Commit graph

14500 commits

Author SHA1 Message Date
Gilles Peskine 3aa5a6414e Fix a test dependency
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-01-06 20:06:36 +01:00
Gilles Peskine dbf6896c82 mbedtls_to_psa_error: prefer dispatching on the low-level error
When an Mbed TLS error code combines a low-level error and a
high-level error, the low-level error is usually closer to the root
cause (for example HW_ACCEL_FAILED or ENTROPY_SOURCE_FAILED is more
informative than RSA_PRIVATE_FAILED). So prioritize the low-level code
when converting to a PSA error code, rather than the high-level code
as was (rather arbitrarily) done before.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-01-06 20:04:23 +01:00
Gilles Peskine 1631514b8e Add missing dependencies on key types
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-01-06 18:22:40 +01:00
Gilles Peskine ba0c1ffb72 Depend on the built-in implementation when injecting RNG failure
When verifying the impact of a forced RNG failure, depend on the built-in
implementation of the algorithm that uses randomization, whether it's
because the algorithm is randomized or because our implementation uses
randomization for (e.g.) blinding. An external implementation could use
its own randomness source which is not affected by the forced failure of
the RNG driver.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-01-06 18:22:40 +01:00
Gilles Peskine f547ce8daa MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG: negative tests
Under MBEDTLS_ERR_RSA_RNG_FAILED, add tests where the random generator
failed. This commit tests the following operations:

* psa_generate_random()
* psa_generate_key() for a symmetric key
* Deterministic signatures that use blinding (RSA PKCS#1v1.5,
  deterministic ECDSA).
* Randomized signatures (RSA PSS, randomized ECDSA).

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-01-06 18:22:40 +01:00
Gilles Peskine ae3741e8a4 Fix an incorrect error code if RSA private operation glitched
mbedtls_rsa_private() could return the sum of two RSA error codes
instead of a valid error code in some rare circumstances:

* If rsa_prepare_blinding() returned  MBEDTLS_ERR_RSA_RNG_FAILED
  (indicating a misbehaving or misconfigured RNG).
* If the comparison with the public value failed (typically indicating
  a glitch attack).

Make sure not to add two high-level error codes.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-01-06 18:22:40 +01:00
Gilles Peskine 40d8160c8e mbedtls_to_psa_error: fix a copypasta and a missing translation
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-01-06 18:22:40 +01:00
Gilles Peskine 8ae012b603 Generalize test_suite_psa_crypto_entropy
Prepare it for testing aspects of entropy other than
MBEDTLS_PSA_INJECT_ENTROPY.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-01-06 18:21:18 +01:00
Gilles Peskine 76175ba785 Disable the insecure PSA test RNG by default
To reduce the risk of people accidentally using the test
implementation of mbedtls_psa_external_get_random(), which is
insecure, require the user to explicitly call
mbedtls_test_enable_insecure_external_rng() first.

Disabling the test implementation of mbedtls_psa_external_get_random()
will also allow negative testing for MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG,
which will be added in a subsequent commit.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-01-06 18:21:18 +01:00
Gilles Peskine f6be590bf6 Include psa_crypto_helpers.h in helpers.function
Include psa_crypto_helpers.h automatically if MBEDTLS_PSA_CRYPTO_C is
enabled, like helpers.h is included automatically.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-01-06 18:21:18 +01:00
Gilles Peskine 9a4baa1336 Remove unnecessary precautions around #include psa_crypto_helpers.h
psa_crypto_helpers.h no longer defines static functions, so it can be
included anywhere without worrying about unused functions.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-01-06 18:19:17 +01:00
Gilles Peskine d71539fd03 Fix test_psa_collect_statuses: update makefile dependencies
`tests/scripts/all.sh test_psa_collect_statuses` calls
`tests/scripts/psa_collect_statuses.py` which calls
`make -DRECORD_PSA_STATUS_COVERAGE_LOG` which must generate
`include/test/instrument_record_status.h`.
With the refactoring of `psa_crypto_helpers.{h,c}`, this now
needs to be done before building `psa_crypto_helpers.c`.

Also, remove `include/test/instrument_record_status.h` unconditionally
in `make clean`, which helps keep the build tree clean.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-01-06 18:19:17 +01:00
Gilles Peskine d4008d5b38 Refactor PSA test helpers: move function definitions from .h to .c
Move function definitions from psa_crypto_helpers.h to
psa_crypto_helpers.c.

No behavior change.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-01-06 18:19:17 +01:00
Gilles Peskine 1e00565111 Refactor PSA test helpers: don't depend on test_info access
Refactor some PSA test helper functions and macros to avoid depending
on test_info and test_fail inside functions. These identifiers are
only defined in helpers.function, so they're only available in test
suites, and not in test helper modules (tests/src/*.c) which are also
linked into example programs.

