Commit graph

2756 commits

Author SHA1 Message Date
Janos Follath 7973e2b358
Merge pull request #772 from chris-jones-arm/development-restricted
Fix Diffie-Hellman large key size DoS
2020-12-07 09:28:55 +00:00
Chris Jones e64a46f466 Fix exponentiation tests with MBEDTLS_MPI_MAX_BITS larger than 256
Fixes an issue where configs that had `MBEDTLS_MPI_MAX_BITS` greater than 256
but smaller than the test that was running (792 bits) the test would fail
incorrectly.

Signed-off-by: Chris Jones <christopher.jones@arm.com>
2020-12-03 17:48:27 +00:00
Chris Jones 7c430305e3 Move dependancy to specific test cases
Move dependancy on `MBEDTLS_MPI_MAX_BITS` to apply to the specific test cases
which will break when `MBEDTLS_MPI_MAX_BITS` is too small. This re-enables
previous tests that were turned off accidentally.

Signed-off-by: Chris Jones <christopher.jones@arm.com>
2020-12-03 15:22:25 +00:00
Chris Jones 4592bd8982 Fix broken testing on numbers that may be greater than MPI_MAX_SIZE
Previously `mbedtls_mpi_exp_mod` was tested with values that were over
`MBEDTLS_MPI_MAX_SIZE` in size. This is useful to do as some paths are only
taken when the exponent is large enough however, on builds where
`MBEDTLS_MPI_MAX_SIZE` is under the size of these test values.

This fix turns off these tests when `MBEDTLS_MPI_MAX_SIZE` is too small to
safely test (notably this is the case in config-thread.h).

Signed-off-by: Chris Jones <christopher.jones@arm.com>
2020-12-03 14:24:33 +00:00
Chris Jones e146bdcff9 Fix cases where exponentiation was not fully tested
In two test cases, the exponentiation computation was not being fully tested
as when A_bytes (the base) == N_bytes (the modulus) -> A = N. When this is the
case A is reduced to 0 and therefore the result of the computation will always
be 0.

This fixes that issue and therefore increases the test coverage to ensure
different computations are actually being run.

Signed-off-by: Chris Jones <christopher.jones@arm.com>
2020-12-03 11:52:40 +00:00
Chris Jones aa850cdfdc Reword test cases
Reword test cases to be easier to read and understand.
Adds comments to better explain what the test is doing.

Signed-off-by: Chris Jones <christopher.jones@arm.com>
2020-12-03 11:35:41 +00:00
Chris Jones a03f56fe8f Extend exponentiation test coverage
Add two further boundary tests for cases where both the exponent and modulus to
`mbedtls_mpi_exp_mod()` are `MBEDTLS_MPI_MAX_SIZE`, or longer, bytes long.

Signed-off-by: Chris Jones <christopher.jones@arm.com>
2020-12-03 11:20:33 +00:00
Gilles Peskine a282984c3d
Merge pull request #773 from paul-elliott-arm/discrepancy_cert
Add missing tag check to signature check on certificate load
2020-12-03 12:19:39 +01:00
Manuel Pégourié-Gonnard 489c058b52 Merge branch 'development' into development-restricted
* development: (488 commits)
  Fix removal of deprecated PSA constants
  Use GitHub-compatible table formatting
  Remove psa header files in uninstall part
  Change function casting in `ssl_calc_finished_tls_sha384`
  Fix GCC warning in `ssl_calc_finished_tls_sha384`
  Add changelog entry file to `ChangeLog.d`
  Fix GCC warning in `ssl_calc_finished_tls_sha384`
  Fix GCC warning about `test_snprintf`
  Fix mismatched function parameters (prototype/definition)
  Fix build failure on gcc-11
  Copyediting
  Clarifications around key import
  Fix copypasta
  A variable is unused in some configurations
  Rename test_driver_keygen to test_driver_key_management
  Move "internal use" sentence attached to the wrong function
  Added changelog
  Plug in the entry point for public key export through driver
  tests: psa: Reset key attributes where needed
  Improve/fix documentation
  ...
2020-12-03 09:59:42 +01:00
Chris Jones d10b331574 Test that overly large Diffie-Hellman keys are rejected
Adds test cases to ensure that `mbedtls_mpi_exp_mod` will return an error with
an exponent or modulus that is greater than `MBEDTLS_MPI_MAX_SIZE` in size.

Adds test cases to ensure that Diffie-Hellman will fail to make a key pair
(using `mbedtls_dhm_make_public`) when the prime modulus is greater than
`MBEDTLS_MPI_MAX_SIZE` in size.

