Commit graph

11765 commits

Author SHA1 Message Date
Andrew Thoelke
51514f57e9 Resolve inconsistent descipriton of operation state after exhausting a key derivation operation 2019-09-18 17:50:01 +01:00
Andrew Thoelke
4104afb770 Clarify valid state descriptions 2019-09-18 17:47:25 +01:00
Gilles Peskine
fc95b847af
Merge pull request #256 from athoelke/at-aead-verify
Add missing error case to psa_aead_verify
2019-09-18 10:27:36 +02:00
Andrew Thoelke
beb97ba066 Update documentation for multipart key derivation operations 2019-09-13 15:35:18 +01:00
Andrew Thoelke
414415a457 Update documentation for multipart aead operations 2019-09-13 15:35:18 +01:00
Andrew Thoelke
db6f44f875 Update documentation for multipart cipher operations 2019-09-13 15:35:17 +01:00
Andrew Thoelke
9f208cc8c2 Update documentation for multipart mac operations 2019-09-13 15:35:17 +01:00
Andrew Thoelke
272ba1dd96 Update documentation for multipart hash operations 2019-09-13 15:35:17 +01:00
Andrew Thoelke
340984b003 Fix PSA_ERROR_BAD_STATE messages
Remove some duplicated entries and added some missing ones.
2019-09-13 15:35:17 +01:00
Gilles Peskine
89cc74f447 Fix signature size checks in psa_asymmetric_verify for RSA
The signature must have exactly the same length as the key, it can't
be longer. Fix #258

If the signature doesn't have the correct size, that's an invalid
signature, not a problem with an output buffer size. Fix the error code.

Add test cases.
2019-09-13 11:39:11 +02:00
Gilles Peskine
4019f0e914 Immediately reject 0-size signature buffer when signing
In psa_asymmetric_sign, immediately reject an empty signature buffer.
This can never be right.

Add test cases (one RSA and one ECDSA).

Change the SE HAL mock tests not to use an empty signature buffer.
2019-09-12 22:05:59 +02:00
Gilles Peskine
f916894ef3 Remove special handling for zero-length keys
Zero-length keys are rejected at creation time, so we don't need any
special handling internally.

When exporting a key, we do need to take care of the case where the
output buffer is empty, but this is easy: an empty output buffer is
never valid.
2019-09-12 19:21:37 +02:00
Gilles Peskine
043b281714 Add a few test cases for non-byte-aligned raw data keys
Add tests for derivation.

Test both 7 bits and 9 bits, in case the implementation truncated the
bit size down and 7 was rejected as 0 rather than because it isn't a
multiple of 8.

There is no corresponding test for import because import determines
the key size from the key data, which is always a whole number of bytes.
2019-09-12 19:05:00 +02:00
Gilles Peskine
0f84d6245b Reject keys of size 0
Implement the prohibition on keys of size 0.
2019-09-12 19:03:13 +02:00
Gilles Peskine
a782b95806 Add test cases for zero-length keys
Check that zero-length keys cannot be imported, generated or derived.
2019-09-12 19:01:52 +02:00
Gilles Peskine
491181bd9d Remove test cases that use zero-length keys
If there isn't already a test with a raw data key of the now-minimal
length (1 byte), change the test case to a 1-byte key.
2019-09-12 18:50:58 +02:00
Gilles Peskine
05c900b576 Forbid keys of size 0
Keys of size 0 generally don't make sense: a key is supposed to be
secret. There is one edge case which is "raw data" keys, which are
useful to store non-key objects in the same storage location as keys.
However those are also problematic because they involve a zero-length
buffer. Manipulating zero-length buffers in C requires special cases
with functions like malloc() and memcpy(). Additionally, 0 as a key
size already has a meaning "unspecified", which does not always
overlap seamlessly with the meaning "0".

