Commit Graph

851 Commits

Author SHA1 Message Date
Andrzej Kurek
a1149a70ae Add tests for "return plaintext data faster on unpadded decryption" 2018-03-30 05:00:19 -04:00
Jaeden Amero
82e288adb6 Merge remote-tracking branch 'upstream-public/pr/1494' into mbedtls-2.1-proposed 2018-03-29 10:59:43 +01:00
Jaeden Amero
478baecc06 Merge remote-tracking branch 'upstream-public/pr/1525' into mbedtls-2.1-proposed 2018-03-28 15:34:25 +01:00
Deomid Ryabkov
e42510305f Fix some test deps
* Cert revocation tests require `MBEDTLS_HAVE_TIME_DATE`.
 * Verison features tests require... well, `MBEDTLS_VERSION_FEATURES`, actually.

Fixes https://github.com/ARMmbed/mbedtls/issues/1475
2018-03-27 23:22:34 +02:00
Andres Amaya Garcia
748ddda494 Fix test dependencies of pkcs5 pbs2 on asn1 parse 2018-03-27 21:33:07 +01:00
Gilles Peskine
9a05d1a765 Add missing dependencies in test_suite_x509parse
Found by depends-hashes.pl and depends-pkgalgs.pl.
2018-03-23 02:29:02 +01:00
Gilles Peskine
2a74061198 Merge tag 'mbedtls-2.1.11' into iotssl-1381-x509-verify-refactor-2.1-restricted
Conflict resolution:

* ChangeLog
* tests/data_files/Makefile: concurrent additions, order irrelevant
* tests/data_files/test-ca.opensslconf: concurrent additions, order irrelevant
* tests/scripts/all.sh: one comment change conflicted with a code
  addition. In addition some of the additions in the
  iotssl-1381-x509-verify-refactor-restricted branch need support for
  keep-going mode, this will be added in a subsequent commit.
2018-03-23 02:28:33 +01:00
Jethro Beekman
1a886ff45f Fix parsing of PKCS#8 encoded Elliptic Curve keys.
The relevant ASN.1 definitions for a PKCS#8 encoded Elliptic Curve key are:

PrivateKeyInfo ::= SEQUENCE {
  version                   Version,
  privateKeyAlgorithm       PrivateKeyAlgorithmIdentifier,
  privateKey                PrivateKey,
  attributes           [0]  IMPLICIT Attributes OPTIONAL
}

AlgorithmIdentifier  ::=  SEQUENCE  {
  algorithm   OBJECT IDENTIFIER,
  parameters  ANY DEFINED BY algorithm OPTIONAL
}

ECParameters ::= CHOICE {
  namedCurve         OBJECT IDENTIFIER
  -- implicitCurve   NULL
  -- specifiedCurve  SpecifiedECDomain
}

ECPrivateKey ::= SEQUENCE {
  version        INTEGER { ecPrivkeyVer1(1) } (ecPrivkeyVer1),
  privateKey     OCTET STRING,
  parameters [0] ECParameters {{ NamedCurve }} OPTIONAL,
  publicKey  [1] BIT STRING OPTIONAL
}

Because of the two optional fields, there are 4 possible variants that need to
be parsed: no optional fields, only parameters, only public key, and both
optional fields. Previously mbedTLS was unable to parse keys with "only
parameters". Also, only "only public key" was tested. There was a test for "no
optional fields", but it was labelled incorrectly as SEC.1 and not run because
of a great renaming mixup.
2018-03-22 18:03:30 -07:00
Jaeden Amero
1c986a9859 Update version to 2.1.11 2018-03-16 16:29:30 +00:00
Jaeden Amero
23f503f12d Merge remote-tracking branch 'upstream-restricted/pr/465' into mbedtls-2.1-restricted-proposed 2018-03-14 18:32:21 +00:00
Jaeden Amero
5e50ff8f44 Merge remote-tracking branch 'upstream-restricted/pr/395' into mbedtls-2.1-restricted-proposed 2018-03-14 18:16:29 +00:00
Manuel Pégourié-Gonnard
74b8ae89c6 x509: CRL: add tests for non-critical extension
The 'critical' boolean can be set to false in two ways:
- by leaving it implicit (test data generated by openssl)
- by explicitly setting it to false (generated by hand)
2018-03-14 12:48:04 +01:00
Manuel Pégourié-Gonnard
85f36ae0a1 x509: CRL: add tests for malformed extensions
This covers all lines added in the previous commit. Coverage was tested using:

    make CFLAGS='--coverage -g3 -O0'
    (cd tests && ./test_suite_x509parse)
    make lcov
    firefox Coverage/index.html # then visual check

