Commit Graph

500 Commits

Author SHA1 Message Date
John Durkop
816e043805 Update how test sets PSA_WANT_ALG_*
With the introduction of new tests for PSA crypto config features
the test needs to now be able to set and unset values from the
psa/crypto_config.h file. This change updates from passing the defines
as a build arguement to modifying the header files using config.py.

Signed-off-by: John Durkop <john.durkop@fermatsoftware.com>
2020-10-05 21:18:06 -07:00
John Durkop
d8959390c5 Add ECDSA support to PSA crypto configuration
Initial changes to PSA crypto core to support configuration
of ECDSA algorithm using PSA crypto configuration mechanism.
Guards using MBEDTLS_ECDSA_C and MBEDTLS_ECDSA_DETERMINISTIC have
been changed to be based off PSA_WANT_ALG_ECDSA and
PSA_WANT_ALG_ECDSA_DETERMINISTIC. Added new tests to all.sh to
confirm new settings are working properly. Current code does not
pass the tests since built in signature verification is not in place.

Signed-off-by: John Durkop <john.durkop@fermatsoftware.com>
2020-09-24 05:01:17 -07:00
Gilles Peskine
6bf4f5fb65
Merge pull request #3585 from jdurkop/fix/undefined-reference-3294
Fix the build with MBEDTLS_USE_PSA_CRYPTO without ECDSA
2020-09-10 21:59:49 +02:00
John Durkop
619e09e705 Minor update to all.sh to change test order
Moved the new component_test_depends_pkalgs_psa to after the
component_test_depends_pkalgs test to be more consistent.

Signed-off-by: John Durkop <john.durkop@fermatsoftware.com>
2020-09-08 22:19:56 -07:00
John Durkop
2ec2eaac31 Fix test issues with depends-hashes
Needed to make additional fixes so that when MBEDTLS_USE_PSA_CRYPTO
is defined, the depends-hashes test will succeed. There are two
versions of the ecdsa_verify_wrap() function, one with
MBEDTLS_USE_PSA_CRYPTO and when when it is not enabled. The non PSA
version is not using the md_alg parameter since it is not required.
The PSA version was using that parameter to derive a different value
it needed for PSA_ALG_ECDSA. The arguement of PSA_ALG_ECDSA is
ignored for psa_sign_hash and psa_verify_hash. It is present because
it is used and must be a valid hash, not zero, for psa_sign_hash
(but not psa_verify_hash) with PSA_ALG_DETERMINISTIC_ECDSA, and it is
needed for psa_sign_message and psa_verify_message which are not
implemented yet. The local parameter now uses PSA_ALG_ECDSA_ANY for
the verify function to avoid using the md_alg parameter and avoids
returning incorrect error codes.

Fixes #3587

Signed-off-by: John Durkop <john.durkop@fermatsoftware.com>
2020-09-08 05:40:41 -07:00
Steven Cooreman
f1720ea930 Fix macro naming to match inhouse style
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2020-09-04 14:22:27 +02:00
Steven Cooreman
1cd39d5229 Use own define for building with test drivers
Trying to compile in the PSA accelerator test driver under MBEDTLS_TEST_HOOKS
turned out to be awkward regarding existing builds. We'll put it under a
custom (not in config.h) define instead, since it's something that only
should happen in test.

Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2020-09-04 14:22:27 +02:00
Steven Cooreman
55ae2176ab Add and splice in signature verification through driver
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2020-09-04 14:22:27 +02:00
Steven Cooreman
d57203d955 Add driver tests and run them through all.sh
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2020-09-04 14:22:27 +02:00
Gilles Peskine
aeedd74b42 Pass -std=c99 to arm-none-eabi-gcc
GCC up to 4.x defaults to C89. On our CI, we run the arm-none-eabi-gcc
version from Ubuntu 16.04 on Travis, and that's 4.9, so the gcc-arm
builds started failing on Travis when we introduced a C99 construct in
the configurations that we test on arm on Travis. Other builds, and
Jenkins CI, are not affected because they use GCC 5.x or newer.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-09-02 11:03:04 +02:00
Janos Follath
d2ce916b58 Merge branch 'development-restricted' 2020-08-26 14:15:34 +01:00
Gilles Peskine
9e4d4387f0
Merge pull request #3433 from raoulstrackx/raoul/verify_crl_without_time
Always revoke certificate on CRL
2020-08-26 12:56:11 +02:00
Janos Follath
d4ac4e037b
Merge pull request #736 from mpg/cf-varpos-copy-dev-restricted
Constant-flow copy of HMAC from variable position
2020-08-25 14:35:55 +01:00
John Durkop
c14be901eb Add new test_depends_curves_psa to all.sh
Add new test (test_depends_curves_psa) to all.sh to confirm
that test is passing when MBEDTLS_USE_PSA_CRYPTO is defined.

Fix #3294

Signed-off-by: John Durkop <john.durkop@fermatsoftware.com>
2020-08-24 08:24:08 -07:00
John Durkop
f35069a82d Fix undefined ref error when ECDSA not defined
Add guards in pk_wrap.c to ensure if ECDSA is not defined, errors
are returned.
Remove warnings in pk.c for unused variables.
Add new test (test_depends_pkalgs_psa) to all.sh to confirm
when USE_PSA_CRYPTO is defined that features are working properly.

Fix #3294

Signed-off-by: John Durkop <john.durkop@fermatsoftware.com>
2020-08-24 08:20:56 -07:00
Dan Handley
abccfc1684 Merge development into development-restricted
* development:
  Update copyright notices to use Linux Foundation guidance
  Undef ASSERT before defining it to ensure that no previous definition has sneaked in through included files.
  Add ChangeLog entry for X.509 CN-type vulnerability
  Improve documentation of cn in x509_crt_verify()
  Fix comparison between different name types
  Add test: DNS names should not match IP addresses
  Remove obsolete buildbot reference in compat.sh
  Fix misuse of printf in shell script
  Fix added proxy command when IPv6 is used
  Simplify test syntax
  Fix logic error in setting client port
  ssl-opt.sh: include test name in log files
  ssl-opt.sh: remove old buildbot-specific condition
  ssl-opt.sh: add proxy to all DTLS tests

Signed-off-by: Dan Handley <dan.handley@arm.com>
2020-08-20 11:07:12 +01:00
Manuel Pégourié-Gonnard
73afa37507 Add option to test constant-flow with valgrind
Currently the new component in all.sh fails because
mbedtls_ssl_cf_memcpy_offset() is not actually constant flow - this is on
purpose to be able to verify that the new test works.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-08-20 10:22:41 +02:00
Bence Szépkúti
1e14827beb Update copyright notices to use Linux Foundation guidance
As a result, the copyright of contributors other than Arm is now
acknowledged, and the years of publishing are no longer tracked in the
source files.

Also remove the now-redundant lines declaring that the files are part of
MbedTLS.

This commit was generated using the following script:

# ========================
#!/bin/sh

# Find files
find '(' -path './.git' -o -path './3rdparty' ')' -prune -o -type f -print | xargs sed -bi '

# Replace copyright attribution line
s/Copyright.*Arm.*/Copyright The Mbed TLS Contributors/I

# Remove redundant declaration and the preceding line
$!N
/This file is part of Mbed TLS/Id
P
D
'
# ========================

Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2020-08-19 10:35:41 +02:00
Raoul Strackx
a4e86141f1 Always revoke certificate on CRL
RFC5280 does not state that the `revocationDate` should be checked.

