Commit graph

418 commits

Author SHA1 Message Date
Gilles Peskine
532327b429
Merge pull request #4576 from gilles-peskine-arm/psa_key_derivation-bad_workflow-20210527
PSA key derivation bad-workflow tests
2021-06-17 09:55:39 +02:00
Gilles Peskine
af5bd67f6e Fix copypasta in test data
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-06-14 18:05:37 +02:00
Gilles Peskine
c7319cda78 Use UNUSED wherever applicable in derive_input tests
Exhaustivity check:
```
<tests/suites/test_suite_psa_crypto.data awk -F: '$1=="derive_input" { for (step=1; step<=3; step++) { if ($(4*step-1) == "0") { if ($(4*step) != "UNUSED" || $(4*step+1) != "\"\"" || $(4*step+2) != "UNUSED") print NR, step, $(4*step), $(4*step+1), $(4*step+2) } } }'
```

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-06-14 18:01:42 +02:00
Gilles Peskine
93038fab2c Key derivation: add test cases where the secret is missing
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-06-11 22:38:22 +02:00
Ronald Cron
142c205ffc
Merge pull request #4513 from Patater/psa-without-genprime-fix
psa: Support RSA signature without MBEDTLS_GENPRIME
2021-05-27 14:19:24 +02:00
Gilles Peskine
4023c0153d Add bad-workflow key derivation tests
Add HKDF tests where the sequence of inputs differs from the nominal
case: missing step, duplicate step, step out of order, or invalid step.

There were already similar tests for TLS 1.2 PRF. Add one with a key
agreement which has slightly different code.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-05-27 13:33:22 +02:00
Gilles Peskine
1c77edda15 More explicit names for some bad-workflow key derivation tests
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-05-27 11:55:02 +02:00
Jaeden Amero
ff143c0a34 psa: Add missing RSA test dependency
The test "PSA generate key: RSA, 1024 bits, good, encrypt (OAEP
SHA-256)" had a dependency on MBEDTLS_GENPRIME, but this was not listed
in the dependencies. Add MBEDTLS_GENPRIME to the test's dependencies to
ensure it has what it needs to run.

Signed-off-by: Jaeden Amero <jaeden.amero@arm.com>
2021-05-20 17:08:59 +01:00
gabor-mezei-arm
4bc0edb919
Typo
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-05-13 11:19:01 +02:00
gabor-mezei-arm
6e2a8daef4
Add new tests for psa_sign/verify_message
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-05-13 11:19:00 +02:00
gabor-mezei-arm
d785a79477
Fix test
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-05-13 11:19:00 +02:00
gabor-mezei-arm
e088985496
Fix test names
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-05-13 11:19:00 +02:00
gabor-mezei-arm
ce8804fd6e
Update tests dependencies
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-05-13 11:19:00 +02:00
gabor-mezei-arm
4c6a47a833
Add test for sign/verify message key policies
Update the mbedtls_test_psa_exercise_key to handle and use
PSA_KEY_USAGE_SIGN_MESSAGE and PSA_KEY_USAGE_VERIFY_MESSAGE key policies.
Add new tests for PSA_KEY_USAGE_SIGN_MESSAGE and PSA_KEY_USAGE_VERIFY_MESSAGE
policies.

Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-05-13 11:18:58 +02:00
gabor-mezei-arm
5302848ba5
Add tests for psa_sign_message and psa_verify_message
The reference output data was created with cryptodome for RSA algorithms and
python-ecdsa for ECDSA algorithms.

Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-05-13 11:18:57 +02:00
gabor-mezei-arm
b95302358f
Rename test funtions and test cases
Modify function and test case names that testing psa_sign_hash and
psa_verify_hash funtions to be less confusing with the newly introduced
function and test case names which tests psa_sign_message and
psa_verify_message functions.

Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-05-13 11:18:51 +02:00
Steven Cooreman
0c23965977 Add sanity tests for CMAC-(3)DES through PSA Crypto
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-05-10 11:29:13 +02:00
Gilles Peskine
09c916afba
Merge pull request #4257 from ronald-cron-arm/psa-aead
Add PSA crypto driver delegation for AEAD single shot PSA APIs - 1
2021-04-14 14:07:51 +02:00
Steven Cooreman
ea7ab13991 Do validation on the algorithm argument in AEAD
Corresponds better to the validation done in other modules of PSA Crypto.

Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-04-07 16:03:31 +02:00
Ronald Cron
a0bc2cd4f1 tests: psa: Fix copy fail test argument
Fix copy fail test argument for only one of them
to be invalid.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-04-02 08:56:20 +02:00
Ronald Cron
88a55464f5 tests: psa: Add negative tests for psa_copy_key()
Add negative tests checking that psa_copy_key()
returns PSA_ERROR_INVALID_ARGUMENT when passed in
an invalid key identifier or key lifetime for the
target key.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-04-01 14:05:41 +02:00
Ronald Cron
9f97c6ecdf Update PSA crypto test dependencies
Given the PSA_WANT_* config options added lately,
update set_psa_test_dependencies.py and run it
on test_suite_psa_crypto*.data files but the SE
and generated ones.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-03-24 09:26:44 +01:00
David Brown
110ea816ca psa: Fix name of BRAINPOOL configs
These should be WANT_ECC_BRAINPOOL_P_... not WANT_ECC_BP_...  Change to
match.

Signed-off-by: David Brown <david.brown@linaro.org>
2021-03-15 15:30:28 -06:00
David Brown
85537fa141 psa: ecdsa: Resolve incorrect merge resolution
The commit
    commit dcdde59c6f
    Author: David Brown <david.brown@linaro.org>
    Date:   Tue Feb 23 15:48:13 2021 -0700

        tests: psa: Change Elliptic curve defines to PSA names

when rebased on

    commit bb9cbc7a23
    Author: Ronald Cron <ronald.cron@arm.com>
    Date:   Thu Mar 4 17:09:00 2021 +0100

        psa: ecdsa: Prefer NOT_SUPPORTED error code

had an incorrect merge conflict resolution.  Correct this, allowing the
test "PSA sign: invalid algorithm for ECC key" to pass again.

Signed-off-by: David Brown <david.brown@linaro.org>
2021-03-12 12:21:45 -07:00
David Brown
dcdde59c6f tests: psa: Change Elliptic curve defines to PSA names
Now that PSA crypto config supports the new PSA_WANT_ECC_xxx defines,
change the psa-specific test suites to use these new names.

Signed-off-by: David Brown <david.brown@linaro.org>
2021-03-10 13:19:45 -07:00
Manuel Pégourié-Gonnard
17605f072b
Merge pull request #4151 from ronald-cron-arm/psa-sign_verify-hash
PSA sign and verify hash rework
2021-03-10 10:08:50 +01:00
Ronald Cron
bb9cbc7a23 psa: ecdsa: Prefer NOT_SUPPORTED error code
When ECDSA is not supported by the library, prefer
to return NOT_SUPPORTED than INVALID_ARGUMENT when
asked for an ECDSA signature.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-03-04 17:43:31 +01:00
Ronald Cron
9103d490e8 psa: ecdsa: Rework deterministic support check
Move the check that ECDSA is supported from the
caller of the function responsible for Mbed TLS
ECDSA signatures to this function, namely
mbedtls_psa_ecdsa_sign_hash().

This makes the caller code more readable and is
more aligned with what is expected from a
sign_hash() PSA driver entry point.

Add a negative test case where a deterministic
ECDSA signature is requested while the library
does not support deterministic ECDSA.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-03-04 13:32:27 +01:00
Steven Cooreman
f9f7fdfe49 Rework MAC algorithm / key type validation
Reworked the validation of MAC algorithm with the used key type by
introducing psa_mac_key_can_do, which guarantees that PSA_MAC_LENGTH can
be called successfully after validation of the algorithm and key type.

