Commit Graph

16531 Commits

Author SHA1 Message Date
Gilles Peskine
23cb12ef9f A key agreement algorithm can contain a key derivation
PSA_ALG_KEY_AGREEMENT(..., kdf) is a valid key derivation algorithm
when kdf is one.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-05 15:19:16 +02:00
Gilles Peskine
d096445dfe In NOT_SUPPORTED test case descriptions, show what is not supported
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-05 15:19:16 +02:00
Gilles Peskine
35409be6aa Add a few manual test cases
They're redundant with the automatically generated test cases, but it's
useful to have them when debugging issues with the test code.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-05 15:19:16 +02:00
Gilles Peskine
f8b6b503b4 Systematically generate test cases for operation setup failure
The test suite test_suite_psa_crypto_op_fail now runs a large number
of automatically generated test cases which attempt to perform a
one-shot operation or to set up a multi-part operation with invalid
parameters. The following cases are fully covered (based on the
enumeration of valid algorithms and key types):
* An algorithm is not supported.
* The key type is not compatible with the algorithm (for operations
  that use a key).
* The algorithm is not compatible for the operation.

Some test functions allow the library to return PSA_ERROR_NOT_SUPPORTED
where the test code generator expects PSA_ERROR_INVALID_ARGUMENT or vice
versa. This may be refined in the future.

Some corner cases with algorithms combining a key agreement with a key
derivation are not handled properly. This will be fixed in follow-up
commits.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-05 15:19:16 +02:00
Gilles Peskine
390543381c Add knowledge of the compatibility of key types and algorithms
Determine key types that are compatible with an algorithm based on
their names.

Key derivation and PAKE are not yet supported.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-05 15:19:16 +02:00
Gilles Peskine
0dacd4d266 Add knowledge of algorithms
Determine the category of operations supported by an algorithm based
on its name.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-05 15:19:16 +02:00
Gilles Peskine
a218047245 Generate test cases for hash operation failure
Test that hash operation functions fail when given a hash algorithm
that is not supported or an algorithm that is not a hash.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-05 15:19:16 +02:00
Gilles Peskine
c05158bf86 New test suite for systematically generated operation failure tests
The new test suite psa_crypto_op_fail is intended for systematically
generated test cases that ensure that cryptographic operations with
invalid parameters fail as expected. I intend invalid parameters to
cover things like an invalid algorithm, an algorithm that is
incompatible with the operation, a key type that is incompatible with
the algorithm, etc.

This commit just creates the infrastructure. Subsequent commits will
add data generation and test code.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-05 15:19:16 +02:00
Gilles Peskine
2a71b72bd5 Add missing type annotation
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-05 15:19:16 +02:00
Gilles Peskine
a296e48b2b Simplify key_for_usage_flags
Generate "with implication" and "without implication" usage test cases
separately.

The set of generated test cases is unchanged. The order, and the description
of "with implication" test cases, changes.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-05 15:19:16 +02:00
Gilles Peskine
b5c4382bef check-generated-files.sh -u: don't update file timestamps
When running check-generated-files in update mode, all generated files were
regenerated. As a consequence,
```
tests/scripts/check-generated-files.sh -u && make
```
always caused most of the code to be rebuilt. Now, if a file hasn't changed,
preserve its original modification time (and other metadata), so the command
above doesn't rebuild anything that has actually not changed.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-05 15:19:16 +02:00
Dave Rodgman
f749930ab8
Merge pull request #5682 from daverodgman/migration_2.28
Update references to old Github organisation
2022-04-01 09:51:28 +01:00
Dave Rodgman
52af769878 Update references to old Github organisation
Replace references to ARMmbed organisation with the new
org, Mbed-TLS, following project migration.

Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2022-03-31 14:27:24 +01:00
Manuel Pégourié-Gonnard
3a7d7b926b
Merge pull request #5670 from bensze01/typo-2.28
[Backport 2.28] Fix comment typo in threading.c
2022-03-30 10:00:05 +02:00
Artur Allmann
e25dc1ccdc Fix typo "phtreads" to "pthreads"
Closes issue #5349

Signed-off-by: Artur Allmann <Artur.Allmann@tptlive.ee>
2022-03-29 17:56:55 +02:00
Manuel Pégourié-Gonnard
19f2d59184
Merge pull request #5660 from ronald-cron-arm/restore-full-compat-testing-2.28
Backport 2.28: Restore full compat testing
2022-03-28 18:31:25 +02:00
Ronald Cron
e7dad1f616 ssl_tls.c: Fix inappropriate use of ssl context
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-28 12:16:56 +02:00
Ronald Cron
f1ed5951e3 ssl_srv.c: Mark ETM as disabled if cipher is not CBC
Encrypt-Then-Mac (ETM) is supported in Mbed TLS
server for TLS version geater than SSLv3 and only
for the CBC cipher mode thus make it
clear in the SSL context.

