Commit graph

4710 commits

Author SHA1 Message Date
Steven Cooreman
f49478b1ff Add missing test skip for ALT-implemented GCM
Bypass was applied to aead_encrypt and aead_decrypt cases, but not
aead_encrypt_decrypt.

Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-02-15 15:31:16 +01:00
Ronald Cron
5cd00d28bf
Merge pull request #4092 from ronald-cron-arm/psa-crypto-client
Psa crypto client
2021-02-15 10:46:35 +01:00
Ronald Cron
7339335c7d
Merge pull request #3967 from bensze01/psa_macro_rename
PSA: Rename AEAD tag length macros
2021-02-12 16:33:21 +01:00
Manuel Pégourié-Gonnard
97ce71daca
Merge pull request #4109 from gilles-peskine-arm/ssl-opt-server-failure-development
ssl-opt.sh: if the server fails, do treat it as a test failure
2021-02-12 12:15:50 +01:00
Manuel Pégourié-Gonnard
b2024ef3bb
Merge pull request #4129 from chris-jones-arm/move-test-macros
Move test macros to macros.h
2021-02-12 10:17:28 +01:00
Bence Szépkúti
a63b20d28b Rename AEAD tag length macros
This brings them in line with PSA Crypto API 1.0.0

PSA_ALG_AEAD_WITH_DEFAULT_TAG_LENGTH -> PSA_ALG_AEAD_WITH_DEFAULT_LENGTH_TAG
PSA_ALG_AEAD_WITH_TAG_LENGTH         -> PSA_ALG_AEAD_WITH_SHORTENED_TAG

Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2021-02-11 11:39:31 +01:00
Steven Cooreman
1e9c042085 Minor fixup of SKIP_IF test macro documentation verbiage
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-02-10 17:02:05 +01:00
Ronald Cron
28a45ed8db tests: psa: Add macros to skip a test case
Add macros to skip a test case when hitting a
common alternative implementation limitation.

Add a macro for AES-192 and GCM with a nonce
length different from 12 bytes.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-02-10 16:07:21 +01:00
Steven Cooreman
50f1f5e119 Use PSA_ALG_ macros to inspect AEAD base algorithm
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-02-10 15:34:52 +01:00
Steven Cooreman
2f09913aeb Set default IV for AES-GCM to 12 bytes
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-02-10 15:34:52 +01:00
Steven Cooreman
82645b153d Allow skipping vectors w/ non-12-byte IV AES-GCM on ALT
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-02-10 15:34:52 +01:00
Steven Cooreman
d588ea1704 Allow skipping AES-192 for alternative implementations in PSA test suite
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-02-10 15:34:52 +01:00
Steven Cooreman
7c9e7da8d4 Add CAVS14.0 AES-GCM vectors to test more IV, tag and key lengths
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-02-10 15:34:52 +01:00
Gilles Peskine
aaf866edd2 ssl-opt.sh: Only check the server exit for Mbed TLS
We care about the exit code of our server, for example if it's
reporting a memory leak after having otherwise executed correctly.

We don't care about the exit code of the servers we're using for
interoperability testing (openssl s_server, gnutls-serv). We assume
that they're working correctly anyway, and they return 1 (gnutls-serv)
or die by the signal handle the signal (openssl) when killed by a
signal.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-02-09 21:01:33 +01:00
Ronald Cron
395889f9b7 psa: Make sure MBEDTLS_PSA_CRYPTO_CLIENT is defined
Make sure MBEDTLS_PSA_CRYPTO_CLIENT is defined
when MBEDTLS_PSA_CRYPTO_C is defined and guard
PSA client code only with MBEDTLS_PSA_CRYPTO_CLIENT.

The definition of MBEDTLS_PSA_CRYPTO_CLIENT is done
in crypto_types.h before the definition of
psa_key_attributes_t. That way as PSA crypto client
code is related to key attributes we can be quite
confident that MBEDTLS_PSA_CRYPTO_CLIENT will be
defined when needed.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-02-09 15:36:08 +01:00
Gilles Peskine
a0b4decff0
Merge pull request #4072 from gilles-peskine-arm/psa_import_ecc_key-not_supported
ECC import: more useful choice of INVALID_ARGUMENT vs NOT_SUPPORTED
2021-02-09 15:16:20 +01:00
Chris Jones
a6d155fb47 Move test macros to macros.h
Move test macros previously located in `suites/helpers.function` to
`include/test/macros.h`. This makes these test infrastructure macros
available for use in other parts of the test infrastructure at compile
time as opposed to run time.

