Commit graph

2609 commits

Author SHA1 Message Date
Hanno Becker 8295695aca Merge branch 'iotssl-2578-psa-sig-verification_CRYPTO' into feature-psa-tls-integration-proposed 2018-11-23 16:00:32 +00:00
Hanno Becker 02f20216bd Merge branch 'psa_cipher_integration_CRYPTO' into feature-psa-tls-integration-proposed 2018-11-23 15:59:26 +00:00
Hanno Becker 6b01a9fa7c Merge branch 'psa_cipher_CRYPTO' into feature-psa-tls-integration-proposed 2018-11-23 15:53:27 +00:00
Hanno Becker e322d3edd5 Merge branch 'opaque_psk_implementation_CRYPTO' into feature-psa-tls-integration-proposed 2018-11-23 15:53:24 +00:00
Hanno Becker a96cc8a9fd Merge branch 'iotssl-2596-opaque-csr-creation_CRYPTO' into feature-psa-tls-integration-proposed 2018-11-23 15:47:22 +00:00
Manuel Pégourié-Gonnard 7b7808cc76 Add tests for ECDSA verify with short r, s values
This is intended to test transcoding the signature to the format expected by
PSA (fixed-length encoding of r, s) when r and s have respectively:
- full length with initial null byte
- full length without initial null byte
- non-full length with initial null byte
- non-full length without initial null byte

The signatures were generated using:

programs/pkey/pk_sign tests/data_files/server5.key foo

where foo is an empty file, and with a variant of one of the following patches
applied:

diff --git a/library/ecdsa.c b/library/ecdsa.c
index abac015cebc6..e4a27b044516 100644
--- a/library/ecdsa.c
+++ b/library/ecdsa.c
@@ -305,7 +305,9 @@ static int ecdsa_sign_restartable( mbedtls_ecp_group *grp,
                 ret = MBEDTLS_ERR_ECP_RANDOM_FAILED;
                 goto cleanup;
             }
+            printf("\ngenerating r...\n");

+gen:
             MBEDTLS_MPI_CHK( mbedtls_ecp_gen_privkey( grp, pk, f_rng, p_rng ) );

 #if defined(MBEDTLS_ECP_RESTARTABLE)
@@ -317,6 +319,11 @@ mul:
             MBEDTLS_MPI_CHK( mbedtls_ecp_mul_restartable( grp, &R, pk, &grp->G,
                                                   f_rng, p_rng, ECDSA_RS_ECP ) );
             MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( pr, &R.X, &grp->N ) );
+
+            size_t bits = mbedtls_mpi_bitlen( pr );
+            printf("%zu ", bits);
+            if( bits != 255 )
+                goto gen;
         }
         while( mbedtls_mpi_cmp_int( pr, 0 ) == 0 );

or:

diff --git a/library/ecdsa.c b/library/ecdsa.c
index abac015cebc6..d704376e0c42 100644
--- a/library/ecdsa.c
+++ b/library/ecdsa.c
@@ -305,7 +305,9 @@ static int ecdsa_sign_restartable( mbedtls_ecp_group *grp,
                 ret = MBEDTLS_ERR_ECP_RANDOM_FAILED;
                 goto cleanup;
             }
+            printf("\ngenerating r...\n");

+gen:
             MBEDTLS_MPI_CHK( mbedtls_ecp_gen_privkey( grp, pk, f_rng, p_rng ) );

 #if defined(MBEDTLS_ECP_RESTARTABLE)
@@ -353,6 +355,11 @@ modn:
         MBEDTLS_MPI_CHK( mbedtls_mpi_inv_mod( s, pk, &grp->N ) );
         MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( s, s, &e ) );
         MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( s, s, &grp->N ) );
+
+            size_t bits = mbedtls_mpi_bitlen( s );
+            printf("%zu ", bits);
+            if( bits != 247 )
+                goto gen;
     }
     while( mbedtls_mpi_cmp_int( s, 0 ) == 0 );

