Commit Graph

5492 Commits

Author SHA1 Message Date
Ronald Cron
ef14af04c7 tests: psa: Refine choice of default hash algorithm for signature
As PSA signatures rely on built-in hash implementations
(cannot take an advantage of an accelerator for the
time being), chose an available built-in hash for
tests exercising a signature key.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-11-30 14:49:19 +01:00
Ronald Cron
d2c53e60ca all.sh: psa: Add ECDSA and RSA signature acceleration component
Add ECDSA and RSA signature acceleration testing
with signature capabilitites removed from the
Mbed TLS library.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-11-30 14:49:19 +01:00
Ronald Cron
cfc3c7b593 psa: Remove test code in the library
The current testing of the PSA configuration is
based on test code located in the library itself.

Remove this code as we are moving to using a
test library instead.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-11-30 14:49:19 +01:00
Ronald Cron
b814bdabe4 Move to separately compiled PSA test driver library
This commit removes the test_psa_crypto_config_basic
all.sh component that can no longer work without
adapting it to the separately compiled test driver
library. This component is replaced by several
components in the following commits to test various
type of acceleration independently.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-11-30 14:49:19 +01:00
Ronald Cron
df885c052c tests: Add build of a PSA test driver library
PR #3959 has proven that by adding a prefix
(LIBTESTDRIVER1/libtestdriver1_ in this commit) to
all MBEDTLS/PSA_* and mbedtls/psa_* symbols of a copy
of the Mbed TLS library, we can build a library that
can be linked with the Mbed TLS library.

This commit leverages this to build a PSA test driver
library based on the Mbed TLS library code.

The cryptographic features supported by the test
library are defined by:
. a minimal configuration (in the sense of config.h),
  see config_test_driver.h
. PSA_WANT_* and PSA_ACCEL_* defined macros.

The PSA_WANT_* macros have to be the same as the ones
used to build the Mbed TLS library the test driver
library is supposed to be linked to as the PSA_WANT_*
macros are used in the definition of structures and
macros that are shared by the PSA crypto core,
Mbed TLS drivers and the driver test library.

The PSA_ACCEL_* macros are intended to define the
cryptographic features that have to be removed
from the Mbed TLS library and thus supported by the
test library in test scenarios. The PSA_ACCEL_* macros
to build the test library are thus mirrored from the
ones to build the Mbed TLS library by extended the
crypto_config.h: see
crypto_config_test_driver_entension.h.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-11-30 14:49:19 +01:00
Ronald Cron
7b7854ed4b tests: Rename test driver entry points
Rename test driver entry points to
libtestdriver1_<name of the Mbed TLS entry point>.

