Commit graph

14493 commits

Author SHA1 Message Date
Gilles Peskine
1af872d23b Move the fake PSA external RNG to its own header and source files
Move the declaration of the functions needed to use the test
implementation of mbedtls_psa_external_get_random() to a new header
file. Before, they were declared in
tests/include/test/psa_crypto_helpers.h, but this header file can't be
included in sample programs because it also includes headers from the
library directory which is not on the include path for sample
programs.

This fixes the build of the sample programs when
MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG and MBEDTLS_USE_PSA_CRYPTO are
enabled.

Move the implementation of the functions to a separate .c file as
well. This isn't strictly necessary, but makes the structure of the
source code easier to understand.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-01-20 20:02:01 +01:00
Gilles Peskine
e1d51bd99d Depend on all test headers when building tests
There were explicit dependencies on header files for some test suites,
dating back from when only a few test suites depended on anything in
tests/include. The noted dependencies were still correct, but now that
tests/include is more populated, they were only the tip of the
iceberg. Just keep it simple and depend on all the headers.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-01-20 19:49:23 +01:00
Gilles Peskine
f71ff1f0ad Run mypy on Travis
`tests/scripts/all.sh check_python_files` now runs mypy (in addition
to pylint) if it's available. So install mypy.

Install mypy 0.780, which is the earliest version that works on our
code at this time.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-01-20 12:03:24 +01:00
Gilles Peskine
0370c17105 mypy: require at least version 0.780
0.780 works. The previous release, 0.770, does not.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-01-20 12:03:24 +01:00
Gilles Peskine
4738b96d75 Use $PYTHON when running mypy
Make sure to run mypy with the desired Python version.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-01-19 21:45:32 +01:00
Gilles Peskine
c3b178768f Use can_mypy rather than just checking for mypy
As indicated in the comments in the can_mypy function, we don't just
need a mypy executable to be present, we need it to work.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-01-19 21:43:24 +01:00
Gilles Peskine
bdde5d002c Use Python to check the version of pylint
This reduces dependencies, doesn't require maintainers to know awk,
and makes the version parsing more robust.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-01-19 21:42:05 +01:00
Gilles Peskine
6d82a7ef9f Say we're running pylint
Now that the script might additionally run mypy, it's more
user-friendly to indicate what's going on at the beginning as well.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-01-19 21:23:11 +01:00
Gilles Peskine
2991b5f6c0 Minor documentation fixes
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-01-19 21:23:11 +01:00
Gilles Peskine
ff457506d3 Remind the reader of what is done about old formats
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-01-19 14:25:20 +01:00
Steven Cooreman
03f40849c5 Apply suggestions from code review
Code style changes.

Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>

Co-authored-by: Chris Jones <70633990+chris-jones-arm@users.noreply.github.com>
2021-01-19 13:34:56 +01:00
Gilles Peskine
697ee190b5 Add a section about non-default lifetimes
Alternative locations should be covered. We don't yet support
alternative persistence levels.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-01-18 23:38:21 +01:00
Gilles Peskine
528144f523 Clarify the methods of key storage testing
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-01-18 23:36:18 +01:00
Dave Rodgman
6fbff5b557
Merge pull request #3698 from darrenkrahn/development
Mark basic constraints critical as appropriate.
2021-01-17 18:06:18 +00:00
Steven Cooreman
ac3434fc19 Apply review feedback
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-01-15 20:43:23 +01:00
Steven Cooreman
b2f3e6ca35 Restrict test skipping to AES-192 specifically
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-01-15 16:49:55 +01:00
paul-elliott-arm
94ca18733a
Merge pull request #3809 from AndrzejKurek/refactor-variable-buffers
Refactor variable I/O buffers feature to reduce code duplication
2021-01-14 14:25:56 +00:00
Darren Krahn
9c134cef35 Add build instructions for new test data.
Signed-off-by: Darren Krahn <dkrahn@google.com>
2021-01-13 22:04:45 -08:00
Gilles Peskine
2146211204 SSL test programs: enable the PSA test external RNG
Currently, MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG is tested with a dummy
insecure implementation of mbedtls_psa_external_get_random. This
function needs to be explicitly enabled at runtime. This needs to
happen when the PSA external RNG is used, which currently is the case
in SSL test programs only when MBEDTLS_USE_PSA_CRYPTO is enabled.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-01-13 23:53:09 +01:00
Gilles Peskine
a222434952 Test SSL with non-deterministic ECDSA
In component_test_no_hmac_drbg, the fact that HMAC_DRBG is disabled
doesn't affect the SSL code, but the fact that deterministic ECDSA is
disabled does. So run some ECDSA-related SSL tests.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-01-13 20:31:24 +01:00
Gilles Peskine
ba74904c48 SSL test programs: support HMAC_DRBG
Support HMAC_DRBG in ssl_client2 and ssl_server2, in addition to
CTR_DRBG. CTR_DRBG is still used if present, but it's now possible to
run the SSL test programs with CTR_DRBG disabled.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-01-13 20:30:03 +01:00
Gilles Peskine
535fb37870 SSL test programs: abstract CTR_DRBG away
In ssl_client2 and ssl_server2, to generate random data, go through a
level of indirection provided by ssl_test_lib. This way the programs
don't depend on a particular choice of RNG implementation, and only
ssl_test_lib.{h,c} explicitly reference CTR_DRBG.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-01-13 20:18:32 +01:00
Gilles Peskine
f1cb75fe13 Local cleanups following the code move
No behavior change.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-01-13 20:18:27 +01:00
Gilles Peskine
daa94c4ff5 SSL test programs: move RNG common code to ssl_test_lib
This commit is deliberately arranged to minimize code changes.
Subsequent commits will clean up the resulting code.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-01-13 20:13:47 +01:00
Gilles Peskine
b3715eb86e SSL test programs: prepare to unify common code
In preparation for unifying the common RNG-related code of ssl_client2
and ssl_server2, make it possible to copy-paste that code out of these
programs' main() functions:

* Replaces reads of the non-unifiable structure opt by reads of a
  separate variable.
* Replace references to the local variable rng by a pointer.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-01-13 20:08:14 +01:00
Gilles Peskine
8a8492bcd4 SSL test programs: stuff RNG context into a struct
Group the random generation context (entropy and DRBG) into a struct.
This is in preparation for unifying the common RNG-related code of
ssl_client2 and ssl_server2, then generalizing that code to support
methods other than entropy+CTR_DRBG.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-01-13 18:17:32 +01:00
paul-elliott-arm
2427d15ea3
Merge pull request #3986 from gilles-peskine-arm/ssl_test_lib-create
Unify common code of ssl_client2.c and ssl_server2.c
2021-01-13 15:30:00 +00:00
Gilles Peskine
c772b1822a Move the declaration of query_config() to a dedicated header file
Declaring query_config() belongs with the query_config program, not in
ssl_test_lib.h, so move the declaration to a new header file
query_config.h.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-01-13 14:19:43 +01:00
Gilles Peskine
d0c7b79170
Merge pull request #3912 from gilles-peskine-arm/psa-external-random-test
Alternative random generator support for PSA: negative tests
2021-01-12 17:55:11 +01:00
Steven Cooreman
9b31218109 Testing a maximum size key is RAM intensive, and should be dependent
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-01-11 17:59:36 +01:00
Steven Cooreman
affc38c90d Make test cases that use PKCS7 padding dependent on it
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-01-11 17:56:19 +01:00
Steven Cooreman
fa6641b806 Avoid unreferenced item warnings in ECDSA when ALT is in use
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-01-11 17:11:39 +01:00
Andrzej Kurek
2a54a6fe1c Refactor the variable buffer length config description
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2021-01-11 09:14:21 -05:00
Andrzej Kurek
557289babc Add a missing dependency to config.h
Variable buffer lengths depend on the maximum fragment length extension.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2021-01-11 09:14:15 -05:00
Andrzej Kurek
069fa96cd7 Use size_t instead of uint32_t for ssl I/O buffer lengths
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2021-01-11 09:13:58 -05:00
Andrzej Kurek
4a0637981b Refactor the variable I/O buffer size feature
Reduce code duplication to simplify the feature and reduce code size.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2021-01-11 09:12:53 -05:00
Steven Cooreman
655b012b6c Unconditionally include platform.h in CMAC
As is the case for aes.c et al

Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-01-11 14:34:51 +01:00
Steven Cooreman
98435ddf84 Allow loading wrapped keys even when SE support is compiled in
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-01-11 11:33:10 +01:00
Gilles Peskine
b4df754274 Update #else and #endif comments
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-01-08 21:21:27 +01:00
Steven Cooreman
830d5af2f3 Allow CMAC self test to skip tests for unsupported primitives
Same type of skipping as in AES and GCM self test routines.

Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-01-08 18:01:46 +01:00
Steven Cooreman
97b4984657 Add a flag for disabling fallback in ecp.c
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-01-08 16:43:43 +01:00
Gilles Peskine
c85c20147b Don't call TEST_ASSERT in PSA_DONE
TEST_ASSERT jumps to the exit label, so it must not be called from
cleanup code executed after the exit label. It's legitimate (and
indeed very common) to call PSA_DONE in cleanup code, so PSA_DONE must
not jump to exit.

Define an auxiliary function test_fail_if_psa_leaking() that calls
test_fail() with the error message provided by
mbedtls_test_helper_is_psa_leaking(). This function currently needs to
be in helpers.function rather than in a PSA-specific helper file
because it calls test_fail which is defined in helpers.function.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-01-06 20:49:42 +01:00
Gilles Peskine
6beb327a5e external_rng_failure_sign: more robust buffer management
Don't microoptimize memory usage in tests: use separate buffers for
the input and the output. Allocate the input buffer dynamically
because the size is a parameter of the test case. Allocate the output
buffer dynamically because it's generally good practice in tests so
that a memory sanitizer can detect a buffer overflow.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-01-06 20:16:26 +01:00
Gilles Peskine
3aa5a6414e Fix a test dependency
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-01-06 20:06:36 +01:00
Gilles Peskine
dbf6896c82 mbedtls_to_psa_error: prefer dispatching on the low-level error
When an Mbed TLS error code combines a low-level error and a
high-level error, the low-level error is usually closer to the root
cause (for example HW_ACCEL_FAILED or ENTROPY_SOURCE_FAILED is more
informative than RSA_PRIVATE_FAILED). So prioritize the low-level code
when converting to a PSA error code, rather than the high-level code
as was (rather arbitrarily) done before.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-01-06 20:04:23 +01:00
Gilles Peskine
1631514b8e Add missing dependencies on key types
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-01-06 18:22:40 +01:00
Gilles Peskine
ba0c1ffb72 Depend on the built-in implementation when injecting RNG failure
When verifying the impact of a forced RNG failure, depend on the built-in
implementation of the algorithm that uses randomization, whether it's
because the algorithm is randomized or because our implementation uses
randomization for (e.g.) blinding. An external implementation could use
its own randomness source which is not affected by the forced failure of
the RNG driver.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-01-06 18:22:40 +01:00
Gilles Peskine
f547ce8daa MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG: negative tests
Under MBEDTLS_ERR_RSA_RNG_FAILED, add tests where the random generator
failed. This commit tests the following operations:

* psa_generate_random()
* psa_generate_key() for a symmetric key
* Deterministic signatures that use blinding (RSA PKCS#1v1.5,
  deterministic ECDSA).
* Randomized signatures (RSA PSS, randomized ECDSA).

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-01-06 18:22:40 +01:00
Gilles Peskine
ae3741e8a4 Fix an incorrect error code if RSA private operation glitched
mbedtls_rsa_private() could return the sum of two RSA error codes
instead of a valid error code in some rare circumstances:

* If rsa_prepare_blinding() returned  MBEDTLS_ERR_RSA_RNG_FAILED
  (indicating a misbehaving or misconfigured RNG).
* If the comparison with the public value failed (typically indicating
  a glitch attack).

Make sure not to add two high-level error codes.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-01-06 18:22:40 +01:00
Gilles Peskine
40d8160c8e mbedtls_to_psa_error: fix a copypasta and a missing translation
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-01-06 18:22:40 +01:00