Commit Graph

2747 Commits

Author SHA1 Message Date
Ronald Cron
27238fcbd8 psa: Use psa_key_file_id_t as the key id type
The purpose of this commit and the following is for
psa_key_id_t to always be as defined by the PSA
Cryptography API specification.

Currently psa_key_id_t departs from its specification
definition when MBEDTLS_PSA_CRYPTO_KEY_FILE_ID_ENCODES_OWNER
configuration flag is set. In that configuration, it is set
to be equal to psa_key_file_id_t which in that configuration
encodes an owner identifier along the key identifier.

Type psa_key_file_id_t was meant to be the key identifier type
used throughout the library code. If
MBEDTLS_PSA_CRYPTO_KEY_FILE_ID_ENCODES_OWNER is set it
includes both a key and owner identifier, otherwise it is
equal to psa_key_id_t.

It has not been the key identifier type throughout the
library so far because when the PSA Cryptography
specification was developped the library Doxygen
documentation was used to generate the PSA Cryptography API
specification thus the need to use psa_key_id_t and not
psa_key_file_id_t.

As this constraint does not hold anymore, move
to psa_key_file_id_t as the key identifier type throughout
the library code.

By the way, this commit updates the key identifier
initialization in the tests to be compatible with a
composit key identifier. A psa_key_id_make()
inline function is introduced to initialize key
identifiers (composit ot not) at runtime.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-09-02 14:27:07 +02:00
Gilles Peskine
349eadc58f Report the first failure, not the last one
If test_fail is called multiple times in the same test case, report
the location of the first failure, not the last one.

With this change, you no longer need to take care in tests that use
auxiliary functions not to fail in the main function if the auxiliary
function has failed.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-08-31 10:09:57 +02:00
Janos Follath
17ffc5da8d Bump version to Mbed TLS 2.24.0
Executed "./scripts/bump_version.sh --version 2.24.0"

Signed-off-by: Janos Follath <janos.follath@arm.com>
2020-08-26 16:22:57 +01:00
Janos Follath
d2ce916b58 Merge branch 'development-restricted' 2020-08-26 14:15:34 +01:00
Gilles Peskine
d4b9133850
Merge pull request #3611 from gilles-peskine-arm/psa-coverity-cleanups-202008
Minor fixes in PSA code and tests
2020-08-26 13:18:27 +02:00
Gilles Peskine
9e4d4387f0
Merge pull request #3433 from raoulstrackx/raoul/verify_crl_without_time
Always revoke certificate on CRL
2020-08-26 12:56:11 +02:00
Gilles Peskine
a2e518daf5 Fix the documentation of has_even_parity
The documentation had the boolean meaning of the return value inverted.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-08-26 12:14:37 +02:00
Gilles Peskine
ed9fbc6443 Clearer function name for parity check
Return a name that more clearly returns nonzero=true=good, 0=bad. We'd
normally expect check_xxx to return 0=pass, nonzero=fail so
check_parity was a bad name.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-08-26 11:16:50 +02:00
Gilles Peskine
6c75152b9f Explain the purpose of check_parity
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-08-26 10:24:26 +02:00
Gilles Peskine
34f063ca47 Add missing cleanup to hash multipart operation tests
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-08-26 10:24:13 +02:00
Gilles Peskine
29c4a6cf9f Add negative tests for MAC verification
Add negative tests for psa_mac_verify_finish: too large, too small, or
a changed byte.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-08-26 00:16:03 +02:00
Gilles Peskine
090e16cb8b Don't destroy the key during a MAC verification operation
An early draft of the PSA crypto specification required multipart
operations to keep working after destroying the key. This is no longer
the case: instead, now, operations are guaranteed to fail. Mbed TLS
does not comply yet, and still allows the operation to keep going.
Stop testing Mbed TLS's non-compliant behavior.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-08-26 00:16:03 +02:00
Gilles Peskine
8b356b5652 Test other output sizes for psa_mac_sign_finish
Test psa_mac_sign_finish with a smaller or larger buffer.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-08-26 00:16:03 +02:00
Gilles Peskine
5e65cec5e8 Simplify output bounds check in mac_sign test
Rely on Asan to detect a potential buffer overflow, instead of doing a
manual check. This makes the code simpler and Asan can detect
underflows as well as overflows.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-08-26 00:16:03 +02:00
Gilles Peskine
3d404d677e Test PSA_MAC_FINAL_SIZE in mac_sign exactly
We expect PSA_MAC_FINAL_SIZE to be exact in this implementation, so
check it here.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-08-26 00:16:03 +02:00
Gilles Peskine
cd65f4ccac Add empty-output-buffer test cases for single-part hash functions
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-08-26 00:11:23 +02:00
Gilles Peskine
e92c68a878 Note that a failure in cleanup is intentional
In the cleanup code for persistent_key_load_key_from_storage(), we
only attempt to reopen the key so that it will be deleted if it exists
at that point. It's intentional that we do nothing if psa_open_key()
fails here.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-08-26 00:11:23 +02:00
Gilles Peskine
64f13ef6ab Add missing cleanup to some multipart operation tests
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-08-26 00:11:23 +02:00
Gilles Peskine
a09713c795 test cleanup: Annotate file removal after a failed creation
Let static analyzers know that it's ok if remove() fails here.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-08-25 22:50:18 +02:00
Gilles Peskine
14613bcd75 Fix parity tests to actually fail the test on error
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-08-25 22:30:31 +02:00
Steven Cooreman
ffecb7b982 Implement support for multipart ECB and add tests
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2020-08-25 17:00:24 +02:00
Janos Follath
d4ac4e037b
Merge pull request #736 from mpg/cf-varpos-copy-dev-restricted
Constant-flow copy of HMAC from variable position
2020-08-25 14:35:55 +01:00
Steven Cooreman
a6033e92af Style and language fixes
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2020-08-25 12:32:22 +02:00
Manuel Pégourié-Gonnard
04b7488411 Fix potential use of uninitialised variable
If any of the TEST_ASSERT()s that are before the call to
mbedtls_pk_warp_as_opaque() failed, when reaching the exit label
psa_destroy_key() would be called with an uninitialized argument.

