Commit Graph

2955 Commits

Author SHA1 Message Date
Ron Eldor
6e76108e15 Fix endianity issue when reading uint32
The uint32 is given as a bigendian stream, in the tests, however,
the char buffer that collected the stream read it as is,
without converting it. Add a temporary buffer, to call `greentea_getc()`
8 times, and then put it in the correct endianity for input to `unhexify()`.
2019-09-25 14:53:35 +03:00
Ron Eldor
2ad73aa388 Increase test suite timeout
Increase the test suite timeouit from 180 seconds, to 800 seconds,
since some tests consume more time, even if all tests are skipped.
2019-09-25 14:53:26 +03:00
Ron Eldor
3adb981383 Reduce stack usage of test_suite_pkcs1_v15
Reduce the stack usage of the `test_suite_pkcs1_v15` by reducing the
size of the buffers used in the tests, to a reasonable big enough size.
2019-09-25 14:53:15 +03:00
Ron Eldor
5d7254a091 Reduce stack usage of test_suite_pkcs1_v21
Reduce the stack usage of the `test_suite_pkcs1_v21` by reducing the
size of the buffers used in the tests, to a reasonable big enough size,
and change the size sent to the API to sizeof output.
2019-09-25 14:53:04 +03:00
Ron Eldor
e4c5fa74b8 Reduce stack usage of test_suite_rsa
Reduce the stack usage of the `test_suite_rsa` by reducing the
size of the buffers used in the tests, to a reasonable big enough size,
and change the data size to decrypt in the data file.
2019-09-25 14:51:19 +03:00
Ron Eldor
5533f4aff1 Reduce stack usage of test_suite_pk
Reduce the stack usage of the `test_suite_pk` by reducing the
size of the buffers used in the tests, to a reasonable big enough size.
2019-09-25 14:51:12 +03:00
Simon Butcher
8d0684dd06 Merge remote-tracking branch 'public/pr/2835' into baremetal 2019-09-24 15:28:35 +01:00
Manuel Pégourié-Gonnard
6d229f8af0 Adapt EC-JPAKE test suite to hardcodable hash 2019-09-19 12:07:58 +02:00
Manuel Pégourié-Gonnard
073c1e1391 Remove pk_info from pk_context_t with SINGLE_TYPE
In very reduced configurations, we don't want the overhead of maintaining a
bool just to remember if the context is valid and checking that bit at every
point of entry.

Note: so far this validity bit also served as a proxy to ensure that pk_ctx
was valid (currently this is a pointer to a dynamically-allocated buffer). In
the next series of commits, this will be changed to a statically-allocated
buffer, so there will be no question about its validity.

In the end (after this commit and the next series), a pk_context_t will be
(memory-wise) just the same as a mbedtls_uecc_keypair when SINGLE_TYPE is
enabled - meaning the PK layer will have zero memory overhead in that case.
2019-09-19 10:45:14 +02:00
Manuel Pégourié-Gonnard
020d9ba4ed Introduce abstraction mbedtls_pk_handle_t
This is the first in a series of commit aimed at removing the pk_info
structures when we're building with MBEDTLS_PK_SINGLE_TYPE enabled.

Introducing this abstraction allows us to later make it a two-valued type
(valid, invalid) instead, which is much lighter.
2019-09-19 10:45:14 +02:00
Manuel Pégourié-Gonnard
1c1cc0d373 Add config.h option MBEDTLS_PK_SINGLE_HASH
No effect for now, just declaring it here, implemented in subsequent commits.

The option requires MBEDTLS_USE_TINYCRYPT and is incompatible with
MBEDTLS_PK_RSA_ALT_SUPPORT and MBEDTLS_RSA_C.

Currently users (including the X.509 and SSL libraries) assume that if both PK
and RSA are enabled, then RSA is available through PK. If we allowed RSA to be
enabled together with PK_SINGLE_TYPE, we'd break that assumption. Going
through the code to find all place that rely on that assumption and fix them
would be cumbersome, and people who want PK_SINGLE_TYPE are unlikely to care
about RSA anyway, so let's just make them incompatible.