In addition, when no time source is available (i.e., when MBEDTLS_HAVE_TIME_DATE is not defined), `mbedtls_x509_time_is_past` always returns 0. This results in the CRL not being checked at all.

https://tools.ietf.org/html/rfc5280
Signed-off-by: Raoul Strackx <raoul.strackx@fortanix.com>
2020-08-17 09:05:03 +02:00
Manuel Pégourié-Gonnard
c4af324a4b Merge branch 'development' into development-restricted
* development: (55 commits)
  Log change as bugfix
  Add changelog entry
  Clarify updates to the persistent state in storage
  With multiple applicable transparent drivers, the order is unspecified
  Minor clarifications
  Give some examples of purpsoses of pure-software transparent driver
  Fix typos
  Add a link to the PSA API specification
  Explain locations vs lifetimes
  Initialize key pointer in ecdh to NULL
  Add buffer zeroization when ecp_write_key fails
  Simplified key slot deletion
  Style fixes
  Use arc4random_buf instead of rand on NetBSD
  Apply review feedback
  Update open question section about public key storage
  Remove the paragraph about declaring application needs
  Change driver persistent data to a callback interface
  Rework and expand key management in opaque drivers
  Fix typos and copypasta
  ...
2020-08-14 10:11:21 +02:00
Manuel Pégourié-Gonnard
0b2112d304 Add comment on memsan + constant-flow testing 2020-07-27 09:33:49 +02:00
Gilles Peskine
d3beca9e38 Test Everest with only Curve25519 enabled
tests/scripts/curves.pl tests the library with a single curve enabled.
This uses the legacy ECDH context and the default ECDH implementation.
For Curve25519, there is an alternative implementation, which is
Everest. Test this. This also tests the new ECDH context, which
Everest requires.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-07-22 03:17:24 +02:00
Manuel Pégourié-Gonnard
6240defd17 Add MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN
This option allows to test the constant-flow nature of selected code, using
MemSan and the fundamental observation behind ctgrind that the set of
operations allowed on undefined memory by dynamic analysers is the same as the
set of operations allowed on secret data to avoid leaking it to a local
attacker via side channels, namely, any operation except branching and
dereferencing.

(This isn't the full story, as on some CPUs some instructions have variable
execution depending on the inputs, most notably division and on some cores
multiplication. However, testing that no branch or memory access depends on
secret data is already a good start.)

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-07-15 12:26:22 +02:00
Gilles Peskine
2426506fa0
Merge pull request #3458 from gilles-peskine-arm/analyze_outcomes-count_test_cases-1
Test outcome analysis: check that all available test cases have been executed
2020-07-03 15:12:44 +02:00
Gilles Peskine
fb4f933f8e Rename Python scripts to use '_' and not '-'
You can't import a Python script whose name includes '-'.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-06-25 14:22:06 +02:00
Janos Follath
4d1884916b Merge branch 'development-restricted' into mbedtls-2.23.0r0 2020-06-25 09:17:25 +01:00
Gilles Peskine
04c6b61f43
Merge pull request #2639 from mpg/use-all-sh-checks-for-pre-push
Use all.sh and its component list in pre-push hook
2020-06-23 14:37:16 +02:00
Gilles Peskine
c96d4e2739
Merge pull request #3410 from mpg/make-coverage-script-deterministic
Make basic-build-test.sh more deterministic
2020-06-22 12:30:48 +02:00
Manuel Pégourié-Gonnard
5430447a6e Adjust comments about SEED synchronisation
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-06-22 10:31:35 +02:00
Bence Szépkúti
c7da1fe381 Add Apache-2.0 headers to all scripts
This commit was generated using the following script:

# ========================
#!/bin/sh

# Find scripts
find -path './.git' -prune -o '(' -name '*.gdb' -o -name '*.pl' -o -name '*.py' -o -name '*.sh' ')' -print | xargs sed -i '

# Remove Mbed TLS declaration if it occurs before the copyright line
1,/Copyright.*Arm/I {
  /This file is part of/,$ {
    /Copyright.*Arm/I! d
  }
}