Found by Clang.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-08-25 10:45:51 +02:00
Gilles Peskine
0f343ac87f
Merge pull request #3528 from gufe44/helpers-redirect-restore-output
Fix bug in redirection of unit test outputs
2020-08-24 10:45:08 +02:00
Manuel Pégourié-Gonnard
8a79b9b68c Fix "unused function" warning in some configs
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-08-24 10:29:30 +02:00
gufe44
067f6e01f1 Fix bug in redirection of unit test outputs
Avoid replacing handle. stdout is defined as a macro on several platforms.

Signed-off-by: gufe44 <gu981@protonmail.com>
2020-08-21 08:32:26 +02:00
Dan Handley
abccfc1684 Merge development into development-restricted
* development:
  Update copyright notices to use Linux Foundation guidance
  Undef ASSERT before defining it to ensure that no previous definition has sneaked in through included files.
  Add ChangeLog entry for X.509 CN-type vulnerability
  Improve documentation of cn in x509_crt_verify()
  Fix comparison between different name types
  Add test: DNS names should not match IP addresses
  Remove obsolete buildbot reference in compat.sh
  Fix misuse of printf in shell script
  Fix added proxy command when IPv6 is used
  Simplify test syntax
  Fix logic error in setting client port
  ssl-opt.sh: include test name in log files
  ssl-opt.sh: remove old buildbot-specific condition
  ssl-opt.sh: add proxy to all DTLS tests

Signed-off-by: Dan Handley <dan.handley@arm.com>
2020-08-20 11:07:12 +01:00
Manuel Pégourié-Gonnard
feb0396d20 Fix memory leak in test_suite_x509write with PSA crypto
The documentation of mbedtls_pk_wrap_as_opaque is quite clear:

 * \param handle    Output: a PSA key handle.
 *                  It's the caller's responsibility to call
 *                  psa_destroy_key() on that handle after calling
 *                  mbedtls_pk_free() on the PK context.

But the test failed to call psa_destroy_key().

While at it, also use PSA_DONE(): it ensures that if we fail to destroy the
key, we'll get an explicit error message about it without the need for
valgrind.

This is a preliminary to adding a valgrind-based test for constant-flow code:
we need to make sure the rest of the tests are fully valgrind-clean, which
they weren't.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-08-20 10:21:32 +02:00
Manuel Pégourié-Gonnard
7fe2c5f086 Add mbedtls_ssl_cf_memcpy_offset() with tests
The tests are supposed to be failing now (in all.sh component
test_memsan_constant_flow), but they don't as apparently MemSan doesn't
complain when the src argument of memcpy() is uninitialized, see
https://github.com/google/sanitizers/issues/1296

The next commit will add an option to test constant flow with valgrind, which
will hopefully correctly flag the current non-constant-flow implementation.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-08-19 11:56:02 +02:00
Bence Szépkúti
1e14827beb Update copyright notices to use Linux Foundation guidance
As a result, the copyright of contributors other than Arm is now
acknowledged, and the years of publishing are no longer tracked in the
source files.

Also remove the now-redundant lines declaring that the files are part of
MbedTLS.

This commit was generated using the following script:

# ========================
#!/bin/sh

# Find files
find '(' -path './.git' -o -path './3rdparty' ')' -prune -o -type f -print | xargs sed -bi '

# Replace copyright attribution line
s/Copyright.*Arm.*/Copyright The Mbed TLS Contributors/I

# Remove redundant declaration and the preceding line
$!N
/This file is part of Mbed TLS/Id
P
D
'
# ========================

Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2020-08-19 10:35:41 +02:00
Raoul Strackx
a4e86141f1 Always revoke certificate on CRL
RFC5280 does not state that the `revocationDate` should be checked.

In addition, when no time source is available (i.e., when MBEDTLS_HAVE_TIME_DATE is not defined), `mbedtls_x509_time_is_past` always returns 0. This results in the CRL not being checked at all.

https://tools.ietf.org/html/rfc5280
Signed-off-by: Raoul Strackx <raoul.strackx@fortanix.com>
2020-08-17 09:05:03 +02:00
Gilles Peskine
71f4fa13bb
Merge pull request #721 from gilles-peskine-arm/x509parse_crl-empty_entry-development
Fix buffer overflow in x509_get_entries (oss-fuzz 24123)
2020-08-14 23:22:31 +02:00
Manuel Pégourié-Gonnard
8ca03a7b68
Merge pull request #3554 from mpg/x509-verify-non-dns-san-dev
X509 verify non-DNS SANs
2020-08-14 11:32:22 +02:00
Manuel Pégourié-Gonnard
c4af324a4b Merge branch 'development' into development-restricted
* development: (55 commits)
  Log change as bugfix
  Add changelog entry
  Clarify updates to the persistent state in storage
  With multiple applicable transparent drivers, the order is unspecified
  Minor clarifications
  Give some examples of purpsoses of pure-software transparent driver
  Fix typos
  Add a link to the PSA API specification
  Explain locations vs lifetimes
  Initialize key pointer in ecdh to NULL
  Add buffer zeroization when ecp_write_key fails
  Simplified key slot deletion
  Style fixes
  Use arc4random_buf instead of rand on NetBSD
  Apply review feedback
  Update open question section about public key storage
  Remove the paragraph about declaring application needs
  Change driver persistent data to a callback interface
  Rework and expand key management in opaque drivers
  Fix typos and copypasta
  ...
2020-08-14 10:11:21 +02:00
Manuel Pégourié-Gonnard
7d2a4d873f Add test: DNS names should not match IP addresses
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-08-11 10:23:52 +02:00
Manuel Pégourié-Gonnard
eaa0739143
Merge pull request #716 from mpg/ct-varlen-hmac
Add constant-flow variable-length HMAC function
2020-08-10 12:40:33 +02:00
Gilles Peskine
210bea38f3 Add the decomposition of the base case as a comment
Put the base good case first, then the bad cases derived from it.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-08-06 17:12:03 +02:00
Steven Cooreman
d4867877f1 Initialize key pointer in ecdh to NULL
Since it is being dereferenced by free on exit it should be inited to NULL.
Also added a small test that would trigger the issue.

Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2020-08-05 17:38:47 +02:00
Steven Cooreman
3fa684ed91 Allow importing Montgomery public keys in PSA Crypto
PSA Crypto was checking the byte length of a to-be-imported public ECP key
against the expected length for Weierstrass keys, forgetting that
Curve25519/Curve448 exists.

Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2020-07-30 15:35:14 +02:00
Ronald Cron
d8902b6e3d tests: Replace "TEST_ASSERT(!memcmp ...)" by ASSERT_COMPARE
The usage of "!memcmp()" is at least not recommended
and better to use the macro dedicated for buffer
comparisons.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-07-30 14:18:02 +02:00
Manuel Pégourié-Gonnard
ea6a740923
Merge pull request #717 from mpg/non-etm-cbc-negative-testing
Add negative tests for non-EtM CBC decryption
2020-07-22 13:33:49 +02:00
Manuel Pégourié-Gonnard
e55653f085 Improve comments about padlen convention
The convention from the TLS RFC is a bit unusual, so even if the test
function's introductory comment mentions that we're taking the RFC's
definition, it doesn't hurt to repeat it in crucial places.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-07-22 11:42:57 +02:00
Manuel Pégourié-Gonnard
c3219006ff Fix suboptimal use of ASSER_ALLOC()
Passing a length of 0 to it is perfectly acceptable, the macro was designed to
handle it correctly.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-07-22 11:31:19 +02:00
Manuel Pégourié-Gonnard
ca8287cbaf Use test_set_step() in loop in cf_hmac test
We only have a single integer available for two nested loops, but the loop
sizes are small enough compared to the integer's range that we can encode both
indexes. Since the integer is displayed in decimal in case of errors, use a
power of 10 to pack the two indexes together.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-07-22 11:31:19 +02:00
Manuel Pégourié-Gonnard
ed0e86428d Factor repeated condition to its own macro
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-07-22 11:31:19 +02:00
Manuel Pégourié-Gonnard
9670a59230 Start testing cf_hmac() for constant flow
Currently this breaks all.sh component test_memsan_constant_flow, just as
expected, as the current implementation is not constant flow.

This will be fixed in the next commit.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-07-22 11:31:18 +02:00
Manuel Pégourié-Gonnard
b51f04466f Fix misleading comment in test function
Everything works at the byte level, not bit level. Flipping the lsb is just
one convenient way to corrupt a byte, but don't really care about individual
bits.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-07-21 10:40:25 +02:00
Manuel Pégourié-Gonnard
864abbff4e Rework how lengths are expressed in CBC test
This is hopefully more readable in the .data file.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-07-21 10:37:14 +02:00
Gilles Peskine
b2281e1cf0 x509parse_crl: more negative test cases
Add a few more negative test cases for mbedtls_x509_crl_parse.
The test data is manually adapted from the existing positive test case
"X509 CRL ASN1 (TBSCertList, sig present)" which decomposes as

305c
 3047                                   tbsCertList TBSCertList
  020100                                version INTEGER OPTIONAL
  300d                                  signatureAlgorithm AlgorithmIdentifier
   06092a864886f70d01010e
   0500
  300f                                  issuer Name
   310d300b0603550403130441424344
  170c303930313031303030303030          thisUpdate Time
  3014                                  revokedCertificates
   3012                                 entry 1
    8202abcd                            userCertificate CertificateSerialNumber
    170c303831323331323335393539        revocationDate Time
 300d                                   signatureAlgorithm AlgorithmIdentifier
  06092a864886f70d01010e
  0500
 03020001                               signatureValue BIT STRING

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-07-16 18:18:22 +02:00
Manuel Pégourié-Gonnard
4adc04a8a3 Give a constant a name in test function
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-07-16 10:00:48 +02:00
Manuel Pégourié-Gonnard
65a6fa3e26 Make cf_hmac() STATIC_TESTABLE
The test function now depends on MBEDTLS_TEST_HOOKS, which is enabled by
config.py full, and since there are already components in all.sh exercising
the full config, this test function is sill exercised even with this new
dependency.

Since this is the first time a test function depends on MBEDTLS_TEST_HOOKS,
fix a bug in check-names.sh that wasn't apparent so far: headers from
library/*.h were not considered when looking for macro definitions. This
became apparent because MBEDTLS_STATIC_TESTABLE is defined in library/common.h
and started being used in library/ssl_msg.c, so was flagged as a likely typo.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-07-15 12:26:21 +02:00
Manuel Pégourié-Gonnard
045f094c81 Add dummy constant-flow HMAC function with tests
The dummy implementation is not constant-flow at all for now, it's just
here as a starting point and a support for developing the tests and putting
the infrastructure in place.

Depending on the implementation strategy, there might be various corner cases
depending on where the lengths fall relative to block boundaries. So it seems
safer to just test all possible lengths in a given range than to use only a
few randomly-chosen values.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-07-15 12:25:52 +02:00
Steven Cooreman
5a3c210e15 Update to renamed curve constant
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2020-07-13 17:26:26 +02:00
Steven Cooreman
aec44e9fe8 Merge remote-tracking branch 'mbedtls/development' into montgomery-keys-clarification 2020-07-13 11:48:21 +02:00
Steven Cooreman
0024df6b37 Remove superfluous argument to ecp_write_key
Removed after feedback from PR review.

Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2020-07-13 10:59:40 +02:00
Manuel Pégourié-Gonnard
913a204a33 Fix undeclared dependency of test function
The ssl_tranform structure lacks some members accessed by this function when
CBC is not enabled.

This was found by test-ref-configs.pl and all.sh
test_when_no_ciphersuites_have_mac, so no need to add a new test.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-07-09 10:02:41 +02:00
Manuel Pégourié-Gonnard
62af37d616 Add tests with ARIA, Camellia, 3DES
Started as copies of the AES block, then:

- for ARIA, just s/AES/ARIA/
- for Camellia, just s/AES/Camellia/
- for 3DES, s/AES/3DES/ then s/3DES_128_CBC/DES_EDE3_CBC/ then manually
  subtract 8 to all plaintext lengths that were > 8. This accounts for the
fact that the block size of DES is 8 not 16.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-07-07 11:40:38 +02:00
Manuel Pégourié-Gonnard
7a1cb41ba2 Add test cases with MD5, SHA1, SHA384
All started from a copy of the SHA256 block and modified as follows:

- for MD5, just s/SHA256/MD5/
- for SHA384, adapt the dependency line then s/SHA256/SHA384
- for SHA1, s/SHA256/SHA1/ then manually adapt the plaintext length for the
  cases with "!trunc, B-1" and "!trunc, B", as the MAC length (20) is not a
multiple of the block size (16) for this hash

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-07-07 11:25:27 +02:00
Manuel Pégourié-Gonnard
e79e3bb2da Add test cases with various record sizes
- plaintext length = 0 or 1
- plaintext length + MAC length = -1 or 0 mod block_size
    (using the minimum plaintext length that works)

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-07-07 11:02:59 +02:00
Manuel Pégourié-Gonnard
527c1ff71a Generate good/bad padding programmatically
Compared to the previous approach of having the bad padding provided as input
to the testing function, this allows to test more kinds of incorrect data,
with less test cases in the .data file and more important no manually-generated
non-trivial data in the test case parameters, making it much easier to
complete the testing matrix.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-07-07 10:43:37 +02:00
Manuel Pégourié-Gonnard
fafe8553c6
Merge pull request #3392 from paul-elliott-arm/psa_ecc_dh_macros
PSA: update EC curve and DH group family macros
2020-07-07 09:20:44 +02:00
Steven Cooreman
ed3c9ec71a Added support for AES-ECB to the PSA Crypto implementation
PSA_ALG_ECB_NO_PADDING came in to the PSA Crypto API spec v1.0.0, but
was not implemented yet in the mbed TLS implementation.

Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2020-07-06 14:16:10 +02:00
Steven Cooreman
14f0e526fb Fix Curve25519 ecp_read_key vectors to match description
They did not match their description, probably due to a botched manual
endianness conversion where the nibbles also got swapped.

Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2020-07-06 10:52:38 +02:00
Steven Cooreman
c9b7f78647 Rework mbedtls_ecp_write_key to remove unnecessary output parameter
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2020-07-06 10:52:32 +02:00
Steven Cooreman
6f5cc71ad1 Document masking of Montgomery private keys in psa_export_key
Follow the PSA Crypto specification which was updated between 1.0 beta3
and 1.0.0.
Add corresponding test cases.

Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2020-07-06 10:45:04 +02:00
Steven Cooreman
de8593f2fe Implement and test mbedtls_ecp_write_key
mbedtls_ecp_write_key is a mirror function to mbedtls_ecp_read_key, which
writes a private key back into a byte buffer in the correct format.
This is a helpful convenience function, since the byte order is defined
differently between Montgomery and Weierstrass curves. Since this difference
is accounted for in mbedtls_ecp_read_key, it made sense to add
mbedtls_ecp_write_key for the purpose of abstracting this away such that
psa_export_key doesn't need to take byte order into account.

Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2020-07-06 10:42:38 +02:00
Gilles Peskine
642a4ef0aa
Merge pull request #3463 from gilles-peskine-arm/tests-not-executed
Fix some test cases that weren't getting executed
2020-07-03 15:13:18 +02:00
Manuel Pégourié-Gonnard
0ac01a1c59 TLS: Add negative tests for non-EtM CBC decryption
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-07-03 12:49:10 +02:00
Paul Elliott
75e27032d3 Rename DH Family Macros According to PSA Spec
Rename PSA_DH_GROUP_xxx to PSA_DH_FAMILY_xxx, also rename
PSA_KEY_TYPE_GET_GROUP to PSA_KEY_TYPE_DH_GET_FAMILY and rename
psa_dh_group_t to psa_dh_family_t. Old defines are provided in
include/crypto_compat.h for backward compatibility.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2020-07-02 16:59:49 +01:00
Paul Elliott
8ff510ac26 Rename ECC Family Macros According to PSA Spec
Rename PSA_ECC_CURVE_xxx to PSA_ECC_FAMILY_xxx, also rename
PSA_KEY_TYPE_GET_CURVE to PSA_KEY_TYPE_ECC_GET_FAMILY and rename
psa_ecc_curve_t to psa_ecc_family_t. Old defines are provided in
include/crypto_compat.h for backward compatibility.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2020-07-02 16:59:30 +01:00
Ronald Cron
a123614699 tests: Move mbedtls_param_failed() to test common code
This makes the implementation of mbedtls_param_failed()
for testing purpose available to programs. Thus removing
the ad-hoc implementations in programs.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-07-02 09:59:38 +02:00
Ronald Cron
579fd28527 tests: Isolate mbedtls_param_failed() long jump
In preparation of moving mbedtls_param_failed() to test
common code, isolate mbedtls_param_failed() long
jump data and set up from unit test data and code.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-07-02 09:59:32 +02:00
Ronald Cron
76883ec853 tests: Isolate mbedtls_param_failed() call check
In preparation of moving mbedtls_param_failed() to test
common code, isolate mbedtls_param_failed() call check
from unit test data.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-07-02 09:39:37 +02:00
Ronald Cron
4e66587545 tests: Move mbedtls_param_failed() call location record
In preparation of moving mbedtls_param_failed() to test
common code, move mbedtls_param_failed() call location
record into a context dedicated to mbedtls_param_failed().