Test data was generated by taking a copy of tests/data_files/crl-idp.pem,
encoding it as hex, and then manually changing the values of some bytes to
achieve the desired errors, using https://lapo.it/asn1js/ for help in locating
the desired bytes.
2018-03-14 12:48:03 +01:00
Manuel Pégourié-Gonnard
b0661769ab x509: CRL: reject unsupported critical extensions 2018-03-14 09:28:24 +01:00
Gilles Peskine
df6f3dd9b0 Merge remote-tracking branch 'upstream-restricted/pr/430' into mbedtls-2.1-restricted-proposed 2018-03-13 17:28:42 +01:00
Gilles Peskine
8c1217984b Merge remote-tracking branch 'upstream-restricted/pr/360' into mbedtls-2.1-restricted-proposed
Conflicts:
* scripts/config.pl: reconciled parallel edits in a comment.
2018-03-13 17:26:49 +01:00
Manuel Pégourié-Gonnard
503047f824 Fix 2.1-specific remaining MD/PK depend issues
For library/certs.c the issue is resolved by aligning it with the version in
the 2.7 branch (which is currently the same as the version in the development
branch)
2018-03-13 11:53:48 +01:00
Gilles Peskine
5e533f43ee Merge remote-tracking branch 'upstream-public/pr/1373' into mbedtls-2.1-proposed 2018-03-12 23:51:50 +01:00
Gilles Peskine
8da4f864a5 Merge remote-tracking branch 'upstream-public/pr/1009' into mbedtls-2.1-proposed 2018-03-12 23:44:48 +01:00
Manuel Pégourié-Gonnard
62732b36fb Fix remaining issues found by depend-hashes 2018-03-12 15:52:55 +01:00
Manuel Pégourié-Gonnard
8326fb2e1f Fix remaining issues found by depend-pkalgs 2018-03-12 15:52:53 +01:00
Gert van Dijk
8111a8507d Tests: add omitted dependency on MBEDTLS_ECDSA_C in test_suite_debug
GitHub issue #1040 https://github.com/ARMmbed/mbedtls/issues/1040
2018-03-05 13:45:36 +01:00
Manuel Pégourié-Gonnard
dc8b7482e3 Fix test that didn't check full value of flags 2018-03-05 13:45:05 +01:00
Manuel Pégourié-Gonnard
3273955191 Unify name of default profile in X.509 tests 2018-03-05 13:45:05 +01:00
Manuel Pégourié-Gonnard
3f0f972ac5 Fix some whitespace 2018-03-05 13:45:05 +01:00
Manuel Pégourié-Gonnard
aa86a61181 Add test for callback and bad signatures
Our current behaviour is a bit inconsistent here:
- when the bad signature is made by a trusted CA, we stop here and don't
  include the trusted CA in the chain (don't call vrfy on it)
- otherwise, we just add NOT_TRUSTED to the flags but keep building the chain
  and call vrfy on the upper certs
2018-03-05 13:44:22 +01:00
Manuel Pégourié-Gonnard
7e00e1c26b Add test for bad name and callback
This ensures that the callback can actually clear that flag, and that it is
seen by the callback at the right level. This flag is not set at the same
place than others, and this difference will get bigger in the upcoming
refactor, so let's ensure we don't break anything here.
2018-03-05 13:44:22 +01:00
Manuel Pégourié-Gonnard
93d828cc83 Add test for same CA with different keys
When a trusted CA is rolling its root keys, it could happen that for some
users the list of trusted roots contains two versions of the same CA with the
same name but different keys. Currently this is supported but wasn't tested.

Note: the intermediate file test-ca-alt.csr is commited on purpose, as not
commiting intermediate files causes make to regenerate files that we don't
want it to touch.
2018-03-05 13:44:22 +01:00
Manuel Pégourié-Gonnard
ecff9e9891 Add test for CA forgery attempt
As we accept EE certs that are explicitly trusted (in the list of trusted
roots) and usually look for parent by subject, and in the future we might want
to avoid checking the self-signature on trusted certs, there could a risk that we
incorrectly accept a cert that looks like a trusted root except it doesn't
have the same key. This test ensures this will never happen.
2018-03-05 13:44:22 +01:00
Manuel Pégourié-Gonnard
9c9a2286a3 Add test for profile on trusted EE cert 2018-03-05 13:44:22 +01:00
Manuel Pégourié-Gonnard
94ff1c62dc Add tests for flags passed to f_vrfy
The tests cover chains of length 0, 1 and 2, with one error, located at any of
the available levels in the chain. This exercises all three call sites of
f_vrfy (two in verify_top, one in verify_child). Chains of greater length
would not cover any new code path or behaviour that I can see.
2018-03-05 13:44:22 +01:00
Manuel Pégourié-Gonnard
24310613e0 Add ability to test flags value in vrfy callback
So far there was no test ensuring that the flags passed to the vrfy callback
are correct (ie the flags for the current certificate, not including those of
the parent).

Actual tests case making use of that test function will be added in the next
commit.
2018-03-05 13:44:21 +01:00
Manuel Pégourié-Gonnard
f2fd546168 Fix depends_on:pk_alg in test suites 2018-03-05 13:41:18 +01:00
Manuel Pégourié-Gonnard
293b8848d3 Fix depends_on:curve in x509 tests 2018-03-05 13:36:22 +01:00
Manuel Pégourié-Gonnard
57176e5cd5 Fix missing depends_on:SHA/MD in x509 tests 2018-03-05 13:34:20 +01:00
Manuel Pégourié-Gonnard
6a42083f87 Add tests for spurious certs in the chain
We have code to skip them but didn't have explicit tests ensuring they are
(the corresponding branch was never taken).