This is also consistent with what's done in the MD module: MD_SINGLE_HASH
requires that exactly one hash be enabled.
2019-09-19 10:45:14 +02:00
Manuel Pégourié-Gonnard
097628f871 Fix undeclared dependency on RSA_ALT in tests 2019-09-19 10:45:14 +02:00
Manuel Pégourié-Gonnard
e5a0b366f8 Merge branch 'baremetal' into baremetal-2.16-20190909
* baremetal: (78 commits)
  Review corrections 6
  Review corrections 5
  Minor changes to tinycrypt README
  Typos in the tinycrypt README
  Addition of copyright statements to tinycrypt files
  Add LICENSE and README for tinycrypt
  Add SPDX lines to each imported TinyCrypt file
  Review corrections 4
  Review corrections 3
  Review corrections 2
  Review corrections
  Update signature of BE conversion functions
  Use function for 16/24/32-bit BE conversion
  x509.c: Minor readability improvement
  x509_crt.c: Indicate guarding condition in #else branch
  X.509: Don't remove verify callback by default
  Fix Doxygen warnings regarding removed verify cb+ctx parameters
  ECC restart: Use optional verification mode in bad signature test
  Re-implement verify chain if vrfy cbs are disabled
  Add zero-cost abstraction layer for CRT verification chain
  ...
2019-09-12 09:58:14 +02:00
Simon Butcher
88b535a47e Merge remote-tracking branch 'origin/pr/654' into baremetal 2019-09-10 14:54:28 +01:00
Simon Butcher
303d399f42 Merge remote-tracking branch 'origin/pr/609' into baremetal 2019-09-10 14:50:04 +01:00
Simon Butcher
9bdd13b2e7 Merge remote-tracking branch 'origin/pr/621' into baremetal 2019-09-10 14:49:35 +01:00
Manuel Pégourié-Gonnard
8abd0a0c84 Merge branch 'mbedtls-2.16' into baremetal-2.16-20190909
* mbedtls-2.16: (28 commits)
  Bump version to Mbed TLS 2.16.3
  Changelog entry
  Check for zero length and NULL buffer pointer
  ssl-opt.sh: wait for proxy to start before running the script further
  Fix uninitialized variable in x509_crt
  HMAC DRBG: Split entropy-gathering requests to reduce request sizes
  Fix the license header of hkdf
  Add a change log entry
  Add a test for mlaformed ECJPAKE context
  Fix handling of md failure
  Add a test for signing content with a long ECDSA key
  Add documentation notes about the required size of the signature buffers
  Add missing MBEDTLS_ECP_C dependencies in check_config.h
  Change size of preallocated buffer for pk_sign() calls
  Adapt ChangeLog
  Fix mpi_bigendian_to_host() on bigendian systems
  Add ChangeLog entry for new function
  Add ChangeLog entry
  Correct deterministic ECDSA behavior
  Add warning for alternative ECDSA implementations
  ...
2019-09-10 11:27:14 +02:00
Andrzej Kurek
60ebd98a50 Enable MBEDTLS_MEMORY_DEBUG in memory buffer alloc test in all.sh 2019-09-10 03:07:44 -04:00
Andrzej Kurek
c73f857217 Remove unnecessary memory buffer alloc and memory backtrace unsets
Also unify the sanitization LDFLAGS with development
2019-09-10 03:07:29 -04:00
Simon Butcher
7fce190774 Merge remote-tracking branch 'origin/pr/635' into HEAD 2019-09-09 14:20:03 +01:00
Andrzej Kurek
1f5a596fe2 Disable DTLS proxy tests for MEMORY_BUFFER_ALLOC test 2019-09-09 05:29:02 -04:00
Andrzej Kurek
1d0708215b all.sh: restructure memory allocator tests
Run basic tests and ssl-opt with memory backtrace disabled, then
run basic tests only with it enabled.
2019-09-09 05:28:53 -04:00
Hanno Becker
d130b98c68 Add missing dependency in memory buffer alloc set in all.sh 2019-09-09 05:28:42 -04:00
Hanno Becker
f8799e8b84 Add all.sh run with full config and ASan enabled 2019-09-09 05:25:33 -04:00
Hanno Becker
74b5e34d1b Add all.sh run with MBEDTLS_MEMORY_BUFFER_ALLOC_C enabled
With the removal of MBEDTLS_MEMORY_BUFFER_ALLOC_C from the
full config, there are no tests for it remaining in all.sh.
This commit adds a build as well as runs of `make test` and
`ssl-opt.sh` with MBEDTLS_MEMORY_BUFFER_ALLOC_C enabled to all.sh.
2019-09-09 05:25:21 -04:00
Andrzej Kurek
a9c2a3b244 Adapt all.sh to removal of buffer allocator from full config
Previously, numerous all.sh tests manually disabled the buffer allocator
or memory backtracting after setting a full config as the starting point.

With the removal of MBEDTLS_MEMORY_BACKTRACE and MBEDTLS_MEMORY_BUFFER_ALLOC_C
from full configs, this is no longer necessary.
2019-09-09 05:22:39 -04:00
Hanno Becker
03d7746927 ECC restart: Use optional verification mode in bad signature test
This way, the verification failure string will still be printed
even if verification callbacks are disabled, allowing to increase
test coverage.
2019-09-09 09:55:31 +01:00
Hanno Becker
9ec3fe0d43 Introduce configuration option to remove CRT verification callbacks 2019-09-09 09:55:31 +01:00
Hanno Becker
f207562cdc Fixup: Typo in all.sh component description for single-MD hardcoding 2019-09-09 09:45:57 +01:00
Hanno Becker
c763e9dc70 Add test for MD hardcoding to all.sh 2019-09-09 09:45:57 +01:00
Hanno Becker
d9bf935725 Disable invalid argument MD test case
With the removal of the MD handle from the MD context, it's a precondition
for any MD API outside of mbedtls_md_init() and mbedtls_md_setup() that
the MD context has been successfully setup by precisely those functions
beforehand, and hence must be bound to the single enabled valid MD handle.
2019-09-09 09:45:57 +01:00
Hanno Becker
d03949e2a4 Remove md_wrap.c and md_internal.h 2019-09-09 09:45:57 +01:00
Hanno Becker
530387eaa3 Introduce getter functions for MD info fields
This commit continues the introduction of the MD digest implementation
abstraction layer given by `mbedtls_md_handle_t` by adding getter
functions returning the various properties of an implementation
(e.g. name, digest type, digest size). For the existing implementation,
these are just structure field accesses; however, in configurations
hardcoding the choice of a fixed digest algorithm, we'll be able to
implement them as inline functions returning compile-time constants.
2019-09-09 09:45:57 +01:00
Hanno Becker
a5cedbcd3f Introduce MD handle type
As has been previously done for ciphersuites, this commit introduces
a zero-cost abstraction layer around the type

  mbedtls_md_info const *

whose valid values represent implementations of message digest algorithms.