The previous code was ok as long as the check of
the ETM status was done only in the case of the CBC
cipher mode but fragile as #5573 revealed.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-28 12:16:13 +02:00
Ronald Cron
c2e2876e0e compat.sh: Fix check for OpenSSL support
If OpenSSL does not support a mode (tls12 or
dtls12 or tls13) just skip the tests involving
OpenSSL.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-25 16:32:38 +01:00
Ronald Cron
01e3c37f7b compat.sh: Restore full TLS compatibility testing
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-25 16:32:38 +01:00
Dave Rodgman
ce514def84
Merge pull request #5563 from AndrzejKurek/timeless-2.28
Backport 2.28: Fix builds with MBEDTLS_HAVE_TIME disabled and test
2022-03-15 16:43:18 +00:00
Dave Rodgman
2f39f191e3
Merge pull request #5603 from tom-cosgrove-arm/fix_test_md_api_violation-2.28
Backport 2.28: Fix test md api violation 2.28
2022-03-10 09:21:52 +00:00
Gilles Peskine
76d1cb26ef
Merge pull request #5601 from SiliconLabs/erase_secret_before_free_backport_2_28
Backport 2.28: Erase secrets in allocated memory before freeing said memory
2022-03-07 17:04:01 +01:00
Gilles Peskine
ecd119d241
Merge pull request #5605 from gilles-peskine-arm/storage-format-check-mononicity-2.28
Backport 2.28: Check storage format tests for regressions
2022-03-07 17:02:29 +01:00
Andrzej Kurek
478181d1f3 Refactor ssl_context_info time printing
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-03-04 15:25:42 -05:00
Andrzej Kurek
388ee8a072 Guard cache_timeout in ssl_server2 with MBEDTLS_HAVE_TIME
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-03-04 15:25:42 -05:00
Andrzej Kurek
161005b2be Add the timing test dependency on MBEDTLS_HAVE_TIME
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-03-04 15:25:42 -05:00
Andrzej Kurek
65f93d5567 Fix udp_proxy dependency on MBEDTLS_HAVE_TIME
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-03-04 15:25:42 -05:00
Andrzej Kurek
77daaad198 Provide a dummy implementation of timing.c
Also move the self test implementation guards 
so that alternate implementations must
provide their own.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-03-04 15:25:42 -05:00
Andrzej Kurek
448cf48e18 Fix requirement mismatch in fuzz/common.c
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-03-04 15:25:42 -05:00
Andrzej Kurek
516e1b0700 Add a missing guard for time.h in net_sockets.c
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-03-04 15:25:42 -05:00
Andrzej Kurek
c84150882b Add a changelog entry
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-03-04 15:25:42 -05:00
David Horstmann
3cb5e9bf5a Use $PWD instead of $(pwd) for consistency
Change the new baremetal all.sh tests to use $PWD rather than
calling pwd again directly.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
2022-03-04 15:25:42 -05:00
David Horstmann
11d0a6feb6 programs/fuzz: Remove superfluous MBEDTLS_HAVE_TIME
MBEDTLS_HAVE_TIME_ALT implies MBEDTLS_HAVE_TIME, so an extra
check for MBEDTLS_HAVE_TIME is not needed.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
2022-03-04 15:25:42 -05:00
David Horstmann
0e4a1aa2f1 programs/test: fix build without MBEDTLS_HAVE_TIME
Allow programs/test/udp_proxy.c to build when MBEDTLS_HAVE_TIME is
not defined. In this case, do not attempt to seed the pseudo-random
number generator used to sometimes produce corrupt packets and other
erroneous data.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
2022-03-04 15:25:42 -05:00
Daniel Axtens
1a021afd7d tests: add baremetal full config build
To be able to test utility programs for an absence of time.h, we need a
baremetal config that is not crypto only. Add one.

