Commit graph

16572 commits

Author SHA1 Message Date
Gilles Peskine 0de11438bb Storage format tests: exercise operations with keys
In key read tests, add usage flags that are suitable for the key type and
algorithm. This way, the call to exercise_key() in the test not only checks
that exporting the key is possible, but also that operations on the key are
possible.

This triggers a number of failures in edge cases where the generator
generates combinations that are not valid, which will be fixed in subsequent
commits.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-15 16:15:48 +02:00
Gilles Peskine 930ccefba0 Abbreviate descriptions of generated PSA storage tests
This currently makes all the descriptions unambiguous even when truncated at
66 characters, as the unit test framework does.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-15 16:15:48 +02:00
Gilles Peskine d79aef5f3c Unify the code to shorten expressions
The output of generate_psa_tests.py is almost unchanged: the differences are
only spaces after commas (now consistently omitted).

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-15 16:15:48 +02:00
Gilles Peskine d9af978f41 Refactor usage flag formatting and implication
When generating storage format tests, pass usage flags around as a list, and
format them as the last thing.

In Storagekey(), simplify the addition of implicit usage flags: this no
longer requires parsing.

The output is unchanged.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-15 16:15:48 +02:00
Gilles Peskine 6213a00ec1 Storage format tests: cover algorithms for each key type
In the generated storage format test cases, cover all supported
algorithms for each key type. This is a step towards exercising
the key with all the algorithms it supports; a subsequent commit
will generate a policy that permits the specified algorithms.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-15 16:15:48 +02:00
Gilles Peskine 989c13dece Remove ad hoc is_valid_for_signature method
Use the new generic is_public method.

Impact on generated cases: there are new HMAC test cases for SIGN_HASH. It
was a bug that these test cases were previously not generated.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-15 16:15:44 +02:00
Gilles Peskine a16d8fcee9
Merge pull request #5697 from gilles-peskine-arm/psa-test-op-fail-2.28
Backport 2.28: PSA: systematically test operation failure
2022-04-15 10:52:50 +02:00
Gilles Peskine 37f6d01b94
Merge pull request #5737 from mpg/clean-compat-sh-2.28
[backport 2.28] clean up compat.sh
2022-04-14 14:04:34 +02:00
Manuel Pégourié-Gonnard 6abc6259d5 Add comment in compat.sh about callers
Also update comments about default versions and excludes while at it.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-04-14 09:29:01 +02:00
Manuel Pégourié-Gonnard b623832176 Fix compat.sh invocation in basic-built-test.sh
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-04-14 09:12:10 +02:00
Gilles Peskine 03efa0b8d3 Fix ARIA support in test driver configuration
Deduce MBEDTLS_PSA_ACCEL_KEY_TYPE_ARIA for the driver build from its value
from the core build, as is done for other key types. This had not been done
correctly when adding ARIA support to the PSA subsystem.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-12 17:15:56 +02:00
Gilles Peskine 186331875a test_psa_crypto_config_accel_cipher: deactivate CMAC
We don't yet support all combinations of configurations. With all.sh as it
currently stands, component_test_psa_crypto_config_accel_cipher results in a
build where PSA_WANT_ALG_CMAC is disabled but CMAC operations succeed
nonetheless, going via the driver. With the systematic testing of
not-supported operations, this now results in a test failure.

The code in all.sh does not respect the principle documented in
df885c052c701b89c24ad5f305114f8f8b39d750:

> The PSA_WANT_* macros have to be the same as the ones
> used to build the Mbed TLS library the test driver
> library is supposed to be linked to as the PSA_WANT_*
> macros are used in the definition of structures and
> macros that are shared by the PSA crypto core,
> Mbed TLS drivers and the driver test library.

Disable PSA_WANT_ALG_CMAC completely in this test component. This is not
wrong and it makes the test component pass.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-12 17:15:56 +02:00
Gilles Peskine d81b5ae238
Merge pull request #5717 from daverodgman/backport_2.28-alert_reentrant
Backport 2.28 - make mbedtls_ssl_send_alert_message() reentrant
2022-04-12 11:05:26 +02:00
Dave Rodgman 50b677d9e5
Merge pull request #5713 from tom-cosgrove-arm/pr-2479-backport-2.28
Backport 2.28: Fix spelling of 'features' in comment
2022-04-11 09:50:36 +01:00
Dave Rodgman c2d1938a0d
Merge pull request #5720 from tom-cosgrove-arm/adamwolf-reasonable-2.28
Backport 2.28: Fix spelling of 'reasonable' in comments
2022-04-11 09:47:26 +01:00
Manuel Pégourié-Gonnard 9cd8831472
Merge pull request #5721 from tom-cosgrove-arm/roneld-1805-2.28
Backport 2.28: Fix Shared Library compilation issue with Cmake
2022-04-11 09:31:21 +02:00
Gilles Peskine 27ad033a96
Merge pull request #5718 from AndrzejKurek/timeless-struggles-2-28
Backport 2.28: Remove the dependency on MBEDTLS_TIME_H from the timing module
2022-04-08 18:43:12 +02:00
Ron Eldor b283228ea3 Fix shared library link error with cmake on Windows
Set the library path as the current binary dir

Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2022-04-08 17:16:13 +01:00
Adam Wolf ef30d90cf0 Fix spelling of 'reasonable' in comments
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2022-04-08 17:02:33 +01:00
Gilles Peskine 7ece768578 Seed the PRNG even if time() isn't available
time() is only needed to seed the PRNG non-deterministically. If it isn't
available, do seed it, but pick a static seed.

Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-04-08 08:34:50 -04:00
Andrzej Kurek 263d8f7e61 Remove the dependency on MBEDTLS_HAVE_TIME from MBEDTLS_TIMING_C
The timing module might include time.h on its own when on
a suitable platform, even if MBEDTLS_HAVE_TIME is disabled.

Co-authored-by: Tom Cosgrove <tom.cosgrove@arm.com>
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-04-08 08:34:41 -04:00
Andrzej Kurek 2603fec329 Remove dummy timing implementation
Having such implementation might cause issues for those that
expect to have a working implementation.
Having a compile-time error is better in such case.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-04-08 08:28:50 -04:00
Dave Rodgman 28fd4cd8e9 Update ChangeLog.d/alert_reentrant.txt
Co-authored-by: Gilles Peskine <gilles.peskine@arm.com>
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2022-04-08 12:58:19 +01:00
Hanno Becker a349cfd585 Add ChangeLog entry
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2022-04-08 12:06:37 +01:00
Hanno Becker d9c66c0509 Make alert sending function re-entrant
Fixes #1916

Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2022-04-08 12:06:14 +01:00
Jacob Schloss 1882b9a8cd Fix spelling of 'features' in comment
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2022-04-08 11:48:57 +01:00
Gilles Peskine e29a837ed3
Merge pull request #5705 from AndrzejKurek/off-by-one-ssl-opt-2-28
Backport 2.28 - Fix an off-by-one error in ssl-opt.sh
2022-04-07 16:20:58 +02:00
Andrzej Kurek 363553b5e4 Fix an off-by-one error in ssl-opt.sh
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-04-06 13:38:15 -04:00
Gilles Peskine dbeaad3e0c Add missing logic for accelerated ECB under MBEDTLS_PSA_CRYPTO_CONFIG
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-05 15:19:16 +02:00
Gilles Peskine bc79582105 Fix psa_mac_verify() returning BUFFER_TOO_SMALL
It doesn't make sense for psa_mac_verify() to return
PSA_ERROR_BUFFER_TOO_SMALL since it doesn't have an output buffer. But this
was happening when requesting the verification of an unsupported algorithm
whose output size is larger than the maximum supported MAC size, e.g.
HMAC-SHA-512 when building with only SHA-256 support. Arrange to return
PSA_ERROR_NOT_SUPPORTED instead.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-05 15:19:16 +02:00
Gilles Peskine 449e02e909 If a cipher algorithm is not supported, fail during setup
In some cases, a cipher operation for an unsupported algorithm could succeed
in psa_cipher_{encrypt,decrypt}_setup() and fail only when input is actually
fed. This is not a major bug, but it has several minor downsides: fail-late
is harder to diagnose for users than fail-early; some code size can be
gained; tests that expect failure for not-supported parameters would have to
be accommodated to also accept success.

This commit at least partially addresses the issue. The only completeness
goal in this commit is to pass our full CI, which discovered that disabling
only PSA_WANT_ALG_STREAM_CIPHER or PSA_WANT_ALG_ECB_NO_PADDING (but keeping
the relevant key type) allowed cipher setup to succeed, which caused
failures in test_suite_psa_crypto_op_fail.generated in
component_test_psa_crypto_config_accel_xxx.

