Commit graph

411 commits

Author SHA1 Message Date
Gilles Peskine e252868be4
Merge pull request #4067 from stevew817/feature/allow_multilength_aead
Add support for key policies (MAC & AEAD)
2021-03-08 15:04:17 +01:00
Ronald Cron 2a0278734b
Merge pull request #4148 from stevew817/add_missing_non_12b_gcm_test_skip
Add missing test skip for ALT-implemented GCM (#4010 fix-up)
2021-03-02 09:18:41 +01:00
Steven Cooreman fb9cb92055 Move wildcard-to-exercisable conversion to exercise_key in test suite
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-03-01 16:09:24 +01:00
Steven Cooreman b3ce8156ce Add support for minimum-tag-length AEAD and MAC policies
Includes tests.

Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>

# Conflicts:
#	include/psa/crypto_values.h
#	tests/suites/test_suite_psa_crypto.function
2021-03-01 16:00:31 +01:00
Gilles Peskine e78b00210a Move exercise_key and related functions to their own module
Move mbedtls_test_psa_exercise_key() (formerly exercise_key()) and
related functions to its own module. Export the few auxiliary
functions that are also called directly.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-02-23 20:29:38 +01:00
Gilles Peskine 8e94efe4ba Move asn1_skip_integer to the asn1_helpers module
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-02-23 20:29:38 +01:00
Gilles Peskine ea38a926c1 Remove a redundant export step in import_export
exercise_export_key() exports the key and does sanity checks on the
result. Here we've already just exported the key, so just run the
sanity checks.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-02-23 20:29:38 +01:00
Gilles Peskine c18e25f6df Prepare to move exercise_key and friends to their own module
Rename functions to mbedtls_test_psa_xxx if they're going to be
exported. Declare functions as static if they're aren't meant to be
called directly from test code.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-02-23 20:29:38 +01:00
Steven Cooreman f49478b1ff Add missing test skip for ALT-implemented GCM
Bypass was applied to aead_encrypt and aead_decrypt cases, but not
aead_encrypt_decrypt.

Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-02-15 15:31:16 +01:00
Steven Cooreman 70f654a89c Fix a malformed define guard
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-02-15 10:51:43 +01:00
Ronald Cron 5cd00d28bf
Merge pull request #4092 from ronald-cron-arm/psa-crypto-client
Psa crypto client
2021-02-15 10:46:35 +01:00
Bence Szépkúti a63b20d28b Rename AEAD tag length macros
This brings them in line with PSA Crypto API 1.0.0

PSA_ALG_AEAD_WITH_DEFAULT_TAG_LENGTH -> PSA_ALG_AEAD_WITH_DEFAULT_LENGTH_TAG
PSA_ALG_AEAD_WITH_TAG_LENGTH         -> PSA_ALG_AEAD_WITH_SHORTENED_TAG

Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2021-02-11 11:39:31 +01:00
Ronald Cron 28a45ed8db tests: psa: Add macros to skip a test case
Add macros to skip a test case when hitting a
common alternative implementation limitation.

Add a macro for AES-192 and GCM with a nonce
length different from 12 bytes.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-02-10 16:07:21 +01:00
Steven Cooreman 50f1f5e119 Use PSA_ALG_ macros to inspect AEAD base algorithm
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-02-10 15:34:52 +01:00
Steven Cooreman 2f09913aeb Set default IV for AES-GCM to 12 bytes
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-02-10 15:34:52 +01:00
Steven Cooreman 82645b153d Allow skipping vectors w/ non-12-byte IV AES-GCM on ALT
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-02-10 15:34:52 +01:00
Steven Cooreman d588ea1704 Allow skipping AES-192 for alternative implementations in PSA test suite
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-02-10 15:34:52 +01:00
Gilles Peskine 9189202156 Remove trail check in the generate_random test
The test function generate_random allocated a few extra bytes after
the expected output and checked that these extra bytes were not
overwritten. Memory sanity checks such as AddressSanitizer and
Valgrind already detect this kind of buffer overflow, so having this
test in our code was actually redundant. Remove it.

