Commit graph

15006 commits

Author SHA1 Message Date
Ronald Cron d85e98d6f1 psa: config: Add CBC-MAC
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-03-25 16:02:26 +01:00
Ronald Cron e1f5516025 psa: config: Improve handling of not supported ECC curves
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-03-25 16:02:19 +01:00
Ronald Cron 51a3b7d79c psa: config: Add CAMELLIA to the list of possible CMAC ciphers
Camellia-CMAC is valid PSA configuration.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-03-25 14:25:46 +01:00
Ronald Cron b9df5ceb8f psa: config: Fix AEAD/CMAC algorithms and ciphers inter-dependencies
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-03-25 11:01:21 +01:00
Ronald Cron 9e3926a295 psa: config: Remove check on ARIA in GCM prerequisites
ARIA is not supported yet through the PSA API.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-03-24 15:57:21 +01:00
Ronald Cron 4501c98fc2 psa: sign: Return INVALID_ARGUMENT instead of NOT_SUPPORTED
To run succesfully the test
"PSA sign: invalid algorithm for ECC key" of
test_suite_psa_crypto when ECDSA support is not included
in the library, always return INVALID_ARGUMENT
in case of an ECC key not used for ECDSA, whether
ECDSA support is present or not.

Then apply the same logic to RSA sign RSA and RSA/ECC
verify for the sake of consistency.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-03-24 12:05:51 +01:00
Ronald Cron 9f97c6ecdf Update PSA crypto test dependencies
Given the PSA_WANT_* config options added lately,
update set_psa_test_dependencies.py and run it
on test_suite_psa_crypto*.data files but the SE
and generated ones.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-03-24 09:26:44 +01:00
Ronald Cron 9838dc2702 tests: Fine tune handling of policy negative tests
Fine tune handling of policy negative tests when
setting automatically PSA crypto unit tests
dependencies.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-03-24 09:18:23 +01:00
Ronald Cron 6ac020d797 tests: Treat PSA_WANT_ECC_* as manual dependencies
For the time being, it is not possible to determine
the size of ECC keys from the arguments of all test
cases thus treat them as dependencies that are not
systematic. Such dependencies are not generated nor
deleted by set_psa_test_dependencies.py.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-03-24 09:03:56 +01:00
Ronald Cron ee414c7383 Update dependencies in PSA test code
Replace MBEDTLS_* config options for which there is
an associated PSA_WANT_* to the PSA_WANT_* one. That
way the tests are also run when the dependency is
provided by a driver.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-03-23 16:47:46 +01:00
Ronald Cron 3d471814bc psa: Add missing PSA configs
Add missing PSA_WANT_CCM/GCM/CMAC. This completes
the set of PSA_WANT config options given the
current support of PSA crypto in Mbed TLS.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-03-23 16:47:46 +01:00
Ronald Cron 49eee980c3
Merge pull request #4250 from gilles-peskine-arm/psa-curves-fix-tests
PSA: don't run tests for unsupported curves
2021-03-23 16:31:35 +01:00
Gilles Peskine 71f45ba0e8 Fix unused parameter warning in some configurations
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-03-23 14:17:55 +01:00
Gilles Peskine defdc3bc53 SECP224K1 is not yet supported via the PSA API
Filed as https://github.com/ARMmbed/mbedtls/issues/3541. In the
meantime, disable the ssl-opt.sh test case that uses it.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-03-23 13:59:58 +01:00
Gilles Peskine a1684f42d3 PSA: Reject curves that are not enabled in the PSA configuration
If an elliptic curve was enabled in the Mbed TLS classic API (#define
MBEDTLS_ECP_DP_xxx), but not enabled in the PSA configuration (#define
PSA_WANT_ECC_xxx), it would still work if you tried to use it through
PSA.

This is generally benign, but could be a security issue if you want to
disable a curve in PSA for some security reason (such as a known bug
in its implementation, which may not matter in the classic API if Mbed
TLS is running in a secure enclave and is only reachable from
untrusted callers through the PSA API). More urgently, this broke
test_suite_psa_crypto_not_supported.generated.