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-07-02 09:39:37 +02:00
Ronald Cron
55d97f2ca8 tests: Remove usage of mbedtls_test_hexify for comparison
Do not hexify binary data to compare them, do compare
them directly. That simplifies the check code and save
memory.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-07-02 09:39:30 +02:00
Ronald Cron
ac6ae35150 tests: suites: Remove hex in name of variables of type data_t
Remove `hex` in name of variables of type data_t to reserve it
for variables of type char* that are the hexadecimal
representation of a data buffer.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-07-01 17:10:15 +02:00
Janos Follath
be9a5752c2 Merge tag 'mbedtls-2.23.0' into merge-2.23.0-release-to-development
Mbed TLS 2.23.0
2020-07-01 11:23:17 +01:00
Janos Follath
0435cd8c23 Bump version to Mbed TLS 2.23.0
Executed "./scripts/bump_version.sh --version 2.23.0 --so-crypto 5"

A symbol has been removed from the mbedcrypto library since the last
release:
mbedtls_ecc_group_to_psa ( enum mbedtls_ecp_group_id grpid,
                           size_t* bits )

This is an ABI break and we need to increase the SO version.

Signed-off-by: Janos Follath <janos.follath@arm.com>
2020-06-29 22:41:30 +01:00
Gilles Peskine
82ac38ee5d
Merge pull request #3438 from ronald-cron-arm/programs-use-common-test-code
Add support to build and link test common code in programs
2020-06-29 10:29:36 +02:00
Gilles Peskine
7eefa22fb1 Fix copypasta in test case descriptions
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-06-26 22:54:47 +02:00
Gilles Peskine
b20b873bff Remove metadata tests for features that are not implemented
The metadata tests depend on the corresponding feature because there
is no guarantee that the metadata is correct if the feature is
disabled. There are metadata test cases for some algorithms and key
types that are declared but not supported. These test cases are
present but can never run.

It is debatable whether having these test cases is a good thing in
case they become runnable in the future, or a bad thing because
they're dead code. We're working on detecting test cases that are
never executed for accidental reasons (e.g. typo in a dependency or
missing configuration on the CI), and having test cases that are
deliberately never executed messes this up. So remove these test
cases. If we do implement the corresponding feature, it'll be easy to
add the corresponding metadata test cases.

The features that had metadata tests but no implementations were:

* SHA-512/256 and SHA-512/224 (hypothetical dependency: MBEDTLS_SHA512_256)
* DSA (hypothetical dependency: MBEDTLS_DSA_C)
* SHA-3 and HMAC-SHA-3 (hypothetical dependency: MBEDTLS_SHA3_C)

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-06-26 22:48:06 +02:00
Gilles Peskine
af9dbc9213 Fix dependency in PSA test cases
The test cases were never executed.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-06-26 22:45:30 +02:00
Gilles Peskine
a911b32e2f Fix dependency in AES GCM test case
The test case was never executed.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-06-26 22:40:58 +02:00
Gilles Peskine
961914df12
Merge pull request #3382 from stevew817/feature/volatile-keys-in-SE
Support volatile keys in external SE
2020-06-26 20:27:11 +02:00
Ronald Cron
a0c2539c4c Rework mbedtls_test_unhexify()
Rework mbedtls_test_unhexify to extend its scope of usage.
Return in error when the function detects an error instead
of calling mbedtls_exit().
Improve safety by checking the output buffer is not overrun.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-06-26 10:45:16 +02:00
Ronald Cron
9ed4073ea5 tests: Get rid of mbedtls_test_unhexify() in unit test code
In test functions calling mbedtls_test_unhexify(), change the
type of the associated parameters from `char*` to `data_t`.

That way the `unhexify` operation is done by the test
framework and not by the unit test code.

Use for the new parameters of type data_t the name of the
local variable that use to store the `unhexify` version of
the `char*` parameter.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-06-26 10:45:16 +02:00
Ronald Cron
c7ba560481 tests: ccm: Prepare to char* to data_t* type change
In preparation of changing the type of some parameters
of mbedtls_ccm_star_encrypt_and_tag/auth_decrypt from
`char *` to `data_t` to get rid of the calls to
mbedtls_test_unhexify():

- Change the name of parameters and local variables to
  clarify which ones are related to the outputs of the
  library functions under test and which ones are
  related to the expected values of those outputs.

- Use two different buffers to store the plain and cipher
  text as expected by the library functions.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-06-26 10:45:16 +02:00
Ronald Cron
df02eb00e0 tests: aes.ofb: Prepare to char* to data_t* type change
In preparation of changing the type of some parameters
of aes_encrypt_ofb() from `char *` to `data_t` to get rid
of the calls to mbedtls_test_unhexify():

- Change the name of parameters and local variables to
  clarify which ones are related to the outputs of the
  library functions under test and which ones are
  related to the expected values of those outputs.

