Commit graph

6461 commits

Author SHA1 Message Date
Gilles Peskine
4bd90dc6b1 Don't exercise OAEP with small key and large hash
RSA-OAEP requires the key to be larger than a function of the hash size.
Ideally such combinations would be detected as a key/algorithm
incompatibility. However key/algorithm compatibility is currently tested
between the key type and the algorithm without considering the key size, and
this is inconvenient to change. So as a workaround, dispense
OAEP-with-too-small-hash from exercising, without including it in the
automatic operation-failure test generation.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-15 11:10:14 +02:00
Gilles Peskine
d586b82e12 exercise_key: signature: detect function/algorithm incompatibility
Don't try to use {sign,verify}_message on algorithms that only support
{sign_verify}_hash. Normally exercise_key() tries all usage that is
supported by policy, however PSA_KEY_USAGE_{SIGN,VERIFY}_MESSAGE is implied
by PSA_KEY_USAGE_{SIGN,VERIFY}_HASH so it's impossible for the test data to
omit the _MESSAGE policies with hash-only algorithms.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-15 11:10:14 +02:00
Gilles Peskine
7acb1980ee Use PSA_AEAD_NONCE_LENGTH when exercising AEAD keys
Don't re-code the logic to determine a valid nonce length.

This fixes exercise_key() for PSA_ALG_CHACHA20_POLY1305, which was trying to
use a 16-byte nonce.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-15 11:10:14 +02:00
Gilles Peskine
bbf452c689 exercise_key: support modes where IV length is not 16
Support ECB, which has no IV. The code also now supports arbitrary IV
lengths based on the algorithm and key type.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-15 11:10:14 +02:00
Gilles Peskine
e6b85b4d42 Storage format tests: exercise operations with keys
In key read tests, add usage flags that are suitable for the key type and
algorithm. This way, the call to exercise_key() in the test not only checks
that exporting the key is possible, but also that operations on the key are
possible.

This triggers a number of failures in edge cases where the generator
generates combinations that are not valid, which will be fixed in subsequent
commits.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-15 11:10:14 +02:00
Gilles Peskine
16b2506e3d Abbreviate descriptions of generated PSA storage tests
This currently makes all the descriptions unambiguous even when truncated at
66 characters, as the unit test framework does.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-15 11:10:14 +02:00
Gilles Peskine
e8e058c9d4 Unify the code to shorten expressions
The output of generate_psa_tests.py is almost unchanged: the differences are
only spaces after commas (now consistently omitted).

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-15 11:10:14 +02:00
Gilles Peskine
564fae8328 Refactor usage flag formatting and implication
When generating storage format tests, pass usage flags around as a list, and
format them as the last thing.

In Storagekey(), simplify the addition of implicit usage flags: this no
longer requires parsing.

The output is unchanged.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-15 11:10:14 +02:00
Gilles Peskine
7de7c1020c Storage format tests: cover algorithms for each key type
In the generated storage format test cases, cover all supported
algorithms for each key type. This is a step towards exercising
the key with all the algorithms it supports; a subsequent commit
will generate a policy that permits the specified algorithms.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-15 11:10:14 +02:00
Gilles Peskine
fa70ced195 Remove ad hoc is_valid_for_signature method
Use the new generic is_public method.

Impact on generated cases: there are new HMAC test cases for SIGN_HASH. It
was a bug that these test cases were previously not generated.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-15 11:10:14 +02:00
Gilles Peskine
09dc05b880
Merge pull request #5635 from gilles-peskine-arm/psa-test-op-fail
PSA: systematically test operation failure
2022-04-15 10:52:47 +02:00
Manuel Pégourié-Gonnard
636b5f10da Add comment in compat.sh about callers
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-04-14 09:21:56 +02:00
Manuel Pégourié-Gonnard
9473229996 Fix compat.sh invocation in basic-built-test.sh
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-04-14 09:21:38 +02:00
Manuel Pégourié-Gonnard
296787f75c Rm DES from invocations of compat.sh
It no longer makes sense, either in -e or -f: those ciphersuites have
been removed anyway.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-04-13 10:45:10 +02:00
Manuel Pégourié-Gonnard
4111b73d8f Update comment and default exclude
- comments about (3)DES were inconsistent (one saying "keep 3DES" and
the other "exclude it")
- we don't have any DES or 3DES ciphersuite anyway, so no need to
exclude them or comment about it
- while at it, fix comment about ARIA: it's in the default config now

