Commit graph

14607 commits

Author SHA1 Message Date
Ronald Cron 01b2aba924 Move key buffer size computation out of psa_generate_key_internal()
Preparatory commit to eventually change
psa_generate_key_internal() signature to that of
a PSA driver generate_key entry point.

To be able to change the signature, the buffer to
store the key has to be allocated before the call
to psa_generate_key_internal() thus its size has
to be calculed beforehand as well.

This is the purpose of this commit: to move the
computation of the key size in bytes out of
psa_generate_key_internal().

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-02-16 09:04:50 +01:00
Ronald Cron f3bb761c00 Improve psa_generate_key_internal()
Small improvements to psa_generate_key_internal()
implementation:
. declare only once the status local variable and
  initialize it to PSA_ERROR_CORRUPTION_DETECTED
  to improve robustness against FI attacks.
. remove an unnecessary assignment.
. use type local variable instead of its global
  variable equivalent.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-02-16 09:04:49 +01:00
Gilles Peskine 59ad77032f
Merge pull request #4131 from paul-elliott-arm/fix_crypto_leak
Fix memory leak in error case in psa_crypto
2021-02-15 11:38:13 +01:00
Gilles Peskine 9d5abfed8b
Merge pull request #4137 from stevew817/fix/unused_argument_warnings
Fix/unused argument warnings
2021-02-15 11:20:58 +01:00
Ronald Cron 5cd00d28bf
Merge pull request #4092 from ronald-cron-arm/psa-crypto-client
Psa crypto client
2021-02-15 10:46:35 +01:00
Ronald Cron 7339335c7d
Merge pull request #3967 from bensze01/psa_macro_rename
PSA: Rename AEAD tag length macros
2021-02-12 16:33:21 +01:00
Paul Elliott d17062e6bf Correct english in changelog.
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-02-12 14:48:16 +00:00
Manuel Pégourié-Gonnard 97ce71daca
Merge pull request #4109 from gilles-peskine-arm/ssl-opt-server-failure-development
ssl-opt.sh: if the server fails, do treat it as a test failure
2021-02-12 12:15:50 +01:00
Manuel Pégourié-Gonnard b2024ef3bb
Merge pull request #4129 from chris-jones-arm/move-test-macros
Move test macros to macros.h
2021-02-12 10:17:28 +01:00
Bence Szépkúti a63b20d28b Rename AEAD tag length macros
This brings them in line with PSA Crypto API 1.0.0

PSA_ALG_AEAD_WITH_DEFAULT_TAG_LENGTH -> PSA_ALG_AEAD_WITH_DEFAULT_LENGTH_TAG
PSA_ALG_AEAD_WITH_TAG_LENGTH         -> PSA_ALG_AEAD_WITH_SHORTENED_TAG

Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2021-02-11 11:39:31 +01:00
Ronald Cron 8a129828da
Merge pull request #4010 from stevew817/feature/gcm_vectors
Testing changes for AES-GCM backed by ALT implementation
2021-02-11 09:33:51 +01:00
Steven Cooreman 74afe47cc8 Fix unused variables in PSA core when no KDF algorithm is present
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-02-10 17:19:22 +01:00
Steven Cooreman 7196fefeef Fix unused variable in PSA core when no AEAD algorithm is present
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-02-10 17:18:39 +01:00
Steven Cooreman 6dce4bbe36 Fix unused argument when compiling with MBEDTLS_ECDSA_SIGN_ALT
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-02-10 17:07:20 +01:00
Steven Cooreman 1e9c042085 Minor fixup of SKIP_IF test macro documentation verbiage
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-02-10 17:02:05 +01:00
Ronald Cron 28a45ed8db tests: psa: Add macros to skip a test case
Add macros to skip a test case when hitting a
common alternative implementation limitation.

Add a macro for AES-192 and GCM with a nonce
length different from 12 bytes.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-02-10 16:07:21 +01:00
Steven Cooreman 50f1f5e119 Use PSA_ALG_ macros to inspect AEAD base algorithm
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-02-10 15:34:52 +01:00
Steven Cooreman 2f09913aeb Set default IV for AES-GCM to 12 bytes
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-02-10 15:34:52 +01:00
Steven Cooreman 82645b153d Allow skipping vectors w/ non-12-byte IV AES-GCM on ALT
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-02-10 15:34:52 +01:00
Steven Cooreman d588ea1704 Allow skipping AES-192 for alternative implementations in PSA test suite
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-02-10 15:34:52 +01:00
Steven Cooreman 7c9e7da8d4 Add CAVS14.0 AES-GCM vectors to test more IV, tag and key lengths
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-02-10 15:34:52 +01:00
Steven Cooreman 2222d689c5 Allow GCM selftest to skip non-12-byte IVs for ALT implementations
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-02-10 15:34:52 +01:00
Gilles Peskine aaf866edd2 ssl-opt.sh: Only check the server exit for Mbed TLS
We care about the exit code of our server, for example if it's
reporting a memory leak after having otherwise executed correctly.

