Commit graph

14404 commits

Author SHA1 Message Date
Mateusz Starzyk
0fdcc8eee9 Remove Havege module.
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
2021-02-11 14:17:07 +01:00
Ronald Cron
a120146afe
Merge pull request #3962 from gilles-peskine-arm/psa-storage-format-test-strategy
Keystore format stability test strategy
2021-01-25 16:44:23 +01:00
Janos Follath
b034683a70
Merge pull request #4007 from stevew817/feature/alt_implementation_is_not_deterministic
Don't self-test ECJPAKE ALT implementations against known entropy
2021-01-25 12:39:03 +00:00
Steven Cooreman
64f2773eab Skip tests requiring known entropy for ECJPAKE ALT implementations
These implementations don't necessarily consume entropy the same way the
mbed TLS internal software implementation does, and the 'reference
handshake' test vectors can thus not be applied to an ALT implementation.

Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-01-22 14:23:08 +01:00
Gilles Peskine
ff457506d3 Remind the reader of what is done about old formats
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-01-19 14:25:20 +01:00
Gilles Peskine
697ee190b5 Add a section about non-default lifetimes
Alternative locations should be covered. We don't yet support
alternative persistence levels.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-01-18 23:38:21 +01:00
Gilles Peskine
528144f523 Clarify the methods of key storage testing
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-01-18 23:36:18 +01:00
Dave Rodgman
6fbff5b557
Merge pull request #3698 from darrenkrahn/development
Mark basic constraints critical as appropriate.
2021-01-17 18:06:18 +00:00
paul-elliott-arm
94ca18733a
Merge pull request #3809 from AndrzejKurek/refactor-variable-buffers
Refactor variable I/O buffers feature to reduce code duplication
2021-01-14 14:25:56 +00:00
Darren Krahn
9c134cef35 Add build instructions for new test data.
Signed-off-by: Darren Krahn <dkrahn@google.com>
2021-01-13 22:04:45 -08:00
paul-elliott-arm
2427d15ea3
Merge pull request #3986 from gilles-peskine-arm/ssl_test_lib-create
Unify common code of ssl_client2.c and ssl_server2.c
2021-01-13 15:30:00 +00:00
Gilles Peskine
c772b1822a Move the declaration of query_config() to a dedicated header file
Declaring query_config() belongs with the query_config program, not in
ssl_test_lib.h, so move the declaration to a new header file
query_config.h.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-01-13 14:19:43 +01:00
Gilles Peskine
d0c7b79170
Merge pull request #3912 from gilles-peskine-arm/psa-external-random-test
Alternative random generator support for PSA: negative tests
2021-01-12 17:55:11 +01:00
Andrzej Kurek
2a54a6fe1c Refactor the variable buffer length config description
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2021-01-11 09:14:21 -05:00
Andrzej Kurek
557289babc Add a missing dependency to config.h
Variable buffer lengths depend on the maximum fragment length extension.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2021-01-11 09:14:15 -05:00
Andrzej Kurek
069fa96cd7 Use size_t instead of uint32_t for ssl I/O buffer lengths
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2021-01-11 09:13:58 -05:00
Andrzej Kurek
4a0637981b Refactor the variable I/O buffer size feature
Reduce code duplication to simplify the feature and reduce code size.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2021-01-11 09:12:53 -05:00
Gilles Peskine
b4df754274 Update #else and #endif comments
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-01-08 21:21:27 +01:00
Gilles Peskine
c85c20147b Don't call TEST_ASSERT in PSA_DONE
TEST_ASSERT jumps to the exit label, so it must not be called from
cleanup code executed after the exit label. It's legitimate (and
indeed very common) to call PSA_DONE in cleanup code, so PSA_DONE must
not jump to exit.

