Commit graph

2429 commits

Author SHA1 Message Date
Hanno Becker
24658c4ba1 Add test vectors for TLS 1.2 PRF
Taken from https://www.ietf.org/mail-archive/web/tls/current/msg03416.html
2018-11-16 11:24:59 +00:00
Gilles Peskine
c7998b78b8 Factor common code into key_agreement_with_self 2018-11-14 21:17:16 +01:00
Gilles Peskine
88714d78b8 Allow ECDH-only public key in ECDH
In ECDH key agreement, allow a public key with the OID id-ECDH, not
just a public key with the OID id-ecPublicKey.

Public keys with the OID id-ECDH are not permitted by psa_import_key,
at least for now. There would be no way to use the key for a key
agreement operation anyway in the current API.
2018-11-14 21:17:16 +01:00
Gilles Peskine
714e16b37a Add import/export test of EC public key 2018-11-14 21:17:16 +01:00
Gilles Peskine
3ec8ed8b51 Add multipart key agreement tests
Add test cases that do key agreement with raw selection in pieces, to
validate that selection works even when the application doesn't read
everything in one chunk.
2018-11-14 21:15:37 +01:00
Gilles Peskine
bf49197c9b key_agreement_capacity: test the actual capacity as well
After testing that the advertized capacity is what the test data says,
read that many bytes to test that this is also actual capacity.
2018-11-14 21:15:37 +01:00
Gilles Peskine
10df341436 Factor usage_to_exercise into its own function 2018-11-14 21:15:37 +01:00
Gilles Peskine
fc411f1ac1 Use ASSERT_ALLOC in key agreement tests 2018-11-14 21:15:37 +01:00
Gilles Peskine
1d7c082124 Fix a memory leak in a test 2018-11-14 21:15:37 +01:00
Gilles Peskine
b7ecdf0509 Implement ECDH 2018-11-14 21:15:37 +01:00
Gilles Peskine
5968559a9c Key agreement test functions 2018-11-14 21:15:37 +01:00
Gilles Peskine
01d718cee8 New API function: psa_key_agreement
Set up a generator from a key agreement.
2018-11-14 21:15:37 +01:00
Gilles Peskine
93098fd996 Key agreement: macros for finite-field Diffie-Hellman, ECDH
Declare macros to represent key agreement algorithms.
2018-11-14 21:15:37 +01:00
Gilles Peskine
e8f0e3dc3c New algorithm category: key selection
A key selection algorithm is similar to a key derivation algorithm in
that it takes a secret input and produces a secret output stream.
However, unlike key derivation algorithms, there is no expectation
that the input cannot be reconstructed from the output. Key selection
algorithms are exclusively meant to be used on the output of a key
agreement algorithm to select chunks of the shared secret.
2018-11-14 21:15:37 +01:00
Gilles Peskine
e19b7d54d0 Revert "New function mbedtls_rsa_get_bitlen"
This reverts commit 1d26709dbd.
2018-11-12 19:14:34 +01:00
Gilles Peskine
64a43ce48e Revert "fixup! New function mbedtls_rsa_get_bitlen"
This reverts commit c939f6fcba.
2018-11-12 19:14:34 +01:00
Gilles Peskine
86a440b638 Reject non-byte-aligned RSA keys
On key import and key generation, for RSA, reject key sizes that are
not a multiple of 8. Such keys are not well-supported in Mbed TLS and
are hardly ever used in practice.

