Commit graph

12382 commits

Author SHA1 Message Date
Gilles Peskine a9478bab08 Fix configuration short name in key-exchanges.pl
This is testing with $kex, not without $kex, so use $kex, not "-$kex".

In test-ref-configs.pl, use $conf rather than "$conf". This is purely
a matter of Perl coding style.
2019-09-24 19:21:19 +02:00
Gilles Peskine 7a020f3d10 Make test case descriptions unique
Remove one test case which was an exact duplicate.

Tweak the description of two test cases that had the same description.
2019-09-24 19:21:19 +02:00
Gilles Peskine ba94b58127 New test script check-test-cases.py
This script checks test case descriptions in test_suite_*.data and
ssl-opt.sh.

It reports the following issues:
* Error: forbidden character in a test case description.
* Error: Duplicate test description.
* Warning: Test description is too long.
2019-09-24 19:21:19 +02:00
Gilles Peskine 508caf528a Document the test outcome file 2019-09-24 19:21:19 +02:00
Gilles Peskine d46b0869f4 Create infrastructure for architecture documents in Markdown 2019-09-24 19:21:19 +02:00
Gilles Peskine 67ffdafde6 all.sh --outcome-file creates an outcome file
By default, remove the outcome file before starting. With
--append-outcome, append to the existing outcome file if there is one.
2019-09-24 19:21:19 +02:00
Gilles Peskine 178c9aa966 Key derivation: forbid output_key without input_key
If none of the inputs to a key derivation is a
PSA_KEY_DERIVATION_INPUT_SECRET passed with
psa_key_derivation_input_key(), forbid
psa_key_derivation_output_key(). It usually doesn't make sense to
derive a key object if the secret isn't itself a proper key.
2019-09-24 18:39:03 +02:00
Gilles Peskine 1a2904c49a derive_input test function: Try output afterwards
After passing some inputs, try getting one byte of output, just to
check that this succeeds (for a valid sequence of inputs) or fails
with BAD_STATE (for an invalid sequence of inputs). Either output a
1-byte key or a 1-byte buffer depending on the test data.

The test data was expanded as follows:
* Output key type (or not a key): same as the SECRET input if success
  is expected, otherwise NONE.
* Expected status: PSA_SUCCESS after valid inputs, BAD_STATE after any
  invalid input.
2019-09-24 18:39:03 +02:00
Gilles Peskine 2058c07724 derive_input test function: More logical parameter order
No behavior change.
2019-09-24 18:39:03 +02:00
Gilles Peskine 7ebd4dcf57 Key derivation: allow both keys and direct inputs (function doc)
Update the documentation of psa_key_derivation_input_key() and
psa_key_derivation_input_bytes() now that the key/buffer distinction
is not mandatory.
2019-09-24 18:39:03 +02:00
Gilles Peskine b8965193a0 Use the constant PSA_KEY_TYPE_NONE rather than 0
No behavior change, just a readability improvement.
2019-09-24 18:39:03 +02:00
Gilles Peskine 46d7faf195 Don't jump past a variable declaration
This is valid C99 (since the variable in question is not a VLA and is
not used) but not accepted by IAR 8.20.
2019-09-24 18:39:03 +02:00
Gilles Peskine 593773d9f2 Consistently abort key derivation operations on input error 2019-09-24 18:39:03 +02:00
Gilles Peskine 224b0d656a Key derivation: allow both keys and direct inputs
Allow a direct input as the SECRET input step in a key derivation, in
addition to allowing DERIVE keys. This makes it easier for
applications to run a key derivation where the "secret" input is
obtained from somewhere else. This makes it possible for the "secret"
input to be empty (keys cannot be empty), which some protocols do (for
example the IV derivation in EAP-TLS).

Conversely, allow a RAW_DATA key as the INFO/LABEL/SALT/SEED input to a key
derivation, in addition to allowing direct inputs. This doesn't
improve security, but removes a step when a personalization parameter
is stored in the key store, and allows this personalization parameter
to remain opaque.

