Commit graph

2940 commits

Author SHA1 Message Date
Gilles Peskine 77e47c05f3 Add key material for twisted Edwards curves
Add the test keys from RFC 8032 (§7.1 Ed25519 "TEST 1", §7.4 Ed448 "Blank").
This replaces the generic byte-sized data used for unknown key types
which no longer works now that Ed25519 is considered to have 255 bits.

Re-generate the automatically generated test data accordingly.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-03-29 15:08:10 +02:00
Gilles Peskine 3a1101a122 Define algorithms for EdDSA
Define algorithms for PureEdDSA and for HashEdDSA, the EdDSA variants
defined by RFC 8032.

The encoding for HashEdDSA needs to encode the hash algorithm so that
the hash can be calculated by passing PSA_ALG_SIGN_GET_HASH(sig_alg)
to psa_hash_compute() or psa_hash_setup(). As a consequence,
Ed25519ph (using SHA-512) and Ed448ph (using SHAKE256) need to have
different algorithm encodings (the key is enough to tell them apart,
but it is not known while hashing). Another consequence is that the
API needs to recognize the Ed448 prehash (64 bytes of SHAKE256 output)
as a hash algorithm.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-03-29 14:55:44 +02:00
Gilles Peskine 67546802fe New elliptic curve family: twisted Edwards
Add an elliptic curve family for the twisted Edwards curves
Edwards25519 and Edwards448 ("Goldilocks"). As with Montgomery curves,
since these are the only two curves in common use, the family has a
generic name.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-03-29 14:55:44 +02:00
Ronald Cron ac5db4da0e
Merge pull request #4246 from ronald-cron-arm/finalize-psa-config-support
Finalize PSA config support
2021-03-25 18:12:17 +01:00
Ronald Cron 9f97c6ecdf Update PSA crypto test dependencies
Given the PSA_WANT_* config options added lately,
update set_psa_test_dependencies.py and run it
on test_suite_psa_crypto*.data files but the SE
and generated ones.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-03-24 09:26:44 +01:00
Gilles Peskine 0c510f36dd Fix NULL+0 in test code
Fix likely harmless undefined behavior in cipher tests pointed out by
UBSan with recent compilers (e.g. Clang 10). When the complete output
is empty, the output buffer is NULL. Adding an integer to a null
pointer is undefined behavior even when the integer is 0, so make a
special case for that.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-03-24 00:41:51 +01:00
Ronald Cron ee414c7383 Update dependencies in PSA test code
Replace MBEDTLS_* config options for which there is
an associated PSA_WANT_* to the PSA_WANT_* one. That
way the tests are also run when the dependency is
provided by a driver.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-03-23 16:47:46 +01:00
Ronald Cron 63c3dc9395
Merge pull request #4158 from d3zd3z/pr/psa-config-ec
Create PSA configs for ECC curves
2021-03-22 17:35:04 +01:00
Gilles Peskine 01196d0464
Merge pull request #4214 from gilles-peskine-arm/psa-storage-format-test-types
PSA storage format test case generator
2021-03-22 12:16:17 +01:00
Gilles Peskine 0e7b6ebb64 Fix typos in comments
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-03-17 13:46:59 +01:00
Gilles Peskine d86bc52d78 Cover encodings of algorithms without parameters
Generate test cases for all algorithms without parameters. Only the encoding
of the algorithm in the key metadata is covered: the test keys are not of a
type that permits the algorithm to be used in an operation.

This commit only covers algorithms without parameters. A subsequent commit
will generate algorithms with parameters.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-03-16 22:29:12 +01:00
David Brown 44bfed596d Update PSA not supported generated data
Update this based on the output of the generator script.  The Brainpool
curves are now supported, since they are spelled properly in the config.

Signed-off-by: David Brown <david.brown@linaro.org>
2021-03-15 15:40:10 -06:00
David Brown 110ea816ca psa: Fix name of BRAINPOOL configs
These should be WANT_ECC_BRAINPOOL_P_... not WANT_ECC_BP_...  Change to
match.

