Commit graph

29467 commits

Author SHA1 Message Date
Gilles Peskine
cbd2cbb408 Rename identifier for consistency
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-02-15 13:12:44 +01:00
Gilles Peskine
465e4ed56b Prioritize SHA2 over MD5 for KNOWN_SUPPORTED_HASH_ALG
This fixes the ability to exercise keys in configurations where MD5 is
supported for direct use, but not inside some accelerated algorithms. This
is the case in `all.sh test_psa_crypto_config_accel_ecc_ecp_light_only` and
some other accelerated-ECC components of `all.sh`, where the driver is built
without MD5 support but built-in MD5 remains enabled.

This is only a hack, not a theoretically correct fix, but a correct fix is
out of scope of my current work.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-02-12 19:54:53 +01:00
Gilles Peskine
34955677e5 Don't exercise if the algorithm is not supported
Parsing a key and importing it into PSA may result in a policy that
specifies an algorithm that is not included in the build. This happens if
the key type is supported, but not the algorithm, e.g. in a build with
MBEDTLS_ECP_C but not MBEDTLS_ECDSA_C.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-02-12 19:31:55 +01:00
Gilles Peskine
1d33876d37 Fix some preprocessor guards
Fix the build in some configurations.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-02-12 19:07:45 +01:00
Gilles Peskine
74860ddec2 Don't define pk_sign_verify in configurations where it's unused
In some configurations (e.g. ECDH but no ECDSA or RSA), the PK module is
useful but cannot perform any signatures. Then modern GCC complains:

```
../source/tests/suites/test_suite_pk.function: In function ‘test_pk_sign_verify’:
../source/tests/suites/test_suite_pk.function:1136:12: error: array subscript 0 is outside array bounds of ‘unsigned char[0]’ [-Werror=array-bounds]
../source/tests/suites/test_suite_pk.function:1094:19: note: while referencing sig’
…
```

This fixes test-ref-configs.pl with a modern GCC (specifically with
config-thread.h).

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-02-12 19:07:45 +01:00
Gilles Peskine
35cb319832 depends.py: set unique configuration names in outcome file
Set unique configuration names in the outcome file. This was lost in the
rewrite from depends-*.pl to depends.py.

Fix #7290

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-02-12 17:32:44 +01:00
Gilles Peskine
157679c0d5 mbedtls_pk_import_into_psa: positive tests with pkparse output
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-02-12 17:32:44 +01:00
Gilles Peskine
10e9c412c0 mbedtls_pk_import_into_psa: negative tests for different ECC curve
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-02-12 17:32:44 +01:00
Gilles Peskine
fc3d866ad2 mbedtls_pk_import_into_psa: implement and test
Implement mbedtls_pk_import_into_psa for all PK types except RSA_ALT.
This covers importing a key pair, importing a public key and importing
the public part of a key pair.