So if a curve is not enabled in the PSA configuration, ensure that
it's treated as unsupported through the PSA software implementation.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-03-23 13:12:34 +01:00
Gilles Peskine 398413024d SECP224K1 is not yet supported via the PSA API
Filed as https://github.com/ARMmbed/mbedtls/issues/3541. In the
meantime, disable the feature.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-03-23 12:06:45 +01:00
Gilles Peskine 8276986c3e Curve448 is not yet supported via the PSA API
Filed as https://github.com/ARMmbed/mbedtls/issues/4249. In the
meantime, disable the feature.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-03-23 12:06:16 +01:00
Ronald Cron 63c3dc9395
Merge pull request #4158 from d3zd3z/pr/psa-config-ec
Create PSA configs for ECC curves
2021-03-22 17:35:04 +01:00
Gilles Peskine 01196d0464
Merge pull request #4214 from gilles-peskine-arm/psa-storage-format-test-types
PSA storage format test case generator
2021-03-22 12:16:17 +01:00
Ronald Cron 5cb08a8e61
Merge pull request #4202 from paul-elliott-arm/changelog_linelength_enforcement
Make assemble changelog script enforce line length
2021-03-19 12:26:31 +01:00
Paul Elliott d75773e941 Pythonify and fix reported line number
Use enumerate to give the line number and use the correct offset to
actually calculate it.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-03-18 18:09:34 +00:00
Gilles Peskine d08e538fa5
Merge pull request #4157 from stevew817/dispatch_hash_operations
Dispatch hash operations through the driver wrapper layer
2021-03-17 21:50:00 +01:00
Gilles Peskine 6cc510ea89
Merge pull request #4075 from rrlapointe/dtls_demo_use_read_timeout
Actually use the READ_TIMEOUT_MS in the example DTLS client and server
2021-03-17 14:39:50 +01:00
Gilles Peskine 0e7b6ebb64 Fix typos in comments
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-03-17 13:46:59 +01:00
Ronald Cron da3da94373
Merge pull request #4210 from gilles-peskine-arm/crypto_values-param-names
Fix parameter names after \p in include/psa
2021-03-17 10:17:18 +01:00
Gilles Peskine d86bc52d78 Cover encodings of algorithms without parameters
Generate test cases for all algorithms without parameters. Only the encoding
of the algorithm in the key metadata is covered: the test keys are not of a
type that permits the algorithm to be used in an operation.

This commit only covers algorithms without parameters. A subsequent commit
will generate algorithms with parameters.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-03-16 22:29:12 +01:00
David Brown 3298851d05 Fix alignment of PSA defines
When these names were changed, the definition got misaligned with the
rest of the fields.  Fix this alignment.

Signed-off-by: David Brown <david.brown@linaro.org>
2021-03-16 10:44:22 -06:00
Steven Cooreman f8e45a4e98 Simplify compilation guards around hash driver testing
The hash driver entry points (and consequentially the hash driver core)
are now always compiled on when PSA_CRYPTO_DRIVER_TEST is turned on.

Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-03-16 11:07:55 +01:00
Gilles Peskine 01a622a1a4
Merge pull request #4197 from bensze01/psa_ccm_nonce_length
Correct the maximum generated nonce length for CCM
2021-03-16 10:10:41 +01:00
David Brown eed74df1ee Re-order PSA ECC configs
Arrange these to be in alphabetical order.

Signed-off-by: David Brown <david.brown@linaro.org>
2021-03-15 15:53:57 -06:00
David Brown 44bfed596d Update PSA not supported generated data
Update this based on the output of the generator script.  The Brainpool
curves are now supported, since they are spelled properly in the config.

Signed-off-by: David Brown <david.brown@linaro.org>
2021-03-15 15:40:10 -06:00
David Brown 110ea816ca psa: Fix name of BRAINPOOL configs
These should be WANT_ECC_BRAINPOOL_P_... not WANT_ECC_BP_...  Change to
match.