- Add assertion on fragment_size parameter

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-06-26 10:45:16 +02:00
Ronald Cron
7370185ae3 tests: nist_kw: Prepare to char* to data_t* type change
In preparation of changing the type of some parameters
of mbedtls_nist_kw_wrap/unwrap() from `char *` to `data_t`
to get rid of the calls to mbedtls_test_unhexify():

- Change the name of parameters and local variables to
  clarify which ones are related to the outputs of the
  library functions under test and which ones are
  related to the expected values of those outputs.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-06-26 10:45:16 +02:00
Ronald Cron
7e512718fe tests: chacha20: Prepare to char* to data_t* type change
In preparation of changing the type of some parameters of
test_chacha20() from `char *` to `data_t` to get rid of the
calls to mbedtls_test_unhexify():

- Reduce the size of output[] buffer to 375 as its content
  is "ASCII expended" into a buffer of 751 bytes.
- Align naming of variables to store and check the
  output of mbedtls_chacha20_crypt(). No *dst* variables
  anynore, only *output* variables.
- Use two different buffers to store the expected output
  of mbedtls_chacha20_crypt() (expected_output_str[]) and
  the ASCII string representation of the output of
  mbedtls_chacha20_crypt() (output_string[]). Both were
  stored in dst_str[] before.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-06-26 10:45:16 +02:00
Ronald Cron
4030833bfe tests: hkdf: Prepare to char* to data_t* type change
In preparation of changing the type of some parameters
of test_hkdf() from `char *` to `data_t` to get rid of the
calls to mbedtls_test_unhexify():

- Align naming of variables related to the expected okm
- Rename `okm_hex[]` to `okm_string[]`
- Added TEST_ASSERT( expected_okm_len <= sizeof( okm ) ) to check
  that the okm[] buffer is large enough for the okm output.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-06-26 10:45:16 +02:00
Ronald Cron
e85a2c30bd tests: aria: Prepare to char* to data_t* type change
In preparation of changing the type of some parameters
of some test functions from `char *` to `data_t` to get
rid of the calls to mbedtls_test_unhexify():

- Align the name of source data length local variable
  with the name of the local variable containing the
  source data, respectively src_str and src_str_len.
- Change the type of length, index local variables
  from int to size_t.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-06-26 10:45:16 +02:00
Gilles Peskine
dda104558b
Merge pull request #3419 from ndilieto/development
Pass "certificate policies" extension to callback
2020-06-23 09:35:45 +02:00
Manuel Pégourié-Gonnard
25c7dbe342
Merge pull request #3435 from paul-elliott-arm/fix_dangerous_parameters
Remove Dangerous Parameter Passing
2020-06-22 09:37:00 +02:00
Manuel Pégourié-Gonnard
d335f2b6cb
Merge pull request #3421 from niacat/posix_c_source
Define _POSIX_C_SOURCE to be 200112L, as a minimum for C99.
2020-06-18 13:01:38 +02:00
Nicola Di Lieto
b77fad8ebe test_suite_x509parse.function improvement
as suggested in
https://github.com/ARMmbed/mbedtls/pull/3419#discussion_r441433697

also removed two no longer necessary void casts

Signed-off-by: Nicola Di Lieto <nicola.dilieto@gmail.com>
2020-06-17 17:59:49 +02:00
Nicola Di Lieto
c84b1e6aa0 Pass "certificate policies" extension to callback
Pass the "certificate policies" extension to the callback supplied to
mbedtls_x509_crt_parse_der_with_ext_cb() if it contains unsupported
policies. This allows the callback to fully replicate the behaviour
of the deprecated MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION
configuration.

Signed-off-by: Nicola Di Lieto <nicola.dilieto@gmail.com>
2020-06-17 17:55:29 +02:00
Steven Cooreman
f5a5e45ed1 Refactor equality-testing asserts in SE driver tests to TEST_EQUAL
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2020-06-17 13:54:18 +02:00
Steven Cooreman
a50f28338b Add test to check key ID's from the vendor range are accepted
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2020-06-17 13:52:42 +02:00
Paul Elliott
6a81eb6106 Remove Dangerous Parameter Passing
Another coverity bug - #350039

When this test discovers a key of the wrong type, it still throws it
through the export function in order to check that it too will detect
this as a not permitted action. For the buffer and buffer length
arguments it passes in a local pointer (which will most likely be NULL),
and the sizeof that pointer, as it knows that they will never be used.
Coverity rightly (imho) flagged this as suspicious - if we are going to
pass in incorrect parameters, at least make them obviously incorrect, and
ones that will not potentially cause errors if the code later changes.
There is, for example safety checks for zero length buffer, but less
protection for an insufficiently sized one.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2020-06-16 14:34:55 +01:00
Manuel Pégourié-Gonnard
9dfcae8b94
Merge pull request #3426 from paul-elliott-arm/resource_leak
Fix for resource leak in test_suite_ssl
2020-06-16 10:00:18 +02:00
Manuel Pégourié-Gonnard
b21b1f5e7c
Merge pull request #3387 from ronald-cron-arm/tests-common-code
Add support to build and link common code in tests
2020-06-15 11:33:19 +02:00
Ronald Cron
6c5bd7fd51 tests: Reformating due to rnd_* renaming
Command to find the files in which lines have gone
larger than 79 characters due to the renaming:

grep '.\{80\}' \
    `git diff-tree --no-commit-id --name-only -r HEAD` \
    | grep "\<mbedtls_test_rnd_"

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-06-12 14:33:08 +02:00
Ronald Cron
351f0eee20 tests: Add mbedtls_test_ prefix to rnd_* symbols
Add mbedtls_test_ prefix to rnd_buf_info and
rnd_pseudo_info types, to rnd_std_rand(),
rnd_zero_rand(), rnd_buffer_rand() and
rnd_pseudo_rand() functions.

Command to change *.function files:
find . -name "*.function" -exec awk -i inplace \
    '{sub(/rnd_(buf_info|pseudo_info|std_rand| \
    zero_rand|buffer_rand|pseudo_rand)/, \
    "mbedtls_test_&")}1' {} \;

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-06-12 14:33:08 +02:00
Ronald Cron
2dbba99708 tests: Reformating due to hexcmp() renaming
Command to find the files in which lines have gone
larger than 79 characters due to the renaming:

grep '.\{80\}' \
`git diff-tree --no-commit-id --name-only -r HEAD` \
| grep hexcmp

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-06-12 14:33:08 +02:00
Ronald Cron
de70b165a4 tests: Add mbedtls_test_ prefix to hexcmp()
Add mbedtls_test_ prefix to hexcmp() test helper
function.

