test code 2018-09-12 16:24:50 +03:00
Jaeden Amero
2a671e9031 psa: export_public_key: Check for all zero on error 2018-09-12 16:24:50 +03:00
Jaeden Amero
e7edf7bb20 psa: Expect zero-length exported-public symmetric keys
Because exporting-public a symmetric key fails, we have no reasonable
expectation that the exported key length has any value at all other than
something obviously incorrect or "empty", like a key with a length of 0.
Our current implementation explicitly sets the exported key length to 0
on errors, so test for this. Fix the "PSA import/export-public: cannot
export-public a symmetric key" test to expect a key length of 0 instead
of 162.
2018-09-12 16:24:50 +03:00
Jaeden Amero
f24c7f80a0 psa_export_key: Always set a valid data length
Make psa_export_key() always set a valid data_length when exporting,
even when there are errors. This makes the API easier to use for buggy
programs (like our test code).

Our test code previously used exported_length uninitialized when
checking to see that the buffer returned was all zero in import_export()
in the case where an error was returned from psa_export_key().
Initialize exported_length to an invalid length, and check that it gets
set properly by psa_export_key(), to avoid this using export_length
uninitialized. Note that the mem_is_zero() check is still valid when
psa_export_key() returns an error, e.g. where exported_length is 0, as
we want to check that nothing was written to the buffer on error.

Out test code also previous passed NULL for the data_length parameter of
psa_export_key() when it expected a failure (in key_policy_fail()).
However, data_length is not allowed to be NULL, especially now that we
write to data_length from psa_export_key() even when there are errors.
Update the test code to not pass in a NULL data_length.
2018-09-12 16:24:50 +03:00
Gilles Peskine
0c48c58721 Merge remote-tracking branch 'psa/pr/63' into feature-psa 2018-09-12 16:24:50 +03:00
Gilles Peskine
48c0ea14c6 Remove PSA_KEY_TYPE_IS_RAW_BYTES from crypto.h
It isn't used to define other macros and it doesn't seem that useful
for users. Remove it, we can reintroduce it if needed.

Define a similar function key_type_is_raw_bytes in the implementation
with a clear semantics: it's a key that's represented as a struct
raw_data.
2018-09-12 16:24:50 +03:00
Gilles Peskine
a50d7396f3 test of generate_random: focus on testing the output buffer size
In the test generate_random, focus on testing that psa_generate_random
is writing all the bytes of the output buffer and no more. Add a check
that it is writing to each byte of the output buffer. Do not try to
look for repeating output as the structure of a unit test isn't likely
to catch that sort of problem anyway.
2018-09-12 16:24:50 +03:00
Gilles Peskine
9ad29e2bee Add what little was missing to fully support DES
Also add what was missing in the test suite to support block ciphers
with a block size that isn't 16.

Fix some buggy test data that passed only due to problems with DES
support in the product.
2018-09-12 16:24:50 +03:00
Gilles Peskine
9a94480685 Convert ERR_ASN1 error codes to PSA
This fixes the error code when psa_export_key on an asymmetric key
reports that the output buffer is too small.
2018-09-12 16:24:50 +03:00
Gilles Peskine
775b8e97b1 export asymmetric key: more larger buffer cases
Test not only a buffer that's one byte larger than the minimum, but
also larger sizes that currently trigger a different code path.
2018-09-12 16:24:50 +03:00
Gilles Peskine
140855615f Fix copypasta in some test cases 2018-09-12 16:24:50 +03:00
Gilles Peskine
b866e2b4d2 Get rid of some casts in test_suite_psa_crypto
Use more auxiliary variables to unmarshall int values.
2018-09-12 16:24:49 +03:00
Gilles Peskine
3f669c374a Simplify mem_is_nonzero to mem_is_zero
This also fixes a bug that the value that mem_is_nonzero tried to
return could overflow int.
2018-09-12 16:23:54 +03:00
Gilles Peskine
818ca1283a generate_key tests: exercise the key
After generating a key, perform a smoke test: run one operation with
it and check that the operation has the expected status.
2018-09-12 16:23:54 +03:00
Gilles Peskine
c06e07128c Favor INVALID_ARGUMENT over NOT_SUPPORTED for bad algorithm types
In psa_hash_start, psa_mac_start and psa_cipher_setup, return
PSA_ERROR_INVALID_ARGUMENT rather than PSA_ERROR_NOT_SUPPORTED when
the algorithm parameter is not the right category.
2018-09-12 16:23:54 +03:00
Gilles Peskine
16c0f4f787 Fix potential memory corruption on MAC/cipher setup failure
When psa_mac_start(), psa_encrypt_setup() or psa_cipher_setup()
failed, depending on when the failure happened, it was possible that
psa_mac_abort() or psa_cipher_abort() would crash because it would try
to call a free() function uninitialized data in the operation
structure. Refactor the functions so that they initialize the
operation structure before doing anything else.

Add non-regression tests and a few more positive and negative unit
tests for psa_mac_start() and psa_cipher_setup() (the latter via
psa_encrypt_setip()).
2018-09-12 16:23:53 +03:00
Jaeden Amero
c939f6fcba fixup! New function mbedtls_rsa_get_bitlen
In some configurations (like config-mini-tls1_1.h), size is unused. This
leads to failures when building with CMake Asan, because that build
doesn't use "-Wno-unused-value".

Fixes: e01822299624 ("New function mbedtls_rsa_get_bitlen")
2018-09-12 16:22:51 +03:00
Gilles Peskine
12313cd84c Implement psa_generate_key: AES, DES, RSA, ECP
In the test cases, try exporting the generated key and perform sanity
checks on it.
2018-09-12 16:22:51 +03:00
Gilles Peskine
e66ca3bbf3 psa_export_key: zero out potential garbage in the output buffer
In psa_export_key, ensure that each byte of the output buffer either
contains its original value, is zero, or is part of the actual output.
Specifically, don't risk having partial output on error, and don't
leave extra data at the end of the buffer when exporting an asymmetric
key.

Test that exporting to a previously zeroed buffer leaves the buffer
zeroed outside the actual output if any.
2018-09-12 16:22:51 +03:00
Gilles Peskine
0e2315859f psa_export_key: fix asymmetric key in larger buffer
Exporting an asymmetric key only worked if the target buffer had
exactly the right size, because psa_export_key uses
mbedtls_pk_write_key_der or mbedtls_pk_write_pubkey_der and these
functions write to the end of the buffer, which psa_export_key did not
correct for. Fix this by moving the data to the beginning of the
buffer if necessary.

Add non-regression tests.
2018-09-12 16:22:51 +03:00
Gilles Peskine
9a9e19f3fb Switch default config back to the upstream one + PSA + CMAC
Switch the default config.h back to the upstream version, plus the new
feature from this branch MBEDTLS_PSA_CRYPTO_C, plus MBEDTLS_CMAC_C
because it's a features we're using to explore the API design but
that's off by default in Mbed TLS.

Having a crypto-only version saved a bit of developer time, and it's
something we want to ship, but we also need a full build with TLS to
work, and the CI scripts assume that the default build includes TLS.

As a consequence, list-macros.sh no longer needs a special case to
pass check-names.sh.
2018-09-12 16:22:51 +03:00
Gilles Peskine
05d69890ee Implement psa_generate_random 2018-09-12 16:22:51 +03:00
Gilles Peskine
0ff4b0f7f9 psa_import_key: validate symmetric key size
When importing a symmetric key, validate that the key size is valid
for the given key type.

Non-supported key types may no longer be imported.
2018-09-12 16:22:51 +03:00
Gilles Peskine
ca36a23bce Fix asymmetric encrypt/decrypt test with invalid key types
The key data was invalid on import. The import doesn't fail because it
doesn't check the data enough.
2018-09-12 16:22:51 +03:00
Gilles Peskine
2d9d6db60f check-names: also check PSA files
Allow both mbedtls and psa identifiers in either set of files for now.
2018-09-12 16:22:51 +03:00
Gilles Peskine
313b8af18e Improve the description of some test cases
Make the descriptions more consistent.
2018-09-12 16:22:51 +03:00
Gilles Peskine
d5b3322f72 Reorder PSA test cases to group them by topic
* init-deinit
* import-export
* policies
* lifetime
* hash
* MAC
* cipher
* AEAD
* asymmetric sign
* asymmetric verify
* asymmetric encrypt-decrypt

This commit only moves test functions and test cases around. It does
not modify, add or remove tests.
2018-09-12 16:22:49 +03:00
Gilles Peskine
34ef7f5a55 Check the curve of an elliptic curve key on import
psa_import_key must check that the imported key data matches the
expected key type. Implement the missing check for EC keys that the
curve is the expected one.
2018-09-12 16:19:04 +03:00
Gilles Peskine
e1fed0de18 Define elliptic curve identifiers from TLS
Instead of rolling our own list of elliptic curve identifiers, use one
from somewhere. Pick TLS because it's the right size (16 bits) and
it's as good as any.
2018-09-12 16:19:04 +03:00
Gilles Peskine
b3e6e5deeb Rename hash max sizes for consistency
Use "hash" throughout the library, not "md" as in Mbed TLS.
2018-09-12 16:19:04 +03:00
Gilles Peskine
dec7261df1 Remove redundant initialization of policies to {0}
Some compilers don't like initializing a structure to {0} (incomplete
initializer). It's redundant anyway since we always call
psa_key_policy_init.
2018-09-12 16:19:04 +03:00
Gilles Peskine
c0ec97222b mac_verify: remove unused IV argument
We aren't going to have MAC with IV in the API any time soon, if at
all, so remove the embryonic support for it in the tests.
2018-09-12 16:19:03 +03:00
Gilles Peskine
01b929c85b Fix key_lifetime_set_fail not cleaning up the right key slot 2018-09-12 16:18:04 +03:00
Gilles Peskine
4abf741e6a Hygiene improvements in PSA crypto test code
Get rid of many redundant casts. In particular, it is not useful to
cast uint32_t values to size_t before performing arithmetic or
comparisons on them.

Rewrap a number of function calls, many of which now have narrower
arguments thanks to the removed casts. When a function call doesn't
fit on a single line, avoid grouping unrelated parameters together,
but do try to group a buffer pointer and the associated size.

Define more auxiliary variables xxx of a particular integer
type (psa_algorithm_t, psa_key_usage_t, etc.) corresponding to a test
function xxx_arg which has the type int. This avoids the need to cast
xxx_arg to an unsigned type sometimes in the code.
2018-09-12 16:18:04 +03:00
Gilles Peskine
7bcfc0a9ae Be more consistent about blank lines 2018-09-12 16:18:04 +03:00
Gilles Peskine
c1bb6c8dcc Formatting improvements
Avoid lines longer than 80 columns.

Remove some redundant parentheses, e.g. change
    if( ( a == b ) && ( c == d ) )
to
    if( a == b && c == d )
which makes lines less long and makes the remaining parentheses more
relevant.

Add missing parentheses around return statements.