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-04-13 10:45:10 +02:00
Joe Subbiani
32df1450f1 Order ciphersuite names alphabetically
The ciphers were originally separated by the version conditions, and the spacing
was retained in case it was required later. It has been decided it would be better
to have an unbroken list in alphabetically order to quickly locate ciphers when
necessary

Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>
2022-04-13 10:45:08 +02:00
Joe Subbiani
f05fae0f7a Remove unsupported ciphersuites
Remove ciphersuites that are no longer supported.
running ./test/compat.sh -e '^$' -p mbedtls no longer skips any tests

Fixes #4818

Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>
2022-04-13 10:41:43 +02:00
Joe Subbiani
9f84761c66 Removed redundant mode checks
As anything below (D)TLS 1.2 is no longer supported, checks for the
minor version will always be true, and have therefore been removed

Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>
2022-04-13 10:40:49 +02:00
Manuel Pégourié-Gonnard
6c242a01f7
Merge pull request #5634 from superna9999/5625-pk-opaque-rsa-basics
PK Opaque RSA sign
2022-04-13 09:55:42 +02:00
Gilles Peskine
e1730e492d
Merge pull request #5708 from AndrzejKurek/timeless-struggles
Remove the dependency on MBEDTLS_TIME_H from the timing module
2022-04-08 18:43:16 +02:00
Neil Armstrong
cb87403560 Use 1024 bits RSA key size for RSA PK Opaque tests
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-04-08 15:14:40 +02:00
Andrzej Kurek
5735369f4a Remove the dependency on MBEDTLS_HAVE_TIME from MBEDTLS_TIMING_C
The timing module might include time.h on its own when on 
a suitable platform, even if MBEDTLS_HAVE_TIME is disabled. 


Co-authored-by: Tom Cosgrove <tom.cosgrove@arm.com>
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-04-08 04:41:42 -04:00
Gilles Peskine
a91b68564c
Merge pull request #5429 from yuhaoth/pr/fix-parallel-build-fail-of-cmake_out_source
fix parallel build fail of cmake out source
2022-04-07 16:21:43 +02:00
Gilles Peskine
8e5e8d73db
Merge pull request #5686 from AndrzejKurek/off-by-one-ssl-opt
Fix an off-by-one error in ssl-opt.sh
2022-04-07 16:20:55 +02:00
Neil Armstrong
67fc036976 Add support for RSA wrap in pk_psa_sign() test
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-04-07 14:51:47 +02:00
Neil Armstrong
5b87ebb601 Prepare pk_psa_sign() test to accept RSA parameters
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-04-07 14:51:47 +02:00
Neil Armstrong
0cd78ddd71 Update test for Opaque PK key
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-04-07 14:51:47 +02:00
Manuel Pégourié-Gonnard
1b05aff3ad
Merge pull request #5624 from superna9999/5312-tls-server-ecdh
TLS ECDH 3b: server-side static ECDH (1.2)
2022-04-07 11:46:25 +02:00
Ronald Cron
cccbe0eb88
Merge pull request #5516 from tom-daubney-arm/M-AEAD_dispatch_tests
M-AEAD driver dispatch tests
2022-04-05 16:35:37 +02:00
Gilles Peskine
ebfee6e315 check-generated-files.sh -u: don't update file timestamps
When running check-generated-files in update mode, all generated files were
regenerated. As a consequence,
```
tests/scripts/check-generated-files.sh -u && make
```
always caused most of the code to be rebuilt. Now, if a file hasn't changed,
preserve its original modification time (and other metadata), so the command
above doesn't rebuild anything that has actually not changed.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-05 15:29:38 +02:00
Gilles Peskine
b24ed5261e Use a plausible input size with asymmetric verification
Otherwise the error status can be PSA_ERROR_INVALID_SIGNATURE instead of the
expected PSA_ERROR_NOT_SUPPORTED in some configurations. For example, the
RSA verification code currently checks the signature size first whenever
PSA_KEY_TYPE_RSA_PUBLIC_KEY is enabled, and only gets into
algorithm-specific code if this passes, so it returns INVALID_SIGNATURE even
if the specific algorithm is not supported.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-05 15:03:39 +02:00
Gilles Peskine
e6300959df Test attempts to use a public key for a private-key operation
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-05 15:02:44 +02:00
Gilles Peskine
a401386f82 A key agreement algorithm can contain a key derivation
PSA_ALG_KEY_AGREEMENT(..., kdf) is a valid key derivation algorithm
when kdf is one.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-05 14:57:10 +02:00
Gilles Peskine
d79e3b92fa In NOT_SUPPORTED test case descriptions, show what is not supported
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-05 14:56:58 +02:00
Gilles Peskine
ae3a1008b7 Add a few manual test cases
They're redundant with the automatically generated test cases, but it's
useful to have them when debugging issues with the test code.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-05 14:56:52 +02:00
Gilles Peskine
1c7c5969ea
Merge pull request #5683 from paul-elliott-arm/fix_pk_test
Prevent free of uninitialised MPI  variables
2022-04-04 17:51:49 +02:00
Gilles Peskine
c82f62e3a5
Merge pull request #4907 from gilles-peskine-arm/config-baremetal-size-3.0
Disable debugging features in the primary code size measurement job
2022-04-04 16:12:58 +02:00
Thomas Daubney
f38c8c6459 Adds test data for insufficient memory case
This commit adds tests data for the encrypt setup function
to cover the case where there is insufficent memory when
trying to undertake the operation.

