Commit graph

678 commits

Author SHA1 Message Date
Przemyslaw Stekiel
50fcc535e5 Add Weierstrass curve/bits consistancy check + negative test vectors
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2022-02-22 13:35:26 +01:00
Przemyslaw Stekiel
02cf12ff92 Enable tests for Montgomery curves
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2022-02-22 13:35:26 +01:00
Przemyslaw Stekiel
8590f3b5ff Enable related test vectors
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2022-02-22 13:35:26 +01:00
Przemyslaw Stekiel
696b120650 Add tests for ECC key derivation
Test code and test vectors are taken from PR #5218

Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2022-02-22 13:35:26 +01:00
Neil Armstrong
66a479f8fb Add Cipher Decrypt Fail multi-part case
Make `PSA symetric decrypt: CCM*-no-tag, input too short (15 bytes)`
depend on MBEDTLS_CCM_C otherwise the multi-part test fails on
the missing CCM* instead on the input length validity for CCM*.

Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-02-22 10:56:18 +01:00
Gilles Peskine
c6753a6c90
Merge pull request #5363 from AndrzejKurek/clarify-testing-set-nonce-set-lengths
PSA AEAD: extend testing of set_nonce + set_lengths
2022-01-25 17:02:26 +01:00
Andrzej Kurek
f881601c91 Detect invalid tag lengths in psa_aead_setup
Read tag lengths from the driver and validate against preset values.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-01-20 07:40:12 -05:00
Andrzej Kurek
a2ce72e5bf Test calling psa_aead_set_lengths and set_nonce in various order
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-01-19 12:36:50 -05:00
Manuel Pégourié-Gonnard
a15503fcdd
Merge pull request #5344 from AndrzejKurek/psa-aead-more-generate-nonce-combinations
PSA AEAD: test more combinations of generate_nonce and set_lengths
2022-01-17 13:12:04 +01:00
Bence Szépkúti
08f34656cb Return the same error in multipart and single shot AEAD
psa_aead_encrypt_setup() and psa_aead_decrypt_setup() were returning
PSA_ERROR_INVALID_ARGUMENT, while the same failed checks were producing
PSA_ERROR_NOT_SUPPORTED if they happened in psa_aead_encrypt() or
psa_aead_decrypt().

The PSA Crypto API 1.1 spec will specify PSA_ERROR_INVALID_ARGUMENT
in the case that the supplied algorithm is not an AEAD one.

Also move these shared checks to a helper function, to reduce code
duplication and ensure that the functions remain in sync.

Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2022-01-07 19:36:07 +01:00
Andrzej Kurek
ad83752811 PSA AEAD: test more combinations of generate_nonce and set_lengths
Extend PSA AEAD testing by adding CCM and ChaChaPoly.
Add more combinations of functions to test the API.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2021-12-15 15:30:29 +01:00
Gilles Peskine
d5b2a59826
Merge pull request #5047 from paul-elliott-arm/psa-m-aead-ccm
PSA Multipart AEAD CCM Internal implementation and tests.
2021-12-09 14:49:42 +01:00
Paul Elliott
37ec16b579 Add explanation for workaround in test code
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-12-09 09:44:11 +00:00
Paul Elliott
3938fef25c Indicate set nonce negative test failure reasons
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-12-08 20:09:09 +00:00
Ronald Cron
c9586dbbcf tests: psa: Add dependencies on built-in hash
Add dependencies on built-in hash of signature/
signature verification and asymmetric
encryption/decryption tests. The dependency is
not added for tests based on SHA-256 as SHA-256
is always present when PSA is involved (necessary
to the PSA core) and that way most of PSA signature
/verification tests are still run when PSA hash
operations are accelerated.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-12-06 07:50:27 +01:00
Ronald Cron
ae4a690926 tests: psa: Fix MD5 support not available dependencies
MD5 should not be supported by the library and any driver.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-12-03 18:55:33 +01:00
Bence Szépkúti
6d48e20d4b Indicate nonce sizes invalid for ChaCha20-Poly1305
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2021-11-17 18:06:11 +01:00
Bence Szépkúti
357b78e42c Indicate if we know that a nonce length is invalid
This restores the behaviour found in the previously released versions
and development_2.x.

Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2021-11-17 18:06:04 +01:00
Dave Rodgman
3f86a90261 Update test to handle changed error code
Update test to handle changed error code from psa_key_derivation_output_key

Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2021-11-16 16:05:06 +00:00
Manuel Pégourié-Gonnard
087f04783d
Merge pull request #5076 from mstarzyk-mobica/psa_ccm_no_tag
PSA CCM*-no-tag
2021-11-10 10:18:55 +01:00
Andrzej Kurek
386f5820aa Add a missing psa_crypto test suite test name
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2021-11-02 16:51:24 +01:00
Manuel Pégourié-Gonnard
4313d3ac87
Merge pull request #5010 from gilles-peskine-arm/psa-rsa-pss_any_salt
PSA: fix salt length for PSS verification
2021-10-29 16:36:36 +02:00
Manuel Pégourié-Gonnard
c8cc1ffe97
Merge pull request #5062 from mprse/issue_4056
Use PSA_HASH_LENGTH instead hardcoded integer values
2021-10-26 10:35:38 +02:00
Gilles Peskine
4fa0725936
Merge pull request #5002 from mstarzyk-mobica/psa_output_buffer_limitation
Remove output buffer limitation for PSA with GCM.
2021-10-25 19:37:33 +02:00
Mateusz Starzyk
ed71e92730 Add tests for CCM*-no-tag.
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
2021-10-21 11:33:41 +02:00
Przemyslaw Stekiel
77804132ba Use PSA_HASH_LENGTH instead hardcoded integer values 2021-10-11 16:38:17 +02:00
Przemyslaw Stekiel
d9d630cdf3 Addapt psa_generate_key() tests
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2021-10-08 12:26:21 +02:00
Paul Elliott
76bda48f8c Add Multipart AEAD CCM Finish buffer tests
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-10-07 18:06:03 +01:00
Paul Elliott
47b9a14dc6 Add Multipart AEAD CCM update buffer tests
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-10-07 18:06:03 +01:00
Paul Elliott
d79c5c5105 Add Multipart AEAD CCM generate nonce tests
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-10-07 18:06:03 +01:00
Paul Elliott
e4c08ed257 Add Multipart AEAD CCM set nonce tests
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-10-07 18:06:03 +01:00
Paul Elliott
15116bf711 Add Multipart AEAD CCM setup tests
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-10-07 18:06:03 +01:00
Paul Elliott
fec6f37669 Add Multipart AEAD CCM verify tests
Known failures, concentrating on verify (bad signature etc.)

