Commit graph

5022 commits

Author SHA1 Message Date
Ronald Cron 3522e32132 psa: cipher: Add transparent driver test specific entry points
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-03-26 11:38:40 +01:00
Ronald Cron 7cb9c3d360 psa: cipher: Move to driver operation context application allocation
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-03-26 11:38:40 +01:00
Ronald Cron 6e412a71ee psa: cipher: Pass Mbed TLS implementation its operation ctx
As per drivers, pass to the Mbed TLS implementation of
the cipher multi-part operation its operation context
and not the PSA operation context.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-03-26 11:38:40 +01:00
Ronald Cron 8d310ad2e6 psa: Rework unauthenticated cipher support in transparent test driver
Make use of psa_cipher_xyz_internal() functions to
simplify the transparent test driver code and
extend the algorithms it supports to all algorithms
supported by the MbedTLS library.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-03-26 11:38:40 +01:00
Ronald Cron ac5db4da0e
Merge pull request #4246 from ronald-cron-arm/finalize-psa-config-support
Finalize PSA config support
2021-03-25 18:12:17 +01:00
Ronald Cron 9f97c6ecdf Update PSA crypto test dependencies
Given the PSA_WANT_* config options added lately,
update set_psa_test_dependencies.py and run it
on test_suite_psa_crypto*.data files but the SE
and generated ones.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-03-24 09:26:44 +01:00
Ronald Cron 9838dc2702 tests: Fine tune handling of policy negative tests
Fine tune handling of policy negative tests when
setting automatically PSA crypto unit tests
dependencies.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-03-24 09:18:23 +01:00
Ronald Cron 6ac020d797 tests: Treat PSA_WANT_ECC_* as manual dependencies
For the time being, it is not possible to determine
the size of ECC keys from the arguments of all test
cases thus treat them as dependencies that are not
systematic. Such dependencies are not generated nor
deleted by set_psa_test_dependencies.py.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-03-24 09:03:56 +01:00
Gilles Peskine 0c510f36dd Fix NULL+0 in test code
Fix likely harmless undefined behavior in cipher tests pointed out by
UBSan with recent compilers (e.g. Clang 10). When the complete output
is empty, the output buffer is NULL. Adding an integer to a null
pointer is undefined behavior even when the integer is 0, so make a
special case for that.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-03-24 00:41:51 +01:00
Ronald Cron ee414c7383 Update dependencies in PSA test code
Replace MBEDTLS_* config options for which there is
an associated PSA_WANT_* to the PSA_WANT_* one. That
way the tests are also run when the dependency is
provided by a driver.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-03-23 16:47:46 +01:00
Gilles Peskine defdc3bc53 SECP224K1 is not yet supported via the PSA API
Filed as https://github.com/ARMmbed/mbedtls/issues/3541. In the
meantime, disable the ssl-opt.sh test case that uses it.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-03-23 13:59:58 +01:00
Ronald Cron 63c3dc9395
Merge pull request #4158 from d3zd3z/pr/psa-config-ec
Create PSA configs for ECC curves
2021-03-22 17:35:04 +01:00
Gilles Peskine 01196d0464
Merge pull request #4214 from gilles-peskine-arm/psa-storage-format-test-types
PSA storage format test case generator
2021-03-22 12:16:17 +01:00
Gilles Peskine d08e538fa5
Merge pull request #4157 from stevew817/dispatch_hash_operations
Dispatch hash operations through the driver wrapper layer
2021-03-17 21:50:00 +01:00
Maulik Patel 3240c9d2ec Update tests for other invalid key operations.
Update expected return values of psa_get_key_attributes(),
psa_export_key() and other key api(s) to PSA_ERROR_INVALID_HANDLE
for invalid key.

Signed-off-by: Maulik  Patel <Maulik.Patel@arm.com>
2021-03-17 16:11:05 +00:00
Maulik Patel 02a1750098 Update tests for psa_close_key for invalid key.
Update expected return values of psa_close_key() to
PSA_ERROR_INVALID_HANDLE for invalid key handle operations.

Signed-off-by: Maulik  Patel <Maulik.Patel@arm.com>
2021-03-17 15:05:13 +00:00
Maulik Patel f65ad8ccc1 Update psa_open_key tests for invalid key.
Update expected return values of psa_open_key() to
PSA_ERROR_DOES_NOT_EXIST for invalid key handle operations.

Signed-off-by: Maulik  Patel <Maulik.Patel@arm.com>
2021-03-17 14:55:45 +00:00
Gilles Peskine 0e7b6ebb64 Fix typos in comments
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-03-17 13:46:59 +01:00
TRodziewicz 782a7eab14 ecjpake_zkp_read() now returns ...BAD_INPUT_DATA when r len == 0 and test follows that
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
2021-03-17 11:36:31 +01:00
Gilles Peskine d86bc52d78 Cover encodings of algorithms without parameters
Generate test cases for all algorithms without parameters. Only the encoding
of the algorithm in the key metadata is covered: the test keys are not of a
type that permits the algorithm to be used in an operation.

This commit only covers algorithms without parameters. A subsequent commit
will generate algorithms with parameters.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-03-16 22:29:12 +01:00
David Brown 44bfed596d Update PSA not supported generated data
Update this based on the output of the generator script.  The Brainpool
curves are now supported, since they are spelled properly in the config.

Signed-off-by: David Brown <david.brown@linaro.org>
2021-03-15 15:40:10 -06:00
David Brown 110ea816ca psa: Fix name of BRAINPOOL configs
These should be WANT_ECC_BRAINPOOL_P_... not WANT_ECC_BP_...  Change to
match.

Signed-off-by: David Brown <david.brown@linaro.org>
2021-03-15 15:30:28 -06:00
Steven Cooreman 753f973f87 Use full config during driver testing
Due to the way the test drivers are setup, we require the full setup.

Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-03-15 12:14:40 +01:00
David Brown 85537fa141 psa: ecdsa: Resolve incorrect merge resolution
The commit
    commit dcdde59c6f
    Author: David Brown <david.brown@linaro.org>
    Date:   Tue Feb 23 15:48:13 2021 -0700

        tests: psa: Change Elliptic curve defines to PSA names

when rebased on

    commit bb9cbc7a23
    Author: Ronald Cron <ronald.cron@arm.com>
    Date:   Thu Mar 4 17:09:00 2021 +0100

        psa: ecdsa: Prefer NOT_SUPPORTED error code

had an incorrect merge conflict resolution.  Correct this, allowing the
test "PSA sign: invalid algorithm for ECC key" to pass again.

Signed-off-by: David Brown <david.brown@linaro.org>
2021-03-12 12:21:45 -07:00
Dave Rodgman e483a77c85
Merge pull request #816 from ARMmbed/development
Merge recent commits from development into 2.26.0-rc
2021-03-12 16:55:26 +00:00
Ronald Cron fc86f3f147
Merge pull request #3386 from gabor-mezei-arm/3268_update_macros_for_ouput_buffer_size
Add new support macros for output buffer sizes since PSA API 1.0 beta 3
2021-03-11 13:30:42 +01:00
Gilles Peskine f8223abb16 Cover all key types
Generate test cases for all key types. These test cases cover the key
representation (checked with export) and the encoding of the key type and
the bit-size.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-03-10 23:22:35 +01:00
Gilles Peskine 897dff9527 Code to generate storage format test cases
Start generating storage format test cases. This commit introduces two test
data files: test_suite_psa_crypto_storage_format.v0.data for reading keys in
storage format version 0 (the current version at this time), and
test_suite_psa_crypto_storage_format.current.data for saving keys in the
current format (version 0 at this time).

