Commit Graph

5456 Commits

Author SHA1 Message Date
Gilles Peskine
2531970772 Switch cmake -O2 builds around to where we test a lot
Use Release mode (-O2) for component_test_full_cmake_clang which runs SSL
tests.

To have some coverage with Check mode (which enables more compiler warnings
but compiles with -Os), change a few other builds that only run unit tests
at most to Check mode.

Don't add any new builds, to keep the total build volume down. We don't need
extensive coverage of all combinations, just a reasonable set.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-10-28 14:28:53 +02:00
Gilles Peskine
a0c51fb53e Clarify a comment
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-10-28 14:28:53 +02:00
Gilles Peskine
3daa83e99a Correct support function name
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-10-28 14:28:53 +02:00
Gilles Peskine
6fa69864a2 Build with -O2 when running ssl-opt
SSL testing benefits from faster executables, so use -O2 rather than -O1.
Some builds use -O1, but that's intended for jobs that only run unit tests,
where the build takes longer than the tests.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-10-28 14:28:53 +02:00
Gilles Peskine
44fa40cd56 Fix PSA_ALG_RSA_PSS verification accepting an arbitrary salt length
PSA_ALG_RSA_PSS algorithm now accepts only the same salt length for
verification that it produces when signing, as documented.

Fixes #4946.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-10-28 10:07:27 +02:00
Gilles Peskine
d79af3a522 Test PSS verification with different salt lengths
Test the following combinations:
* 1024-bit key, SHA-256, salt=0
* 1024-bit key, SHA-256, salt=31 (1 byte shorter than standard)
* 1024-bit key, SHA-256, salt=32 (standard length)
* 1024-bit key, SHA-256, salt=94 (maximum possible length)
* 1024-bit key, SHA-512, salt=61 (1 byte shorter than standard)
* 1024-bit key, SHA-512, salt=62 (standard = maximum possible length)
* 528-bit key, SHA-512, salt=0 (only possible length)

Test psa_verify_hash() for both PSA_ALG_RSA_PSS and PSA_ALG_RSA_PSS_ANY_SALT
with all of these combinations. For psa_verify_message(), just test once
with the standard length and once with a different length.

Note that as of this commit, both PSA_ALG_RSA_PSS and
PSA_ALG_RSA_PSS_ANY_SALT accept any salt length during verification, hence
all the new test cases are positive.

The verify test cases were generated using the Python script below.

```
from Cryptodome import Hash
from Cryptodome.Hash import SHA512
from Cryptodome import PublicKey
from Cryptodome.PublicKey import RSA
from Cryptodome.Signature import pss

key = {
    528: RSA.import_key(bytes.fromhex("30820145020100024300e31c246d46485984261fd174cab3d4357344602ecd793c47dbe54252d37bb350bc634359b19515542080e4724a4b672291be57c7648f51629eaef234e847d99cc65f0203010001024300b166322e09504a5c274b83592f5cf8ce2793a96de5a265abdbe060c641dbc65db0d11c782fe133a7e60aea686d21058d928cad3ef58924c4bb26b9206a03001d0241022200f85d72e463b406ffa282c34b5f0c2d6c2aacf210246af53d5bc7a0b7fa036e1cdb022200ea176c3d9a7fb355fb9fb7707e679b4acfb7bcb645b907e27cdf1764bc340971cd02212e13380342b3dd3083777abf7acc8988ad8a1406069b890f6efd63c57dae31394d022200c3602d3cf537e3cbbda93e072bd8f92965586aae8e5eb20ffc3c8e5fcb1c7b4d7902220098a04f18e48c689ad2f5b9bd404333def54cb2506cd0075c967a2968261e8b8f10")),
    1024: RSA.import_key(bytes.fromhex("3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24")),
}
hash_module = {
    256: Hash.SHA256,
    512: Hash.SHA512,
}

def print_test_case(remark, pub, kbits, hbits, input, output):
    key_hex = pub.hex()
    input_hex = input.hex()
    output_hex = output.hex()
    print(f"""\
PSA verify hash: RSA-{kbits} PSS SHA-{hbits}, {remark}
depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_{hbits}:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C
verify_hash:PSA_KEY_TYPE_RSA_PUBLIC_KEY:"{key_hex}":PSA_ALG_RSA_PSS(PSA_ALG_SHA_{hbits}):"{input_hex}":"{output_hex}"

PSA verify hash: RSA-{kbits} PSS-any-salt SHA-{hbits}, {remark}
depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_{hbits}:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C
verify_hash:PSA_KEY_TYPE_RSA_PUBLIC_KEY:"{key_hex}":PSA_ALG_RSA_PSS_ANY_SALT(PSA_ALG_SHA_{hbits}):"{input_hex}":"{output_hex}"
""")

def rand(n):
    return bytes(x & 0xff for x in range(n))

def test_case(kbits, hbits, slen):
    priv = key[kbits]
    pub_spki = priv.publickey().export_key('DER')
    pub_raw = PublicKey._expand_subject_public_key_info(pub_spki)[1]
    hash_op = hash_module[hbits].new(b'abc')
    digest = hash_op.copy().digest()
    output = pss.new(priv, salt_bytes=slen, rand_func=rand).sign(hash_op)
    print_test_case(f"slen={slen}", pub_raw, kbits, hbits, digest, output)

test_case(1024, 256, 0)
test_case(1024, 256, 31)
test_case(1024, 256, 32)
test_case(1024, 256, 94)
test_case(1024, 512, 61)
test_case(1024, 512, 62)
test_case(528, 512, 0)
```

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-10-28 10:07:24 +02:00
Gilles Peskine
19ff9a6173 Test that a PSS policy doesn't allow PSS_ANY_SALT and vice versa
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-10-28 10:07:21 +02:00
Gilles Peskine
72215f6336 Shorten some test descriptions
Ensure the unique part fits in the 66 columns that the test runner displays.
Leave room for an additional distinguisher on signature key policy negative
test cases.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-10-28 10:07:15 +02:00
Gilles Peskine
bb2d17cec6 Add test cases for PSA_ALG_RSA_PSS_ANY_SALT
The test cases strictly replicate a subset of the test cases for
PSA_ALG_RSA_PSS. The subset validates that PSA_ALG_RSA_PSS_ANY_SALT is
recognized wherever PSA_ALG_RSA_PSS is.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-10-28 10:06:50 +02:00
Gilles Peskine
ac6181ca1c Update metadata tests with the new IS_ALG_RSA_PSS_xxx_SALT predicates
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-10-28 10:06:41 +02:00
Gilles Peskine
35115f9c1a New algorithm PSA_ALG_RSA_PSS_ANY_SALT
This is a variant of PSA_ALG_RSA_PSS which currently has exactly the same
behavior, but is intended to have a different behavior when verifying
signatures.