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-10-07 18:06:03 +01:00
Paul Elliott
2cc1ee31ca Add Multipart AEAD CCM encrypt / decrypt tests
Encrypt / Decrypt with expected result.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-10-07 18:06:03 +01:00
Gilles Peskine
b9b817e977 Fix PSA_ALG_RSA_PSS verification accepting an arbitrary salt length
PSA_ALG_RSA_PSS algorithm now accepts only the same salt length for
verification that it produces when signing, as documented.

Fixes #4946.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-10-05 14:26:25 +02:00
Gilles Peskine
25794d8946 Test PSS verification with different salt lengths
Test the following combinations:
* 1024-bit key, SHA-256, salt=0
* 1024-bit key, SHA-256, salt=31 (1 byte shorter than standard)
* 1024-bit key, SHA-256, salt=32 (standard length)
* 1024-bit key, SHA-256, salt=94 (maximum possible length)
* 1024-bit key, SHA-512, salt=61 (1 byte shorter than standard)
* 1024-bit key, SHA-512, salt=62 (standard = maximum possible length)
* 528-bit key, SHA-512, salt=0 (only possible length)

Test psa_verify_hash() for both PSA_ALG_RSA_PSS and PSA_ALG_RSA_PSS_ANY_SALT
with all of these combinations. For psa_verify_message(), just test once
with the standard length and once with a different length.

Note that as of this commit, both PSA_ALG_RSA_PSS and
PSA_ALG_RSA_PSS_ANY_SALT accept any salt length during verification, hence
all the new test cases are positive.

The verify test cases were generated using the Python script below.

```
from Cryptodome import Hash
from Cryptodome.Hash import SHA512
from Cryptodome import PublicKey
from Cryptodome.PublicKey import RSA
from Cryptodome.Signature import pss

key = {
    528: RSA.import_key(bytes.fromhex("30820145020100024300e31c246d46485984261fd174cab3d4357344602ecd793c47dbe54252d37bb350bc634359b19515542080e4724a4b672291be57c7648f51629eaef234e847d99cc65f0203010001024300b166322e09504a5c274b83592f5cf8ce2793a96de5a265abdbe060c641dbc65db0d11c782fe133a7e60aea686d21058d928cad3ef58924c4bb26b9206a03001d0241022200f85d72e463b406ffa282c34b5f0c2d6c2aacf210246af53d5bc7a0b7fa036e1cdb022200ea176c3d9a7fb355fb9fb7707e679b4acfb7bcb645b907e27cdf1764bc340971cd02212e13380342b3dd3083777abf7acc8988ad8a1406069b890f6efd63c57dae31394d022200c3602d3cf537e3cbbda93e072bd8f92965586aae8e5eb20ffc3c8e5fcb1c7b4d7902220098a04f18e48c689ad2f5b9bd404333def54cb2506cd0075c967a2968261e8b8f10")),
    1024: RSA.import_key(bytes.fromhex("3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24")),
}
hash_module = {
    256: Hash.SHA256,
    512: Hash.SHA512,
}

def print_test_case(remark, pub, kbits, hbits, input, output):
    key_hex = pub.hex()
    input_hex = input.hex()
    output_hex = output.hex()
    print(f"""\
PSA verify hash: RSA-{kbits} PSS SHA-{hbits}, {remark}
depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_{hbits}:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C
verify_hash:PSA_KEY_TYPE_RSA_PUBLIC_KEY:"{key_hex}":PSA_ALG_RSA_PSS(PSA_ALG_SHA_{hbits}):"{input_hex}":"{output_hex}"

PSA verify hash: RSA-{kbits} PSS-any-salt SHA-{hbits}, {remark}
depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_{hbits}:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C
verify_hash:PSA_KEY_TYPE_RSA_PUBLIC_KEY:"{key_hex}":PSA_ALG_RSA_PSS_ANY_SALT(PSA_ALG_SHA_{hbits}):"{input_hex}":"{output_hex}"
""")

def rand(n):
    return bytes(x & 0xff for x in range(n))

def test_case(kbits, hbits, slen):
    priv = key[kbits]
    pub_spki = priv.publickey().export_key('DER')
    pub_raw = PublicKey._expand_subject_public_key_info(pub_spki)[1]
    hash_op = hash_module[hbits].new(b'abc')
    digest = hash_op.copy().digest()
    output = pss.new(priv, salt_bytes=slen, rand_func=rand).sign(hash_op)
    print_test_case(f"slen={slen}", pub_raw, kbits, hbits, digest, output)

test_case(1024, 256, 0)
test_case(1024, 256, 31)
test_case(1024, 256, 32)
test_case(1024, 256, 94)
test_case(1024, 512, 61)
test_case(1024, 512, 62)
test_case(528, 512, 0)
```

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-10-05 14:26:25 +02:00
Gilles Peskine
033b178dce Test that a PSS policy doesn't allow PSS_ANY_SALT and vice versa
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-10-05 14:26:25 +02:00
Gilles Peskine
f5322b3223 Shorten some test descriptions
Ensure the unique part fits in the 66 columns that the test runner displays.
Leave room for an additional distinguisher on signature key policy negative
test cases.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-10-05 14:26:25 +02:00
Gilles Peskine
454f31c9b9 Add test cases for PSA_ALG_RSA_PSS_ANY_SALT
The test cases strictly replicate a subset of the test cases for
PSA_ALG_RSA_PSS. The subset validates that PSA_ALG_RSA_PSS_ANY_SALT is
recognized wherever PSA_ALG_RSA_PSS is.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-10-05 14:26:25 +02:00
Mateusz Starzyk
f28261fc14 Remove output buffer limitation for PSA with GCM.
The requirement of minimum 15 bytes for output buffer in
psa_aead_finish() and psa_aead_verify() does not apply
to the built-in implementation of the GCM.

Alternative implementations are expected to verify the
length of the provided output buffers and to return
the MBEDTLS_ERR_GCM_BUFFER_TOO_SMALL in case the
buffer length is too small.

Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
2021-10-04 13:54:54 +02:00
Paul Elliott
8739f0fb8d Fix incorrect nonce length on oneshot test
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-09-29 16:17:54 +01:00
Gilles Peskine
cc12395c7b Test invalid nonce length for multipart AEAD with short tag
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-09-29 14:40:16 +01:00
Gilles Peskine
96b332ccac Test invalid nonce length for one-shot AEAD decryption
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-09-29 14:40:16 +01:00
Gilles Peskine
4ef7bd8595 Simplify PSA_ALG_AEAD_WITH_SHORTENED_TAG with full-length tag
Only use PSA_ALG_AEAD_WITH_SHORTENED_TAG with the default tag length when
it's part of a series or when the tag length is a critical part of the test.
Don't use it when the tag length is secondary, to make the test data easier
to read.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-09-29 14:40:16 +01:00
Paul Elliott
745f5f2724 Add test for PolyChaCha with shortened tag
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-09-27 18:24:11 +01:00
Paul Elliott
32f46ba16a Remove ability to turn off chunked ad/data tests
This is no longer required, as both PolyChaCha and GCM now support
both chunked body data and additional data.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-09-24 11:20:10 +01:00
Paul Elliott
71b0567c87 Merge remote-tracking branch 'upstream/development' into psa-m-aead-merge
Also fiixed the following merge problems:

crypto_struct.h   : Added MBEDTLS_PRIVATE to psa_aead_operation_s
                    members (merge conflict)
psa_crypto_aead.c : Added ciphertext_length to mbedtls_gcm_finish
                    call (change of API during development)

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-09-24 11:18:13 +01:00
Paul Elliott
2c363a802a Add NULL / 0 buffer tests for update test
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-09-22 22:34:17 +01:00
Paul Elliott
3ecdb3e308 Change test dependencys to PSA_WANT
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-09-22 22:34:17 +01:00
Paul Elliott
5221ef638a Add aead setup tests
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-09-19 18:43:17 +01:00
Paul Elliott
1c67e0b38c Add extra verify edge test cases
Add ability to pass NULL tag buffer (with length zero)

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-09-19 18:43:17 +01:00
Paul Elliott
9961a668bd Remove negative tests from multipart_decrypt
Multipart decrypt now always expects positive result (i.e. the plaintext
that is passed in). Added new test that expects fail, and does no
multipart versions and concentrates on aead_verify.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-09-19 18:43:17 +01:00
Paul Elliott
ce2c1faf1a Remove uneccesary postive buffer size tests
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-09-19 18:43:17 +01:00
Paul Elliott
6a60b12ef9 Make buffer size checks +-1 from correct size
i.e Check correct buffer size +1 and correct buffer size -1 (where
applicable) to check too big and too small cases, and hopefully catch
edge cases.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-09-19 18:43:17 +01:00
Paul Elliott
a3d153f928 Make nonce based test descriptions more clear
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-09-19 18:43:16 +01:00
Paul Elliott
719c1324a1 Add tag buffer size tests to finish buffer tests
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-09-19 18:43:16 +01:00
Paul Elliott
4023ffd275 Re-add option of NULL buffer for nonce tests
NULL/zero length or valid buffer/zero length both now tested

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-09-19 18:43:16 +01:00
Archana
9a2b6ff8f2
Fix test vector dependency
Fix opaque key test vector dependency to PSA_CRYPTO_DRIVER_TEST
instead of MBEDTLS_PSA_CRYPTO_DRIVERS while validating with
test drivers.

Signed-off-by: Archana <archana.madhavan@silabs.com>
2021-09-09 12:32:16 +05:30
Archana
a316b7e42b
Rebase and update signature for curve448 tests
Also include the opaque test cases for curve448 vectors.

Signed-off-by: Archana <archana.madhavan@silabs.com>
2021-09-09 10:11:02 +05:30
Archana
74d99c6bfc
Add a test to validate copy to read only lifetime
Signed-off-by: Archana <archana.madhavan@silabs.com>
2021-09-09 10:11:02 +05:30
Archana
8a180368fb
Add opaque test driver support for copy key
A minimal test driver extension is added to support
copy of opaque keys within the same location.
Test vector support is extended to cover opaque keys.

Signed-off-by: Archana <archana.madhavan@silabs.com>
2021-09-08 22:04:07 +05:30
Archana
4d7ae1d8cf
Add test driver support for opaque key import
-Add test driver support to import/export while wrapping keys
 meant to be stored in the PSA core as opaque( emulating an
 SE without storage ).
-Export validate_unstructured_key_bit_size as
 psa_validate_unstructured_key_bit_size, thereby changing its scope.
-Improve the import/export test cases in test_suite_psa_crypto to also
 cover opaque keys, thereby avoiding duplication.

Signed-off-by: Archana <archana.madhavan@silabs.com>
2021-09-08 22:03:54 +05:30
Paul Elliott
5e69aa5709 Remove NULL check for set nonce
Also remove tests which would pass NULL to this function.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-08-25 17:40:40 +01:00
Mateusz Starzyk
d07f4fc30f Use separate expected results for MAC sign and verify key policy.
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
2021-08-24 14:16:55 +02:00
Paul Elliott
66696b5591 Improve nonce length checks
Add the missing nonce length checks (this function is being used by
oneshot functions as well as multipart, and thus all cipher suites are
being used) and cover the case where a NULL buffer gets passed in.
Extended the set nonce test to cover this.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-08-16 18:44:50 +01:00
Gilles Peskine
69813477b0
Merge pull request #4758 from paul-elliott-arm/fix_cipher_output_size
Fix divide by zero if macro used with wrong key type
2021-07-30 18:56:18 +02:00
Paul Elliott
91b021e4c7 Add finish buffer size test
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-07-23 18:53:54 +01:00
Paul Elliott
43fbda648d Add test for update buffer size
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-07-23 18:53:53 +01:00
Paul Elliott
56e4aa6ae2 Restore accidentally deleted blank lines
Script to generate test data was missing a '\n'

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-07-23 18:53:53 +01:00
Paul Elliott
863864a2f7 Add multipart set nonce test
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-07-23 18:53:53 +01:00
Paul Elliott
97fd1bad83 Convert over to using a single internal test func
Make all encrypt/decrypt tests use the same function. Cleanup arguments
that were poorly named and document internal function. Removed one test
as I didn't want to write another test purely for it, when its already
tested in one shot.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-07-22 18:52:20 +01:00
Paul Elliott
e0fcb3b99e Add 'too big' tests for nonce generation
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-07-21 18:51:23 +01:00
Paul Elliott
d85f547b65 Add expected size to nonce generation test
Also add unneeded copy-paste in the test descriptions.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-07-21 18:51:23 +01:00
Paul Elliott
a417f56d28 Add non regression test for cipher output size
Call the output size macros specifically with asymmetric keys, which
would cause a crash (and thus test fail) should this fix get regressed.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-07-14 12:39:54 +01:00
Archana
c590611e97
Add requested montgomery curve tests
* Add tests to validate MSB not ok for Curve25519 and
  Curve448.
* Add a test to generate key for for Curve448.

