Commit Graph

16457 Commits

Author SHA1 Message Date
Gilles Peskine
ebe6caa869
Merge pull request #5089 from ronald-cron-arm/psa-test-driver
Introduce PSA test driver library to test PSA configuration
2021-12-01 16:45:53 +01:00
Ronald Cron
9ecdd970d0 psa: Fix obsolete code guard
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-11-30 14:49:19 +01:00
Ronald Cron
bdea4d4d8b psa: Fix and improve comments
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-11-30 14:49:19 +01:00
Ronald Cron
0962370acf all.sh: psa: Add cipher acceleration test component
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-11-30 14:49:19 +01:00
Ronald Cron
f7e483c0b4 all.sh: psa: Add hash acceleration test component
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-11-30 14:49:19 +01:00
Ronald Cron
9130eadde8 tests: psa: Add dependencies on built-in hash
Add dependencies on built-in hash of signature/
signature verification and asymmetric
encryption/decryption tests. The dependency is
not added for tests based on SHA-256 as SHA-256
is always present when PSA is involved (necessary
to the PSA core) and that way most of PSA signature
/verification tests are still run when PSA hash
operations are accelerated.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-11-30 14:49:19 +01:00
Ronald Cron
ef14af04c7 tests: psa: Refine choice of default hash algorithm for signature
As PSA signatures rely on built-in hash implementations
(cannot take an advantage of an accelerator for the
time being), chose an available built-in hash for
tests exercising a signature key.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-11-30 14:49:19 +01:00
Ronald Cron
d2c53e60ca all.sh: psa: Add ECDSA and RSA signature acceleration component
Add ECDSA and RSA signature acceleration testing
with signature capabilitites removed from the
Mbed TLS library.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-11-30 14:49:19 +01:00
Ronald Cron
d98ec4b1e7 psa: Fix some dependencies in config_psa.h
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-11-30 14:49:19 +01:00
Ronald Cron
0d5a27b195 psa: Fix Mbed TLS hash operation definition
Use PSA_BUILTIN macros instead of the Mbed TLS ones
as in the hash operation contexts the context for a
given hash is needed only if the support for it
through PSA is enabled.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-11-30 14:49:19 +01:00
Ronald Cron
cfc3c7b593 psa: Remove test code in the library
The current testing of the PSA configuration is
based on test code located in the library itself.

Remove this code as we are moving to using a
test library instead.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-11-30 14:49:19 +01:00
Ronald Cron
b814bdabe4 Move to separately compiled PSA test driver library
This commit removes the test_psa_crypto_config_basic
all.sh component that can no longer work without
adapting it to the separately compiled test driver
library. This component is replaced by several
components in the following commits to test various
type of acceleration independently.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-11-30 14:49:19 +01:00
Ronald Cron
df885c052c tests: Add build of a PSA test driver library
PR #3959 has proven that by adding a prefix
(LIBTESTDRIVER1/libtestdriver1_ in this commit) to
all MBEDTLS/PSA_* and mbedtls/psa_* symbols of a copy
of the Mbed TLS library, we can build a library that
can be linked with the Mbed TLS library.

This commit leverages this to build a PSA test driver
library based on the Mbed TLS library code.

The cryptographic features supported by the test
library are defined by:
. a minimal configuration (in the sense of config.h),
  see config_test_driver.h
. PSA_WANT_* and PSA_ACCEL_* defined macros.

The PSA_WANT_* macros have to be the same as the ones
used to build the Mbed TLS library the test driver
library is supposed to be linked to as the PSA_WANT_*
macros are used in the definition of structures and
macros that are shared by the PSA crypto core,
Mbed TLS drivers and the driver test library.

The PSA_ACCEL_* macros are intended to define the
cryptographic features that have to be removed
from the Mbed TLS library and thus supported by the
test library in test scenarios. The PSA_ACCEL_* macros
to build the test library are thus mirrored from the
ones to build the Mbed TLS library by extended the
crypto_config.h: see
crypto_config_test_driver_entension.h.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-11-30 14:49:19 +01:00
Ronald Cron
7b7854ed4b tests: Rename test driver entry points
Rename test driver entry points to
libtestdriver1_<name of the Mbed TLS entry point>.

