Fix a buffer overflow in mbedtls_mpi_sub_abs() when calculating
|A| - |B| where |B| is larger than |A| and has more limbs (so the
function should return MBEDTLS_ERR_MPI_NEGATIVE_VALUE).
Fix#4042
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Add test cases for mbedtls_mpi_sub_abs() where the second operand has
more limbs than the first operand (which, if the extra limbs are not
all zero, implies that the function returns
MBEDTLS_ERR_MPI_NEGATIVE_VALUE).
This exposes a buffer overflow (reported in #4042).
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Storage format tests that only look at how the file is structured and
don't care about the format of the key material don't depend on any
cryptographic mechanisms.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
The negative test cases for psa_copy_key() don't actually care whether
the target policy is supported. This is similar to _key_policy tests.
Add a similar rule.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
It isn't a set of dependencies, it's a set of symbols. So give it a
name that describes the symbol rather than a name that pretends it's a
collection of dependencies.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
The test function asymmetric_signature_key_policy combines positive
and negative tests inside the code, so it doesn't take a status as its
last argument.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Switch dependencies on MBEDTLS_xxx to PSA_WANT_xxx for hash
algorithms.
Add a missing dependency in bad_order functions (it was previously
expressed in the .data file, but this is no longer the case when
dependencies in the .data file are determined automatically).
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Replace manually written dependencies on MBEDTLS_xxx with
PSA_WANT_xxx dependencies that are determined automatically from the
test data.
Run tests/scripts/set_psa_test_dependencies.py on
tests/suites/test_suite_psa_crypto*.data,
except for the dynamic secure element tests in
tests/suites/test_suite_psa_crypto_se_driver_hal*.data.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
It doesn't make much difference in practice, but to keep closer to
what the current code does, run negative key policy tests even if the
algorithm for the operation attempt is not supported.
In particular, this allows the following test cases to run:
* "PSA key policy: agreement + KDF, wrong agreement algorithm"
* "PSA key policy: raw agreement, wrong algorithm"
Without this exception, those two test cases would never run, because
they would depend on PSA_ALG_WANT_FFDH. Since FFDH is not implemented
yet, it isn't enabled in any configuration. There's no alternative to
FFDH for these particular test cases because ECDH is the only key
agreement that is implemented in Mbed TLS so far.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
PSA_xxx_CATEGORY_yyy is used in metadata tests where it doesn't
involve any particular support, and elsewhere it's used as a value
that is definitely not supported but is in a plausible range. Such
symbols do not require any dependency.
If a test case is expects PSA_ERROR_NOT_SUPPORTED, its
dependencies (often including one negative dependency) cannot be
determined automatically, so leave that test case alone.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Some symbols don't require a dependency symbol:
* Modifiers such as truncated MAC
* Always-on features such as the raw data key type
* Aliases or special values such as RSA PKCS#1v1.5 raw
I'm not convinced that all of these warrant special handling in the
script, rather than having the expected symbol defined somewhere. But
for now I prefer to minimize changes to the header files.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Don't remove cipher-related dependencies because the corresponding
PSA_WANT_xxx dependencies are not implemented yet.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Remove any existing PSA_WANT_xxx dependency. Add PSA_WANT_xxx
dependencies based on the PSA_KEY_TYPE_xxx and PSA_ALG_xxx symbols
used in the test case arguments.
PSA_ECC_FAMILY_xxx and PSA_DH_GROUP_xxx are not implemented yet in the
PSA conditional inclusion mechanism in Mbed TLS, so this script
doesn't handle them yet.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Parse the existing dependencies. For now, just write them back.
Subsequent commits will implement the dependency processing that is
the goal of this program.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
This commit only contains a framework to rewrite .data files. No
actual modification of the content is implemented yet.
For now, command line parsing is trivial: just a list of file names,
with no options.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
When using the test function persistent_key_load_key_from_storage with
DERIVE_KEY, there's a dependency on HKDF-SHA-256. Since this
dependency is in the code, declare it there rather than with the data.
If the depenency is not met, mark the test as skipped since it can't
create the key to be tested.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
These implementations don't necessarily consume entropy the same way the
mbed TLS internal software implementation does, and the 'reference
handshake' test vectors can thus not be applied to an ALT implementation.
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>