Commit graph

433 commits

Author SHA1 Message Date
Dave Rodgman ba940cc695
Merge pull request #4182 from gabor-mezei-arm/3258_implement_one-shot_MAC_and_cipher
[Backport 2.x] Implement one-shot cipher
2021-06-30 17:04:11 +01:00
gabor-mezei-arm a3669ac7e7
Restoring the multi-part cipher_verify_output() testing
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-06-29 18:58:42 +02:00
gabor-mezei-arm 7b302089b1
Update key policy testing test cases
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-06-29 11:08:47 +02:00
gabor-mezei-arm 5eca4f2bb5
Rename test cases
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-06-29 11:07:34 +02:00
gabor-mezei-arm 659af9e2f3
Remove unneeded test case parameter
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-06-29 11:06:16 +02:00
gabor-mezei-arm 79df41dfca
Remove unneeded test case parameter
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-06-28 15:37:36 +02:00
gabor-mezei-arm 58e510f201
Simplify test function
Use the updated usage flags as expected.

Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-06-28 15:37:36 +02:00
gabor-mezei-arm 7907be3f32
Give better name for test cases
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-06-28 15:37:36 +02:00
gabor-mezei-arm de25402300
Fix tests
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-06-28 15:28:36 +02:00
gabor-mezei-arm 9ac4847a5d
Unify multipart cipher operation tester functions
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-06-25 18:30:38 +02:00
gabor-mezei-arm 43611b089b
Rename test functions
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-06-25 15:50:36 +02:00
gabor-mezei-arm 7aa1efd919
Remove duplicated tests
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-06-25 15:50:35 +02:00
gabor-mezei-arm d086e6e14f
Add tests for one-shot hash cipher functions
Tests for psa_cipher_encrypt and psa_cipher_decrypt functions.
The psa_cipher_encrypt function takes no parameter for IV and always generates
it therefore there will be a randomness in the calculation and cannot be
validated by comparing the actual output with the expected output.
The function is tested by:
 - doing a prtially randomized test with an encryption then a decryption
   and validating the input with output of the decryption
 - validating against the multipart encryption
The combination of this two methods provides enough coverage like a
known answer test.

Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-06-24 16:57:29 +02:00
gabor-mezei-arm 3e5f6cd58f Add test for extended key usage policies
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-06-24 11:58:19 +02:00
gabor-mezei-arm 4d9009e74f Update tests for extended key usage policies
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-06-24 11:58:19 +02:00
Janos Follath 3af7e8fe3a Fix verify_hash tests for PSA RSA PSS
The psa_verify_hash() is the pre-hashed version of the API and supposed
to work on hashes generated by the user. There were tests passing that
were getting "hashes" of sizes different from the expected.

Transform these into properly failing tests.

Signed-off-by: Janos Follath <janos.follath@arm.com>
2021-06-22 12:57:04 +02:00
Gilles Peskine 8d54b69c96 Fix copypasta in test data
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-06-14 18:08:26 +02:00
Gilles Peskine a172cf53f7 Use UNUSED wherever applicable in derive_input tests
Exhaustivity check:
```
<tests/suites/test_suite_psa_crypto.data awk -F: '$1=="derive_input" { for (step=1; step<=3; step++) { if ($(4*step-1) == "0") { if ($(4*step) != "UNUSED" || $(4*step+1) != "\"\"" || $(4*step+2) != "UNUSED") print NR, step, $(4*step), $(4*step+1), $(4*step+2) } } }'
```

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-06-14 18:08:26 +02:00
Gilles Peskine d40a21cff1 Key derivation: add test cases where the secret is missing
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-06-14 18:08:26 +02:00
Gilles Peskine f627931cde Add bad-workflow key derivation tests
Add HKDF tests where the sequence of inputs differs from the nominal
case: missing step, duplicate step, step out of order, or invalid step.