# Convert non-standard header in scripts/abi_check.py to the format used in the other scripts
/"""/,/"""/ {

  # Cut copyright declaration
  /Copyright.*Arm/I {
    h
    N
    d
  }

  # Paste copyright declaration
  /"""/ {
    x
    /./ {
      s/^/# /    # Add #
      x          # Replace orignal buffer with Copyright declaration
      p          # Print original buffer, insert newline
      i\

      s/.*//     # Clear original buffer
    }
    x
  }
}

/Copyright.*Arm/I {

  # Print copyright declaration
  p

  # Read the two lines immediately following the copyright declaration
  N
  N

  # Insert Apache header if it is missing
  /SPDX/! {
    i\
# SPDX-License-Identifier: Apache-2.0\
#\
# Licensed under the Apache License, Version 2.0 (the "License"); you may\
# not use this file except in compliance with the License.\
# You may obtain a copy of the License at\
#\
# http://www.apache.org/licenses/LICENSE-2.0\
#\
# Unless required by applicable law or agreed to in writing, software\
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT\
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\
# See the License for the specific language governing permissions and\
# limitations under the License.

    # Insert Mbed TLS declaration if it is missing
    /This file is part of/! i\
#\
# This file is part of Mbed TLS (https://tls.mbed.org)
  }

  # Clear copyright declaration from buffer
  D
}
'
# ========================

Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2020-06-15 12:05:47 +02:00
Manuel Pégourié-Gonnard
e050191ef5 Make basic-build-test.sh deterministic
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-06-08 13:04:10 +02:00
Manuel Pégourié-Gonnard
304b099534 all.sh: clean up some uses of "local" variables
While pure sh doesn't have a concept of local variables, we can partially
emulate them by unsetting variables before we exit the function, and use the
convention of giving them lowercase names to distinguish from global
variables.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-06-08 11:01:59 +02:00
Manuel Pégourié-Gonnard
f1f180a6a1 all.sh: keep dd output in non-quiet mode
Since dd prints everything on stderr, both normal status update and actual
errors when they occur, redirecting that to /dev/null is a trade-off that's
acceptable in quiet mode (typically used on a developer's machine and the
developer will re-run in non-quiet mode if anything fails without sufficient
detail in the output), but not that much in non-quiet mode.

For example, if our dd invocation fails because the disk in full on a CI
machine, we want the error to be reported at the time we invoke dd, and not
later when a seemingly unrelated test fails due to an incorrect seedfile.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-06-08 10:46:35 +02:00
Manuel Pégourié-Gonnard
53fb66db12 Add support for RESTARTABLE with internal RNG
Currently we draw pseudo-random numbers at the beginning and end of the main
loop. With ECP_RESTARTABLE, it's possible that between those two occasions we
returned from the multiplication function, hence lost our internal DRBG
context that lives in this function's stack frame. This would result in the
same pseudo-random numbers being used for blinding in multiple places. While
it's not immediately clear that this would give rise to an attack, it's also
absolutely not clear that it doesn't. So let's avoid that by using a DRBG
context that lives inside the restart context and persists across
return/resume cycles. That way the RESTARTABLE case uses exactly the
same pseudo-random numbers as the non-restartable case.

Testing and compile-time options:

- The case ECP_RESTARTABLE && !ECP_NO_INTERNAL_RNG is already tested by
  component_test_no_use_psa_crypto_full_cmake_asan.
- The case ECP_RESTARTABLE && ECP_NO_INTERNAL_RNG didn't have a pre-existing
  test so a component is added.

Testing and runtime options: when ECP_RESTARTABLE is enabled, the test suites
already contain cases where restart happens and cases where it doesn't
(because the operation is short enough or because restart is disabled (NULL
restart context)).

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-06-08 09:09:20 +02:00
Manuel Pégourié-Gonnard
1a3f9edc08 Add config.h option MBEDTLS_ECP_NO_INTERNAL_RNG
No effect so far, except on dependency checking, as the feature it's meant to
disable isn't implemented yet (so the descriptions in config.h and the
ChangeLog entry are anticipation for now).