Command to change *.function files:
find . -name "*.function" -exec awk -i inplace \
    '{sub(/hexcmp\>/,"mbedtls_test_&")}1' {} \;

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-06-12 14:33:08 +02:00
Ronald Cron
f73ab008d2 tests: Reformating due to unhexify_alloc() renaming
Command to find the files in which lines have gone
larger than 79 characters due to the renaming:

grep '.\{80\}' \
    `git diff-tree --no-commit-id --name-only -r HEAD` \
    | grep unhexify_alloc

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-06-12 14:33:08 +02:00
Ronald Cron
a256c7025f tests: Add mbedtls_test_ prefix to unhexify_alloc()
Add mbedtls_test_ prefix to unhexify_alloc() test helper
functions.

Command to change *.function files:
find . -name "*.function" -exec awk -i inplace \
    '{sub(/unhexify_alloc\>/,"mbedtls_test_&")}1' {} \;

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-06-12 14:33:08 +02:00
Ronald Cron
690f3ebe92 tests: Add mbedtls_test_ prefix to zero_alloc()
Add mbedtls_test_ prefix to zero_alloc() test helper
function.

Command to change *.function files:
find . -name "*.function" -exec awk -i inplace \
    '{sub(/zero_alloc/,"mbedtls_test_&")}1' {} \;

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-06-12 14:33:08 +02:00
Ronald Cron
ff31eab938 tests: Reformating due to *hexify functions renaming
Command to find the files in which lines have gone
larger than 79 characters due to the renaming:

grep '.\{80\}' \
`git diff-tree --no-commit-id --name-only -r HEAD` \
| grep hexify

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-06-12 14:33:08 +02:00
Ronald Cron
72d628f7f5 tests: Add mbedtls_test_ prefix to *hexify functions
Add mbedtls_test_ prefix to hexify() and unhexify()
test helper functions.

Command to change *.function files:
find . -name "*.function" -exec awk -i inplace \
    '{sub(/(un|)hexify\>/,"mbedtls_test_&")}1' {} \;

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-06-12 14:33:08 +02:00
Ronald Cron
e9c09f1efc tests: Add mbedtls_test_ prefix to platform_* functions
Add mbedtls_test_ prefix to platform_setup() and
platform_teardown() test helper functions.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-06-12 14:33:08 +02:00
Ronald Cron
2058d56fcc tests: Move random helper functions
Move helper functions to generate random numbers
from helpers.functions to random.c.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-06-12 14:33:08 +02:00
Ronald Cron
b7eb67fb74 tests: Add random.c and random.h files
The purpose of random.c file is to contain the helper
functions to generate random numbers that have been
in helpers.function so far.

The purpose of random.h is to contain the interface
exposed by random.c thus helper function prototypes.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-06-12 14:33:08 +02:00
Ronald Cron
f40529d5f4 tests: Move generic helper functions
Move generic helper functions from helpers.functions
to helpers.c

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-06-12 14:33:08 +02:00
Ronald Cron
b6d6d4c61a tests: Add helpers.c and helpers.h files
The purpose of helpers.c file is to contain the helper
functions that have been in helpers.function so far and
that are not related to the mechanism of unit test
execution and not related to random number generation
(will be moved in a dedicated file).

The purpose of helpers.h is to contain the interface
exposed by helpers.c thus helper function prototypes.

Make the changes in the build systems (make and cmake)
to build helpers.c and link it to test executables
along with mbedtls library.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-06-12 14:33:00 +02:00
Paul Elliott
6f1eda710c Fix for resource leak in test_suite_ssl
Fix for coverity bugs 349041, 349052

Allocated pointers could potentially be leaked in the case of errors.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2020-06-11 20:27:08 +01:00
nia
1c0c837ddc Define _POSIX_C_SOURCE to be 200112L, as a minimum for C99.
Strict platforms cannot be expected to accept C99 code as valid
when earlier standards versions are selected.

This helps the programs build on Solaris-like platforms (e.g.
illumos).

Fixes #3420

Signed-off-by: nia <nia@netbsd.org>
2020-06-11 18:39:28 +01:00
Janos Follath
5b66d44f5a
Merge pull request #3195 from paul-elliott-arm/development
Add min/max version negotiation to unit tests
2020-06-10 16:03:58 +01:00
Ronald Cron
849930a50e tests: Move generic macros to macros.h
Move generic macros from helpers.function to macros.h.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-06-10 16:03:47 +02:00
Ronald Cron
4b8b199ead tests: Add macros.h include file
Just adding an empty file. The purpose of this header
file is to contain the definition of generic macros
used for the purpose of testing.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-06-10 16:03:47 +02:00
Ronald Cron
f91c495379 tests: helpers: Update static qualifiers
In preparation of moving the content of helpers.function
to its own compilation unit, remove/add static qualifiers
where appropriate.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-06-10 16:03:47 +02:00
Ronald Cron
02c78b7825 tests: Create an include folder
Create an include folder dedicated to include files for
tests. With the upcoming work on tests for PSA crypto
drivers the number of includes specific to tests is going
to increase significantly thus create a dedicated folder.

Don't put the include files in the include folder but in
include/test folder. This way test headers can be included
using a test/* path pattern as mbedtls and psa headers
are included using an mbedtls/* and psa/* path pattern.
This makes explicit the scope of the test headers.

