This is the first step in arranging that functions from constant_time.c are
tested in test_suite_constant_time.function.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
These are very CPU-intensive, so make it easy to skip them. And conversely,
make it easy to run them without the growing body of SSL tests.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Most of the tests (including those using endpoint_init functions) parse
certificates that require MBEDTLS_SHA256_C to be present.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
ASSERT_ALLOC calculates the size itself, and the parameter indicates number of elements.
```
mbedtls_calloc( sizeof( *( pointer ) ), ( length ) );
```
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
Ensure that the nominal run works properly, so that it's apparent that the
injected failure is responsible for the failure of the handshake.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
USE_PSA_DONE() already checks that there are no used key slots.
The call to TEST_ASSERT() wouldn't have worked properly on failure anyway,
since it would jump back to the exit label.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
For weistrass curves the pair is encoded as 0x04 || x || y.
Flipping one of the bits in the first byte should be a sure failure.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
Development TLS code now uses PSA to generate an
ECDH private key. Although this would not be required
in 2.28 branch, it is backported for compatibility.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
Force a bitflip in server key to make the raw key
agreement fail, and then verify that no key slots
are left open at the end. Use a Weierstrass curve
to have a high chance of failure upon encountering
such bitflip.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
Under gcc11(+) both message and received would cause errors for
potentially being used uninitialised. We fixed many of these issues in
another PR, but this one is only seen under certain configs.
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
All function declaration provided by ssl_invasive.h is needed only for
testing purposes and all of them are provided by constant_time.h as well.
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
Some functions were not deinitializing the PSA subsystem. This could
lead to resource leaks at the level of individual test cases, and
possibly at the level of the whole test suite depending on the order
and selection of test cases.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Make USE_PSA_INIT() and USE_PSA_DONE() available in all test suites in
all cases, doing nothing if MBEDTLS_USE_PSA_CRYPTO is disabled. Use
those in preference to having explicit
defined(MBEDTLS_USE_PSA_CRYPTO) checks (but there may still be places
left where using the new macros would be better).
Also provide PSA_INIT() by symmetry with PSA_DONE(), functional
whenver MBEDTLS_PSA_CRYPTO_C is enabled, but currently unused.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Moves the functions `test_fail`, `test_set_step`, `test_skip` and the struct
`test_info` from `tests/suites/helpers.function` to `tests/src/helpers.*`.
This is done to open these functions up to the API where they can be used by
other functions in the 'src' test infrastructure module.
As the functions are now contained within the src folder of the testing
infrastructure, the `mbedtls_` prefix has been added to the functions.
Signed-off-by: Chris Jones <christopher.jones@arm.com>
ssl_tls1_3_keys.c exports a structure containing all labels used
in the TLS 1.3 key schedule, but the TLS 1.3 key scheduling unit
tests so far replicated those labels in the test file. In particular,
wrong label values in ssl_tls1_3_keys.c wouldn't have been caught
by the unit tests.
This commit modifies the TLS 1.3 key schedule unit tests to use
the TLS 1.3 labels as exported by ssl_tls1_3_keys.c. This not only
makes sure that those labels are correct, but also avoids hardcoding
their hex-encoding in the test file.
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
The tests are supposed to be failing now (in all.sh component
test_memsan_constant_flow), but they don't as apparently MemSan doesn't
complain when the src argument of memcpy() is uninitialized, see
https://github.com/google/sanitizers/issues/1296
The next commit will add an option to test constant flow with valgrind, which
will hopefully correctly flag the current non-constant-flow implementation.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