Access to a particular digest implementation can be requested by name or
digest ID through the API mbedtls_md_info_from_xxx(), which either returns
a valid implementation or NULL, representing failure.

This commit replaces such uses of `mbedtls_md_info const *` by an abstract
type `mbedtls_md_handle_t` whose valid values represent digest implementations,
and which has a designated invalid value MBEDTLS_MD_INVALID_HANDLE.

The purpose of this abstraction layer is to pave the way for builds which
support precisely one digest algorithm. In this case, mbedtls_md_handle_t
can be implemented as a two-valued type, with one value representing the
invalid handle, and the unique valid value representing the unique enabled
digest.
2019-09-09 09:45:57 +01:00
Manuel Pégourié-Gonnard
505be8be4d Remove unnecessary depends in a test case 2019-09-09 10:21:30 +02:00
Manuel Pégourié-Gonnard
d6ac3308cd Adjust depends-hashes.pl to test NO_SHA224 as well 2019-09-09 10:21:30 +02:00
Manuel Pégourié-Gonnard
394c5fb24b Implement NO_SHA224 in MD layer as well 2019-09-09 10:21:30 +02:00
Manuel Pégourié-Gonnard
5a26ff3cf9 Declare dependencies on !NO_SHA224 in test suites 2019-09-09 10:21:30 +02:00
Jarno Lamsa
28012e2ea2 Remove redundant rng wrapper 2019-09-09 08:42:11 +03:00
Jarno Lamsa
f35f35bcbe Use rnd_std_rand for generating hash 2019-09-09 08:19:56 +03:00
Jarno Lamsa
a7e0f632fc Add unit tests for primitive test vectors
Add a unit test for both ECDSA and ECDH, testing
reference test vectors for secp256r1.
2019-09-09 08:19:56 +03:00
Jarno Lamsa
34fcbfe287 Add rng for the tinycrypt tests
Use rnd_std_rand for the rng.
2019-09-09 08:19:56 +03:00
Jarno Lamsa
6c2f76e9cd Add a unit test for ECDSA
Add a basic unit test for the ECDSA part of the tinycrypt.
It generates keys, signs and verifies. Modified from tinycrypt
tests found in tinycrypt-repository.
2019-09-09 08:19:56 +03:00
Jarno Lamsa
7c5dc6b20a Add test suite for tinycrypt
Initially add a test for ECDH-part.
2019-09-09 08:19:56 +03:00
Simon Butcher
0e895727be Merge remote-tracking branch 'origin/pr/656' into baremetal 2019-09-07 12:48:28 +01:00
Jaeden Amero
fcb8711f6f Bump version to Mbed TLS 2.16.3 2019-09-06 13:27:00 +01:00
Teppo Järvelin
f69e641e03 Changed x509_internal.h methods as static.
Moved some functions under defined to get rid of compiler warnings.
Functions moved under defines:
 - mbedtls_x509_get_alg
 - mbedtls_x509_get_alg_null
 - mbedtls_x509_get_time
 - mbedtls_x509_get_ext
 - mbedtls_x509_sig_alg_gets
 - mbedtls_x509_key_size_helper

Left one function (mbedtls_x509_write_names) as non static as it increased code size.
2019-09-06 10:03:36 +03:00
Jaeden Amero
89408672eb Merge remote-tracking branch 'origin/mbedtls-2.16' into mbedtls-2.16-restricted
* origin/mbedtls-2.16:
  Changelog entry
  Check for zero length and NULL buffer pointer
  ssl-opt.sh: wait for proxy to start before running the script further
  Adapt ChangeLog
  Fix mpi_bigendian_to_host() on bigendian systems
2019-09-05 18:14:55 +01:00
Hanno Becker
7bcf2b5875 Introduce version comparing functions
This zero-cost abstraction allows to change the internal encoding
of TLS/DTLS versions in the future.
2019-09-05 17:37:55 +01:00
Hanno Becker
963d49f79a ssl-opt.sh: Remove now-redundant explicit DTLS dependencies
Dependencies on DTLS are now auto-detected from the command line.
2019-09-05 14:55:56 +01:00
Hanno Becker
a43f85c9b2 ssl-opt.sh: Auto-skip tests depending on DTLS 2019-09-05 14:51:20 +01:00
Hanno Becker
fcda6ddae1 Fixup: Correct typo in DTLS only component of all.sh 2019-09-05 14:50:00 +01:00
Hanno Becker
baac25d2bf Add DTLS-only build + test to all.sh 2019-09-05 13:57:01 +01:00
Hanno Becker
73b72d1890 ssl-opt.sh: Auto-skip tests using TLS if TLS is disabled 2019-09-05 13:57:01 +01:00
Hanno Becker
d601854548 Fixup TinyCrypt Tests: Remove redundant guards 2019-09-04 16:19:49 +01:00
Hanno Becker
fe08844bac TinyCrypt Test: Include ECDH and ECDHE-PSK in all.sh TinyCrypt test 2019-09-04 16:19:49 +01:00
Hanno Becker
8b3408f1a8 TinyCrypt Test: Run ssl-opt.sh without restrictions
Previously, the TinyCrypt component in all.sh restricted the ssl-opt.sh
to the 'Default, DTLS' test, due to implicit dependencies on Secp384r1.
These dependencies are now explicit and ssl-opt.sh skips corresponding
tests accordingly, so we can introduce a full run of ssl-opt.sh into
the TinyCrypt test in all.sh.
2019-09-04 16:19:49 +01:00
Hanno Becker
69c6cde728 ssl-opt.sh: Detect use of CRTs using Secp384R1 and potentially skip
This commit modifies ssl-opt.sh to autodetect the use of test certificates
server5.* server6.* test-ca2.* using Secp384r1, and skips the corresponding
tests if MBEDTLS_ECP_DP_SECP384R1_ENABLED isn't set.
2019-09-04 16:19:49 +01:00
Hanno Becker
6b2b22164c depends-pkalgs.pl: Unset all EC curves when testing !MBEDTLS_ECP_C 2019-09-04 16:19:49 +01:00
Hanno Becker
325eb337bd TinyCrypt Test: Disable all legacy ECCs in TinyCrypt all.sh test 2019-09-04 16:19:49 +01:00
Hanno Becker
4873fde059 TinyCrypt Test: Expand scope of compatibility testing for TinyCrypt
Previously, the TinyCrypt all.sh test restricted the run of compat.sh
to DTLS 1.2 and listed a few explicit ciphersuites.