We don't care about the exit code of the servers we're using for
interoperability testing (openssl s_server, gnutls-serv). We assume
that they're working correctly anyway, and they return 1 (gnutls-serv)
or die by the signal handle the signal (openssl) when killed by a
signal.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-02-09 21:01:33 +01:00
Paul Elliott da3e7db495 Fix memory leak in error case in psa_crypto
In psa_generate_derived_key_internal() an error case was returning
directly rather than jumping to the exit label, which meant that an
allocated buffer would not be free'd.

Found via coverity.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-02-09 19:03:47 +00:00
Ronald Cron 07907ae84e Add change log entry
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-02-09 15:36:14 +01:00
Ronald Cron 395889f9b7 psa: Make sure MBEDTLS_PSA_CRYPTO_CLIENT is defined
Make sure MBEDTLS_PSA_CRYPTO_CLIENT is defined
when MBEDTLS_PSA_CRYPTO_C is defined and guard
PSA client code only with MBEDTLS_PSA_CRYPTO_CLIENT.

The definition of MBEDTLS_PSA_CRYPTO_CLIENT is done
in crypto_types.h before the definition of
psa_key_attributes_t. That way as PSA crypto client
code is related to key attributes we can be quite
confident that MBEDTLS_PSA_CRYPTO_CLIENT will be
defined when needed.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-02-09 15:36:08 +01:00
Gilles Peskine a0b4decff0
Merge pull request #4072 from gilles-peskine-arm/psa_import_ecc_key-not_supported
ECC import: more useful choice of INVALID_ARGUMENT vs NOT_SUPPORTED
2021-02-09 15:16:20 +01:00
Chris Jones a6d155fb47 Move test macros to macros.h
Move test macros previously located in `suites/helpers.function` to
`include/test/macros.h`. This makes these test infrastructure macros
available for use in other parts of the test infrastructure at compile
time as opposed to run time.

This commit is a simple cut and paste from one file to the other.

Signed-off-by: Chris Jones <christopher.jones@arm.com>
2021-02-09 12:09:33 +00:00
Gilles Peskine 5d332f0274
Merge pull request #4105 from paul-elliott-arm/fix_test_leak
Fix for memory leak in ssl tests
2021-02-09 10:03:49 +01:00
Ronald Cron 6b8d0a48eb
Merge pull request #4123 from gilles-peskine-arm/fix-build-test_generate_random
Remove trail check in the generate_random test
2021-02-09 08:52:21 +01:00
Ronald Cron f8ceb4c18e
Merge pull request #4120 from bensze01/fix_changelog
Fix mistake in 2.25.0 Changelog
2021-02-09 08:46:50 +01:00
Gilles Peskine 9189202156 Remove trail check in the generate_random test
The test function generate_random allocated a few extra bytes after
the expected output and checked that these extra bytes were not
overwritten. Memory sanity checks such as AddressSanitizer and
Valgrind already detect this kind of buffer overflow, so having this
test in our code was actually redundant. Remove it.

This has the benefit of not triggering a build error with GCC
(observed with 7.5.0 and 9.3.0) when ASan+UBSan is enabled: with the
previous code using trail, GCC complained about an excessively large
value passed to calloc(), which was (size_t)(-sizeof(trail)).
Thus this commit fixes #4122.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-02-08 19:50:26 +01:00
Gilles Peskine d88ccaef23 Update the documentation of mbedtls_psa_ecp_load_representation
Document the new curve_bits parameter.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-02-08 18:43:26 +01:00
Gilles Peskine 2fa6b5f503 ECC import: more useful choice of INVALID_ARGUMENT vs NOT_SUPPORTED
Attempting to create an ECC key with a curve specification that is not
valid can plausibly fail with PSA_ERROR_INVALID_ARGUMENT ("this is not
a curve specification at all") or PSA_ERROR_NOT_SUPPORTED ("this may
be a curve specification, but not one I support"). The choice of error
is somewhat subjective.

Before this commit, due to happenstance in the implementation, an
attempt to use a curve that is declared in the PSA API but not
implemented in Mbed TLS returned PSA_ERROR_INVALID_ARGUMENT, whereas
an attempt to use a curve that Mbed TLS supports but for which support
was disabled at compile-time returned PSA_ERROR_NOT_SUPPORTED. This
inconsistency made it difficult to write negative tests that could
work whether the curve is implemented via Mbed TLS code or via a
driver.