This has the benefit of not triggering a build error with GCC
(observed with 7.5.0 and 9.3.0) when ASan+UBSan is enabled: with the
previous code using trail, GCC complained about an excessively large
value passed to calloc(), which was (size_t)(-sizeof(trail)).
Thus this commit fixes #4122.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-02-08 19:50:26 +01:00
Ronald Cron 540320bf7b
Merge pull request #4054 from chris-jones-arm/move-testing-functions
Move test infrastructure from `tests/suites/helpers.function` into `tests/src/helpers.c`
2021-02-03 19:01:54 +01:00
Steven Cooreman 83fdb70550 Convert 'large key' testing to accept insufficient memory errors
Since the tested service may run in a different context with a different heap.

Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-02-03 15:21:01 +01:00
Steven Cooreman 69967ce17e Get rid of half-baked HAVE_RAM_128K in favor of dynamic heap checking
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-02-03 15:19:20 +01:00
Ronald Cron 1e87d5ba1d tests: psa: Fix export related tests
Fix some export related tests that were
relying on the fact that the size of the
output buffer was checked after other
parameters.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-02-02 11:49:08 +01:00
Gilles Peskine 612ffd2aa1 Fix copypasta in conditional directive in cipher_setup
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-02-01 13:22:38 +01:00
Gilles Peskine d6dc40cae1 Update hash dependencies in PSA test code
Switch dependencies on MBEDTLS_xxx to PSA_WANT_xxx for hash
algorithms.

Add a missing dependency in bad_order functions (it was previously
expressed in the .data file, but this is no longer the case when
dependencies in the .data file are determined automatically).

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-02-01 13:22:38 +01:00
Gilles Peskine 6fea21d515 Declare a code dependency in the code instead of in the data
When using the test function persistent_key_load_key_from_storage with
DERIVE_KEY, there's a dependency on HKDF-SHA-256. Since this
dependency is in the code, declare it there rather than with the data.
If the depenency is not met, mark the test as skipped since it can't
create the key to be tested.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-02-01 13:19:26 +01:00
Ronald Cron f7b666c508 tests: psa: Move PSA key attributes tests
Move PSA key attributes tests to their own
test suite to be able to run them when
MBEDTLS_PSA_CRYPTO_CLIENT is enabled but
not MBEDTLS_PSA_CRYPTO_C.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-02-01 13:17:23 +01:00
paul-elliott-arm a14d1642f4
Merge pull request #4008 from stevew817/bugfix/fix_dependencies
Fix warnings and dependencies when using _ALT in test
2021-01-29 12:24:54 +00:00
Ronald Cron 318515b384
Merge pull request #3984 from gabor-mezei-arm/3268_update_macros_for_ouput_buffer_size_renames
Rename existing support macros for output buffer sizes for PSA Crypto API 1.0.0
2021-01-29 09:31:59 +01:00
Steven Cooreman 29eecbf6e1 move _bad_order() test case dependencies to the function itself
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-01-28 19:41:25 +01:00
gabor-mezei-arm cbcec21684
Rename output buffer size macros
Rename existing support macros for output buffer sizes for PSA Crypto API 1.0.0

Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-01-21 13:17:25 +01:00
Chris Jones 9634bb10d9 Move helper testing functions to tests/src/helpers.c
Moves the functions `test_fail`, `test_set_step`, `test_skip` and the struct
`test_info` from `tests/suites/helpers.function` to `tests/src/helpers.*`.
This is done to open these functions up to the API where they can be used by
other functions in the 'src' test infrastructure module.

As the functions are now contained within the src folder of the testing
infrastructure, the `mbedtls_` prefix has been added to the functions.

Signed-off-by: Chris Jones <christopher.jones@arm.com>
2021-01-20 15:56:42 +00:00
Gilles Peskine f6be590bf6 Include psa_crypto_helpers.h in helpers.function
Include psa_crypto_helpers.h automatically if MBEDTLS_PSA_CRYPTO_C is
enabled, like helpers.h is included automatically.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-01-06 18:21:18 +01:00
Ronald Cron 3a4f0e3cc4 tests: psa: Reset key attributes where needed
After a call to psa_get_key_attributes() to retrieve
the attributes of a key into a psa_key_attributes_t
structure, a call to psa_reset_key_attributes() is
mandated to free the resources that may be
referenced by the psa_key_attributes_t structure.
Not calling psa_reset_key_attributes() may result in
a memory leak.