This commit kicks off the test case generation with test cases to exercise
the encoding of usage flags. Subsequent commits will cover other aspects of
keys.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-03-10 23:22:35 +01:00
Gilles Peskine 00d37d0026 Test code for storage format stability
Save tests are for forward compatibility: import a key in the current format
and check that it has the expected storage format so that future versions
will still be able to read it.

Read tests are for backward compatibility: read a key in the format of a
past version (injected into storage) and check that this version can use it.
Exercise the key unless it is meant to test metadata storage only.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-03-10 23:22:35 +01:00
Gilles Peskine 22fcf1b5f5 Move PSAMacroEnumerator to macro_collector
It's useful for more than test_psa_constant_names.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-03-10 23:22:35 +01:00
Gilles Peskine 10ab267afb Add some type annotations
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-03-10 23:22:35 +01:00
Gilles Peskine 6f7ba5f9c4 Split out PSAMacroEnumerator from the test data collection code
Split out the code that enumerates constructors of a PSA crypto type
from the code used to populate the list of constructors for the
specific purpose of testing psa_constant_names.

This commit adds some documentation but otherwise strives to minimize
code changes.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-03-10 23:22:35 +01:00
Gilles Peskine 3d7783909a Use an iterator when constructing test cases
It's more pythonic, and more importantly more readable.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-03-10 23:22:35 +01:00
Gilles Peskine 0298bdae8d generate_psa_tests.py: allow generating each file independently
Generating all files all the time makes debugging one specific target
harder. So support generating a selection of targets only.

As a bonus, it is now more apparent what files this script generates,
and check-generated-files.sh takes advantage of it.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-03-10 23:22:35 +01:00
Gilles Peskine b94ea51ad0 Break up the god class TestGenerator
Use separate classes for information gathering, for each kind of test
generation (currently just one: not-supported), and for writing output
files.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-03-10 23:22:35 +01:00
David Brown cc2f869055 Fix generated psa crypto tests
Now that many of these are implemented, update the generated list to
test them.

Signed-off-by: David Brown <david.brown@linaro.org>
2021-03-10 13:19:50 -07:00
David Brown dcdde59c6f tests: psa: Change Elliptic curve defines to PSA names
Now that PSA crypto config supports the new PSA_WANT_ECC_xxx defines,
change the psa-specific test suites to use these new names.

Signed-off-by: David Brown <david.brown@linaro.org>
2021-03-10 13:19:45 -07:00
Paul Elliott 9e3256aead Adding printf format warning flags to makefiles
Add printf format warning flags that are supported by GCC 3.0 or later
to the makefiles

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-03-10 17:00:32 +00:00
Paul Elliott dd9e8f6dd0 Fix potential buffer overflow in printf
Printf could potentially produce 2 64 bit numbers here when there is
only space for one, thus causing a buffer overflow. This was caught by
the new warning flags.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-03-10 17:00:32 +00:00
Steven Cooreman d50db945c4 Add hash acceleration driver testing
Test hash algorithm functions when called through a transparent
driver in all.sh test_psa_crypto_config_basic and
test_psa_crypto_drivers components.

Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-03-10 13:03:36 +01:00
Steven Cooreman d029b60770 Move test driver hash function declarations to software driver
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-03-10 13:00:25 +01:00
Steven Cooreman f763810e58 Add test driver for hash operations
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-03-10 13:00:25 +01:00
Manuel Pégourié-Gonnard 17605f072b
Merge pull request #4151 from ronald-cron-arm/psa-sign_verify-hash
PSA sign and verify hash rework
2021-03-10 10:08:50 +01:00
Dave Rodgman bfe754947c Bump version to 2.26.0
Executed ./scripts/bump_version.sh --version 2.26.0

Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2021-03-09 16:09:18 +00:00
Dave Rodgman 5cce6a24d0 Merge branch 'development-restricted' into mbedtls-2.26.0-rc 2021-03-08 17:01:24 +00:00
Gilles Peskine e252868be4
Merge pull request #4067 from stevew817/feature/allow_multilength_aead
Add support for key policies (MAC & AEAD)
2021-03-08 15:04:17 +01:00
Ronald Cron bb9cbc7a23 psa: ecdsa: Prefer NOT_SUPPORTED error code
When ECDSA is not supported by the library, prefer
to return NOT_SUPPORTED than INVALID_ARGUMENT when
asked for an ECDSA signature.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-03-04 17:43:31 +01:00
Paul Elliott 3c973f4d32 Fix misnamed base64 test
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-03-04 14:23:03 +00:00
Ronald Cron 9103d490e8 psa: ecdsa: Rework deterministic support check
Move the check that ECDSA is supported from the
caller of the function responsible for Mbed TLS
ECDSA signatures to this function, namely
mbedtls_psa_ecdsa_sign_hash().

This makes the caller code more readable and is
more aligned with what is expected from a
sign_hash() PSA driver entry point.

Add a negative test case where a deterministic
ECDSA signature is requested while the library
does not support deterministic ECDSA.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-03-04 13:32:27 +01:00
Janos Follath d0b0ba8179
Merge pull request #4173 from gilles-peskine-arm/net_poll-fd_setsize-development
Fix stack corruption in mbedtls_net_poll with large file descriptor
2021-03-04 12:16:33 +00:00
Steven Cooreman f9f7fdfe49 Rework MAC algorithm / key type validation
Reworked the validation of MAC algorithm with the used key type by
introducing psa_mac_key_can_do, which guarantees that PSA_MAC_LENGTH can
be called successfully after validation of the algorithm and key type.

This means psa_get_mac_output_length is no longer required.

Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-03-03 19:58:02 +01:00
Steven Cooreman 58c94d39ae Make psa_get_mac_output_length testable and test it
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-03-03 10:37:35 +01:00
Paul Elliott c48cb80b1f Prevent false positive CF Test Failures
Marked dirty memory ends up in the result buffer after encoding (due to
the input having been marked dirty), and then the final comparison
to make sure that we got what we expected was triggering the constant
flow checker.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-03-02 22:48:40 +00:00
Paul Elliott c1a895d897 Add further more rigorous tests for base64
Original author was gilles.peskine@arm.com