Add test cases that explore step/key-type-and-keyhood combinations.
2019-09-24 18:39:03 +02:00
Gilles Peskine 6842ba4d7a PSA crypto KDF: test bytes/key input independently of the step type
This commit only makes derive_input more flexible so that the key
derivation API can be tested with different key types and raw data for
each input step. The behavior of the test cases remains the same.
2019-09-24 18:39:03 +02:00
Gilles Peskine 6ddb4d8434 Improve descriptions of derive test cases
Systematically use "PSA key derivation setup" for derive_setup. This
resolves the ambiguity between derive_setup and derive_input calls.
2019-09-24 18:37:19 +02:00
Gilles Peskine 31b0a3c351 Add a test component with malloc(0) returning NULL
Exercise the library functions with calloc returning NULL for a size
of 0. Make this a separate job with UBSan (and ASan) to detect
places where we try to dereference the result of calloc(0) or to do
things like

    buf = calloc(size, 1);
    if (buf == NULL && size != 0) return INSUFFICIENT_MEMORY;
    memcpy(buf, source, size);

which has undefined behavior when buf is NULL at the memcpy call even
if size is 0.

This is needed because other test components jobs either use the system
malloc which returns non-NULL on Linux and FreeBSD, or the
memory_buffer_alloc malloc which returns NULL but does not give as
useful feedback with ASan (because the whole heap is a single C
object).
2019-09-24 18:28:26 +02:00
Gilles Peskine 0a048b2833
Merge pull request #270 from gilles-peskine-arm/test_outcome_file-crypto-fix
Fix test case descriptions
2019-09-24 15:54:54 +02:00
Gilles Peskine 888de8fdd9
Merge pull request #280 from athoelke/at-fix264
Include vendor-defined algorithm macros
2019-09-24 15:47:49 +02:00
Andrew Thoelke c6f03ef6d4 Include IANA reference in the definition of ECC curves and DH groups
Fixes ARMmbed/psa-crypto#262
2019-09-24 13:19:49 +01:00
Andrew Thoelke dd49cf984b Include vendor-defined algorithm macros
Fixes ARMmbed/psa-crypto#264
2019-09-24 13:11:49 +01:00
Ron Eldor af7724e985 Fix endianity issue when reading uint32
The uint32 is given as a bigendian stream, in the tests, however,
the char buffer that collected the stream read it as is,
without converting it. Add a temporary buffer, to call `greentea_getc()`
8 times, and then put it in the correct endianity for input to `unhexify()`.
2019-09-24 11:23:15 +03:00
Ron Eldor 635888b287 Reduce stack usage of test_suite_pkcs1_v15
Reduce the stack usage of the `test_suite_pkcs1_v15` by reducing the
size of the buffers used in the tests, to a reasonable big enough size.
2019-09-24 11:22:51 +03:00
Ron Eldor 6fd1aa050e Increase test suite timeout
Increase the test suite timeouit from 180 seconds, to 800 seconds,
since some tests consume more time, even if all tests are skipped.
2019-09-24 11:22:23 +03:00
Ron Eldor 5b8f120fca Reduce stack usage of test_suite_pkcs1_v21
Reduce the stack usage of the `test_suite_pkcs1_v21` by reducing the
size of the buffers used in the tests, to a reasonable big enough size,
and change the size sent to the API to sizeof output.
2019-09-24 11:22:04 +03:00
Ron Eldor fdc15bd581 Reduce stack usage of test_suite_rsa
Reduce the stack usage of the `test_suite_rsa` by reducing the
size of the buffers used in the tests, to a reasonable big enough size,
and change the data size to decrypt in the data file.
2019-09-24 11:21:36 +03:00
Ron Eldor 58e3f69dd3 Reduce stack usage of test_suite_pk
Reduce the stack usage of the `test_suite_pk` by reducing the
size of the buffers used in the tests, to a reasonable big enough size.
2019-09-24 11:21:21 +03:00
Jack Lloyd 71657493f1 Improve speed of PBKDF2 by caching the digest state of the passphrase 2019-09-23 19:15:54 -04:00
Jaeden Amero d1798b4f91 Merge remote-tracking branch 'origin/pr/2821' into development
* origin/pr/2821:
  Update notification e-mail address
  Remove blocked branches
  Update Coverity secure token
2019-09-23 17:29:07 +01:00
Jaeden Amero c21a9f04f9 Merge remote-tracking branch 'origin/pr/2765' into development
* origin/pr/2765: (28 commits)
  Add set+get tests
  Consolidate tests for set with/without values
  config.py testing: also test the get command
  Compatibility redirect: add copyright notice
  Compatibility redirect: if python3 is not available, try python
  Fix config.py output when a symbol has acquired or lost a value
  Remove redundant test case
  cmake: update interpreter requirement for the test suite generator
  cmake: fix Python requirement
  Test script for config.py
  Documentation improvements
  Fix "#define ... not found" error when using the default file name
  Fix "--force set" without a value sneaking a None in
  Fix --force requiring an argument
  Fix Config.unset() making the name known
  Also search config.h near the script
  Report an error if switching to Python fails
  Fix 'config.py set' without --force
  Fix encoding errors
  Print help when invoked with no arguments
  ...
2019-09-23 17:27:44 +01:00
Gilles Peskine 311f54d0ee tls_prf: support an empty master secret
In TLS, the master secret is always a key. But EAP-TLS uses the TLS
PRF to derive an IV with an empty string for the "secret" input. The
code always stored the secret into a key slot before calling the TLS
PRF, but this doesn't work when the secret is empty, since PSA Crypto
no longer supports empty keys. Add a special case for an empty secret.
2019-09-23 18:19:22 +02:00
Gilles Peskine 583afe47cc Add a calloc self-test
Add a very basic test of calloc to the selftest program. The selftest
program acts in its capacity as a platform compatibility checker rather
than in its capacity as a test of the library.

