Add the test keys from RFC 8032 (§7.1 Ed25519 "TEST 1", §7.4 Ed448 "Blank").
This replaces the generic byte-sized data used for unknown key types
which no longer works now that Ed25519 is considered to have 255 bits.
Re-generate the automatically generated test data accordingly.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Define algorithms for PureEdDSA and for HashEdDSA, the EdDSA variants
defined by RFC 8032.
The encoding for HashEdDSA needs to encode the hash algorithm so that
the hash can be calculated by passing PSA_ALG_SIGN_GET_HASH(sig_alg)
to psa_hash_compute() or psa_hash_setup(). As a consequence,
Ed25519ph (using SHA-512) and Ed448ph (using SHAKE256) need to have
different algorithm encodings (the key is enough to tell them apart,
but it is not known while hashing). Another consequence is that the
API needs to recognize the Ed448 prehash (64 bytes of SHAKE256 output)
as a hash algorithm.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Add an elliptic curve family for the twisted Edwards curves
Edwards25519 and Edwards448 ("Goldilocks"). As with Montgomery curves,
since these are the only two curves in common use, the family has a
generic name.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Remove cipher_generate_iv driver entry point as there
is no known use case to delegate this to a driver.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
Add cipher accelerator compilation flags to
test_psa_crypto_drivers() all.sh component. The flags
are not necessary currently but may become.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
Test cipher operations by a transparent driver in all.sh
test_psa_crypto_config_basic and
test_psa_crypto_drivers components.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
As per drivers, pass to the Mbed TLS implementation of
the cipher multi-part operation its operation context
and not the PSA operation context.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
Make use of psa_cipher_xyz_internal() functions to
simplify the transparent test driver code and
extend the algorithms it supports to all algorithms
supported by the MbedTLS library.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
Given the PSA_WANT_* config options added lately,
update set_psa_test_dependencies.py and run it
on test_suite_psa_crypto*.data files but the SE
and generated ones.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
Fine tune handling of policy negative tests when
setting automatically PSA crypto unit tests
dependencies.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
For the time being, it is not possible to determine
the size of ECC keys from the arguments of all test
cases thus treat them as dependencies that are not
systematic. Such dependencies are not generated nor
deleted by set_psa_test_dependencies.py.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
Fix likely harmless undefined behavior in cipher tests pointed out by
UBSan with recent compilers (e.g. Clang 10). When the complete output
is empty, the output buffer is NULL. Adding an integer to a null
pointer is undefined behavior even when the integer is 0, so make a
special case for that.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Replace MBEDTLS_* config options for which there is
an associated PSA_WANT_* to the PSA_WANT_* one. That
way the tests are also run when the dependency is
provided by a driver.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
Update expected return values of psa_get_key_attributes(),
psa_export_key() and other key api(s) to PSA_ERROR_INVALID_HANDLE
for invalid key.
Signed-off-by: Maulik Patel <Maulik.Patel@arm.com>
Generate test cases for all algorithms without parameters. Only the encoding
of the algorithm in the key metadata is covered: the test keys are not of a
type that permits the algorithm to be used in an operation.
This commit only covers algorithms without parameters. A subsequent commit
will generate algorithms with parameters.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Update this based on the output of the generator script. The Brainpool
curves are now supported, since they are spelled properly in the config.
Signed-off-by: David Brown <david.brown@linaro.org>
The commit
commit dcdde59c6f
Author: David Brown <david.brown@linaro.org>
Date: Tue Feb 23 15:48:13 2021 -0700
tests: psa: Change Elliptic curve defines to PSA names
when rebased on
commit bb9cbc7a23
Author: Ronald Cron <ronald.cron@arm.com>
Date: Thu Mar 4 17:09:00 2021 +0100
psa: ecdsa: Prefer NOT_SUPPORTED error code
had an incorrect merge conflict resolution. Correct this, allowing the
test "PSA sign: invalid algorithm for ECC key" to pass again.
Signed-off-by: David Brown <david.brown@linaro.org>
Generate test cases for all key types. These test cases cover the key
representation (checked with export) and the encoding of the key type and
the bit-size.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Start generating storage format test cases. This commit introduces two test
data files: test_suite_psa_crypto_storage_format.v0.data for reading keys in
storage format version 0 (the current version at this time), and
test_suite_psa_crypto_storage_format.current.data for saving keys in the
current format (version 0 at this time).
This commit kicks off the test case generation with test cases to exercise
the encoding of usage flags. Subsequent commits will cover other aspects of
keys.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Save tests are for forward compatibility: import a key in the current format
and check that it has the expected storage format so that future versions
will still be able to read it.
Read tests are for backward compatibility: read a key in the format of a
past version (injected into storage) and check that this version can use it.
Exercise the key unless it is meant to test metadata storage only.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Split out the code that enumerates constructors of a PSA crypto type
from the code used to populate the list of constructors for the
specific purpose of testing psa_constant_names.
This commit adds some documentation but otherwise strives to minimize
code changes.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Generating all files all the time makes debugging one specific target
harder. So support generating a selection of targets only.
As a bonus, it is now more apparent what files this script generates,
and check-generated-files.sh takes advantage of it.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Use separate classes for information gathering, for each kind of test
generation (currently just one: not-supported), and for writing output
files.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Now that PSA crypto config supports the new PSA_WANT_ECC_xxx defines,
change the psa-specific test suites to use these new names.
Signed-off-by: David Brown <david.brown@linaro.org>
Printf could potentially produce 2 64 bit numbers here when there is
only space for one, thus causing a buffer overflow. This was caught by
the new warning flags.