Therefore, forbid keys of size 0. No implementation may accept them.
2019-09-12 18:29:43 +02:00
Gilles Peskine
a170d927dd Clarify how key creation functions use attributes and what 0 means
Clarify how key creation functions use attributes. Explain the meaning
of attribute values, espcially what 0 means in each field where it has
a special meaning. Explain what an algorithm usage policy can be (an
algorithm, a wildcard with ANY_HASH, or 0).
2019-09-12 17:38:19 +02:00
Jaeden Amero
3f20efc030
Merge pull request #246 from gilles-peskine-arm/psa-se_driver-interface_test_strategy
Secure element driver interface test strategy
2019-09-12 14:31:26 +01:00
Andrew Thoelke
5ae24ec7af Add missing error case to psa_aead_verify 2019-09-12 09:44:33 +01:00
Jaeden Amero
d93c965d6e
Merge pull request #227 from adrianlshaw/fix_section
Move psa_destroy_key and psa_copy_key to Key Management section
2019-09-11 17:34:55 +01:00
Gilles Peskine
aac3853348 Fix long-standing bug in error code description
MBEDTLS_ERR_ASN1_INVALID_DATA is documented as "not used", but it has
been used since the PolarSSL days.
2019-09-11 18:16:11 +02:00
Gilles Peskine
2cd8ecc08b New test helper macro ASSERT_ALLOC_WEAK
The new macro ASSERT_ALLOC_WEAK does not fail the test case if the
memory allocation fails. This is useful for tests that allocate a
large amount of memory, but that aren't useful on platforms where
allocating such a large amount is not possible.

Ideally this macro should mark the test as skipped. We don't yet have
a facility for that but we're working on it. Once we have a skip
functionality, this macro should be changed to use it.
2019-09-11 15:46:45 +02:00
Gilles Peskine
09c0a2364b mbedtls_asn1_store_named_data: clarify val allocation behavior
Document how mbedtls_asn1_store_named_data allocates val.p in the new
or modified entry.

Change the behavior to be more regular, always setting the new length
to val_len. This does not affect the previous documented behavior
since this aspect was not documented. This does not affect current
usage in Mbed TLS's X.509 module where calls with the same OID always
use the same size for the associated value.
2019-09-11 15:46:45 +02:00
Gilles Peskine
a902303587 Test mbedtls_asn1_store_named_data 2019-09-11 15:46:45 +02:00
Gilles Peskine
9311cf5093 asn1write: test NULL, OID and AlgorithmIdentifier 2019-09-11 15:46:45 +02:00
Gilles Peskine
91d8d023c2 Fix typo that prevented mbedtls_asn1_write_len tests from running 2019-09-11 15:46:45 +02:00
Gilles Peskine
3f37dca794 asn1write: Test short and large buffers more systematically
Use the test-many-sizes framework for string writes as
well (previously, it was only used for booleans and integers). This
way, more edge cases are tested with less test code.

This commit removes buffer overwrite checks. Instead of these checks,
run the test suite under a memory sanitizer (which we do in our CI).
2019-09-11 15:46:45 +02:00
Gilles Peskine
105031b1e1 asn1_write documentation: say that integers must be non-negative
The documentation never said it explicitly, but the ASN.1 library
doesn't support negative integers. Say it explicitly.

Also fix a copypasta error.
2019-09-11 15:46:45 +02:00
Gilles Peskine
1dbab67ce8 Improve mbedtls_asn1_write_int to support values >255
mbedtls_asn1_write_int had an undocumented restriction to values that
fit in a single octet. Fix this.