There should be no semantic change in this commit.
2018-09-12 16:18:02 +03:00
Gilles Peskine
2d2778650b Normalize whitespace
Normalize whitespace to Mbed TLS standards. There are only whitespace
changes in this commit.
2018-09-12 16:15:52 +03:00
Nir Sonnenschein
1e2b046026 adding more test cases for hmac 2018-09-12 16:13:49 +03:00
itayzafrir
27fbaf7781 Fixed test sign_deterministic, macro PSA_ASYMMETRIC_SIGN_OUTPUT_SIZE
Arguments in the wrong order
2018-09-12 16:13:49 +03:00
itayzafrir
3e02b3b280 On target testing tests adaptation
Updated all psa crypto tests to use the new test format
2018-09-12 16:13:39 +03:00
Manuel Pégourié-Gonnard
125af948c3 Merge branch 'development-restricted' into iotssl-1260-non-blocking-ecc-restricted
* development-restricted: (578 commits)
  Update library version number to 2.13.1
  Don't define _POSIX_C_SOURCE in header file
  Don't declare and define gmtime()-mutex on Windows platforms
  Correct preprocessor guards determining use of gmtime()
  Correct documentation of mbedtls_platform_gmtime_r()
  Correct typo in documentation of mbedtls_platform_gmtime_r()
  Correct POSIX version check to determine presence of gmtime_r()
  Improve documentation of mbedtls_platform_gmtime_r()
  platform_utils.{c/h} -> platform_util.{c/h}
  Don't include platform_time.h if !MBEDTLS_HAVE_TIME
  Improve wording of documentation of MBEDTLS_PLATFORM_GMTIME_R_ALT
  Fix typo in documentation of MBEDTLS_PLATFORM_GMTIME_R_ALT
  Replace 'thread safe' by 'thread-safe' in the documentation
  Improve documentation of MBEDTLS_HAVE_TIME_DATE
  ChangeLog: Add missing renamings gmtime -> gmtime_r
  Improve documentation of MBEDTLS_HAVE_TIME_DATE
  Minor documentation improvements
  Style: Add missing period in documentation in threading.h
  Rename mbedtls_platform_gmtime() to mbedtls_platform_gmtime_r()
  Guard decl and use of gmtime mutex by HAVE_TIME_DATE and !GMTIME_ALT
  ...
2018-09-11 12:39:14 +02:00
Simon Butcher
53546ea099 Update library version number to 2.13.1 2018-09-06 19:10:26 +01:00
itayzafrir
423f219bb2 Fixed missing dependencies in psa crypto tests
PSA verify RSA PKCS#1 v1.5 SHA-256, wrong hash
    PSA Symmetric decryption: AES-CTR, 16 bytes, good
    PSA Symmetric encryption: AES-CTR, 15 bytes, good
    PSA Symmetric encryption: AES-CTR, 16 bytes, good
2018-09-05 12:46:20 +03:00
Gilles Peskine
8605428dcf Merge remote-tracking branch 'psa/pr/27' into feature-psa 2018-09-05 12:46:19 +03:00
Gilles Peskine
eebd7381bb Rename asymmetric_encrypt to clarify what it does
Renamed to asymmetric_encrypt_decrypt
2018-09-05 12:44:18 +03:00
Gilles Peskine
c4def2f228 Add input length check in psa_asymmetric_decrypt
Remove output size check which is not needed here and was copypasta.

Add non-regression tests.
2018-09-05 12:44:18 +03:00
Gilles Peskine
61b91d4476 Normalize whitespace to Mbed TLS standards
Only whitespace changes in this commit.
2018-09-05 12:44:17 +03:00
Nir Sonnenschein
d708260de4 add key policy enforcement implementation
add checks that keys have been set for the correct usage for asymmetric
functions.
2018-09-05 12:44:17 +03:00
Nir Sonnenschein
d70bc48630 Fix test output size
1. set output size to safe value
2. set output size correctly
3. check correct length of actual output
2018-09-05 12:44:17 +03:00
Nir Sonnenschein
553b8f39e9 Fix test data
test data used incorrect clear-text length.
2018-09-05 12:44:17 +03:00
Nir Sonnenschein
72eca16afe Fix scenario test names
1. make all names unique
2. fix spacing issue in names
2018-09-05 12:44:17 +03:00
Gilles Peskine
5b051bc608 Remove trailing whitespace
Only horizontal whitespace changes in this commit.
2018-09-05 12:44:12 +03:00
Gilles Peskine
6afe789d4c Finish renaming around PSA_ALG_IS_RSA_PKCS1V15
Now the code compiles. Some OAEP and PSS macros may still need to be fixed.
2018-09-05 12:41:53 +03:00
Gilles Peskine
a1cac84e83 Move AEAD tests just after cipher
Always adding things at the end tends to create merge conflicts.
Adding in the middle in this way makes the order more logical in
addition to avoiding conflicts.
2018-09-05 12:41:53 +03:00
Nir Sonnenschein
0f3bdbddee change RSA encryption tests compensate for random component in encryption. 2018-09-05 12:41:53 +03:00
Nir Sonnenschein
39e59144f6 added support for PKCSv1.5 signature verification and encryption/decryption and very basic tests. 2018-09-05 12:41:53 +03:00
Gilles Peskine
84861a95ca Merge remote-tracking branch 'psa/psa-wrapper-apis-aead' into feature-psa 2018-09-05 12:41:52 +03:00
mohammad1603
3158564f08 add nonce as argument to the test function of encrypt/decrypt 2018-09-05 12:41:52 +03:00
mohammad1603
8ffd764e23 re-group test vectors and change vectors' names 2018-09-05 12:41:52 +03:00
mohammad1603
f7f72da769 add invalid signature test case 2018-09-05 12:41:52 +03:00
mohammad1603
c1ee32e1f4 add GCM test vectors encrypt/decrypt 2018-09-05 12:41:52 +03:00
mohammad1603
371a6e4067 add decrypt tests for CCM 2018-09-05 12:41:52 +03:00
mohammad1603
ed8dbeb434 add and fix data vectors 2018-09-05 12:41:52 +03:00
mohammad1603
f14394b25f add policy checks 2018-09-05 12:41:52 +03:00
mohammad1603
0317945a37 disable uncompleted tests 2018-09-05 12:41:51 +03:00
mohammad1603
f2525ebda7 add encryption only test case 2018-09-05 12:41:51 +03:00
mohammad1603
4b26850a15 fix tests according to the code changes in error value 2018-09-05 12:41:51 +03:00
Gilles Peskine
ee652a344c Fix psa_aead_decrypt to read the tag at the end of the ciphertext 2018-09-05 12:41:51 +03:00
mohammad1603
20399393a5 add psa_crypto to test suites 2018-09-05 12:41:49 +03:00
mohammad1603
e797945ea9 initialize length variables and process decrypt only when encrypts passes 2018-09-05 12:38:18 +03:00
mohammad1603
9b07132591 remove compilation warnings 2018-09-05 12:38:18 +03:00
mohammad1603
f07db2e919 Add more test scenario for GCM and failure cases 2018-09-05 12:38:18 +03:00
mohammad1603
d973472a37 Fix loop index and output size parameter value 2018-09-05 12:38:18 +03:00
mohammad1603
bdd892aef5 Add test scenario 2018-09-05 12:38:18 +03:00
mohammad1603
091e73b22b Fix usage of TEST_ASSERT
Add missing == PSA_SUCCESS in TEST_ASSERT usage
2018-09-05 12:38:18 +03:00
mohammad1603
9112693930 aead test scenario 2018-09-05 12:38:18 +03:00
Gilles Peskine
3aa8efb230 Merge remote-tracking branch 'psa/psa-wrapper-apis-march-12' into feature-psa 2018-09-05 12:38:17 +03:00
Gilles Peskine
5809ce7bd6 Add PKCS#7 good decryption test cases 2018-09-05 12:38:17 +03:00
Gilles Peskine
42b8aec792 Correct some bad test data
* PKCS#7 padding always adds at least one byte of padding, so test
  data with plaintext length = ciphertext length could not have been
  correct.
* CTR has plaintext length = ciphertext length, so test data with
  differing lengths could not have been correct.
2018-09-05 12:38:17 +03:00
Gilles Peskine
a7ec95f1ea Cipher tests: calculate and verify the actual output size 2018-09-05 12:38:17 +03:00
Gilles Peskine
50e586b691 We don't need _test_ in test function names
Also fix typo multpart -> multipart
2018-09-05 12:38:17 +03:00
Gilles Peskine
048b7f0802 Rename some variables to make the code easier to read
In cipher_test_verify_output_multpart, tweak the ways chunk sizes are
added in order to get rid of the variable temp. In other functions,
this commit does not change the logic at all.
2018-09-05 12:38:17 +03:00
Moran Peker
8172b87a63 add tests cases 2018-09-05 12:38:17 +03:00
Moran Peker
a9c3a658be tests fix + max_output_size 2018-09-05 12:38:17 +03:00
Moran Peker
9e3aa62c13 change variable naming 2018-09-05 12:38:17 +03:00
Gilles Peskine
17ddaa27b0 Correct and improve cipher test case descriptions 2018-09-05 12:38:17 +03:00
Gilles Peskine
9cf78d301d Fix some test case dependencies on cipher modes 2018-09-05 12:38:17 +03:00
Gilles Peskine
4ca9c3f9a1 Fix whitespace issues
Only whitespace changes.

* Remove tabs.
* Remove trailing whitespace.
* Correct some misindented lines.
* Normalize whitespace around some punctuation.
* Split some lines to avoid going over 80 columns.
2018-09-05 12:38:17 +03:00
Moran Peker
7f87850fc4 fix and add tests case + fix for padding mode 2018-09-05 12:38:17 +03:00
Moran Peker
ded844092e fix and add tests case + fix for padding mode 2018-09-05 12:38:17 +03:00
Gilles Peskine
5cbb4c8508 Correct some test case descriptions 2018-09-05 12:38:17 +03:00
Gilles Peskine
7268afc29e Reordered cipher tests to be just after MAC tests 2018-09-05 12:38:15 +03:00
Gilles Peskine
691dfb3e3a Whitespce normalization
No semantic change.
2018-09-05 12:14:29 +03:00
Moran Peker
5eb6e9ed60 PSA_ALG_CBC_BASE -> SA_ALG_CBC_BASE | PSA_ALG_BLOCK_CIPHER_PAD_NONE 2018-09-05 12:14:29 +03:00
Gilles Peskine
d8100245d8 Remove cipher_test_positive, duplicated as cipher_test_encrypt
cipher_test_positive was never compiled due to a syntax error in the
BEGIN_CASE magic comment. It has now been duplicated as
cipher_test_encrypt. Remove the copy that was never compiled.
2018-09-05 12:14:29 +03:00
Moran Peker
7691fb7b6b add new test scenario (cipher_test_encrypt_multipart) 2018-09-05 12:14:29 +03:00
Moran Peker
96cc00a857 add missing tests function 2018-09-05 12:14:28 +03:00
Moran Peker
f55e804e07 adjust indentation per Mbed TLS standards 2018-09-05 12:14:28 +03:00
Moran Peker
0071b873a3 add missing parameter output_size on psa_cipher_finish 2018-09-05 12:14:28 +03:00
mohammad1603
b152d4d8b6 add test scenarios to decrypt and encrypt input and compare with given output 2018-09-05 12:14:28 +03:00
Moran Peker
e1210dcac3 remove unused parameter in psa_cipher_finish. 2018-09-05 12:14:28 +03:00
Moran Peker
3205a6592b tests fix 2018-09-05 12:14:28 +03:00
mohammad1603
8481e74ecc CR fixes
more fixes

Compilation fixes

Compilation fixes for PSA crypto code and tests
2018-09-05 12:14:28 +03:00
mohammad1603
cdd3be9cfb Add psa_crypto test suite to Cmake
Add psa_crypto test suite to Cmake
2018-09-05 12:14:26 +03:00
mohammad1603
e6b67a1e78 Fix parameters in test suite
Fix test function signature in test suite
2018-09-05 12:13:23 +03:00
Gilles Peskine
d1e8e41737 Adapt older import_export test data to the new function signature 2018-09-05 12:13:23 +03:00
mohammad1603
d7d7ba5749 add positive test scenarios 2018-09-05 12:13:23 +03:00
Gilles Peskine
5100318a92 Merge pull request #18 from ARMmbed/psa-wrapper-apis-export-publickey
Export public key implementation (#18)
2018-09-05 12:13:23 +03:00
Moran Peker
f709f4a356 move import_export_public_key func place 2018-09-05 12:13:23 +03:00
Moran Peker
9bc76953ae export->export-public + move tests case 2018-09-05 12:13:23 +03:00
Moran Peker
ce1b23a68c PSA_ALG_CBC_BASE -> PSA_ALG_CBC_BASE | PSA_ALG_BLOCK_CIPHER_PAD_NONE
+ update tests description
2018-09-05 12:13:23 +03:00
Moran Peker
a964a8f9b0 add non-regression tests for export public/non public key 2018-09-05 12:13:23 +03:00
Gilles Peskine
785fd55a39 Whitespace fixes; removed redundant parentheses
No semantic change.
2018-09-05 12:13:23 +03:00
Gilles Peskine
c425e87af7 Add cast to satisfy gcc -Wsign-compare 2018-09-05 12:13:23 +03:00
Moran Peker
b34879b61a fix import_export_public_key test to use policy 2018-09-05 12:13:23 +03:00
Moran Peker
338a0cf569 fix import_export_public_key test 2018-09-05 12:13:23 +03:00
Moran Peker
4ff99f36a7 change test case descriptions + add newline of test_suite_psa_crypto.function 2018-09-05 12:13:22 +03:00
Moran Peker
b4d0ddd2d3 psa_export_public_key 2018-09-05 12:13:20 +03:00
Moran Peker
dd4ea38d58 export public key 2018-09-05 12:10:47 +03:00
itayzafrir
5c7533923a ECDSA sign and verify implementation and tests
ECDSA sign and verify implementation and tests
2018-09-05 12:10:47 +03:00
Gilles Peskine
a0655c3501 Merge remote-tracking branch 'psa/pr/13' into feature-psa
Conflicts:
	library/psa_crypto.c
	tests/suites/test_suite_psa_crypto.data
	tests/suites/test_suite_psa_crypto.function

