Commit graph

629 commits

Author SHA1 Message Date
Gilles Peskine
77e47c05f3 Add key material for twisted Edwards curves
Add the test keys from RFC 8032 (§7.1 Ed25519 "TEST 1", §7.4 Ed448 "Blank").
This replaces the generic byte-sized data used for unknown key types
which no longer works now that Ed25519 is considered to have 255 bits.

Re-generate the automatically generated test data accordingly.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-03-29 15:08:10 +02:00
Gilles Peskine
a00abc6b65 Consistently describe Ed25519 as a 255-bit curve
The coordinates are over $F_{2^{255}-19}$, so by the general
definition of the bit size associated with the curve in the
specification, the value for size attribute of keys is 255.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-03-29 14:55:44 +02:00
Gilles Peskine
67546802fe New elliptic curve family: twisted Edwards
Add an elliptic curve family for the twisted Edwards curves
Edwards25519 and Edwards448 ("Goldilocks"). As with Montgomery curves,
since these are the only two curves in common use, the family has a
generic name.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-03-29 14:55:44 +02:00
Gilles Peskine
01196d0464
Merge pull request #4214 from gilles-peskine-arm/psa-storage-format-test-types
PSA storage format test case generator
2021-03-22 12:16:17 +01:00
Ronald Cron
5cb08a8e61
Merge pull request #4202 from paul-elliott-arm/changelog_linelength_enforcement
Make assemble changelog script enforce line length
2021-03-19 12:26:31 +01:00
Paul Elliott
d75773e941 Pythonify and fix reported line number
Use enumerate to give the line number and use the correct offset to
actually calculate it.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-03-18 18:09:34 +00:00
Gilles Peskine
f8223abb16 Cover all key types
Generate test cases for all key types. These test cases cover the key
representation (checked with export) and the encoding of the key type and
the bit-size.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-03-10 23:22:35 +01:00
Gilles Peskine
2352396808 Obtain the values of expressions by running C code
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-03-10 23:22:35 +01:00
Gilles Peskine
e00944807c New python module to encode a PSA key for storage
Construct an object given the attributes and material for a PSA crypto key
and get the Mbed TLS storage representation.

The code to generate the storage representation was written based on the
specification in docs/architecture/mbed-crypto-storage-specification.md,
without looking at the code.

The data in the unit tests is from the AES-128 format_storage_data_check
test case in test_suite_psa_crypto_persistent_key.data, tweaked manually.

This commit creates a basic framework for using symbolic values for
attributes, but does not yet implement obtaining the corresponding numerical
values from an external source.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-03-10 23:22:35 +01:00
Gilles Peskine
33c601cb73 Hook up PSAMacroCollector to PSAMacroEnumerator
Make it possible to enumerate the key types, algorithms, etc.
collected by PSAMacroCollector.

This commit ensures that all fields of PSAMacroEnumerator are filled
by code inspection. Testing of the result may reveal more work to be
done in later commits.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-03-10 23:22:35 +01:00
Gilles Peskine
22fcf1b5f5 Move PSAMacroEnumerator to macro_collector
It's useful for more than test_psa_constant_names.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-03-10 23:22:35 +01:00
Gilles Peskine
10ab267afb Add some type annotations
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-03-10 23:22:35 +01:00
Paul Elliott
b05a59a550 Improve error message
Make sure line number reported is correct for the overly long line, and
change the message to be more readable.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-03-09 10:26:46 +00:00
Paul Elliott
f08648d2da Make assemble changelog script enforce line length
As I descovered, a changelog entry with a line length greater than 80
characters would still pass CI. This is a quick change to the script to
make it detect these descrepancies and fail.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-03-05 12:29:28 +00:00
Steven Cooreman
947bb0b06f Code readability improvements
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-03-01 16:09:24 +01:00
Steven Cooreman
d927ed7901 Rename _MINIMUM_LENGTH flags to _AT_LEAST_THIS_LENGTH
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-03-01 16:03:39 +01:00
Steven Cooreman
4400c3a44a Add _AT_LEAST_THIS_LENGTH_ macros to PSA constants test
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-03-01 16:03:39 +01:00
Gilles Peskine
d75adfcb3b KeyType: do a sanity check on the key type expression
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-02-17 18:05:27 +01:00
Gilles Peskine
4fbffcd144 Do not require typing_extensions at runtime
There are type annotations that indirectly depend on the
typing_extensions module (on Python 3.5-3.7: Protocol was added to the
core typing module in 3.8). The typing_extensions module is not
installed by default, so the code didn't run on a pristine Python
installation.