The previous commit removed support for non-byte-aligned keys at the
PSA level. This commit actively rejects such keys and adds
corresponding tests (test keys generated with "openssl genrsa").
2018-11-12 19:14:18 +01:00
Jaeden Amero
594a330eb7 psa: test: Fix truncation of message by snprintf
We had only allocated 40 bytes for printing into, but we wanted to print 46
bytes. Update the buffer to be 47 bytes, which is large enough to hold what
we want to print plus a terminating null byte.
2018-11-08 17:32:45 +00:00
Gilles Peskine
728944718a Fix a test case with incorrect dependency
Simplify the test case "PSA export a slot after a failed import of an
EC keypair": use an invalid private value for the specified curve. Now
the dependencies match the test data, so this fixes curves.pl.
2018-11-08 10:00:08 +01:00
Moran Peker
ce50007f90 Add tests of using cipher in bad state cases
- cipher setup after import key failure.
- cipher setup after set key policy but no key material
creation.
2018-11-07 16:20:07 +02:00
Moran Peker
3455009116 Add tests that check export failures after illegal behavior
- export a key after import key failure.
- export a key after the key was destroyed.
- export a key after set key policy but no key material
creation.
2018-11-07 16:19:34 +02:00
Moran Peker
28a38e6e38 Add tests that checks key management corner cases
- import a key into a non empty key slot.
- export a key from invalid slot number.
2018-11-07 16:18:24 +02:00
Gilles Peskine
8739da830e Fix test data in an old format
Update some test data from the asymmetric_apis_coverage branch that
wasn't updated to the new format from the
psa-asymmetric-format-raw_private_key branch.
2018-11-06 15:15:05 +01:00
Jaeden Amero
c0a0855793
Merge pull request #171 from ARMmbed/asymmetric_apis_coverage
Increase asymmetric APIs coverage
2018-11-06 13:00:35 +00:00
Mohammad AboMokh
2d65cf0b16 Fix sign test dependencies and used algorithm 2018-11-06 11:56:45 +02:00
Jaeden Amero
fe9f771e88
Merge pull request #170 from ARMmbed/increase_psa_key_derivation_code_coverage
add tests that increase key derivation code coverage slightly
2018-11-06 09:17:19 +00:00
Jaeden Amero
40f1cb104f
Merge pull request #182 from ARMmbed/psa-asymmetric-format-raw_private_key
Asymmetric import/export format: raw private EC keys
2018-11-06 09:02:25 +00:00
Mohammad AboMokh
392952df93 Fix test dependencies lists 2018-11-06 08:11:10 +02:00
itayzafrir
27e6945f43 Refactor and rename test hash_verify_bad_paths to hash_verify_bad_args
1. Updated test scenarios.
2. Renamed test and updated test description.
3. Some documentation updates.
4. Test dependency moved to .function file.
2018-11-05 18:36:05 +02:00
itayzafrir
b2dd5ed1e6 Rename test hash_finish_bad_paths to hash_finish_bad_args
Test dependency moved to .function file.
2018-11-05 18:36:05 +02:00
itayzafrir
f86548d674 Add test hash_bad_order
1. New test for testing bad order of hash function calls.
2. Removed test hash_update_bad_paths since it's test scenario
   was moved to the new test.
3. Moved some scenarios from test hash_verify_bad_paths to
   the new test.
2018-11-05 18:36:05 +02:00
itayzafrir
e1f932ba4d Refactor hash multi part test
Refactor test hash_multi_part to test various sizes when
calling psa_hash_update.
2018-11-05 18:36:05 +02:00
itayzafrir
58028321b9 Split test hash_bad_paths into 3 different tests
1. Rename hash_bad_paths to hash_verify_bad_paths
2. Add test hash_update_bad_paths
3. Add test hash_finish_bad_paths

The different scenarios tested as part of hash_bad_paths are
moved to the relevant test.
2018-11-05 18:36:05 +02:00
itayzafrir
4271df932c Add scenario to test case hash_bad_paths
Tests where the verification hash digest is prefixed with
the expected digest but also has extra bytes appended at the end of it.
2018-11-05 18:36:05 +02:00
itayzafrir
69290f0e71 Update hash tests documentation 2018-11-05 18:36:05 +02:00
itayzafrir
02d6295e53 Move positive hash tests into a new test suite
Move hash_finish, hash_verify and hash_multi_part to a
new test suite test_suite_psa_crypto_hash.
2018-11-05 18:36:05 +02:00
itayzafrir
931fa6d663 Remove input parameter validations from hash test functions
Remove from hash_finish, hash_verify and hash_multi_part
2018-11-05 18:34:16 +02:00
itayzafrir
9b3b31dc52 Delete redundant hash test vectors
Due to migration of test vectors from mbedTLS
2018-11-05 18:34:16 +02:00
itayzafrir
a00f1d8b00 Add additional test vectors for hash single part
Test vectors migrated from mbedTLS
2018-11-05 18:34:16 +02:00
itayzafrir
f5b3eb85b5 Add hash test for multipart operation
Test vectors migrated from mbedTLS
2018-11-05 18:34:16 +02:00
itayzafrir
ec93d30b45 Add hash bad paths test
Increase code coverage
2018-11-05 18:34:16 +02:00
itayzafrir
18b1a227ac Add missing algorithms to existing hash tests 2018-11-05 18:34:16 +02:00
Nir Sonnenschein
1caf6d24f2 Fix code style and clarify issue comment
* remove unneeded constants
* clarify comment reference to issue 183
* add additional reference comment
* fix brace spacing issues
2018-11-01 12:27:20 +02:00
Nir Sonnenschein
dd69d8b7ff Streamline test function API by removing parameter
streamline the API for the test test_derive_invalid_generator_state: by removing
the key_data parameter.
This parameter is not important for test flow and can be hard-coded.
2018-11-01 12:24:23 +02:00
Nir Sonnenschein
f8964b9580 updated test to work around https://github.com/ARMmbed/mbedtls-psa/issues/183
test should check the correct error values once this issue is fixed
2018-10-31 18:06:14 +02:00
Gilles Peskine
2257649ce4 Private EC key import: boundary test cases
Add boundary test cases for private key validity for a short
Weierstrass curve (0 < d < n).

Remove obsolete test cases "valid key but wrong curve". With the new
format, the private key representation does not contain an encoding of
the curve.
2018-10-31 14:10:06 +01:00
Nir Sonnenschein
5078930459 fix whitespace issues 2018-10-31 12:16:38 +02:00
Nir Sonnenschein
4eda37bb9e streamline test function API by removing parameter
streamline the API for the test test_derive_invalid_generator_state by removing
the key type paramter (it is assumed to always be PSA_KEY_TYPE_DERIVE)
2018-10-31 12:15:58 +02:00
Mohammad AboMokh
991aee67cf improve test description 2018-10-31 10:36:48 +02:00
Jaeden Amero
d5cea2cd01
Merge pull request #172 from ARMmbed/psa-refine.gitignore
Refine .gitignore and add test_suite_psa_crypto_metadata to cmake build
2018-10-30 11:23:53 +00:00