This commit is a simple cut and paste from one file to the other.

Signed-off-by: Chris Jones <christopher.jones@arm.com>
2021-02-09 12:09:33 +00:00
Gilles Peskine
5d332f0274
Merge pull request #4105 from paul-elliott-arm/fix_test_leak
Fix for memory leak in ssl tests
2021-02-09 10:03:49 +01:00
Gilles Peskine
9189202156 Remove trail check in the generate_random test
The test function generate_random allocated a few extra bytes after
the expected output and checked that these extra bytes were not
overwritten. Memory sanity checks such as AddressSanitizer and
Valgrind already detect this kind of buffer overflow, so having this
test in our code was actually redundant. Remove it.

This has the benefit of not triggering a build error with GCC
(observed with 7.5.0 and 9.3.0) when ASan+UBSan is enabled: with the
previous code using trail, GCC complained about an excessively large
value passed to calloc(), which was (size_t)(-sizeof(trail)).
Thus this commit fixes #4122.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-02-08 19:50:26 +01:00
Gilles Peskine
2fa6b5f503 ECC import: more useful choice of INVALID_ARGUMENT vs NOT_SUPPORTED
Attempting to create an ECC key with a curve specification that is not
valid can plausibly fail with PSA_ERROR_INVALID_ARGUMENT ("this is not
a curve specification at all") or PSA_ERROR_NOT_SUPPORTED ("this may
be a curve specification, but not one I support"). The choice of error
is somewhat subjective.

Before this commit, due to happenstance in the implementation, an
attempt to use a curve that is declared in the PSA API but not
implemented in Mbed TLS returned PSA_ERROR_INVALID_ARGUMENT, whereas
an attempt to use a curve that Mbed TLS supports but for which support
was disabled at compile-time returned PSA_ERROR_NOT_SUPPORTED. This
inconsistency made it difficult to write negative tests that could
work whether the curve is implemented via Mbed TLS code or via a
driver.

After this commit, any attempt to use parameters that are not
recognized fails with NOT_SUPPORTED, whether a curve with the
specified size might plausibly exist or not, because "might plausibly
exist" is not something Mbed TLS can determine.

To keep returning INVALID_ARGUMENT when importing an ECC key with an
explicit "bits" attribute that is inconsistent with the size of the
key material, this commit changes the way mbedtls_ecc_group_of_psa()
works: it now works on a size in bits rather than bytes, with an extra
flag indicating whether the bit-size must be exact or not.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-02-08 18:43:26 +01:00
Gilles Peskine
d945871c55
Merge pull request #3872 from gabor-mezei-arm/3275_use_PSA_ERROR_DATA_INVALID_where_warranted
Use PSA_ERROR_DATA_INVALID where warranted
2021-02-03 20:54:46 +01:00
Ronald Cron
540320bf7b
Merge pull request #4054 from chris-jones-arm/move-testing-functions
Move test infrastructure from `tests/suites/helpers.function` into `tests/src/helpers.c`
2021-02-03 19:01:54 +01:00
Gilles Peskine
7f919de1ce ssl-opt.sh: if the server fails, do treat it as a test failure
This used to be the case a long time ago but was accidentally broken.

Fix <github:nogrep> #4103 for ssl-opt.sh.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-02-03 18:09:33 +01:00
Paul Elliott
c7b53747f7 Fix for memory leak in ssl tests
Fix for leaked buffers on error case in build_transforms() in
test_suite_ssl.function

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-02-03 16:15:05 +00:00
Chris Jones
39ddb0a2e1 Improve test infrastructure documentation
Clarify the function descriptions for several test infrastructure functions.

Signed-off-by: Chris Jones <christopher.jones@arm.com>
2021-02-03 16:15:00 +00:00
Steven Cooreman
10ec7804c5 Remove HAVE_RAM_AVAILABLE for derive_full and derive_output tests
Both tests do not require a lot of RAM, even though it may seem
like it at first sight. The derivation output is generated blockwise
from the KDF function, which only keeps state amounting to a couple
of blocks of the underlying hash primitive at a time.
There is never an allocation to keep the full derivation capacity in
memory...

Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-02-03 15:21:04 +01:00
Steven Cooreman
83fdb70550 Convert 'large key' testing to accept insufficient memory errors
Since the tested service may run in a different context with a different heap.

Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-02-03 15:21:01 +01:00
Steven Cooreman
69967ce17e Get rid of half-baked HAVE_RAM_128K in favor of dynamic heap checking
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-02-03 15:19:20 +01:00
Ronald Cron
00c3e87422
Merge pull request #3933 from ronald-cron-arm/psa-import-export
Psa import export
2021-02-03 15:02:01 +01:00
Chris Jones
567e0ad8f1 Add documentation and minor style changes
Add doxygen style documentation to `mbedtls_test_fail`, `mbedtls_test_skip`,
`mbedtls_test_set_step` and `mbedtls_test_info_reset`. This should make it
easier to understand how the test infrastructure is used.

Also make some minor style changes to meet the coding standards and make it
more obvious that `mbedtls_test_info.step` was being incremented.

Signed-off-by: Chris Jones <christopher.jones@arm.com>
2021-02-03 12:07:01 +00:00
Chris Jones
a5ab765832 Remove direct writing to test_info from *.function
Add a new function `mbedtls_test_info_reset()` to remove direct writes to
`mbedtls_test_info`. This change still allows values to be read directly
however all writes are now done inside of `helpers.c`.

Also slightly reordered code to make it easier to read.

Signed-off-by: Chris Jones <christopher.jones@arm.com>
2021-02-02 16:20:45 +00:00
Janos Follath
bbd2bfb666
Merge pull request #4096 from gilles-peskine-arm/mpi_sub_abs-buffer_overflow-development
Fix buffer overflow in mbedtls_mpi_sub_abs negative case
2021-02-02 13:10:31 +00:00
Ronald Cron
1e87d5ba1d tests: psa: Fix export related tests
Fix some export related tests that were
relying on the fact that the size of the
output buffer was checked after other
parameters.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-02-02 11:49:08 +01:00
Ronald Cron
80eaa93b59 tests: psa: Reactivate and expand key management through test driver
The compilation guards in key_management.c are now
accelerator compilation guards (MBEDTLS_PSA_ACCEL_KEY_TYPE_xyz).

As a consequence when running the PSA driver wrapper
tests as part of test_psa_crypto_config_basic
and test_psa_crypto_drivers all.sh components all
key management cryptographic operations were handled by
the software builtin fallback, and not by the test driver
as intended in the first place.

This commits fixes this issue by:
. declaring an accelerator for ECC key pairs in
  test_psa_crypto_config_basic.
. declaring an accelerator for both ECC and RSA
  key pairs in test_psa_crypto_drivers.

It is possible to declare an accelerator for both
ECC and RSA key pairs in test_psa_crypto_drivers
and not in test_psa_crypto_config_basic because
in the case of test_psa_crypto_drivers the new
PSA configuration is not activated. That way,
the builtin fallback software implementation
is present to supply the transparent test driver
when some support is missing in it (mainly
RSA key generation).

Note that the declaration of accelerators does
much more than just "fixing" the execution flow of
driver wrapper tests, it makes all import and public
key export cryptographic operations in all unit
tests being handled by the transparent test driver
(provided that it supports the key type).