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
Test hash algorithm functions when called through a transparent
driver in all.sh test_psa_crypto_config_basic and
test_psa_crypto_drivers components.
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
When ECDSA is not supported by the library, prefer
to return NOT_SUPPORTED than INVALID_ARGUMENT when
asked for an ECDSA signature.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
Move the check that ECDSA is supported from the
caller of the function responsible for Mbed TLS
ECDSA signatures to this function, namely
mbedtls_psa_ecdsa_sign_hash().
This makes the caller code more readable and is
more aligned with what is expected from a
sign_hash() PSA driver entry point.
Add a negative test case where a deterministic
ECDSA signature is requested while the library
does not support deterministic ECDSA.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
Reworked the validation of MAC algorithm with the used key type by
introducing psa_mac_key_can_do, which guarantees that PSA_MAC_LENGTH can
be called successfully after validation of the algorithm and key type.
This means psa_get_mac_output_length is no longer required.
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
Marked dirty memory ends up in the result buffer after encoding (due to
the input having been marked dirty), and then the final comparison
to make sure that we got what we expected was triggering the constant
flow checker.
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
Fix sloppy wording around stricly less-than vs less or equal in
comments. Also fix an off-by-one error in a comparison which led to
calling setrlimit if the limit was exactly the minimum required for
the test, which was unnecessary but harmless.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
mbedtls_net_poll() and mbedtls_net_recv_timeout() rely on select(),
which represents sets of file descriptors through the fd_set type.
This type cannot hold file descriptors larger than FD_SETSIZE. Make
sure that these functions identify this failure code.
Without a proper range check of the file descriptor in the
mbedtls_net_xxx function, this test fails when running with UBSan:
```
net_poll beyond FD_SETSIZE ........................................ source/library/net_sockets.c:482:9: runtime error: index 16 out of bounds for type '__fd_mask [16]'
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior source/library/net_sockets.c:482:9 in
```
This is a non-regression test for
https://github.com/ARMmbed/mbedtls/issues/4169 .
The implementation of this test is specific to Unix-like platforms.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
A place to put tests for the net_sockets module (MBEDTLS_NET_C feature).
Start with a context smoke test.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
The primary goal of this commit is to fix various comments where
`clang -Wdocumentation` identified a discrepancy between the actual
function parameters and the documented parameters. The discrepancies
were due to copypasta, formatting issues or documentation that had
diverged from the implementation.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
ARRAY_LENGTH has a portable but unsafe implementation, and a
non-portable implementation that causes a compile-time error if the
macro is accidentally used on a pointer.
The safety check was only implemented for __GCC__-defining compilers,
but the part that triggered the compile-time error was always used. It
turns out that this part triggers a build warning with MSVC (at least
with some versions: observed with Visual Studio 2013).
```
C:\builds\workspace\mbed-tls-pr-head_PR-4141-head\src\tests\src\psa_crypto_helpers.c(52): error C2220: warning treated as error - no 'object' file generated [C:\builds\workspace\mbed-tls-pr-head_PR-4141-head\src\mbedtls_test.vcxproj]
C:\builds\workspace\mbed-tls-pr-head_PR-4141-head\src\tests\src\psa_crypto_helpers.c(52): warning C4116: unnamed type definition in parentheses [C:\builds\workspace\mbed-tls-pr-head_PR-4141-head\src\mbedtls_test.vcxproj]
```
Since a compile-time error is never triggered when the compile-time
check for the argument type is not implemented, just use the unsafe
macro directly when there's no safety check.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
This ensures that test cases won't leave persistent files behind even
on failure, provided they use TEST_USES_KEY_ID(). Test cases that
don't use this macro are unaffected.
Tests that use PSA_DONE() midway and expect persistent keys to survive
must use PSA_SESSION_DONE() instead.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Merge the two identical definitions of TEST_USES_KEY_ID and
mbedtls_test_psa_purge_key_storage from
test_suite_psa_crypto_slot_management.function and
test_suite_psa_crypto_se_driver_hal.function into a single copy in
common test code so that it can be used in all test suites.
No semantic change.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Persistent storage common code from
test_suite_psa_crypto_slot_management.function had been duplicated in
test_suite_psa_crypto_se_driver_hal.function and the copy had slightly
diverged. Re-align the copy in preparation from moving the code to a
common module and using that sole copy in both test suites.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
mbedtls_test_fail does not copy the failure explanation string, so
passing a string on the stack doesn't work. This fixes a garbage
message that would appear if a test triggered a non-implemented code
path.
More generally, just use TEST_ASSERT instead of explicitly calling
mbedtls_test_fail, since we aren't playing any tricks with the error
location.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Shuffle the logic in mbedtls_test_psa_exported_key_sanity_check()
somewhat. The resulting behavior changes are:
* Always check the exported length against PSA_EXPORT_KEY_OUTPUT_SIZE,
even for unstructured key types.
* Always complain if a key type is not explicitly covered, not just
for public keys.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
The const-ness has to be cast away when calling mbedtls_asn1_xxx
parsing functions. This is a known flaw in the mbedtls API
(https://github.com/ARMmbed/mbedtls/issues/803).
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Remove a conditional imbrication level. Get rid of some minor overhead
for ECC public keys dating back from when they had ASN.1 wrapping.
No behavior change.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Move mbedtls_test_psa_exercise_key() (formerly exercise_key()) and
related functions to its own module. Export the few auxiliary
functions that are also called directly.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>