In a subsequent commit, PSA_ALG_RSA_PSS will change to requiring the salt
length to be what it would produce when signing, as is currently documented,
whereas PSA_ALG_RSA_PSS_ANY_SALT will retain the current behavior of
allowing any salt length (including 0).

Changes in this commit:

* New algorithm constructor PSA_ALG_RSA_PSS_ANY_SALT.
* New predicates PSA_ALG_IS_RSA_PSS_STANDARD_SALT (corresponding to
  PSA_ALG_RSA_PSS) and PSA_ALG_IS_RSA_PSS_ANY_SALT (corresponding to
  PSA_ALG_RSA_PSS_ANY_SALT).
* Support for the new predicates in macro_collector.py (needed for
  generate_psa_constant_names).

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-10-28 10:06:38 +02:00
Manuel Pégourié-Gonnard
d599dc7f1b
Merge pull request #4932 from tom-daubney-arm/all.sh-subshells-2.x
Backport 2.x: Run all.sh components in a subshell
2021-10-28 09:33:22 +02:00
paul-elliott-arm
460d779773
Merge pull request #5097 from gilles-peskine-arm/ssl-opt-resend-retry-2.x
Backport 2.x: Retry a test case if it fails due to an unexpected resend
2021-10-27 16:24:41 +01:00
Manuel Pégourié-Gonnard
8e8251a6fa
Merge pull request #4835 from gilles-peskine-arm/base64-no-table-2.2x
Backport 2.2x: range-based constant-flow base64
2021-10-27 12:18:29 +02:00
Paul Elliott
ce77738d95 Remove bash specific code
Use case pattern matching instead of multiline split, given there is
only the well formatted PIDs to match on this should be safe.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-10-26 11:02:16 +01:00
Paul Elliott
6cd97ceba0 Remove use of -p with lsof
On machines with more modern kernels (>5.4 from testing so far) the
useage of -b seems to conflict with the usage of -p. Whilst the usage of
-b seems like a good idea to avoid blocks as we are tight looping on it,
the usage of -p seems to require the usage of stat() (specifically in
/proc) which -b forbids. All you get is a load of warnings
(suppressable by -w) but never a positive result, which means that all
servers are reported as "Failed to start". We are not keen on losing
-b, so instead parse the output of lsof (using -F to format it) to
check the if PIDs that it outputs match that we are looking for.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-10-26 11:02:10 +01:00
Manuel Pégourié-Gonnard
05ee09eae7
Merge pull request #5107 from mprse/issue_4056_b2x
Backport 2.x: Use PSA_HASH_LENGTH instead hardcoded integer values
2021-10-26 10:35:47 +02:00
Gilles Peskine
d3e5dd3f3a Rename variable to avoid a name clash
digits is also a local variable in host_test.function, leading to compilers
complaining about that shadowing the global variable in
test_suite_base64.function.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-10-25 21:24:23 +02:00
Gilles Peskine
fd489f97c1 Move the list of Base64 digits out of the test data
This is part of the definition of the encoding, not a choice of test
parameter, so keep it with the test code.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-10-25 21:24:23 +02:00
Gilles Peskine
a138802230 Move declarations of testing-only base64 functions to their own header
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-10-25 21:24:23 +02:00
Gilles Peskine
0f4e3fbd10 Mark output as public before testing it
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-10-25 21:24:23 +02:00
Gilles Peskine
3b1f4c0d7e Add unit tests for base64 internal functions
Add unit tests for mask_of_range(), enc_char() and dec_value().

When constant-flow testing is enabled, verify that these functions are
constant-flow.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-10-25 21:24:23 +02:00
Przemyslaw Stekiel
645703c8a3 Use PSA_HASH_LENGTH instead hardcoded integer values
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2021-10-25 16:48:25 +02:00
Gilles Peskine
b436649a25 Show values when TEST_EQUAL fails
When TEST_EQUAL fails, show the two numerical values in the test log (only
with host_test). The values are printed in hexa and signed decimal.

The arguments of TEST_EQUAL must now be integers, not pointers or floats.
The current implementation requires them to fit in unsigned long long
Signed values no larger than long long will work too. The implementation
uses unsigned long long rather than uintmax_t to reduce portability
concerns. The snprintf function must support "%llx" and "%lld".