When a test function calls psa_get_key_parameters()
the associated key attributes are systematically
reset in the clean-up part of the function with a
comment to emphasize the need for the reset and make
it more visible.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-11-20 13:57:26 +01:00
Ronald Cron 9e12f8f425 tests: psa crypto: Fix lifetime_is_secure_element()
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-11-19 16:59:40 +01:00
Ronald Cron 65f38a3c2e Add key id check when creating a volatile key
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-11-10 18:19:59 +01:00
Ronald Cron f1ff9a83fa tests: psa: Use PSA_KEY_LIFETIME_IS_VOLATILE where it should
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-11-10 16:18:07 +01:00
Ronald Cron 5425a21fd2 tests: Adapt PSA tests to openless APIs
psa_key_handle_equal() is removed as not used
anymore.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-11-10 16:00:41 +01:00
Ronald Cron 4184107d2e tests: Fix checks of volatile key identifier
Volatile keys have now a volatile non-null key
identifier.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-11-10 16:00:41 +01:00
Ronald Cron 432e19c7b2 tests: Fix error codes when using "invalid" handles
As handles are now key identifiers, a handle may be
valid now even if it does not refer to any key
known to the library.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-11-10 16:00:41 +01:00
Ronald Cron c26f8d467a Introduce psa_key_handle_is_null inline function
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-11-10 16:00:41 +01:00
Ronald Cron 91e9515424 Introduce PSA_KEY_HANDLE_INIT macro
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-11-10 16:00:41 +01:00
Steven Cooreman fa5e631d23 Apply review feedback
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2020-10-15 17:07:12 +02:00
Steven Cooreman 0ee0d52967 Fix PSA crypto inconsistencies in agreement+derivation
* #3742 After input of a key as SECRET in the derivation, allow the
        derivation result to be used as key.

Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2020-10-05 16:08:18 +02:00
Steven Cooreman ce48e85db9 Fix PSA crypto inconsistencies in agreement+derivation
* #3741 Allow key agreement inside derivation with a key that's allowed
        for the relevant agreement.

Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2020-10-05 16:02:45 +02:00
Gilles Peskine dc57c25e30
Merge pull request #3527 from ronald-cron-arm/key-extended-id
PSA key identifiers rework
2020-09-15 16:06:06 +02:00
Gilles Peskine b1d3f2779b
Merge pull request #3480 from stevew817/feature/aes-ecb
Added support for AES-ECB to the PSA Crypto implementation
2020-09-14 14:45:14 +02:00
Steven Cooreman 177deba54b Fix style and pull out ECB processing in separate function
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2020-09-07 17:14:14 +02:00
Ronald Cron 81e005042e tests: psa: Add owner identifier as test parameter
To test the proper handling of owner identifier as of key
identifiers, add owner identifier(s) to tests having
key identifier(s) as test parameters. Just don't do it for
tests related to tests invalid values of key identifiers
as there is no owner identifier invalid values.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-09-02 14:27:07 +02:00
Ronald Cron ecfb237f23 Fix PSA code and unit tests
Fix PSA code and unit tests for the unit tests
to pass with key identifiers encoding owner
identifiers.

The changes in PSA code just make the enablement
of key identifiers encoding owner identifiers
platform independent. Previous to this commit,
such key identifiers were used only in the case
of PSA SPM platforms.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-09-02 14:27:07 +02:00
Ronald Cron 71016a9ea7 psa: Rename psa_key_file_id_t to mbedtls_svc_key_id_t
With PSA crypto v1.0.0, a volatile key identifier may
contain a owner identifier but no file is associated
to it. Thus rename the type psa_key_file_id_t to
mbedtls_svc_key_id_t to avoid a direct link with a
file when a key identifier involves an owner
identifier.

The new type name is prefixed by mbedtls to highlight
that the type is specific to Mbed TLS implementation
and not defined in the PSA Cryptography API
specification.

The svc in the type name stands for service as this
is the key identifier type from the point of view of
the service providing the Cryptography services.
The service can be completely provided by the present
library or partially in case of a multi-client service.

As a consequence rename as well:
. MBEDTLS_PSA_CRYPTO_KEY_FILE_ID_ENCODES_OWNER to
  MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER
. PSA_KEY_ID_INIT to MBEDTLS_SVC_KEY_ID_INIT
. PSA_KEY_FILE_GET_KEY_ID to MBEDTLS_SVC_KEY_ID_GET_KEY_ID
. psa_key_file_id_make to mbedtls_svc_key_id_make

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-09-02 14:27:07 +02:00