with the value edited manually between each run to get the desired bit length.
2018-11-22 13:37:14 -05:00
Andrzej Kurek 510ee70501 pk_wrap: test if a valid md_alg is passed to ecdsa_verify_wrap
Adjust tests to pass a valid algorithm
2018-11-22 13:37:14 -05:00
Andrzej Kurek d6d07909f2 Remove trailing whitespace 2018-11-22 12:43:53 -05:00
Andrzej Kurek 2f31122585 Cosmetic changes
Adjust whitespaces, reduce test dependencies and reduce buffer size passed by 1.
2018-11-22 12:43:53 -05:00
Andrzej Kurek c3de438b8e Add CSR write testing using opaque keys
Parse and verify CSR programatically instead of using predetermined data,
to not tamper with randomness in tests.
2018-11-22 12:43:53 -05:00
Manuel Pégourié-Gonnard f83d31260d Implement key_opaque option to ssl_client2 2018-11-22 16:41:07 +00:00
Manuel Pégourié-Gonnard e31411a814 Fix test that wasn't actually effective
psa_destroy_key() returns success even if the slot is empty.
2018-11-22 16:39:39 +00:00
Manuel Pégourié-Gonnard 72d94be0de Improve description of a test 2018-11-22 16:39:39 +00:00
Manuel Pégourié-Gonnard 276cb64e6c Align names to use "opaque" only everywhere
It's better for names in the API to describe the "what" (opaque keys) rather
than the "how" (using PSA), at least since we don't intend to have multiple
function doing the same "what" in different ways in the foreseeable future.
2018-11-22 16:39:39 +00:00
Manuel Pégourié-Gonnard 7d51255ca7 Implement pk_sign() for opaque ECDSA keys 2018-11-22 16:39:39 +00:00
Manuel Pégourié-Gonnard 99af2f0dd1 Add tests for unsupported operations/functions 2018-11-22 16:39:39 +00:00
Manuel Pégourié-Gonnard 07b103fe07 Implement can_do for opaque ECC keypairs
Unfortunately the can_do wrapper does not receive the key context as an
argument, so it cannot check psa_get_key_information(). Later we might want to
change our internal structures to fix this, but for now we'll just restrict
opaque PSA keys to be ECDSA keypairs, as this is the only thing we need for
now. It also simplifies testing a bit (no need to test each key type).
2018-11-22 16:39:39 +00:00
Manuel Pégourié-Gonnard 683632b78e Add support for get_(bit)len on opaque keys 2018-11-22 16:39:39 +00:00
Manuel Pégourié-Gonnard 06c631859c Add key generation to opaque test function
While at it, clarify who's responsible for destroying the underlying key. That
can't be us because some keys cannot be destroyed and we wouldn't know. So
let's leave that up to the caller.
2018-11-22 16:39:39 +00:00
Manuel Pégourié-Gonnard 274f521b9a Implement alloc/free wrappers for pk_opaque_psa 2018-11-22 16:39:39 +00:00
Hanno Becker 0110add3d6 Rename PSA test in ssl-opt.sh 2018-11-22 16:38:06 +00:00
Hanno Becker 5b6425a931 Remove superfluous quotes in ssl-opt.sh 2018-11-22 16:38:06 +00:00
Hanno Becker f43177d1d0 Add runs for specific PSA-supported ciphersuites to ssl-opt.sh
So far, make sure we test the following ciphersuites
without any fallback to non-PSA ciphers:

TLS-ECDHE-ECDSA-WITH-AES-128-CCM
TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8
TLS-ECDHE-ECDSA-WITH-AES-256-CCM
TLS-ECDHE-ECDSA-WITH-AES-256-CCM-8
TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256
TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384
TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA
TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256
TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384
2018-11-22 16:38:06 +00:00
Hanno Becker 2dd04907e2 Omit tests from ssl-opt.sh which force a disabled ciphersuite 2018-11-22 16:38:06 +00:00
Hanno Becker 91cb605032 Add missing newline at the end of test_suite_cipher.gcm.data 2018-11-22 16:33:01 +00:00
Hanno Becker e15c71ca72 Test PSA-based GCM cipher operations 2018-11-22 16:33:01 +00:00
Hanno Becker 78115ac478 Adapt existing Cipher-GCM test cases to new param for auth_crypt_tv 2018-11-22 16:33:01 +00:00
Hanno Becker 1ccb1d614d Test PSA-based CCM cipher operations 2018-11-22 16:33:01 +00:00
Hanno Becker 58fc9aab54 Add AES-*-CBC test vectors for PSA-based cipher contexts 2018-11-22 16:33:01 +00:00
Hanno Becker 4ba0901bfc Merge branch 'gcm_through_cipher_api_tests' into gcm_through_cipher_api_tests_tmp 2018-11-22 16:32:30 +00:00
Hanno Becker a6f1d18afe Automatically allocate opaque PSK key slots in ssl_{client/server}2
Previously, command line arguments `psk_slot` and `psk_list_slot`
could be used to indicate the PSA key slots that the example
applications should use to store the PSK(s) provided.

This commit changes this approach to use the utility function
`mbedtls_psa_get_free_key_slot()` to obtain free key slots from
the PSA Crypto implementation automatically, so that users only
need to pass boolean flags `psk_opaque` and `psk_list_opaque`
on the command line to enable / disable PSA-based opaque PSKs.
2018-11-22 16:30:20 +00:00
Hanno Becker 5a1d6da8f8 Add tests to ssl-opt.sh exercising server-side opaque PSK 2018-11-22 16:30:20 +00:00
Hanno Becker f5e56299ea Add tests to ssl-opt.sh exercising client-side opaque PSK 2018-11-22 16:30:20 +00:00
Hanno Becker 12bd57b8c8 Refer to PSA through MBEDTLS_USE_PSA_CRYPTO, not USE_PSA, in all.sh 2018-11-22 16:27:57 +00:00
Hanno Becker eba9993171 Initialize PSA Crypto implementation at the start of each test suite 2018-11-22 16:27:56 +00:00
Manuel Pégourié-Gonnard dde4442581 Add build using PSA to all.sh 2018-11-22 16:27:52 +00:00
Hanno Becker c0c882cd67 Add missing dependencies in test_suite_cipher.gcm 2018-11-22 13:41:53 +00:00
Hanno Becker ef42f22edd Add NIST AES GCM test vectors to single-step cipher API test suite
The test suites `test_suite_gcm.aes{128,192,256}_en.data` contains
numerous NIST test vectors for AES-*-GCM against which the GCM
API mbedtls_gcm_xxx() is tested.