This is in preparation for moving function definitions from
psa_crypto_helpers.h to psa_crypto_helpers.c.

No behavior change.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-01-06 18:19:17 +01:00
Gilles Peskine 86cadb37d1 Remove now-redundant test result check
Since 349eadc58f, test_fail() reports
the first failure. So it's safe to call test_fail() again to report a
cleanup failure when we don't want to potentially erase information
about an earlier failure.

The behavior of mbedtls_test_helper_is_psa_pristine() changes if
test_info.result was neither TEST_RESULT_SUCCESS nor
TEST_RESULT_FAILED, but this should not matter since a skipped test
should not cause mbedtls_test_helper_is_psa_pristine() to fail.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-01-06 18:19:17 +01:00
Gilles Peskine ddfd080128 Use mbedtls_test_ prefix on all PSA helper functions
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-01-06 18:19:17 +01:00
Gilles Peskine 1cc6a8ea15 Add --can-pylint and --can-mypy options
With just the option --can-pylint or --can-mypy, check whether the
requisite tool is available with an acceptable version and exit.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-01-06 17:12:18 +01:00
Gilles Peskine b13ed70b32 Check scripts/mbedtls_dev/*.py with pylint
mypy automatically checks the modules when it encounters them as
imports. Don't make it check them twice, because it would complain
about encountering them through different paths (via the command line
as scripts/mbedtls_dev/*.py and via imports as just mbedtls_dev/*.py).

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-01-06 17:12:10 +01:00
Gilles Peskine a51e1dbe76
Merge pull request #3895 from gilles-peskine-arm/psa-external-random
Alternative random generator support for PSA
2021-01-06 17:09:11 +01:00
Gilles Peskine 504c1a361e ssl_test_lib: move common functions and variables
Move from ssl_*2.c to ssl_test_lib.c:
* Functions that have exactly identical definitions in the two
  programs, and that don't reference the global variable opt which
  has a different type in the client and in the server. Also declare
  these functions in ssl_test_lib.h.

Move from ssl_*2.c to ssl_test_common_source.c:
* Functions that have exactly identical definitions in the two
  programs, but access fields of the global variable opt which
  has a different structure type in the client and in the server.
* The array ssl_sig_hashes_for_test, because its type is incomplete.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-01-06 10:25:35 +01:00
Gilles Peskine 7c818d68be ssl_test_lib: move common type definitions
Move from ssl_*2.c to ssl_test_lib.h:
* Types defined identically in both files.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-01-06 10:25:35 +01:00
Gilles Peskine c11eb1fa07 Prepare to merge identical code from ssl_client2.c and ssl_server2.c
Adjust whitespace and comments in code of ssl_client2.c and
ssl_server2.c that was almost identical to make these chunks exactly
identical.

Make the common functions non-static.

This is in preparation for moving the common code to ssl_test_lib.c.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-01-06 10:25:35 +01:00
Gilles Peskine 7f679c7bf4 ssl_test_lib: move declaration of query_config
Move from ssl_*2.c to ssl_test_lib.h:
* The declaration of query_config(). Also document it.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-01-06 10:25:35 +01:00
Gilles Peskine 67638d6828 ssl_test_lib: move common includes
Move from ssl_*2.c to ssl_test_lib.h:
* Include directives for headers included by both programs.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-01-06 10:25:35 +01:00
Gilles Peskine ab7ce96d7b ssl_test_lib: move initial includes and is-it-supported check
Move from ssl_*2.c to ssl_test_lib.h:
* The inclusion of the config header file (identical).
* The fallback definitions of platform functions (almost identical:
  server2 also had snprintf and the order and whitespace was slightly
  different).
* The compilation guards checking that required options are
  enabled (tweaked to make them common, with MBEDTLS_SSL_{CLI,SRV}_C
  separated out).

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-01-06 10:25:35 +01:00
Gilles Peskine 0d980b8be8 ssl_test_common_source.c: new source file for common SSL test code
Create a new source file for code that is shared between ssl_client2.c
and ssl_server2.c, but cannot be compiled separately and instead needs
to be #include'd in each program that uses it.

This is for code that references macros or types that are defined
differently in the two programs.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-01-06 10:25:35 +01:00
Gilles Peskine a3ed34fed6 ssl_test_lib.[hc]: new source file for common SSL test code
Create a new source file for code that is shared between ssl_client2.c
and ssl_server2.c. This commit only creates the file; subsequent
commits will populate it.

Add it to the official build systems (make, cmake, VS).

