Otherwise $COMMAND_LINE_COMPONENTS would try to expand wildcard patterns
based on files in the current directory.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Was getting errors like:
In file included from /usr/include/limits.h:25:0,
from /usr/lib/gcc-cross/arm-linux-gnueabi/5/include-fixed/limits.h:168,
from /usr/lib/gcc-cross/arm-linux-gnueabi/5/include-fixed/syslimits.h:7,
from /usr/lib/gcc-cross/arm-linux-gnueabi/5/include-fixed/limits.h:34,
from ../include/mbedtls/check_config.h:30,
from ../include/mbedtls/build_info.h:81,
from common.h:26,
from asn1write.c:20:
/usr/include/features.h:367:25: fatal error: sys/cdefs.h: No such file or directory
There are two packages to choose from: armhf or armel. Since the comment
in all.sh says we're trying to be close to Debian's "armel"
architecture, choose that, and fix a comment that was mentioning
gnueabihf for no apparent reason.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
Currently it can't be mandatory, since we can't install the required toolchain
on Jenkins right away.
Also, while at it, remove `SHELL='sh -x'` from the other arm5vte component; it
was a leftover from debugging.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
Have simpler patterns related to 'test' (the central objective being to keep
going if 'make test' or 'tests/...' fails, but not if 'make tests' fails).
Add 'cd' as a can't-keep-going command.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Count invocations from 1 to n instead of n to 1.
Explain how changing the loop variable would cause an error if the function
was not executed in a subshell.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Still check that encryption and decryption are inverse to each other
if the granularity does not match the one used in the KAT.
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
This commit adds four known answer tests for TLS 1.3 record protection
from the following sources:
- RFC 8448 "Example Handshake Traces for TLS 1.3"
- tls13.ulfheim.net "The New Illustrated TLS Connection"
It extends the test coverage of the existing record protection tests
in the following ways:
- The existing record protection tests hand-craft record transform
structures; the new tests use the function
mbedtls_ssl_tls13_populate_transform()
from library source to create an TLS 1.3 transform from raw
key material and connection information.
- The existing record protection tests only check that encryption
and decryption are inverse to each other; as such, they don't
catch non-compliant implementations of encryption and decryption
which happen to be inverse to each other. By adding a known answer
test for TLS 1.3 record protection, can gain confidence that our
implementation is indeed standards-compliant.
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
Instances of `mbedtls_ssl_session` represent data enabling session resumption.
With the introduction of TLS 1.3, the format of this data changes. We therefore
need TLS-version field as part of `mbedtlsl_ssl_session` which allows distinguish
1.2 and 1.3 sessions.
This commit introduces such a TLS-version field to mbedtls_ssl_session.
The change has a few ramifications:
- Session serialization/deserialization routines need to be adjusted.
This is achieved by adding the TLS-version after the header of
Mbed TLS version+config, and by having the subsequent structure
of the serialized data depend on the value of this field.
The details are described in terms of the RFC 8446 presentation language.
The 1.2 session (de)serialization are moved into static helper functions,
while the top-level session (de)serialization only parses the Mbed TLS
version+config header and the TLS-version field, and dispatches according
to the found version.
This way, it will be easy to add support for TLS 1.3 sessions in the future.
- Tests for session serialization need to be adjusted
- Once we add support for TLS 1.3, with runtime negotiation of 1.2 vs. 1.3,
we will need to have some logic comparing the TLS version of the proposed session
to the negotiated TLS version. For now, however, we only support TLS 1.2,
and no such logic is needed. Instead, we just store the TLS version in the
session structure at the same point when we populate mbedtls_ssl_context.minor_ver.
The change introduces some overlap between `mbedtls_ssl_session.minor_ver` and
`mbedtls_ssl_context.minor_ver`, which should be studied and potentially resolved.
However, with both fields being private and explicitly marked so, this can happen
in a later change.
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
Previous test in state test was not actually making sure that the
operatioon could be completed using set lengths / set nonce in either
order, thus changed the 'normal' encrypt / decrypt tests to run in
alternating order.
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
Make all encrypt/decrypt tests use the same function. Cleanup arguments
that were poorly named and document internal function. Removed one test
as I didn't want to write another test purely for it, when its already
tested in one shot.
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
The previous implementation was hard to understand and could in principle
fail to notice if there was a test case failure and the writing of the
line "Note: $TOTAL_FAIL failures." failed. KISS.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Previously the check was convoluted. This has been simplified
and given a more appropriate suggestion as per gilles suggestion
Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>
Call the output size macros specifically with asymmetric keys, which
would cause a crash (and thus test fail) should this fix get regressed.
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
Save the "Test Report Summary" to a file. This can help both CI scripts and
human readers who want the summary after the fact without having to copy the
console output.
Take care to exit with a nonzero status if there is a failure while
generating the test report summary.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