This aligns with the renaming of all Mbed TLS APIs
for the test driver library (that will be put in place
in the following commits) to avoid name conflicts
when linking it with the Mbed TLS library.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-11-30 14:49:19 +01:00
Ronald Cron
d54303da7c psa: test driver: Move driver test entry points prototypes
In preparation of the driver test entry points to be
provided by a test driver library, move their prototypes
to tests directory.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-11-30 14:49:19 +01:00
Ronald Cron
088d5d0c1b psa: Add driver initialization and termination
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-11-30 14:49:19 +01:00
Ronald Cron
2091eed609 psa: driver: Reduce the scope of test driver entry points
Define test driver entry points that provide an alternative
to Mbed TLS driver entry points only when the PSA configuration
is used. Their purpose is only to test the PSA configuration
thus there is no good reason to use them out of this scope.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-11-30 13:24:47 +01:00
Ronald Cron
fefa4580a5 tests: psa: Fix guards
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-11-30 13:24:47 +01:00
Ronald Cron
41f275018a tests: psa: Fix the dependencies on some driver wrappers fallback tests
The driver wrappers fallback tests depend on the builtin
support not builtin or driver.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-11-30 13:24:47 +01:00
Ronald Cron
a23d9bb97d tests: psa: Fix MD5 support not available dependencies
MD5 should not be supported by the library and any driver.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-11-30 13:24:47 +01:00
Ronald Cron
92becc6659 tests: ssl: Add misssing dependencies on SHA-1
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-11-30 13:24:47 +01:00
Ronald Cron
ae2e4a7225 tests: Fix x509parse test dependency
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-11-30 13:24:47 +01:00
Ronald Cron
f7e83d5bfb tests: psa: Remove wrong test function dependencies
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-11-30 13:24:47 +01:00
Ronald Cron
4bcccc6956 tests: psa driver: Align RSA/ECP sign/verify hash dispatch
Align RSA/ECP sign/verify hash dispatch with the
corresponding code of the library. The library
code was modified recently but not the test code
one and these modifications ease the following work.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-11-30 13:24:47 +01:00
Ronald Cron
a2dbe66770 tests: psa: driver: mac: Remove opaque entry points in library
Opaque test entry points will be implemented only in
test code.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-11-30 13:24:47 +01:00
Ronald Cron
732a6e250d test: psa driver wrapper: Add non regression test for psa_cipher_encrypt()
Add non regression test for invalid usage of
the output buffer in psa_cipher_encrypt().
The output buffer should not be used to pass
the IV to the driver as a local attacker could
be able to control the used IV.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-11-26 15:35:49 +01:00
Ronald Cron
3563210c10 test: psa driver wrapper: Add cipher_encrypt negative testing
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-11-26 15:35:49 +01:00
Ronald Cron
a833169914 psa: cipher: Add IV parameters to cipher_encrypt entry point
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-11-26 15:35:49 +01:00
Ronald Cron
e25351ad5b test: psa driver: Remove unnecessary IV generation
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-11-26 15:35:49 +01:00
Ronald Cron
6fbc057786 test: psa driver wrapper: Add non regression test for psa_cipher_generate_iv()
Add non regression test for invalid usage of
the output buffer in psa_cipher_generate_iv().
The output buffer should not be used to pass
the IV to the driver as a local attacker could
be able to control the used IV.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-11-26 15:35:49 +01:00
Ronald Cron
33c6968d0f test: psa cipher: Add unexpected IV setting/generation negative tests
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-11-26 15:35:49 +01:00
Gilles Peskine
dbfc6510b0
Merge pull request #5232 from gilles-peskine-arm/dlopen-test-2.x
Dlopen test 2.x
2021-11-25 22:03:36 +01:00
Paul Elliott
954578644f Fix compilation errors.
Under gcc11(+) both message and received would cause errors for
potentially being used uninitialised. We fixed many of these issues in
another PR, but this one is only seen under certain configs.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-11-25 18:08:23 +00:00
Gilles Peskine
27482f17f1 Run the dlopen test in shared library builds
Non-regression for the fix in https://github.com/ARMmbed/mbedtls/pull/5126:
libmbedtls and libmbedx509 did not declare their dependencies on libmbedx509
and libmbedcrypto when built with make.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-11-25 18:00:53 +01:00
Gilles Peskine
3107b337e1
Merge pull request #5154 from gabor-mezei-arm/3649_bp2x_move_constant_time_functions_into_separate_module
[Backport 2.x] Move constant-time functions into a separate module
2021-11-24 19:33:03 +01:00
Manuel Pégourié-Gonnard
1d7f7a7c6e
Merge pull request #5194 from bensze01/invalid_nonce_error_2.x
Backport 2.x: PSA: Indicate in the error returned when we know that an AEAD nonce length is invalid, not just unsupported
2021-11-18 09:41:15 +01:00
Gilles Peskine
23b4096ecf Fix several bugs with multiline comments
Empty the current line if it's entirely inside a comment.

Don't incorrectly end a block comment at the second line if it doesn't
contain `*/`.

Recognize `/*` to start a multiline comment even if it isn't at the start of
the line.

When stripping off comments, consistently strip off `/*` and `*/`.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-11-17 20:45:39 +01:00
Gilles Peskine
44801627d2 Improve comment and string stripping
Make that part of the code more readable.

Add support for // line comments.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-11-17 20:45:06 +01:00
Gilles Peskine
4f04d619b5 Fix terminology in comment
In computing, brackets are []. () are called parentheses.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-11-17 20:39:56 +01:00
Gilles Peskine
df30665a16 Move comment and string literal processing to a new function
No intended behavior change.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-11-17 20:32:31 +01:00
Gilles Peskine
c8fc67f341 Simplify some regex definitions
Use '|'.join([comma-separated list]) rather than r'...|' r'...|'. This way
there's less risk of forgetting a '|'. Pylint will yell if we forget a comma
between list elements.