Signed-off-by: Archana <archana.madhavan@silabs.com>
2021-07-12 20:47:11 +05:30
Archana
8584f5b68b
test: psa: Improve description of curve 448 tests
Improve the description of some curve 448 tests

Signed-off-by: Archana <archana.madhavan@silabs.com>
2021-07-12 20:11:08 +05:30
Archana
ef6aa5c46d Support Curve448 via the PSA API
Enable Curve448 support
Add test vectors to evaluate
* RFC 7748
* a known-answer public key export test.
* a known-answer ECDH (X448) test.

Signed-off-by: Archana <archana.madhavan@silabs.com>
2021-07-12 08:07:14 +05:30
Dave Rodgman
9f5774f56d
Merge pull request #4739 from gabor-mezei-arm/3258_fp30_implement_one-shot_MAC_and_cipher
Implement one-shot cipher
2021-06-30 17:04:23 +01:00
gabor-mezei-arm
2bd5799df0
Fix test case dependency
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-06-29 19:55:25 +02:00
gabor-mezei-arm
ff0da72d52
Restoring the multi-part cipher_verify_output() testing
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-06-29 19:55:25 +02:00
gabor-mezei-arm
95aad8378c
Unify multipart cipher operation tester functions
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-06-29 19:55:24 +02:00
gabor-mezei-arm
a56756ed45
Rename test functions
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-06-29 19:55:24 +02:00
gabor-mezei-arm
50c86cfe79
Remove duplicated tests
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-06-29 19:49:01 +02:00
gabor-mezei-arm
f494bcd313
Add tests for one-shot hash cipher functions
Tests for psa_cipher_encrypt and psa_cipher_decrypt functions.
The psa_cipher_encrypt function takes no parameter for IV and always generates
it therefore there will be a randomness in the calculation and cannot be
validated by comparing the actual output with the expected output.
The function is tested by:
 - doing a prtially randomized test with an encryption then a decryption
   and validating the input with output of the decryption
 - validating against the multipart encryption
The combination of this two methods provides enough coverage like a
known answer test.

Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-06-29 19:48:59 +02:00
gabor-mezei-arm
335e55647e
Update key policy testing test cases
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-06-29 17:07:00 +02:00
gabor-mezei-arm
db4522ca83
Rename test cases
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-06-29 17:06:59 +02:00
gabor-mezei-arm
40d5cd8571
Remove unneeded test case parameter
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-06-29 17:06:59 +02:00
gabor-mezei-arm
d851d6872a
Remove unneeded test case parameter
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-06-29 17:06:33 +02:00
gabor-mezei-arm
ff8264c348
Simplify test function
Use the updated usage flags as expected.

Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-06-29 17:06:33 +02:00
gabor-mezei-arm
c8720c4857
Give better name for test cases
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-06-29 17:06:32 +02:00
gabor-mezei-arm
060fdce536
Fix tests
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-06-29 17:06:22 +02:00
gabor-mezei-arm
edf2df84ba
Add test for extended key usage policies
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-06-29 17:03:39 +02:00
gabor-mezei-arm
4ff73037f9 Update tests for extended key usage policies
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-06-29 17:03:35 +02:00
Paul Elliott
3bd5dbacc1 Improve generate nonce test
Make sure the generated nonce works to encrypt test data if the
generated nonce is valid.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-06-23 18:30:20 +01:00
Gilles Peskine
c9d86a05ce
Merge pull request #4665 from yanesca/issue-3990-fix_psa_verify_with_alt
Fix PSA RSA PSS verify with ALT implementations
2021-06-23 11:47:38 +02:00
Paul Elliott
5e3bb13111 Add set_lengths argument to all tests.
Run all tests that do not require set_lengths with and without setting
lengths.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-06-22 16:31:09 +01:00
Paul Elliott
1c96429282 Remove encrypt/decrypt tests
Tests were not really providing any more coverage than already provided.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-06-22 16:31:09 +01:00
Paul Elliott
c23a9a0799 Add state checks for multipart AEAD
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-06-22 16:31:09 +01:00
Paul Elliott
d3f8241369 Add multipart tests
Test range of multipart sizes for all tests, rather than having to
define specific tests.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-06-22 16:31:09 +01:00
Paul Elliott
8eb9dafda1 Add generate nonce test
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-06-22 16:31:09 +01:00
Manuel Pégourié-Gonnard
a805d57261
Merge pull request #4588 from TRodziewicz/remove_MD2_MD4_RC4_Blowfish_and_XTEA
Remove MD2, MD4, RC4, Blowfish and XTEA
2021-06-22 09:27:41 +02:00
TRodziewicz
4a28ade6e9 Changing the key length to 32 bytes in one of the PSA cipher setup tests
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
2021-06-21 17:44:19 +02:00
Janos Follath
ae50d28e4c Fix verify_hash tests for PSA RSA PSS
The psa_verify_hash() is the pre-hashed version of the API and supposed
to work on hashes generated by the user. There were tests passing that
were getting "hashes" of sizes different from the expected.

Transform these into properly failing tests.

Signed-off-by: Janos Follath <janos.follath@arm.com>
2021-06-21 10:39:36 +01:00
TRodziewicz
75628d51b3 Code review fixes
Reverting some deleted tests and changing the deprecated algo
Deleting deprecated headers from /alt-dummy dir
Corrections to the comments
Removal of deleted functions from compat-2.x.h
Corrections to tests/data_files/Makefile

Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
2021-06-18 12:59:38 +02:00
Gilles Peskine
532327b429
Merge pull request #4576 from gilles-peskine-arm/psa_key_derivation-bad_workflow-20210527
PSA key derivation bad-workflow tests
2021-06-17 09:55:39 +02:00
TRodziewicz
10e8cf5fef Remove MD2, MD4, RC4, Blowfish and XTEA
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
2021-06-16 10:34:25 +02:00
Gilles Peskine
af5bd67f6e Fix copypasta in test data
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-06-14 18:05:37 +02:00
Gilles Peskine
c7319cda78 Use UNUSED wherever applicable in derive_input tests
Exhaustivity check:
```
<tests/suites/test_suite_psa_crypto.data awk -F: '$1=="derive_input" { for (step=1; step<=3; step++) { if ($(4*step-1) == "0") { if ($(4*step) != "UNUSED" || $(4*step+1) != "\"\"" || $(4*step+2) != "UNUSED") print NR, step, $(4*step), $(4*step+1), $(4*step+2) } } }'
```

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-06-14 18:01:42 +02:00
Gilles Peskine
93038fab2c Key derivation: add test cases where the secret is missing
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-06-11 22:38:22 +02:00
Paul Elliott
b2ce2ed6d8 Merge remote-tracking branch 'upstream/development' into psa-m-aead
Conflicts:
* None
2021-06-01 17:13:19 +01:00
Ronald Cron
142c205ffc
Merge pull request #4513 from Patater/psa-without-genprime-fix
psa: Support RSA signature without MBEDTLS_GENPRIME
2021-05-27 14:19:24 +02:00
Gilles Peskine
4023c0153d Add bad-workflow key derivation tests
Add HKDF tests where the sequence of inputs differs from the nominal
case: missing step, duplicate step, step out of order, or invalid step.