For this purpose, add room for two lines of text to the mbedtls_test_info
structure. This adds 154 bytes of global data.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-10-22 11:06:52 +02:00
Gilles Peskine
aa1d6ad9d2 Move is-it-resend logic into a function
Improve the code structure in case we want to add other similar conditions
later. Document better what we're doing, and document why we're doing it.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-10-21 11:00:35 +02:00
Gilles Peskine
2d3c9f898b Retry if a test case fails because of an unexpected resend
Palliative for https://github.com/ARMmbed/mbedtls/issues/3377. If a test
case fails due to an unexpected resend, allow retrying, like in the case of
a client timeout.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-10-21 11:00:35 +02:00
Gilles Peskine
a28fd41ed1 Move retry logic into check_test_failure
This will allow having other retry conditions, in particular based on
run_test options.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-10-21 11:00:35 +02:00
Gilles Peskine
5d8e702ab8 Move the core loop of run_test into an auxiliary function
No behavior change.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-10-21 11:00:35 +02:00
Gilles Peskine
f9022b056b Move some code of run_test into auxiliary functions
No behavior change.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-10-21 11:00:35 +02:00
Gilles Peskine
a093d76a26 Update generated files
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-10-19 22:39:45 +02:00
Gilles Peskine
a686bf46f7
Merge pull request #5083 from mprse/issue_5065_2x
backport 2.x: backport only new test in all.sh from #5072
2021-10-18 17:51:53 +02:00
Przemyslaw Stekiel
7ce979a4f5 all.sh: tests/scripts/all.sh full minus MBEDTLS_CHACHAPOLY_C without PSA_WANT_ALG_GCM and PSA_WANT_ALG_CHACHA20_POLY1305
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2021-10-18 11:47:32 +02:00
Gilles Peskine
e4739ab5ef
Merge pull request #5038 from mprse/issue_4551_2x
Backport 2.x: Fix psa_generate_key(): return PSA_ERROR_INVALID_ARGUMENT for public key #5037
2021-10-18 10:39:26 +02:00
Gilles Peskine
95f2324c5e
Merge pull request #4845 from mstarzyk-mobica/ecb-alt-ret-2.2x
Backport 2.2x: Catch failures of mbedtls_aes_crypt_ecb and its DES equivalents
2021-10-14 12:11:04 +02:00
Paul Elliott
ccba129c5a Use 127.0.0.1 rather than localhost
This was causing some tests using the openssl s_client to not connect -
I suspect this was due to localhost (at least on my machine) resolving
to ::1 rather than 127.0.0.1. Note that the error seen would have been
that the session file specified with -sess_out did not get created.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-10-13 18:33:28 +01:00
Paul Elliott
405fcccf75 Fix incorrect check for DTLS
Missing wildcards meant that some servers were not identified as DTLS,
which lead to port checking on TCP rather than UDP, and thus mistakenly
cancelling tests as the server had not come up.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-10-13 18:33:28 +01:00
Paul Elliott
7ca2f39d91 Spelling fix
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-10-13 18:33:28 +01:00
Manuel Pégourié-Gonnard
d76c47d74d Use newer OpenSSL for tests failing with the old
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2021-10-13 18:33:20 +01:00
Paul Elliott
633a74e9fb Backport OPENSSL_NEXT to ssl-opt.sh
Add support for a newer version of OpenSSL, as well as a legacy version.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-10-13 18:31:07 +01:00
Przemyslaw Stekiel
96de45e7e8 Re-generate test_suite_psa_crypto_not_supported.generated.data
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2021-10-12 09:08:35 +02:00
Przemyslaw Stekiel
d6ead7ca84 Address review comments
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2021-10-11 16:39:32 +02:00
Gilles Peskine
8eb3c95590 Add --restore option to clean up but not necessarily run components
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-10-11 14:29:16 +01:00
Gilles Peskine
6702ce9f73 Documentation improvements
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-10-11 14:29:16 +01:00
Gilles Peskine
a25c5675e2 Documentation improvement
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-10-11 14:29:16 +01:00
Gilles Peskine
4fa948feb7 Documentation improvements
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-10-11 14:29:16 +01:00
Gilles Peskine
8bfe15f291 Disable wildcards when checking for unsupported components
Otherwise $COMMAND_LINE_COMPONENTS would try to expand wildcard patterns
based on files in the current directory.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-10-11 14:29:16 +01:00
Gilles Peskine
76d40fa977 Improve the detection of keep-going commands
Have simpler patterns related to 'test' (the central objective being to keep
going if 'make test' or 'tests/...' fails, but not if 'make tests' fails).

Add 'cd' as a can't-keep-going command.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-10-11 14:29:16 +01:00
Gilles Peskine
202e9b4ed4 Improve --error-test reporting
Count invocations from 1 to n instead of n to 1.

Explain how changing the loop variable would cause an error if the function
was not executed in a subshell.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-10-11 14:29:16 +01:00
Gilles Peskine
cb4bfac119 Clarify some comments
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-10-11 14:29:16 +01:00
Gilles Peskine
ef64e7fb3b Don't unconditionally restore **/Makefile
all.sh restores **/Makefile from git in case the version in the worktree was
from doing a cmake in-tree build. Instead of doing this unconditionally, do
it only if the toplevel Makefile seems to have been automatically
generated (by cmake or otherwise, e.g. by mbedtls-prepare-build). This way
all.sh no longer silently wipes changes made to Makefile but not committed yet.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-10-11 14:29:16 +01:00
Gilles Peskine
24bdf02e4e Don't restore *config.h before backing it up
Back up the config files at the beginning of all.sh, rather than before each
component. In particular, create the backup before running cleanup for the
first time. This fixes #3139 (all.sh using a config.h.bak from a previous
job), and makes all.sh more robust against accidentally using a modified
config.h midway through because a component messed with the backup.

Use a different extension (*.all.bak rather than *.bak) for the backups.
This is necessary to ensure that auxiliary scripts such as depends*.pl that
make their own backup don't remove all.sh's backup, which the code from this
commit does not support.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-10-11 14:29:16 +01:00
Gilles Peskine
9b35640e3f Generate cpp_dummy_build.cpp dynamically
Generate programs/test/cpp_dummy_build.cpp dynamically instead of
maintaining it manually. This removes the need to update it when the list of
headers changes.

Include all the headers unconditionally except for the ones that cannot be
included directly.

Support this dynamic generation both with make and with cmake.

Adapt all.sh accordingly. Remove the redundant C build from
component_build_default_make_gcc_and_cxx (it was also done in
component_test_default_out_of_box), leaving a component_test_make_cxx. Also
run the C++ program, because why not. Do this in the full configuration
which may catch a bit more problems in headers.

Fixes #2570 for good.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Signed-off-by: Thomas Daubney <>
2021-10-11 14:29:16 +01:00
Gilles Peskine
8890f64338 Add ARIA to the PSA API
Use the encoding from an upcoming version of the specification.

Add as much (or as little) testing as is currently present for Camellia.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-10-08 18:28:15 +02:00
Przemyslaw Stekiel
81be6e275c enerate_psa_tests.py fix format
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2021-10-08 15:40:16 +02:00
Przemyslaw Stekiel
330e460ef3 Addapt psa_generate_key() tests
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2021-10-08 12:56:45 +02:00
Gilles Peskine
85229acf04 Limit make parallelism to the number of CPUs
Don't default to unbridled -j, which causes a load spike and isn't really
faster.

"Number of CPUs" is implemented here as a reasonable compromise between
portability, correctness and simplicity. This is just a default that can be
overridden by setting MAKEFLAGS in the environment.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-10-06 17:21:57 +02:00
Gilles Peskine
a4e060b87b
Merge pull request #5000 from mprse/mbedtls_cipher_setup_psa_ECB_2x
Backport 2.x: Fix test gap: mbedtls_cipher_setup_psa() with ECB
2021-10-01 14:49:25 +02:00
Gilles Peskine
f315d6a718
Merge pull request #4957 from gilles-peskine-arm/make-tests-v-2.2x
Backport 2.x: Facilitate reproducing unit tests from all.sh
2021-09-30 16:08:56 +02:00
Przemyslaw Stekiel
39f4e75120 Address review comments
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2021-09-30 12:29:27 +02:00
Przemyslaw Stekiel
6c866689e3 test_suite_cipher: add tests for mbedtls_cipher_setup_psa() with ECB
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2021-09-30 12:27:34 +02:00
Ronald Cron
8489f64f37
Merge pull request #4991 from gilles-peskine-arm/psa-aead-invalid_nonce_length-2.x
2.x only: PSA AEAD invalid nonce length tests
2021-09-29 22:47:03 +02:00
Gilles Peskine
377a310da4 Catch failures of AES or DES operations
Declare all AES and DES functions that return int as needing to have
their result checked, and do check the result in our code.