Negative integers are still not supported.
2019-09-11 15:46:45 +02:00
Gilles Peskine
3a032c36c1 Add test cases for BOOLEANs and INTEGERs
Omit negative integers and MPIs that would result in values that look
like negative INTEGERs, since the library doesn't respect the
specifications there, but fixing it has a serious risk of breaking
interoperability when ASN.1 is used in X.509 and other
cryptography-related applications.
2019-09-11 15:46:44 +02:00
Gilles Peskine
e40d1207eb mbedtls_asn1_get_bitstring_null: fix rejection of short inputs
Fix improper rejection of bitstrings with length less than 2.
2019-09-11 15:46:44 +02:00
Gilles Peskine
f7d6acd475 mbedtls_asn1_get_int: allow leading zeros properly
Allow any number of leading zeros, not just based on sizeof(int).
2019-09-11 15:46:44 +02:00
Gilles Peskine
27d806fab4 Add ASN.1 parsing tests
Add self-contained ASN.1 parsing tests, so that ASN.1 parsing is not
solely tested through X.509 and TLS.

The tests cover every function and almost complete line coverage in
asn1parse.c.

A few test cases containing negative and edge case INTEGER values are
deliberately deactivated because the historical library behavior is at
odds with official specifications, but changing the behavior might
break interoperability.

Other than that, these tests revealed a couple of minor bugs which
will be fixed in subsequent commits.
2019-09-11 15:46:44 +02:00
Gilles Peskine
bcbe1dfb23 Improve the documentation of ASN.1 parsing functions
Document preconditions on parameters, values changed through pointers,
and error codes.

This commit leaves some issues regarding integers (especially negative
integers) open, because we don't have a policy decision on how to
handle them yet.
2019-09-11 15:46:44 +02:00
Gilles Peskine
5605591cc1 Report step number when a test case fails
Allow test code to declare a "step number". Report the current step
number when a test fails.
2019-09-11 15:46:44 +02:00
Adrian L. Shaw
4c61c1a736 Move psa_destroy_key and psa_copy_key to Key Management section 2019-09-11 14:40:51 +01:00
Jaeden Amero
cc5aeee278
Merge pull request #248 from RonEld/stack_overflow_in_hmac_fix
Fix a buffer overflow in hmac_setup_internal
2019-09-11 13:55:18 +01:00
Ron Eldor
5a0f45b61b Modify tests
1. Rephrase test description and move it to the section where
all other same tests are located.
2. Add another test for short key.
2019-09-11 14:09:08 +03:00
Ron Eldor
16cca804fb Add non regression test
Add a test that adds a very long key for an unsupported algorithm.
2019-09-11 10:14:48 +03:00
Jaeden Amero
18c7b9fdaa
Merge pull request #210 from tempesta-tech/extra-mbedtls_ecp_group_free
Remove extra mbedtls_ecp_group_free()
2019-09-10 18:51:43 +01:00
Jaeden Amero
9298dca14d
Merge pull request #185 from gilles-peskine-arm/harvard-md
Remove method dispatch from md
2019-09-10 18:38:39 +01:00
Jaeden Amero
4badc92438
Merge pull request #117 from gilles-peskine-arm/psa_error_code_coverage
PSA return status coverage script
2019-09-10 16:39:23 +01:00
Alexander K
56a74cdcc9 Replace 0 by MBEDTLS_ECP_DP_NONE to avoid IAR compiler complains 2019-09-10 17:58:20 +03:00
Jaeden Amero
4864eb5bec
Merge pull request #247 from athoelke/at-key-handles
Update the behavior of key handles
2019-09-10 14:38:56 +01:00
Ron Eldor
296eca6e76 Fix a buffer overflow in hmac_setup_internal
At the end of `psa_hmac_setup_internal()`, the ipad is cleared.
However, the size that was given to clear was `key_len` which is larger
than the size of `ipad`.
2019-09-10 15:21:37 +03:00
Gilles Peskine
4b3db7382d Add "clean" rule 2019-09-09 18:26:20 +02:00
Gilles Peskine
1ff67cc65c Build the driver interface test strategy document 2019-09-09 18:25:13 +02:00
Andrew Thoelke
970629fc9a Fix grammar. 2019-09-09 09:56:34 +01:00
Gilles Peskine
75cc771d3a Run psa_collect_statuses.py in all.sh
Since it needs a slightly different build, even if that's only for the
tests, make it its own component.
2019-09-06 19:47:17 +02:00