Commit Graph

1544 Commits

Author SHA1 Message Date
avolinski
7cc8229d80 Replace MBED_RANDOM_SEED_ITS_UID with MBEDTLS_RANDOM_SEED_ITS_UID
Update mbedtls_psa_inject_entropy function documentation
2018-11-21 16:24:53 +02:00
avolinski
4d27c94aee Adding testcase for PSA validate entropy injection: bad, too small using MBEDTLS_ENTROPY_MIN_PLATFORM 2018-11-21 16:24:53 +02:00
Netanel Gonen
21f37cbbec Add Tests for psa crypto entropy incjection
Adjust code to handle and work with MBEDTLS_ENTROPY_BLOCK_SIZE definition option
2018-11-21 16:24:52 +02:00
Netanel Gonen
9468bb241c Add Tests for psa crypto entropy incjection 2018-11-21 16:23:41 +02:00
Darryl Green
0c6575a84d psa: Extend psa_generate_key to support persistent lifetimes 2018-11-20 15:40:32 +00:00
Darryl Green
d49a499d03 psa: Implement persistent keys
Allow use of persistent keys, including configuring them, importing and
exporting them, and destroying them.

When getting a slot using psa_get_key_slot, there are 3 scenarios that
can occur if the keys lifetime is persistent:

1. Key type is PSA_KEY_TYPE_NONE, no persistent storage entry:
   -  The key slot is treated as a standard empty key slot
2. Key type is PSA_KEY_TYPE_NONE, persistent storage entry exists:
   -  Attempt to load the key from persistent storage
3. Key type is not PSA_KEY_TYPE_NONE:
   -  As checking persistent storage on every use of the key could
      be expensive, the persistent key is assumed to be saved in
      persistent storage, the in-memory key is continued to be used.
2018-11-20 15:40:25 +00:00
Darryl Green
db2b8db715 psa: Add storage implementation for files
Add new functions, psa_load_persistent_key(),
psa_free_persistent_key_data(), and psa_save_persistent_key(), for
managing persistent keys. These functions load to or save from our
internal representation of key slots. Serialization is a concern of the
storage backend implementation and doesn't abstraction-leak into the
lifetime management code.

An initial implementation for files is provided. Additional storage
backends can implement this interface for other storage types.
2018-11-20 15:21:22 +00:00
Jaeden Amero
818eab2e76 Merge tag 'mbedtls-2.14.0' into feature-psa
Mbed TLS version 2.14.0

Resolved conflicts in include/mbedtls/config.h,
tests/scripts/check-files.py, and yotta/create-module.sh by removing yotta.

Resolved conflicts in tests/.jenkins/Jenkinsfile by continuing to run
mbedtls-psa job.
2018-11-19 19:25:56 +00:00
Simon Butcher
c1b9892177 Update library version number to 2.14.0 2018-11-19 18:31:40 +00:00
Hanno Becker
6b123fbc39 Add test for overly long PSK in TLS-1.2 PSK-to-MS KDF 2018-11-19 11:24:26 +00:00
Hanno Becker
f074938aae Add SHA-384 tests for TLS 1.2 PSK-to-MS key derivation 2018-11-19 11:24:26 +00:00
Hanno Becker
a198f06feb Add tests for TLS-1.2 PSK-to-MS derivation 2018-11-19 11:24:25 +00:00
Gilles Peskine
a1b87e5afe Add missing dependency in an ECDH test case
curves.pl passes.
2018-11-16 16:43:04 +01:00
Gilles Peskine
1dfb1ba684 Add a test case for key agreement with a following KDF
There was no test case of ECDH with anything other than
PSA_ALG_SELECT_RAW. Exercise the code path from ECDH through a
"proper" KDF.

ECDH shared secret copied from an existing test, HKDF output
calculated with Cryptodome.
2018-11-16 16:09:27 +01:00
Hanno Becker
24658c4ba1 Add test vectors for TLS 1.2 PRF
Taken from https://www.ietf.org/mail-archive/web/tls/current/msg03416.html
2018-11-16 11:24:59 +00:00
Gilles Peskine
c7998b78b8 Factor common code into key_agreement_with_self 2018-11-14 21:17:16 +01:00
Gilles Peskine
88714d78b8 Allow ECDH-only public key in ECDH
In ECDH key agreement, allow a public key with the OID id-ECDH, not
just a public key with the OID id-ecPublicKey.

Public keys with the OID id-ECDH are not permitted by psa_import_key,
at least for now. There would be no way to use the key for a key
agreement operation anyway in the current API.
2018-11-14 21:17:16 +01:00
Gilles Peskine
714e16b37a Add import/export test of EC public key 2018-11-14 21:17:16 +01:00
Gilles Peskine
3ec8ed8b51 Add multipart key agreement tests
Add test cases that do key agreement with raw selection in pieces, to
validate that selection works even when the application doesn't read
everything in one chunk.
2018-11-14 21:15:37 +01:00
Gilles Peskine
bf49197c9b key_agreement_capacity: test the actual capacity as well
After testing that the advertized capacity is what the test data says,
read that many bytes to test that this is also actual capacity.
2018-11-14 21:15:37 +01:00
Gilles Peskine
10df341436 Factor usage_to_exercise into its own function 2018-11-14 21:15:37 +01:00
Gilles Peskine
fc411f1ac1 Use ASSERT_ALLOC in key agreement tests 2018-11-14 21:15:37 +01:00
Gilles Peskine
1d7c082124 Fix a memory leak in a test 2018-11-14 21:15:37 +01:00
Gilles Peskine
b7ecdf0509 Implement ECDH 2018-11-14 21:15:37 +01:00
Gilles Peskine
5968559a9c Key agreement test functions 2018-11-14 21:15:37 +01:00
Gilles Peskine
01d718cee8 New API function: psa_key_agreement
Set up a generator from a key agreement.
2018-11-14 21:15:37 +01:00
Gilles Peskine
93098fd996 Key agreement: macros for finite-field Diffie-Hellman, ECDH
Declare macros to represent key agreement algorithms.
2018-11-14 21:15:37 +01:00
Gilles Peskine
e8f0e3dc3c New algorithm category: key selection
A key selection algorithm is similar to a key derivation algorithm in
that it takes a secret input and produces a secret output stream.
However, unlike key derivation algorithms, there is no expectation
that the input cannot be reconstructed from the output. Key selection
algorithms are exclusively meant to be used on the output of a key
agreement algorithm to select chunks of the shared secret.
2018-11-14 21:15:37 +01:00
Gilles Peskine
e19b7d54d0 Revert "New function mbedtls_rsa_get_bitlen"
This reverts commit 1d26709dbd.
2018-11-12 19:14:34 +01:00
Gilles Peskine
64a43ce48e Revert "fixup! New function mbedtls_rsa_get_bitlen"
This reverts commit c939f6fcba.
2018-11-12 19:14:34 +01:00
Gilles Peskine
86a440b638 Reject non-byte-aligned RSA keys
On key import and key generation, for RSA, reject key sizes that are
not a multiple of 8. Such keys are not well-supported in Mbed TLS and
are hardly ever used in practice.

