Commit graph

658 commits

Author SHA1 Message Date
Paul Elliott
7c17308253 Add num_ops tests to sign and verify interruptible hash
This is the only test usable for non-deterministic ECDSA, thus needs this
code path testing as well.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2023-02-28 17:23:29 +00:00
Paul Elliott
8359c14c14 Add hash corruption test to interruptible verify test
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2023-02-28 17:23:29 +00:00
Dave Rodgman
17152df58d
Merge pull request #7175 from paul-elliott-arm/interruptible_sign_hash_test_comments
Interruptible sign hash test comments
2023-02-28 17:09:43 +00:00
Stephan Koch
5819d2c141 Feedback from Arm: guarantee that output_length <= output_size even on error, to reduce the risk that a missing error check
escalates into a buffer overflow in the application code

Signed-off-by: Stephan Koch <koch@oberon.ch>
2023-02-27 11:49:13 +01:00
oberon-sk
10c0f770ce asymmetric_encrypt: check output length only if return code is PSA_SUCCESS.
Signed-off-by: Stephan Koch <koch@oberon.ch>
2023-02-27 11:48:51 +01:00
Paul Elliott
c2033502f5 Give edge case tests a better name
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2023-02-26 18:47:58 +00:00
Paul Elliott
c7f6882995 Add comments to each test case to show intent
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2023-02-26 18:47:58 +00:00
Paul Elliott
f8e5b56ad8 Fix get_num_ops internal code.
Previously calling get_num_ops more than once would have ended up with ops
getting double counted, and not calling inbetween completes would have ended up
with ops getting missed. Fix this by moving this to where the work is actually
done, and add tests for double calls to get_num_ops().

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2023-02-19 18:55:10 +00:00
Paul Elliott
96b89b208a Add comment to indicate non-PSA spec assertion.
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2023-02-16 12:15:39 +00:00
Paul Elliott
f1743e2440 Add verify call to max ops tests
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2023-02-16 12:15:39 +00:00
Paul Elliott
c86d45e8a1 Remove spurious incorrect comment
Comment originated from original version of this code, and the newer comment
which was added when it was pulled into a seperate function covers all cases.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2023-02-15 23:34:29 +00:00
Paul Elliott
efebad0d67 Run extra complete in failure tests regardless.
We do not need to expect to fail, running another complete in either sign or
verify after successful completion should also return BAD_STATE.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2023-02-15 23:34:29 +00:00
Paul Elliott
01885fa5e5 Fix include guards on auxiliary test function.
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2023-02-15 23:34:29 +00:00
Paul Elliott
a4cb909fcd Add max ops tests
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2023-02-15 23:34:29 +00:00
Paul Elliott
76d671ad73 Split state tests into two functions
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2023-02-15 23:34:29 +00:00
Paul Elliott
1243f93cca Fix build fails with non ECDSA / restartable builds
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2023-02-15 23:34:29 +00:00
Paul Elliott
6f60037589 Move {min|max}_complete choice logic into function
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2023-02-15 23:34:29 +00:00
Paul Elliott
c9774411d4 Ensure that operation is put into error state if error occurs
If an error occurs, calling any function on the same operation should return
PSA_ERROR_BAD_STATE, and we were not honouring that for all errors. Add extra
failure tests to try and ratify this.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2023-02-15 23:34:29 +00:00
Paul Elliott
f9c91a7fb5 Store the hash, rather than the pointer
For sign and verify, the pointer passed in to the hash is not guaranteed to
remain valid inbetween calls, thus we need to store the hash in the
operation. Added a test to ensure this is the case.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2023-02-15 23:34:29 +00:00
Paul Elliott
ab7c5c8550 Change incorrect define for MAX_OPS_UNLIMITED
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2023-02-15 23:34:29 +00:00
Paul Elliott
97ac7d9090 Calculate min/max completes rather than passing in to test
Only 2 options were really possible anyway - complete in 1 op, or somewhere
between 2 and max ops. Anything else we cannot test due to implementation
specifics.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2023-02-15 23:34:29 +00:00
Paul Elliott
334d726d40 Ensure ops are tested on successful 'fail' tests
Make sure the number of ops is tested in the interruptible failure tests,
should they get through the interruptible loop part.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2023-02-15 23:34:29 +00:00
Paul Elliott
edfc883568 Change test loops over to do...while
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2023-02-15 23:34:29 +00:00
Paul Elliott
59ad9457b6 Add {sign/verify}_hash_abort_internal
Ensure that num_ops is cleared when manual abort is called, but obviously not
when an operation just completes, and test this.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2023-02-15 23:34:29 +00:00
Paul Elliott
20a360679b Add State tests
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2023-02-15 23:34:29 +00:00
Paul Elliott
0c68335a42 Convert tests to configurable max_ops
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2023-02-15 23:34:29 +00:00
Paul Elliott
9100797cb3 Negative tests
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2023-02-15 23:34:29 +00:00
Paul Elliott
712d512007 Basic tests
Sign Hash, Verify Hash and Sign and Verify Hash.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2023-02-15 23:34:29 +00:00
Dave Rodgman
641288bc1e Restore test guards
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-02-11 22:02:04 +00:00
Dave Rodgman
91e832168f Restore more test guards
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-02-11 20:07:43 +00:00
Dave Rodgman
a476363042 Restore more test guards
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-02-11 18:36:23 +00:00
Dave Rodgman
d26d7445b8 Restore guards on a couple of tests
These tests check for failures, but can only fail where SIZE_MAX
exceeds some limit (UINT_MAX or UINT32_MAX) and do not fail
in this way otherwise - so guards are needed.

Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-02-11 17:22:03 +00:00
Dave Rodgman
4a5c9ee7f2 Remove redundant SIZE_MAX guards
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-02-10 16:03:44 +00:00
Gilles Peskine
449bd8303e Switch to the new code style
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-01-11 14:50:10 +01:00
Manuel Pégourié-Gonnard
9502b56192 Fix test function derive_key_exercise()
mbedtls_test_psa_setup_key_derivation_wrap() returns 1 for success, 0
for error, so the test here was wrong.

This is just a hotfix in order to avoid a testing gap. Larger issues not
addressed here:

- I don't think we should just exit and mark the test as passed; if
we're not doing the actual testing this should be marked as SKIP.
- Returning 1 for success and 0 for failure is a violation of our
documented coding guidelines. We're also supposed to test with == 0 or
!= 0. Having consistent conventions is supposed to help avoid errors
like this.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-01-04 13:16:53 +01:00
Gilles Peskine
081369111e
Merge pull request #6594 from gilles-peskine-arm/generate_test_code-function_comments
Allow comments in test function prototypes
2022-12-15 12:32:11 +01:00
Tom Cosgrove
1797b05602 Fix typos prior to release
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2022-12-04 17:19:59 +00:00
Manuel Pégourié-Gonnard
0b9b560770
Merge pull request #6601 from valeriosetti/issue6502
Avoid assumptions about implementation in EC J-PAKE tests
2022-11-29 11:21:23 +01:00
Gilles Peskine
42649d9270 Fix NULL+0 undefined behavior in ECB encryption and decryption
psa_cipher_encrypt() and psa_cipher_decrypt() sometimes add a zero offset to
a null pointer when the cipher does not use an IV. This is undefined
behavior, although it works as naively expected on most platforms. This
can cause a crash with modern Clang+ASan (depending on compiler optimizations).

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-11-23 14:16:52 +01:00
Valerio Setti
024b028ce1 test: split psa_pake function/data from the generic test_suite_psa_crypto
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2022-11-22 18:52:17 +01:00
Valerio Setti
1070aed778 test_suite_psa_crypto: do not re-use PAKE's contexts in case of errors
As for ecjpake_setup(), now the test function can handle:
- "external" errors, through parameters set by the data file
- "internal" ones, through enums which inject ad-hoc failures

Similarly also ecjpake_rounds() can handle both type of errors,
but right now there's no erroneous case in the associated ".data"
file.

In both cases, after an error the current test is terminated.

Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2022-11-22 18:45:03 +01:00
Przemek Stekiel
f82effa982 Optimize pake test code
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-11-21 15:10:32 +01:00
Przemek Stekiel
cd356c3cdb Add ec-jpake test to verify if key can be destroyed after set_password_key
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-11-21 12:25:21 +01:00
Przemek Stekiel
7c7954842b Adapt ec-jpake_setup test
Now when operation holds pointer to dynamically allocated buffer for password key we can't do copy of the operation object in test instead we need to re-initialize operation object after error.

Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-11-16 16:27:55 +01:00
Gilles Peskine
07510f5ba3 Allow comments in prototypes of unit test functions
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-11-11 16:37:16 +01:00
Andrzej Kurek
c018204019 Improve error injection in EC J-PAKE tests
Instead of corrupting the public key part of the message,
corrupt the proof part. A proof is conceptually similar to a signature,
and changing anything in it should make it invalid with 
a high probability.
Also, instead of shifting data, perform a bitflip.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-11-08 08:12:56 -05:00
Gilles Peskine
faefe62013
Merge pull request #6390 from mpg/fix-ecjpake-psa-format
Fix ecjpake PSA format
2022-11-07 17:35:44 +01:00
Przemek Stekiel
8258ea7b7d test_suite_psa_crypto: adapt dependenies and guards so the test can run in the driver-only build
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-10-19 13:20:20 +02:00
Manuel Pégourié-Gonnard
f155ab9a91 Abort on errors when we should
We're not strictly required to abort, but at least to leave the context
is an invalid state. For "late" functions like input() and output(),
calling abort() is the easiest way to do that. Do it systematically for
input() and output() by using a wrapper. psa_pake_get_implicit_key() was
already doing it. For "early" function, we can just leave the operation
in its current state which is already invalid.

Restore previous tests about that. Not adding systematic tests, though,
just test the two functions that are the most important, and more likely
to return errors.

Since we now abort in more cases, we need to make sure we don't
invalidate the operation that's going to be re-used later in the test.
For that reason, use a copy of the operation for calls to input() and
output() that are expected to return errors.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-10-13 13:20:31 +02:00
Manuel Pégourié-Gonnard
b63a9ef09f Fix buffer sizes in ecjpake_setup test function
Also, the error code changed from INSUFFICIENT_MEMORY to INVALID_DATA.

Temporarily remove a test about aborting the operation on error.
Auto-abort will be re-introduced in the next commit in a more systematic
way.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-10-13 13:17:20 +02:00