Signed-off-by: David Brown <david.brown@linaro.org>
2021-03-15 15:30:28 -06:00
David Brown 85537fa141 psa: ecdsa: Resolve incorrect merge resolution
The commit
    commit dcdde59c6f
    Author: David Brown <david.brown@linaro.org>
    Date:   Tue Feb 23 15:48:13 2021 -0700

        tests: psa: Change Elliptic curve defines to PSA names

when rebased on

    commit bb9cbc7a23
    Author: Ronald Cron <ronald.cron@arm.com>
    Date:   Thu Mar 4 17:09:00 2021 +0100

        psa: ecdsa: Prefer NOT_SUPPORTED error code

had an incorrect merge conflict resolution.  Correct this, allowing the
test "PSA sign: invalid algorithm for ECC key" to pass again.

Signed-off-by: David Brown <david.brown@linaro.org>
2021-03-12 12:21:45 -07:00
Dave Rodgman e483a77c85
Merge pull request #816 from ARMmbed/development
Merge recent commits from development into 2.26.0-rc
2021-03-12 16:55:26 +00:00
Ronald Cron fc86f3f147
Merge pull request #3386 from gabor-mezei-arm/3268_update_macros_for_ouput_buffer_size
Add new support macros for output buffer sizes since PSA API 1.0 beta 3
2021-03-11 13:30:42 +01:00
Gilles Peskine f8223abb16 Cover all key types
Generate test cases for all key types. These test cases cover the key
representation (checked with export) and the encoding of the key type and
the bit-size.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-03-10 23:22:35 +01:00
Gilles Peskine 897dff9527 Code to generate storage format test cases
Start generating storage format test cases. This commit introduces two test
data files: test_suite_psa_crypto_storage_format.v0.data for reading keys in
storage format version 0 (the current version at this time), and
test_suite_psa_crypto_storage_format.current.data for saving keys in the
current format (version 0 at this time).

This commit kicks off the test case generation with test cases to exercise
the encoding of usage flags. Subsequent commits will cover other aspects of
keys.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-03-10 23:22:35 +01:00
Gilles Peskine 00d37d0026 Test code for storage format stability
Save tests are for forward compatibility: import a key in the current format
and check that it has the expected storage format so that future versions
will still be able to read it.

Read tests are for backward compatibility: read a key in the format of a
past version (injected into storage) and check that this version can use it.
Exercise the key unless it is meant to test metadata storage only.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-03-10 23:22:35 +01:00
David Brown cc2f869055 Fix generated psa crypto tests
Now that many of these are implemented, update the generated list to
test them.

Signed-off-by: David Brown <david.brown@linaro.org>
2021-03-10 13:19:50 -07:00
David Brown dcdde59c6f tests: psa: Change Elliptic curve defines to PSA names
Now that PSA crypto config supports the new PSA_WANT_ECC_xxx defines,
change the psa-specific test suites to use these new names.

Signed-off-by: David Brown <david.brown@linaro.org>
2021-03-10 13:19:45 -07:00
Paul Elliott dd9e8f6dd0 Fix potential buffer overflow in printf
Printf could potentially produce 2 64 bit numbers here when there is
only space for one, thus causing a buffer overflow. This was caught by
the new warning flags.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-03-10 17:00:32 +00:00
Manuel Pégourié-Gonnard 17605f072b
Merge pull request #4151 from ronald-cron-arm/psa-sign_verify-hash
PSA sign and verify hash rework
2021-03-10 10:08:50 +01:00
Dave Rodgman bfe754947c Bump version to 2.26.0
Executed ./scripts/bump_version.sh --version 2.26.0

Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2021-03-09 16:09:18 +00:00
Dave Rodgman 5cce6a24d0 Merge branch 'development-restricted' into mbedtls-2.26.0-rc 2021-03-08 17:01:24 +00:00
Gilles Peskine e252868be4
Merge pull request #4067 from stevew817/feature/allow_multilength_aead
Add support for key policies (MAC & AEAD)
2021-03-08 15:04:17 +01:00
Ronald Cron bb9cbc7a23 psa: ecdsa: Prefer NOT_SUPPORTED error code
When ECDSA is not supported by the library, prefer
to return NOT_SUPPORTED than INVALID_ARGUMENT when
asked for an ECDSA signature.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-03-04 17:43:31 +01:00
Paul Elliott 3c973f4d32 Fix misnamed base64 test
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-03-04 14:23:03 +00:00
Ronald Cron 9103d490e8 psa: ecdsa: Rework deterministic support check
Move the check that ECDSA is supported from the
caller of the function responsible for Mbed TLS
ECDSA signatures to this function, namely
mbedtls_psa_ecdsa_sign_hash().