Changes in this commit:
* mbedtls_cipher_info_from_psa() now returns NULL for unsupported cipher
  algorithms. (No change related to key types.)
* Some code that is only relevant for ECB is no longer built if
  PSA_WANT_ALG_ECB_NO_PADDING is disabled.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-05 15:19:16 +02:00
Gilles Peskine 161c5ee5ff Use a plausible input size with asymmetric verification
Otherwise the error status can be PSA_ERROR_INVALID_SIGNATURE instead of the
expected PSA_ERROR_NOT_SUPPORTED in some configurations. For example, the
RSA verification code currently checks the signature size first whenever
PSA_KEY_TYPE_RSA_PUBLIC_KEY is enabled, and only gets into
algorithm-specific code if this passes, so it returns INVALID_SIGNATURE even
if the specific algorithm is not supported.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-05 15:19:16 +02:00
Gilles Peskine c2fc241e46 Test attempts to use a public key for a private-key operation
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-05 15:19:16 +02:00
Gilles Peskine 739c98c5e8 Make psa_key_derivation_setup return early if the key agreement is not supported
Otherwise the systematically generated algorithm-not-supported tests
complain when they try to start an operation and succeed.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-05 15:19:16 +02:00
Gilles Peskine ea0d95e27b Make psa_key_derivation_setup return early if the hash is not supported
Otherwise the systematically generated algorithm-not-supported tests
complain when they try to start an operation and succeed.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-05 15:19:16 +02:00
Gilles Peskine cdacf0431b Simplify is_kdf_alg_supported in psa_key_derivation_setup_kdf
No behavior change.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-05 15:19:16 +02:00
Gilles Peskine 23cb12ef9f A key agreement algorithm can contain a key derivation
PSA_ALG_KEY_AGREEMENT(..., kdf) is a valid key derivation algorithm
when kdf is one.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-05 15:19:16 +02:00
Gilles Peskine d096445dfe In NOT_SUPPORTED test case descriptions, show what is not supported
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-05 15:19:16 +02:00
Gilles Peskine 35409be6aa Add a few manual test cases
They're redundant with the automatically generated test cases, but it's
useful to have them when debugging issues with the test code.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-05 15:19:16 +02:00
Gilles Peskine f8b6b503b4 Systematically generate test cases for operation setup failure
The test suite test_suite_psa_crypto_op_fail now runs a large number
of automatically generated test cases which attempt to perform a
one-shot operation or to set up a multi-part operation with invalid
parameters. The following cases are fully covered (based on the
enumeration of valid algorithms and key types):
* An algorithm is not supported.
* The key type is not compatible with the algorithm (for operations
  that use a key).
* The algorithm is not compatible for the operation.

Some test functions allow the library to return PSA_ERROR_NOT_SUPPORTED
where the test code generator expects PSA_ERROR_INVALID_ARGUMENT or vice
versa. This may be refined in the future.

Some corner cases with algorithms combining a key agreement with a key
derivation are not handled properly. This will be fixed in follow-up
commits.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-05 15:19:16 +02:00
Gilles Peskine 390543381c Add knowledge of the compatibility of key types and algorithms
Determine key types that are compatible with an algorithm based on
their names.

Key derivation and PAKE are not yet supported.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-05 15:19:16 +02:00
Gilles Peskine 0dacd4d266 Add knowledge of algorithms
Determine the category of operations supported by an algorithm based
on its name.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-05 15:19:16 +02:00
Gilles Peskine a218047245 Generate test cases for hash operation failure
Test that hash operation functions fail when given a hash algorithm
that is not supported or an algorithm that is not a hash.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-05 15:19:16 +02:00
Gilles Peskine c05158bf86 New test suite for systematically generated operation failure tests
The new test suite psa_crypto_op_fail is intended for systematically
generated test cases that ensure that cryptographic operations with
invalid parameters fail as expected. I intend invalid parameters to
cover things like an invalid algorithm, an algorithm that is
incompatible with the operation, a key type that is incompatible with
the algorithm, etc.

This commit just creates the infrastructure. Subsequent commits will
add data generation and test code.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-05 15:19:16 +02:00
Gilles Peskine 2a71b72bd5 Add missing type annotation
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-05 15:19:16 +02:00
Gilles Peskine a296e48b2b Simplify key_for_usage_flags
Generate "with implication" and "without implication" usage test cases
separately.

The set of generated test cases is unchanged. The order, and the description
of "with implication" test cases, changes.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-05 15:19:16 +02:00
Gilles Peskine b5c4382bef check-generated-files.sh -u: don't update file timestamps
When running check-generated-files in update mode, all generated files were
regenerated. As a consequence,
```
tests/scripts/check-generated-files.sh -u && make
```
always caused most of the code to be rebuilt. Now, if a file hasn't changed,
preserve its original modification time (and other metadata), so the command
above doesn't rebuild anything that has actually not changed.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-05 15:19:16 +02:00
Gilles Peskine 619cbfedc9
Merge pull request #5696 from yanesca/fix-lts-version-in-guidelines-2.28
Fix lts version in guidelines [2.28 Backport]
2022-04-05 11:11:22 +02:00
Janos Follath b71c6259b4 Fix LTS version in contributing guidelines
The LTS branch hasn't been updated in the contributing guidelines.
Deleting it instead of updating as the information is available at the
link above and deleting prevents similar mistakes in the future.

Signed-off-by: Janos Follath <janos.follath@arm.com>
2022-04-05 09:05:22 +01:00
Gilles Peskine a8827d190f
Merge pull request #5542 from gilles-peskine-arm/config-baremetal-size-2.28
Backport 2.28: Disable debugging features in the primary code size measurement job
2022-04-04 16:13:05 +02:00