There were already similar tests for TLS 1.2 PRF. Add one with a key
agreement which has slightly different code.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-06-14 18:08:26 +02:00
Gilles Peskine 0faba4e8c5 More explicit names for some bad-workflow key derivation tests
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-06-14 18:08:26 +02:00
Jaeden Amero 9657334b57 psa: Add missing RSA test dependency
The test "PSA generate key: RSA, 1024 bits, good, encrypt (OAEP
SHA-256)" had a dependency on MBEDTLS_GENPRIME, but this was not listed
in the dependencies. Add MBEDTLS_GENPRIME to the test's dependencies to
ensure it has what it needs to run.

Signed-off-by: Jaeden Amero <jaeden.amero@arm.com>
2021-05-21 10:20:41 +01:00
Gilles Peskine bed4e9e214
Merge pull request #4357 from gabor-mezei-arm/3267_Implement_psa_sign_message_and_verify
Implement psa_sign_message and psa_verify_message
2021-05-17 10:14:46 +02:00
gabor-mezei-arm 41b5ec6fd2
Typo
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-05-12 10:48:55 +02:00
Steven Cooreman 63fa40e593 Add sanity tests for CMAC-(3)DES through PSA Crypto
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-05-11 18:56:01 +02:00
gabor-mezei-arm ddd5cc6b01
Add new tests for psa_sign/verify_message
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-05-06 13:50:33 +02:00
gabor-mezei-arm 4df5f28b02
Fix test
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-05-06 13:50:33 +02:00
gabor-mezei-arm 6ba89cba6d
Fix test names
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-05-06 13:50:32 +02:00
gabor-mezei-arm 3f5f8c9d4f
Update tests dependencies
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-05-06 13:50:32 +02:00
gabor-mezei-arm 7a74c13fdf
Add test for sign/verify message key policies
Update the mbedtls_test_psa_exercise_key to handle and use
PSA_KEY_USAGE_SIGN_MESSAGE and PSA_KEY_USAGE_VERIFY_MESSAGE key policies.
Add new tests for PSA_KEY_USAGE_SIGN_MESSAGE and PSA_KEY_USAGE_VERIFY_MESSAGE
policies.

Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-05-06 13:49:23 +02:00
gabor-mezei-arm abd72585f0
Add tests for psa_sign_message and psa_verify_message
The reference output data was created with cryptodome for RSA algorithms and
python-ecdsa for ECDSA algorithms.

Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-05-06 13:47:41 +02:00
gabor-mezei-arm dc76df4631
Rename test funtions and test cases
Modify function and test case names that testing psa_sign_hash and
psa_verify_hash funtions to be less confusing with the newly introduced
function and test case names which tests psa_sign_message and
psa_verify_message functions.

Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-05-06 13:47:41 +02:00
Gilles Peskine 09c916afba
Merge pull request #4257 from ronald-cron-arm/psa-aead
Add PSA crypto driver delegation for AEAD single shot PSA APIs - 1
2021-04-14 14:07:51 +02:00
Steven Cooreman ea7ab13991 Do validation on the algorithm argument in AEAD
Corresponds better to the validation done in other modules of PSA Crypto.

Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-04-07 16:03:31 +02:00
Ronald Cron a0bc2cd4f1 tests: psa: Fix copy fail test argument
Fix copy fail test argument for only one of them
to be invalid.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-04-02 08:56:20 +02:00
Ronald Cron 88a55464f5 tests: psa: Add negative tests for psa_copy_key()
Add negative tests checking that psa_copy_key()
returns PSA_ERROR_INVALID_ARGUMENT when passed in
an invalid key identifier or key lifetime for the
target key.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-04-01 14:05:41 +02:00
Ronald Cron 9f97c6ecdf Update PSA crypto test dependencies
Given the PSA_WANT_* config options added lately,
update set_psa_test_dependencies.py and run it
on test_suite_psa_crypto*.data files but the SE
and generated ones.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-03-24 09:26:44 +01:00
David Brown 110ea816ca psa: Fix name of BRAINPOOL configs
These should be WANT_ECC_BRAINPOOL_P_... not WANT_ECC_BP_...  Change to
match.