All the conflicts are concurrent additions where the order doesn't
matter. I put the code from feature-psa (key policy) before the code
from PR #13 (key lifetime).
2018-09-05 12:10:43 +03:00
mohammad1603
5d7ec2033d fix key lifetime set implementation , tests accordingly 2018-09-05 12:01:37 +03:00
mohammad1603
ba178511f4 Remove unused and duplicated erros, fix documentation and tests
Remove unused and duplicated erros, fix documentation and tests
2018-09-05 12:01:37 +03:00
mohammad1603
060ad8ac34 Compilation and tests fixes 2018-09-05 12:01:37 +03:00
mohammad1603
804cd71bf8 initial key lifetime implementation and tests 2018-09-05 12:01:37 +03:00
Gilles Peskine
c63b6ba754 Merge remote-tracking branch 'psa/pr/14' into feature-psa
Conflict resolution:

* `tests/suites/test_suite_psa_crypto.data`: in the new tests from PR #14,
  rename `PSA_ALG_RSA_PKCS1V15_RAW` to `PSA_ALG_RSA_PKCS1V15_SIGN_RAW` as
  was done in PR #15 in the other branch.
2018-09-05 12:01:34 +03:00
mohammad1603
d926b88085 Fix Policy enforcement sign test
Fix Policy sign scenario for enforcement test
2018-09-05 11:53:26 +03:00
mohammad1603
6df908f234 Add static internal MAC finish function
add new psa_mac_finish_internal() to be called by psa_mac_finish() and
psa_mac_verify() in order to be able to check key usage separatly.
2018-09-05 11:53:26 +03:00
mohammad1603
4eed757901 add new test scenarios 2018-09-05 11:53:26 +03:00
mohammad1603
a97cb8c303 Add calls for set policy in export/sign tests
Add calls for set policy in export/sign tests
2018-09-05 11:53:26 +03:00
Gilles Peskine
a59262338a Rename PKCS1V15 to PKCS1V15_SIGN
There's PKCS1V15_CRYPT as well (to be added soon).
2018-09-05 11:53:26 +03:00
mohammad1603
8cc1ceec3e Key Policy APIs implementation 2018-09-05 11:53:26 +03:00
Gilles Peskine
40f68b9863 Use unhexify_alloc where applicable 2018-09-05 11:53:25 +03:00
Gilles Peskine
8c9def3e7f PSA: Implement MAC functions
Implement psa_mac_start, psa_mac_update and psa_mac_final.

Implement HMAC anc CMAC.

Smoke tests.
2018-09-05 11:53:25 +03:00
Gilles Peskine
9ef733faa0 Implement hash functions
New header file crypto_struct.h. The main file crypto.sh declares
structures which are implementation-defined. These structures must be
defined in crypto_struct.h, which is included at the end so that the
structures can use types defined in crypto.h.

Implement psa_hash_start, psa_hash_update and psa_hash_final. This
should work for all hash algorithms supported by Mbed TLS, but has
only been smoke-tested for SHA-256, and only in the nominal case.
2018-09-05 11:53:25 +03:00
Gilles Peskine
93aa0334d9 PSA asymmetric signature: set *signature_length = 0 on failure 2018-09-05 11:53:24 +03:00
Gilles Peskine
0189e7512d PSA crypto: PSA_ASYMMETRIC_SIGN_OUTPUT_SIZE macro
Test it for RSA.
2018-09-05 11:53:24 +03:00
Gilles Peskine
20035e3579 PSA crypto: asymmetric signature (RSA PKCS#1v1.5 only)
Define hash algorithms and RSA signature algorithms.

New function psa_asymmetric_sign.

Implement psa_asymmetric_sign for RSA PKCS#1 v1.5.
2018-09-05 11:53:24 +03:00
Gilles Peskine
c66ea6a921 PSA key import: support RSA public keys
Use different key types for private keys and public keys.
2018-09-05 11:53:24 +03:00
Gilles Peskine
969ac726d9 PSA RSA key import: don't rely on pk so much
Don't use the pk module except as required for pkparse/pkwrite. The
PSA crypto layer is meant to work alongside pk, not on top of it.

Fix the compile-time dependencies on RSA/ECP handling in
psa_export_key, psa_destroy_key and psa_get_key_information.
2018-09-05 11:53:24 +03:00
Gilles Peskine
2f9c4dc5ad Add key management functions
Define psa_key_type_t and a first stab at a few values.

New functions psa_import_key, psa_export_key, psa_destroy_key,
psa_get_key_information. Implement them for raw data and RSA.

Under the hood, create an in-memory, fixed-size keystore with room
for MBEDTLS_PSA_KEY_SLOT_COUNT - 1 keys.
2018-09-05 11:53:24 +03:00
Gilles Peskine
1d26709dbd New function mbedtls_rsa_get_bitlen
Add a new function mbedtls_rsa_get_bitlen which returns the RSA key
size, i.e. the bit size of the modulus. In the pk module, call
mbedtls_rsa_get_bitlen instead of mbedtls_rsa_get_len, which gave the
wrong result for key sizes that are not a multiple of 8.

This commit adds one non-regression test in the pk suite. More tests
are needed for RSA key sizes that are a multiple of 8.

This commit does not address RSA alternative implementations, which
only provide an interface that return the modulus size in bytes.
2018-09-05 11:53:24 +03:00
Gilles Peskine
e59236fc17 Add PSA crypto module
New module psa_crypto.c (MBEDTLS_PSA_CRYPTO_C):
Platform Security Architecture compatibility layer on top of
libmedcrypto.

Implement psa_crypto_init function which sets up a RNG.

Add a mbedtls_psa_crypto_free function which deinitializes the
library.

Define a first batch of error codes.
2018-09-05 10:59:00 +03:00
Manuel Pégourié-Gonnard
82986c1015 Disable 3d test with no good openssl version
While these tests and the issue with it are pre-existing:
- we previously didn't understand that the issue was an openssl bug
- failures seem to have become more frequent since the recent changes

So let's disable these fragile tests in order to get a clean CI. We still have
the tests against gnutls-serv for interop testing.
2018-09-03 10:50:21 +02:00
Manuel Pégourié-Gonnard
c1eda67fac Disable fragmentation tests with openssl bugs
While making the initial commit, I thought $OPENSSL_LEGACY was not affect by
this bug, but it turns out I was wrong. All versions of OpenSSL installed on
the CI are. Therefore, the corresponding tests are disabled for the same
reason as the gnutls-cli tests above it.

This commit is only about the tests that were added in the recent
fragmentation work. One of those two tests had a particularly
annoying mode of failure: it failed consistently with seed=1 (use in the
release version of all.sh), once #1951 was applied. This has nothing
particular to do with #1951, except that by changing retransmission behaviour
1951 made the proxy run into a path that triggered the OpenSSL bug with this
seed, while it previously did that only with other seeds.

Other 3d interop test are also susceptible to triggering this OpenSSL bug or
others (or bugs in GnuTLS), but they are left untouched by this commit as:
- they were pre-existing to the recent DTLS branches;
- they don't seem to have the particularly annoying seed=1 mode of failure.
However it's probably desirable to do something about them at some point in
the future.
2018-09-03 10:49:35 +02:00
Simon Butcher
4d075cd7d0 Update library version number to 2.13.0 2018-08-31 15:59:10 +01:00
Simon Butcher
552754a6ee Merge remote-tracking branch 'public/pr/1988' into development 2018-08-30 00:57:28 +01:00
Simon Butcher
68dbc94720 Merge remote-tracking branch 'public/pr/1951' into development 2018-08-30 00:56:56 +01:00
Simon Butcher
e50128a692 Merge remote-tracking branch 'public/pr/1994' into development 2018-08-30 00:56:18 +01:00
Nir Sonnenschein
acedc91f8f Fix build issue on clang 2018-08-29 23:57:45 +03:00
Nir Sonnenschein
85fcb58997 Refactor test code for CTR DRBG to clarify test functions
previously a single function was used for most test cases (ctr_drbg_validate) making it harder to understand what the exact scenario is as a result it was split into easier to understand functions.
2018-08-29 23:38:57 +03:00
Hanno Becker
108992e776 Add MTU auto-reduction test with valgrind 2018-08-29 17:19:09 +01:00
Hanno Becker
37029ebc63 Skip MTU auto-reduction test when running valgrind 2018-08-29 17:19:06 +01:00
Nir Sonnenschein
6275be3483 Re-factor test functions and add support for data_t parameters
the testing functions were re-factored so that the common code was extracted to a single static function (removing the need for unclear goto statements).
As part of the re-factor the test functions now use data_t for parameters (support for this was introduced in previous rebase),
2018-08-29 10:25:30 +03:00
Nir Sonnenschein
ce266e4ca2 use single define for 128bit key for ctr_drbg and update test dependencies
the change is designed to make configuring 128bit keys for ctr_drbg more similar to other configuration options. Tests have been updated accordingly.
also clarified test naming.
2018-08-29 10:11:46 +03:00
Hanno Becker
39b8bc9aef Change wording of debug message 2018-08-28 17:52:49 +01:00
Hanno Becker
7c48dd11db ssl-opt.sh: Add function extracting val or default val from config.h 2018-08-28 16:09:22 +01:00
Hanno Becker
dc1e950170 DTLS reordering: Add test for buffering a proper fragment
This commit adds a test to ssl-opt.sh which exercises the behavior
of the library in the situation where a single proper fragment
of a future handshake message is received prior to the next
expected handshake message (concretely, the client receives
the first fragment of the server's Certificate message prior
to the server's ServerHello).
2018-08-28 16:02:33 +01:00
Simon Butcher
14dac0953e Merge remote-tracking branch 'public/pr/1918' into development 2018-08-28 12:21:41 +01:00
Simon Butcher
1846e406c8 Merge remote-tracking branch 'public/pr/1939' into development 2018-08-28 12:19:56 +01:00
Simon Butcher
9598845d11 Merge remote-tracking branch 'public/pr/1955' into development 2018-08-28 12:00:18 +01:00
Hanno Becker
e604556feb ssl-opt.sh: Don't hardcode varname in requires_config_value_xxx() 2018-08-28 11:24:55 +01:00
Hanno Becker
b841b4f107 ssl-opt.sh: Remove reference to Github issue 2018-08-28 10:25:51 +01:00
Hanno Becker
3b8b40c16d ssl-opt.sh: Add function to skip next test 2018-08-28 10:25:41 +01:00
Simon Butcher
6f032a60c9 Merge remote-tracking branch 'public/pr/1963' into development 2018-08-28 10:21:06 +01:00
Simon Butcher
badeb07872 Merge remote-tracking branch 'public/pr/1967' into development 2018-08-28 10:20:23 +01:00
Hanno Becker
b9a0086975 ssl-opt.sh: Explain use of --insecure in GnuTLS client tests 2018-08-28 10:20:22 +01:00
Andrzej Kurek
6a4f224ac3 ssl-opt.sh: change expected output for large srv packet test with SSLv3
This test also exercises a protection against BEAST
and should expect message splitting.
2018-08-27 08:00:13 -04:00
Hanno Becker
2f5aa4c64e all.sh: Add builds allowing to test dropping buffered messages
This commit adds two builds to all.sh which use a value of
MBEDTLS_SSL_DTLS_MAX_BUFFERING that allows to run the
reordering tests in ssl-opt.sh introduced in the last commit.
2018-08-24 14:48:11 +01:00
Hanno Becker
a1adcca1da ssl-opt.sh: Add tests exercising freeing of buffered messages
This commit adds tests to ssl-opt.sh which trigger code-paths
responsible for freeing future buffered messages when the buffering
limitations set by MBEDTLS_SSL_DTLS_MAX_BUFFERING don't allow the
next expected message to be reassembled.