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-03-02 22:44:37 +00:00
Steven Cooreman 5ad4bf75e3 Move MAC default length checking into psa_key_policy_permits
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-03-02 21:36:33 +01:00
Steven Cooreman 328f11c50e Language & readability touchups
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-03-02 11:44:51 +01:00
Ronald Cron 2a0278734b
Merge pull request #4148 from stevew817/add_missing_non_12b_gcm_test_skip
Add missing test skip for ALT-implemented GCM (#4010 fix-up)
2021-03-02 09:18:41 +01:00
Steven Cooreman 16a05f5881 Add metadata tests intertwining truncated and at-least-length algos
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-03-01 16:09:24 +01:00
Steven Cooreman a1d8322f74 Fix typos & copy-paste errors
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-03-01 16:09:24 +01:00
Steven Cooreman fb9cb92055 Move wildcard-to-exercisable conversion to exercise_key in test suite
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-03-01 16:09:24 +01:00
Steven Cooreman 7e39f05929 Using a wildcard as a specific algorithm now reports invalid argument
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-03-01 16:03:40 +01:00
Steven Cooreman ae3f13bf5e Add more test cases and fix AT_LEAST_THIS_LENGTH against base algorithm
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-03-01 16:03:40 +01:00
Steven Cooreman a96e2410e7 Test _AT_LEAST_THIS_LENGTH macros in the PSA Crypto metadata test suite
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-03-01 16:03:40 +01:00
Steven Cooreman 2c2efa488b Fix dependency-setting script and test dependencies for new tests
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-03-01 16:03:39 +01:00
Steven Cooreman 4400c3a44a Add _AT_LEAST_THIS_LENGTH_ macros to PSA constants test
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-03-01 16:03:39 +01:00
Steven Cooreman aaec341c9b Exercise CCM with the right amount of IV bytes in test
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-03-01 16:03:39 +01:00
Steven Cooreman 5d81481a1c Rename AEAD WITH_MINIMUM_LENGTH to AT_LEAST_THIS_LENGTH
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>

# Conflicts:
#	include/psa/crypto_values.h
#	tests/suites/test_suite_psa_crypto.data
2021-03-01 16:00:31 +01:00
Steven Cooreman caad49316b rename MAC_WITH_MINIMUM_LENGTH_TAG to AT_LEAST_THIS_LENGTH_MAC
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-03-01 16:00:31 +01:00
Steven Cooreman b3ce8156ce Add support for minimum-tag-length AEAD and MAC policies
Includes tests.

Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>

# Conflicts:
#	include/psa/crypto_values.h
#	tests/suites/test_suite_psa_crypto.function
2021-03-01 16:00:31 +01:00
gabor-mezei-arm ceface2247
Add test for ouput buffer size macros
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-03-01 13:57:21 +01:00
Gilles Peskine 574cf7b59f Clarify how a file descriptor could still be more than the limit
It can happen if the file descriptor was opened before lowering the limit.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-03-01 11:43:56 +01:00
Gilles Peskine 97c57fe439 Fix sloppiness around stricly less-than vs less or equal
Fix sloppy wording around stricly less-than vs less or equal in
comments. Also fix an off-by-one error in a comparison which led to
calling setrlimit if the limit was exactly the minimum required for
the test, which was unnecessary but harmless.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-03-01 11:40:56 +01:00
Gilles Peskine 6667a78c9b Add test for mbedtls_net_poll beyond FD_SETSIZE
mbedtls_net_poll() and mbedtls_net_recv_timeout() rely on select(),
which represents sets of file descriptors through the fd_set type.
This type cannot hold file descriptors larger than FD_SETSIZE. Make
sure that these functions identify this failure code.

Without a proper range check of the file descriptor in the
mbedtls_net_xxx function, this test fails when running with UBSan:
```
net_poll beyond FD_SETSIZE ........................................ source/library/net_sockets.c:482:9: runtime error: index 16 out of bounds for type '__fd_mask [16]'
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior source/library/net_sockets.c:482:9 in
```
This is a non-regression test for
https://github.com/ARMmbed/mbedtls/issues/4169 .

The implementation of this test is specific to Unix-like platforms.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-02-25 15:56:48 +01:00
Gilles Peskine 1c0e48a2ce New test suite: net
A place to put tests for the net_sockets module (MBEDTLS_NET_C feature).

Start with a context smoke test.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-02-24 18:37:46 +01:00
Paul Elliott 448d54610c First pass at constant flow tests for base64
This contains working CF tests for encode, however I have not yet got
decode to pass the tests.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-02-24 15:32:42 +00:00
Gilles Peskine f29019f9cc Build tests with -Wdocumentation when using Clang
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-02-23 20:36:07 +01:00
Gilles Peskine 5a7702e76d Fix some C function documentation in the test framework
The primary goal of this commit is to fix various comments where
`clang -Wdocumentation` identified a discrepancy between the actual
function parameters and the documented parameters. The discrepancies
were due to copypasta, formatting issues or documentation that had
diverged from the implementation.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-02-23 20:36:07 +01:00
Gilles Peskine c86a16548c Don't use STATIC_ASSERT_EXPR on non-GCC-compatible compilers
ARRAY_LENGTH has a portable but unsafe implementation, and a
non-portable implementation that causes a compile-time error if the
macro is accidentally used on a pointer.

The safety check was only implemented for __GCC__-defining compilers,
but the part that triggered the compile-time error was always used. It
turns out that this part triggers a build warning with MSVC (at least
with some versions: observed with Visual Studio 2013).
```
C:\builds\workspace\mbed-tls-pr-head_PR-4141-head\src\tests\src\psa_crypto_helpers.c(52): error C2220: warning treated as error - no 'object' file generated [C:\builds\workspace\mbed-tls-pr-head_PR-4141-head\src\mbedtls_test.vcxproj]
C:\builds\workspace\mbed-tls-pr-head_PR-4141-head\src\tests\src\psa_crypto_helpers.c(52): warning C4116: unnamed type definition in parentheses [C:\builds\workspace\mbed-tls-pr-head_PR-4141-head\src\mbedtls_test.vcxproj]
```

Since a compile-time error is never triggered when the compile-time
check for the argument type is not implemented, just use the unsafe
macro directly when there's no safety check.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-02-23 20:36:07 +01:00
Gilles Peskine 6b362e6f01 Fix copypasta for the type of a variable
MSVC started (rightfully) complaining after moving the code to a
separate .c file.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-02-23 20:36:07 +01:00
Gilles Peskine 6e0d5bd00d Increment the test step number when invalidating a key
This makes failure messages easier to understand.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-02-23 20:36:07 +01:00
Gilles Peskine 65048ad648 Destroy recorded persistent keys in PSA_DONE()
This ensures that test cases won't leave persistent files behind even
on failure, provided they use TEST_USES_KEY_ID(). Test cases that
don't use this macro are unaffected.

Tests that use PSA_DONE() midway and expect persistent keys to survive
must use PSA_SESSION_DONE() instead.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-02-23 20:36:07 +01:00
Gilles Peskine aae718caca New test helper to purge persistent key from memory
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-02-23 20:36:07 +01:00
Gilles Peskine e09ef87364 Document the newly exported storage cleanup macros and functions
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-02-23 20:36:07 +01:00
Gilles Peskine 313ffb8f90 Move PSA storage cleanup out of the slot_management test suite
Merge the two identical definitions of TEST_USES_KEY_ID and
mbedtls_test_psa_purge_key_storage from
test_suite_psa_crypto_slot_management.function and
test_suite_psa_crypto_se_driver_hal.function into a single copy in
common test code so that it can be used in all test suites.