This means psa_get_mac_output_length is no longer required.

Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-03-03 19:58:02 +01:00
Steven Cooreman
5ad4bf75e3 Move MAC default length checking into psa_key_policy_permits
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-03-02 21:36:33 +01:00
Steven Cooreman
328f11c50e Language & readability touchups
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-03-02 11:44:51 +01:00
Steven Cooreman
7e39f05929 Using a wildcard as a specific algorithm now reports invalid argument
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-03-01 16:03:40 +01:00
Steven Cooreman
ae3f13bf5e Add more test cases and fix AT_LEAST_THIS_LENGTH against base algorithm
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-03-01 16:03:40 +01:00
Steven Cooreman
2c2efa488b Fix dependency-setting script and test dependencies for new tests
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-03-01 16:03:39 +01:00
Steven Cooreman
5d81481a1c Rename AEAD WITH_MINIMUM_LENGTH to AT_LEAST_THIS_LENGTH
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>

# Conflicts:
#	include/psa/crypto_values.h
#	tests/suites/test_suite_psa_crypto.data
2021-03-01 16:00:31 +01:00
Steven Cooreman
caad49316b rename MAC_WITH_MINIMUM_LENGTH_TAG to AT_LEAST_THIS_LENGTH_MAC
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-03-01 16:00:31 +01:00
Steven Cooreman
b3ce8156ce Add support for minimum-tag-length AEAD and MAC policies
Includes tests.

Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>

# Conflicts:
#	include/psa/crypto_values.h
#	tests/suites/test_suite_psa_crypto.function
2021-03-01 16:00:31 +01:00
Gilles Peskine
069346cdab New test suite for not-supported cases: key creation (import, generate)
To start with, test that key creation fails as intended when the key
type is not supported. This commit only covers psa_import_key and
psa_generate_key. A follow-up will cover psa_key_derivation_output_key.

My primary intent in creating this new test suite is to automatically
generate test cases by enumerating the key types and algorithms that
the library supports. But this commit only adds a few manually written
test cases, to get the ball rolling.

Move the relevant test cases of test_suite_psa_crypto.data that only
depend on generic knowledge about the API. Keep test cases that depend
more closely on the implementation, such as tests of non-supported key
sizes, in test_suite_psa_crypto.data.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-02-17 14:50:17 +01:00
Ronald Cron
d00f5e188a tests: psa: Remove generate key test case restriction
Now that the support for key generation in the transparent
test driver is at the same level as the support in the
Mbed TLS library, remove the restriction on the generate
key test case that was introduced by the work on key
import and export through the PSA driver interface.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-02-16 09:07:46 +01:00
Ronald Cron
5cd00d28bf
Merge pull request #4092 from ronald-cron-arm/psa-crypto-client
Psa crypto client
2021-02-15 10:46:35 +01:00
Bence Szépkúti
a63b20d28b Rename AEAD tag length macros
This brings them in line with PSA Crypto API 1.0.0

PSA_ALG_AEAD_WITH_DEFAULT_TAG_LENGTH -> PSA_ALG_AEAD_WITH_DEFAULT_LENGTH_TAG
PSA_ALG_AEAD_WITH_TAG_LENGTH         -> PSA_ALG_AEAD_WITH_SHORTENED_TAG

Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2021-02-11 11:39:31 +01:00
Steven Cooreman
7c9e7da8d4 Add CAVS14.0 AES-GCM vectors to test more IV, tag and key lengths
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-02-10 15:34:52 +01:00
Gilles Peskine
2fa6b5f503 ECC import: more useful choice of INVALID_ARGUMENT vs NOT_SUPPORTED
Attempting to create an ECC key with a curve specification that is not
valid can plausibly fail with PSA_ERROR_INVALID_ARGUMENT ("this is not
a curve specification at all") or PSA_ERROR_NOT_SUPPORTED ("this may
be a curve specification, but not one I support"). The choice of error
is somewhat subjective.