A DES or AES block operation can fail in alternative implementations of
mbedtls_internal_aes_encrypt() (under MBEDTLS_AES_ENCRYPT_ALT),
mbedtls_internal_aes_decrypt() (under MBEDTLS_AES_DECRYPT_ALT),
mbedtls_des_crypt_ecb() (under MBEDTLS_DES_CRYPT_ECB_ALT),
mbedtls_des3_crypt_ecb() (under MBEDTLS_DES3_CRYPT_ECB_ALT).
A failure can happen if the accelerator peripheral is in a bad state.
Several block modes were not catching the error.

This commit does the following code changes, grouped together to avoid
having an intermediate commit where the build fails:

* Add MBEDTLS_CHECK_RETURN to all functions returning int in aes.h and des.h.
* Fix all places where this causes a GCC warning, indicating that our code
  was not properly checking the result of an AES operation:
    * In library code: on failure, goto exit and return ret.
    * In pkey programs: goto exit.
    * In the benchmark program: exit (not ideal since there's no error
      message, but it's what the code currently does for failures).
    * In test code: TEST_ASSERT.
* Changelog entry.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-09-29 20:40:31 +02:00
Gilles Peskine
1b8a294d7e Test invalid nonce length for one-shot AEAD decryption
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-09-29 17:07:21 +02:00
Gilles Peskine
ffc2a80b36
Merge pull request #4983 from mstarzyk-mobica/backport_hash_message_psa_flags
Backport 2.x: PSA MAC computation with _HASH flag implies _MESSAGE.
2021-09-29 16:07:32 +02:00
Gilles Peskine
f313336c01 Remove barely-used redirect functions
redirect_out was no longer used and redirect_err was only used to
quiet dd. Change the dd invocation to only print diagnostics on
error (on platforms where this is possible).

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-09-29 14:59:00 +01:00
Gilles Peskine
7c220d7d37 Keep going after a shell "[" a.k.a. "test" fails
This is necessary to actually keep going and finish the
component-specific cleanup in component_test_cmake_out_of_source if
ssl-opt.err is non-empty.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-09-29 14:59:00 +01:00
Gilles Peskine
1d55995d32 Remove code that is useless now that components run in a subshell
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-09-29 14:59:00 +01:00
Gilles Peskine
e8056c5e31 Complain if an unsupported component is explicitly requested
In all.sh, when an explicit list of components is specified, error out
if one of the components is not known or not supported. Patterns that
happen to match zero components are still effectively ignored.

Fix #2783

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-09-29 14:59:00 +01:00
Gilles Peskine
39a3b11006 Better not function
In the `not` function, in keep-going mode, arrange to report the
failing command (rather than `"$@"`).

Note that the `!` keyword should not be used, because failures with
`!` are not reported properly.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-09-29 14:59:00 +01:00
Gilles Peskine
4848d7bb45 Fix double reporting when the last command of a function fails
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-09-29 14:59:00 +01:00
Gilles Peskine
f6d29c6a9e Stop dispatching through obsolete functions
Remove the obsolete functions record_status and if_build_succeeded.
They didn't affect error detection, but they made error reporting
worse since $BASH_COMMAND would be the unexpanded "$@".

Keep the function definitions for the sake of pull requests using them
that may still be in flight.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-09-29 14:58:55 +01:00
Gilles Peskine
0a7984f1dd component_test_cmake_out_of_source: simplify and fix error handling
Remove ssl-opt.err even if it's empty.

Call cat unconditionally: it'll have no visible effect if the file is
empty.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-09-29 14:55:21 +01:00
Gilles Peskine
8ab2994eb5 Detect errors on the left-hand side of a pipeline
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-09-29 14:55:21 +01:00
Gilles Peskine
7105a33906 Run each component in a subshell and handle errors more robustly
This commit completely rewrites keep-going mode. Instead of relying
solely on "set -e", which has some subtle limitations (such as being
off anywhere inside a conditional), use an ERR trap to record errors.

Run each component in a subshell. This way a component can set
environment variables, change the current directory, etc., without
affecting other components.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-09-29 14:55:21 +01:00
Gilles Peskine
a5eb22d434 Add --error-test option to test error detection and reporting
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-09-29 14:55:21 +01:00
Gilles Peskine
3de7be8b88 Switch all.sh to bash
This will let us use bash features that are not found in some other sh
implementations, such as DEBUG and ERR traps, "set -o pipefail", etc.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-09-29 14:55:21 +01:00
Gilles Peskine
1c39975a27 Fix typo
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-09-28 10:13:45 +02:00
Gilles Peskine
ee20f3698a Remove check-names.sh and now-unused helper scripts
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-09-27 20:14:12 +02:00
Gilles Peskine
31da67beb7 Switch to the new Python implementation of check-names
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-09-27 20:13:00 +02:00
Gilles Peskine
d47f636a19 Adapt source file names from Mbed TLS 3.0 to 2.27
* There's no compat-2.x.h in Mbed TLS 2.x, but there's a compat-1.3.h which
  similarly needs to be excluded.
* mbedtls_config.h is called config.h.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-09-27 20:12:00 +02:00
Gilles Peskine
7bf5205581 More robust handling of excluded files
Don't try to enumerate excluded files. List included files, and remove names
from the list if they match an excluded-file pattern.

This resolves the problem that the script could get into an infinite loop
due to the use of recursive globbing. Unfortunately, Python's recursive
globs follows symbolic links to directories, which leads to an infinite loop
if a symbolic link points to an ancestor of the directory that contains it.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-09-27 20:01:24 +02:00
Gilles Peskine
8266b5b0b4 Copy check_names.py and friends from development
Copy the following files:
    tests/scripts/check_names.py
    tests/scripts/list_internal_identifiers.py
    tests/scripts/list-identifiers.sh

Copy the version from b19be6b5f3c9a92b5b17fa27e16901f132f1a310, which is the
result of merging https://github.com/ARMmbed/mbedtls/pull/1638 into the
development branch.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-09-27 20:01:08 +02:00
Mateusz Starzyk
e6e02b6bae Extend mac_key_policy test.
Add checks for psa_mac_compute and psa_mac_verify.

Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
2021-09-27 14:48:38 +02:00
Mateusz Starzyk
25e65db1ce Use separate expected results for MAC sign and verify key policy.
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
2021-09-27 14:48:38 +02:00
Mateusz Starzyk
18f662b0af Fix mac_key_policy test function
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
2021-09-27 14:48:38 +02:00
joseph
00f4eae025 Fix test code to can be built on alpine
Signed-off-by: joseph <joseph@jc-lab.net>
2021-09-23 20:58:45 +09:00
Gilles Peskine
fe0acc6291 Move long -D lists from all.sh to a header file
To facilitate maintenance and to make it easier to reproduce all.sh builds
manually, remove the long, repeated list of -D options from
component_test_psa_crypto_config_basic and component_test_psa_crypto_drivers
and put it in a header file instead.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-09-21 09:40:02 +02:00
Gilles Peskine
c761d8f496 'make test': show failing test cases when cmake does
When building with make, `make test` runs `run-test-suites.pl` which has a
verbose mode that reports the failing test cases, but it didn't provide a
way to enable this verbose mode. With the present commit, you can run `make
test TEST_FLAGS=-v` to use verbose mode.

Base the default for verbose mode on the same environment variable that
`make test` uses when building with CMake: default off, but enabled if
`CTEST_OUTPUT_ON_FAILURE` is true. In particular, verbose mode will now be
on when building from `all.sh`.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-09-21 09:36:07 +02:00
Gilles Peskine
ff8c80a3ed Remove on-target testing
It was unmaintained and untested, and the fear of breaking it was holding us
back. Resolves #4934.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-09-14 11:28:22 +02:00
Archana
6d342f3e1d
Remove dependency of builtin keys on storage
The psa_open_key API depends on MBEDTLS_PSA_CRYPTO_STORAGE_C.
This is unnecessary for builtin keys and so is fixed.
Updated an open_fail test vector keeping with the same.

Signed-off-by: Archana <archana.madhavan@silabs.com>
2021-09-11 22:31:06 +05:30
Mateusz Starzyk
b3d344c225 Remove MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_CERTIFICATES option.
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
2021-09-06 12:18:53 +02:00
Manuel Pégourié-Gonnard
9a260a628a Fix missing dependency on Travis
Was getting errors like:

In file included from /usr/include/limits.h:25:0,
                 from /usr/lib/gcc-cross/arm-linux-gnueabi/5/include-fixed/limits.h:168,
                 from /usr/lib/gcc-cross/arm-linux-gnueabi/5/include-fixed/syslimits.h:7,
                 from /usr/lib/gcc-cross/arm-linux-gnueabi/5/include-fixed/limits.h:34,
                 from ../include/mbedtls/check_config.h:30,
                 from ../include/mbedtls/build_info.h:81,
                 from common.h:26,
                 from asn1write.c:20:
/usr/include/features.h:367:25: fatal error: sys/cdefs.h: No such file or directory

There are two packages to choose from: armhf or armel. Since the comment
in all.sh says we're trying to be close to Debian's "armel"
architecture, choose that, and fix a comment that was mentioning
gnueabihf for no apparent reason.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2021-08-09 12:09:41 +02:00
Manuel Pégourié-Gonnard
719301693d Add arm-linux-gnueabi-gcc build to all.sh
Currently it can't be mandatory, since we can't install the required toolchain
on Jenkins right away.

Also, while at it, remove `SHELL='sh -x'` from the other arm5vte component; it
was a leftover from debugging.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2021-08-09 12:08:39 +02:00
Gilles Peskine
1b95b34c4b
Merge pull request #4696 from yutotakano/fix-ssl-opt.sh-hard-abort-2.x
Backport 2.x: ssl-opt.sh: Skip tests instead of conditional hard abort
2021-08-04 10:16:42 +02:00
Gilles Peskine
9274d4691d
Merge pull request #4759 from paul-elliott-arm/fix_cipher_output_size_2.x
Backport 2.x: Fix divide by zero if macro used with wrong key type
2021-07-30 18:56:22 +02:00
Manuel Pégourié-Gonnard
b0f45d7aad
Merge pull request #4803 from gilles-peskine-arm/save-coverage-summary-2.x
Backport 2.2x: Save the basic-build-test.sh test report summary to coverage-summary.txt
2021-07-29 10:52:44 +02:00
Manuel Pégourié-Gonnard
de1a320e35
Merge pull request #4797 from gilles-peskine-arm/generate_psa_tests-robutness-202107-2.2x
Backport 2.x: Fix python in tests/Makefile, etc.
2021-07-29 09:58:28 +02:00
Yuto Takano
75ab928496 Fix DTLS 1.0 fragment tests not having length constraint
Signed-off-by: Yuto Takano <yuto.takano@arm.com>
2021-07-26 08:27:47 +01:00
Paul Elliott
ed33ef1965 Add non regression test for cipher output size
Call the output size macros specifically with asymmetric keys, which
would cause a crash (and thus test fail) should this fix get regressed.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-07-23 18:58:19 +01:00
Gilles Peskine
eadd8ee250 Fix mixup about the directory containing the success indicator file
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-07-22 19:45:12 +02:00
Gilles Peskine
5cf753ae02 More robust failure detection for the coverage report generation
The previous implementation was hard to understand and could in principle
fail to notice if there was a test case failure and the writing of the
line "Note: $TOTAL_FAIL failures." failed. KISS.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-07-22 19:45:12 +02:00
Gilles Peskine
a2df615e21 Explain the final error checking
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-07-22 19:45:12 +02:00
Gilles Peskine
81786e4362 Save the coverage report to a file
Save the "Test Report Summary" to a file. This can help both CI scripts and
human readers who want the summary after the fact without having to copy the
console output.

Take care to exit with a nonzero status if there is a failure while
generating the test report summary.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-07-22 19:45:12 +02:00
Gilles Peskine
8e7414137d Show the udp_proxy seed in the console log
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-07-22 19:45:12 +02:00
Gilles Peskine
5a09a4a386 Only run an unbridled parallel make (make -j) if MAKEFLAGS is unset
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-07-22 19:45:12 +02:00
Ronald Cron
0ba0109ce0
Merge pull request #4768 from JoeSubbiani/TestBlockSizes_2.x
Backport 2.x: Test block sizes are powers of 2
2021-07-22 11:19:01 +02:00
Gilles Peskine
e7738c3aba Fix typo in test dependencies
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-07-21 19:28:08 +02:00
Gilles Peskine
cdd80c4cf9 Use python3 when building on non-Windows for Windows
The makefiles look for python3 on Unix-like systems where python is often
Python 2. This uses sh code so it doesn't work on Windows. On Windows, the
makefiles just assume that python is Python 3.

The code was incorrectly deciding not to try python3 based on WINDOWS_BUILD,
which indicates that the build is *for* Windows. Switch to checking WINDOWS,
which indicates that the build is *on* Windows.