This aligns with the renaming of all Mbed TLS APIs
for the test driver library (that will be put in place
in the following commits) to avoid name conflicts
when linking it with the Mbed TLS library.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-11-30 14:49:19 +01:00
Ronald Cron
d54303da7c psa: test driver: Move driver test entry points prototypes
In preparation of the driver test entry points to be
provided by a test driver library, move their prototypes
to tests directory.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-11-30 14:49:19 +01:00
Ronald Cron
088d5d0c1b psa: Add driver initialization and termination
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-11-30 14:49:19 +01:00
Ronald Cron
485559eeb5 psa: Fix unused variable warnings
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-11-30 14:49:19 +01:00
Ronald Cron
7207d574ab psa: asymmetric_encrypt/decrypt: Improve error code consistency
In psa_asymmetric_encrypt/decrypt(), always return
PSA_ERROR_INVALID_ARGUMENT if the key is a PSA key
and the algorithm is not a PSA algorithm we know
about, whether RSA is supported or not.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-11-30 14:48:35 +01:00
Ronald Cron
2091eed609 psa: driver: Reduce the scope of test driver entry points
Define test driver entry points that provide an alternative
to Mbed TLS driver entry points only when the PSA configuration
is used. Their purpose is only to test the PSA configuration
thus there is no good reason to use them out of this scope.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-11-30 13:24:47 +01:00
Ronald Cron
3a95d2b530 psa: Fix the size of hash buffers
Fix the size of hash buffers for PSA hash
operations.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-11-30 13:24:47 +01:00
Ronald Cron
0859fe20f6 psa: Fix hash max sizes
The PSA max hash size has to be 64 if SHA512 or
SHA384 is supported by the library or an
accelerator, not just in case of the library.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-11-30 13:24:47 +01:00
Ronald Cron
0c677c287b psa: Fix hash and mac operation type
The test entry points defined in psa_crypto_hash.c
and psa_crypto_mac.c are supposed to be exact
clones of the Mbed TLS driver entry points. Thus
the operation type should be the Mbed TLS operation
type not a test one. There was no compilation error
as the hash and cipher operation test types are
currently equal to the Mbed TLS ones.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-11-30 13:24:47 +01:00
Ronald Cron
fefa4580a5 tests: psa: Fix guards
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-11-30 13:24:47 +01:00
Ronald Cron
41f275018a tests: psa: Fix the dependencies on some driver wrappers fallback tests
The driver wrappers fallback tests depend on the builtin
support not builtin or driver.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-11-30 13:24:47 +01:00
Ronald Cron
a23d9bb97d tests: psa: Fix MD5 support not available dependencies
MD5 should not be supported by the library and any driver.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-11-30 13:24:47 +01:00
Ronald Cron
92becc6659 tests: ssl: Add misssing dependencies on SHA-1
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-11-30 13:24:47 +01:00
Ronald Cron
ae2e4a7225 tests: Fix x509parse test dependency
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-11-30 13:24:47 +01:00
Ronald Cron
f7e83d5bfb tests: psa: Remove wrong test function dependencies
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-11-30 13:24:47 +01:00
Ronald Cron
4bcccc6956 tests: psa driver: Align RSA/ECP sign/verify hash dispatch
Align RSA/ECP sign/verify hash dispatch with the
corresponding code of the library. The library
code was modified recently but not the test code
one and these modifications ease the following work.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-11-30 13:24:47 +01:00
Ronald Cron
a2dbe66770 tests: psa: driver: mac: Remove opaque entry points in library
Opaque test entry points will be implemented only in
test code.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-11-30 13:24:47 +01:00
Ronald Cron
4c224fe3cc psa: cipher: Fix invalid output buffer usage in psa_cipher_encrypt()
Don't use the output buffer in psa_cipher_encrypt()
to pass the generated IV to the driver as local