To avoid depending on a non-default module, make the dependency on
typing_extensions optional. (It's still required to run mypy, but
installing mypy takes care of providing typing_extensions.) If it
isn't available, provide a substitute definition that's just good
enough to get the scripts to run.

Move this ugly code to its own module to avoid the temptation of
spreading such ugliness all over the place. It's likely to be used in
other modules anyway.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-02-17 14:58:29 +01:00
Gilles Peskine
fa3c69a60f Improve documentation of crypto_knowledge.KeyType
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-02-17 14:58:29 +01:00
Gilles Peskine
505cc641de Use the base name of the generating script, not the full path
Otherwise the generation is sensitive to trivial differences such as
running `tests/scripts/generate_psa_tests.py` vs
`./tests/scripts/generate_psa_tests.py` vs an absolute path.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-02-17 14:50:17 +01:00
Gilles Peskine
0ac258ed0b Don't consider secp192r1
SECP192R1 is declared in the PSA API specification, but it's an old
one that Mbed TLS doesn't support and even OpenSSL doesn't support.
We don't have test vectors for it. Just skip it.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-02-17 14:50:17 +01:00
Gilles Peskine
0cbaf056fa Add some randomly generated keys
RSA-1536:
```
openssl genrsa 1536 2>/dev/null | openssl rsa -outform DER -pubout |hexlify
```
then formatted manually.

ECC except Montgomery:
```
function e { openssl genpkey -algorithm ec -pkeyopt ec_paramgen_curve:$1 -text |perl -0777 -pe 's/.*\npriv:([\n 0-9a-f:]*)pub:([\n 0-9a-f:]*).*/"$1","$2"/s or die; y/\n ://d; s/,/,\n              /;' |xsel -b; }
```

Curve448:
```
openssl genpkey -algorithm x448
```
then formatted manually.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-02-17 14:50:17 +01:00
Gilles Peskine
6f6483f2d2 New module for key material for asymmetric key types
Asymmetric keys can't just be arbitrary byte strings: the public key
has to match the private key and the private key usually has
nontrivial constraints.

In order to have deterministic test data and not to rely on
cryptographic dependencies in the Python script, hard-code some test
keys.

In this commit, copy some test keys from test_suite_psa_crypto.data.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-02-17 14:50:17 +01:00
Gilles Peskine
8ffb585659 New function to write a whole .data file
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-02-17 14:50:16 +01:00
Gilles Peskine
db2f575c9d New Python module for generating Mbed TLS test cases
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-02-17 14:50:16 +01:00
Gilles Peskine
397b0287b1 Create sample key material for symmetric keys
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-02-17 14:50:16 +01:00
Gilles Peskine
df63968c0c Enumerate sizes to test for each key type
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-02-17 14:50:16 +01:00
Gilles Peskine
0156a15190 Framework for knowledge about key types
New Python module intended to gather knowledge about key types and
cryptographic mechanisms, such as the ability to create test data for
a given key type and the determination of whether an algorithm is
compatible with a key type.

This commit just creates a class for knowledge about key types.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-02-17 14:50:16 +01:00
Gilles Peskine
0655b4f1e0 Check if the last word is 'MASK', not if it ends with 'MASK'
At the moment it makes no difference, but it could if e.g. a new
algorithm was called 'foomask'.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-02-17 14:50:16 +01:00
Gilles Peskine
13d60eb4fc MacroCollector: default to not including intermediate macros
By default, exclude macros whose numerical value is not a valid member
of the semantic type (e.g. PSA_ALG_xxx_BASE is not itself an
algorithm, only an intermediate value used to construct others). But
do include them with include_intermediate=True, which
generate_psa_constants.py does.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-02-17 14:50:16 +01:00
Gilles Peskine
f8deb759ba Factor out is_internal_name as a separate method
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-02-17 14:50:16 +01:00
Gilles Peskine
e7c445542d Move PSAMacroCollector to a module of its own
This will make it possible to use the class from other scripts.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-02-17 14:50:16 +01:00
Gilles Peskine
7bb85c2640 Separate the parsing and generation parts of MacroCollector
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-02-17 14:50:16 +01:00
Bence Szépkúti
a63b20d28b Rename AEAD tag length macros
This brings them in line with PSA Crypto API 1.0.0