Signed-off-by: David Brown <david.brown@linaro.org>
2021-03-15 15:30:28 -06:00
David Brown 85537fa141 psa: ecdsa: Resolve incorrect merge resolution
The commit
    commit dcdde59c6f
    Author: David Brown <david.brown@linaro.org>
    Date:   Tue Feb 23 15:48:13 2021 -0700

        tests: psa: Change Elliptic curve defines to PSA names

when rebased on

    commit bb9cbc7a23
    Author: Ronald Cron <ronald.cron@arm.com>
    Date:   Thu Mar 4 17:09:00 2021 +0100

        psa: ecdsa: Prefer NOT_SUPPORTED error code

had an incorrect merge conflict resolution.  Correct this, allowing the
test "PSA sign: invalid algorithm for ECC key" to pass again.

Signed-off-by: David Brown <david.brown@linaro.org>
2021-03-12 12:21:45 -07:00
David Brown dcdde59c6f tests: psa: Change Elliptic curve defines to PSA names
Now that PSA crypto config supports the new PSA_WANT_ECC_xxx defines,
change the psa-specific test suites to use these new names.

Signed-off-by: David Brown <david.brown@linaro.org>
2021-03-10 13:19:45 -07:00
Manuel Pégourié-Gonnard 17605f072b
Merge pull request #4151 from ronald-cron-arm/psa-sign_verify-hash
PSA sign and verify hash rework
2021-03-10 10:08:50 +01:00
Ronald Cron bb9cbc7a23 psa: ecdsa: Prefer NOT_SUPPORTED error code
When ECDSA is not supported by the library, prefer
to return NOT_SUPPORTED than INVALID_ARGUMENT when
asked for an ECDSA signature.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-03-04 17:43:31 +01:00
Ronald Cron 9103d490e8 psa: ecdsa: Rework deterministic support check
Move the check that ECDSA is supported from the
caller of the function responsible for Mbed TLS
ECDSA signatures to this function, namely
mbedtls_psa_ecdsa_sign_hash().

This makes the caller code more readable and is
more aligned with what is expected from a
sign_hash() PSA driver entry point.

Add a negative test case where a deterministic
ECDSA signature is requested while the library
does not support deterministic ECDSA.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-03-04 13:32:27 +01:00
Steven Cooreman f9f7fdfe49 Rework MAC algorithm / key type validation
Reworked the validation of MAC algorithm with the used key type by
introducing psa_mac_key_can_do, which guarantees that PSA_MAC_LENGTH can
be called successfully after validation of the algorithm and key type.

This means psa_get_mac_output_length is no longer required.

Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-03-03 19:58:02 +01:00
Steven Cooreman 5ad4bf75e3 Move MAC default length checking into psa_key_policy_permits
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-03-02 21:36:33 +01:00
Steven Cooreman 328f11c50e Language & readability touchups
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-03-02 11:44:51 +01:00
Steven Cooreman 7e39f05929 Using a wildcard as a specific algorithm now reports invalid argument
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-03-01 16:03:40 +01:00
Steven Cooreman ae3f13bf5e Add more test cases and fix AT_LEAST_THIS_LENGTH against base algorithm
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-03-01 16:03:40 +01:00
Steven Cooreman 2c2efa488b Fix dependency-setting script and test dependencies for new tests
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-03-01 16:03:39 +01:00
Steven Cooreman 5d81481a1c Rename AEAD WITH_MINIMUM_LENGTH to AT_LEAST_THIS_LENGTH
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>

# Conflicts:
#	include/psa/crypto_values.h
#	tests/suites/test_suite_psa_crypto.data
2021-03-01 16:00:31 +01:00