Signed-off-by: Daniel Axtens <dja@axtens.net>
2022-03-04 15:25:42 -05:00
Raoul Strackx
2db000feb6 programs/ssl: Fix compile errors when MBEDTLS_HAVE_TIME is not defined
Signed-off-by: Raoul Strackx <raoul.strackx@fortanix.com>
[dja: add some more fixes, tweak title]
Signed-off-by: Daniel Axtens <dja@axtens.net>
2022-03-04 15:25:42 -05:00
Daniel Axtens
6f63cc7188 tests: prevent inclusion of time.h in baremetal compiles
baremetal compiles should not include time.h, as MBEDTLS_HAVE_TIME is
undefined. To test this, provide an overriding include directory that
has a time.h which throws a meaningful error if included.

Signed-off-by: Daniel Axtens <dja@axtens.net>
2022-03-04 15:25:42 -05:00
Daniel Axtens
301db66954 Do not include time.h without MBEDTLS_HAVE_TIME
MBEDTLS_HAVE_TIME is documented as: "System has time.h and time()."

If that is not defined, do not attempt to include time.h.

A particular problem is platform-time.h, which should only be included if
MBEDTLS_HAVE_TIME is defined, which makes everything messier. Maybe it
should be refactored to have the check inside the header.

Signed-off-by: Daniel Axtens <dja@axtens.net>
2022-03-04 15:25:42 -05:00
Daniel Axtens
b3f25b06e0 Add header guard around malloc(0) returning NULL implementation
Make it safe to import the config multiple times without having
multiple definition errors.

(This prevents errors in the fuzzers in a later patch.)

Signed-off-by: Daniel Axtens <dja@axtens.net>
2022-03-04 15:25:42 -05:00
Gilles Peskine
aeb8d66525 Ensure files get closed when they go out of scope
This is automatic in CPython but not guaranteed by the language. Be friendly
to other Python implementations.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-03-04 20:18:28 +01:00
Gilles Peskine
1177f37648 Fix typo and align on US spelling
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-03-04 20:18:28 +01:00
Gilles Peskine
5635459284 Unify module documentation with --help text
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-03-04 20:18:28 +01:00
Gilles Peskine
f548a0ce80 Don't require ABI tools if not checking the ABI
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-03-04 20:18:28 +01:00
Gilles Peskine
296aa46c04 Storage format test regressions are now checked mechanically
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-03-04 20:18:28 +01:00
Gilles Peskine
2eae8d7c40 Look at manually written read tests as well
The storage format comparison has a dual purpose: detect format changes that
lead to a loss of backward compatibility, and detect loss of test coverage.
For loss of backward compatibility, the read tests are the relevant ones.
For loss of test coverage, all generated test cases are potentially
relevant, but this script currently focuses on storage format (where a loss
of test coverage may be a symptom of a loss of backward compatibility).

Therefore, storage format test comparison now looks at manually written
storage format tests, but only if they're read tests.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-03-04 20:18:28 +01:00
Gilles Peskine
cfd4fae89d Add storage format checks to the interface checker
Expand abi_check.py to look for backward incompatibilities not only in
the interface exposed to application code (and to some extent driver
code), but also to the interface exposed via the storage format, which
is relevant when upgrading Mbed TLS on a device with a PSA keystore.

Strictly speaking, the storage format checks look for regressions in
the automatically generated storage format test data. Incompatible
changes that are not covered by the generated tests will also not be
covered by the interface checker.

A known defect in this commit is that the --brief output is not brief
for storage format checks.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-03-04 20:18:27 +01:00
Gilles Peskine
793778f6d6 Make the API/ABI check optional
This way we can add other checks and only run a subset of all the
checks. The default remains to run all the checks.

I made separate options for API and ABI, but since we use the same
tool for both and it doesn't have an obvious way to check only API or
only ABI, the two options must be both enabled or both disabled.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-03-04 20:18:27 +01:00
Gilles Peskine
9c6187d8ad Explicitly use UTF-8 in assemble_changelog
Changelog contents should be UTF-8 text files. So explicitly open all files as
UTF-8. This makes the script independent of the ambient locale (except with
respect to exception messages, but we can live with that).

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-03-04 20:17:53 +01:00
Gilles Peskine
791c40c522 Switch assemble_changelog to using text strings
Changelog contents should be UTF-8 text files. There's no need to be
binary-safe. So switch to using text strings in Python (str, not bytes). This
commit makes the following changes:
* Bytes literals (b'…') to string literals ('…').
* Subprocess output (which is all git information) is decoded as ascii.
* Inject text directly in exceptions rather than calling a decode method.

This is enough to make the script work as desired in a UTF-8 locale.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-03-04 20:17:47 +01:00