Define an auxiliary function test_fail_if_psa_leaking() that calls
test_fail() with the error message provided by
mbedtls_test_helper_is_psa_leaking(). This function currently needs to
be in helpers.function rather than in a PSA-specific helper file
because it calls test_fail which is defined in helpers.function.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-01-06 20:49:42 +01:00
Gilles Peskine
6beb327a5e external_rng_failure_sign: more robust buffer management
Don't microoptimize memory usage in tests: use separate buffers for
the input and the output. Allocate the input buffer dynamically
because the size is a parameter of the test case. Allocate the output
buffer dynamically because it's generally good practice in tests so
that a memory sanitizer can detect a buffer overflow.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-01-06 20:16:26 +01:00
Gilles Peskine
3aa5a6414e Fix a test dependency
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-01-06 20:06:36 +01:00
Gilles Peskine
dbf6896c82 mbedtls_to_psa_error: prefer dispatching on the low-level error
When an Mbed TLS error code combines a low-level error and a
high-level error, the low-level error is usually closer to the root
cause (for example HW_ACCEL_FAILED or ENTROPY_SOURCE_FAILED is more
informative than RSA_PRIVATE_FAILED). So prioritize the low-level code
when converting to a PSA error code, rather than the high-level code
as was (rather arbitrarily) done before.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-01-06 20:04:23 +01:00
Gilles Peskine
1631514b8e Add missing dependencies on key types
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-01-06 18:22:40 +01:00
Gilles Peskine
ba0c1ffb72 Depend on the built-in implementation when injecting RNG failure
When verifying the impact of a forced RNG failure, depend on the built-in
implementation of the algorithm that uses randomization, whether it's
because the algorithm is randomized or because our implementation uses
randomization for (e.g.) blinding. An external implementation could use
its own randomness source which is not affected by the forced failure of
the RNG driver.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-01-06 18:22:40 +01:00
Gilles Peskine
f547ce8daa MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG: negative tests
Under MBEDTLS_ERR_RSA_RNG_FAILED, add tests where the random generator
failed. This commit tests the following operations:

* psa_generate_random()
* psa_generate_key() for a symmetric key
* Deterministic signatures that use blinding (RSA PKCS#1v1.5,
  deterministic ECDSA).
* Randomized signatures (RSA PSS, randomized ECDSA).

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-01-06 18:22:40 +01:00
Gilles Peskine
ae3741e8a4 Fix an incorrect error code if RSA private operation glitched
mbedtls_rsa_private() could return the sum of two RSA error codes
instead of a valid error code in some rare circumstances:

* If rsa_prepare_blinding() returned  MBEDTLS_ERR_RSA_RNG_FAILED
  (indicating a misbehaving or misconfigured RNG).
* If the comparison with the public value failed (typically indicating
  a glitch attack).

Make sure not to add two high-level error codes.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-01-06 18:22:40 +01:00
Gilles Peskine
40d8160c8e mbedtls_to_psa_error: fix a copypasta and a missing translation
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-01-06 18:22:40 +01:00
Gilles Peskine
8ae012b603 Generalize test_suite_psa_crypto_entropy
Prepare it for testing aspects of entropy other than
MBEDTLS_PSA_INJECT_ENTROPY.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-01-06 18:21:18 +01:00
Gilles Peskine
76175ba785 Disable the insecure PSA test RNG by default
To reduce the risk of people accidentally using the test
implementation of mbedtls_psa_external_get_random(), which is
insecure, require the user to explicitly call
mbedtls_test_enable_insecure_external_rng() first.

Disabling the test implementation of mbedtls_psa_external_get_random()
will also allow negative testing for MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG,
which will be added in a subsequent commit.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-01-06 18:21:18 +01:00
Gilles Peskine
f6be590bf6 Include psa_crypto_helpers.h in helpers.function
Include psa_crypto_helpers.h automatically if MBEDTLS_PSA_CRYPTO_C is
enabled, like helpers.h is included automatically.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-01-06 18:21:18 +01:00
Gilles Peskine
9a4baa1336 Remove unnecessary precautions around #include psa_crypto_helpers.h
psa_crypto_helpers.h no longer defines static functions, so it can be
included anywhere without worrying about unused functions.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-01-06 18:19:17 +01:00
Gilles Peskine
d71539fd03 Fix test_psa_collect_statuses: update makefile dependencies
`tests/scripts/all.sh test_psa_collect_statuses` calls
`tests/scripts/psa_collect_statuses.py` which calls
`make -DRECORD_PSA_STATUS_COVERAGE_LOG` which must generate
`include/test/instrument_record_status.h`.
With the refactoring of `psa_crypto_helpers.{h,c}`, this now
needs to be done before building `psa_crypto_helpers.c`.

Also, remove `include/test/instrument_record_status.h` unconditionally
in `make clean`, which helps keep the build tree clean.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-01-06 18:19:17 +01:00
Gilles Peskine
d4008d5b38 Refactor PSA test helpers: move function definitions from .h to .c
Move function definitions from psa_crypto_helpers.h to
psa_crypto_helpers.c.

No behavior change.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-01-06 18:19:17 +01:00
Gilles Peskine
1e00565111 Refactor PSA test helpers: don't depend on test_info access
Refactor some PSA test helper functions and macros to avoid depending
on test_info and test_fail inside functions. These identifiers are
only defined in helpers.function, so they're only available in test
suites, and not in test helper modules (tests/src/*.c) which are also
linked into example programs.

This is in preparation for moving function definitions from
psa_crypto_helpers.h to psa_crypto_helpers.c.

No behavior change.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-01-06 18:19:17 +01:00
Gilles Peskine
86cadb37d1 Remove now-redundant test result check
Since 349eadc58f, test_fail() reports
the first failure. So it's safe to call test_fail() again to report a
cleanup failure when we don't want to potentially erase information
about an earlier failure.

