Still check that encryption and decryption are inverse to each other
if the granularity does not match the one used in the KAT.
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
This commit adds four known answer tests for TLS 1.3 record protection
from the following sources:
- RFC 8448 "Example Handshake Traces for TLS 1.3"
- tls13.ulfheim.net "The New Illustrated TLS Connection"
It extends the test coverage of the existing record protection tests
in the following ways:
- The existing record protection tests hand-craft record transform
structures; the new tests use the function
mbedtls_ssl_tls13_populate_transform()
from library source to create an TLS 1.3 transform from raw
key material and connection information.
- The existing record protection tests only check that encryption
and decryption are inverse to each other; as such, they don't
catch non-compliant implementations of encryption and decryption
which happen to be inverse to each other. By adding a known answer
test for TLS 1.3 record protection, can gain confidence that our
implementation is indeed standards-compliant.
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
Instances of `mbedtls_ssl_session` represent data enabling session resumption.
With the introduction of TLS 1.3, the format of this data changes. We therefore
need TLS-version field as part of `mbedtlsl_ssl_session` which allows distinguish
1.2 and 1.3 sessions.
This commit introduces such a TLS-version field to mbedtls_ssl_session.
The change has a few ramifications:
- Session serialization/deserialization routines need to be adjusted.
This is achieved by adding the TLS-version after the header of
Mbed TLS version+config, and by having the subsequent structure
of the serialized data depend on the value of this field.
The details are described in terms of the RFC 8446 presentation language.
The 1.2 session (de)serialization are moved into static helper functions,
while the top-level session (de)serialization only parses the Mbed TLS
version+config header and the TLS-version field, and dispatches according
to the found version.
This way, it will be easy to add support for TLS 1.3 sessions in the future.
- Tests for session serialization need to be adjusted
- Once we add support for TLS 1.3, with runtime negotiation of 1.2 vs. 1.3,
we will need to have some logic comparing the TLS version of the proposed session
to the negotiated TLS version. For now, however, we only support TLS 1.2,
and no such logic is needed. Instead, we just store the TLS version in the
session structure at the same point when we populate mbedtls_ssl_context.minor_ver.
The change introduces some overlap between `mbedtls_ssl_session.minor_ver` and
`mbedtls_ssl_context.minor_ver`, which should be studied and potentially resolved.
However, with both fields being private and explicitly marked so, this can happen
in a later change.
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
The previous implementation was hard to understand and could in principle
fail to notice if there was a test case failure and the writing of the
line "Note: $TOTAL_FAIL failures." failed. KISS.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Previously the check was convoluted. This has been simplified
and given a more appropriate suggestion as per gilles suggestion
Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>
Call the output size macros specifically with asymmetric keys, which
would cause a crash (and thus test fail) should this fix get regressed.
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
Save the "Test Report Summary" to a file. This can help both CI scripts and
human readers who want the summary after the fact without having to copy the
console output.
Take care to exit with a nonzero status if there is a failure while
generating the test report summary.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
The makefiles look for python3 on Unix-like systems where python is often
Python 2. This uses sh code so it doesn't work on Windows. On Windows, the
makefiles just assume that python is Python 3.
The code was incorrectly deciding not to try python3 based on WINDOWS_BUILD,
which indicates that the build is *for* Windows. Switch to checking WINDOWS,
which indicates that the build is *on* Windows.
Fix#4774
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Fix a race condition in parallel builds: when generating *.data files with
generate_psa_tests.py, make instantiated the recipe once per output file,
potentially resulting in multiple instances of generate_psa_tests.py running
in parallel. This not only was inefficient, but occasionally caused the
output to be corrupted (https://github.com/ARMmbed/mbedtls/issues/4773). Fix
this by ensuring the recipe only runs once.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
This file had temporary MBEDTLS_xxx dependencies because it was created when
support for PSA_WANT_xxx was still incomplete. Switch to the PSA_WANT_xxx
dependencies
This fixes the bug that "PSA storage read: AES-GCM+CTR" was never executed
because there was a typo in a dependency.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
all.sh restores **/Makefile from git in case the version in the worktree was
from doing a cmake in-tree build. Instead of doing this unconditionally, do
it only if the toplevel Makefile seems to have been automatically
generated (by cmake or otherwise, e.g. by mbedtls-prepare-build). This way
all.sh no longer silently wipes changes made to Makefile but not committed yet.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Back up the config files at the beginning of all.sh, rather than before each
component. In particular, create the backup before running cleanup for the
first time. This fixes#3139 (all.sh using a config.h.bak from a previous
job), and makes all.sh more robust against accidentally using a modified
config.h midway through because a component messed with the backup.
Use a different extension (*.all.bak rather than *.bak) for the backups.
This is necessary to ensure that auxiliary scripts such as depends*.pl that
make their own backup don't remove all.sh's backup, which the code from this
commit does not support.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Generate programs/test/cpp_dummy_build.cpp dynamically instead of
maintaining it manually. This removes the need to update it when the list of
headers changes.
Include all the headers unconditionally except for the ones that cannot be
included directly.
Support this dynamic generation both with make and with cmake.
Adapt all.sh accordingly. Remove the redundant C build from
component_build_default_make_gcc_and_cxx (it was also done in
component_test_default_out_of_box), leaving a component_test_make_cxx. Also
run the C++ program, because why not. Do this in the full configuration
which may catch a bit more problems in headers.
Fixes#2570 for good.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
redirect_out was no longer used and redirect_err was only used to
quiet dd. Change the dd invocation to only print diagnostics on
error (on platforms where this is possible).
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
This is necessary to actually keep going and finish the
component-specific cleanup in component_test_cmake_out_of_source if
ssl-opt.err is non-empty.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
* Add tests to validate MSB not ok for Curve25519 and
Curve448.
* Add a test to generate key for for Curve448.
Signed-off-by: Archana <archana.madhavan@silabs.com>
Enable Curve448 support
Add test vectors to evaluate
* RFC 7748
* a known-answer public key export test.
* a known-answer ECDH (X448) test.
Signed-off-by: Archana <archana.madhavan@silabs.com>
mbedtls_ecp_read_key and mbedtls_ecp_write_key are updated to include
support for Curve448 as prescribed by RFC 7748 §5.
Test suites have been updated to validate curve448 under Montgomery
curves.
Signed-off-by: Archana <archana.madhavan@silabs.com>
add space between bracket and a newline that had occured
through changes but do not match the original file style
Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>
In all.sh, when an explicit list of components is specified, error out
if one of the components is not known or not supported. Patterns that
happen to match zero components are still effectively ignored.
Fix#2783
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
In the `not` function, in keep-going mode, arrange to report the
failing command (rather than `"$@"`).
Note that the `!` keyword should not be used, because failures with
`!` are not reported properly.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Remove the obsolete functions record_status and if_build_succeeded.
They didn't affect error detection, but they made error reporting
worse since $BASH_COMMAND would be the unexpanded "$@".
Keep the function definitions for the sake of pull requests using them
that may still be in flight.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Remove ssl-opt.err even if it's empty.
Call cat unconditionally: it'll have no visible effect if the file is
empty.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