Signed-off-by: Chris Jones <christopher.jones@arm.com>
2020-12-02 15:25:27 +00:00
Chris Jones 0c5875fd0c Test that overly large Diffie-Hellman keys are rejected
Add a test case to ensure `mbedtls_mpi_exp_mod` fails when using a key size
larger than MBEDTLS_MPI_MAX_SIZE.
Add a test case to ensure that Diffie-Hellman operations fail when using a key
size larger than MBEDTLS_MPI_MAX_SIZE.

Signed-off-by: Chris Jones <christopher.jones@arm.com>
2020-12-02 15:51:39 +00:00
Paul Elliott ca17ebfbc0 Add tag check to cert algorithm check
Add missing tag check for algorithm parameters when comparing the
signature in the description part of the cert against the actual
signature whilst loading a certificate. This was found by a
certificate (created by fuzzing) that openssl would not verify, but
mbedtls would.

Regression test added (one of the client certs modified accordingly)

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2020-11-26 16:34:16 +00:00
Gilles Peskine 3cb1e296a4 Test mbedtls_mpi_fill_random
Positive tests: test that the RNG has the expected size, given that we
know how many leading zeros it has because we know how the function
consumes bytes and when the test RNG produces null bytes.

Negative tests: test that if the RNG is willing to emit less than the
number of wanted bytes, the function fails.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-11-25 17:30:44 +01:00
Rodrigo Dias Correa 80448aae2c Fix GCC warning about test_snprintf
GCC 11 generated the warnings because the parameter `ret_buf`
was declared as `const char[10]`, but some of the arguments
provided in `run_test_snprintf` are shorter literals, like "".

Now the type of `ret_buf` is `const char *`.
Both implementations of `test_snprintf` were fixed.

Signed-off-by: Rodrigo Dias Correa <rodrigo@correas.us>
2020-11-25 01:13:12 -03:00
Gilles Peskine 9aaa3e164a
Merge pull request #3786 from stevew817/feature/generate_pubkey_in_driver
Add export_public_key entry point for drivers
2020-11-23 11:54:53 +01:00
Gilles Peskine c24023649e Rename test_driver_keygen to test_driver_key_management
```
perl -i -pe 's/test_driver_keygen/test_driver_key_management/g' tests/src/drivers/key_management.c tests/suites/test_suite_psa_crypto_driver_wrappers.function
```

Follow-up of c4813a6e80

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-11-22 19:23:27 +01:00
Gilles Peskine 662deb38d6
Merge pull request #3547 from ronald-cron-arm/psa-openless
Openless PSA crypto APIs implementation
2020-11-20 18:48:33 +01:00
Steven Cooreman b9b844220b Plug in the entry point for public key export through driver
Including test.

Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2020-11-20 17:31:24 +01:00
Ronald Cron 3a4f0e3cc4 tests: psa: Reset key attributes where needed
After a call to psa_get_key_attributes() to retrieve
the attributes of a key into a psa_key_attributes_t
structure, a call to psa_reset_key_attributes() is
mandated to free the resources that may be
referenced by the psa_key_attributes_t structure.
Not calling psa_reset_key_attributes() may result in
a memory leak.

When a test function calls psa_get_key_parameters()
the associated key attributes are systematically
reset in the clean-up part of the function with a
comment to emphasize the need for the reset and make
it more visible.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-11-20 13:57:26 +01:00
Ronald Cron 1d12d87d18 Improve/fix documentation
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-11-20 13:57:15 +01:00
Ronald Cron ab79bd27b6 tests: slot mgmt: Improve key_slot_eviction_to_import_new_key test
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-11-19 16:59:40 +01:00
Ronald Cron 9e12f8f425 tests: psa crypto: Fix lifetime_is_secure_element()
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-11-19 16:59:40 +01:00
Ronald Cron 7d54f661d3 Miscellaneous coding style fixes
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-11-13 09:49:01 +01:00
Ronald Cron 19daca9b2e Prefer persistent over permanent
For consistency across the code base, prefer
persistent over permanent to qualify a key
stored in persistent storage.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-11-11 15:12:16 +01:00
Ronald Cron 77c89f5ad6 Fix several typos
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-11-11 15:12:14 +01:00
Ronald Cron a5b894f7e2 psa: mgmt: Add key slot reuse
When looking for an empty key slot to store
the description of a key, if all key slots
are in use, reuse the first encountered
and unaccessed key slot containing the
description of a permanent key.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-11-10 18:19:59 +01:00
Ronald Cron 54b900827b psa: Forbid creation/registration of keys in vendor range
The identifier of keys created/registred should be in
the application range.