While at it, remove extra copy of the chain in server10*.crt, which was
duplicated for no reason.
2018-03-05 13:34:20 +01:00
Manuel Pégourié-Gonnard
92cd3fe7b5 Add test for bad signature with longer chain
This is one line that wasn't covered in verify_child()
2018-03-05 13:34:20 +01:00
Manuel Pégourié-Gonnard
3c873462a5 Add test for expired cert in longer chain
That's two lines that were not covered in verify_child()
2018-03-05 13:34:20 +01:00
Manuel Pégourié-Gonnard
a8ed751200 Add tests for fatal error in vrfy callback
This shows inconsistencies in how flags are handled when callback fails:
- sometimes the flags set by the callback are transmitted, sometimes not
- when the cert if not trusted, sometimes BADCERT_NOT_TRUSTED is set,
  sometimes not

This adds coverage for 9 lines and 9 branches. Now all lines related to
callback failure are covered.
2018-03-05 13:34:20 +01:00
Manuel Pégourié-Gonnard
3d12638824 Add ability to test failing vrfy callback 2018-03-05 13:34:20 +01:00
Manuel Pégourié-Gonnard
9c1282c138 Add tests for profile enforcement
Now all checks related to profile are covered in:
- verify_with_profile()
- verify_child()
- verify_top()
(that's 10 lines that were previously not covered)

Leaving aside profile enforcement in CRLs for now, as the focus is on
preparing to refactor cert verification.
2018-03-05 13:34:20 +01:00
Manuel Pégourié-Gonnard
90eb5d97fb Set deterministic flags for NULL profile
Previously flags was left to whatever value it had before. It's cleaner to
make sure it has a definite value, and all bits set looks like the safest way
for when it went very wrong.
2018-03-05 13:34:20 +01:00
Manuel Pégourié-Gonnard
c53082cdf5 Add "profile" arg to X.509 test function
Unused yet, tests using it will be added in the next commit
2018-03-05 13:34:20 +01:00
itayzafrir
cabc098a0f Test suite test_suite_pk test pk_rsa_overflow passes valid parameters for hash and sig.
Test suite test_suite_pk test pk_rsa_overflow passes valid parameters for hash and sig.
2018-03-05 09:50:58 +02:00
Gilles Peskine
ac33180219 Merge branch 'pr_1354' into mbedtls-2.1 2018-02-20 16:37:17 +01:00
Gilles Peskine
2e50efad44 Merge remote-tracking branch 'upstream-public/pr/1334' into mbedtls-2.1-proposed 2018-02-14 15:13:37 +01:00
Antonio Quartulli
0a63f9ea40 tests_suite_pkparse: new PKCS8-v2 keys with PRF != SHA1
Extend the pkparse test suite with the newly created keys
encrypted using PKCS#8 with PKCS#5 v2.0 with PRF being
SHA224, 256, 384 and 512.

Signed-off-by: Antonio Quartulli <antonio@openvpn.net>
2018-02-14 11:12:58 +01:00
Antonio Quartulli
b0fe7bea85 tests/pkcs5/pbkdf2_hmac: extend array to accommodate longer results
Some unit tests for pbkdf2_hmac() have results longer than
99bytes when represented in hexadecimal form.

For this reason extend the result array to accommodate
longer strings.

At the same time make memset() parametric to avoid
bugs in the future.

Signed-off-by: Antonio Quartulli <antonio@openvpn.net>
2018-02-14 11:12:58 +01:00
Antonio Quartulli
6ae1fe0c2c tests/pkcs5/pbkdf2_hmac: add unit tests for additional SHA algorithms
Test vectors for SHA224,256,384 and 512 have been
generated using Python's hashlib module by the
following oneliner:

import binascii, hashlib
binascii.hexlify(hashlib.pbkdf2_hmac(ALGO, binascii.unhexlify('PASSWORD'), binascii.unhexlify('SALT'), ITER, KEYLEN)))

where ALGO was 'sha224', 'sha256', 'sha384' and 'sha512'
respectively.

Values for PASSWORD, SALT, ITER and KEYLEN were copied from the
existent test vectors for SHA1.

For SHA256 we also have two test vectors coming from RFC7914 Sec 11.

Signed-off-by: Antonio Quartulli <antonio@openvpn.net>
2018-02-14 11:12:58 +01:00
Antonio Quartulli
b9e3c6d9c6 pkcs5v2: add support for additional hmacSHA algorithms
Currently only SHA1 is supported as PRF algorithm for PBKDF2
(PKCS#5 v2.0).
This means that keys encrypted and authenticated using
another algorithm of the SHA family cannot be decrypted.

This deficiency has become particularly incumbent now that
PKIs created with OpenSSL1.1 are encrypting keys using
hmacSHA256 by default (OpenSSL1.0 used PKCS#5 v1.0 by default
and even if v2 was forced, it would still use hmacSHA1).

Enable support for all the digest algorithms of the SHA
family for PKCS#5 v2.0.

Signed-off-by: Antonio Quartulli <antonio@openvpn.net>
2018-02-14 11:12:58 +01:00