Fix #4774

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-07-21 19:27:50 +02:00
Gilles Peskine
06d5a3226b Remove obsolete MBEDTLS_xxx dependencies
This file had temporary MBEDTLS_xxx dependencies because it was created when
support for PSA_WANT_xxx was still incomplete. Switch to the PSA_WANT_xxx
dependencies

This fixes the bug that "PSA storage read: AES-GCM+CTR" was never executed
because there was a typo in a dependency.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-07-21 19:26:50 +02:00
Joe Subbiani
50536429a7 Remove trailing whitespace
Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>
2021-07-15 09:02:43 +01:00
Joe Subbiani
c9eb8581a4 Simplify the test and description
Previously the check was convoluted. This has been simplified
and given a more appropriate suggestion as per gilles suggestion

Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>
2021-07-14 15:32:29 +01:00
Joe Subbiani
bd5cc3a0be Add test in block_cipher_key_type test case
The test case uses a bit shift to check that the block
size is a power of 2

Fixes #4228

Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>
2021-07-09 12:17:49 +01:00
Yuto Takano
7187953fc5 Raise max_content_len constraint by one in Connection ID tests
- Also incorporates the grammar fix commit in the development branch

Signed-off-by: Yuto Takano <yuto.takano@arm.com>
2021-07-09 11:33:39 +01:00
Yuto Takano
a49124e528 Add content length constraint to tests that use max_frag_len
Includes:
- handshake memory tests
- Connection ID (MFL) tests
- DTLS fragmenting tests
- SSLv3 with extensions test (backport only)

Signed-off-by: Yuto Takano <yuto.takano@arm.com>
2021-07-09 11:33:39 +01:00
Yuto Takano
8a693efe9b Move repetitive equality check to requires_config_value_equals
Signed-off-by: Yuto Takano <yuto.takano@arm.com>
2021-07-09 11:33:39 +01:00
Yuto Takano
ccdd25cbc5 Reword and add explanatory comments for MAX_IM_CA tests
- Reword the comment on config.h to suggest that
  `MAX_INTERMEDIATE_CA` may not exist in the config.
- Add a comment explaining why the tests are more restrictive
  than necessary.

Signed-off-by: Yuto Takano <yuto.takano@arm.com>
2021-07-09 11:33:39 +01:00
Yuto Takano
bec7cf762d Use requires_max_content_len, add check in Renegotiation
- Abstract out repetitive checks for IN and OUT content lens
- Remove unclear comment and redundant echo
- Add content length constraints in Renegotiation with fragment length test

Signed-off-by: Yuto Takano <yuto.takano@arm.com>
2021-07-09 11:33:39 +01:00
Yuto Takano
ab9e433376 Add space between command substitution braces and content
Signed-off-by: Yuto Takano <yuto.takano@arm.com>
2021-07-09 11:33:39 +01:00
Yuto Takano
d448545d2a Add MAX_IM_CA requirement to int_max+1 chain as well
Signed-off-by: Yuto Takano <yuto.takano@arm.com>
2021-07-09 11:33:39 +01:00
Yuto Takano
05d43f49a1 Remove hard exit with MAX_INTERMEDIATE_CA in ssl-opt.sh
- Replace last remaining dependency on config.py with query_config
- Replace hard exit with `requires_config_value_at_least` and
  `requires_config_value_at_most` to maintain the same effect

Signed-off-by: Yuto Takano <yuto.takano@arm.com>
2021-07-09 11:33:39 +01:00
Yuto Takano
18ddccc417 Remove hard exit in ssh-opt.sh, replace with requires functions
- Replace calls to config.py for MAX_IN_LEN and MAX_OUT_LEN with
  `get_config_value_or_default`
- Remove hard exit when MAX_IN/OUT_LEN < 4096, replace with
  `requires_config_value_at_least`

Signed-off-by: Yuto Takano <yuto.takano@arm.com>
2021-07-09 11:33:39 +01:00
Gilles Peskine
008cd0c4d8
Merge pull request #4757 from gilles-peskine-arm/generate_psa_tests-speedup-2.27
Backport 2.x: Speed up the generation of storage format test cases
2021-07-07 15:27:21 +02:00
Gilles Peskine
3008c58df9 Speed up the generation of storage format test cases
Restore the optimization done in
 HEAD^{/Speed up the generation of storage format test cases}
which was lost during refactoring made when adding support for
implicit usage flags.

There are still more than one call to the C compiler, but the extra
calls are only for some key usage test cases.

This is an internal refactoring. This commit does not change the
output of generate_psa_tests.py

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-07-06 21:08:46 +02:00
Paul Elliott
bece7374ce Bump Library Version Number
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-07-01 17:52:07 +01:00
Paul Elliott
4128c2032e Merge remote-tracking branch 'restricted/development_2.x-restricted' into mbedtls-2.27.0rc0-pr 2021-07-01 17:26:38 +01:00
Dave Rodgman
ba940cc695
Merge pull request #4182 from gabor-mezei-arm/3258_implement_one-shot_MAC_and_cipher
[Backport 2.x] Implement one-shot cipher
2021-06-30 17:04:11 +01:00
Dave Rodgman
af9b4841fb
Merge pull request #4605 from gabor-mezei-arm/3267_sign_verify_key_policies
[Backport 2.x] Key policy extension for PSA_KEY_USAGE_SIGN/VERIFY_HASH
2021-06-30 14:51:03 +01:00
Dave Rodgman
0a4046e9ca
Merge pull request #4736 from daverodgman/alert_bugfixes_2.x
Backport 2.x: Fix alert raised for invalid fragment length
2021-06-30 09:02:49 +01:00
Dave Rodgman
7ed75e21c9 Correct required config flag in ECJPAKE tests
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2021-06-29 21:15:58 +01:00
gabor-mezei-arm
a3669ac7e7
Restoring the multi-part cipher_verify_output() testing
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-06-29 18:58:42 +02:00
gabor-mezei-arm
3ea27325c9
Fix pylint issue
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-06-29 17:21:21 +02:00
gabor-mezei-arm
ea840dea61
Return iterator instead of list
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-06-29 15:42:57 +02:00
gabor-mezei-arm
912eca3847
Rename function
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-06-29 15:39:56 +02:00
Nick Child
8930e14f3a test_suite_pk.function: Do not use MD_MAX_SIZE
In order to for tests to pass from the previous commit (which it mandatory for all pk verify/sign
functions to be given a hash_len that is exactly equal to the message digest length of md_alg) the
hash_len that is supplied to the fucntion cannot be MBEDTLS_MD_MAX_SIZE. This would result in all tests failing. Since the md alg for all of these funtions are SHA256, we can use mbedtls functions to get
the required length of a SHA256 digest (32 bytes). Then that number can be used for allocating the
hash buffer.