There were already similar tests for TLS 1.2 PRF. Add one with a key
agreement which has slightly different code.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-05-27 13:33:22 +02:00
Gilles Peskine
1c77edda15 More explicit names for some bad-workflow key derivation tests
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-05-27 11:55:02 +02:00
Paul Elliott
60aa203e30 Remove temporary AEAD CCM implementation
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-05-20 22:44:32 +01:00
Jaeden Amero
ff143c0a34 psa: Add missing RSA test dependency
The test "PSA generate key: RSA, 1024 bits, good, encrypt (OAEP
SHA-256)" had a dependency on MBEDTLS_GENPRIME, but this was not listed
in the dependencies. Add MBEDTLS_GENPRIME to the test's dependencies to
ensure it has what it needs to run.

Signed-off-by: Jaeden Amero <jaeden.amero@arm.com>
2021-05-20 17:08:59 +01:00
Paul Elliott
81231f33f0 Return invalid argument for unsupported algorithm
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-05-14 19:03:26 +01:00
Paul Elliott
5d9fa8d675 Add define to allow multipart ccm to work
Add (internal only) define to config.h which allows the temporary
implementation of CCM to work, by removing the buffer zeroization on tag
fail when decrypting. This will obviously be removed when multipart CCM
is properaly implemented

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-05-14 19:03:26 +01:00
Paul Elliott
0023e0a1de Add tests for multipart AEAD
Just clone of one shot tests for now - all additional data and body data
is passed in in one go.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-05-14 19:03:26 +01:00
gabor-mezei-arm
4bc0edb919
Typo
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-05-13 11:19:01 +02:00
gabor-mezei-arm
6e2a8daef4
Add new tests for psa_sign/verify_message
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-05-13 11:19:00 +02:00
gabor-mezei-arm
d785a79477
Fix test
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-05-13 11:19:00 +02:00
gabor-mezei-arm
e088985496
Fix test names
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-05-13 11:19:00 +02:00
gabor-mezei-arm
ce8804fd6e
Update tests dependencies
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-05-13 11:19:00 +02:00
gabor-mezei-arm
4c6a47a833
Add test for sign/verify message key policies
Update the mbedtls_test_psa_exercise_key to handle and use
PSA_KEY_USAGE_SIGN_MESSAGE and PSA_KEY_USAGE_VERIFY_MESSAGE key policies.
Add new tests for PSA_KEY_USAGE_SIGN_MESSAGE and PSA_KEY_USAGE_VERIFY_MESSAGE
policies.

Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-05-13 11:18:58 +02:00
gabor-mezei-arm
5302848ba5
Add tests for psa_sign_message and psa_verify_message
The reference output data was created with cryptodome for RSA algorithms and
python-ecdsa for ECDSA algorithms.

Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-05-13 11:18:57 +02:00
gabor-mezei-arm
b95302358f
Rename test funtions and test cases
Modify function and test case names that testing psa_sign_hash and
psa_verify_hash funtions to be less confusing with the newly introduced
function and test case names which tests psa_sign_message and
psa_verify_message functions.

Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-05-13 11:18:51 +02:00
Steven Cooreman
0c23965977 Add sanity tests for CMAC-(3)DES through PSA Crypto
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-05-10 11:29:13 +02:00
Gilles Peskine
09c916afba
Merge pull request #4257 from ronald-cron-arm/psa-aead
Add PSA crypto driver delegation for AEAD single shot PSA APIs - 1
2021-04-14 14:07:51 +02:00
Steven Cooreman
ea7ab13991 Do validation on the algorithm argument in AEAD
Corresponds better to the validation done in other modules of PSA Crypto.

Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-04-07 16:03:31 +02:00
Ronald Cron
a0bc2cd4f1 tests: psa: Fix copy fail test argument
Fix copy fail test argument for only one of them
to be invalid.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-04-02 08:56:20 +02:00
Ronald Cron
88a55464f5 tests: psa: Add negative tests for psa_copy_key()
Add negative tests checking that psa_copy_key()
returns PSA_ERROR_INVALID_ARGUMENT when passed in
an invalid key identifier or key lifetime for the
target key.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-04-01 14:05:41 +02:00
Ronald Cron
9f97c6ecdf Update PSA crypto test dependencies
Given the PSA_WANT_* config options added lately,
update set_psa_test_dependencies.py and run it
on test_suite_psa_crypto*.data files but the SE
and generated ones.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-03-24 09:26:44 +01:00
David Brown
110ea816ca psa: Fix name of BRAINPOOL configs
These should be WANT_ECC_BRAINPOOL_P_... not WANT_ECC_BP_...  Change to
match.

Signed-off-by: David Brown <david.brown@linaro.org>
2021-03-15 15:30:28 -06:00
David Brown
85537fa141 psa: ecdsa: Resolve incorrect merge resolution
The commit
    commit dcdde59c6f
    Author: David Brown <david.brown@linaro.org>
    Date:   Tue Feb 23 15:48:13 2021 -0700

        tests: psa: Change Elliptic curve defines to PSA names

when rebased on

    commit bb9cbc7a23
    Author: Ronald Cron <ronald.cron@arm.com>
    Date:   Thu Mar 4 17:09:00 2021 +0100

        psa: ecdsa: Prefer NOT_SUPPORTED error code

had an incorrect merge conflict resolution.  Correct this, allowing the
test "PSA sign: invalid algorithm for ECC key" to pass again.

Signed-off-by: David Brown <david.brown@linaro.org>
2021-03-12 12:21:45 -07:00
David Brown
dcdde59c6f tests: psa: Change Elliptic curve defines to PSA names
Now that PSA crypto config supports the new PSA_WANT_ECC_xxx defines,
change the psa-specific test suites to use these new names.