This commit widens the scope of the test by testing any ciphersuite
based on ECDHE-ECDSA, regardless of TLS/DTLS or the particular version.

Further, it doesn't exclude SHA-384 as done previously.
2019-09-04 16:19:49 +01:00
Hanno Becker
7c2cd3e9d3 TinyCrypt Test: Force use of Secp256r1 CRTs and Keys in all.sh test
This commit uses the flexibility of being able to chose CRTs and keys
to be used by compat.sh through predefined environment variables to
force the use of Secp256r1 certificates and keys in the all.sh test
for TinyCrypt.
2019-09-04 16:19:49 +01:00
Hanno Becker
70c7373f81 compat.sh: Introduce env variable for CRTs, CAs and keys
This commit introduces environment variables

- SRV_ECDSA_CRT
- SRV_ECDSA_KEY
- CLI_ECDSA_CRT
- CLI_ECDSA_KEY
- SRV_RSA_CRT
- SRV_RSA_KEY
- CLI_RSA_CRT
- CLI_RSA_KEY
- CA_FILE

to tests/compat.sh which hold the path of the CA, client and server
certificate and key files to use by the script.

This is a preparatory step towards switching to a different set of
certificates and keys in case the configuration doesn't match the
certificates in use so far (e.g.: the ECDSA certificates use Secp384r1,
so if that's disabled, ECDSA tests will fail).
2019-09-04 16:19:49 +01:00
Hanno Becker
0e83f7252f TinyCrypt Test: Don't expect ECP error code
We want to be able to remove all legacy ECC entirely when using TinyCrypt.
In particular, we cannot rely on legacy ECC identifiers.
2019-09-04 16:17:45 +01:00
Hanno Becker
6e2fddec7e TinyCrypt Test: Disable det-ECDSA x509write test for TinyCrypt
TinyCrypt only implements non-deterministic ECDSA.
2019-09-04 16:17:45 +01:00
Hanno Becker
179c15f6b0 TinyCrypt Test: Add PK priv'key test for TinyCrypt-based Secp256r1
Even though exhaustive testing of TinyCrypt is left for later,
without this test we don't have any evidence that PK writing
works for TinyCrypt-based PK context.
2019-09-04 16:17:45 +01:00
Hanno Becker
3eb0ee23a0 TinyCrypt Test: Disable x509parse tests that don't apply to TC
TinyCrypt only supports Secp256r1, so skip all tests in test_suite_x509parse
which use different curves, while splitting those which rely on Secp256r1
alone into two tests: one for legacy ECC, and one for TinyCrypt.

Studying and improving the TinyCrypt test coverage is left for a later commit.
2019-09-04 16:17:45 +01:00
Hanno Becker
06e2bf6d01 TinyCrypt Test: Disable CRT print test in test_suite_debug if TC on 2019-09-04 16:17:45 +01:00
Hanno Becker
fdd294a79f TinyCrypt Test: Skip pkwrite test cases that don't apply to TinyCrypt
The current pkwrite tests involving ECC all use curves different
from Secp256r1, so they don't apply to TinyCrypt.

Adding tests for TinyCrypt is left to a later commit.
2019-09-04 16:17:25 +01:00
Hanno Becker
d84dbe559f TinyCrypt Test: Adapt pub/prv ECC key parsing tests to TinyCrypt 2019-09-04 16:17:25 +01:00
Hanno Becker
c10c9bfc10 TinyCrypt Test: Add guards to ECDSA verify tests from PK test suite
- The underlying test vectors are for Secp192r1, while TinyCrypt uses Secp256r1.
- The test implementation is specific to the structure of legacy-ECC PK ctxs.