Signed-off-by: Nick Child <nick.child@ibm.com>
2021-06-29 09:31:06 -04:00
gabor-mezei-arm
e4b7499f74
Refactor handlibg of the key usage flags
Move implicit usage flags handling to the StorageKey class.
Create a subclass for test case data.

Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-06-29 15:29:24 +02:00
gabor-mezei-arm
7b302089b1
Update key policy testing test cases
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-06-29 11:08:47 +02:00
gabor-mezei-arm
5eca4f2bb5
Rename test cases
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-06-29 11:07:34 +02:00
gabor-mezei-arm
659af9e2f3
Remove unneeded test case parameter
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-06-29 11:06:16 +02:00
gabor-mezei-arm
805c735a8b
Move key type validation to crypto_knowledge
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-06-28 21:36:58 +02:00
gabor-mezei-arm
5ea30377d3
Refactor key generation
Remove the key builder and use iterator instead of lists.

Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-06-28 21:36:58 +02:00
gabor-mezei-arm
acfcc18697
Rename variables and funcions
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-06-28 19:39:31 +02:00
gabor-mezei-arm
e84d321317
Use string in dict instead of Expr object
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-06-28 16:54:11 +02:00
gabor-mezei-arm
4781263704
Remove unnecessary test cases
It is enough only one test case for a key type, algorithm pair when
testing the implicit usage flags.

Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-06-28 16:41:36 +02:00
gabor-mezei-arm
927742ec71
Add better name for variables
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-06-28 16:41:35 +02:00
gabor-mezei-arm
705c452fd0
Simplify code
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-06-28 16:41:35 +02:00
gabor-mezei-arm
79df41dfca
Remove unneeded test case parameter
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-06-28 15:37:36 +02:00
gabor-mezei-arm
58e510f201
Simplify test function
Use the updated usage flags as expected.

Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-06-28 15:37:36 +02:00
gabor-mezei-arm
ff03fd6213
Rename function to conform to the library
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-06-28 15:37:36 +02:00
gabor-mezei-arm
7907be3f32
Give better name for test cases
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-06-28 15:37:36 +02:00
gabor-mezei-arm
7d2ec9a223
Fix generated file modification
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-06-28 15:28:36 +02:00
gabor-mezei-arm
bce8527698
Fix test case duplication
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-06-28 15:28:36 +02:00
gabor-mezei-arm
b92d61b7e6
Fix pylint issues
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-06-28 15:28:36 +02:00
gabor-mezei-arm
de25402300
Fix tests
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-06-28 15:28:36 +02:00
gabor-mezei-arm
044fefcdfb
Add test case generation for usage extensions when loading keys
Add test cases validating that if a stored key only had the hash policy,
then after loading it psa_get_key_attributes reports that it also has the
message policy, and the key can be used with message functions.

Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-06-28 15:28:36 +02:00
gabor-mezei-arm
15c1f03f78
Add key usage policy extension support for key generation
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-06-28 15:28:34 +02:00
gabor-mezei-arm
4d9fb73c99
Use different subslasses for the test data files
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-06-28 15:27:55 +02:00
gabor-mezei-arm
8b0c91c91f
Create a function for gather all the keys.
Prepare for using subclasses.

Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-06-28 15:27:55 +02:00
gabor-mezei-arm
d71659f447
Extend description generation
Add an extra optional parameter to generate a more detailed description
for test cases.

Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-06-28 15:27:55 +02:00
gabor-mezei-arm
0996080652
Use builder method pattern to generate a key
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-06-28 15:27:49 +02:00
gabor-mezei-arm
9ac4847a5d
Unify multipart cipher operation tester functions
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-06-25 18:30:38 +02:00
Dave Rodgman
78c601b529
Merge pull request #4717 from daverodgman/psa_cipher_and_mac_abort_on_error_2.x
Backport 2.x: Psa cipher and mac abort on error
2021-06-25 15:39:43 +01:00
Janos Follath
51ccd62a08 Fix ecp_check_pub() test cases
Negative x coordinate was tested with the value -1. It happens to be one
of the low order points both for Curve25519 and Curve448 and might be
rejected because of that and not because it is negative. Make sure that
x < 0 is the only plausible reason for the point to be rejected.

Signed-off-by: Janos Follath <janos.follath@arm.com>
2021-06-25 14:59:15 +01:00
Janos Follath
be89c357ae Add ecp_check_pub tests for Curve 448
Signed-off-by: Janos Follath <janos.follath@arm.com>
2021-06-25 14:59:15 +01:00
Janos Follath
701742500d Add DoS test case for ecp_check_pub
A test case for which the loop would take practically forever if it was
reached. The point would be to validate that the loop is not reached.
The test case should cause the CI to time out if starting with the
current code, ecp_check_pubkey_mx() was changed to call
ecp_check_pubkey_x25519() first and run the mbedtls_mpi_size(() test
afterwards, which would make no semantic difference in terms of memory
contents when the function returns, but would open the way for a DoS.

Signed-off-by: Janos Follath <janos.follath@arm.com>
2021-06-25 14:59:15 +01:00
gabor-mezei-arm
43611b089b
Rename test functions
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-06-25 15:50:36 +02:00
gabor-mezei-arm
7aa1efd919
Remove duplicated tests
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-06-25 15:50:35 +02:00
Janos Follath
d31a30c083 Remove redundant ecp_check_pub() tests
Signed-off-by: Janos Follath <janos.follath@arm.com>
2021-06-25 14:15:24 +01:00
Manuel Pégourié-Gonnard
6a5f5745d0 Add test for check_pubkey for x25519
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2021-06-25 14:06:45 +01:00
Manuel Pégourié-Gonnard
f2268d1c17 Reject low-order points on Curve25519 early
We were already rejecting them at the end, due to the fact that with the
usual (x, z) formulas they lead to the result (0, 0) so when we want to
normalize at the end, trying to compute the modular inverse of z will
give an error.

If we wanted to support those points, we'd a special case in
ecp_normalize_mxz(). But it's actually permitted by all sources
(RFC 7748 say we MAY reject 0 as a result) and recommended by some to
reject those points (either to ensure contributory behaviour, or to
protect against timing attack when the underlying field arithmetic is
not constant-time).