These tests only work for very specific ranges of
MBEDTLS_SSL_DTLS_MAX_BUFFERING and will therefore be skipped
on a run of ssl-opt.sh in ordinary configurations.
2018-08-24 14:48:11 +01:00
Hanno Becker
5cd017f931 ssl-opt.sh: Allow numerical constraints for tests
This commit adds functions requires_config_value_at_most()
and requires_config_value_at_least() which can be used to
only run tests when a numerical value from config.h
(e.g. MBEDTLS_SSL_IN_CONTENT_LEN) is within a certain range.
2018-08-24 14:48:11 +01:00
Hanno Becker
0e96585bdd Merge branch 'datagram_packing' into message_reordering 2018-08-24 12:16:41 +01:00
Hanno Becker
69ca0ad5c4 ssl-opt.sh: Remove wrong test exercising MTU implications of MFL
The negotiated MFL is always the one suggested by the client, even
if the server has a smaller MFL configured locally. Hence, in the test
where the client asks for an MFL of 4096 bytes while the server locally
has an MFL of 512 bytes configured, the client will still send datagrams
of up to ~4K size.
2018-08-24 12:14:00 +01:00
Hanno Becker
6b6f602174 Merge branch 'iotssl-165-dtls-hs-fragmentation-new' into datagram_packing 2018-08-24 11:55:03 +01:00
Hanno Becker
c92b5c8a0d ssl-opt.sh: Add tests checking that MFL implies bounds on MTU
This commit introduces some tests to ssl-opt.sh checking that
setting the MFL limits the MTU to MFL + { Maximum Record Expansion }.
2018-08-24 11:48:01 +01:00
Manuel Pégourié-Gonnard
34aa187df6 Force IPv4 for gnutls-cli DTLS tests
Depending on the settings of the local machine, gnutls-cli will either try
IPv4 or IPv6 when trying to connect to localhost. With TLS, whatever it tries
first, it will notice if any failure happens and try the other protocol if
necessary. With DTLS it can't do that. Unfortunately for now there isn't
really any good way to specify an address and hostname independently, though
that might come soon: https://gitlab.com/gnutls/gnutls/issues/344

A work around is to specify an address directly and then use --insecure to
ignore certificate hostname mismatch; that is OK for tests that are completely
unrelated to certificate verification (such as the recent fragmenting tests)
but unacceptable for others.

For that reason, don't specify a default hostname for gnutls-cli, but instead
let each test choose between `--insecure 127.0.0.1` and `localhost` (or
`--insecure '::1'` if desired).

Alternatives include:
- having test certificates with 127.0.0.1 as the hostname, but having an IP as
  the CN is unusual, and we would need to change our test certs;
- have our server open two sockets under the hood and listen on both IPv4 and
  IPv6 (that's what gnutls-serv does, and IMO it's a good thing) but that
obviously requires development and testing (esp. for windows compatibility)
- wait for a newer version of GnuTLS to be released, install it on the CI and
  developer machines, and use that in all tests - quite satisfying but can't
be done now (and puts stronger requirements on test environment).
2018-08-23 19:07:15 +02:00
Hanno Becker
3546201dbc Merge branch 'datagram_packing' into message_reordering 2018-08-22 10:25:40 +01:00
Hanno Becker
a67dee256d Merge branch 'iotssl-2402-basic-pmtu-adaptation' into datagram_packing 2018-08-22 10:06:38 +01:00
Manuel Pégourié-Gonnard
b8eec192f6 Implement PMTU auto-reduction in handshake 2018-08-22 10:50:30 +02:00
Hanno Becker
170e2d89da Merge branch 'iotssl-165-dtls-hs-fragmentation-new' into datagram_packing 2018-08-22 09:44:54 +01:00
Manuel Pégourié-Gonnard
c1d54b74ec Add tests with non-blocking I/O
Make sure we behave properly when f_send() or f_recv() return
MBEDTLS_ERR_SSL_WANT_{WRITE,READ}.
2018-08-22 10:02:59 +02:00
Manuel Pégourié-Gonnard
3d183cefb5 Allow client-side resend in proxy MTU tests
From Hanno:
When a server replies to a cookieless ClientHello with a HelloVerifyRequest,
it is supposed to reset the connection and wait for a subsequent ClientHello
which includes the cookie from the HelloVerifyRequest.
In testing environments, it might happen that the reset of the server
takes longer than for the client to replying to the HelloVerifyRequest
with the ClientHello+Cookie. In this case, the ClientHello gets lost
and the client will need retransmit. This may happen even if the underlying
datagram transport is reliable.
2018-08-22 09:56:22 +02:00
Hanno Becker
1d7399351e ssl-opt.sh: Add DTLS session resumption tests
Fixes #1969.
2018-08-21 17:48:42 +01:00
Hanno Becker
903ee3d363 Merge branch 'datagram_packing' into message_reordering 2018-08-21 17:24:17 +01:00
Hanno Becker
175cb8fc69 ssl-opt.sh: Allow resend in DTLS session resumption tests, cont'd
This commit continues commit 47db877 by removing resend guards in the
ssl-opt.sh tests 'DTLS fragmenting: proxy MTU, XXX' which sometimes made
the tests fail in case the log showed a resend from the client.

See 47db877 for more information.
2018-08-21 17:00:10 +01:00
Hanno Becker
e35670528b ssl-opt.sh: Add test for reassembly after reordering 2018-08-21 16:50:43 +01:00
Nir Sonnenschein
aecf8c941a adding more ctr_drbg test vectors (CAVP 14.3)
addtional test vectors add tests for both AES-256
and AES-128 variants of ctr_drbg
2018-08-21 18:05:13 +03:00
Gilles Peskine
e4b77b9639 ctr_drbg: add a few test vectors from CAVP 14.3
These test vectors are from
https://csrc.nist.gov/CSRC/media/Projects/Cryptographic-Algorithm-Validation-Program/documents/drbg/drbgtestvectors.zip
2018-08-21 18:05:08 +03:00
Gilles Peskine
cfc1de766b ctr_drbg: sample vectors from NIST
Test vectors from
https://csrc.nist.gov/CSRC/media/Projects/Cryptographic-Standards-and-Guidelines/documents/examples/CTR_DRBG_withDF.pdf
2018-08-21 18:05:02 +03:00
Gilles Peskine
5ef5a9aeb4 ctr_drbg tests: unify validate functions
Unify the three existing validation functions (with prediction
resistance, with manual reseeding between generations, and with no
reseeding) into a single function that supports these three scenarios
plus a fourth one (reseed before the first generation).

The four supported scenarios cover the three scenarios from the
current CAVP test vectors (no reseed, reseed before generating,
prediction resistance) plus a fourth scenario used by the existing
test vectors (reseed after generating).

(cherry picked from commit cee9bedee6bc1a8e2b22fa8a31647b62ebb8a0a4)
2018-08-21 18:04:45 +03:00
Gilles Peskine
4c78665ccd ctr_drbg tests: new validation function that doesn't reseed
This is one of the test scenarios from the CAVP test vectors.
2018-08-21 18:03:31 +03:00
Gilles Peskine
ef0624f791 ctr_drbg tests: make input sizes flexible
The ctr_drbg_validate_xxx test functions had hard-coded sizes for the
entropy and the output size. Generalize the sizes.

Keep track of the current entropy size.

Unhexify the expected output and compare with the actual output,
rather than hexifying the actual output and comparing the hex.
2018-08-21 18:02:03 +03:00
Gilles Peskine
ed7da59798 ctr_drbg: add comments relating the code with the NIST specification 2018-08-21 17:55:46 +03:00
Nir Sonnenschein
c9547cc23b add NIST test vector for 128 bit keys (not passing yet). 2018-08-21 17:53:25 +03:00
Hanno Becker
5bcf2b081f ssl-opt.sh: Allow spurious resend in DTLS session resumption test
When a server replies to a cookieless ClientHello with a HelloVerifyRequest,
it is supposed to reset the connection and wait for a subsequent ClientHello
which includes the cookie from the HelloVerifyRequest.
In testing environments, it might happen that the reset of the server
takes longer than for the client to replying to the HelloVerifyRequest
with the ClientHello+Cookie. In this case, the ClientHello gets lost
and the client will need retransmit. This may happen even if the underlying
datagram transport is reliable.

This commit removes a guard in the ssl-opt.sh test
'DTLS fragmenting: proxy MTU, resumed handshake' which made
the test fail in case the log showed a resend from the client.
2018-08-21 15:04:22 +01:00
Ron Eldor
6b13afe1a5 Fix indentation
Fix indentation in the test.
2018-08-21 16:11:13 +03:00
Manuel Pégourié-Gonnard
2f2d9020cd Add delay in test to avoid race condition
We previously observed random-looking failures from this test. I think they
were caused by a race condition where the client tries to reconnect while the
server is still closing the connection and has not yet returned to an
accepting state. In that case, the server would fail to see and reply to the
ClientHello, and the client would have to resend it.

I believe logs of failing runs are compatible with this interpretation:
- the proxy logs show the new ClientHello and the server's closing Alert are
  sent the same millisecond.
- the client logs show the server's closing Alert is received after the new
  handshake has been started (discarding message from wrong epoch).

The attempted fix is for the client to wait a bit before reconnecting, which
should vastly enhance the probability of the server reaching its accepting
state before the client tries to reconnect. The value of 1 second is arbitrary
but should be more than enough even on loaded machines.

The test was run locally 100 times in a row on a slightly loaded machine (an
instance of all.sh running in parallel) without any failure after this fix.
2018-08-21 12:17:54 +02:00
Manuel Pégourié-Gonnard
6151298395 Add missing requires_gnutls guards 2018-08-21 09:40:07 +02:00
Ron Eldor
9434713368 Move the assertion
Move the assertion for checking the heap allocatino succeeded.
2018-08-20 14:59:33 +03:00
Hanno Becker
6aeaa05a95 Merge branch 'iotssl-165-dtls-hs-fragmentation-new' into datagram_packing 2018-08-20 12:53:37 +01:00
Hanno Becker
f362c297fa ssl-opt.sh Add dependency on gnutls in two fragmentation tests 2018-08-20 12:40:23 +01:00
Hanno Becker
7be2e5bb16 ssl-opt.sh: Preserve proxy log, too, if --preserve-logs is specified 2018-08-20 12:23:37 +01:00
Hanno Becker
4e1a9c17f2 ssl-opt.sh: Preserve proxy log, too, if --preserve-logs is specified 2018-08-20 12:22:09 +01:00
Manuel Pégourié-Gonnard
4532329397 Add proxy-enforcement to a MTU test 2018-08-20 11:52:24 +02:00
Hanno Becker
9829315235 Add missing dependency in ssl-opt.sh 2018-08-20 11:18:34 +02:00
Hanno Becker
58e9dc3d4b Allow GNUTLS_NEXT_CLI / GNUTLS_NEXT_SERV to be unset in ssl-opt.sh 2018-08-20 11:18:15 +02:00
Manuel Pégourié-Gonnard
02f3a8a921 Adjust timeout values for 3d test
Use the same values as other 3d tests: this makes the test hopefully a bit
faster than the default values, while not increasing the failure rate.