Before this commit, due to happenstance in the implementation, an
attempt to use a curve that is declared in the PSA API but not
implemented in Mbed TLS returned PSA_ERROR_INVALID_ARGUMENT, whereas
an attempt to use a curve that Mbed TLS supports but for which support
was disabled at compile-time returned PSA_ERROR_NOT_SUPPORTED. This
inconsistency made it difficult to write negative tests that could
work whether the curve is implemented via Mbed TLS code or via a
driver.

After this commit, any attempt to use parameters that are not
recognized fails with NOT_SUPPORTED, whether a curve with the
specified size might plausibly exist or not, because "might plausibly
exist" is not something Mbed TLS can determine.

To keep returning INVALID_ARGUMENT when importing an ECC key with an
explicit "bits" attribute that is inconsistent with the size of the
key material, this commit changes the way mbedtls_ecc_group_of_psa()
works: it now works on a size in bits rather than bytes, with an extra
flag indicating whether the bit-size must be exact or not.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-02-08 18:43:26 +01:00
Steven Cooreman
10ec7804c5 Remove HAVE_RAM_AVAILABLE for derive_full and derive_output tests
Both tests do not require a lot of RAM, even though it may seem
like it at first sight. The derivation output is generated blockwise
from the KDF function, which only keeps state amounting to a couple
of blocks of the underlying hash primitive at a time.
There is never an allocation to keep the full derivation capacity in
memory...

Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-02-03 15:21:04 +01:00
Steven Cooreman
83fdb70550 Convert 'large key' testing to accept insufficient memory errors
Since the tested service may run in a different context with a different heap.

Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-02-03 15:21:01 +01:00
Steven Cooreman
69967ce17e Get rid of half-baked HAVE_RAM_128K in favor of dynamic heap checking
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-02-03 15:19:20 +01:00
Ronald Cron
1e87d5ba1d tests: psa: Fix export related tests
Fix some export related tests that were
relying on the fact that the size of the
output buffer was checked after other
parameters.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-02-02 11:49:08 +01:00
Ronald Cron
80eaa93b59 tests: psa: Reactivate and expand key management through test driver
The compilation guards in key_management.c are now
accelerator compilation guards (MBEDTLS_PSA_ACCEL_KEY_TYPE_xyz).

As a consequence when running the PSA driver wrapper
tests as part of test_psa_crypto_config_basic
and test_psa_crypto_drivers all.sh components all
key management cryptographic operations were handled by
the software builtin fallback, and not by the test driver
as intended in the first place.

This commits fixes this issue by:
. declaring an accelerator for ECC key pairs in
  test_psa_crypto_config_basic.
. declaring an accelerator for both ECC and RSA
  key pairs in test_psa_crypto_drivers.

It is possible to declare an accelerator for both
ECC and RSA key pairs in test_psa_crypto_drivers
and not in test_psa_crypto_config_basic because
in the case of test_psa_crypto_drivers the new
PSA configuration is not activated. That way,
the builtin fallback software implementation
is present to supply the transparent test driver
when some support is missing in it (mainly
RSA key generation).

Note that the declaration of accelerators does
much more than just "fixing" the execution flow of
driver wrapper tests, it makes all import and public
key export cryptographic operations in all unit
tests being handled by the transparent test driver
(provided that it supports the key type).

One test case related to key generation is
partially disabled. This will be fixed with the
rework of psa_generate_key along the lines
described in psa-crypto-implementation-structure.md.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-02-02 11:38:50 +01:00
Gilles Peskine
b51d72f82e Run copy_fail even when the target policy is unsupported
The negative test cases for psa_copy_key() don't actually care whether
the target policy is supported. This is similar to _key_policy tests.
Add a similar rule.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-02-01 13:22:38 +01:00
Gilles Peskine
0794572f96 More precise recognition of key policy negative tests
The test function asymmetric_signature_key_policy combines positive
and negative tests inside the code, so it doesn't take a status as its
last argument.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-02-01 13:22:38 +01:00