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-06-08 09:09:20 +02:00
Manuel Pégourié-Gonnard
5b942dc45e Add test for dependencies on HMAC_DRBG in all.sh
Similarly to the recently-added tests for dependencies on CTR_DRBG:
constrained environments will probably want only one DRBG module, and we
should make sure that tests pass in such a configuration.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-06-05 09:29:51 +02:00
Janos Follath
bba4c17b7a
Merge pull request #3315 from hanno-arm/tls13-experimental-macro
Add support for TLS 1.3 record protection routines
2020-06-04 15:51:54 +01:00
Manuel Pégourié-Gonnard
6abc20e0e3
Merge pull request #3378 from mpg/fix-ctr-drbg-deps
Fix undeclared dependencies on CTR_DRBG (and add test)
2020-06-03 10:55:52 +02:00
Manuel Pégourié-Gonnard
a9119167e0 Make component_check_test_cases more -q frienly
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-06-02 11:52:14 +02:00
Manuel Pégourié-Gonnard
dfb114a843 Make check_generate_test_code more -q friendly
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-06-02 11:52:14 +02:00
Manuel Pégourié-Gonnard
2b2bdaa793 Add a --quiet option to all.sh
The primary purpose is to use it to run all.sh -k -q in the pre-push hook, but
this can be useful in any circumstance where you're not interested in the full
output from each component and just want a short summary of which components
were run (and if any failed).

Note that only stdout from components is suppressed, stderr is preserved so
that errors are reported. This means components should avoid printing to
stderr in normal usage (ie in the absence of errors).

Currently all the `check_*` components obey this convention except:
- check_generate_test_code: unittest prints progress to stderr
- check_test_cases: lots of non-fatal warnings printed to stderr

These components will be fixed in follow-up commits.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-06-02 11:52:14 +02:00
Manuel Pégourié-Gonnard
bf7ae6fb25 Silence dd invocation in all.sh
It brings no value and distracts us from the actual content.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-06-02 11:19:09 +02:00
Manuel Pégourié-Gonnard
817e368dfd Add test for building without CTR_DRBG
People who prefer to rely on HMAC_DRBG (for example because they use it for
deterministic ECDSA and don't want a second DRBG for code size reasons) should
be able to build and run the tests suites without CTR_DRBG.

Ideally we should make sure the level of testing (SSL) is the same regardless
of which DRBG modules is enabled, but that's a more significant piece of work.
For now, just ensure everything builds and `make test` passes.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-05-29 11:50:53 +02:00
Hanno Becker
a711f6e277 Add 'build+unit test' test for experimental TLS 1.3 code to all.sh
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2020-05-28 10:32:23 +01:00
Gilles Peskine
30e0bb4a24 Run assemble_changelog.py in all.sh
Avoid nasty surprises where it would fail when we want to make a release.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-05-27 21:55:10 +02:00
Gilles Peskine
d9f694960f
Merge pull request #3190 from gilles-peskine-arm/config-full-clarify-development
Clarify that the full config enables everything that can be tested together
2020-05-04 12:29:09 +02:00
Gilles Peskine
18487f62d8 all.sh: on arm builds (GCC or Arm Compiler), show the code size
Just show the code size in the logs, for human consumption.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-04-30 23:14:08 +02:00
Gilles Peskine
6e2fb86c1e all.sh: add a Cortex-M0+ build
It's pretty fast and adds a little variety.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-04-30 23:14:08 +02:00
Gilles Peskine
6537588d76 all.sh: build_arm_none_eabi_gcc: do optimize
Otherwise the bignum assembly code is not used.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-04-30 23:14:04 +02:00
Gilles Peskine
6d06134e93 Rename --arm-gcc-prefix to --arm-none-eabi-gcc-prefix
This is supposed to be for GCC (or a compiler with a compatible
command line interface) targeting arm-none-eabi, so name it
accordingly.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-04-30 18:41:35 +02:00