No semantic change.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-02-23 20:36:07 +01:00
Gilles Peskine b9ad79417d Push back on divergence of duplicated code
Persistent storage common code from
test_suite_psa_crypto_slot_management.function had been duplicated in
test_suite_psa_crypto_se_driver_hal.function and the copy had slightly
diverged. Re-align the copy in preparation from moving the code to a
common module and using that sole copy in both test suites.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-02-23 20:29:38 +01:00
Gilles Peskine e95a643839 Prepare to move persistent storage cleanup to common code
Rename functions to mbedtls_test_xxx and make them non-static if
they're going to be exported.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-02-23 20:29:38 +01:00
Gilles Peskine 2385f71abd Fix and simplify test assertions
mbedtls_test_fail does not copy the failure explanation string, so
passing a string on the stack doesn't work. This fixes a garbage
message that would appear if a test triggered a non-implemented code
path.

More generally, just use TEST_ASSERT instead of explicitly calling
mbedtls_test_fail, since we aren't playing any tricks with the error
location.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-02-23 20:29:38 +01:00
Gilles Peskine cc9db30851 exported_key_sanity_check: make checks slightly more systematic
Shuffle the logic in mbedtls_test_psa_exported_key_sanity_check()
somewhat. The resulting behavior changes are:

* Always check the exported length against PSA_EXPORT_KEY_OUTPUT_SIZE,
  even for unstructured key types.
* Always complain if a key type is not explicitly covered, not just
  for public keys.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-02-23 20:29:38 +01:00
Gilles Peskine 5c2665b164 Use const pointers on parsing functions
The const-ness has to be cast away when calling mbedtls_asn1_xxx
parsing functions. This is a known flaw in the mbedtls API
(https://github.com/ARMmbed/mbedtls/issues/803).

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-02-23 20:29:38 +01:00
Gilles Peskine ad557e58bf exported_key_sanity_check: simplify the logic for public keys
Remove a conditional imbrication level. Get rid of some minor overhead
for ECC public keys dating back from when they had ASN.1 wrapping.

No behavior change.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-02-23 20:29:38 +01:00
Gilles Peskine e50b578218 Document functions and macros that are now exported
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-02-23 20:29:38 +01:00
Gilles Peskine e78b00210a Move exercise_key and related functions to their own module
Move mbedtls_test_psa_exercise_key() (formerly exercise_key()) and
related functions to its own module. Export the few auxiliary
functions that are also called directly.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-02-23 20:29:38 +01:00
Gilles Peskine 8e94efe4ba Move asn1_skip_integer to the asn1_helpers module
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-02-23 20:29:38 +01:00
Gilles Peskine 57948369c4 Create a separate test module for ASN.1 test helper functions
The code will be moved in a subsequent commit.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-02-23 20:29:38 +01:00
Gilles Peskine ea38a926c1 Remove a redundant export step in import_export
exercise_export_key() exports the key and does sanity checks on the
result. Here we've already just exported the key, so just run the
sanity checks.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-02-23 20:29:38 +01:00
Gilles Peskine c18e25f6df Prepare to move exercise_key and friends to their own module
Rename functions to mbedtls_test_psa_xxx if they're going to be
exported. Declare functions as static if they're aren't meant to be
called directly from test code.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-02-23 20:29:38 +01:00
Gilles Peskine 66e7b903ce Create a separate test module for PSA exercise_key
The code will be moved in a subsequent commit.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-02-23 20:29:38 +01:00
Gilles Peskine 2091f3afb7 Fix wrong \file name in Doxygen comments
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-02-23 20:29:38 +01:00
Gilles Peskine 3d979f781e Add init-free tests for entropy
These tests validate that an entropy object can be reused and that
calling mbedtls_entropy_free() twice is ok.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-02-22 21:24:02 +01:00
Gilles Peskine 914afe1fdb Add init-free tests for RSA
These tests are trivial except when compiling with MBEDTLS_THREADING_C
and a mutex implementation that are picky about matching each
mbedtls_mutex_init() with exactly one mbedtls_mutex_free().

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-02-22 19:24:03 +01:00
Gilles Peskine 7aba036154 Add missing cleanup in test function
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-02-22 19:24:03 +01:00
Gilles Peskine 39a1a26d0b Explain the usage of is_valid in pthread mutexes
Document the usage inside the library, and relate it with how it's
additionally used in the test code.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-02-22 19:24:03 +01:00
Gilles Peskine f96d3d8b20 Count and report non-freed mutexes
Subtract the number of calls to mbedtls_mutex_free() from the number
of calls to mbedtls_mutex_init(). A mutex leak will manifest as a
positive result at the end of the test case.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-02-22 19:24:03 +01:00
Gilles Peskine 2a4c598859 Detect and report mutex usage errors
If the mutex usage verification framework is enabled and it detects a
mutex usage error, report this error and mark the test as failed.

This detects most usage errors, but not all cases of using
uninitialized memory (which is impossible in full generality) and not
leaks due to missing free (which will be handled in a subsequent commit).

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-02-22 19:08:14 +01:00
Gilles Peskine 1061ec6782 Mutex usage testing: set up wrapper functions
When using pthread mutexes (MBEDTLS_THREADING_C and
MBEDTLS_THREADING_PTHREAD enabled), and when test hooks are
enabled (MBEDTLS_TEST_HOOKS), set up wrappers around the
mbedtls_mutex_xxx abstraction. In this commit, the wrapper functions
don't do anything yet.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-02-22 19:08:14 +01:00
Gilles Peskine 1f186ff330 Add missing calls to USE_PSA_DONE
Some functions were not deinitializing the PSA subsystem. This could
lead to resource leaks at the level of individual test cases, and
possibly at the level of the whole test suite depending on the order
and selection of test cases.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-02-22 19:08:14 +01:00
Gilles Peskine 9de97e21fe Make {USE_,}PSA_{INIT,DONE} available in all test suites
Make USE_PSA_INIT() and USE_PSA_DONE() available in all test suites in
all cases, doing nothing if MBEDTLS_USE_PSA_CRYPTO is disabled. Use
those in preference to having explicit
defined(MBEDTLS_USE_PSA_CRYPTO) checks (but there may still be places
left where using the new macros would be better).

