mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-03-09 19:14:02 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
26,880 Commits 174 Branches 263 Tags
Commit Graph

9594 Commits

Author SHA1 Message Date
Dave Rodgman
025bed9eb7
Merge pull request #1076 from daverodgman/more-ct 
Use CT module more consistently
 2023-09-25 11:50:10 +01:00
Gilles Peskine
18e1d11cfe
Merge pull request #1049 from waleed-elmelegy-arm/Switch-pkparse-to-mbedtls_pkcs5_pbe2_ext 
Switch pkparse to use new pkcs5/12 pbe functions
 2023-09-22 18:06:50 +02:00
Dave Rodgman
9fc868012c Fix test error 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-09-22 10:56:13 +01:00
Gilles Peskine
193f94276e
Merge pull request #1071 from gilles-peskine-arm/ssl_decrypt_stream_short_buffer 
Fix buffer overread in mbedtls_ssl_decrypt_buf with stream cipher
 2023-09-22 11:43:03 +02:00
Dave Rodgman
fbe74a9e51 Add mbedtls_ct_error_if, with tests 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-09-22 09:58:25 +01:00
Dave Rodgman
9d0869140b Remove tests for mbedtls_ct_int_if 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-09-21 21:54:08 +01:00
Dave Rodgman
f1915f623d Improve testing for mbedtls_ct_int_if 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-09-21 19:22:59 +01:00
Dave Rodgman
cc3c670670 Fix compiler cast warning 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-09-21 16:33:26 +01:00
Waleed Elmelegy
38202a2b18 Improve pkparse test dependencies and changelog 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2023-09-21 15:21:10 +01:00
Dave Rodgman
93b3228d42 Add tests for mbedtls_ct_error_if 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-09-21 13:50:51 +01:00
Waleed Elmelegy
556a0790f6 Fix code style in pkparse tests 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2023-09-21 09:19:56 +01:00
Waleed Elmelegy
9d4d8ebaf2 Add PKCS5/12 dependecies to pkparse tests 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2023-09-21 08:45:56 +01:00
Waleed Elmelegy
15bcf38e88 Add test pkparse test dependencies 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2023-09-20 20:02:16 +01:00
Waleed Elmelegy
1db5cdaf57 Add tests to test pkcs8 parsing of encrypted keys 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2023-09-20 19:29:02 +01:00
Waleed Elmelegy
d527896b7e Switch pkparse to use new mbedtls_pkcs12_pbe_ext function 
Switch pkparse to use new mbedtls_pkcs12_pbe_ext function
and deprecate mbedtls_pkcs12_pbe function.

Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2023-09-20 19:29:02 +01:00
Waleed Elmelegy
c9f4040f7f Switch pkparse to use new mbedtls_pkcs5_pbes2_ext function 
Switch pkparse to use new mbedtls_pkcs5_pbes2_ext function
and deprecate mbedtls_pkcs5_pbes2 function.

Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2023-09-20 19:28:28 +01:00
Dave Rodgman
143f5f7c68 Add mbedtls_ct_bool_if and mbedtls_ct_bool_if_else_0 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-09-19 21:52:13 +01:00
Dave Rodgman
1cfc43c77b Rename mbedtls_ct_bool_xor to mbedtls_ct_bool_ne 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-09-19 18:39:33 +01:00
Dave Rodgman
986006e567 Make TEST_CALLOC_NONNULL more robust 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-09-19 18:30:25 +01:00
Dave Rodgman
6568f60358 Simplify mbedtls_ct_memcmp_partial test 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-09-19 17:48:24 +01:00
Dave Rodgman
2c9f86b3b6 Add docs for mbedtls_ct_memcmp_partial test 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-09-19 17:48:13 +01:00
Dave Rodgman
28bc1ab923 Use exact bounds for allocations in mbedtls_ct_memcmp_partial test 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-09-19 17:34:57 +01:00
Dave Rodgman
a328635305 Introduce TEST_CALLOC_NONNULL 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-09-19 17:34:39 +01:00
Dave Rodgman
ba600b2fd9 Remove expected param from mbedtls_ct_memcmp_partial test 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-09-19 17:26:13 +01:00
Dave Rodgman
771ac65b0c Add tests for mbedtls_ct_memcmp_partial 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-09-19 09:10:59 +01:00
Gilles Peskine
d2e004e401 Test mbedtls_ssl_decrypt_buf(): stream cipher, negative cases 
Test mbedtls_ssl_decrypt_buf() with a null cipher (the only type of stream
cipher we support). Test the good case (to make sure the test code
constructs the input correctly), test with an invalid MAC, and test with a
shortened input.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-09-18 19:07:50 +02:00
Gilles Peskine
9099d3fd76 Refactoring: create mbedtls_test_ssl_prepare_record_mac() 
No semantic change.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-09-18 17:21:15 +02:00
Gilles Peskine
68ec3ccc7c Add missing cleanup 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-09-18 14:35:52 +02:00
Gilles Peskine
ac5fabed25 Refactoring: prepare to create mbedtls_test_ssl_prepare_record_mac() 
No semantic change.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-09-18 14:35:42 +02:00
Gilles Peskine
a3237efefb Move testing of mbedtls_ssl_decrypt_buf to a new test suite 
test_suite_ssl is huge and needs splitting.

Create a new test suite focused on mbedtls_ssl_decrypt_buf(), which is a
complicated function that needs more thorough testing with malformed inputs.
At this point, we are only doing negative testing with CBC-non-ETM test
suites. This needs to grow.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-09-18 14:23:13 +02:00
Gilles Peskine
8a7fb2d799
Merge pull request #1055 from waleed-elmelegy-arm/add-new-pkcs12-pbe2-ext-fun 
Add new pkcs12 pbe2 ext fun
 2023-09-15 18:43:03 +02:00
Waleed Elmelegy
57d09b72ef Return back to modifying input parameters in pkcs12_parse_pbe_params 
Return back to modifying input parameters in pkcs12_parse_pbe_params
to avoid change in behaviour.

Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2023-09-12 14:05:10 +01:00
Dave Rodgman
49d7223036 Fix test under memsan 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-09-12 11:03:23 +01:00
Dave Rodgman
70e022b024 code style 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-09-12 09:29:13 +01:00
Dave Rodgman
140d5c77d0 Add single-bit difference tests 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-09-11 19:10:05 +01:00
Waleed Elmelegy
e1cb35b719 Add new mbedtls_pkcs12_pbe_ext function to replace old function 
Add new mbedtls_pkcs12_pbe_ext function to replace
old mbedtls_pkcs12_pbe function that have security
issues.

Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2023-09-08 16:51:26 +01:00
Gilles Peskine
31d49cd57f
Merge pull request #1053 from waleed-elmelegy-arm/Improve-and-test-mbedtls_pkcs12_pbe 
Improve & test legacy mbedtls_pkcs12_pbe
 2023-09-08 13:08:05 +02:00
Waleed Elmelegy
1f59ee078f Add correct dependencies to pkcs12 tests 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2023-09-07 17:59:35 +01:00
Waleed Elmelegy
096017023d Fix identation error in pkcs12 tests 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2023-09-07 17:48:40 +01:00
Waleed Elmelegy
75b9eb36b4 Change pkcs12 test comparison macro to the new macro 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2023-09-07 17:02:37 +01:00
Waleed Elmelegy
8317e91b1e Change pkcs12 test allocation macros to the new macros 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2023-09-07 15:46:58 +01:00
Waleed Elmelegy
15de809e1a Improve pkcs12 pbe tests 
* Simplify pkcs12 tests to use algo parameters instead of asn1 buffers.
* Fix output buffers allocation size.

Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2023-09-05 16:34:55 +01:00
Waleed Elmelegy
255db80910 Improve & test legacy mbedtls_pkcs12_pbe 
* Prevent pkcs12_pbe encryption when PKCS7 padding has been
  disabled since this not part of the specs.
* Allow decryption when PKCS7 padding is disabled for legacy
  reasons, However, invalid padding is not checked.
* Document new behaviour, known limitations and possible
  security concerns.
* Add tests to check these scenarios. Test data has been
  generated by the below code using OpenSSL as a reference:

#include <openssl/pkcs12.h>
#include <openssl/evp.h>
#include <openssl/des.h>
#include <openssl/asn1.h>
#include "crypto/asn1.h"
#include <string.h>

int main()
{
    char pass[] = "\xBB\xBB\xBB\xBB\xBB\xBB\xBB\xBB\xBB";
    unsigned char salt[] = "\xCC\xCC\xCC\xCC\xCC\xCC\xCC\xCC\xCC";
    unsigned char plaintext[] = "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA";
    unsigned char *ciphertext = NULL;
    int iter = 10;
    X509_ALGOR *alg =  X509_ALGOR_new();
    int ciphertext_len = 0;
    int alg_nid = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;
    alg->parameter = ASN1_TYPE_new();
    struct asn1_object_st * aobj;
    PKCS5_pbe_set0_algor(alg, alg_nid, iter,
                         salt, sizeof(salt)-1);

    aobj = alg->algorithm;
    printf("\"30%.2X", 2 + aobj->length + alg->parameter->value.asn1_string->length);
    printf("06%.2X", aobj->length);
    for (int i = 0; i < aobj->length; i++) {
        printf("%.2X", aobj->data[i]);
    }

    for (int i = 0; i < alg->parameter->value.asn1_string->length; i++) {
        printf("%.2X", alg->parameter->value.asn1_string->data[i]);
    }
    printf("\":\"");

    for (int i = 0; i < sizeof(pass)-1; i++) {
        printf("%.2X", pass[i] & 0xFF);
    }
    printf("\":\"");
    for (int i = 0; i < sizeof(plaintext)-1; i++) {
        printf("%.2X", plaintext[i]);
    }
    printf("\":");
    printf("0");
    printf(":\"");

    unsigned char * res = PKCS12_pbe_crypt(alg, pass, sizeof(pass)-1, plaintext, sizeof(plaintext)-1, &ciphertext, &ciphertext_len, 1);

    if (res == NULL)
        printf("Encryption failed!\n");
    for (int i = 0; i < ciphertext_len; i++) {
        printf("%.2X", res[i]);
    }
    printf("\"\n");

    return 0;
}

Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
#
 2023-09-05 15:45:55 +01:00
Gilles Peskine
1a7d387072
Merge pull request #1041 from waleed-elmelegy-arm/add-new-pkcs5-pbe2-ext-fun 
Add new pkcs5 pbe2 ext fun
 2023-09-04 15:33:42 +02:00
Waleed Elmelegy
21d7d85af7 Fix mbedtls_pkcs5_pbes test function failure 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2023-08-30 13:12:09 +01:00
Dave Rodgman
730bbee226 Merge remote-tracking branch 'origin/development' into update-restricted-2023-08-30 2023-08-30 11:22:00 +01:00
Gilles Peskine
a878b663cf
Merge pull request #8090 from silabs-Kusumit/PBKDF2_higher_cost_tests 
PBKDF2: tests with higher input costs
 2023-08-29 14:00:17 +00:00
Waleed Elmelegy
79b6e26b1b Improve mbedtls_pkcs5_pbes2_ext function test data 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2023-08-29 14:55:03 +01:00
Dave Rodgman
d395590597
Merge pull request #7579 from daverodgman/safer-ct-asm 
Arm assembly implementation of constant time primitives
 2023-08-28 08:26:29 +00:00
Gilles Peskine
8ca2041145
Merge pull request #8074 from tgonzalezorlandoarm/tg/allowlist 
Implement allowlist of test cases that are legitimately not executed
 2023-08-24 18:03:20 +00:00