Addition of analogous tests for TinyCrypt-based ECC PK contexts are left
for a later commit.
2019-09-04 16:17:25 +01:00
Hanno Becker
251d7523fe TinyCrypt Test: Adapt 'PK utils: ECKEY' test in PK test suite 2019-09-04 16:17:25 +01:00
Hanno Becker
f2bf115057 TinyCrypt Test: Initialize TinyCrypt RNG in test suites if enabled 2019-09-04 16:17:25 +01:00
Hanno Becker
b1074979b8 all.sh: Remove default + TinyCrypt test from all.sh
TinyCrypt and legacy ECC are mutually exclusive by now, and this
commit removes the all.sh test which exercises both simultaenously.
2019-09-04 16:17:25 +01:00
Hanno Becker
49ac40b81b Fixup: Don't reference legacy ECP curve identifier in config.h
TinyCrypt should be used as a replacement of legacy ECC. In particular,
there shouldn't be any use of identifiers from the legacy ECC module.

So far, there's the configuration option

  MBEDTLS_SSL_CONF_SINGLE_EC_GRP_ID

that's relevant if MBEDTLS_SSL_CONF_SINGLE_CURVE is set, and which in
this case must resolve to an identifier of type mbedtls_ecp_group_id
indicating which single curve to enable.

With the introduction of TinyCrypt, we must either change the type
of this option to mbedtls_uecc_group_id, or introduce a separate
compilation option.

In order to avoid type confusion, this commit follows tha latter
approach, introducing the configuration option

  MBEDTLS_SSL_CONF_SINGLE_UECC_GRP_ID

that indicatesthe TinyCrypt group identifier of the single curve
to use (must be Secp256r1) if MBEDTLS_SSL_CONF_SINGLE_CURVE
and MBEDTLS_USE_TINYCRYPT are set.
2019-09-04 16:17:25 +01:00
Simon Butcher
e1c5608370 Merge remote-tracking branch 'origin/pr/650' into baremetal 2019-09-04 12:53:09 +01:00
Simon Butcher
42e4e723e8 Merge remote-tracking branch 'origin/pr/648' into baremetal 2019-09-04 12:42:35 +01:00
Unknown
43dc0d6a8f ssl-opt.sh: wait for proxy to start before running the script further 2019-09-04 06:06:46 -04:00
Hanno Becker
c973fdee72 all.sh: Add test exercising configurations without CTR DRBG 2019-09-03 08:59:05 +01:00
Hanno Becker
df9633b21c Add missing dependency of RSA test on CTR DRBG 2019-09-03 08:59:05 +01:00
Manuel Pégourié-Gonnard
d6fba18328
Merge pull request #643 from hanno-arm/secp256r1-baremetal
[Baremetal] Add Secp256r1 test certificates
2019-09-02 08:49:20 +02:00
Hanno Becker
2e72dd8b9a ssl-opt.sh: Add var's of context s11n tests for ChaChaPoly,CCM,GCM
This commit splits each test in ssl-opt.sh related to context serialization
in three tests, exercising the use of CCM, GCM and ChaChaPoly separately.

The reason is that the choice of primitive affects the presence and size
of an explicit IV, and we should test that space for those IVs is correctly
restored during context deserialization; in fact, this was not the case
previously, as fixed in the last commit, and was not caught by the tests
because only ChaChaPoly was tested.
2019-08-30 13:27:16 +01:00
Hanno Becker
e80c1b07cb ssl-opt.sh: Duplicate context serialization tests for CID
This commit introduces a variant of each existing test for
context serialization in ssl-opt.sh that also uses the DTLS
Connection ID feature.
2019-08-30 13:27:16 +01:00
Manuel Pégourié-Gonnard
fc8adbadb5 Merge branch 'mbedtls-2.16' into baremetal-2.16-20190827
* mbedtls-2.16: (21 commits)
  Exclude DTLS 1.2 only with older OpenSSL
  Document the rationale for the armel build
  Switch armel build to -Os
  Add a build on ARMv5TE in ARM mode
  Add changelog entry for ARM assembly fix
  bn_mul.h: require at least ARMv6 to enable the ARM DSP code
  Changelog entry for test certificates update
  Change worktree_rev to HEAD for rev-parse
  Add ChangeLog entry for entropy_nv_seed test case fix
  entropy_nv_seed: cope with SHA-256
  entropy_nv_seed: clean up properly
  Add ChangeLog entry for undefined behavior fix in test_suite_nist_kw
  Don't call memset after calloc
  Adapt ChangeLog
  ECP restart: Don't calculate address of sub ctx if ctx is NULL
  Update certificates to expire in 2029
  Update soon to be expired crl
  Test that a shared library build produces a dynamically linked executable
  Test that the shared library build with CMake works
  Add a test of MBEDTLS_CONFIG_FILE
  ...
2019-08-30 13:08:33 +02:00
Manuel Pégourié-Gonnard
87f57f6df0
Merge pull request #642 from jarvte/mbedtls_ssl_set_hostname_to_optional
[baremetal] Make function mbedtls_ssl_set_hostname(...) as optional
2019-08-28 09:20:20 +02:00
Teppo Järvelin
4009d8f377 Make function mbedtls_ssl_set_hostname(...) as optional
Now function mbedtls_ssl_set_hostname is compile-time configurable
in config.h with define MBEDTLS_X509_REMOVE_HOSTNAME_VERIFICATION.
This affects to many x509 API's. See config.h for details.
2019-08-27 10:47:08 +03:00
Hanno Becker
843f5bb06c ssl-opt.sh: Configure trusted CA explicitly
ssl_client2 and ssl_server2 either allow loading specific CRTs
and CAs from files, or to leave them unspecified, in which case
they're automatically picked from the test certificates.