Also provide PSA_INIT() by symmetry with PSA_DONE(), functional
whenver MBEDTLS_PSA_CRYPTO_C is enabled, but currently unused.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-02-22 19:08:14 +01:00
Dave Rodgman d6ee36ed04
Merge pull request #4110 from gilles-peskine-arm/psa-external-random-in-mbedtls
Expose the PSA RNG in mbedtls
2021-02-22 14:47:29 +00:00
Gilles Peskine bd21b18a1f
Merge pull request #4126 from gilles-peskine-arm/ccm-test-iv-overflow-warning
Silence gcc-10 warning in test_suite_ccm
2021-02-20 00:12:21 +01:00
Ronald Cron 17b3afcc33 tests: psa: Test sign/verify hash by a transparent driver
Test signature and signature verification by a transparent
driver in all.sh test_psa_crypto_config_basic and
test_psa_crypto_drivers components.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-02-18 15:45:12 +01:00
Ronald Cron 8d5645a858 tests: psa driver wrapper: Fix sign/verify unit test dependency
In test_suite_psa_crypto_driver_wrappers test suite, the
sign/verify tests with software fallback tests should be run
only if the software fallback is available.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-02-18 15:45:12 +01:00
Ronald Cron 4993c13cd3 tests: psa: Change test driver default forced return value
Change signature test driver default forced return
value from PSA_ERROR_NOT_SUPPORTED to PSA_SUCCESS to
be able to run the PSA unit tests with hash signature
and signature verification being handled by the
transparent test driver.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-02-18 15:45:12 +01:00
Ronald Cron b5399a8346 psa: Rework ECDSA sign/verify support in the transparent test driver
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-02-18 15:45:12 +01:00
Ronald Cron d2fb85479a psa: Add RSA sign/verify hash support to the transparent test driver
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-02-18 15:45:06 +01:00
Gilles Peskine f68a9cf1e7 Fix test code under MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-02-17 14:58:29 +01:00
Gilles Peskine 0d241eda69 Remove trailing comma which is only supported since Python 3.6
It's a syntax error in Python 3.5 and we run that in our CI.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-02-17 14:58:29 +01:00
Gilles Peskine 79f2166c22 Fix test suite declarations for cmake
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-02-17 14:58:29 +01:00
Gilles Peskine d169d60319 Skip dependency symbols that are not implemented
A temporary hack: at the time of writing, not all dependency symbols
are implemented yet. Skip test cases for which the dependency symbols are
not available. Once all dependency symbols are available, this comit
should be reverted.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-02-17 14:58:29 +01:00
Gilles Peskine 60b29fea46 Define WANT symbols for always-supported key types
PSA_KEY_TYPE_RAW_DATA and PSA_KEY_TYPE_DERIVE are always supported.
Make this explicit by declaring PSA_WANT_KEY_TYPE_RAW_DATA and
PSA_WANT_KEY_TYPE_DERIVE unconditionally. This makes it easier to
infer dependencies in a systematic way.

Don't generate not-supported test cases for those key types. They
would always be skipped, which is noise and would make it impossible
to eventually validate that all test cases pass in at least one
configuration over the whole CI.

Don't remove the exception in set_psa_test_dependencies.py for now, to
get less noise in dependencies. This may be revised later if it is
deemed more important to be systematic.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-02-17 14:50:52 +01:00
Gilles Peskine 7f756876b9 Append the key size to ECC curve dependencies
ECC curve dependency symbols include the key size in addition to the
curve family. Tweak the dependencies once the key size is known.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-02-17 14:50:17 +01:00
Gilles Peskine 342cc7c475 Declare the new (automatically generated) test data file
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-02-17 14:50:17 +01:00
Gilles Peskine 7d112ae04c Check in test_suite_psa_crypto_not_supported.generated.data
This test data file is automatically generated. We could do that as
part of the build, since the only requirement is Python and we have a
requirement on Python to build tests anyway (to generate the .c file
from the .function file). However, committing the generating file into
the repository has less impact on build scripts, and will be necessary
for some of the files generated by generate_psa_tests.py (at least the
storage format stability tests, for which stability is guaranteed by
the fact that the generated file doesn't change). To keep things
simple, for now, let's commit all the files generated by
generate_psa_tests.py into the repository.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-02-17 14:50:17 +01:00
Gilles Peskine af1728442d Generate not-supported test cases: ECC key types
Add support for ECC key types to the generation of not-supported test
cases in generate_psa_tests.py. For each curve, generate test cases
both for when ECC isn't supported and for when the curve isn't
supported.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-02-17 14:50:17 +01:00
Gilles Peskine 14e428f921 Generate not-supported test cases automatically: import, generate
For each declared key type, generate test cases for psa_import_key and
psa_generate_key when the corresponding type is not supported.

Some special cases:
* Public keys can never be generated.
* Omit key types that Mbed TLS does not support at all.
* ECC and FFDH, which depend on a curve/group, are not covered yet.

The generated test cases are written to
tests/suites/test_suite_psa_crypto_not_supported.generated.data .

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-02-17 14:50:17 +01:00
Gilles Peskine 0994049614 New framework for generating PSA test cases automatically
This commit creates a script to generate test cases automatically
based on enumerating PSA key types, algorithms and other
classifications of cryptographic mechanisms.

Subsequent commits will implement the generation of test cases.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-02-17 14:50:17 +01:00
Gilles Peskine 069346cdab New test suite for not-supported cases: key creation (import, generate)
To start with, test that key creation fails as intended when the key
type is not supported. This commit only covers psa_import_key and
psa_generate_key. A follow-up will cover psa_key_derivation_output_key.

My primary intent in creating this new test suite is to automatically
generate test cases by enumerating the key types and algorithms that
the library supports. But this commit only adds a few manually written
test cases, to get the ball rolling.

Move the relevant test cases of test_suite_psa_crypto.data that only
depend on generic knowledge about the API. Keep test cases that depend
more closely on the implementation, such as tests of non-supported key
sizes, in test_suite_psa_crypto.data.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-02-17 14:50:17 +01:00
Gilles Peskine cd2d648b00 Explain the "external RNG large" test case
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-02-16 15:46:06 +01:00
Gilles Peskine ddeb8896ff Exclude random_twice tests with MBEDTLS_TEST_NULL_ENTROPY
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-02-16 15:46:06 +01:00
Gilles Peskine 38c12fd48e In external_rng tests, disable the entropy module
The point of having an external RNG is that you can disable all
built-in RNG functionality: both the entropy part and the DRBG part.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-02-16 15:46:06 +01:00
Gilles Peskine 1dc19ffb29 The PSA external RNG does not require MBEDTLS_USE_PSA_CRYPTO
The dependency is on MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG plus
MBEDTLS_PSA_CRYPTO_C. MBEDTLS_USE_PSA_CRYPTO is irrelevant.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-02-16 15:46:06 +01:00
Gilles Peskine 8eb2943705 Support mbedtls_psa_get_random() in SSL test programs
The SSL test programs can now use mbedtls_psa_get_random() rather than
entropy+DRBG as a random generator. This happens if
the configuration option MBEDTLS_USE_PSA_CRYPTO is enabled, or if
MBEDTLS_TEST_USE_PSA_CRYPTO_RNG is set at build time.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-02-16 15:39:48 +01:00
Gilles Peskine e3ed802138 Expose mbedtls_psa_get_random()
Expose whatever RNG the PSA subsystem uses to applications using the
mbedtls_xxx API.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-02-16 15:39:48 +01:00
Dave Rodgman e31fb03310
Merge pull request #4136 from daverodgman/ssl-opt-gnutls-priority
ssl-opt.sh: add --priority=normal to gnutls-serv
2021-02-16 14:37:51 +00:00
Ronald Cron 010d7c72c3
Merge pull request #3744 from ronald-cron-arm/psa-generate-key-internal
Rework psa_generate_key
2021-02-16 13:29:21 +01:00
Gilles Peskine bb86d0c61c
Merge pull request #3995 from stevew817/feature/psa_configurable_static_ram_usage
Allow tweaking PSA_KEY_SLOT_COUNT
2021-02-16 12:52:24 +01:00
Ronald Cron 761905e7a3 tests: psa config: Extend tests to RSA keys
Extend import/export/generate key through a PSA
transparent driver without software fallback
testing to RSA keys.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-02-16 09:07:46 +01:00
Ronald Cron d00f5e188a tests: psa: Remove generate key test case restriction
Now that the support for key generation in the transparent
test driver is at the same level as the support in the
Mbed TLS library, remove the restriction on the generate
key test case that was introduced by the work on key
import and export through the PSA driver interface.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-02-16 09:07:46 +01:00
Ronald Cron f619c68be9 psa: driver wrappers: Add generate key unit test with no fallback
Add a test in test_suite_psa_crypto_driver_wrappers that
when accelerators do not support the generation of a key
and there is no software fallback, the key generation
fails with the PSA_ERROR_NOT_SUPPORTED error code.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-02-16 09:07:46 +01:00
Ronald Cron bbe5cbb0c8 Add ECP transparent test driver generate_key entry point
Add ECP transparent test driver generate_key entry point
and use it in the transparent test driver.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-02-16 09:07:46 +01:00
Ronald Cron 3a9c46b184 Add RSA key generation support to the transparent test driver
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-02-16 09:04:50 +01:00
Steven Cooreman f49478b1ff Add missing test skip for ALT-implemented GCM
Bypass was applied to aead_encrypt and aead_decrypt cases, but not
aead_encrypt_decrypt.

Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-02-15 15:31:16 +01:00
Steven Cooreman 863470a5f9 Rename PSA_KEY_SLOT_COUNT to MBEDTLS_PSA_KEY_SLOT_COUNT
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-02-15 14:26:44 +01:00
Dave Rodgman 0279c2fc70 ssl-opt.sh: add --priority=normal to gnutls
For calls to gnutls-serv and gnutls-cli where --priority is not
specified, explicitly add the default value: --priority=normal. This is
needed for some tests on Ubuntu 20.04 (gnutls 3.6.13).

For example:
./ssl-opt.sh -f "DTLS fragmenting: gnutls.*1.0"
requires this PR to work on Ubuntu 20.04

Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2021-02-15 12:45:43 +00:00
Steven Cooreman 70f654a89c Fix a malformed define guard
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-02-15 10:51:43 +01:00
Ronald Cron 5cd00d28bf
Merge pull request #4092 from ronald-cron-arm/psa-crypto-client
Psa crypto client
2021-02-15 10:46:35 +01:00
Ronald Cron 7339335c7d
Merge pull request #3967 from bensze01/psa_macro_rename
PSA: Rename AEAD tag length macros
2021-02-12 16:33:21 +01:00
Manuel Pégourié-Gonnard 97ce71daca
Merge pull request #4109 from gilles-peskine-arm/ssl-opt-server-failure-development
ssl-opt.sh: if the server fails, do treat it as a test failure
2021-02-12 12:15:50 +01:00
Manuel Pégourié-Gonnard b2024ef3bb
Merge pull request #4129 from chris-jones-arm/move-test-macros
Move test macros to macros.h
2021-02-12 10:17:28 +01:00
Bence Szépkúti a63b20d28b Rename AEAD tag length macros
This brings them in line with PSA Crypto API 1.0.0

PSA_ALG_AEAD_WITH_DEFAULT_TAG_LENGTH -> PSA_ALG_AEAD_WITH_DEFAULT_LENGTH_TAG
PSA_ALG_AEAD_WITH_TAG_LENGTH         -> PSA_ALG_AEAD_WITH_SHORTENED_TAG

Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2021-02-11 11:39:31 +01:00
Steven Cooreman 1e9c042085 Minor fixup of SKIP_IF test macro documentation verbiage
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-02-10 17:02:05 +01:00
Ronald Cron 28a45ed8db tests: psa: Add macros to skip a test case
Add macros to skip a test case when hitting a
common alternative implementation limitation.

Add a macro for AES-192 and GCM with a nonce
length different from 12 bytes.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-02-10 16:07:21 +01:00
Steven Cooreman 50f1f5e119 Use PSA_ALG_ macros to inspect AEAD base algorithm
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-02-10 15:34:52 +01:00
Steven Cooreman 2f09913aeb Set default IV for AES-GCM to 12 bytes
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-02-10 15:34:52 +01:00
Steven Cooreman 82645b153d Allow skipping vectors w/ non-12-byte IV AES-GCM on ALT
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-02-10 15:34:52 +01:00
Steven Cooreman d588ea1704 Allow skipping AES-192 for alternative implementations in PSA test suite
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-02-10 15:34:52 +01:00
Steven Cooreman 7c9e7da8d4 Add CAVS14.0 AES-GCM vectors to test more IV, tag and key lengths
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-02-10 15:34:52 +01:00
Gilles Peskine aaf866edd2 ssl-opt.sh: Only check the server exit for Mbed TLS
We care about the exit code of our server, for example if it's
reporting a memory leak after having otherwise executed correctly.

We don't care about the exit code of the servers we're using for
interoperability testing (openssl s_server, gnutls-serv). We assume
that they're working correctly anyway, and they return 1 (gnutls-serv)
or die by the signal handle the signal (openssl) when killed by a
signal.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-02-09 21:01:33 +01:00
Ronald Cron 395889f9b7 psa: Make sure MBEDTLS_PSA_CRYPTO_CLIENT is defined
Make sure MBEDTLS_PSA_CRYPTO_CLIENT is defined
when MBEDTLS_PSA_CRYPTO_C is defined and guard
PSA client code only with MBEDTLS_PSA_CRYPTO_CLIENT.

The definition of MBEDTLS_PSA_CRYPTO_CLIENT is done
in crypto_types.h before the definition of
psa_key_attributes_t. That way as PSA crypto client
code is related to key attributes we can be quite
confident that MBEDTLS_PSA_CRYPTO_CLIENT will be
defined when needed.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-02-09 15:36:08 +01:00
Gilles Peskine a0b4decff0
Merge pull request #4072 from gilles-peskine-arm/psa_import_ecc_key-not_supported
ECC import: more useful choice of INVALID_ARGUMENT vs NOT_SUPPORTED
2021-02-09 15:16:20 +01:00
Chris Jones a6d155fb47 Move test macros to macros.h
Move test macros previously located in `suites/helpers.function` to
`include/test/macros.h`. This makes these test infrastructure macros
available for use in other parts of the test infrastructure at compile
time as opposed to run time.

This commit is a simple cut and paste from one file to the other.

Signed-off-by: Chris Jones <christopher.jones@arm.com>
2021-02-09 12:09:33 +00:00
Gilles Peskine b168c0d2e6 More robust code to set the IV
Check that the source address and the frame counter have the expected
length. Otherwise, if the test data was invalid, the test code could
build nonsensical inputs, potentially overflowing the iv buffer.