While at it:
- adjust "needs_more_time" setting for 3d interop tests (we can't set the
  timeout values for other implementations, so the test might be slow)
- fix some supposedly DTLS 1.0 test that were using dtls1_2 on the command
  line
2018-08-20 10:54:25 +02:00
Hanno Becker
56cdfd1e29 Refine reordering tests
Now that the UDP proxy has the ability to delay specific
handshake message on the client and server side, use
this to rewrite the reordering tests and thereby make
them independent on the choice of PRNG used by the proxy
(which is not stable across platforms).
2018-08-17 16:52:08 +01:00
Hanno Becker
872730481d Disable datagram packing in reordering tests 2018-08-17 16:52:08 +01:00
Hanno Becker
b34149c00f Add test for buffering of record from next epoch 2018-08-17 16:52:08 +01:00
Hanno Becker
e38422107e Add test for reordering of handshake messages 2018-08-17 16:52:08 +01:00
Hanno Becker
aa5d0c4493 Add test for buffering out-of-order CCS 2018-08-17 16:52:08 +01:00
Hanno Becker
4a9d006f5f Add missing dependency in ssl-opt.sh 2018-08-17 16:10:47 +01:00
Hanno Becker
bc73e4a822 Allow GNUTLS_NEXT_CLI / GNUTLS_NEXT_SERV to be unset in ssl-opt.sh 2018-08-17 15:53:21 +01:00
Hanno Becker
7ae8a76ced Add tests for datagram packing option to ssl-opt.sh
This commit adds four tests to ssl-opt.sh running default
DTLS client and server with and without datagram packing
enabled, and checking that datagram packing is / is not
used by inspecting the debug output.
2018-08-17 15:51:24 +01:00
Hanno Becker
1c9a24ce8c Disable datagram packing for various UDP proxy tests
The UDP proxy does currently not dissect datagrams into records,
an hence the coverage of the reordering, package loss and duplication
tests is much smaller if datagram packing is in use.

This commit disables datagram packing for most UDP proxy tests,
in particular all 3D (drop, duplicate, delay) tests.
2018-08-17 15:51:21 +01:00
Hanno Becker
c4305238b5 Re-enable delayed CCS test
Now that datagram packing can be dynamically configured,
the test exercising the behavior of Mbed TLS when facing
an out-of-order CCS message can be re-introduced, disabling
datagram packing for the sender of the delayed CCS.
2018-08-17 15:45:45 +01:00
Hanno Becker
12405e76b5 Increase max_frag_len / MTU in fragmentation ref tests
The tests "DTLS fragmenting: none (for reference)" and
"DTLS fragmenting: none (for reference) (MTU)" used a
maximum fragment length resp. MTU value of 2048 which
was meant to be large enough so that fragmentation
of the certificate message would not be necessary.
However, it is not large enough to hold the entire flight
to which the certificate belongs, and hence there will
be fragmentation as soon as datagram packing is used.

This commit increases the maximum fragment length resp.
MTU values to 4096 bytes to ensure that even with datagram
packing in place, no fragmentation is necessary.

A similar change was made in "DTLS fragmenting: client (MTU)".
2018-08-17 15:45:19 +01:00
Hanno Becker
111fa497aa TEST-ONLY: Remove delayed CCS test
The test exercising a delayed CCS message is not
expected to work when datagram packing is used,
as the current UDP proxy is not able to recognize
records which are not at the beginning of a
datagram.
2018-08-17 15:44:37 +01:00
Manuel Pégourié-Gonnard
38110dfc0e Add interop test with unreliable connection
Adds a requirement for GNUTLS_NEXT (3.5.3 or above, in practice we should
install 3.6.3) on the CI.

See internal ref IOTSSL-2401 for analysis of the bugs and their impact on the
tests.
2018-08-17 12:44:54 +02:00
Hanno Becker
d26bb2090f Add tests for empty CA list in CertificateRequest, TLS 1.0 & 1.1 2018-08-17 09:57:36 +01:00
Manuel Pégourié-Gonnard
0794d49566 Skip some tests with valgrind (spurious resend) 2018-08-17 10:54:24 +02:00
Manuel Pégourié-Gonnard
1218bc0f74 Add simple interop tests (reliable connection) 2018-08-17 10:51:26 +02:00
Jaeden Amero
aa9f3fd6b1 Merge remote-tracking branch 'upstream-public/pr/930' into development 2018-08-16 15:29:58 +01:00
Manuel Pégourié-Gonnard
2d56f0d346 Add test with unreliable connection 2018-08-16 11:09:03 +02:00
Manuel Pégourié-Gonnard
19c62f90e4 Add test for session resumption 2018-08-16 10:50:39 +02:00
Manuel Pégourié-Gonnard
72c2707d9c Add tests for MTU with renegotiation
This exercises our computation of record expansion.
2018-08-16 10:01:47 +02:00
Manuel Pégourié-Gonnard
b747c6cf9b Add basic first tests for MTU setting
For now, just check that it causes us to fragment. More tests are coming in
follow-up commits to ensure we respect the exact value set, including when
renegotiating.
2018-08-16 10:01:47 +02:00
Manuel Pégourié-Gonnard
2cb17e201b Make handshake fragmentation follow max_frag_len
Note: no interop tests in ssl-opt.sh for now, as some of them make us run into
bugs in (the CI's default versions of) OpenSSL and GnuTLS, so interop tests
will be added later once the situation is clarified. <- TODO
2018-08-16 10:01:10 +02:00
Mohammad Azim Khan
2c069dfad3 Fix typo in test_suite_entropy.function 2018-08-15 13:55:37 +01:00
Ron Eldor
446227a1bd Enhance nist_kw with some NULL buffers tests
Enhance the nist_kw test suite, with setting zero length input\output
buffers. Resolves #1882.
2018-08-13 14:46:45 +03:00
Jaeden Amero
cac0c1a250 Merge remote-tracking branch 'upstream-public/pr/1378' into development 2018-08-10 10:59:53 +01:00
Mohammad Azim Khan
5cb7017077 Less obscure test suites template 2018-08-06 11:42:56 +01:00
Mohammad Azim Khan
d2d0112ca8 Style fixes 2018-08-06 11:42:56 +01:00
Mohammad Azim Khan
440d8737c6 Fix macro validation regex 2018-08-06 11:42:56 +01:00
Mohammad Azim Khan
ee6529eb83 Add generate_test_code.py unit tests in all.sh 2018-08-06 11:42:56 +01:00
Mohammad Azim Khan
21798105f6 Pylint tests in all.sh 2018-08-06 11:42:56 +01:00
Mohammad Azim Khan
539aa06f64 Fix Python 2 & 3 compatibility in test_generate_test_code.py 2018-08-06 11:42:56 +01:00
Mohammad Azim Khan
32cbcdac8f Fix Pylint errors in Python scripts 2018-08-06 11:42:56 +01:00
Azim Khan
630281349e Replaced escaped_split() logic with regex 2018-08-06 11:42:56 +01:00
Azim Khan
fcdf685302 Make test function parsing robust
This commit enhances parsing of the test function in generate_test_code.py for
cases where return type and function name are on separate lines.
2018-08-06 11:42:56 +01:00
Azim Khan
4084ec7ae5 Fixed unit tests in test_generate_test_code.py 2018-08-06 11:42:56 +01:00
Azim Khan
8d686bfdb1 Incorporated code revoew comments. 2018-08-06 11:42:56 +01:00
Azim Khan
b31aa44e16 Fix style errors reported by pylint 2018-08-06 11:42:56 +01:00
Azim Khan
aee05bbe70 Add test suite framework summary 2018-08-06 11:42:56 +01:00
Azim Khan
63ab501aa7 Fix generate_test_code.py argument --helpers-file in CMakeLists.txt 2018-08-06 11:42:56 +01:00
Azim Khan
27a35e7712 Wildcard possible targets and document
Test application names and function file names can be constructed
based on the followed naming convention. This commit documents the
naming convention and removes explicit listing of the test
executables and the lookup table for finding .function file.
2018-08-06 11:42:56 +01:00
Azim Khan
5fcca46a3a Rename HexParam_t -> data_t for consistent coding style 2018-08-06 11:42:06 +01:00
Azim Khan
62a5d7d65a Document status/error codes in helper.function 2018-08-06 11:42:06 +01:00
Azim Khan
951a2c8898 Improve documentation in mbedtls_test.py 2018-08-06 11:42:06 +01:00
Azim Khan
e3b26af7c0 Improve documentation in generate_test_code.py 2018-08-06 11:42:06 +01:00
Azim Khan
b98e6eec58 Replace asserts with exceptions in mbedtls_test.py 2018-08-06 11:42:06 +01:00
Azim Khan
040b6a2281 Wrap code to 79 character limit 2018-08-06 11:42:06 +01:00
Azim Khan
936ea9302a Strip whitespaces added by decode() function 2018-08-06 11:42:06 +01:00
Mohammad Azim Khan
00c4b090c1 Change intermediate data file extension to .datax 2018-08-06 11:42:06 +01:00
Mohammad Azim Khan
ff560f2239 Rename makefile target gen-embedded-test - generate-target-tests 2018-08-06 11:42:06 +01:00
Mohammad Azim Khan
cfd834274b Use integer instead of string as test result 2018-08-06 11:42:06 +01:00
Mohammad Azim Khan
53faf5c964 Widen the test app columns 2018-08-06 11:42:06 +01:00
Mohammad Azim Khan
8a3628fc86 Set PYTHON using ?= syntax 2018-08-06 11:40:58 +01:00
Mohammad Azim Khan
8f6e8cfcc7 Print line number with data file error 2018-08-06 11:40:58 +01:00
Mohammad Azim Khan
3b06f226e9 Replace asserts with exceptions in generate_test_code.py 2018-08-06 11:40:58 +01:00
Mohammad Azim Khan
c3521dfdd6 Fix generate_test_code.py unit tests 2018-08-06 11:40:58 +01:00
Azim Khan
0fa3504a77 Add missing MSVC typedefs 2018-08-06 11:40:58 +01:00
Gilles Peskine
667f7f8369 Fix generation of #line directives in Python 2
When using Python 2 (which is done in the Makefile), all #line
directives from the test code were generated with the line number 1.
This traces back to the change in the method name for generators in
Python 2 (next) vs Python 3 (__next__). Override both methods so that
the script remains compatible with both Python 2 and Python 3.
2018-08-06 11:40:58 +01:00
Gilles Peskine
7776141a16 Don't generate lines with only whitespace 2018-08-06 11:40:58 +01:00
Mohammad Azim Khan
9b06f37601 Give execute permissions to Python scripts 2018-08-06 11:40:58 +01:00
Mohammad Azim Khan
b73159d639 Remove white spaces caught by check-files.py 2018-08-06 11:40:58 +01:00
Mohammad Azim Khan
ddde34c698 Remove git conflict marker from test_suite_timing.function 2018-08-06 11:40:58 +01:00
Mohammad Azim Khan
76135345c8 Fix gcc-7 -Wformat-truncation warning
Function test_snprintf() is called by run_test_snprintf() with constant test
data. It gets inlined and is subjected to snprintf format truncation checks
introduced by -Wformat-truncation in gcc-7. -Wformat-truncation is turned
On by -Wall and other similar options. It results in error with -Werror.