Since our field arithmetic is indeed not constant-time, let's reject
those points before they get mixed with sensitive data (in
ecp_mul_mxz()), in order to avoid exploitable leaks caused by the
special cases they would trigger. (See the "May the Fourth" paper
https://eprint.iacr.org/2017/806.pdf)

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2021-06-25 14:06:45 +01:00
Ronald Cron
132e8c3cab
Merge pull request #4715 from gilles-peskine-arm/psa_crypto_spm-from_platform_h-2.x
Backport 2.x: Fix and test the MBEDTLS_PSA_CRYPTO_SPM build
Straightforward backport from development to developement_2.x plus one trivial commit, only one approval is enough.
2021-06-25 09:00:58 +02:00
Dave Rodgman
54f7351d12 Improve psa_hash_update negative test
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2021-06-24 18:14:52 +01:00
gabor-mezei-arm
c31505c351
Test struct initialization
Modify tests to test mbedtls_psa_cipher_operation_t,
mbedtls_transparent_test_driver_cipher_operation_t and
mbedtls_opaque_test_driver_cipher_operation_t struct initialization macros.

Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-06-24 16:58:27 +02:00
gabor-mezei-arm
c5c8d38d80
Add test for one-shot cipher driver wrapper functions
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-06-24 16:58:27 +02:00
gabor-mezei-arm
fa990b5ffe
Dispatch cipher functions through the driver interface
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-06-24 16:57:29 +02:00
gabor-mezei-arm
d086e6e14f
Add tests for one-shot hash cipher functions
Tests for psa_cipher_encrypt and psa_cipher_decrypt functions.
The psa_cipher_encrypt function takes no parameter for IV and always generates
it therefore there will be a randomness in the calculation and cannot be
validated by comparing the actual output with the expected output.
The function is tested by:
 - doing a prtially randomized test with an encryption then a decryption
   and validating the input with output of the decryption
 - validating against the multipart encryption
The combination of this two methods provides enough coverage like a
known answer test.

Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-06-24 16:57:29 +02:00
Dave Rodgman
ff8d52b398 Add negative tests for psa_abort in hash functions
Various functions for PSA hash operations call abort
on failure; test that this is done. The PSA spec does not require
this behaviour, but it makes our implementation more robust in
case the user does not abort the operation as required by the
PSA spec.

Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2021-06-24 11:40:08 +01:00
gabor-mezei-arm
9774dcf592
Convert iterators to lists to remove late binding
Remove late binding of iterators to enable the creation of an object
with an actual state of a variable.

Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-06-24 12:39:18 +02:00
gabor-mezei-arm
0bdb84e861
Add type annotations
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-06-24 12:37:08 +02:00
gabor-mezei-arm
3e5f6cd58f Add test for extended key usage policies
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-06-24 11:58:19 +02:00
gabor-mezei-arm
4d9009e74f Update tests for extended key usage policies
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-06-24 11:58:19 +02:00
Dave Rodgman
34b147d1e6 Add negative tests for psa_abort in cipher and mac functions
Various functions for PSA cipher and mac operations call abort
on failure; test that this is done. The PSA spec does not require
this behaviour, but it makes our implementation more robust in
case the user does not abort the operation as required by the
PSA spec.

Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2021-06-23 19:05:32 +01:00
Dave Rodgman
33b58eeb36 Fix error in psa_crypto test suite
The cipher_bad_order test happened to pass, but was not testing the
failure case it intended to test.

Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2021-06-23 14:59:44 +01:00
Ronald Cron
eaacabf98d
Merge pull request #4392 from gilles-peskine-arm/psa-storage-format-test-lifetimes
Backport 2.x: PSA storage format: test lifetimes
2021-06-23 15:22:24 +02:00
Gilles Peskine
99a3462785 In the SPM test build, fail if a symbol wasn't renamed
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-06-23 14:45:17 +02:00
Gilles Peskine
984c19f553 Do a test build with MBEDTLS_PSA_CRYPTO_SPM
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-06-23 14:45:17 +02:00
Gilles Peskine
d28f293bb0 Import crypto_spe.h from TF-M
https://git.trustedfirmware.org/TF-M/trusted-firmware-m.git/plain/secure_fw/partitions/crypto/crypto_spe.h?h=refs/heads/master

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-06-23 14:45:17 +02:00
Janos Follath
53d1cf8e2b
Merge pull request #4644 from gilles-peskine-arm/mpi_montmul-null-2.x
Backport 2.x: Fix several bugs with the value 0 in bignum
2021-06-23 13:40:05 +01:00
Gilles Peskine
478ac0bcc1
Merge pull request #4704 from mpg/issue-3990-fix_psa_verify_with_alt-2.x
[Backport 2.x] Fix PSA RSA PSS verify with ALT implementations
2021-06-23 11:47:42 +02:00
Ronald Cron
54488c4abc psa: mac: Add driver dispatch tests for psa_mac_verify
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-06-22 13:43:13 +02:00
Ronald Cron
93dcd5963f psa: mac: Add driver dispatch tests for psa_mac_compute
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-06-22 13:43:13 +02:00
gabor-mezei-arm
a93e423739 Add test for one-shot MAC functions
Tests for psa_mac_compute and psa_mac_verify functions.

Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-06-22 13:43:13 +02:00
Janos Follath
02becd90a6 Fix exercise key test
Hash and sign algorithms require the alignment of the input length with
the hash length at verification as well not just when signing.

Signed-off-by: Janos Follath <janos.follath@arm.com>
2021-06-22 12:57:04 +02:00
Janos Follath
3af7e8fe3a Fix verify_hash tests for PSA RSA PSS
The psa_verify_hash() is the pre-hashed version of the API and supposed
to work on hashes generated by the user. There were tests passing that
were getting "hashes" of sizes different from the expected.

Transform these into properly failing tests.

Signed-off-by: Janos Follath <janos.follath@arm.com>
2021-06-22 12:57:04 +02:00
Gilles Peskine
8802b127b5 Fix copypasta in test data
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-06-22 12:39:17 +02:00
Gilles Peskine
ae7f75c908 Fix copypasta in test cases
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-06-22 12:39:17 +02:00
Gilles Peskine
2c9916994f Annotate the choice of representation of 0 in more places
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-06-22 12:39:17 +02:00
Gilles Peskine
cd147d6ddc Improve coverage of mbedtls_mpi_cmp_mpi
Test with and without leading zeros on each side.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-06-22 12:39:17 +02:00
Gilles Peskine
3df0554c7e Fix copypasta in test function argument name
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-06-22 12:39:17 +02:00
Gilles Peskine
14db18dd85 Unify G=1 and G=-1 test cases
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-06-22 12:39:17 +02:00
Gilles Peskine
9078e756b0 In test cases where the result is 0, express it as "0", not ""
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-06-22 12:39:17 +02:00