The main objective is to report whether calloc returns NULL for a size
of 0. Also observe whether a free/alloc sequence returns the address
that was just freed and whether a size overflow is properly detected.
2019-09-20 20:22:15 +02:00
Gilles Peskine 38b7c5edeb
Merge pull request #260 from athoelke/at-operations
Update multipart operation documentation
2019-09-20 18:44:44 +02:00
Adrian L. Shaw 21e7145f46 Insert doxygen comments on old algorithms so they appear in PSA documentation 2019-09-20 16:01:11 +01:00
Gilles Peskine 7e88e13d94 Test data: replace "::" by ":"
The current test generator code accepts multiple colons as a
separator, but this is just happenstance due to how the code, it isn't
robust. Replace "::" by ":", which is more future-proof and allows
simple separator-based navigation.
2019-09-20 16:01:59 +02:00
Gilles Peskine efa2ac879d Uniquify test case descriptions
Make check-test-cases.py pass.

Prior to this commit, there were many repeated test descriptions, but
none with the same test data and dependencies and comments, as checked
with the following command:

    for x in tests/suites/*.data; do perl -00 -ne 'warn "$ARGV: $. = $seen{$_}\n" if $seen{$_}; $seen{$_}=$.' $x; done

Wherever a test suite contains multiple test cases with the exact same
description, add " [#1]", " [#2]", etc. to make the descriptions
unique. We don't currently use this particular arrangement of
punctuation, so all occurrences of " [#" were added by this script.