One test case related to key generation is
partially disabled. This will be fixed with the
rework of psa_generate_key along the lines
described in psa-crypto-implementation-structure.md.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-02-02 11:38:50 +01:00
Ronald Cron
c9066e4488 psa: driver wrapper: Fix generate key unit test dependency
In test_suite_psa_crypto_driver_wrappers test suite, the
generate key with software fallback test should be run
only if the software fallback is available.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-02-02 11:29:08 +01:00
Ronald Cron
84a3fa10c4 tests: psa: Change key management test driver default forced return value
Change key management test driver default forced
return value from PSA_ERROR_NOT_SUPPORTED to
PSA_SUCCESS to be able to run the PSA unit tests
with the cryptographic key management operations
being handled by the transparent test driver.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-02-02 11:29:08 +01:00
Ronald Cron
784fb326ae psa: Add ECP/RSA transparent test driver import_key entry point
Add ECP/RSA transparent test driver import_key
entry point and use it in the transparent test
driver entry supporting both ECP and RSA.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-02-02 11:29:08 +01:00
Ronald Cron
f1057d3589 psa: Add ECP/RSA transparent test driver export_public_key entry point
Add ECP/RSA transparent test driver export_public_key
entry point and use it in the transparent test driver
supporting both ECP and RSA.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-02-02 11:29:08 +01:00
Ronald Cron
672279829a psa: Call export software implementation as a driver
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-02-02 11:29:08 +01:00
Ronald Cron
8328287956 psa: Move from validate_key to import_key entry point
In the course of the development of the PSA unified
driver interface, the validate_key entry point for
opaque drivers has been removed and replaced by an
import_key entry point. This commit takes into account
this change of specification.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-02-02 11:29:07 +01:00
Gilles Peskine
43e89e1b15 Add mpi_sub_abs negative tests with a larger-in-size second operand
Add test cases for mbedtls_mpi_sub_abs() where the second operand has
more limbs than the first operand (which, if the extra limbs are not
all zero, implies that the function returns
MBEDTLS_ERR_MPI_NEGATIVE_VALUE).

This exposes a buffer overflow (reported in #4042).

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-02-01 17:28:03 +01:00
Gilles Peskine
612ffd2aa1 Fix copypasta in conditional directive in cipher_setup
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-02-01 13:22:38 +01:00
Gilles Peskine
80a970806f No dependencies for storage format tests
Storage format tests that only look at how the file is structured and
don't care about the format of the key material don't depend on any
cryptographic mechanisms.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-02-01 13:22:38 +01:00
Gilles Peskine
b51d72f82e Run copy_fail even when the target policy is unsupported
The negative test cases for psa_copy_key() don't actually care whether
the target policy is supported. This is similar to _key_policy tests.
Add a similar rule.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-02-01 13:22:38 +01:00
Gilles Peskine
fa37961413 Rename OMITTED_SYSTEMATIC_DEPENDENCIES
It isn't a set of dependencies, it's a set of symbols. So give it a
name that describes the symbol rather than a name that pretends it's a
collection of dependencies.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-02-01 13:22:38 +01:00
Gilles Peskine
0794572f96 More precise recognition of key policy negative tests
The test function asymmetric_signature_key_policy combines positive
and negative tests inside the code, so it doesn't take a status as its
last argument.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-02-01 13:22:38 +01:00
Gilles Peskine
d6dc40cae1 Update hash dependencies in PSA test code
Switch dependencies on MBEDTLS_xxx to PSA_WANT_xxx for hash
algorithms.

Add a missing dependency in bad_order functions (it was previously
expressed in the .data file, but this is no longer the case when
dependencies in the .data file are determined automatically).

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-02-01 13:22:38 +01:00
Gilles Peskine
8405b5f60d Change PSA crypto test dependencies to PSA_WANT_xxx
Replace manually written dependencies on MBEDTLS_xxx with
PSA_WANT_xxx dependencies that are determined automatically from the
test data.

Run tests/scripts/set_psa_test_dependencies.py on
tests/suites/test_suite_psa_crypto*.data,
except for the dynamic secure element tests in
tests/suites/test_suite_psa_crypto_se_driver_hal*.data.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-02-01 13:21:40 +01:00
Gilles Peskine
a87e178553 If there are no arguments, don't update the file content
This avoids having to bother with edge cases of the .data syntax.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-02-01 13:19:26 +01:00
Gilles Peskine
72d8e0ad04 Key policy negative tests don't actually require the algorithm
It doesn't make much difference in practice, but to keep closer to
what the current code does, run negative key policy tests even if the
algorithm for the operation attempt is not supported.

In particular, this allows the following test cases to run:
* "PSA key policy: agreement + KDF, wrong agreement algorithm"
* "PSA key policy: raw agreement, wrong algorithm"
Without this exception, those two test cases would never run, because
they would depend on PSA_ALG_WANT_FFDH. Since FFDH is not implemented
yet, it isn't enabled in any configuration. There's no alternative to
FFDH for these particular test cases because ECDH is the only key
agreement that is implemented in Mbed TLS so far.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-02-01 13:19:26 +01:00