Test mbedtls_pk_import_into_psa() with the output of
mbedtls_pk_get_psa_attributes(). Also unit-test mbedtls_pk_import_into_psa()
on its own to get extra coverage, mostly for negative cases.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-02-12 17:32:44 +01:00
Gilles Peskine
fdb809ef86 exercise_key: fix asymmetric encrypt/decrypt with >2028-bit RSA
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-02-12 17:31:03 +01:00
Gilles Peskine
4781bd9773 exercise_key: allow SIGN_MESSAGE/VERIFY_MESSAGE with PSA_ALG_ANY_HASH
There was already code to instantiate the wildcard for sign/verify-hash.
Make that work with sign/verify-message as well.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-02-12 17:30:27 +01:00
Gilles Peskine
05ee3fbdc0 mbedtls_pk_import_into_psa: documentation
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-02-09 19:31:04 +01:00
Gilles Peskine
48b87ebde3 Choose a curve for tests at compile time
This makes it possible to use the curve in test data.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-02-09 19:31:04 +01:00
Janos Follath
7a28738205
Merge pull request #8636 from paul-elliott-arm/new_test_thread_interface
New test thread interface
2024-02-08 12:35:40 +00:00
Tom Cosgrove
1dbfc8ad3c
Merge pull request #8790 from paul-elliott-arm/fix_ctr_drbg_comment
Fix confusing comment in ctr drbg thread test
2024-02-08 11:11:50 +00:00
Manuel Pégourié-Gonnard
b7307630bb
Merge pull request #8703 from valeriosetti/issue7765-guards-in-asn1
Conversion function between raw and DER ECDSA signatures (guards in ASN1)
2024-02-08 08:45:30 +00:00
Manuel Pégourié-Gonnard
7bf1e98f44
Merge pull request #8740 from valeriosetti/issue8647
Move RSA basic key parsing/writing to rsa.c
2024-02-08 08:35:42 +00:00
Tom Cosgrove
c8de362202
Merge pull request #8665 from ivq/reduce_static_mem
Reduce many unnecessary static memory consumption
2024-02-07 23:26:27 +00:00
Valerio Setti
1910390b4a psa_util: improve leading zeros check in convert_der_to_raw_single_int()
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-02-07 16:16:58 +01:00
Paul Elliott
bda577bb0b Fix confusing comment in ctr drbg thread test
Make it clearer where the magic number chosen for entropy_len actually
comes from, and why we chose this value.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2024-02-07 15:13:46 +00:00
Dave Rodgman
9b272ac1c6
Merge pull request #8794 from daverodgman/pr-guidelines
Remind contributors not to force-push
2024-02-07 15:08:42 +00:00
Valerio Setti
ef07fa0fc3 test_suite_psa_crypto_util: add more test for raw->der
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-02-07 15:16:45 +01:00
Valerio Setti
affba30833 psa_util: update documentation for mbedtls_ecdsa_raw_to_der()
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-02-07 15:03:33 +01:00
Manuel Pégourié-Gonnard
b02c0be06a
Merge pull request #8791 from gilles-peskine-arm/psa-legacy-bridges-ecdsa-bits-first
Update ECDSA signature conversion specification
2024-02-07 13:43:29 +00:00
Paul Elliott
292b1dc1e1
Merge pull request #8789 from paul-elliott-arm/fix_tsan_gcc
Stop platform test failures with GCC and TSAN
2024-02-07 11:32:39 +00:00
Dave Rodgman
2a6593bbb6 Slightly soften force-push suggestion
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2024-02-07 11:05:47 +00:00
Dave Rodgman
c1a4d1f09a Remove comments about rebasing vs merging; link to longer RTD document
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2024-02-07 11:04:14 +00:00
Dave Rodgman
2840523ae4 Remind contributors not to force-push
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2024-02-07 10:42:41 +00:00
Gilles Peskine
3f557ad59c Wording improvement
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-02-07 11:22:16 +01:00
Manuel Pégourié-Gonnard
1d7bc1ecdf
Merge pull request #8717 from valeriosetti/issue8030
PSA FFDH: feature macros for parameters
2024-02-07 10:06:03 +00:00
Dave Rodgman
57a0957938
Merge pull request #8788 from daverodgman/old-gcc-alignment-bug
Change unaligned access method for old gcc
2024-02-07 09:31:45 +00:00
Valerio Setti
447bbce8b4 rsa: remove unnecessary check in priv/pub key parsing
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-02-07 08:02:03 +01:00
Gilles Peskine
30a303f1a8 ECDSA signature conversion: put bits first
Metadata, then inputs, then outputs.
https://github.com/Mbed-TLS/mbedtls/pull/8703#discussion_r1474697136

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-02-06 19:45:11 +01:00
Paul Elliott
e053cb2f12 Stop platform test failures with GCC and TSAN
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2024-02-06 18:10:43 +00:00
Gilles Peskine
8bdd8cdc4f
Merge pull request #8729 from adeaarm/crypto_struct_client_view
Add a client view of the multipart contexts
2024-02-06 17:29:55 +00:00
Gilles Peskine
f45589b492
Merge pull request #8198 from silabs-Kusumit/kdf_incorrect_initial_capacity
KDF incorrect initial capacity
2024-02-06 17:29:43 +00:00
Gilles Peskine
137e0c1a02
Merge pull request #8761 from valeriosetti/issue4681
Re-introduce enum-like checks from CHECK_PARAMS
2024-02-06 17:29:38 +00:00
Gilles Peskine
fb7001f15b
Merge pull request #8738 from gilles-peskine-arm/pk_import_into_psa-use_usage
Implement mbedtls_pk_get_psa_attributes
2024-02-06 17:28:54 +00:00
Valerio Setti
1810fd9ac8 add changelog
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-02-06 17:03:32 +01:00
Valerio Setti
bb76f80218 pk_wrap: use proper raw buffer length in ecdsa_sign_psa()
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-02-06 16:57:23 +01:00
Valerio Setti
cf81f69977 psa_util: smarter raw length check in mbedtls_ecdsa_raw_to_der()
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-02-06 16:57:12 +01:00
Dave Rodgman
91d5fde944
Merge pull request #8745 from adeaarm/trail_key_id_field
Put the id field at the end of the psa_key_attributes_s structure
2024-02-06 15:55:56 +00:00
Valerio Setti
6269f3baf4 Revert "psa_util: allow larger raw buffers in mbedtls_ecdsa_raw_to_der()"
This reverts commit d4fc5d9d1c.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-02-06 16:55:18 +01:00
Valerio Setti
2b6a7b37f4 suite_psa_crypto_util: use 521 bits data and bit-size instead of 528
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-02-06 16:21:44 +01:00
Dave Rodgman
e093281a8b Pacify check-names
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2024-02-06 15:00:58 +00:00
Valerio Setti
94c5806a64 suite_psa_crypto_util: make ecdsa_raw_to_der_incremental() more readable
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-02-06 15:49:06 +01:00
Dave Rodgman
d09f96b829 Improve docs
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2024-02-06 13:51:58 +00:00
Valerio Setti
eae7fce829 add changelog
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-02-06 14:40:59 +01:00
Dave Rodgman
22b934e6d2 Use struct not union
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2024-02-06 13:16:13 +00:00
Dave Rodgman
f4e8234f93 Improve docs
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2024-02-06 13:16:13 +00:00