-Wformat-truncation makes tests performed by run_test_snprintf() redundant
on gcc. But they are still relevant for other compilers. This commit prevents
inlining of test_snprintf() to avoid gcc compile time checks.
2018-08-06 11:40:58 +01:00
Mohammad Azim Khan
1ec7e6f3d9 Python3 compatible generate_test_code.py 2018-08-06 11:40:58 +01:00
Mohammad Azim Khan
78befd9019 Rename generate_code.py -> generate_test_code.py 2018-08-06 11:40:58 +01:00
Mohammad Azim Khan
7eb55687c4 Set OS specific python executable name 2018-08-06 11:40:58 +01:00
Mohammad Azim Khan
b522929666 Add support for per test suite helper functions 2018-08-06 11:40:58 +01:00
Azim Khan
05d83fa406 Put parentheses around macro arguments 2018-08-06 11:40:58 +01:00
Azim Khan
36e5fac0fb Rephrase confusing function description 2018-08-06 11:40:58 +01:00
Azim Khan
317efe85e1 Adapt new test gcm_bad_parameters() to on target testing changes 2018-08-06 11:40:58 +01:00
Azim Khan
f0e42fbd1f Add missing documentation and fix file doc strings 2018-08-06 11:40:58 +01:00
Mohammad Azim Khan
9540261a76 Incorporated code review comments 2018-08-06 11:40:58 +01:00
Azim Khan
d61b837fac Update unit tests for change in test suites code generator
Code generator has been modified to generate case statements for dependency checks and expression checks.
This commit updates the unit tests accordingly.
2018-08-06 11:40:58 +01:00
Azim Khan
b1c2d0f946 Use switch instead if if-else for dependency and expression checks. 2018-08-06 11:40:58 +01:00
Azim Khan
d61a4384d8 incorporate code review comment in embedded_test.function 2018-08-06 11:40:58 +01:00
Azim Khan
663d4702c5 Incorporate code review suggestions in mbedtls_test.py 2018-08-06 11:40:58 +01:00
Azim Khan
599cd247e6 Update unit tests for code generator and make code generator more testable. 2018-08-06 11:40:58 +01:00
Azim Khan
acc5473ac9 Use FileWrapper class in place of file where line number is required 2018-08-06 11:40:57 +01:00
Azim Khan
5e2ac1fb29 Updated generate_code.py unit tests 2018-08-06 11:40:57 +01:00
Azim Khan
4b54323bcb Unit test generate_copy.py 2018-08-06 11:40:57 +01:00
Azim Khan
13c6bfbc2a Gaurd test suite headers with suite dependency
Test suite header code was not gaurded with test suite dependency.
But some test suites have additional code in the headers section.
Variables in that section become unused if suite functions are
gaurded. Hence gaurded the headers section.
But this changed cuased missing types in get_expression() function
that was originally accessing types defined through suite headers.
Hence had to gaurd expressions code as well.
Gaurding expressions does not allow parsing the parameters when
some types or hash defs are gaurded. Hence added function
check_test() to check if test is allowed or not before parsing the
parameters.
2018-08-06 11:40:57 +01:00
Mohammad Azim Khan
8c4d5ba763 Update CMakeList.txt with new test suites code generator 2018-08-06 11:40:57 +01:00
Mohammad Azim Khan
cf32c45bfd Add missing headers and fix name change issues 2018-08-06 11:40:57 +01:00
Azim Khan
1de892b85f Update code as old template and generator is replaced with new one 2018-08-06 11:40:57 +01:00
Azim Khan
191e904bb2 Replace old template and code generator with new ones. Keep names 2018-08-06 11:40:57 +01:00
Azim Khan
975d97eb8b Remove old test suite template and code generator script 2018-08-06 11:40:57 +01:00
Azim Khan
2397bbaa01 Update test generator for use of struct for hex parameters 2018-08-06 11:40:57 +01:00
Azim Khan
d30ca130e8 Combine hex parameters in a struct 2018-08-06 11:40:57 +01:00
Azim Khan
5cfc06832e Fix name conflict in function params after hexify/unhexify change 2018-08-06 11:40:57 +01:00
Azim Khan
3e5d0004ab Update Greentea API header 2018-08-06 11:40:57 +01:00
Azim Khan
47b40609de Fix RSA test suite bugged by hexify/unhexify change 2018-08-06 11:40:57 +01:00
Azim Khan
392267a7c8 Fix missing data in the RSA test vectors file 2018-08-06 11:40:57 +01:00
Azim Khan
b3a103c499 Put else in it's own line 2018-08-06 11:40:57 +01:00
Azim Khan
d59391afcd Add support for sending hex parameters 2018-08-06 11:40:57 +01:00
Azim Khan
46c9b1f196 Fix test functions and data after moving hexify/unhexify out
- Separate string and hex parameter as unhexify is moved out of the function. It's input should only be hex.
- Fix test mbedtls_ccm_encrypt_and_tag that grows input message buffer with tag
- Add missing expected length parameter in ECP TLS tests
- Add deleted TEST_ASSERT and mbedtls calls that got removed in script based code generation
2018-08-06 11:40:57 +01:00
Azim Khan
5e7f8df800 Print Greentea __testcase_name indicator for Greentea to mark the test 2018-08-06 11:40:57 +01:00
Azim Khan
a57a420985 Add hex parameter dispatch 2018-08-06 11:40:57 +01:00
Azim Khan
184447e7e4 Add proper handling of hex data 2018-08-06 11:40:57 +01:00
Azim Khan
f1aaec9888 Intermediate hexify out change 2018-08-06 11:40:57 +01:00
Azim Khan
9079170f6e Adapt code for scripting out hexify/unhexify code 2018-08-06 11:40:57 +01:00
Azim Khan
3499a9e41b Add hex comparison function 2018-08-06 11:40:57 +01:00
Azim Khan
0574632b30 Update Greentea client API calls 2018-08-06 11:40:57 +01:00
Azim Khan
ee6c0189df Unify test setup errors for sending to host 2018-08-06 11:40:57 +01:00
Azim Khan
ec024483ae Fix line no. directive 2018-08-06 11:40:57 +01:00
Mohammad Azim Khan
67735d540b Fix name conflict and implicit use of functions from string.h 2018-08-06 11:40:57 +01:00
Mohammad Azim Khan
7a0d84fccc On target test host test script 2018-08-06 11:40:57 +01:00
Mohammad Azim Khan
fff4904e6b mbed-os test code generator 2018-08-06 11:40:57 +01:00
Mohammad Azim Khan
1f29be7241 Make target for on mbed testing
New target gen-mbed-test generates mebdtls tests in mbed-os test format.
i.e. a dir tree like TESTS/<testgroup>/[<sub testgroup>/]<test case>.
The TESTS dir can then be imported into mbed-os to compile tests with mbed-os.
2018-08-06 11:40:57 +01:00
Mohammad Azim Khan
94aefaf314 Optimise makefile targets 2018-08-06 11:32:29 +01:00
Simon Butcher
5f26b11ffa Change test dependencies to RC4 from DES
Some tests were dependent on DES yet actually used RC4. Likely a copy and paste
error. This change fixes them.
2018-07-27 17:15:39 +01:00
Jaeden Amero
193c86425e Update version to 2.12.0 2018-07-25 15:42:26 +01:00
Simon Butcher
729d7814c8 Merge remote-tracking branch 'public/pr/779' into development 2018-07-24 17:20:36 +01:00
Simon Butcher
2c92949e0a Merge remote-tracking branch 'public/pr/1198' into development 2018-07-24 17:20:17 +01:00
Simon Butcher
c88c627fba Merge remote-tracking branch 'public/pr/1658' into development 2018-07-24 17:19:10 +01:00
Ron Eldor
8dd03cd1aa Add tests for the nist key wrapping feature
Add tests for Key wrapping.
Test vectors taken from the standards.
2018-07-24 16:43:20 +01:00
Simon Butcher
5ca06c763c Merge remote-tracking branch 'public/pr/1724' into development 2018-07-24 13:32:07 +01:00
Simon Butcher
116ac43d00 Merge remote-tracking branch 'public/pr/1852' into development 2018-07-24 12:18:59 +01:00
Simon Butcher
bdf80d0953 Merge remote-tracking branch 'public/pr/1810' into development 2018-07-24 12:12:27 +01:00
Simon Butcher
a7b35434e6 Merge remote-tracking branch 'public/pr/1871' into development 2018-07-24 08:26:13 +01:00
Ron Eldor
bb4bbbbbb4 Resolve PR review comments
Address review comments:
1. add `mbedtls_cipher_init()` after freeing context, in test code
2. style comments
3. set `ctx->iv_size = 0` in case `IV == NULL && iv_len == 0`
2018-07-23 18:18:35 +01:00
Ron Eldor
6f90ed82b9 Fix CI failure
Test IV special cases only if `MBEDTLS_CIPHER_MODE_CBC` is defined
2018-07-23 18:18:35 +01:00
Ron Eldor
4e64e0b922 Fix after PR comments
1. Don't set IV onECB
2. Fix style issues
3. reduce number of tests
2018-07-23 18:18:32 +01:00
Ron Eldor
7b01244b99 Add tests for mbedtls_cipher_crypt API
1. Add tests for 'mbedtls_cipher_crypt()' API
2. Resolves #1091, by ignoring IV when the cipher mode is MBEDTLS_MODE_ECB
2018-07-23 18:02:09 +01:00
Simon Butcher
8e6a22ac3d Add additional i386 tests to all.sh
Added an additional i386 test to all.sh, to allow one test with -O0 which
compiles out inline assembly, and one to test with -01 which includes the inline
assembly.
2018-07-23 13:31:19 +01:00
Simon Butcher
7a6da6ed5e Expand i386 all.sh tests to full config ASan builds
The i386 test builds were only building the default configuration and had
no address sanitisation. This commit expands the test configuration to the full
configuration in all.sh and builds with ASan for when the test suites are
executed.
2018-07-22 18:01:19 +01:00
Andres Amaya Garcia
4c761fab7f Add test for empty app data records to ssl-opt.sh 2018-07-20 23:09:29 +01:00
Jaeden Amero
7c1258dc78 all.sh: Return error on keep-going failure
When calling all.sh from a script and using "--keep-going", errors were
sometimes missed due to all.sh always returning 0 "success" return code.
Return 1 if there is any failure encountered during a "keep-going" run.
2018-07-20 17:14:21 +01:00
Simon Butcher
7d728bd70e Merge remote-tracking branch 'public/pr/1454' into development 2018-07-20 14:33:44 +01:00
Simon Butcher
922bd1efb2 Merge remote-tracking branch 'public/pr/1752' into development 2018-07-20 14:33:18 +01:00
Simon Butcher
be685ba337 Merge remote-tracking branch 'public/pr/1836' into development 2018-07-19 20:01:23 +01:00
Simon Butcher
e7aeef09ee Merge remote-tracking branch 'public/pr/536' into development 2018-07-10 15:24:26 +01:00
Simon Butcher
727325baa7 Merge remote-tracking branch 'public/pr/1788' into development 2018-07-10 14:54:52 +01:00
Jaeden Amero
cdb5cc570c tests: dhm: Rename Hallman to Hellman
Fix typo of Diffie-Hallman to Diffie-Hellman.
2018-07-06 13:20:09 +01:00
Andrzej Kurek
991f9fefd9 all_sh: add a check for header inclusion in cpp_dummy_build.cpp
change the g++ test to be incremental, to save time
reorganize header order in cpp_dummy_build.cpp according to c locale
2018-07-02 09:08:21 -04:00
Manuel Pégourié-Gonnard
4edb9cbbc0 Justify some max_ops settings in test_suite_pk 2018-07-02 12:23:23 +02:00
Gilles Peskine
a931265509 Fix ssl-opt.sh not starting when lsof is not available
$START_DELAY was used before it was defined.
2018-06-29 15:48:13 +02:00
Nicholas Wilson
61fa436ad3 Address review comments - tidy usage of macros to use minimal values 2018-06-28 17:09:21 +01:00
Ron Eldor
643df7c8a1 Update ssl-opt.sh test to run condition
1. Update the test script to un the ECC tests only if the relevant
configurations are defined in `config.h` file
2. Change the HASH of the ciphersuite from SHA1 based to SHA256
for better example
2018-06-28 16:17:00 +03:00
k-stachowiak
b056dd86d0 Remove a redundant dependency clause 2018-06-28 12:58:56 +02:00
Ron Eldor
58093c8bec Add ECC extensions test in ssl-opts.sh
Add test to verify if an ecc based extension exists
or not if an ecc based ciphersuite is used or not.
2018-06-28 13:22:05 +03:00
Andrzej Kurek
05be06cc2d Make the C++ test mandatory by removing the --no-cxx flag from all.sh
Remove the cmake test
2018-06-28 05:10:51 -04:00
Andrzej Kurek
45a6719594 Add a CXX build to all.sh to execute the C++ dummy test by default 2018-06-28 05:10:02 -04:00
Simon Butcher
597dbf8802 Adds a filter to run-test-suites.pl to exclude data files
The run-test-suites.pl script was executing all files of the form 'test_suite*'
which were either executable or ended with a .exe extension.

On some filesystems, such as through network shares or VMs, which are
abstracting one set of file permissions to Unix permissions, may set the
executable permissions on all files, whether they're executable or not.