The test certificates should be chosen in a way that when
not specifying any CRT or CA parameters, the automatically
chosen ones match - but if one of them is specified but not
the other, one should not expect tests to succeed.

With the recent switch to Secp256r1-based test certificates,
the default test certificates have changed, which breaks some
ssl-opt.sh tests which specify the server CRT explicitly but
not the client trusted CAs.

This commit fixes this by specifying the client's trusted CA
explicitly in accordance with the explicitly specified server CRT.
2019-08-27 06:39:11 +01:00
Hanno Becker
585dfc4f56 Add Secp256R1 test keys and CRTs 2019-08-23 11:33:20 +01:00
Hanno Becker
4efd089ed5 Add build instructions for CRTs and keys using P-256 2019-08-23 11:33:20 +01:00
Simon Butcher
7d8a807daf Merge remote-tracking branch 'origin/pr/637' into baremetal 2019-08-21 13:46:07 +01:00
Simon Butcher
f0f01e1f0a Merge remote-tracking branch 'origin/pr/630' into baremetal 2019-08-14 16:53:38 +01:00
Simon Butcher
434ab19164 Merge remote-tracking branch 'origin/pr/629' into baremetal 2019-08-14 16:53:13 +01:00
Simon Butcher
0863b2a259 Merge remote-tracking branch 'origin/pr/612' into baremetal 2019-08-14 16:50:13 +01:00
Gilles Peskine
6d079baba8 Merge remote-tracking branch 'upstream-restricted/mbedtls-2.16-proposed' into mbedtls-2.16-restricted 2019-08-14 16:39:36 +02:00
Gilles Peskine
4d7c74811b Merge remote-tracking branch 'upstream-restricted/pr/503' into mbedtls-2.16-restricted 2019-08-14 16:39:24 +02:00
Gilles Peskine
33f66ba6fd Merge remote-tracking branch 'upstream-restricted/pr/556' into mbedtls-2.16-restricted 2019-08-14 16:38:26 +02:00
Gilles Peskine
3a930650c8 Merge remote-tracking branch 'upstream-restricted/pr/613' into mbedtls-2.16-restricted 2019-08-14 16:36:30 +02:00
Gilles Peskine
376d0d9e4a Merge remote-tracking branch 'upstream-public/pr/2736' into mbedtls-2.16 2019-08-14 16:00:53 +02:00
Gilles Peskine
c1b621c5cb Merge remote-tracking branch 'upstream-public/pr/2754' into mbedtls-2.16 2019-08-14 16:00:01 +02:00
Gilles Peskine
7a93214f15 Merge remote-tracking branch 'upstream-public/pr/2778' into mbedtls-2.16 2019-08-14 15:58:47 +02:00
Jarno Lamsa
7ba6288c37 Add all.sh tests for testing tinycrypt
One test for running with MBEDTLS_ECDH_C on and one
for running MBEDTLS_ECDH_C off. Run ssl-opt.sh with Default, DTLS
and compatibility tests with TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA.
2019-08-13 13:01:13 +03:00
Gilles Peskine
e30c09198c Exclude DTLS 1.2 only with older OpenSSL
compat.sh used to skip OpenSSL altogether for DTLS 1.2, because older
versions of OpenSSL didn't support it. But these days it is supported.

