Commit graph

3419 commits

Author SHA1 Message Date
Gilles Peskine
f0f2294f57
Merge pull request #4708 from mstarzyk-mobica/ccm_chunked
Ccm chunked - enable multipart CCM in PSA
2021-09-21 13:46:52 +02:00
Gilles Peskine
93cb6111ba
Merge pull request #4878 from SiliconLabs/remove_dependency_4877
Remove dependency of built-in keys on storage
2021-09-20 22:20:16 +02:00
Ronald Cron
133740b74e tests: Improve incomplete then overflow tests
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-09-17 09:38:07 +02:00
Archana
9d17bf4215
Styling and refactoring
Signed-off-by: Archana <archana.madhavan@silabs.com>
2021-09-10 07:16:08 +05:30
Archana
9a2b6ff8f2
Fix test vector dependency
Fix opaque key test vector dependency to PSA_CRYPTO_DRIVER_TEST
instead of MBEDTLS_PSA_CRYPTO_DRIVERS while validating with
test drivers.

Signed-off-by: Archana <archana.madhavan@silabs.com>
2021-09-09 12:32:16 +05:30
Archana
a316b7e42b
Rebase and update signature for curve448 tests
Also include the opaque test cases for curve448 vectors.

Signed-off-by: Archana <archana.madhavan@silabs.com>
2021-09-09 10:11:02 +05:30
Archana
74d99c6bfc
Add a test to validate copy to read only lifetime
Signed-off-by: Archana <archana.madhavan@silabs.com>
2021-09-09 10:11:02 +05:30
Archana
8a180368fb
Add opaque test driver support for copy key
A minimal test driver extension is added to support
copy of opaque keys within the same location.
Test vector support is extended to cover opaque keys.

Signed-off-by: Archana <archana.madhavan@silabs.com>
2021-09-08 22:04:07 +05:30
Archana
4d7ae1d8cf
Add test driver support for opaque key import
-Add test driver support to import/export while wrapping keys
 meant to be stored in the PSA core as opaque( emulating an
 SE without storage ).
-Export validate_unstructured_key_bit_size as
 psa_validate_unstructured_key_bit_size, thereby changing its scope.
-Improve the import/export test cases in test_suite_psa_crypto to also
 cover opaque keys, thereby avoiding duplication.

Signed-off-by: Archana <archana.madhavan@silabs.com>
2021-09-08 22:03:54 +05:30
Mateusz Starzyk
83e4c1270a Add CCM tests for passing unexpected input.
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
2021-09-06 12:09:34 +02:00
Mateusz Starzyk
efec38bb29 Extend CCM corner cases tests.
Add tests covering skipped update() or update_ad()
for empty plaintext/ciphertext and empty auth data.

Test vector for P=0, A=0 generated using python's
cryptography.hazmat library.

Python script used for test vector generation:
```
import os
from cryptography.hazmat.primitives.ciphers.aead import AESCCM

def encrypt(key, iv, plaintext, associated_data):

    key = bytes.fromhex(key)
    iv = bytes.fromhex(iv)
    plaintext = bytes.fromhex(plaintext)
    associated_data = bytes.fromhex(associated_data)

    aesccm = AESCCM(key)
    ct = aesccm.encrypt(iv, plaintext, associated_data)
    return ct.hex()

def decrypt(key, associated_data, iv, ciphertext):

    key = bytes.fromhex(key)
    associated_data = bytes.fromhex(associated_data)
    iv = bytes.fromhex(iv)
    ciphertext = bytes.fromhex(ciphertext)

    aesccm = AESCCM(key)
    pt = aesccm.decrypt(iv, ciphertext, associated_data)
    return pt.hex()

key = "54caf96ef6d448734700aadab50faf7a"
plaintext = ""
iv = "a3803e752ae849c910d8da36af"
aad = ""

encrypted = encrypt(key, iv, plaintext, aad)

print(f"key: {key}")
print(f"iv: {iv}")
print(f"encrypted: {encrypted}")

print("--------------------------------------")

decrypted = decrypt(
    key,
    aad,
    iv,
    encrypted
)

print(f"decrypted: {decrypted}")
```

Results:
```
key: 54caf96ef6d448734700aadab50faf7a
iv: a3803e752ae849c910d8da36af
encrypted: eba8347baa6d61f87b67c2dd7c6d2053
--------------------------------------
decrypted:
```

Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
2021-09-06 12:09:34 +02:00
Mateusz Starzyk
cd975e4645 Extend CCM corner cases tests.
Add tests for passing incomplete input data in
the first call and too much data in the second call.

Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
2021-09-06 12:09:33 +02:00
Mateusz Starzyk
3050f054f2 Subtract 1 from input in CCM's incomplete data tests
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
2021-09-03 12:59:44 +02:00
Mateusz Starzyk
df2507301b Use AES-128 for multipart CCM corner cases tests
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
2021-09-02 12:36:02 +02:00
Mateusz Starzyk
7251eda6ff Replace BAD_SEQUENCE error with BAD_INPUT
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
2021-09-01 13:26:44 +02:00
Manuel Pégourié-Gonnard
5a8abb144c
Merge pull request #4883 from mstarzyk-mobica/fix_psa_sign_msg
PSA MAC computation with _HASH flag implies _MESSAGE.
2021-09-01 12:23:20 +02:00
Mateusz Starzyk
1ebcd55afa Extend mac_key_policy test.
Add checks for psa_mac_compute and psa_mac_verify.

Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
2021-08-30 17:11:01 +02:00
Mateusz Starzyk
cbefb6ba4d Merge branch 'development' into ccm_chunked
Conflicts:
	library/ccm.c

Conflict resolved by re-applying the MBEDTLS_BYTE_0 macro.
Conflict resolved by ignoring the MBEDTLS_PUT_UINT16_BE macro
used in development branch on the 'b' buffer, because the 'b'
buffer is removed in current branch.
2021-08-24 15:14:23 +02:00
Mateusz Starzyk
d07f4fc30f Use separate expected results for MAC sign and verify key policy.
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
2021-08-24 14:16:55 +02:00
Mateusz Starzyk
cb0a7cd142 Fix mac_key_policy test function
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
2021-08-20 11:34:49 +02:00
Archana
0dc86b5a2a
Remove dependency of builtin keys on storage
The psa_open_key API depends on MBEDTLS_PSA_CRYPTO_STORAGE_C.
This is unnecessary for builtin keys and so is fixed.
Updated an open_fail test vector keeping with the same.

Signed-off-by: Archana <archana.madhavan@silabs.com>
2021-08-17 02:46:00 +05:30
Dave Rodgman
2aec149e13
Merge pull request #4248 from hanno-arm/tls13_populate_transform
Fix and test compliance of TLS 1.3 record protection
2021-08-11 16:41:51 +01:00
Mateusz Starzyk
e0f5227550 Add CCM test for calling finish without any input.
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
2021-08-10 14:31:57 +02:00
Mateusz Starzyk
8fb1754e1a Add short description for CCM test functions.
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
2021-08-10 14:00:14 +02:00
Mateusz Starzyk
f442de69eb Add tests for CCM corner cases.
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
2021-08-10 14:00:14 +02:00
Mateusz Starzyk
bccbf88bc3 Rename CCM test functions.
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
2021-08-10 14:00:14 +02:00
Mateusz Starzyk
ceb5bc6150 Fix typos.
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
2021-08-10 13:58:39 +02:00
Mateusz Starzyk
8788906947 Add CCM test for edge cases.
Cover:
- not calling auth data update
- not calling cipher text update
- exceeding configured auth data length
- exceeding configured cipher text length

Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
2021-08-10 13:58:39 +02:00
Mateusz Starzyk
c8bdf36a72 Validate tag pointer in ccm function.
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
2021-08-10 13:58:39 +02:00
Mateusz Starzyk
27a1bef89d Tidy up test functions.
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
2021-08-10 13:56:37 +02:00
Mateusz Starzyk
29ec75b34e Add multipart testing to CCM* tests.
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
2021-08-10 13:56:37 +02:00
Mateusz Starzyk
25a3dfe7dd Add multipart tests for ccm suite.
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
2021-08-10 13:56:37 +02:00
Jerry Yu
b19ccc3998 fix test_suite_debug test fail
Before `mbedtls_ssl_setup`, config functions should
be called. Without it, `mbedtls_ssl_setup` will raise
invalid value error.

Change-Id: I46fdaa5e8eb83d06c620087a9e1e7e14e1c5d9b5
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-08-10 13:34:32 +08:00
Gilles Peskine
8bb9b80d18
Merge pull request #4806 from hanno-arm/ssl_session_serialization_version
Store TLS version in SSL session structure
2021-08-02 12:45:55 +02:00
Hanno Becker
d7e4b2ce42 Remove duplicated test from SSL test suite
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-08-02 04:54:03 +01:00
Hanno Becker
1f91878281 Specify padding granularity in TLS 1.3 record protection KATs
Still check that encryption and decryption are inverse to each other
if the granularity does not match the one used in the KAT.

Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-08-02 04:54:03 +01:00
Hanno Becker
41537452f4 Add comment regarding the wire-version used in TLS 1.3 records
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-08-02 04:54:03 +01:00
Hanno Becker
80e760e006 Fix memory leak in TLS 1.3 record protection unit test
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-08-02 04:54:02 +01:00
Hanno Becker
a77d005d39 Add known answer tests for TLS 1.3 record protection
This commit adds four known answer tests for TLS 1.3 record protection
from the following sources:

- RFC 8448 "Example Handshake Traces for TLS 1.3"
- tls13.ulfheim.net "The New Illustrated TLS Connection"

It extends the test coverage of the existing record protection tests
in the following ways:

- The existing record protection tests hand-craft record transform
  structures; the new tests use the function

     mbedtls_ssl_tls13_populate_transform()

  from library source to create an TLS 1.3 transform from raw
  key material and connection information.
- The existing record protection tests only check that encryption
  and decryption are inverse to each other; as such, they don't
  catch non-compliant implementations of encryption and decryption
  which happen to be inverse to each other. By adding a known answer
  test for TLS 1.3 record protection, can gain confidence that our
  implementation is indeed standards-compliant.

Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-08-02 04:53:58 +01:00
Gilles Peskine
69813477b0
Merge pull request #4758 from paul-elliott-arm/fix_cipher_output_size
Fix divide by zero if macro used with wrong key type
2021-07-30 18:56:18 +02:00
Manuel Pégourié-Gonnard
8da9dc05e8
Merge pull request #4748 from TRodziewicz/re-introduce_ext_checks_for_psa_unlock-wipe_key_slot
Re-introduction of key slot checks
2021-07-29 13:45:57 +02:00
Manuel Pégourié-Gonnard
06672ef771
Merge pull request #4776 from gilles-peskine-arm/generate_psa_tests-robutness-202107
Fix bugs around generate_psa_tests.py invocation from tests/Makefile
2021-07-29 09:58:19 +02:00
Manuel Pégourié-Gonnard
b637150dfe
Merge pull request #4730 from TRodziewicz/finish_removing_tls_1.0_and_1.1
Remove all TLS 1.0 and 1.1 instances and add some compatibility tests
2021-07-27 09:42:53 +02:00
Hanno Becker
fadbdbb576 Store TLS version in SSL session structure
Instances of `mbedtls_ssl_session` represent data enabling session resumption.

With the introduction of TLS 1.3, the format of this data changes. We therefore
need TLS-version field as part of `mbedtlsl_ssl_session` which allows distinguish
1.2 and 1.3 sessions.

This commit introduces such a TLS-version field to mbedtls_ssl_session.

The change has a few ramifications:

- Session serialization/deserialization routines need to be adjusted.

  This is achieved by adding the TLS-version after the header of
  Mbed TLS version+config, and by having the subsequent structure
  of the serialized data depend on the value of this field.

  The details are described in terms of the RFC 8446 presentation language.

  The 1.2 session (de)serialization are moved into static helper functions,
  while the top-level session (de)serialization only parses the Mbed TLS
  version+config header and the TLS-version field, and dispatches according
  to the found version.

  This way, it will be easy to add support for TLS 1.3 sessions in the future.

- Tests for session serialization need to be adjusted

- Once we add support for TLS 1.3, with runtime negotiation of 1.2 vs. 1.3,
  we will need to have some logic comparing the TLS version of the proposed session
  to the negotiated TLS version. For now, however, we only support TLS 1.2,
  and no such logic is needed. Instead, we just store the TLS version in the
  session structure at the same point when we populate mbedtls_ssl_context.minor_ver.

The change introduces some overlap between `mbedtls_ssl_session.minor_ver` and
`mbedtls_ssl_context.minor_ver`, which should be studied and potentially resolved.
However, with both fields being private and explicitly marked so, this can happen
in a later change.

Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-07-23 06:25:48 +01:00
Ronald Cron
dfce58f32d
Merge pull request #4753 from JoeSubbiani/TestBlockSizes_dev
Test block sizes are powers of 2
2021-07-22 11:19:18 +02:00
TRodziewicz
3daaea858b Changing the places of the mbedtls_test_hook_test_fail callback declaration
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
2021-07-20 13:36:16 +02:00
TRodziewicz
12c77410eb Removing unneded extern declaration of a callback and including common.h where the cb is needed
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
2021-07-15 16:12:54 +02:00
Joe Subbiani
5ccdc556b1 Remove trailing whitespace
Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>
2021-07-15 09:03:51 +01:00
Joe Subbiani
113d80c219 Simplify the test and description
Previously the check was convoluted. This has been simplified
and given a more appropriate suggestion as per gilles suggestion

Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>
2021-07-14 15:16:09 +01:00
Paul Elliott
a417f56d28 Add non regression test for cipher output size
Call the output size macros specifically with asymmetric keys, which
would cause a crash (and thus test fail) should this fix get regressed.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-07-14 12:39:54 +01:00