Move the existing includes for tests into include/test and
update the code and build systems (make and cmake)
accordingly.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-06-10 16:03:05 +02:00
Manuel Pégourié-Gonnard
87a51aa08e
Merge pull request #3243 from ndilieto/development
New mbedtls_x509_crt_parse_der_with_ext_cb() routine
2020-06-10 12:59:58 +02:00
Paul Elliott
c857044e94 Add min/max version negotiation to unit tests
Add the min/max version negotiation tests from ssl-opt.sh as unit
tests for the sake of utility and easier running of tests during
development

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2020-06-09 17:00:58 +01:00
Steven Cooreman
223f2877be Add test to check that volatile external keys do not get persisted
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2020-06-08 18:35:16 +02:00
Manuel Pégourié-Gonnard
a7f6d25e12
Merge pull request #3400 from mpg/fix-hmac-drbg-deps-dev
Fix undeclared dependencies on HMAC_DRBG and add test
2020-06-05 11:50:02 +02:00
Manuel Pégourié-Gonnard
e860fef438
Merge pull request #3318 from Jonas4420/development
Fix potential memory leak in EC multiplication
2020-06-05 11:43:52 +02:00
Manuel Pégourié-Gonnard
c03d499a58 Fix undeclared dep on deterministic ECDSA in test
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-06-05 09:21:49 +02:00
Janos Follath
bba4c17b7a
Merge pull request #3315 from hanno-arm/tls13-experimental-macro
Add support for TLS 1.3 record protection routines
2020-06-04 15:51:54 +01:00
Manuel Pégourié-Gonnard
6abc20e0e3
Merge pull request #3378 from mpg/fix-ctr-drbg-deps
Fix undeclared dependencies on CTR_DRBG (and add test)
2020-06-03 10:55:52 +02:00
Gilles Peskine
d6916d74c5
Merge pull request #3121 from gilles-peskine-arm/invasive_testing_strategy-crypto
Invasive testing strategy

Create a new header `common.h`.

Introduce a configuration option `MBEDTLS_TEST_HOOKS` for test-specific code, to be used in accordance with the invasive testing strategy.
2020-06-02 16:55:48 +02:00
Nicola Di Lieto
e58b4638e5 Unsupported extension tests in test_suite_x509parse
All combinations of critical or not, recognized or not by the
callback are now tested as requested in
https://github.com/ARMmbed/mbedtls/pull/3243#discussion_r432647880

In addition pass the OID of the unsupported extension to be parsed
to the callback using the opaque pointer, which makes the tests fail
if the library forwards the wrong pointer to the callback, as
requested in
https://github.com/ARMmbed/mbedtls/pull/3243#discussion_r432647392

Signed-off-by: Nicola Di Lieto <nicola.dilieto@gmail.com>
2020-05-29 23:11:28 +02:00
Manuel Pégourié-Gonnard
d12402ffc0 Fix undeclared deps on MBEDTLS_CTR_DRBG in tests
While at it, declare deps on ENTROPY as well.

A non-regression test will be added in a follow-up commit.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-05-29 11:27:07 +02:00
Nicola Di Lieto
5659e7e889 Add opaque context to mbedtls_x509_crt_ext_cb_t
Signed-off-by: Nicola Di Lieto <nicola.dilieto@gmail.com>
2020-05-28 23:41:38 +02:00
Nicola Di Lieto
17bb60c0f1 Tests for mbedtls_x509_crt_parse_der_with_ext_cb
Signed-off-by: Nicola Di Lieto <nicola.dilieto@gmail.com>
2020-05-28 23:20:47 +02:00
Hanno Becker
b54094bd7c Fix copy-pasta in TLS 1.3 record protection unit test names
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2020-05-28 15:41:44 +01:00
Hanno Becker
e683287710 Adapt SSL record protection unit test to setup TLS 1.3 transforms
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2020-05-28 10:32:23 +01:00
Hanno Becker
b2713abb8f Enhance record encryption unit tests by checking hidden content type
TLS 1.3 and DTLS 1.2 + CID hide the real content type of a record
within the record's inner plaintext, while always using the same
content type for the protected record:
- TLS 1.3 always uses ApplicationData
- DTLS 1.2 + CID always uses a special CID content type.

This commit enhances the record encryption unit test to check
that the record content type is indeed correctly hidden.

Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2020-05-28 10:32:23 +01:00
Hanno Becker
3169dad48b Add unit tests for TLS 1.3 record encryption
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2020-05-28 10:32:23 +01:00
Koh M. Nakagawa
46b8782a72 fix mbedtls_x509_dn_gets to escape non-ASCII characters
Signed-off-by: Koh M. Nakagawa <tsunekou1019@gmail.com>
2020-05-21 01:56:55 +09:00
Jonas
923d579369 Add test cases to check rng failure
Signed-off-by: Jonas <jonas.lejeune4420@gmail.com>
2020-05-13 14:25:47 +09:00
Gilles Peskine
344e15b010 Update SE support to pass a location when registering a driver
Now that lifetimes have structures and secure element drivers handle
all the lifetimes with a certain location, update driver registration
to take a location as argument rather than a lifetime.

This commit updates the tests.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-05-11 11:15:26 +02:00
Gilles Peskine
d9f694960f
Merge pull request #3190 from gilles-peskine-arm/config-full-clarify-development
Clarify that the full config enables everything that can be tested together
2020-05-04 12:29:09 +02:00
Gilles Peskine
dd2feead99
Merge pull request #3229 from gabor-mezei-arm/development
Fix spurious message about outcome file when running all.sh
2020-04-30 18:01:18 +02:00
Kenneth Soerensen
518d435e7b Fix GCC format-signedness warnings
Signed-off-by: Kenneth Soerensen <knnthsrnsn@gmail.com>
2020-04-22 16:01:48 +02:00
gabor-mezei-arm
88d7eee00b Check for empty string in outcome file name
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2020-04-22 11:07:34 +02:00
Gilles Peskine
31f88a29de Strict C99: make sure that fileno() is declared
<stdio.h> only declares the non-ISO-C function fileno() if an
appropriate POSIX symbol is defined or if using a compiler such as GCC
in non-pedantic mode. Define the appropriate POSIX symbol.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-04-20 15:39:36 +02:00
Gilles Peskine
b72df54f9b
Merge pull request #2840 from k-stachowiak/check-bounds-of-test-intex-in-suites
Add lower bound check to function index lookup
2020-04-20 15:19:55 +02:00