That was leading to the run-test-suites.pl script to attempt to execute the .c
intermediate files because they followed the form 'test_suite_*.c'. This change
now excludes them, just in case they accidentally have execute permissions.
2018-06-27 16:16:39 +01:00
Ron Eldor
b0ef434911 Add doxygen.sh script to git hooks
Add the doxygen.sh script to the pre-push git script
2018-06-27 17:41:00 +03:00
Simon Butcher
6665b67ddf Merge remote-tracking branch 'public/pr/1390' into development 2018-06-27 10:51:47 +01:00
Simon Butcher
9fa21bffe6 Merge remote-tracking branch 'public/pr/1533' into development 2018-06-27 10:50:58 +01:00
k-stachowiak
7972334090 Enable ARIA self test in the unit testing 2018-06-25 15:29:52 +02:00
Nicholas Wilson
2682edf205 Fix build using -std=c99
In each place where POSIX/GNU functions are used, the file must declare
that it wants POSIX functionality before including any system headers.
2018-06-25 12:00:26 +01:00
Andres Amaya Garcia
7994766581 Fix usage of if_build_succeeded in all.sh zeroize test 2018-06-20 09:34:54 +01:00
Andrzej Kurek
c19fc55538 Add missing large and small packet tests for ssl_server2 2018-06-20 04:22:06 -04:00
Andrzej Kurek
30e731decd Added buffer_size and response_size options for ssl-server2.
Added appropriate tests.
2018-06-20 04:22:06 -04:00
Manuel Pégourié-Gonnard
79d9b50421 Merge branch 'development' into iotssl-1260-non-blocking-ecc-restricted
* development: (180 commits)
  Change the library version to 2.11.0
  Fix version in ChangeLog for fix for #552
  Add ChangeLog entry for clang version fix. Issue #1072
  Compilation warning fixes on 32b platfrom with IAR
  Revert "Turn on MBEDTLS_SSL_ASYNC_PRIVATE by default"
  Fix for missing len var when XTS config'd and CTR not
  ssl_server2: handle mbedtls_x509_dn_gets failure
  Fix harmless use of uninitialized memory in ssl_parse_encrypted_pms
  SSL async tests: add a few test cases for error in decrypt
  Fix memory leak in ssl_server2 with SNI + async callback
  SNI + SSL async callback: make all keys async
  ssl_async_resume: free the operation context on error
  ssl_server2: get op_name from context in ssl_async_resume as well
  Clarify "as directed here" in SSL async callback documentation
  SSL async callbacks documentation: clarify resource cleanup
  Async callback: use mbedtls_pk_check_pair to compare keys
  Rename mbedtls_ssl_async_{get,set}_data for clarity
  Fix copypasta in the async callback documentation
  SSL async callback: cert is not always from mbedtls_ssl_conf_own_cert
  ssl_async_set_key: detect if ctx->slots overflows
  ...
2018-06-20 09:46:17 +02:00
Manuel Pégourié-Gonnard
9fece7ee91 Add ChachaPoly ciphersuites to compat.sh
This is disabled by default since it requires OpenSSL >= 1.1.0 and the current
default version on the CI is 1.0.2. However, the CI also has 1.1.1-rc which
can be used for this.
2018-06-19 13:16:30 +02:00
Manuel Pégourié-Gonnard
c36b432108 Add GnuTLS interop for CCM(-8) ciphersuites
I'm going to touch the GCM/CCM/CCM-8 code in the next commit, and so far we
didn't have any interop testing for CCM/CCM-8.

Our standard development/testing environment currently has GnuTLS 3.4.10, and
fortunately support for CCM/CCM-8 was introduced in GnuTLS 3.4.0

Support in OpenSSL was introduced in 1.1.0 which is not yet the default
version in the CI.
2018-06-19 12:12:47 +02:00
Manuel Pégourié-Gonnard
ce66d5e8e1 Declare ChaCha-Poly ciphersuites
Prefer them over AES-GCM as they have better performance and fewer side
channel considerations in software implementations.
2018-06-19 12:11:38 +02:00
Manuel Pégourié-Gonnard
0dadba2b58 Merge branch 'development' into iotssl-2257-chacha-poly-primitives
* development: (182 commits)
  Change the library version to 2.11.0
  Fix version in ChangeLog for fix for #552
  Add ChangeLog entry for clang version fix. Issue #1072
  Compilation warning fixes on 32b platfrom with IAR
  Revert "Turn on MBEDTLS_SSL_ASYNC_PRIVATE by default"
  Fix for missing len var when XTS config'd and CTR not
  ssl_server2: handle mbedtls_x509_dn_gets failure
  Fix harmless use of uninitialized memory in ssl_parse_encrypted_pms
  SSL async tests: add a few test cases for error in decrypt
  Fix memory leak in ssl_server2 with SNI + async callback
  SNI + SSL async callback: make all keys async
  ssl_async_resume: free the operation context on error
  ssl_server2: get op_name from context in ssl_async_resume as well
  Clarify "as directed here" in SSL async callback documentation
  SSL async callbacks documentation: clarify resource cleanup
  Async callback: use mbedtls_pk_check_pair to compare keys
  Rename mbedtls_ssl_async_{get,set}_data for clarity
  Fix copypasta in the async callback documentation
  SSL async callback: cert is not always from mbedtls_ssl_conf_own_cert
  ssl_async_set_key: detect if ctx->slots overflows
  ...
2018-06-19 11:13:50 +02:00
Simon Butcher
2fcd3e4441 Change the library version to 2.11.0
* Change the Mbed TLS library version to 2.11.0
 * Increase the soversion of libmbedcrypto
 * Increase the soversion of libmbedtls
2018-06-18 14:39:06 +01:00
Angus Gratton
c4dd07369f test: Add test cases for separately reduced inward/outward buffer sizes 2018-06-18 20:51:51 +10:00
Jaeden Amero
d9c71dad50 Revert "Turn on MBEDTLS_SSL_ASYNC_PRIVATE by default"
This reverts commit 5ffe41c8f9.

Turn off MBEDTLS_SSL_ASYNC_PRIVATE by default because we don't want to
change the ABI yet.
2018-06-15 20:31:26 +01:00
Simon Butcher
9873696c34 Merge remote-tracking branch 'public/pr/710' into development 2018-06-15 14:18:11 +01:00
Simon Butcher
5f57f1e3cc Merge remote-tracking branch 'public/pr/1270' into development 2018-06-15 14:17:31 +01:00
Gilles Peskine
725f1cb6bd SSL async tests: add a few test cases for error in decrypt
The code paths in the library are different for decryption and for
signature. Improve the test coverage by doing some error path tests
for decryption in addition to signature.
2018-06-13 18:10:41 +02:00
Jaeden Amero
d906b818f3 tests: cipher: Allocate enough space for XTS keys
XTS keys can be double the size, since XTS uses two keys concatenated
together as a key (one for the tweak, one for encryption).
2018-06-13 12:16:25 +01:00
Jaeden Amero
c28012acdd tests: Remove NIST AES-XTS test vectors
The IEEE P1619 XTS test vectors should suffice. Remove the NIST test
vectors.
2018-06-13 12:13:58 +01:00
Jaeden Amero
142383e25b aes: xts: Add tests for invalid key sizes
Test that we get the error we expect when using various valid and invalid
keysizes with mbedtls_aes_xts_setkey_enc() and
mbedtls_aes_xts_setkey_dec().
2018-06-13 12:13:58 +01:00
Jaeden Amero
c653990ed5 cipher: Add wrappers for AES-XTS
AES-XTS does not support multipart use as it can only operate on an entire
sector at a time.
2018-06-13 12:13:56 +01:00
Jaeden Amero
425382d4fb tests: Extend AES-XTS suite
Extend the existing test suite for AES-XTS with checks for error reporting
and the IEEE P1619/D16 test vectors.
2018-06-13 12:05:04 +01:00
Jaeden Amero
e5c4b07b92 tests: Make AES-XTS suite more stack friendly
Remove stack-allocated buffers from the AES-XTS test suites.
2018-06-13 12:05:04 +01:00
Jaeden Amero
cd9fc5e541 aes: xts: Rename iv to data_unit
XTS doesn't have an IV, it has a "Data Unit". Rename iv for parity with the
XTS standard.
2018-06-13 12:05:04 +01:00
Jaeden Amero
5162b932a2 aes: Use length instead of bits_length in XTS
mbedtls_aes_crypt_xts() currently takes a `bits_length` parameter, unlike
the other block modes. Change the parameter to accept a bytes length
instead, as the `bits_length` parameter is not actually ever used in the
current implementation.
2018-06-13 12:05:04 +01:00
Jaeden Amero
9366feb504 aes: xts: Add new context structure
Add a new context structure for XTS. Adjust the API for XTS to use the new
context structure, including tests suites and the benchmark program. Update
Doxgen documentation accordingly.
2018-06-13 12:05:04 +01:00
Jaeden Amero
e22ba80e7b Add XTS test suites to the Makefile 2018-06-13 12:05:01 +01:00
Jaeden Amero
e9ecf00007 aes: Remove AES-XEX
AES-XEX is a building block for other cryptographic standards and not yet a
standard in and of itself. We'll just provide the standardized AES-XTS
algorithm, and not AES-XEX. The AES-XTS algorithm and interface provided
can be used to perform the AES-XEX algorithm when the length of the input
is a multiple of the AES block size.
2018-06-13 12:03:29 +01:00
Aorimn
5f77801ac3 Implement AES-XTS mode
XTS mode is fully known as "xor-encrypt-xor with ciphertext-stealing".
This is the generalization of the XEX mode.
This implementation is limited to an 8-bits (1 byte) boundary, which
doesn't seem to be what was thought considering some test vectors [1].

This commit comes with tests, extracted from [1], and benchmarks.
Although, benchmarks aren't really nice here, as they work with a buffer
of a multiple of 16 bytes, which isn't a challenge for XTS compared to
XEX.

[1] http://csrc.nist.gov/groups/STM/cavp/documents/aes/XTSTestVectors.zip
2018-06-13 12:03:27 +01:00
Aorimn
fb67fae83a Add AES-XEX tests cases
The test cases come from the XTS test vectors given by the CAVP initiative
from NIST (see [1]).
As mentioned in a previous commit, XEX is a simpler case of XTS.
Therefore, to construct the test_suite_aes.xex.data file, extraction of
the XEX-possible cases has been done on the given test vectors.
All of the extracted test vectors pass the tests on a Linux x86_64 machine.

[1] http://csrc.nist.gov/groups/STM/cavp/documents/aes/XTSTestVectors.zip
2018-06-13 12:01:50 +01:00
Jaeden Amero
9f52aebe2e tests: Fix name of 33 byte AES cipher tests
We named the tests "32 bytes", but actually tested with 33 bytes. Fix the
mistake.
2018-06-13 11:56:03 +01:00
Manuel Pégourié-Gonnard
b5d668a7a7 post-merge: adapt ssl-opt.sh to new error values
The numerical value of the error code was changed when merging development
into this branch; now adapt ssl-opt.sh to the new value.
2018-06-13 11:26:19 +02:00
Manuel Pégourié-Gonnard
d0a66ccde3 post-merge: fix ECDSA test vector testing
The way we do negative tests only works if the initial test was positive.

This was not immediately apparent with the set of test data at the time the
code for negative testing was introduced, but it became apparent with the
addition of the "0 private value" / "overlong private value" tests that
happened in development while this branch was developed.
2018-06-13 11:26:02 +02:00
Manuel Pégourié-Gonnard
da19f4c79f Merge branch 'development' into iotssl-1260-non-blocking-ecc-restricted
Summary of merge conflicts:

include/mbedtls/ecdh.h -> documentation style
include/mbedtls/ecdsa.h -> documentation style
include/mbedtls/ecp.h -> alt style, new error codes, documentation style
include/mbedtls/error.h -> new error codes
library/error.c -> new error codes (generated anyway)
library/ecp.c:
    - code of an extracted function was changed
library/ssl_cli.c:
    - code addition on one side near code change on the other side
      (ciphersuite validation)
library/x509_crt.c -> various things
    - top fo file: helper structure added near old zeroize removed
    - documentation of find_parent_in()'s signature: improved on one side,
      added arguments on the other side
    - documentation of find_parent()'s signature: same as above
    - verify_chain(): variables initialised later to give compiler an
      opportunity to warn us if not initialised on a code path
    - find_parent(): funcion structure completely changed, for some reason git
      tried to insert a paragraph of the old structure...
    - merge_flags_with_cb(): data structure changed, one line was fixed with a
      cast to keep MSVC happy, this cast is already in the new version
    - in verify_restratable(): adjacent independent changes (function
      signature on one line, variable type on the next)
programs/ssl/ssl_client2.c:
    - testing for IN_PROGRESS return code near idle() (event-driven):
      don't wait for data in the the socket if ECP_IN_PROGRESS
tests/data_files/Makefile: adjacent independent additions
tests/suites/test_suite_ecdsa.data: adjacent independent additions
tests/suites/test_suite_x509parse.data: adjacent independent additions

* development: (1059 commits)
  Change symlink to hardlink to avoid permission issues
  Fix out-of-tree testing symlinks on Windows
  Updated version number to 2.10.0 for release
  Add a disabled CMAC define in the no-entropy configuration
  Adapt the ARIA test cases for new ECB function
  Fix file permissions for ssl.h
  Add ChangeLog entry for PR#1651
  Fix MicroBlaze register typo.
  Fix typo in doc and copy missing warning
  Fix edit mistake in cipher_wrap.c
  Update CTR doc for the 64-bit block cipher
  Update CTR doc for other 128-bit block ciphers
  Slightly tune ARIA CTR documentation
  Remove double declaration of mbedtls_ssl_list_ciphersuites
  Update CTR documentation
  Use zeroize function from new platform_util
  Move to new header style for ALT implementations
  Add ifdef for selftest in header file
  Fix typo in comments
  Use more appropriate type for local variable
  ...
2018-06-13 09:52:54 +02:00
Andres Amaya Garcia
9b04e19129 Use grep to detect zeroize test failures on GDB
This patch uses grep to search the GDB output for errors as there is
a bug in the tool that causes it to return 0 to the system even though
there was a problem in the script.