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-01-06 10:25:35 +01:00
Manuel Pégourié-Gonnard 75fdd0640f
Merge pull request #3973 from stroebeljc/development
Fixed seed variable concatenation pointer.
2021-01-06 10:07:52 +01:00
Gilles Peskine d20a210bbd git: don't ignore fuzz/Makefile
*/Makefile is ignored (because it's created by cmake in in-tree builds).
But fuzz/Makefile is checked into git, so don't ignore it.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-01-05 21:06:11 +01:00
Gilles Peskine f06a54cb18 With make, build query_config.c only once
Build query_config.o then link it, instead of building query_config.c
in each of the four programs that use it.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-01-05 21:06:05 +01:00
stroebeljc 03ee3834a0 Updated change description as suggested by @gilles-peskine-arm.
Signed-off-by: stroebeljc <stroebeljc1@gmail.com>
2021-01-05 11:28:30 -06:00
Gilles Peskine 73d783244f
Merge pull request #3969 from frestr/bugfix/psa_close_key_leak
PSA Crypto: Don't skip key data removal when SE driver is not in use
2021-01-05 16:55:52 +01:00
Gilles Peskine 9c3e060253 Explain the design of mbedtls_psa_get_random better
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-01-05 16:03:55 +01:00
Gilles Peskine 0c59ba88cb Fix the error detection in psa_generate_random
If a call to mbedtls_psa_get_random other than the last one failed,
this went undetected.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-01-05 14:10:59 +01:00
Gilles Peskine cf62f10d3f Clarify interoperability non-requirement
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-01-05 11:49:18 +01:00
stroebeljc e67ba98581 Fixed verb tense in change log.
Signed-off-by: stroebeljc <stroebeljc1@gmail.com>
2021-01-04 18:19:29 -06:00
stroebeljc 2b50d78972 Fixed incorrect change log formatting.
Signed-off-by: stroebeljc <stroebeljc1@gmail.com>
2021-01-04 18:17:35 -06:00
stroebeljc d4de1b5d4e Updated per comments from @gilles-peskine-arm.
Signed-off-by: stroebeljc <stroebeljc1@gmail.com>
2021-01-04 18:14:32 -06:00
Gilles Peskine 71ddab9154 Simplify the chunk loop in psa_generate_random
Make the code slightly more readable and slightly smaller.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-01-04 21:01:07 +01:00
Gilles Peskine 88fa5c463e Minor documentation improvements
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-01-04 21:00:53 +01:00
Manuel Pégourié-Gonnard e9e0388934
Merge pull request #3965 from bensze01/use_after_scope
Fix use-after-scope error in programs/ssl
2020-12-29 15:26:08 +01:00
ENT\stroej1 70f63d0883 Added references to the NIST test data used in the self-test function.
Signed-off-by: ENT\stroej1 <john.stroebel@medtronic.com>
2020-12-28 08:50:23 -06:00
ENT\stroej1 df307002cf Updated self test to use NIST test vectors and produce proper result.
Signed-off-by: ENT\stroej1 <john.stroebel@medtronic.com>
2020-12-26 12:41:04 -06:00
ENT\stroej1 a0deec0509 Extended test vectors to accomodate addition of nonce to test input array and updated results.
Signed-off-by: ENT\stroej1 <john.stroebel@medtronic.com>
2020-12-24 15:26:27 -06:00
ENT\stroej1 6a5f10cdc7 Added ChangeLog entry for related issue.
Signed-off-by: ENT\stroej1 <john.stroebel@medtronic.com>
2020-12-24 12:39:13 -06:00
ENT\stroej1 1446211e5e Update self-test vectors to include nonce and test it as part of reseeding.
Signed-off-by: ENT\stroej1 <john.stroebel@medtronic.com>
2020-12-24 12:24:35 -06:00
ENT\stroej1 4b91986a76 Fixed seed variable concatenation pointer.
Signed-off-by: ENT\stroej1 <john.stroebel@medtronic.com>
2020-12-23 19:23:05 -06:00
Fredrik Strupe 462aa575a4 PSA Crypto: Don't skip key data removal when SE driver is not in use
Closing a wrapped key with the new SE driver interface while
MBEDTLS_PSA_CRYPTO_SE_C is also enabled leads to the key material not
being freed, even though an old SE driver is not in use, leading to a
memory leak. This is because a wrapped key is also considered external.

This commit extends the check for skipping by checking whether an
old-style SE driver is registered with the provided slot, in addition to
checking whether the key is external.

Signed-off-by: Fredrik Strupe <fredrik.strupe@silabs.com>
2020-12-17 11:05:36 +01:00
Ronald Cron 3c537fedfd
Merge pull request #3691 from paul-elliott-arm/fix_cmake
Set CMake Max Version
2020-12-17 09:28:22 +01:00
Bence Szépkúti 0bd9d226bc Add Changelog entry
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2020-12-16 15:02:50 +01:00