The primary benefit of this change is that it also silences a warning
from compiling with `gcc-10 -O3` (observed with GCC 10.2.0 on
Linux/amd64). GCC unrolled the loops and complained about a buffer
overflow with warnings like:
```
suites/test_suite_ccm.function: In function 'test_mbedtls_ccm_star_auth_decrypt':
suites/test_suite_ccm.function:271:15: error: writing 1 byte into a region of size 0 [-Werror=stringop-overflow=]
  271 |         iv[i] = source_address->x[i];
      |         ~~~~~~^~~~~~~~~~~~~~~~~~~~~~
suites/test_suite_ccm.function:254:19: note: at offset [13, 14] to object 'iv' with size 13 declared here
  254 |     unsigned char iv[13];
```
Just using memcpy instead of loops bypasses this warnings. The added
checks are a bonus.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-02-09 12:00:13 +01:00
Gilles Peskine 5d332f0274
Merge pull request #4105 from paul-elliott-arm/fix_test_leak
Fix for memory leak in ssl tests
2021-02-09 10:03:49 +01:00
Gilles Peskine 9189202156 Remove trail check in the generate_random test
The test function generate_random allocated a few extra bytes after
the expected output and checked that these extra bytes were not
overwritten. Memory sanity checks such as AddressSanitizer and
Valgrind already detect this kind of buffer overflow, so having this
test in our code was actually redundant. Remove it.

This has the benefit of not triggering a build error with GCC
(observed with 7.5.0 and 9.3.0) when ASan+UBSan is enabled: with the
previous code using trail, GCC complained about an excessively large
value passed to calloc(), which was (size_t)(-sizeof(trail)).
Thus this commit fixes #4122.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-02-08 19:50:26 +01:00
Gilles Peskine 2fa6b5f503 ECC import: more useful choice of INVALID_ARGUMENT vs NOT_SUPPORTED
Attempting to create an ECC key with a curve specification that is not
valid can plausibly fail with PSA_ERROR_INVALID_ARGUMENT ("this is not
a curve specification at all") or PSA_ERROR_NOT_SUPPORTED ("this may
be a curve specification, but not one I support"). The choice of error
is somewhat subjective.

Before this commit, due to happenstance in the implementation, an
attempt to use a curve that is declared in the PSA API but not
implemented in Mbed TLS returned PSA_ERROR_INVALID_ARGUMENT, whereas
an attempt to use a curve that Mbed TLS supports but for which support
was disabled at compile-time returned PSA_ERROR_NOT_SUPPORTED. This
inconsistency made it difficult to write negative tests that could
work whether the curve is implemented via Mbed TLS code or via a
driver.

After this commit, any attempt to use parameters that are not
recognized fails with NOT_SUPPORTED, whether a curve with the
specified size might plausibly exist or not, because "might plausibly
exist" is not something Mbed TLS can determine.

To keep returning INVALID_ARGUMENT when importing an ECC key with an
explicit "bits" attribute that is inconsistent with the size of the
key material, this commit changes the way mbedtls_ecc_group_of_psa()
works: it now works on a size in bits rather than bytes, with an extra
flag indicating whether the bit-size must be exact or not.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-02-08 18:43:26 +01:00
Gilles Peskine d945871c55
Merge pull request #3872 from gabor-mezei-arm/3275_use_PSA_ERROR_DATA_INVALID_where_warranted
Use PSA_ERROR_DATA_INVALID where warranted
2021-02-03 20:54:46 +01:00
Ronald Cron 540320bf7b
Merge pull request #4054 from chris-jones-arm/move-testing-functions
Move test infrastructure from `tests/suites/helpers.function` into `tests/src/helpers.c`
2021-02-03 19:01:54 +01:00
Gilles Peskine 077599ad85 New test suite for random generation
Test random generation as a whole. This is different from
test_suite_*_drbg and test_suite_entropy, which respectively test PRNG
modules and entropy collection.

Start with basic tests: good-case tests, and do it twice and compare
the results to validate that entropy collection doesn't repeat itself.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-02-03 18:55:39 +01:00
Gilles Peskine 7f919de1ce ssl-opt.sh: if the server fails, do treat it as a test failure
This used to be the case a long time ago but was accidentally broken.

Fix <github:nogrep> #4103 for ssl-opt.sh.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-02-03 18:09:33 +01:00
Paul Elliott c7b53747f7 Fix for memory leak in ssl tests
Fix for leaked buffers on error case in build_transforms() in
test_suite_ssl.function

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-02-03 16:15:05 +00:00
Chris Jones 39ddb0a2e1 Improve test infrastructure documentation
Clarify the function descriptions for several test infrastructure functions.

Signed-off-by: Chris Jones <christopher.jones@arm.com>
2021-02-03 16:15:00 +00:00
Gilles Peskine 2747d7dc60 Duplicate no-DRBG tests: with and without MBEDTLS_USE_PSA_CRYPTO
Whether MBEDTLS_USE_PSA_CRYPTO is enabled makes a significant
difference with respect to how random generators are used (and, for
no-HMAC_DRBG, how ECDSA signature is dispatched), so test both with
and without it.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-02-03 15:50:46 +01:00
Steven Cooreman 10ec7804c5 Remove HAVE_RAM_AVAILABLE for derive_full and derive_output tests
Both tests do not require a lot of RAM, even though it may seem
like it at first sight. The derivation output is generated blockwise
from the KDF function, which only keeps state amounting to a couple
of blocks of the underlying hash primitive at a time.
There is never an allocation to keep the full derivation capacity in
memory...

Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-02-03 15:21:04 +01:00
Steven Cooreman 83fdb70550 Convert 'large key' testing to accept insufficient memory errors
Since the tested service may run in a different context with a different heap.

Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-02-03 15:21:01 +01:00
Steven Cooreman 69967ce17e Get rid of half-baked HAVE_RAM_128K in favor of dynamic heap checking
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-02-03 15:19:20 +01:00
Ronald Cron 00c3e87422
Merge pull request #3933 from ronald-cron-arm/psa-import-export
Psa import export
2021-02-03 15:02:01 +01:00
Chris Jones 567e0ad8f1 Add documentation and minor style changes
Add doxygen style documentation to `mbedtls_test_fail`, `mbedtls_test_skip`,
`mbedtls_test_set_step` and `mbedtls_test_info_reset`. This should make it
easier to understand how the test infrastructure is used.

Also make some minor style changes to meet the coding standards and make it
more obvious that `mbedtls_test_info.step` was being incremented.

Signed-off-by: Chris Jones <christopher.jones@arm.com>
2021-02-03 12:07:01 +00:00
Chris Jones a5ab765832 Remove direct writing to test_info from *.function
Add a new function `mbedtls_test_info_reset()` to remove direct writes to
`mbedtls_test_info`. This change still allows values to be read directly
however all writes are now done inside of `helpers.c`.

Also slightly reordered code to make it easier to read.

Signed-off-by: Chris Jones <christopher.jones@arm.com>
2021-02-02 16:20:45 +00:00
Janos Follath bbd2bfb666
Merge pull request #4096 from gilles-peskine-arm/mpi_sub_abs-buffer_overflow-development
Fix buffer overflow in mbedtls_mpi_sub_abs negative case
2021-02-02 13:10:31 +00:00
Ronald Cron 1e87d5ba1d tests: psa: Fix export related tests
Fix some export related tests that were
relying on the fact that the size of the
output buffer was checked after other
parameters.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-02-02 11:49:08 +01:00
Ronald Cron 80eaa93b59 tests: psa: Reactivate and expand key management through test driver
The compilation guards in key_management.c are now
accelerator compilation guards (MBEDTLS_PSA_ACCEL_KEY_TYPE_xyz).

As a consequence when running the PSA driver wrapper
tests as part of test_psa_crypto_config_basic
and test_psa_crypto_drivers all.sh components all
key management cryptographic operations were handled by
the software builtin fallback, and not by the test driver
as intended in the first place.

