Merge branch 'master' into test_project

renesas · Jul 9, 2020 · 3d6aca5 · 3d6aca5
2 parents 8ea3724 + a383220
commit 3d6aca5
Show file tree

Hide file tree

Showing 9 changed files with 432 additions and 55 deletions.
diff --git a/libraries/abstractions/pkcs11/CMakeLists.txt b/libraries/abstractions/pkcs11/CMakeLists.txt
@@ -101,10 +101,40 @@ endif()
 
 # PKCS11 test
 afr_test_module()
+if(${AFR_BOARD} STREQUAL "pc.windows")
+    set(mbt_tests 
+        "${test_dir}/iot_test_pkcs11_globals.h"
+        "${test_dir}/MBT_C_CloseSession.c"
+        "${test_dir}/MBT_C_DigestFinal.c"
+        "${test_dir}/MBT_C_DigestInit.c"
+        "${test_dir}/MBT_C_DigestUpdate.c"
+        "${test_dir}/MBT_C_Finalize.c"
+        "${test_dir}/MBT_C_FindObjects.c"
+        "${test_dir}/MBT_C_FindObjectsFinal.c"
+        "${test_dir}/MBT_C_FindObjectsInit.c"
+        "${test_dir}/MBT_C_GenerateKeyPair.c"
+        "${test_dir}/MBT_C_GenerateRandom.c"
+        "${test_dir}/MBT_C_GetAttributeValue.c"
+        "${test_dir}/MBT_C_Initialize.c"
+        "${test_dir}/MBT_C_OpenSession.c"
+        "${test_dir}/MBT_C_Sign.c"
+        "${test_dir}/MBT_C_SignInit.c"
+        "${test_dir}/MBT_C_Verify.c"
+        "${test_dir}/MBT_C_VerifyInit.c"
+        "${test_dir}/MBT_DigestMachine.c"
+        "${test_dir}/MBT_GenerationMachine.c"
+        "${test_dir}/MBT_ObjectMachine.c"
+        "${test_dir}/MBT_SessionMachine.c"
+        "${test_dir}/MBT_SignMachine.c"
+        "${test_dir}/MBT_VerifyMachine.c"
+    )
+endif()
+
 afr_module_sources(
     ${AFR_CURRENT_MODULE}
     INTERFACE
         "${test_dir}/iot_test_pkcs11.c"
+        "${mbt_tests}"
 )
 afr_module_dependencies(
     ${AFR_CURRENT_MODULE}

diff --git a/libraries/abstractions/pkcs11/mbedtls/iot_pkcs11_mbedtls.c b/libraries/abstractions/pkcs11/mbedtls/iot_pkcs11_mbedtls.c
@@ -261,9 +261,11 @@ typedef struct P11Session
     CK_ULONG xFindObjectLabelLen;                /**< @brief Size of current search label. */
     CK_MECHANISM_TYPE xOperationVerifyMechanism; /**< @brief The mechanism of verify operation in progress. Set during C_VerifyInit. */
     SemaphoreHandle_t xVerifyMutex;              /**< @brief Protects the verification key from being modified while in use. */
+    CK_OBJECT_HANDLE xVerifyKeyHandle;           /**< @brief Object handle to the verification key. */
     mbedtls_pk_context xVerifyKey;               /**< @brief Verification key.  Set during C_VerifyInit. */
     CK_MECHANISM_TYPE xOperationSignMechanism;   /**< @brief Mechanism of the sign operation in progress. Set during C_SignInit. */
     SemaphoreHandle_t xSignMutex;                /**< @brief Protects the signing key from being modified while in use. */
+    CK_OBJECT_HANDLE xSignKeyHandle;             /**< @brief Object handle to the signing key. */
     mbedtls_pk_context xSignKey;                 /**< @brief Signing key.  Set during C_SignInit. */
     mbedtls_sha256_context xSHA256Context;       /**< @brief Context for in progress digest operation. */
 } P11Session_t;
@@ -1915,6 +1917,7 @@ CK_DECLARE_FUNCTION( CK_RV, C_CloseSession )( CK_SESSION_HANDLE hSession )
          * Tear down the session.
          */
         mbedtls_pk_free( &pxSession->xSignKey );
+        pxSession->xSignKeyHandle = CK_INVALID_HANDLE;
 
         if( NULL != pxSession->xSignMutex )
         {
@@ -1923,6 +1926,7 @@ CK_DECLARE_FUNCTION( CK_RV, C_CloseSession )( CK_SESSION_HANDLE hSession )
 