However, one level higher at the cipher API, no tests exist which
exercise mbedtls_cipher_auth_{encrypt/decrypt}() for GCM ciphers,
although test_suite_cipher.function contains the test auth_crypt_tv
which does precisely that and is already used e.g. in
test_suite_cipher.ccm.

This commit replicates the test vectors from
test_suite_gcm.aes{128,192,256}_en.data in test_suite_cipher.gcm.data
and adds a run of auth_crypt_tv for each of them.

The conversion was mainly done through the sed command line

```
s/gcm_decrypt_and_verify:\([^:]*\):\([^:]*\):\([^:]*\):\([^:]*\):
\([^:]*\):\([^:]*\):\([^:]*\):\([^:]*\):\([^:]*\):\([^:]*\)/auth_crypt_tv:
\1:\2:\4:\5:\3:\7:\8:\9/
```
2018-11-22 13:41:07 +00:00
avolinski 0d2c266c06 change MBEDTLS_RANDOM_SEED_ITS define to be PSA_CRYPTO_ITS_RANDOM_SEED_UID 2018-11-21 17:31:07 +02:00
avolinski 13beb100c2 Adjust psa entropy inject tests to take as minimum seed size
the maximum of MBEDTLS_ENTROPY_MIN_PLATFORM and MBEDTLS_ENTROPY_BLOCK_SIZE
2018-11-21 16:24:53 +02:00
avolinski 7cc8229d80 Replace MBED_RANDOM_SEED_ITS_UID with MBEDTLS_RANDOM_SEED_ITS_UID
Update mbedtls_psa_inject_entropy function documentation
2018-11-21 16:24:53 +02:00
avolinski 4d27c94aee Adding testcase for PSA validate entropy injection: bad, too small using MBEDTLS_ENTROPY_MIN_PLATFORM 2018-11-21 16:24:53 +02:00
Netanel Gonen 21f37cbbec Add Tests for psa crypto entropy incjection
Adjust code to handle and work with MBEDTLS_ENTROPY_BLOCK_SIZE definition option
2018-11-21 16:24:52 +02:00
Netanel Gonen 9468bb241c Add Tests for psa crypto entropy incjection 2018-11-21 16:23:41 +02:00
Jaeden Amero 74a04cdd59 Remove exporter script
We no longer need an exporter script as we'll use our existing tooling in
the top level directory for builds and releases.
2018-11-21 12:17:29 +00:00
Jaeden Amero 6b58b2c02a
Merge pull request #92 from ARMmbed/dev/dgreen-arm/import-export-merge
Persistent key import/export
2018-11-21 11:22:53 +00:00
Darryl Green 0c6575a84d psa: Extend psa_generate_key to support persistent lifetimes 2018-11-20 15:40:32 +00:00
Darryl Green d49a499d03 psa: Implement persistent keys
Allow use of persistent keys, including configuring them, importing and
exporting them, and destroying them.

When getting a slot using psa_get_key_slot, there are 3 scenarios that
can occur if the keys lifetime is persistent:

1. Key type is PSA_KEY_TYPE_NONE, no persistent storage entry:
   -  The key slot is treated as a standard empty key slot
2. Key type is PSA_KEY_TYPE_NONE, persistent storage entry exists:
   -  Attempt to load the key from persistent storage
3. Key type is not PSA_KEY_TYPE_NONE:
   -  As checking persistent storage on every use of the key could
      be expensive, the persistent key is assumed to be saved in
      persistent storage, the in-memory key is continued to be used.
2018-11-20 15:40:25 +00:00
Darryl Green db2b8db715 psa: Add storage implementation for files
Add new functions, psa_load_persistent_key(),
psa_free_persistent_key_data(), and psa_save_persistent_key(), for
managing persistent keys. These functions load to or save from our
internal representation of key slots. Serialization is a concern of the
storage backend implementation and doesn't abstraction-leak into the
lifetime management code.

An initial implementation for files is provided. Additional storage
backends can implement this interface for other storage types.
2018-11-20 15:21:22 +00:00
Darryl Green d9eee3b417 Add library as valid header file location
The persistent key implementation will be split across multiple
files as it will eventually be implementing multiple storage
backends. As these internal functions will need to be callable by
other files, we will add the headers in the library folder. This
commit adds this include location to the necessary scripts.

For tests, the library is added as an include location as testing
on-target with Mbed OS is not possible with paths including ".."
2018-11-20 15:21:22 +00:00