Signed-off-by: David Brown <david.brown@linaro.org>
2021-03-10 13:19:45 -07:00
Manuel Pégourié-Gonnard
17605f072b
Merge pull request #4151 from ronald-cron-arm/psa-sign_verify-hash
PSA sign and verify hash rework
2021-03-10 10:08:50 +01:00
Ronald Cron
bb9cbc7a23 psa: ecdsa: Prefer NOT_SUPPORTED error code
When ECDSA is not supported by the library, prefer
to return NOT_SUPPORTED than INVALID_ARGUMENT when
asked for an ECDSA signature.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-03-04 17:43:31 +01:00
Ronald Cron
9103d490e8 psa: ecdsa: Rework deterministic support check
Move the check that ECDSA is supported from the
caller of the function responsible for Mbed TLS
ECDSA signatures to this function, namely
mbedtls_psa_ecdsa_sign_hash().

This makes the caller code more readable and is
more aligned with what is expected from a
sign_hash() PSA driver entry point.

Add a negative test case where a deterministic
ECDSA signature is requested while the library
does not support deterministic ECDSA.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-03-04 13:32:27 +01:00
Steven Cooreman
f9f7fdfe49 Rework MAC algorithm / key type validation
Reworked the validation of MAC algorithm with the used key type by
introducing psa_mac_key_can_do, which guarantees that PSA_MAC_LENGTH can
be called successfully after validation of the algorithm and key type.

This means psa_get_mac_output_length is no longer required.

Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-03-03 19:58:02 +01:00
Steven Cooreman
5ad4bf75e3 Move MAC default length checking into psa_key_policy_permits
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-03-02 21:36:33 +01:00
Steven Cooreman
328f11c50e Language & readability touchups
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-03-02 11:44:51 +01:00
Steven Cooreman
7e39f05929 Using a wildcard as a specific algorithm now reports invalid argument
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-03-01 16:03:40 +01:00
Steven Cooreman
ae3f13bf5e Add more test cases and fix AT_LEAST_THIS_LENGTH against base algorithm
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-03-01 16:03:40 +01:00
Steven Cooreman
2c2efa488b Fix dependency-setting script and test dependencies for new tests
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-03-01 16:03:39 +01:00
Steven Cooreman
5d81481a1c Rename AEAD WITH_MINIMUM_LENGTH to AT_LEAST_THIS_LENGTH
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>

# Conflicts:
#	include/psa/crypto_values.h
#	tests/suites/test_suite_psa_crypto.data
2021-03-01 16:00:31 +01:00
Steven Cooreman
caad49316b rename MAC_WITH_MINIMUM_LENGTH_TAG to AT_LEAST_THIS_LENGTH_MAC
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-03-01 16:00:31 +01:00
Steven Cooreman
b3ce8156ce Add support for minimum-tag-length AEAD and MAC policies
Includes tests.

Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>

# Conflicts:
#	include/psa/crypto_values.h
#	tests/suites/test_suite_psa_crypto.function
2021-03-01 16:00:31 +01:00
Gilles Peskine
069346cdab New test suite for not-supported cases: key creation (import, generate)
To start with, test that key creation fails as intended when the key
type is not supported. This commit only covers psa_import_key and
psa_generate_key. A follow-up will cover psa_key_derivation_output_key.

My primary intent in creating this new test suite is to automatically
generate test cases by enumerating the key types and algorithms that
the library supports. But this commit only adds a few manually written
test cases, to get the ball rolling.

Move the relevant test cases of test_suite_psa_crypto.data that only
depend on generic knowledge about the API. Keep test cases that depend
more closely on the implementation, such as tests of non-supported key
sizes, in test_suite_psa_crypto.data.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-02-17 14:50:17 +01:00
Ronald Cron
d00f5e188a tests: psa: Remove generate key test case restriction
Now that the support for key generation in the transparent
test driver is at the same level as the support in the
Mbed TLS library, remove the restriction on the generate
key test case that was introduced by the work on key
import and export through the PSA driver interface.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-02-16 09:07:46 +01:00
Ronald Cron
5cd00d28bf
Merge pull request #4092 from ronald-cron-arm/psa-crypto-client
Psa crypto client
2021-02-15 10:46:35 +01:00
Bence Szépkúti
a63b20d28b Rename AEAD tag length macros
This brings them in line with PSA Crypto API 1.0.0

PSA_ALG_AEAD_WITH_DEFAULT_TAG_LENGTH -> PSA_ALG_AEAD_WITH_DEFAULT_LENGTH_TAG
PSA_ALG_AEAD_WITH_TAG_LENGTH         -> PSA_ALG_AEAD_WITH_SHORTENED_TAG

Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2021-02-11 11:39:31 +01:00
Steven Cooreman
7c9e7da8d4 Add CAVS14.0 AES-GCM vectors to test more IV, tag and key lengths
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-02-10 15:34:52 +01:00
Gilles Peskine
2fa6b5f503 ECC import: more useful choice of INVALID_ARGUMENT vs NOT_SUPPORTED
Attempting to create an ECC key with a curve specification that is not
valid can plausibly fail with PSA_ERROR_INVALID_ARGUMENT ("this is not
a curve specification at all") or PSA_ERROR_NOT_SUPPORTED ("this may
be a curve specification, but not one I support"). The choice of error
is somewhat subjective.

Before this commit, due to happenstance in the implementation, an
attempt to use a curve that is declared in the PSA API but not
implemented in Mbed TLS returned PSA_ERROR_INVALID_ARGUMENT, whereas
an attempt to use a curve that Mbed TLS supports but for which support
was disabled at compile-time returned PSA_ERROR_NOT_SUPPORTED. This
inconsistency made it difficult to write negative tests that could
work whether the curve is implemented via Mbed TLS code or via a
driver.

After this commit, any attempt to use parameters that are not
recognized fails with NOT_SUPPORTED, whether a curve with the
specified size might plausibly exist or not, because "might plausibly
exist" is not something Mbed TLS can determine.

To keep returning INVALID_ARGUMENT when importing an ECC key with an
explicit "bits" attribute that is inconsistent with the size of the
key material, this commit changes the way mbedtls_ecc_group_of_psa()
works: it now works on a size in bits rather than bytes, with an extra
flag indicating whether the bit-size must be exact or not.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-02-08 18:43:26 +01:00
Steven Cooreman
10ec7804c5 Remove HAVE_RAM_AVAILABLE for derive_full and derive_output tests
Both tests do not require a lot of RAM, even though it may seem
like it at first sight. The derivation output is generated blockwise
from the KDF function, which only keeps state amounting to a couple
of blocks of the underlying hash primitive at a time.
There is never an allocation to keep the full derivation capacity in
memory...

Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-02-03 15:21:04 +01:00
Steven Cooreman
83fdb70550 Convert 'large key' testing to accept insufficient memory errors
Since the tested service may run in a different context with a different heap.

Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-02-03 15:21:01 +01:00
Steven Cooreman
69967ce17e Get rid of half-baked HAVE_RAM_128K in favor of dynamic heap checking
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-02-03 15:19:20 +01:00
Ronald Cron
1e87d5ba1d tests: psa: Fix export related tests
Fix some export related tests that were
relying on the fact that the size of the
output buffer was checked after other
parameters.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-02-02 11:49:08 +01:00
Ronald Cron
80eaa93b59 tests: psa: Reactivate and expand key management through test driver
The compilation guards in key_management.c are now
accelerator compilation guards (MBEDTLS_PSA_ACCEL_KEY_TYPE_xyz).

As a consequence when running the PSA driver wrapper
tests as part of test_psa_crypto_config_basic
and test_psa_crypto_drivers all.sh components all
key management cryptographic operations were handled by
the software builtin fallback, and not by the test driver
as intended in the first place.

This commits fixes this issue by:
. declaring an accelerator for ECC key pairs in
  test_psa_crypto_config_basic.
. declaring an accelerator for both ECC and RSA
  key pairs in test_psa_crypto_drivers.

It is possible to declare an accelerator for both
ECC and RSA key pairs in test_psa_crypto_drivers
and not in test_psa_crypto_config_basic because
in the case of test_psa_crypto_drivers the new
PSA configuration is not activated. That way,
the builtin fallback software implementation
is present to supply the transparent test driver
when some support is missing in it (mainly
RSA key generation).

Note that the declaration of accelerators does
much more than just "fixing" the execution flow of
driver wrapper tests, it makes all import and public
key export cryptographic operations in all unit
tests being handled by the transparent test driver
(provided that it supports the key type).

One test case related to key generation is
partially disabled. This will be fixed with the
rework of psa_generate_key along the lines
described in psa-crypto-implementation-structure.md.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-02-02 11:38:50 +01:00
Gilles Peskine
b51d72f82e Run copy_fail even when the target policy is unsupported
The negative test cases for psa_copy_key() don't actually care whether
the target policy is supported. This is similar to _key_policy tests.
Add a similar rule.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-02-01 13:22:38 +01:00
Gilles Peskine
0794572f96 More precise recognition of key policy negative tests
The test function asymmetric_signature_key_policy combines positive
and negative tests inside the code, so it doesn't take a status as its
last argument.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-02-01 13:22:38 +01:00
Gilles Peskine
8405b5f60d Change PSA crypto test dependencies to PSA_WANT_xxx
Replace manually written dependencies on MBEDTLS_xxx with
PSA_WANT_xxx dependencies that are determined automatically from the
test data.

Run tests/scripts/set_psa_test_dependencies.py on
tests/suites/test_suite_psa_crypto*.data,
except for the dynamic secure element tests in
tests/suites/test_suite_psa_crypto_se_driver_hal*.data.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-02-01 13:21:40 +01:00
Gilles Peskine
6fea21d515 Declare a code dependency in the code instead of in the data
When using the test function persistent_key_load_key_from_storage with
DERIVE_KEY, there's a dependency on HKDF-SHA-256. Since this
dependency is in the code, declare it there rather than with the data.
If the depenency is not met, mark the test as skipped since it can't
create the key to be tested.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-02-01 13:19:26 +01:00
Ronald Cron
f7b666c508 tests: psa: Move PSA key attributes tests
Move PSA key attributes tests to their own
test suite to be able to run them when
MBEDTLS_PSA_CRYPTO_CLIENT is enabled but
not MBEDTLS_PSA_CRYPTO_C.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-02-01 13:17:23 +01:00
Steven Cooreman
29eecbf6e1 move _bad_order() test case dependencies to the function itself
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-01-28 19:41:25 +01:00
Steven Cooreman
107409f470 Apply review feedback
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-01-26 12:01:22 +01:00
Steven Cooreman
9b31218109 Testing a maximum size key is RAM intensive, and should be dependent
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-01-11 17:59:36 +01:00
Steven Cooreman
affc38c90d Make test cases that use PKCS7 padding dependent on it
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-01-11 17:56:19 +01:00
Bence Szépkúti
cbe395332c Substitute PSA_ALG_STREAM_CIPHER into all files
Deprecate PSA_ALG_ARC4 and PSA_ALG_CHACHA20.

Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2020-12-08 00:01:31 +01:00
Gilles Peskine
662deb38d6
Merge pull request #3547 from ronald-cron-arm/psa-openless
Openless PSA crypto APIs implementation
2020-11-20 18:48:33 +01:00
Ronald Cron
d98059d599 psa: Fix tests/handling of lifetime incompatible with location
The lifetime of key attributes now encodes whether a key is
volatile/persistent or not AND its location.
Fix PSA code where the fact that the lifetime encodes
the key location was not taken into account properly.

Fix the impacted tests and add two non regression tests.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-11-10 18:18:15 +01:00
Gilles Peskine
db6e33e12a
Merge pull request #3826 from frestr/test/chachapoly_vector
PSA Crypto: Add zero-length input test vectors for ChaChaPoly
2020-11-03 23:17:00 +01:00
Fredrik Strupe
d61ed3c52f PSA Crypto: Add zero-length input test vectors for ChaChaPoly
Signed-off-by: Fredrik Strupe <fredrik.strupe@silabs.com>
2020-10-27 14:11:53 +01:00
Gilles Peskine
b7eaa77e2a
Merge pull request #3743 from stevew817/bugfix/use_ecdh_key_in_streamlined_derivation
Fix PSA crypto inconsistencies in agreement+derivation
2020-10-21 13:25:21 +02:00
Ronald Cron
60ca77ca75
Merge pull request #3730 from gilles-peskine-arm/psa_generate_key-curve25519
Fix psa_generate_key on Curve25519
2020-10-21 09:03:00 +02:00
Steven Cooreman
0ee0d52967 Fix PSA crypto inconsistencies in agreement+derivation
* #3742 After input of a key as SECRET in the derivation, allow the
        derivation result to be used as key.

Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2020-10-05 16:08:18 +02:00
Steven Cooreman
ce48e85db9 Fix PSA crypto inconsistencies in agreement+derivation
* #3741 Allow key agreement inside derivation with a key that's allowed
        for the relevant agreement.

Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2020-10-05 16:02:45 +02:00
Gilles Peskine
326e474a6d Add basic test cases for Curve25519
Test import and key generation, each followed by a key agreement. Only
good cases in this commit.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-09-30 17:01:18 +02:00
Fredrik Strupe
f90e3019dd Use PSA_ERROR_INVALID_ARGUMENT for invalid cipher input sizes
... as opposed to PSA_ERROR_BAD_STATE.

The spec on psa_cipher_finish() states that PSA_ERROR_INVALID_ARGUMENT
should be returned when:

"The total input size passed to this operation is not valid for this
particular algorithm. For example, the algorithm is a based on block
cipher and requires a whole number of blocks, but the total input size
is not a multiple of the block size."

Currently, there is a distinction between encryption and decryption
on whether INVALID_ARGUMENT or BAD_STATE is returned, but this is not
a part of the spec.

This fix ensures that PSA_ERROR_INVALID_ARGUMENT is returned
consistently on invalid cipher input sizes.

Signed-off-by: Fredrik Strupe <fredrik.strupe@silabs.com>
2020-09-30 12:26:58 +02:00
Gilles Peskine
dc57c25e30
Merge pull request #3527 from ronald-cron-arm/key-extended-id
PSA key identifiers rework
2020-09-15 16:06:06 +02:00
Gilles Peskine
b1d3f2779b
Merge pull request #3480 from stevew817/feature/aes-ecb
Added support for AES-ECB to the PSA Crypto implementation
2020-09-14 14:45:14 +02:00
Steven Cooreman
177deba54b Fix style and pull out ECB processing in separate function
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2020-09-07 17:14:14 +02:00
Ronald Cron
81e005042e tests: psa: Add owner identifier as test parameter
To test the proper handling of owner identifier as of key
identifiers, add owner identifier(s) to tests having
key identifier(s) as test parameters. Just don't do it for
tests related to tests invalid values of key identifiers
as there is no owner identifier invalid values.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-09-02 14:27:07 +02:00
Ronald Cron
ecfb237f23 Fix PSA code and unit tests
Fix PSA code and unit tests for the unit tests
to pass with key identifiers encoding owner
identifiers.

The changes in PSA code just make the enablement
of key identifiers encoding owner identifiers
platform independent. Previous to this commit,
such key identifiers were used only in the case
of PSA SPM platforms.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-09-02 14:27:07 +02:00
Gilles Peskine
cd65f4ccac Add empty-output-buffer test cases for single-part hash functions
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-08-26 00:11:23 +02:00
Steven Cooreman
ffecb7b982 Implement support for multipart ECB and add tests
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2020-08-25 17:00:24 +02:00
Steven Cooreman
d4867877f1 Initialize key pointer in ecdh to NULL
Since it is being dereferenced by free on exit it should be inited to NULL.
Also added a small test that would trigger the issue.

Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2020-08-05 17:38:47 +02:00
Steven Cooreman
3fa684ed91 Allow importing Montgomery public keys in PSA Crypto
PSA Crypto was checking the byte length of a to-be-imported public ECP key
against the expected length for Weierstrass keys, forgetting that
Curve25519/Curve448 exists.

Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2020-07-30 15:35:14 +02:00
Steven Cooreman
5a3c210e15 Update to renamed curve constant
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2020-07-13 17:26:26 +02:00
Steven Cooreman
aec44e9fe8 Merge remote-tracking branch 'mbedtls/development' into montgomery-keys-clarification 2020-07-13 11:48:21 +02:00
Manuel Pégourié-Gonnard
fafe8553c6
Merge pull request #3392 from paul-elliott-arm/psa_ecc_dh_macros
PSA: update EC curve and DH group family macros
2020-07-07 09:20:44 +02:00
Steven Cooreman
ed3c9ec71a Added support for AES-ECB to the PSA Crypto implementation
PSA_ALG_ECB_NO_PADDING came in to the PSA Crypto API spec v1.0.0, but
was not implemented yet in the mbed TLS implementation.

Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2020-07-06 14:16:10 +02:00
Steven Cooreman
6f5cc71ad1 Document masking of Montgomery private keys in psa_export_key
Follow the PSA Crypto specification which was updated between 1.0 beta3
and 1.0.0.
Add corresponding test cases.

Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2020-07-06 10:45:04 +02:00
Paul Elliott
8ff510ac26 Rename ECC Family Macros According to PSA Spec
Rename PSA_ECC_CURVE_xxx to PSA_ECC_FAMILY_xxx, also rename
PSA_KEY_TYPE_GET_CURVE to PSA_KEY_TYPE_ECC_GET_FAMILY and rename
psa_ecc_curve_t to psa_ecc_family_t. Old defines are provided in
include/crypto_compat.h for backward compatibility.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2020-07-02 16:59:30 +01:00
Gilles Peskine
af9dbc9213 Fix dependency in PSA test cases
The test cases were never executed.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-06-26 22:45:30 +02:00
Manuel Pégourié-Gonnard
c03d499a58 Fix undeclared dep on deterministic ECDSA in test
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-06-05 09:21:49 +02:00
Gilles Peskine
6eb45f99f0 Add missing dependency on MBEDTLS_CIPHER_MODE_CBC 2020-03-23 17:55:32 +01:00
Gilles Peskine
80d26fb56f Switch psa_crypto tests to the new curve encoding 2020-01-31 10:24:21 +01:00
Gilles Peskine
025fccdc32 Change the encoding of EC curves and DH groups to include the size
Change the representation of psa_ecc_curve_t and psa_dh_group_t from
the IETF 16-bit encoding to a custom 24-bit encoding where the upper 8
bits represent a curve family and the lower 16 bits are the key size
in bits. Families are based on naming and mathematical similarity,
with sufficiently precise families that no two curves in a family have
the same bit size (for example SECP-R1 and SECP-R2 are two different
families).

As a consequence, the lower 16 bits of a key type value are always
either the key size or 0.
2020-01-31 10:15:32 +01:00
Gilles Peskine
4295e8b9c5 Rework PSA curve to mbedlts group id conversion
Don't rely on the bit size encoded in the PSA curve identifier, in
preparation for removing that.

For some inputs, the error code on EC key creation changes from
PSA_ERROR_INVALID_ARGUMENT to PSA_ERROR_NOT_SUPPORTED or vice versa.
There will be further such changes in subsequent commits.
2020-01-31 10:15:32 +01:00
Gilles Peskine
88e08464f5 Add dedicated test cases for psa_hash_compare
psa_hash_compare is tested for good cases and invalid-signature cases
in hash_compute_compare. Also test invalid-argument cases. Also run a
few autonomous test cases with valid arguments.
2020-01-30 12:27:14 +01:00