We don't want to use DTLS 1.2 with OpenSSL unconditionally, because we
still use legacy versions of OpenSSL to test with legacy ciphers. So
check whether the version we're using supports it.
2019-08-13 11:44:04 +02:00
Hanno Becker
19bf09ee92 Remove standalone tinyCrypt tests from all.sh
tinyCrypt is still tested in the baremetal tests since it
is enabled in baremetal.h. Tests for minimal modifictions
of the default / full config enabling tinyCrypt will be
added elsewhere.
2019-08-12 18:01:48 +01:00
Hanno Becker
572d448ab2 Enforce NULL context for hardcoded RNG 2019-08-12 17:05:03 +01:00
Gilles Peskine
560f332dd2 Document the rationale for the armel build
Call the component xxx_arm5vte, because that's what it does. Explain
"armel", and more generally why this component exists, in a comment.
2019-08-09 16:06:27 +02:00
Simon Butcher
88eda1a11c Merge remote-tracking branch 'origin/pr/636' into baremetal 2019-08-09 14:07:12 +01:00
Simon Butcher
7c1380d9d4 Merge remote-tracking branch 'origin/pr/619' into baremetal 2019-08-09 14:05:50 +01:00
Gilles Peskine
e07b9ff2d9 Switch armel build to -Os
Without any -O option, the default is -O0, and then the assembly code
is not used, so this would not be a non-regression test for the
assembly code that doesn't build.
2019-08-08 16:12:46 +02:00
Gilles Peskine
0bd284dc51 Add a build on ARMv5TE in ARM mode
Non-regression test for
"bn_mul.h: require at least ARMv6 to enable the ARM DSP code"
2019-08-05 11:34:25 +02:00
Gilles Peskine
c3c738e0fe
Merge pull request #639 from ARMmbed/mbedtls-2.16-proposed
Merge mbedtls-2.16 into mbedtls-2.16-restricted
2019-08-05 11:06:37 +02:00
Gilles Peskine
a60dc25e9f
Merge pull request #2419 from RonEld/Backport2.16_2734
Backport 2.16: Update soon to be expired crl
2019-08-03 13:38:20 +02:00
Gilles Peskine
1e3eb28ae3
Merge pull request #2735 from hanno-arm/skip_test-2.16
2.16: Add TEST_ASSUME macro to allow skipping tests at runtime
2019-08-03 13:37:59 +02:00
Manuel Pégourié-Gonnard
39581c7cf4 Merge branch 'mbedtls-2.16' into baremetal-2.16-20190801
* mbedtls-2.16:
  Fix parsing issue when int parameter is in base 16
  Refactor receive_uint32()
  Refactor get_byte function
  Make the script portable to both pythons
  Update the test encoding to support python3
  update the test script
  tests: Limit each log to 10 GiB
2019-08-01 11:05:18 +02:00
Hanno Becker
8844055b0e Remove compression field from SSL session if compression disabled 2019-08-01 10:11:20 +02:00
Hanno Becker
e03eb7bb64 Don't disallow 'record from another epoch' log msg in proxy ref test
It happens regularly in test runs that the server example application
shuts down a connection, goes into waiting mode for a new connection,
and then receives the encrypted ClosureAlert from the client. The only
reason why this does currently not trigger the 'record from another epoch'
message is that we handle ClientHello parsing outside of the main record
stack because we want to be able to detect SSLv2 ClientHellos. However,
this is likely to go away, and once it happens, we'll see the log message.
Further, when record checking is used, every record, including the mentioned
closure alert, is passed to the record checking API before being passed to
the rest of the stack, which leads to the log message being printed.

In summary, grepping for 'record from another epoch' is a fragile way
of checking whether a reordered message has arrived. A more reliable
way is to grep for 'Buffer record from epoch' which is printed when
a record from a future epoch is actually buffered, and 'ssl_buffer_message'
which is the function buffering a future handshake message.
2019-08-01 09:51:53 +02:00
Manuel Pégourié-Gonnard
80eaddfc36 Clean generated *.su file and gitignore them 2019-07-30 16:56:58 +02:00
Hanno Becker
62daad3b9a all.sh: Adhere to convention that build_ prefixes build-only tests 2019-07-30 16:56:25 +02:00
Hanno Becker
b7769e4fc0 Remove wrong reference to ARMCC in all.sh test name 2019-07-30 16:56:25 +02:00
Hanno Becker
c4296a3bbb Modify all.sh test names to reflect use of ARMCC 2019-07-30 16:56:25 +02:00
Hanno Becker
e7895aae2c Add all.sh test for baremetal.h runtime test 2019-07-30 16:56:25 +02:00
Hanno Becker
fe1bd781de Add all.sh test for hardcoded elliptic curve 2019-07-30 16:56:25 +02:00
Hanno Becker
6dd8e1c54d Add all.sh test for hardcoded miscellaneous SSL config options 2019-07-30 16:50:27 +02:00
Hanno Becker
2a0cd5a031 Add all.sh test for hardcoded IO callbacks 2019-07-30 16:48:20 +02:00
Hanno Becker
9fb3f1eaf2 Add all.sh test for hardcoded SSL version 2019-07-30 16:48:20 +02:00
Manuel Pégourié-Gonnard
cdb83e7c88
Merge pull request #616 from mpg/context-s11n
[baremetal] Implement context serialization
2019-07-30 00:07:23 +02:00
Simon Butcher
3b014fc23a Merge remote-tracking branch 'origin/pr/604' into baremetal 2019-07-23 16:16:24 +01:00
Manuel Pégourié-Gonnard
0d83271a45 Enable serialisation tests in ssl-opt.sh
They currently pass in a default build.
2019-07-23 17:02:10 +02:00
Hanno Becker
ffb45b9ea5 Add test for hardcoded timer callbacks to all.sh 2019-07-22 11:15:28 +01:00
Hanno Becker
af5d8abf26 Don't call memset on NULL pointer in NIST KW test suite
Note: There's no need to call `memset()` after `calloc()`
because `calloc()` includes zeroization.
2019-07-22 11:15:12 +01:00
Gilles Peskine
756b3f2c25 entropy_nv_seed: cope with SHA-256
This test case was only executed if the SHA-512 module was enabled and
MBEDTLS_ENTROPY_FORCE_SHA256 was not enabled, so "config.pl full"
didn't have a chance to reach it even if that enabled
MBEDTLS_PLATFORM_NV_SEED_ALT.

Now all it takes to enable this test is MBEDTLS_PLATFORM_NV_SEED_ALT
and its requirements, and the near-ubiquitous MD module.
2019-07-19 17:43:03 +02:00
Gilles Peskine
0450eecfae entropy_nv_seed: clean up properly
Call mbedtls_entropy_free on test failure.