The previous commit removed support for non-byte-aligned keys at the
PSA level. This commit actively rejects such keys and adds
corresponding tests (test keys generated with "openssl genrsa").
2018-11-12 19:14:18 +01:00
Simon Butcher
cdd1a6c872 Merge remote-tracking branch 'restricted/pr/510' into development-restricted-proposed 2018-11-12 14:29:14 +00:00
Jaeden Amero
594a330eb7 psa: test: Fix truncation of message by snprintf
We had only allocated 40 bytes for printing into, but we wanted to print 46
bytes. Update the buffer to be 47 bytes, which is large enough to hold what
we want to print plus a terminating null byte.
2018-11-08 17:32:45 +00:00
Gilles Peskine
728944718a Fix a test case with incorrect dependency
Simplify the test case "PSA export a slot after a failed import of an
EC keypair": use an invalid private value for the specified curve. Now
the dependencies match the test data, so this fixes curves.pl.
2018-11-08 10:00:08 +01:00
Moran Peker
ce50007f90 Add tests of using cipher in bad state cases
- cipher setup after import key failure.
- cipher setup after set key policy but no key material
creation.
2018-11-07 16:20:07 +02:00
Moran Peker
3455009116 Add tests that check export failures after illegal behavior
- export a key after import key failure.
- export a key after the key was destroyed.
- export a key after set key policy but no key material
creation.
2018-11-07 16:19:34 +02:00
Moran Peker
28a38e6e38 Add tests that checks key management corner cases
- import a key into a non empty key slot.
- export a key from invalid slot number.
2018-11-07 16:18:24 +02:00
Simon Butcher
241823aab8 Merge remote-tracking branch 'public/pr/1641' into development-restricted-proposed 2018-11-07 12:55:47 +00:00
Simon Butcher
42ab4ae033 Merge remote-tracking branch 'public/pr/2167' into development-restricted-proposed 2018-11-07 12:54:45 +00:00
Gilles Peskine
8739da830e Fix test data in an old format
Update some test data from the asymmetric_apis_coverage branch that
wasn't updated to the new format from the
psa-asymmetric-format-raw_private_key branch.
2018-11-06 15:15:05 +01:00
Jaeden Amero
c0a0855793
Merge pull request #171 from ARMmbed/asymmetric_apis_coverage
Increase asymmetric APIs coverage
2018-11-06 13:00:35 +00:00
Mohammad AboMokh
2d65cf0b16 Fix sign test dependencies and used algorithm 2018-11-06 11:56:45 +02:00
Jaeden Amero
fe9f771e88
Merge pull request #170 from ARMmbed/increase_psa_key_derivation_code_coverage
add tests that increase key derivation code coverage slightly
2018-11-06 09:17:19 +00:00
Jaeden Amero
40f1cb104f
Merge pull request #182 from ARMmbed/psa-asymmetric-format-raw_private_key
Asymmetric import/export format: raw private EC keys
2018-11-06 09:02:25 +00:00
Mohammad AboMokh
392952df93 Fix test dependencies lists 2018-11-06 08:11:10 +02:00
itayzafrir
27e6945f43 Refactor and rename test hash_verify_bad_paths to hash_verify_bad_args
1. Updated test scenarios.
2. Renamed test and updated test description.
3. Some documentation updates.
4. Test dependency moved to .function file.
2018-11-05 18:36:05 +02:00
itayzafrir
b2dd5ed1e6 Rename test hash_finish_bad_paths to hash_finish_bad_args
Test dependency moved to .function file.
2018-11-05 18:36:05 +02:00
itayzafrir
f86548d674 Add test hash_bad_order
1. New test for testing bad order of hash function calls.
2. Removed test hash_update_bad_paths since it's test scenario
   was moved to the new test.
3. Moved some scenarios from test hash_verify_bad_paths to
   the new test.
2018-11-05 18:36:05 +02:00
itayzafrir
e1f932ba4d Refactor hash multi part test
Refactor test hash_multi_part to test various sizes when
calling psa_hash_update.
2018-11-05 18:36:05 +02:00
itayzafrir
58028321b9 Split test hash_bad_paths into 3 different tests
1. Rename hash_bad_paths to hash_verify_bad_paths
2. Add test hash_update_bad_paths
3. Add test hash_finish_bad_paths

The different scenarios tested as part of hash_bad_paths are
moved to the relevant test.
2018-11-05 18:36:05 +02:00