This is by spec for key creation.
This may change for registered key.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-11-10 18:19:59 +01:00
Ronald Cron 65f38a3c2e Add key id check when creating a volatile key
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-11-10 18:19:59 +01:00
Ronald Cron d98059d599 psa: Fix tests/handling of lifetime incompatible with location
The lifetime of key attributes now encodes whether a key is
volatile/persistent or not AND its location.
Fix PSA code where the fact that the lifetime encodes
the key location was not taken into account properly.

Fix the impacted tests and add two non regression tests.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-11-10 18:18:15 +01:00
Ronald Cron f1ff9a83fa tests: psa: Use PSA_KEY_LIFETIME_IS_VOLATILE where it should
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-11-10 16:18:07 +01:00
Ronald Cron 390f607f7f Add tests checking owner of volatile keys
When key identifiers encode key owner, add tests
checking that:
. the key owner of an imported volatile key is
  the one specified.
. a key identifier of a volatile key with a valid
  PSA key identifier but the wrong owner is
  rejected.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-11-10 16:18:07 +01:00
Ronald Cron fc9c556127 Forbid volatile key identifiers for non volatile keys
Volatile key identifiers in the vendor range are
reserved to volatile keys thus don't allow them
for persistent keys when creating a key.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-11-10 16:18:07 +01:00
Ronald Cron f67aefed3f tests: slot mgmt: Add psa_purge_key testing
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-11-10 16:18:07 +01:00
Ronald Cron 994b80546c tests: slot mgmt: Fix test data
For persistent keys there were two successive
INVALIDATE_BY_(CLOSING/DESTROYING) identical tests
where the comments of the second test rather
indicated that it should had been an
INVALIDATE_BY_(CLOSING/DESTROYING)_WITH_SHUTDOWN test.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-11-10 16:18:07 +01:00
Ronald Cron e7e86cfa3c tests: slot mgmt: Rename ways of invalidating keys
Rename ways of invalidating keys before introducing
key purging tests because the "CLOSE_BY" prefix doesn't
get on well with the purge operation.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-11-10 16:13:55 +01:00
Ronald Cron 3930997922 tests: slot mgmt: Add purge checks in volatile key lifecycle test
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-11-10 16:00:41 +01:00
Ronald Cron 5425a21fd2 tests: Adapt PSA tests to openless APIs
psa_key_handle_equal() is removed as not used
anymore.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-11-10 16:00:41 +01:00
Ronald Cron e4f6d5c5fe tests: Fix persistent slot lifecycle tests
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-11-10 16:00:41 +01:00
Ronald Cron 4184107d2e tests: Fix checks of volatile key identifier
Volatile keys have now a volatile non-null key
identifier.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-11-10 16:00:41 +01:00
Ronald Cron 432e19c7b2 tests: Fix error codes when using "invalid" handles
As handles are now key identifiers, a handle may be
valid now even if it does not refer to any key
known to the library.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-11-10 16:00:41 +01:00
Ronald Cron 2d52eb2f78 tests: Fix invalid key identifier error code
PSA Crypto API spec defines the error code for
an invalid key identifier as PSA_ERROR_INVALID_HANDLE.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-11-10 16:00:41 +01:00
Ronald Cron c4d1b514ab Define handles as key identifiers
Define psa_key_handle_t to be equal to
mbedtls_svc_key_id_t. Make the handle of a persistent
key be equal to its key identifier. For volatile keys,
make the key handle equal to the volatile key
identifier of the created volatile key.

The unit tests are modified just to make them compile
not to make them run successfully. They are fixed in
the subsequent commits.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-11-10 16:00:41 +01:00
Ronald Cron 47a85614ed Introduce psa_key_handle_equal inline function
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-11-10 16:00:41 +01:00
Ronald Cron c26f8d467a Introduce psa_key_handle_is_null inline function
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-11-10 16:00:41 +01:00
Ronald Cron 91e9515424 Introduce PSA_KEY_HANDLE_INIT macro
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-11-10 16:00:41 +01:00
Gilles Peskine db6e33e12a
Merge pull request #3826 from frestr/test/chachapoly_vector
PSA Crypto: Add zero-length input test vectors for ChaChaPoly
2020-11-03 23:17:00 +01:00
Steven Cooreman c4813a6e80 Rename 'keygen' to 'key management'
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2020-10-29 12:04:31 +01:00
Fredrik Strupe d61ed3c52f PSA Crypto: Add zero-length input test vectors for ChaChaPoly
Signed-off-by: Fredrik Strupe <fredrik.strupe@silabs.com>
2020-10-27 14:11:53 +01:00
Steven Cooreman 0452476eac Implement, plug in and test validate_key driver entry point
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2020-10-26 16:41:37 +01:00
Gilles Peskine 01fc209969
Merge pull request #3748 from torstenes/3740_PSA_key_storage_systematically_store_bits
Changes PSA key storage format to include key bits
2020-10-26 15:33:58 +01:00