Signed-off-by: David Brown <david.brown@linaro.org>
2021-03-15 15:30:28 -06:00
Ryan LaPointe dbb192d157 Fix inaccurate comment in sample DTLS server
Signed-off-by: Ryan LaPointe <ryan@ryanlapointe.org>
2021-03-15 16:43:27 -04:00
Ryan LaPointe 59244e87e1 Actually use the READ_TIMEOUT_MS in the sample DTLS client and server
Signed-off-by: Ryan LaPointe <ryan@ryanlapointe.org>
2021-03-15 16:43:08 -04:00
Steven Cooreman b6bf4bbf95 Clear up language on zeroizing driver context at setup
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-03-15 19:00:14 +01:00
Steven Cooreman aa87fd0012 Make driver IDs always visible
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-03-15 18:54:03 +01:00
Steven Cooreman 61bb8fc693 remove superfluous calls to hash_abort
The PSA Core is already calling psa_hash_abort, so the driver doesn't
have to do that explicitly.

Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-03-15 12:35:17 +01:00
Steven Cooreman 5e4c18f6d9 Reorder the driver wrapper switch-case content
Reordered the cases to be in numeric order.

Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-03-15 12:26:07 +01:00
Steven Cooreman 893232fbde Ensure the full driver structure is zeroized at setup
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-03-15 12:23:37 +01:00
Steven Cooreman fa952958a5 Don't void actually used arguments
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-03-15 12:16:25 +01:00
Steven Cooreman 0f8ffa806b Rename and retype hash test driver context structure
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-03-15 12:14:40 +01:00
Steven Cooreman 753f973f87 Use full config during driver testing
Due to the way the test drivers are setup, we require the full setup.

Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-03-15 12:14:40 +01:00
Steven Cooreman 5f88e776c3 Move mbedtls_md_info_from_psa into the mbedtls hash driver
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-03-15 12:14:40 +01:00
Steven Cooreman a85e2f835e Guard hash test functions as a block
Replicate the way the internal hash functions are guarded

Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-03-15 12:14:40 +01:00
Steven Cooreman 830aff2a98 Restructure the way driver contexts are declared
Drivers (both built-in and external) need to declare their context
structures in a way such that they are accessible by the
to-be-autogenerated crypto_driver_contexts.h file. That file lives in
include/psa, which means all builtin driver context structure
declarations also need to live in include/psa.

Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-03-15 12:14:32 +01:00
Steven Cooreman 0d58666395 Reuse already-defined MBEDTLS_PSA_BUILTIN_HASH
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-03-15 10:36:55 +01:00
Steven Cooreman fbe09284cf Set output length to 0 at start of function
This behaviour was present previously, and is depended on by the
test suites.

Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-03-15 10:34:56 +01:00
Steven Cooreman f66d5fd2bd Apply same argument checking as in psa_hash_setup
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-03-15 10:34:56 +01:00
David Brown 85537fa141 psa: ecdsa: Resolve incorrect merge resolution
The commit
    commit dcdde59c6f
    Author: David Brown <david.brown@linaro.org>
    Date:   Tue Feb 23 15:48:13 2021 -0700

        tests: psa: Change Elliptic curve defines to PSA names

when rebased on

    commit bb9cbc7a23
    Author: Ronald Cron <ronald.cron@arm.com>
    Date:   Thu Mar 4 17:09:00 2021 +0100

        psa: ecdsa: Prefer NOT_SUPPORTED error code

had an incorrect merge conflict resolution.  Correct this, allowing the
test "PSA sign: invalid algorithm for ECC key" to pass again.

Signed-off-by: David Brown <david.brown@linaro.org>
2021-03-12 12:21:45 -07:00
Dave Rodgman e483a77c85
Merge pull request #816 from ARMmbed/development
Merge recent commits from development into 2.26.0-rc
2021-03-12 16:55:26 +00:00