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
2022-04-04 14:21:18 +01:00
Thomas Daubney
30583c3e92 Adds test data for fallback test
Commit adds test data needed to test the case where driver
does not support selected algorithm but the library does.

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
2022-04-04 14:21:18 +01:00
Thomas Daubney
5e896d914a Adds test data for encrypt setup test case
This commit adds a positive test case for the
encrypt setup function test.

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
2022-04-04 14:21:18 +01:00
Thomas Daubney
d610191ad6 Adds driver dispatch test for M-AEAD encryption setup
This commit adds a test called aead_encrypt_setup()
which tests that the relevant drivers get called the correct
amount of times when running the multipart AEAD encrypt
setup API.

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
2022-04-04 14:21:10 +01:00
Manuel Pégourié-Gonnard
de68e39ddf
Merge pull request #5568 from superna9999/5159-pk-rsa-verification
PK: RSA verification
2022-04-04 11:23:33 +02:00
Andrzej Kurek
8db7c0e9ac Fix an off-by-one error in ssl-opt.sh
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-04-01 08:55:40 -04:00
Ronald Cron
0e980e8e84
Merge pull request #5640 from ronald-cron-arm/version-negotiation-2
TLS 1.2/1.3 version negotiation - 2
2022-04-01 12:29:06 +02:00
Manuel Pégourié-Gonnard
33a9d61885
Merge pull request #5638 from paul-elliott-arm/ssl_cid_accessors
Accessors to own CID within mbedtls_ssl_context
2022-04-01 11:36:00 +02:00
Manuel Pégourié-Gonnard
6a25159c69
Merge pull request #5648 from gabor-mezei-arm/5403_hkdf_use_internal_psa_implementations
HKDF 2: use internal implementations in TLS 1.3
2022-04-01 11:15:29 +02:00
Paul Elliott
02758a51df Add tls CID tests
Add tests to test tls coneection id functionality, including the new
'own cid' accessor.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2022-03-31 19:21:41 +01:00
Ronald Cron
cbd7bfd30e ssl-opt.sh: Force TLS 1.2 on server for TLS 1.2 specific tests
Force TLS 1.2 on OpenSSL/GnuTLS server
for TLS 1.2 specific tests.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-31 18:25:27 +02:00
Ronald Cron
634d865d80 ssl-opt.sh: Fix "no TLS 1.3 server support" test check
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-31 18:25:27 +02:00
Paul Elliott
ff59a34606 Prevent free of uninitialised variables
In an error case it was possible for mbedtls_mpi variables to be free'd
uninitialised.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2022-03-31 17:14:13 +01:00