attacker could potentially control it.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-11-26 15:35:49 +01:00
Ronald Cron
732a6e250d test: psa driver wrapper: Add non regression test for psa_cipher_encrypt()
Add non regression test for invalid usage of
the output buffer in psa_cipher_encrypt().
The output buffer should not be used to pass
the IV to the driver as a local attacker could
be able to control the used IV.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-11-26 15:35:49 +01:00
Ronald Cron
3563210c10 test: psa driver wrapper: Add cipher_encrypt negative testing
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-11-26 15:35:49 +01:00
Ronald Cron
a833169914 psa: cipher: Add IV parameters to cipher_encrypt entry point
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-11-26 15:35:49 +01:00
Ronald Cron
e25351ad5b test: psa driver: Remove unnecessary IV generation
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-11-26 15:35:49 +01:00
Ronald Cron
1637707929 psa: cipher: Align APIs execution flow
Align the execution of cipher one-shot APIs with
that of cipher multi-part APIs: always exit
through the exit-labelled section.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-11-26 15:35:49 +01:00
Ronald Cron
c423acbe0f psa: cipher: Fix invalid output buffer usage in psa_cipher_generate_iv()
Don't use the output buffer in psa_cipher_generate_iv()
to pass the generated IV to the driver as local
attacker could potentially control it.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-11-26 15:35:49 +01:00
Ronald Cron
6fbc057786 test: psa driver wrapper: Add non regression test for psa_cipher_generate_iv()
Add non regression test for invalid usage of
the output buffer in psa_cipher_generate_iv().
The output buffer should not be used to pass
the IV to the driver as a local attacker could
be able to control the used IV.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-11-26 15:35:49 +01:00
Ronald Cron
33c6968d0f test: psa cipher: Add unexpected IV setting/generation negative tests
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-11-26 15:35:49 +01:00
Gilles Peskine
dbfc6510b0
Merge pull request #5232 from gilles-peskine-arm/dlopen-test-2.x
Dlopen test 2.x
2021-11-25 22:03:36 +01:00
Gilles Peskine
005887dcfd
Merge pull request #5231 from ronald-cron-arm/psa-opaque-key-checks-2.x
Backport 2.x: PSA opaque key checks
2021-11-25 22:03:13 +01:00
Gilles Peskine
3f5c2232f0
Merge pull request #5235 from paul-elliott-arm/fix_test_suite_ssl_2.x
Backport 2.x: Fix test_suite_ssl compilation errors with GCC11
2021-11-25 22:02:46 +01:00
Gilles Peskine
9501bd7d6e Make PSA headers more self-contained
Several files among include/psa/crypto_*.h are not meant to be included
directly, and are not guaranteed to be valid if included directly. This
makes it harder to perform some static analyses. So make these files more
self-contained so that at least, if included on their own, there is no
missing macro or type definition (excluding the deliberate use of forward
declarations of structs and unions).

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-11-25 20:34:05 +01:00
Paul Elliott
14148c4fbe Fix Changelog
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-11-25 18:08:30 +00:00
Paul Elliott
954578644f Fix compilation errors.
Under gcc11(+) both message and received would cause errors for
potentially being used uninitialised. We fixed many of these issues in
another PR, but this one is only seen under certain configs.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-11-25 18:08:23 +00:00
Gilles Peskine
6fa5c1d20c Use the normal idiom to support MBEDTLS_CONFIG_FILE
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-11-25 18:12:44 +01:00
Gilles Peskine
8e8e96500a Fix dynamic library extension on macOS
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-11-25 18:02:17 +01:00
Gilles Peskine
eea9c74d81 More explicit output for the test program
Without that, the logs were a bit hard to understand if you didn't know what
to expect.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-11-25 18:02:17 +01:00
Gilles Peskine
3dbb3e7e07 Avoid undefined variable warning without MBEDTLS_MD_C
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-11-25 18:02:17 +01:00
Gilles Peskine
99d8486f8e Use CMake's knowledge of what system library has dlopen()
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-11-25 18:02:17 +01:00