Restore the previous NV seed functions which the call to
mbedtls_platform_set_nv_seed() changed. This didn't break anything,
but only because the NV seed functions used for these tests happened
to work for the tests that got executed later in the .data file.
2019-07-19 17:43:03 +02:00
Gilles Peskine
fc41bd7f35 Don't call memset after calloc
memset has undefined behavior when either pointer can be NULL, which
is the case when it's the result of malloc/calloc with a size of 0.
The memset calls here are useless anyway since they come immediately
after calloc.
2019-07-19 17:42:47 +02:00
Hanno Becker
627fbee41a Don't offer SHA-1 in CertificateRequest message in TLS 1.2
mbedtls_ssL_set_calc_verify_md() is used to select valid hashes when
writing the server's CertificateRequest message, as well as to verify
and act on the client's choice when reading its CertificateVerify
message.

If enabled at compile-time and configured via mbedtls_ssl_conf_sig_hashes()
the current code also offers SHA-1 in TLS 1.2. However, the SHA-1-based
handshake transcript in TLS 1.2 is different from the SHA-1 handshake
transcript used in TLS < 1.2, and we only maintain the latter
(through ssl_update_checksum_md5sha1()), but not the former.
Concretely, this will lead to CertificateVerify verification failure
if the client picks SHA-1 for the CertificateVerify message in a TLS 1.2
handshake.

This commit removes SHA-1 from the list of supported hashes in
the CertificateRequest message, and adapts two tests in ssl-opt.sh
which expect SHA-1 to be listed in the CertificateRequest message.
2019-07-17 10:19:27 +01:00
Simon Butcher
ae3f8511fd Merge remote-tracking branch 'origin/pr/615' into baremetal 2019-07-15 19:24:44 +01:00
Hanno Becker
90f7b75354 Fix unused variable warning in SSL test suite 2019-07-12 15:15:08 +01:00
Hanno Becker
ac8c984784 SSL tests: Skip tests using version not matching hardcoded version 2019-07-12 15:15:08 +01:00
Hanno Becker
930fbf60d6 Add TEST_ASSUME macro to allow skipping tests at runtime
This commit adds a macro TEST_ASSUME to the test infrastructure
which allows to skip tests based on unmet conditions determined
at runtime.
2019-07-12 15:15:08 +01:00
Hanno Becker
d82a03084f ssl-opt.sh: Detect mismatching cmd line and hardcoded version config 2019-07-12 15:15:08 +01:00
Jaeden Amero
af4578f14b Merge remote-tracking branch 'origin/mbedtls-2.16' into mbedtls-2.16-restricted
* origin/mbedtls-2.16:
  Fix parsing issue when int parameter is in base 16
  Refactor receive_uint32()
  Refactor get_byte function
  Make the script portable to both pythons
  Update the test encoding to support python3
  update the test script
  tests: Limit each log to 10 GiB
2019-07-12 10:16:11 +01:00
Jaeden Amero
cb686a1b6b Merge remote-tracking branch 'origin/pr/2743' into mbedtls-2.16
* origin/pr/2743:
  tests: Limit each log to 10 GiB
2019-07-11 16:19:21 +01:00
Ron Eldor
7c52e229d5 Fix parsing issue when int parameter is in base 16
Fix error `ValueError: invalid literal for int() with base 10:` that
is caused when a parameter is given in base 16. Use relevant base
when calling `int()` function.
2019-07-11 14:36:50 +03:00
Ron Eldor
e81ff54881 Refactor receive_uint32()
Call `greentea_getc()` 8 times, and then `unhexify` once, instead of
calling `receive_byte()`, which inside calls `greentea_getc()` twice,
for every hex digit.
2019-07-11 14:36:34 +03:00
Ron Eldor
3dd77909d3 Refactor get_byte function
Change implementation of `get_byte()` to call `unhexify()`.
2019-07-11 14:36:27 +03:00
Ron Eldor
9d40da275d Make the script portable to both pythons
Make the script work for python3 and for python2
2019-07-11 14:36:20 +03:00
Ron Eldor
b43fe57d34 Update the test encoding to support python3
Since Python3 handles encoding differently than Python2,
a change in the way the data is encoded and sent to the target is needed.
1. Change the test data to be sent as hex string
2. Convert the characters to binary bytes.

This is done because the mbed tools translate the encoding differently
(mbed-greentea, and mbed-htrunner)
2019-07-11 14:36:13 +03:00
Ron Eldor
56b6e523fa update the test script
Update `mbedtls_test.py` script to work with Python 3.7.
resolves #2653
2019-07-11 14:36:06 +03:00
Ron Eldor
36503922a0 Update certificates to expire in 2029
Update certificates that expire on 2021, to prolong their validity,
to make tests pass three years ahead.
2019-07-10 18:35:10 +03:00
Ron Eldor
9647bc56da Update soon to be expired crl
Update crl.pem, as it will expire on November 25 2019.
Resolves #2357.
2019-07-10 17:26:39 +03:00
Simon Butcher
133294eb4a Merge remote-tracking branch 'origin/mbedtls-2.16' into baremetal 2019-07-10 11:38:01 +01:00
Jaeden Amero
a258ccd368 tests: Limit each log to 10 GiB
Limit log output in compat.sh and ssl-opt.sh, in case of failures with
these scripts where they may output seemingly unlimited length error
logs.

Note that ulimit -f uses units of 512 bytes, so we use 10 * 1024 * 1024
* 2 to get 10 GiB.
2019-07-10 08:51:56 +01:00