Commit graph

15721 commits

Author SHA1 Message Date
Gilles Peskine 7934b3f9f9 Fix mbedtls_psa_get_stats for keys with fancy lifetimes
mbedtls_psa_get_stats() was written back before lifetimes were
structured as persistence and location. Fix its classification of
volatile external keys and internal keys with a non-default
persistence.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-05-27 21:10:09 +02:00
Gilles Peskine 7aa260d481 New macro PSA_KEY_LIFETIME_IS_READ_ONLY
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-05-27 21:10:09 +02:00
Gilles Peskine a5a800dce0 More informative message on invalid classification flags
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-05-27 21:10:09 +02:00
Gilles Peskine e02263da34 Add lifetime metadata tests
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-05-27 21:10:09 +02:00
Ronald Cron 72dcd4e4f1
Merge pull request #4385 from gilles-peskine-arm/psa-storage-format-test-algorithms
Backport 2.x: PSA storage format test: algorithms
2021-05-27 17:34:29 +02:00
Ronald Cron 9df7209bf6
Merge pull request #4546 from Patater/psa-without-genprime-fix-2.x
[Backport 2.x] psa: Support RSA signature without MBEDTLS_GENPRIME
2021-05-27 14:19:14 +02:00
Gilles Peskine f20390f387
Merge pull request #4557 from gilles-peskine-arm/aria_alt-2.x
Backport 2.x: Fix ARIA_ALT header and self-test and CAMELLIA_ALT self-test
2021-05-25 20:32:53 +02:00
Gilles Peskine 46d3a3782d Document include_intermediate in PSAMacroEnumerator
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-05-25 19:35:25 +02:00
Gilles Peskine 643eb83f06 key_storage_read: pass exercise as a flag rather than a boolean
This will allow adding other flags in the future.

No intended behavior change.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-05-25 19:35:20 +02:00
Gilles Peskine 6d3c4c736d Add missing test suites to CMakeLists.txt
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-05-25 19:35:17 +02:00
Gilles Peskine 30ccba48ef Do support multiple files generated from the same script
The call to `tests/scripts/generate_psa_tests.py` added by the commit
"generate_psa_tests.py: allow generating each file independently"
assumed that the `check` function supports multiple file names, but in
fact it does not do so. When `generate_psa_tests.py` started generating
more than one file, `check-generated-files.sh` did not detect changes to
files other than the first one listed by `generate_psa_tests.py --list`.

Fix this: change `check` to support either a single directory (with
detection of added/removed files) or a list of files (which is assumed
to be static).

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-05-25 19:35:17 +02:00
Gilles Peskine ff9629f92d Abbreviate algorithms in test descriptions
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-05-25 19:35:14 +02:00
Gilles Peskine 08966e6fbc Remove duplicates from enumerated test inputs
When generating expressions to construct test case data, there can be
duplicate values, for example if a value of the form C(A) is present
as such in test_suite_psa_crypto_metadata.data and also constructed by
enumerating the argument A for the constructor C. Eliminate such
duplicates in generate_expressions.

This commit removes many test cases that were exact duplicates (and
were near-duplicates differing only in whitespace before the
whitespace normalization).

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-05-25 19:35:05 +02:00
Gilles Peskine 0a93c1b1ce Normalize whitespace in test arguments
Avoid ending up with test cases that only differ in whitespace in an
argument.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-05-25 19:34:47 +02:00
Gilles Peskine 8a55b434c2 Don't generate non-existent dependency symbols
Filter our algorithm constructors that don't have a dependency symbol
of their own.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-05-25 19:34:23 +02:00
Gilles Peskine cf70d07c8b Define dependency symbols for hashless signature algorithms
Define the dependency symbols PSA_WANT_ALG_ECDSA_ANY and
PSA_WANT_ALG_RSA_PKCS1V15_SIGN_RAW as de facto synonyms of
PSA_WANT_ALG_ECDSA and PSA_WANT_ALG_RSA_PKCS1V15_SIGN respectively: if
either one is requested, the other is set.
This makes it easier to systematically determine the dependencies of
an algorithm.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-05-25 19:34:20 +02:00
Gilles Peskine b93f854f4c Expand psa_generate_tests to support constructor arguments
In macro_collector.py, base InputsForTest on PSAMacroEnumerator rather
than PSAMacroCollector. It didn't make much sense to use
PSAMacroCollector anymore since InputsForTest didn't use anything
other than the constructor.

psa_generate_tests now generates arguments for more macros.
In particular, it now collects macro arguments from
test_suite_psa_crypto_metadata. Algorithms with parameters are now
supported.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-05-25 19:34:09 +02:00
Gilles Peskine ae9f14b159 Speed up the generation of storage format test cases
First build a list of all keys, then construct all the corresponding
test cases. This allows all required information to be obtained in
one go, which is a significant performance gain as the information
includes numerical values obtained by compiling a C program.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-05-25 19:31:21 +02:00
Gilles Peskine 0ba69a462e Fix KeyType with parameters passed in the name argument
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-05-25 19:31:21 +02:00
Gilles Peskine d6d2d6a7d7 Use InputsForTest in generate_psa_tests
In generate_psa_tests, use InputsForTest rather than PSAMacroCollector
to gather values. This way, the enumeration of values to test includes
values used in metadata tests in addition to constructors parsed from
header files. This allows greater coverage of values built from
constructors with arguments. This doesn't make a difference yet, but
it will once algorithm constructors with arguments are supported in
generate_psa_tests.