This makes the caller code more readable and is
more aligned with what is expected from a
sign_hash() PSA driver entry point.

Add a negative test case where a deterministic
ECDSA signature is requested while the library
does not support deterministic ECDSA.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-03-04 13:32:27 +01:00
Janos Follath d0b0ba8179
Merge pull request #4173 from gilles-peskine-arm/net_poll-fd_setsize-development
Fix stack corruption in mbedtls_net_poll with large file descriptor
2021-03-04 12:16:33 +00:00
Steven Cooreman f9f7fdfe49 Rework MAC algorithm / key type validation
Reworked the validation of MAC algorithm with the used key type by
introducing psa_mac_key_can_do, which guarantees that PSA_MAC_LENGTH can
be called successfully after validation of the algorithm and key type.

This means psa_get_mac_output_length is no longer required.

Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-03-03 19:58:02 +01:00
Steven Cooreman 58c94d39ae Make psa_get_mac_output_length testable and test it
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-03-03 10:37:35 +01:00
Paul Elliott c48cb80b1f Prevent false positive CF Test Failures
Marked dirty memory ends up in the result buffer after encoding (due to
the input having been marked dirty), and then the final comparison
to make sure that we got what we expected was triggering the constant
flow checker.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-03-02 22:48:40 +00:00
Paul Elliott c1a895d897 Add further more rigorous tests for base64
Original author was gilles.peskine@arm.com

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-03-02 22:44:37 +00:00
Steven Cooreman 5ad4bf75e3 Move MAC default length checking into psa_key_policy_permits
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-03-02 21:36:33 +01:00
Steven Cooreman 328f11c50e Language & readability touchups
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-03-02 11:44:51 +01:00
Ronald Cron 2a0278734b
Merge pull request #4148 from stevew817/add_missing_non_12b_gcm_test_skip
Add missing test skip for ALT-implemented GCM (#4010 fix-up)
2021-03-02 09:18:41 +01:00
Steven Cooreman 16a05f5881 Add metadata tests intertwining truncated and at-least-length algos
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-03-01 16:09:24 +01:00
Steven Cooreman a1d8322f74 Fix typos & copy-paste errors
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-03-01 16:09:24 +01:00
Steven Cooreman fb9cb92055 Move wildcard-to-exercisable conversion to exercise_key in test suite
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-03-01 16:09:24 +01:00
Steven Cooreman 7e39f05929 Using a wildcard as a specific algorithm now reports invalid argument
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-03-01 16:03:40 +01:00
Steven Cooreman ae3f13bf5e Add more test cases and fix AT_LEAST_THIS_LENGTH against base algorithm
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-03-01 16:03:40 +01:00
Steven Cooreman a96e2410e7 Test _AT_LEAST_THIS_LENGTH macros in the PSA Crypto metadata test suite
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-03-01 16:03:40 +01:00
Steven Cooreman 2c2efa488b Fix dependency-setting script and test dependencies for new tests
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-03-01 16:03:39 +01:00
Steven Cooreman 5d81481a1c Rename AEAD WITH_MINIMUM_LENGTH to AT_LEAST_THIS_LENGTH
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>

# Conflicts:
#	include/psa/crypto_values.h
#	tests/suites/test_suite_psa_crypto.data
2021-03-01 16:00:31 +01:00
Steven Cooreman caad49316b rename MAC_WITH_MINIMUM_LENGTH_TAG to AT_LEAST_THIS_LENGTH_MAC
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-03-01 16:00:31 +01:00
Steven Cooreman b3ce8156ce Add support for minimum-tag-length AEAD and MAC policies
Includes tests.

Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>

# Conflicts:
#	include/psa/crypto_values.h
#	tests/suites/test_suite_psa_crypto.function
2021-03-01 16:00:31 +01:00
gabor-mezei-arm ceface2247
Add test for ouput buffer size macros
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-03-01 13:57:21 +01:00
Gilles Peskine 574cf7b59f Clarify how a file descriptor could still be more than the limit
It can happen if the file descriptor was opened before lowering the limit.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-03-01 11:43:56 +01:00
Gilles Peskine 97c57fe439 Fix sloppiness around stricly less-than vs less or equal
Fix sloppy wording around stricly less-than vs less or equal in
comments. Also fix an off-by-one error in a comparison which led to
calling setrlimit if the limit was exactly the minimum required for
the test, which was unnecessary but harmless.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-03-01 11:40:56 +01:00