This commits fixes this issue by:
. declaring an accelerator for ECC key pairs in
  test_psa_crypto_config_basic.
. declaring an accelerator for both ECC and RSA
  key pairs in test_psa_crypto_drivers.

It is possible to declare an accelerator for both
ECC and RSA key pairs in test_psa_crypto_drivers
and not in test_psa_crypto_config_basic because
in the case of test_psa_crypto_drivers the new
PSA configuration is not activated. That way,
the builtin fallback software implementation
is present to supply the transparent test driver
when some support is missing in it (mainly
RSA key generation).

Note that the declaration of accelerators does
much more than just "fixing" the execution flow of
driver wrapper tests, it makes all import and public
key export cryptographic operations in all unit
tests being handled by the transparent test driver
(provided that it supports the key type).

One test case related to key generation is
partially disabled. This will be fixed with the
rework of psa_generate_key along the lines
described in psa-crypto-implementation-structure.md.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-02-02 11:38:50 +01:00
Ronald Cron c9066e4488 psa: driver wrapper: Fix generate key unit test dependency
In test_suite_psa_crypto_driver_wrappers test suite, the
generate key with software fallback test should be run
only if the software fallback is available.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-02-02 11:29:08 +01:00
Ronald Cron 84a3fa10c4 tests: psa: Change key management test driver default forced return value
Change key management test driver default forced
return value from PSA_ERROR_NOT_SUPPORTED to
PSA_SUCCESS to be able to run the PSA unit tests
with the cryptographic key management operations
being handled by the transparent test driver.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-02-02 11:29:08 +01:00
Ronald Cron 784fb326ae psa: Add ECP/RSA transparent test driver import_key entry point
Add ECP/RSA transparent test driver import_key
entry point and use it in the transparent test
driver entry supporting both ECP and RSA.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-02-02 11:29:08 +01:00
Ronald Cron f1057d3589 psa: Add ECP/RSA transparent test driver export_public_key entry point
Add ECP/RSA transparent test driver export_public_key
entry point and use it in the transparent test driver
supporting both ECP and RSA.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-02-02 11:29:08 +01:00
Ronald Cron 672279829a psa: Call export software implementation as a driver
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-02-02 11:29:08 +01:00
Ronald Cron 8328287956 psa: Move from validate_key to import_key entry point
In the course of the development of the PSA unified
driver interface, the validate_key entry point for
opaque drivers has been removed and replaced by an
import_key entry point. This commit takes into account
this change of specification.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-02-02 11:29:07 +01:00
Gilles Peskine 43e89e1b15 Add mpi_sub_abs negative tests with a larger-in-size second operand
Add test cases for mbedtls_mpi_sub_abs() where the second operand has
more limbs than the first operand (which, if the extra limbs are not
all zero, implies that the function returns
MBEDTLS_ERR_MPI_NEGATIVE_VALUE).

This exposes a buffer overflow (reported in #4042).

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-02-01 17:28:03 +01:00
Gilles Peskine 612ffd2aa1 Fix copypasta in conditional directive in cipher_setup
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-02-01 13:22:38 +01:00
Gilles Peskine 80a970806f No dependencies for storage format tests
Storage format tests that only look at how the file is structured and
don't care about the format of the key material don't depend on any
cryptographic mechanisms.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-02-01 13:22:38 +01:00
Gilles Peskine b51d72f82e Run copy_fail even when the target policy is unsupported
The negative test cases for psa_copy_key() don't actually care whether
the target policy is supported. This is similar to _key_policy tests.
Add a similar rule.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-02-01 13:22:38 +01:00
Gilles Peskine fa37961413 Rename OMITTED_SYSTEMATIC_DEPENDENCIES
It isn't a set of dependencies, it's a set of symbols. So give it a
name that describes the symbol rather than a name that pretends it's a
collection of dependencies.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-02-01 13:22:38 +01:00
Gilles Peskine 0794572f96 More precise recognition of key policy negative tests
The test function asymmetric_signature_key_policy combines positive
and negative tests inside the code, so it doesn't take a status as its
last argument.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-02-01 13:22:38 +01:00
Gilles Peskine d6dc40cae1 Update hash dependencies in PSA test code
Switch dependencies on MBEDTLS_xxx to PSA_WANT_xxx for hash
algorithms.

Add a missing dependency in bad_order functions (it was previously
expressed in the .data file, but this is no longer the case when
dependencies in the .data file are determined automatically).

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-02-01 13:22:38 +01:00
Gilles Peskine 8405b5f60d Change PSA crypto test dependencies to PSA_WANT_xxx
Replace manually written dependencies on MBEDTLS_xxx with
PSA_WANT_xxx dependencies that are determined automatically from the
test data.

Run tests/scripts/set_psa_test_dependencies.py on
tests/suites/test_suite_psa_crypto*.data,
except for the dynamic secure element tests in
tests/suites/test_suite_psa_crypto_se_driver_hal*.data.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-02-01 13:21:40 +01:00
Gilles Peskine a87e178553 If there are no arguments, don't update the file content
This avoids having to bother with edge cases of the .data syntax.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-02-01 13:19:26 +01:00
Gilles Peskine 72d8e0ad04 Key policy negative tests don't actually require the algorithm
It doesn't make much difference in practice, but to keep closer to
what the current code does, run negative key policy tests even if the
algorithm for the operation attempt is not supported.

In particular, this allows the following test cases to run:
* "PSA key policy: agreement + KDF, wrong agreement algorithm"
* "PSA key policy: raw agreement, wrong algorithm"
Without this exception, those two test cases would never run, because
they would depend on PSA_ALG_WANT_FFDH. Since FFDH is not implemented
yet, it isn't enabled in any configuration. There's no alternative to
FFDH for these particular test cases because ECDH is the only key
agreement that is implemented in Mbed TLS so far.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-02-01 13:19:26 +01:00
Gilles Peskine 20987b9a46 Detect test cases that require something not to be supported
PSA_xxx_CATEGORY_yyy is used in metadata tests where it doesn't
involve any particular support, and elsewhere it's used as a value
that is definitely not supported but is in a plausible range. Such
symbols do not require any dependency.

If a test case is expects PSA_ERROR_NOT_SUPPORTED, its
dependencies (often including one negative dependency) cannot be
determined automatically, so leave that test case alone.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-02-01 13:19:26 +01:00
Gilles Peskine f032fa9d94 Special handling for some always-on or alias symbols
Some symbols don't require a dependency symbol:

* Modifiers such as truncated MAC
* Always-on features such as the raw data key type
* Aliases or special values such as RSA PKCS#1v1.5 raw

I'm not convinced that all of these warrant special handling in the
script, rather than having the expected symbol defined somewhere. But
for now I prefer to minimize changes to the header files.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-02-01 13:19:26 +01:00
Gilles Peskine 81dec0047f Remove classic crypto dependencies
Don't remove cipher-related dependencies because the corresponding
PSA_WANT_xxx dependencies are not implemented yet.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-02-01 13:19:26 +01:00
Gilles Peskine e4f539caf9 Don't add cipher-related PSA_WANT_xxx because they aren't implemented yet
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-02-01 13:19:26 +01:00