         /* Free the public key context if it exists. */
         mbedtls_pk_free( &pxSession->xVerifyKey );
+        pxSession->xVerifyKeyHandle = CK_INVALID_HANDLE;
 
         if( NULL != pxSession->xVerifyMutex )
         {
@@ -2946,7 +2950,7 @@ CK_DECLARE_FUNCTION( CK_RV, C_FindObjectsInit )( CK_SESSION_HANDLE hSession,
     {
         xResult = CKR_TEMPLATE_INCOMPLETE;
 
-        for( ulIndex = 0; ulIndex < ulCount; ulIndex++ ) /* TODO: Re-evaluate the need for this for loop... we are making bad assumptions if 2 objects have the same label anyhow! */
+        for( ulIndex = 0; ulIndex < ulCount; ulIndex++ )
         {
             xAttribute = pTemplate[ ulIndex ];
 
@@ -3415,7 +3419,6 @@ CK_DECLARE_FUNCTION( CK_RV, C_SignInit )( CK_SESSION_HANDLE hSession,
     CK_ULONG ulKeyDataLength = 0;
     int32_t lMbedTLSResult = 0;
 
-
     if( NULL == pMechanism )
     {
         PKCS11_PRINT( ( "ERROR: Null signing mechanism provided. \r\n" ) );
@@ -3468,20 +3471,26 @@ CK_DECLARE_FUNCTION( CK_RV, C_SignInit )( CK_SESSION_HANDLE hSession,
          * is underway on another thread where modification of key would lead to hard fault.*/
         if( pdTRUE == xSemaphoreTake( pxSession->xSignMutex, portMAX_DELAY ) )
         {
-            /* Free the private key context if it exists.
-             * TODO: Check if the key is the same as was used previously. */
-            mbedtls_pk_free( &pxSession->xSignKey );
+            if( ( pxSession->xSignKeyHandle == CK_INVALID_HANDLE ) || ( pxSession->xSignKeyHandle != hKey ) )
+            {
+                pxSession->xSignKeyHandle = CK_INVALID_HANDLE;
+                mbedtls_pk_free( &pxSession->xSignKey );
+                mbedtls_pk_init( &pxSession->xSignKey );
 
-            mbedtls_pk_init( &pxSession->xSignKey );
-            lMbedTLSResult = mbedtls_pk_parse_key( &pxSession->xSignKey, pulKeyData, ulKeyDataLength, NULL, 0 );
+                lMbedTLSResult = mbedtls_pk_parse_key( &pxSession->xSignKey, pulKeyData, ulKeyDataLength, NULL, 0 );
 
-            if( lMbedTLSResult != 0 )
-            {
-                PKCS11_PRINT( ( "mbedTLS unable to parse private key for signing. %s : ",
-                                mbedtlsHighLevelCodeOrDefault( lMbedTLSResult ) ) );
-                PKCS11_PRINT( ( "%s \r\n",
-                                mbedtlsLowLevelCodeOrDefault( lMbedTLSResult ) ) );
-                xResult = CKR_KEY_HANDLE_INVALID;
+                if( lMbedTLSResult != 0 )
+                {
+                    PKCS11_PRINT( ( "mbedTLS unable to parse private key for signing. %s : ",
+                                    mbedtlsHighLevelCodeOrDefault( lMbedTLSResult ) ) );
+                    PKCS11_PRINT( ( "%s \r\n",
+                                    mbedtlsLowLevelCodeOrDefault( lMbedTLSResult ) ) );
+                    xResult = CKR_KEY_HANDLE_INVALID;
+                }
+                else
+                {
+                    pxSession->xSignKeyHandle = hKey;
+                }
             }
 
             ( void ) xSemaphoreGive( pxSession->xSignMutex );
@@ -3790,18 +3799,23 @@ CK_DECLARE_FUNCTION( CK_RV, C_VerifyInit )( CK_SESSION_HANDLE hSession,
     {
         if( pdTRUE == xSemaphoreTake( pxSession->xVerifyMutex, portMAX_DELAY ) )
         {
-            /* Free the public key context if it exists.
-             * TODO: Check if the key is the same as used by last verify operation. */
-            mbedtls_pk_free( &pxSession->xVerifyKey );
-
-            mbedtls_pk_init( &pxSession->xVerifyKey );
-
-            if( 0 != mbedtls_pk_parse_public_key( &pxSession->xVerifyKey, pucKeyData, ulKeyDataLength ) )
+            if( ( pxSession->xVerifyKeyHandle == CK_INVALID_HANDLE ) || ( pxSession->xVerifyKeyHandle != hKey ) )
             {
-                if( 0 != mbedtls_pk_parse_key( &pxSession->xVerifyKey, pucKeyData, ulKeyDataLength, NULL, 0 ) )
+                pxSession->xVerifyKeyHandle = CK_INVALID_HANDLE;
+                mbedtls_pk_free( &pxSession->xVerifyKey );
+                mbedtls_pk_init( &pxSession->xVerifyKey );
+
+                if( 0 != mbedtls_pk_parse_public_key( &pxSession->xVerifyKey, pucKeyData, ulKeyDataLength ) )
                 {
-                    PKCS11_PRINT( ( "ERROR: Unable to parse public key for verification. \r\n" ) );
-                    xResult = CKR_KEY_HANDLE_INVALID;
+                    if( 0 != mbedtls_pk_parse_key( &pxSession->xVerifyKey, pucKeyData, ulKeyDataLength, NULL, 0 ) )
+                    {
+                        PKCS11_PRINT( ( "ERROR: Unable to parse public key for verification. \r\n" ) );
+                        xResult = CKR_KEY_HANDLE_INVALID;
+                    }
+                    else
+                    {
+                        pxSession->xVerifyKeyHandle = hKey;
+                    }
                 }
             }
 