This patch also fixes the zeroize test to work with the --keep-going
option in all.sh.
2018-06-12 20:57:45 +01:00
Simon Butcher
e47d6fd97e Merge remote-tracking branch 'public/pr/1497' into development 2018-06-12 16:53:04 +01:00
Simon Butcher
f0d7629771 Merge remote-tracking branch 'public/pr/1593' into development 2018-06-12 16:41:41 +01:00
Simon Butcher
263498ac36 Merge remote-tracking branch 'public/pr/1667' into development 2018-06-12 16:40:07 +01:00
Simon Butcher
33cb519cda Add decrypt tests to AES OFB Cipher module
Adds additional tests for AES-128, AES-192, and AES-256, for OFB block mode, for
the cipher wrapper module.
2018-06-11 14:03:22 +01:00
Simon Butcher
b7836e1e8c Change AES OFB tests to memset sizeof buffer 2018-06-11 14:03:22 +01:00
Simon Butcher
e416bf93d2 Reduce stack usage for AES OFB tests
Reduced the size of allocated buffers to the minimum for OFB tests.
2018-06-11 14:03:22 +01:00
Simon Butcher
00131446be Fix style and formatting for OFB feature 2018-06-11 14:03:22 +01:00
Simon Butcher
374bcd4255 Add to OFB cipher tests AES-192 and AES-256 OFB 2018-06-11 14:03:22 +01:00
Simon Butcher
dbe7fbf391 Remove unused variable in AES OFB test suite
Remove iv_len, an unused variable, in AES OFB test suite function, to fix gcc
compiler warning.
2018-06-11 14:03:22 +01:00
Simon Butcher
ad4e4938d1 Fix AES-OFB support for errors, tests and self-test
Adds error handling into mbedtls_aes_crypt_ofb for AES errors, a self-test
for the OFB mode using NIST SP 800-38A test vectors and adds a check to
potential return errors in setting the AES encryption key in the OFB test
suite.
2018-06-11 14:03:22 +01:00
Simon Butcher
8c0fd1e881 Add cipher abstraction and test cases for OFB block mode
Adds OFB as additional block mode in the cipher abstraction, and additional
test cases for that block mode.
2018-06-11 14:03:22 +01:00
Simon Butcher
0301884f00 Add test cases for AES OFB block mode
Adds test cases from NIST SP800-38A for OFB block mode to AES-128/192/256, for
the configuration of MBEDTLS_CIPHER_MODE_OFB.
2018-06-11 14:03:22 +01:00
Jaeden Amero
10e0e4d4ff hkdf: Add negative tests
Test for the expected bad input parameter error when given specific sets of
bad input parameters.
2018-06-11 13:10:14 +01:00
Jaeden Amero
3618962cab hkdf: Add tests for extract and expand
Add tests for mbedtls_hkdf_extract() and mbedtls_hkdf_expand() from the
test vectors in Appendix A of RFC 5869.
2018-06-11 13:10:14 +01:00
Thomas Fossati
656864b360 Add an HKDF (RFC 5869) implementation 2018-06-11 13:10:14 +01:00
Manuel Pégourié-Gonnard
39b1904b9f Merge branch 'development' into iotssl-2257-chacha-poly-primitives
* development: (97 commits)
  Updated version number to 2.10.0 for release
  Add a disabled CMAC define in the no-entropy configuration
  Adapt the ARIA test cases for new ECB function
  Fix file permissions for ssl.h
  Add ChangeLog entry for PR#1651
  Fix MicroBlaze register typo.
  Fix typo in doc and copy missing warning
  Fix edit mistake in cipher_wrap.c
  Update CTR doc for the 64-bit block cipher
  Update CTR doc for other 128-bit block ciphers
  Slightly tune ARIA CTR documentation
  Remove double declaration of mbedtls_ssl_list_ciphersuites
  Update CTR documentation
  Use zeroize function from new platform_util
  Move to new header style for ALT implementations
  Add ifdef for selftest in header file
  Fix typo in comments
  Use more appropriate type for local variable
  Remove useless parameter from function
  Wipe sensitive info from the stack
  ...
2018-06-07 12:02:55 +02:00
Manuel Pégourié-Gonnard
2adb375c50 Add option to avoid 64-bit multiplication
Motivation is similar to NO_UDBL_DIVISION.

The alternative implementation of 64-bit mult is straightforward and aims at
obvious correctness. Also, visual examination of the generate assembly show
that it's quite efficient with clang, armcc5 and arm-clang. However current
GCC generates fairly inefficient code for it.

I tried to rework the code in order to make GCC generate more efficient code.
Unfortunately the only way to do that is to get rid of 64-bit add and handle
the carry manually, but this causes other compilers to generate less efficient
code with branches, which is not acceptable from a side-channel point of view.

So let's keep the obvious code that works for most compilers and hope future
versions of GCC learn to manage registers in a sensible way in that context.

See https://bugs.launchpad.net/gcc-arm-embedded/+bug/1775263
2018-06-07 11:05:33 +02:00
Simon Butcher
d5a09f1e68 Updated version number to 2.10.0 for release 2018-06-06 14:52:00 +01:00
Simon Butcher
d08a2f7245 Adapt the ARIA test cases for new ECB function
Commit 08c337d058 "Remove useless parameter from function" removed the
parameter mode from the functions mbedtls_aria_crypt_ecb() which broke their
respective test suite.

This commit fixes those test cases.
2018-06-05 15:53:06 +01:00
Manuel Pégourié-Gonnard
9c82e2ce49 Fix some whitespace issues 2018-06-04 12:30:16 +02:00
Manuel Pégourié-Gonnard
3dc62a0a9b chachapoly: force correct mode for integrated API
Allowing DECRYPT with crypt_and_tag is a risk as people might fail to check
the tag correctly (or at all). So force them to use auth_decrypt() instead.

See also https://github.com/ARMmbed/mbedtls/pull/1668
2018-06-04 12:18:19 +02:00
Simon Butcher
eb6ed719e3 Merge remote-tracking branch 'public/pr/1267' into development 2018-06-01 19:28:18 +01:00
Simon Butcher
246cb05a92 Merge remote-tracking branch 'public/pr/1410' into development 2018-06-01 19:25:56 +01:00
Simon Butcher
b02f7893f6 Merge remote-tracking branch 'public/pr/1470' into development 2018-06-01 19:20:25 +01:00
Simon Butcher
ba9199458d Merge remote-tracking branch 'public/pr/1604' into development 2018-06-01 19:15:40 +01:00
Darryl Green
0daf4caaf8 Add test vectors for CCM* 2018-05-31 10:05:35 +01:00
Janos Follath
95ab93d417 CCM*: Add minimal tests 2018-05-29 11:59:22 +01:00
Manuel Pégourié-Gonnard
3798b6be6b Add some error codes and merge others
- need HW failure codes too
- re-use relevant poly codes for chachapoly to save on limited space

Values were chosen to leave 3 free slots at the end of the NET odd range.
2018-05-24 13:37:31 +02:00
Manuel Pégourié-Gonnard
234e1cef73 cipher: add stream test vectors for chacha20(poly1305) 2018-05-24 13:37:31 +02:00
Manuel Pégourié-Gonnard
ceb1225d46 chachapoly: add test for state flow 2018-05-24 13:37:31 +02:00
Manuel Pégourié-Gonnard
444f711216 poly1305: add test with multiple small fragments
This exercises the code path where data is just appended to the waiting queue
while it isn't empty.
2018-05-24 13:37:31 +02:00
Manuel Pégourié-Gonnard
59d2c30eba chachapoly: add test for parameter validation
Also fix two bugs found by the new tests.

Also remove redundant test case dependency declarations while at it.
2018-05-24 13:37:31 +02:00
Manuel Pégourié-Gonnard
a8fa8b8f96 poly1305: add test for parameter validation
Also fix two validation bugs found while adding the tests.

Also handle test dependencies the right way while at it.
2018-05-24 13:37:31 +02:00
Manuel Pégourié-Gonnard
2aca236881 chacha20: add test for parameter validation 2018-05-24 13:37:31 +02:00
Manuel Pégourié-Gonnard
fce88b2533 Fix selftest verbosity in test suites 2018-05-24 13:37:31 +02:00
Manuel Pégourié-Gonnard
69767d1c7b cipher: add chachapoly test vector + unauth case 2018-05-24 13:37:31 +02:00
Manuel Pégourié-Gonnard
1465602ee1 poly1305: fix bug in starts() and add test for it 2018-05-24 13:37:31 +02:00
Manuel Pégourié-Gonnard
55c0d096b7 chacha20: fix bug in starts() and add test for it
Previously the streaming API would fail when encrypting multiple messages with
the same key.
2018-05-24 13:37:31 +02:00
Manuel Pégourié-Gonnard
7296771194 chachapoly: add test with unauthentic data 2018-05-24 13:37:31 +02:00
Manuel Pégourié-Gonnard
528524bf3c Reduce size of buffers in test suites 2018-05-24 13:37:31 +02:00
Manuel Pégourié-Gonnard
b1ac5e7842 poly1305: adjust parameter order
This module used (len, pointer) while (pointer, len) is more common in the
rest of the library, in particular it's what's used in the CMAC API that is
very comparable to Poly1305, so switch to (pointer, len) for consistency.
2018-05-24 13:37:31 +02:00
Manuel Pégourié-Gonnard
346b8d5050 chachapoly: split crypt_and_mac() to match GCM API
In addition to making the APIs of the various AEAD modules more consistent
with each other, it's useful to have an auth_decrypt() function so that we can
safely check the tag ourselves, as the user might otherwise do it in an
insecure way (or even forget to do it altogether).
2018-05-24 13:37:31 +02:00
Manuel Pégourié-Gonnard
dca3a5d884 Rename aead_chacha20_poly1305 to chachapoly
While the old name is explicit and aligned with the RFC, it's also very long,
so with the mbedtls_ prefix prepended we get a 31-char prefix to each
identifier, which quickly conflicts with our 80-column policy.

The new name is shorter, it's what a lot of people use when speaking about
that construction anyway, and hopefully should not introduce confusion at
it seems unlikely that variants other than 20/1305 be standardised in the
foreseeable future.
2018-05-24 13:37:31 +02:00
Daniel King
dca6abb24b Fix test suite when GCM Is disabled, but AEAD_ChaCha20_Poly1305 is enabled. 2018-05-24 13:37:31 +02:00
Daniel King
6155cc82ba Add ChaCha20 test vectors from RFC 7539 2018-05-24 13:37:31 +02:00
Daniel King
8fe4701abe Add ChaCha20+Poly1305 to the Cipher module 2018-05-24 13:37:31 +02:00
Daniel King
b8025c5826 Implement AEAD-ChaCha20-Poly1305.
This implementation is based off the description in RFC 7539.

The ChaCha20 code is also updated to provide a means of generating
keystream blocks with arbitrary counter values. This is used to
generated the one-time Poly1305 key in the AEAD construction.
2018-05-24 13:37:31 +02:00
Daniel King
adc32c0b50 Add Poly1305 authenticator algorithm (RFC 7539)
Test vectors are included from RFC 7539.

Poly1305 is also added to the benchmark program.
2018-05-24 13:37:31 +02:00