Make the injection of numerical values optional. They are useful for
test_psa_constant_names, so keep them there. Don't use them for
not-supported tests: they might make sense, but the current code
wouldn't work since it doesn't know how to make up fake key material
or what dependencies to generate. Don't use them for storage tests:
they only make sense for supported values.

Don't inject 'PSA_SUCCESS': that's superfluous.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-05-25 19:31:21 +02:00
Gilles Peskine 3cf3a8ebdf Move InputsForTest to macro_collector.py
This is useful to generate PSA tests for more than constant names.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-05-25 19:31:21 +02:00
Gilles Peskine e30ad46f91 Add type annotations
Prepare to move InputsForTest to macro_collector.py.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-05-25 19:31:21 +02:00
Gilles Peskine 4d59f01bcd Fix copypasta in documentation
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-05-25 19:31:21 +02:00
Gilles Peskine 6a73f5592b Changelog entry for the ARIA_ALT and CAMELLIA_ALT fixes
Fix ARMmbed/mbed-os#14694

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-05-25 18:45:04 +02:00
Gilles Peskine 66c616a393 CAMELLIA: add missing context init/free
This fixes the self-test with alternative implementations.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-05-25 18:45:04 +02:00
Gilles Peskine ccbbb2c501 ARIA: add missing context init/free
This fixes the self-test with alternative implementations.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-05-25 18:45:04 +02:00
Gilles Peskine a8d0718b1c Fix misplaced extern "C" affecting MBEDTLS_ARIA_ALT
Reported via Mbed OS:
https://github.com/ARMmbed/mbed-os/issues/14694

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-05-25 18:45:04 +02:00
Ronald Cron aede2d0c52
Merge pull request #4533 from gilles-peskine-arm/host_test-int32-2.x
Backport 2.x: Fix build error in host_test.function when int32_t is not int
2021-05-21 16:02:11 +02:00
Jaeden Amero c17f29309f psa: Support RSA signature without MBEDTLS_GENPRIME
On space-constrained platforms, it is a useful configuration to be able
to import/export and perform RSA key pair operations, but to exclude RSA
key generation, potentially saving flash space. It is not possible to
express this with the PSA_WANT_ configuration system at the present
time. However, in previous versions of Mbed TLS (v2.24.0 and earlier) it
was possible to configure a software PSA implementation which was
capable of making RSA signatures but not capable of generating RSA keys.
To do this, one unset MBEDTLS_GENPRIME.

Since the addition of MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR, this
expressivity was lost. Expressing that you wanted to work with RSA key
pairs forced you to include the ability to generate key pairs as well.

Change psa_crypto_rsa.c to only call mbedtls_rsa_gen_key() if
MBEDTLS_GENPRIME is also set. This restores the configuration behavior
present in Mbed TLS v2.24.0 and earlier versions.

It left as a future exercise to add the ability to PSA to be able to
express a desire for a software or accelerator configuration that
includes RSA key pair operations, like signature, but excludes key pair
generation.

Without this change, linker errors will occur when attempts to call,
which doesn't exist when MBEDTLS_GENPRIME is unset.
    psa_crypto_rsa.c.obj: in function `rsa_generate_key':
    psa_crypto_rsa.c:320: undefined reference to `mbedtls_rsa_gen_key'

Fixes #4512

Signed-off-by: Jaeden Amero <jaeden.amero@arm.com>
2021-05-21 10:21:27 +01:00
Jaeden Amero 9657334b57 psa: Add missing RSA test dependency
The test "PSA generate key: RSA, 1024 bits, good, encrypt (OAEP
SHA-256)" had a dependency on MBEDTLS_GENPRIME, but this was not listed
in the dependencies. Add MBEDTLS_GENPRIME to the test's dependencies to
ensure it has what it needs to run.