I used the following ad hoc code:

import sys

def fix_test_suite(data_file_name):
    in_paragraph = False
    total = {}
    index = {}
    lines = None
    with open(data_file_name) as data_file:
        lines = list(data_file.readlines())
        for line in lines:
            if line == '\n':
                in_paragraph = False
                continue
            if line.startswith('#'):
                continue
            if not in_paragraph:
                # This is a test case description line.
                total[line] = total.get(line, 0) + 1
                index[line] = 0
            in_paragraph = True
    with open(data_file_name, 'w') as data_file:
        for line in lines:
            if line in total and total[line] > 1:
                index[line] += 1
                line = '%s [#%d]\n' % (line[:-1], index[line])
            data_file.write(line)

for data_file_name in sys.argv[1:]:
    fix_test_suite(data_file_name)
2019-09-20 15:59:31 +02:00
Gilles Peskine 44393c81aa psa_crypto: Add an ECDH+HKDF test with longer output
A test case for 32+0 was present three times, evidently overeager
copy-paste. Replace the duplicates by test cases that read more than
32 bytes, which exercises HKDF a little more (32 bytes is significant
because HKDF-SHA-256 produces output in blocks of 32 bytes).

I obtained the test data by running our implementation, because we're
confident in our implementation now thanks to other test cases: this
data is useful as a non-regression test.
2019-09-20 15:59:28 +02:00
Gilles Peskine d9be186a39 psa_crypto: Fix OAEP test
There's a SHA256 test without a label and one with a label, so do the
same for SHA384.
2019-09-20 15:59:24 +02:00
Gilles Peskine d17cf9d0c4 psa_crypto: Remove duplicate test case
Nothing seems to be missing in its stead.
2019-09-20 15:59:17 +02:00
Gilles Peskine 52c7d998af psa_crypto_se_driver_hal: Fix copypasta in test cases
Before: say CCM twice, do GCM twice.
After: say CCM and do CCM, then say GCM and do GCM.
2019-09-20 15:59:00 +02:00
Gilles Peskine f3eddd68bb pkcs1_v21: Fix copypasta in test case
There should have been a good-saltlen test case and a bad-saltlen test
case for both sizes 522 and 528, but the 522-bad-saltlen test case was
missing and the 528-good-saltlen test case was repeated. Fix this.
2019-09-20 15:58:54 +02:00
Gilles Peskine c5dce20b4e cipher.nist_kw: Fix duplicate test case
There are two test vectors in RFC 5649. There was only one in our test
suite, run twice. Put the second test vector instead of repeating the
first.
2019-09-20 15:58:48 +02:00
Gilles Peskine bfcb69cd5c blowfish: Fix encrypt test case that should have been decrypt
Test vector #15 was encrypted twice. Decrypt it the second time.
2019-09-20 15:58:36 +02:00
Gilles Peskine e07960cf40 aria: Remove duplicate test cases
No data seems to be missing, just some duplicated cases, perhaps due
to naming inconsistencies "ECB_Xxcrypt" vs "ECB Xxcrypt" which I also
fixed.
2019-09-20 15:58:27 +02:00
Gilles Peskine c893235ea1
Merge pull request #115 from gilles-peskine-arm/psa-error-compatibility_aliases
Improve how generate_psa_constants handles compatibility aliases
2019-09-19 16:20:08 +02:00
Gilles Peskine 95758f8d61 *.data: remove semicolons from test case descriptions
Don't use semicolons in test case descriptions. The test outcome file
is a semicolon-separated CSV file without quotes to keep things
simple, so fields in that file may not contain semicolons.
2019-09-19 15:26:57 +02:00
Adrian L. Shaw 429fff487a Remove whitespace 2019-09-19 14:03:49 +01:00
Adrian L. Shaw d89338ac47 Add API versioning 2019-09-19 13:32:57 +01:00
Gilles Peskine a291413a1e
Merge pull request #257 from gilles-peskine-arm/psa-remove_zero_length_keys
Forbid zero-length keys
2019-09-19 13:07:41 +02:00
Gilles Peskine 16a25e005d Add set+get tests
The tests were not covering get for a symbol with a value. No symbol
has an uncommented value in the default config.h. (Actually there's
_CRT_SECURE_NO_DEPRECATE, but that's a bit of a hack that this script
is not expected to handle, so don't use it).

Add tests of "get FOO" after "set FOO" and "set FOO value", so that we
have coverage for "get FOO" when "FOO" has a value.
2019-09-19 12:19:24 +02:00