After this commit, any attempt to use parameters that are not
recognized fails with NOT_SUPPORTED, whether a curve with the
specified size might plausibly exist or not, because "might plausibly
exist" is not something Mbed TLS can determine.

To keep returning INVALID_ARGUMENT when importing an ECC key with an
explicit "bits" attribute that is inconsistent with the size of the
key material, this commit changes the way mbedtls_ecc_group_of_psa()
works: it now works on a size in bits rather than bytes, with an extra
flag indicating whether the bit-size must be exact or not.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-02-08 18:43:26 +01:00
Bence Szépkúti fe9a425941 Fix mistake in 2.25.0 Changelog
The mistake was introduced in #3948.

Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2021-02-08 18:33:16 +01:00
Ronald Cron a0832d47f7
Merge pull request #3958 from gilles-peskine-arm/fix-tls12-constant-namespace
Fix some PSA-related identifiers
2021-02-05 16:34:26 +01:00
Gilles Peskine d945871c55
Merge pull request #3872 from gabor-mezei-arm/3275_use_PSA_ERROR_DATA_INVALID_where_warranted
Use PSA_ERROR_DATA_INVALID where warranted
2021-02-03 20:54:46 +01:00
Ronald Cron 540320bf7b
Merge pull request #4054 from chris-jones-arm/move-testing-functions
Move test infrastructure from `tests/suites/helpers.function` into `tests/src/helpers.c`
2021-02-03 19:01:54 +01:00
Ronald Cron 21c64fa398
Merge pull request #4052 from stevew817/feature/skip_large_tests_on_OOM
Remove HAVE_RAM_AVAILABLE_128K in favour of dynamic heap checking in test
2021-02-03 18:23:44 +01:00
Gilles Peskine 7f919de1ce ssl-opt.sh: if the server fails, do treat it as a test failure
This used to be the case a long time ago but was accidentally broken.

Fix <github:nogrep> #4103 for ssl-opt.sh.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-02-03 18:09:33 +01:00
Paul Elliott c7b53747f7 Fix for memory leak in ssl tests
Fix for leaked buffers on error case in build_transforms() in
test_suite_ssl.function

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-02-03 16:15:05 +00:00
Chris Jones 39ddb0a2e1 Improve test infrastructure documentation
Clarify the function descriptions for several test infrastructure functions.

Signed-off-by: Chris Jones <christopher.jones@arm.com>
2021-02-03 16:15:00 +00:00
Steven Cooreman 10ec7804c5 Remove HAVE_RAM_AVAILABLE for derive_full and derive_output tests
Both tests do not require a lot of RAM, even though it may seem
like it at first sight. The derivation output is generated blockwise
from the KDF function, which only keeps state amounting to a couple
of blocks of the underlying hash primitive at a time.
There is never an allocation to keep the full derivation capacity in
memory...

Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-02-03 15:21:04 +01:00
Steven Cooreman 83fdb70550 Convert 'large key' testing to accept insufficient memory errors
Since the tested service may run in a different context with a different heap.

Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-02-03 15:21:01 +01:00
Steven Cooreman 69967ce17e Get rid of half-baked HAVE_RAM_128K in favor of dynamic heap checking
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-02-03 15:19:20 +01:00
Ronald Cron 00c3e87422
Merge pull request #3933 from ronald-cron-arm/psa-import-export
Psa import export
2021-02-03 15:02:01 +01:00
Chris Jones 567e0ad8f1 Add documentation and minor style changes
Add doxygen style documentation to `mbedtls_test_fail`, `mbedtls_test_skip`,
`mbedtls_test_set_step` and `mbedtls_test_info_reset`. This should make it
easier to understand how the test infrastructure is used.

Also make some minor style changes to meet the coding standards and make it
more obvious that `mbedtls_test_info.step` was being incremented.

Signed-off-by: Chris Jones <christopher.jones@arm.com>
2021-02-03 12:07:01 +00:00
Chris Jones a5ab765832 Remove direct writing to test_info from *.function
Add a new function `mbedtls_test_info_reset()` to remove direct writes to
`mbedtls_test_info`. This change still allows values to be read directly
however all writes are now done inside of `helpers.c`.

Also slightly reordered code to make it easier to read.

Signed-off-by: Chris Jones <christopher.jones@arm.com>
2021-02-02 16:20:45 +00:00
Janos Follath 6a32ad83e3
Merge pull request #4094 from d-otte/development
wrong RSA_PRV_DER_MAX_BYTES for odd MBEDTLS_MPI_MAX_SIZE
2021-02-02 16:15:07 +00:00
Janos Follath bbd2bfb666
Merge pull request #4096 from gilles-peskine-arm/mpi_sub_abs-buffer_overflow-development
Fix buffer overflow in mbedtls_mpi_sub_abs negative case
2021-02-02 13:10:31 +00:00