PSA_ALG_AEAD_WITH_DEFAULT_TAG_LENGTH -> PSA_ALG_AEAD_WITH_DEFAULT_LENGTH_TAG
PSA_ALG_AEAD_WITH_TAG_LENGTH         -> PSA_ALG_AEAD_WITH_SHORTENED_TAG

Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2021-02-11 11:39:31 +01:00
Gilles Peskine
53943ca434
Merge pull request #3992 from stevew817/feature/ecp_no_fallback
Add a flag for disabling software fallback in ecp.c
2021-01-29 16:08:51 +01:00
Ronald Cron
88a8035860
Merge pull request #3953 from gilles-peskine-arm/python-mypy-mkdir
Python upscale: pass mypy and create library directory
2021-01-29 12:07:53 +01:00
Steven Cooreman
77e09b697f Don't turn on NO_FALLBACK for full build since it removes functionality
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-01-22 09:43:27 +01:00
Gilles Peskine
2991b5f6c0 Minor documentation fixes
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-01-19 21:23:11 +01:00
paul-elliott-arm
2427d15ea3
Merge pull request #3986 from gilles-peskine-arm/ssl_test_lib-create
Unify common code of ssl_client2.c and ssl_server2.c
2021-01-13 15:30:00 +00:00
Gilles Peskine
c772b1822a Move the declaration of query_config() to a dedicated header file
Declaring query_config() belongs with the query_config program, not in
ssl_test_lib.h, so move the declaration to a new header file
query_config.h.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-01-13 14:19:43 +01:00
Gilles Peskine
a51e1dbe76
Merge pull request #3895 from gilles-peskine-arm/psa-external-random
Alternative random generator support for PSA
2021-01-06 17:09:11 +01:00
Gilles Peskine
a3ed34fed6 ssl_test_lib.[hc]: new source file for common SSL test code
Create a new source file for code that is shared between ssl_client2.c
and ssl_server2.c. This commit only creates the file; subsequent
commits will populate it.

Add it to the official build systems (make, cmake, VS).

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-01-06 10:25:35 +01:00
Gilles Peskine
2adebc89da Move get_c_expression_values into a separate module
Create a directory mbedtls_dev intended to contain various Python
module for use by Python scripts located anywhere in the Mbed TLS
source tree.

Move get_c_expression_values and its auxiliary functions into a new
Python module mbedtls_dev.c_build_helper.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-12-11 00:35:19 +01:00
Bence Szépkúti
a294551446 Update PSA Crypto macro values to version 1.0.0
This should be everything that's needed for the stable storage format.

Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2020-12-07 21:03:05 +01:00
Gilles Peskine
f08b3f8624 Autonomous random driver: create configuration option
Create a configuration option for autonomous random drivers, i.e. PSA
crypto drivers that provide a random generator, that have their own
entropy source and do not support injecting entropy from another
source.

This commit only creates the configuration option. Subsequent commits
will add the implementation and tests.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-11-23 16:28:09 +01:00
Gilles Peskine
662deb38d6
Merge pull request #3547 from ronald-cron-arm/psa-openless
Openless PSA crypto APIs implementation
2020-11-20 18:48:33 +01:00
Gilles Peskine
67aed9ada6 Simplify conditional guards in error.c
Simplify the guards on MBEDTLS_ERROR_C and MBEDTLS_ERROR_STRERROR_DUMMY.

No longer include superfluous headers and definition: platform.h is
only needed for MBEDTLS_ERROR_C; time_t is not needed at all.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-11-16 15:02:16 +01:00
Ronald Cron
c3623dbc76 State PSA_CRYPTO_KEY_ID_ENCODES_OWNER and USE_PSA_CRYPTO incompatibility
Code under MBEDTLS_USE_PSA_CRYPTO define is PSA client
code intended to use key identifiers of type psa_key_id_t.
Thus the MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER
configuration option is incompatible with
MBEDTLS_USE_PSA_CRYPTO.

State this in config.h and check_config.h.

As a consequence:
. remove MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER from
  the full configuration, as MBEDTLS_USE_PSA_CRYPTO is
  part of it.

. add a new component in all.sh to keep testing the
  library when MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER
  is set.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-11-10 16:00:41 +01:00
Gilles Peskine
b64e0fe5e3 Fix conditions for including string.h in error.c
<string.h> is actually needed when MBEDTLS_ERROR_C is enabled and not
when only MBEDTLS_ERROR_STRERROR_DUMMY is enabled.

Fix #3866.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-11-09 15:17:07 +01:00