The behavior of mbedtls_test_helper_is_psa_pristine() changes if
test_info.result was neither TEST_RESULT_SUCCESS nor
TEST_RESULT_FAILED, but this should not matter since a skipped test
should not cause mbedtls_test_helper_is_psa_pristine() to fail.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-01-06 18:19:17 +01:00
Gilles Peskine
ddfd080128 Use mbedtls_test_ prefix on all PSA helper functions
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-01-06 18:19:17 +01:00
Gilles Peskine
a51e1dbe76
Merge pull request #3895 from gilles-peskine-arm/psa-external-random
Alternative random generator support for PSA
2021-01-06 17:09:11 +01:00
Gilles Peskine
504c1a361e ssl_test_lib: move common functions and variables
Move from ssl_*2.c to ssl_test_lib.c:
* Functions that have exactly identical definitions in the two
  programs, and that don't reference the global variable opt which
  has a different type in the client and in the server. Also declare
  these functions in ssl_test_lib.h.

Move from ssl_*2.c to ssl_test_common_source.c:
* Functions that have exactly identical definitions in the two
  programs, but access fields of the global variable opt which
  has a different structure type in the client and in the server.
* The array ssl_sig_hashes_for_test, because its type is incomplete.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-01-06 10:25:35 +01:00
Gilles Peskine
7c818d68be ssl_test_lib: move common type definitions
Move from ssl_*2.c to ssl_test_lib.h:
* Types defined identically in both files.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-01-06 10:25:35 +01:00
Gilles Peskine
c11eb1fa07 Prepare to merge identical code from ssl_client2.c and ssl_server2.c
Adjust whitespace and comments in code of ssl_client2.c and
ssl_server2.c that was almost identical to make these chunks exactly
identical.

Make the common functions non-static.

This is in preparation for moving the common code to ssl_test_lib.c.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-01-06 10:25:35 +01:00
Gilles Peskine
7f679c7bf4 ssl_test_lib: move declaration of query_config
Move from ssl_*2.c to ssl_test_lib.h:
* The declaration of query_config(). Also document it.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-01-06 10:25:35 +01:00
Gilles Peskine
67638d6828 ssl_test_lib: move common includes
Move from ssl_*2.c to ssl_test_lib.h:
* Include directives for headers included by both programs.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-01-06 10:25:35 +01:00
Gilles Peskine
ab7ce96d7b ssl_test_lib: move initial includes and is-it-supported check
Move from ssl_*2.c to ssl_test_lib.h:
* The inclusion of the config header file (identical).
* The fallback definitions of platform functions (almost identical:
  server2 also had snprintf and the order and whitespace was slightly
  different).
* The compilation guards checking that required options are
  enabled (tweaked to make them common, with MBEDTLS_SSL_{CLI,SRV}_C
  separated out).

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-01-06 10:25:35 +01:00
Gilles Peskine
0d980b8be8 ssl_test_common_source.c: new source file for common SSL test code
Create a new source file for code that is shared between ssl_client2.c
and ssl_server2.c, but cannot be compiled separately and instead needs
to be #include'd in each program that uses it.

This is for code that references macros or types that are defined
differently in the two programs.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-01-06 10:25:35 +01:00
Gilles Peskine
a3ed34fed6 ssl_test_lib.[hc]: new source file for common SSL test code
Create a new source file for code that is shared between ssl_client2.c
and ssl_server2.c. This commit only creates the file; subsequent
commits will populate it.

Add it to the official build systems (make, cmake, VS).

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-01-06 10:25:35 +01:00
Manuel Pégourié-Gonnard
75fdd0640f
Merge pull request #3973 from stroebeljc/development
Fixed seed variable concatenation pointer.
2021-01-06 10:07:52 +01:00
Gilles Peskine
d20a210bbd git: don't ignore fuzz/Makefile
*/Makefile is ignored (because it's created by cmake in in-tree builds).
But fuzz/Makefile is checked into git, so don't ignore it.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-01-05 21:06:11 +01:00
Gilles Peskine
f06a54cb18 With make, build query_config.c only once
Build query_config.o then link it, instead of building query_config.c
in each of the four programs that use it.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-01-05 21:06:05 +01:00
stroebeljc
03ee3834a0 Updated change description as suggested by @gilles-peskine-arm.
Signed-off-by: stroebeljc <stroebeljc1@gmail.com>
2021-01-05 11:28:30 -06:00
Gilles Peskine
73d783244f
Merge pull request #3969 from frestr/bugfix/psa_close_key_leak
PSA Crypto: Don't skip key data removal when SE driver is not in use
2021-01-05 16:55:52 +01:00