@@ -3959,8 +3973,7 @@ CK_DECLARE_FUNCTION( CK_RV, C_Verify )( CK_SESSION_HANDLE hSession,
         /* Perform an ECDSA verification. */
         else if( pxSessionObj->xOperationVerifyMechanism == CKM_ECDSA )
         {
-            /* TODO: Refactor w/ test code
-             * An ECDSA signature is comprised of 2 components - R & S.  C_Sign returns them one after another. */
+            /* An ECDSA signature is comprised of 2 components - R & S.  C_Sign returns them one after another. */
             mbedtls_ecdsa_context * pxEcdsaContext;
             mbedtls_mpi xR;
             mbedtls_mpi xS;

diff --git a/libraries/freertos_plus/standard/freertos_plus_tcp/include/FreeRTOSIPConfigDefaults.h b/libraries/freertos_plus/standard/freertos_plus_tcp/include/FreeRTOSIPConfigDefaults.h
@@ -314,7 +314,25 @@ from the FreeRTOSIPConfig.h configuration header file. */
 #endif
 
 #ifndef ipconfigALLOW_SOCKET_SEND_WITHOUT_BIND
-	#define ipconfigALLOW_SOCKET_SEND_WITHOUT_BIND 1
+	#define ipconfigALLOW_SOCKET_SEND_WITHOUT_BIND	1
+#endif
+
+
+#ifndef ipconfigIP_PASS_PACKETS_WITH_IP_OPTIONS
+	#define ipconfigIP_PASS_PACKETS_WITH_IP_OPTIONS	1
+#endif
+
+#ifndef ipconfigUDP_PASS_ZERO_CHECKSUM_PACKETS
+	#define ipconfigUDP_PASS_ZERO_CHECKSUM_PACKETS	0
+#endif
+
+
+#ifndef ipconfigIP_PASS_PACKETS_WITH_IP_OPTIONS
+	#define ipconfigIP_PASS_PACKETS_WITH_IP_OPTIONS	1
+#endif
+
+#ifndef ipconfigUDP_PASS_ZERO_CHECKSUM_PACKETS
+	#define ipconfigUDP_PASS_ZERO_CHECKSUM_PACKETS	0
 #endif
 
 #ifndef ipconfigUDP_TIME_TO_LIVE

diff --git a/libraries/freertos_plus/standard/freertos_plus_tcp/source/FreeRTOS_DNS.c b/libraries/freertos_plus/standard/freertos_plus_tcp/source/FreeRTOS_DNS.c
@@ -1206,10 +1206,11 @@ uint16_t usType = 0U;
 		if( ( pxDNSMessageHeader->usFlags & dnsRX_FLAGS_MASK ) == dnsEXPECTED_RX_FLAGS )
 		{
 			const uint16_t usCount = ( uint16_t ) ipconfigDNS_CACHE_ADDRESSES_PER_ENTRY;
+			uint16_t usNumARecordsStored = 0;
 
-			for( x = 0U; ( x < pxDNSMessageHeader->usAnswers ) && ( x < usCount ); x++ )
+			for( x = 0U; ( x < pxDNSMessageHeader->usAnswers ) && ( usNumARecordsStored < usCount ); x++ )
 			{
-			BaseType_t xDoAccept;
+				BaseType_t xDoAccept;
 
 				uxResult = prvSkipNameField( pucByte,
 											 uxSourceBytesRemaining );
@@ -1286,6 +1287,7 @@ uint16_t usType = 0U;
 							if( xDoStore != pdFALSE )
 							{
 								( void ) prvProcessDNSCache( pcName, &ulIPAddress, pxDNSAnswerRecord->ulTTL, pdFALSE );
+								usNumARecordsStored++;    /* Track # of A records stored */
 							}
 
 							FreeRTOS_inet_ntop( FREERTOS_AF_INET, ( const void * ) &( ulIPAddress ), cBuffer, sizeof( cBuffer ) );