Signed-off-by: Jaeden Amero <jaeden.amero@arm.com>
2021-05-21 10:20:41 +01:00
Manuel Pégourié-Gonnard 7dea07610c
Merge pull request #4289 from gilles-peskine-arm/openssl-dhparam-robustness-development
Backport 2.x: Fix SSL tests scripts with recent OpenSSL server with Diffie-Hellman
2021-05-21 10:16:18 +02:00
Manuel Pégourié-Gonnard db97b1e211
Merge pull request #4491 from netfoundry/fix-mingw-build
Backport 2.x : Use proper formatting macros when using MinGW provided stdio
2021-05-21 10:03:18 +02:00
Janos Follath d76f7ba2e1
Merge pull request #4529 from hanno-arm/ssl_session_cache_fix_backport_2x
Backport 2.x: Add session ID as an explicit parameter to SSL session cache API
2021-05-21 08:49:11 +01:00
Hanno Becker c304679c75 Add ChangeLog entry
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-05-21 05:29:01 +01:00
Gilles Peskine d135b57e8c
Merge pull request #4412 from gilles-peskine-arm/undefined-reference-2.27
Backport 2.x: Fix missing compilation guard around psa_crypto_driver_wrappers.c
2021-05-20 17:20:36 +02:00
Gilles Peskine a33cb76820
Merge pull request #4493 from netfoundry/gcc11.fixes_2.x
Backport 2.x: build with gcc11
2021-05-20 15:54:20 +02:00
Gilles Peskine 05c11e3dd5
Merge pull request #4503 from gilles-peskine-arm/ciphersuite-sha384-guard-2.x
Backport 2.x: fix SHA384 guards in TLS
2021-05-19 21:13:08 +02:00
Gilles Peskine ad0e01248d Fix missing compilation guard around psa_crypto_driver_wrappers.c
Fix #4411.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-05-19 21:03:46 +02:00
Gilles Peskine c54010c3ec Split SHA-512 and SHA-384 guards for hash availability code
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-05-19 16:58:15 +02:00
Gilles Peskine fc9c07ff8f Fix unused variable with MBEDTLS_SHA512_NO_SHA384
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-05-19 16:58:13 +02:00
Gilles Peskine d2d59379ed Remove dead code under MBEDTLS_SHA512_NO_SHA384
TLS code specific to SHA-384 was gated on MBEDTLS_SHA512_C. But SHA-384 also
requires that MBEDTLS_SHA512_NO_SHA384 is not defined. This lead to dead
code in TLS when MBEDTLS_SHA512_C and MBEDTLS_SHA512_NO_SHA384 were both
defined (i.e. when SHA-512 was enabled but not SHA-384).

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-05-19 16:58:10 +02:00
Gilles Peskine 367379d7fc Fix dependencies on SHA384 cipher suites
They depended on MBEDTLS_SHA512_C only. A check for !MBEDTLS_SHA512_NO_SHA384
was missing.

Fix #4499.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-05-19 16:58:08 +02:00
Gilles Peskine 3d23e28ee1 Fix dependency for TLS-RSA-WITH-CAMELLIA-256-GCM-SHA384
Fix #4472

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-05-19 16:57:40 +02:00
Ronald Cron 7eee55e85f
Merge pull request #4527 from gilles-peskine-arm/psa-deprecated-macros-20210516
[2.x only] Remove some remaining uses of deprecated constants
ok with only one approval thus merging.
2021-05-19 14:44:37 +02:00
Dave Rodgman f6de5d99f4
Merge pull request #4537 from daverodgman/padlock-docs-fix-2.x
2.x backport: Fix docs for mbedtls_padlock_has_support
2021-05-19 12:12:39 +01:00
Gilles Peskine e14e839e1f
Merge pull request #4525 from gilles-peskine-arm/pr_4357-changelog
Backport 2.x: Add changelog entry for #4357
2021-05-19 11:58:08 +02:00
Manuel Pégourié-Gonnard 21bfbdd703 Fix misuse of MD API in SSL constant-flow HMAC
The sequence of calls starts-update-starts-update-finish is not a
guaranteed valid way to abort an operation and start a new one. Our
software implementation just happens to support it, but alt
implementations may very well not support it.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2021-05-19 10:40:02 +02:00
Hanno Becker 83e3671d87 Don't check ciphersuite and compression in SSL session cache lookup
Session-ID based session resumption requires that the resumed session
is consistent with the client's ClientHello in terms of choice of
ciphersuite and choice of compression.

This check was previously assumed to be performed in the session cache
implementation, which seems wrong: The session cache should be an id-based
lookup only, and protocol specific checks should be left to Mbed TLS.

This commit
- adds an explicit ciphersuite and compression consistency check after
  the SSL session cache has been queried
- removes the ciphersuite and compression consistency check from
  Mbed TLS' session cache reference implementation.

Don't use ssl_check_xxx() for functions with void return

Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-05-19 05:09:56 +01:00
Dave Rodgman 6efa722e59 Fix docs for mbedtls_padlock_has_support
Fix a slight inaccuracy in the docs for the return value of
mbedtls_padlock_has_support.

Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2021-05-18 19:35:24 +01:00
Gilles Peskine 47cd121d18 Fix build error when int32_t is not int
Fix a pointer mismatch when int32_t is not int, for example on Cortex-M where
in32_t is long int. Fix #4530

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-05-18 16:43:00 +02:00