Use match rather than search + mandatory start anchor for EXCLUSION_LINES.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-11-17 20:23:18 +01:00
Bence Szépkúti
2be65d5134 Remove expected failure from test_psa_compliance
Issue #5143 was fixed in PR #5192.

Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2021-11-17 14:47:56 +01:00
Manuel Pégourié-Gonnard
394c65e0f0
Merge pull request #5169 from bensze01/test_psa_compliance_2.x
Backport 2.x: Run the PSA Compliance test suite in all.sh
2021-11-17 14:10:05 +01:00
Bence Szépkúti
358e0ea464 Indicate nonce sizes invalid for ChaCha20-Poly1305
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2021-11-17 14:03:08 +01:00
Manuel Pégourié-Gonnard
1a3201a7b9
Merge pull request #5192 from daverodgman/development_2.x
Backport 2.x: PSA error code fix
2021-11-17 13:09:43 +01:00
Dave Rodgman
dc4e4b72c0 Fix derive_input test ignoring parameter
Fix derive_input test hardcoding key type instead of using test argument.

Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2021-11-17 10:02:52 +00:00
Dave Rodgman
bc92abed8c Update test to handle changed error code
Update test to handle changed error code from psa_key_derivation_output_key

Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2021-11-17 10:02:51 +00:00
Gilles Peskine
b3f4dd5c81 Lift some code out of parse_identifiers
Make parse_identifiers less complex. Pylint was complaining that it had too
many local variables, and it had a point.

* Lift the constants identifier_regex and exclusion_lines to class
  constants (renamed to uppercase because they're constants).
* Lift the per-file loop into a new function parse_identifiers_in_file.

No intended behavior change.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-11-16 21:26:08 +01:00
Gilles Peskine
7493c4017a Fix comment parsing
Fix cases like
```
/*short comment*/ /*long
 comment */
int mbedtls_foo;
```
where the previous code thought that the second line started outside of a
comment and ended inside of a comment.

I believe that the new code strips comments correctly. It also strips string
literals, just in case.

Fixes #5191.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-11-16 21:25:14 +01:00
Przemyslaw Stekiel
b66bc0ad4a Move psa_crypto_slot_management.h out from psa_crypto_helpers.h
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2021-11-14 20:03:23 +01:00
Przemyslaw Stekiel
7c7fb877c6 ssl_client2, ssl_server2: add check for psa memory leaks
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2021-11-14 20:03:23 +01:00
Bence Szépkúti
c1e79fd2e3 Enable CMAC for PSA crypto compliance tests
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2021-11-11 20:47:32 +01:00
Bence Szépkúti
24ec529f82 Multipart AEAD is not supported in Mbed TLS 2.x
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2021-11-11 20:47:29 +01:00
Bence Szépkúti
e30fcb6ed5 Remove superfluous expected failures from list
Issue #5144 doesn't affect development_2.x

Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2021-11-11 16:24:19 +01:00
Gabor Mezei
c0ae1cf45a
Rename internal header constant_time.h to constant_time_internal.h
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2021-11-11 11:33:19 +01:00
Gabor Mezei
18a44949d0
Rename constant-time functions to have mbedtls_ct prefix
Rename functions to better suite with the module name.

Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2021-11-11 11:32:01 +01:00
gabor-mezei-arm
6e4ace6b40
Delete ssl_invasive.h due to duplicated function declarations
All function declaration provided by ssl_invasive.h is needed only for
testing purposes and all of them are provided by constant_time.h as well.

Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2021-11-11 10:59:05 +01:00
gabor-mezei-arm
e41e3e8a8b Rename function to have suitable name
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2021-11-11 09:57:28 +01:00
Bence Szépkúti
1dbaaba067 Build psa-arch-tests with MISSING_CRYPTO_1_0=1
This disables references to the missing multipart AEAD functions.

Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2021-11-10 17:44:37 +01:00
Bence Szépkúti
d1c6420aba Move to a fork with Mbed TLS 2.x specific fixes
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2021-11-10 17:43:20 +01:00
Bence Szépkúti
340352ad74 Track upstreaming task in an issue
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2021-11-10 14:56:35 +01:00
Bence Szépkúti
7ccbea6e47 Document the values in EXPECTED_FAILURES
Including the issues where the corresponding defects are tracked.

Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2021-11-10 14:56:35 +01:00
Bence Szépkúti
355f8050cc Move to an updated fork of psa-arch-tests
The new fork was rebased on top of the upstream master, removing the
need for most of the downstream patches we carried.

On the other hand, the new fork includes a couple of fixes to problems
that were not addressed by the original fork, or were introduced with the
new version of psa-arch-tests.

Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2021-11-10 14:56:35 +01:00
Bence Szépkúti
d6cf089b37 Explain why support_test_psa_compliance is needed
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2021-11-10 14:56:35 +01:00
Bence Szépkúti
bd66d184ff Keep local clone around even if the test succeeds
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2021-11-10 14:56:35 +01:00
Bence Szépkúti
eda2fb9583 Make directory creation code more compact
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2021-11-10 14:56:35 +01:00
Bence Szépkúti
c2ca135f82 Add licence header to script
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2021-11-10 14:56:35 +01:00
Bence Szépkúti
559f1ce0a3 Make main() suitable to being called from python
Don't call sys.exit(), and don't clobber the working directory.

Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2021-11-10 14:56:34 +01:00
Bence Szépkúti
19a124d677 Fix pylint errors
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2021-11-10 14:56:34 +01:00
Bence Szépkúti
6025655598 Simplify regex and use named capture groups
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2021-11-10 14:56:34 +01:00
Bence Szépkúti
faf7f1b554 Use print(end='') to silence double newline
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2021-11-10 14:56:34 +01:00
Bence Szépkúti
f54a9d2adf Indicate errors interleaved with test suite output
Indicate whether a success or failure is unexpected, or expected and
ignored as they happen.

Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2021-11-10 14:56:34 +01:00
Bence Szépkúti
ab796e656b Make the changes easier to backport
The code replaced in this patch was not compatible with the
development_2.x branch.

Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2021-11-10 14:56:34 +01:00
Bence Szépkúti
9f84911d55 Run the PSA Compliance test suite in all.sh
This commit adds a component to all.sh which clones, builds and runs the
compliance test suite.

Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2021-11-10 14:56:34 +01:00
Przemyslaw Stekiel
5929996569 Add generated test data
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2021-11-09 14:41:28 +01:00
Przemyslaw Stekiel
292759319f Fix rebase issue in generate_psa_tests.py
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2021-11-09 12:06:37 +01:00
Przemyslaw Stekiel
98e38678c2 Adapt generate_key() test code to mbedTLS standards
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2021-11-09 12:01:19 +01:00
Przemyslaw Stekiel
1ab3a5ca98 generate_psa_tests.py: add key generation result to test case argument list, add comments
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2021-11-09 12:01:19 +01:00
Przemyslaw Stekiel
0810108f12 Fix issues pointed by CI
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2021-11-09 12:01:14 +01:00
Przemyslaw Stekiel
c03b7c58d1 Remove unused param and duplicated test cases
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2021-11-09 11:55:58 +01:00
Przemyslaw Stekiel
32a8b84814 Remove key generation when given argument is invalid from NotSupported class
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2021-11-09 11:55:58 +01:00
Przemyslaw Stekiel
997caf835c Add test class for key generation
Genertae test_suite_psa_crypto_generate_key.generated.data.
Use test_suite_psa_crypto_generate_key.function as a test function.

Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2021-11-09 11:55:58 +01:00
Gilles Peskine
adcfdbf2c6 Fix test bug: some classification flags were not tested
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-11-03 14:29:20 +01:00
Gilles Peskine
31b95155ba Ensure that all flags are actually tested
At least twice, we added a classification flag but forgot to test it in the
relevant test functions. Add some protection so that this doesn't happen
again. In each classification category, put a macro xxx_FLAG_MASK_PLUS_ONE
at the end. In the corresponding test function, keep track of the flags that
are tested, and check that their mask is xxx_FLAG_MASK_PLUS_ONE - 1 which is
all the bits of the previous flags set.

Now, if we add a flag without testing it, the test
TEST_EQUAL( classification_flags_tested, xxx_FLAG_MASK_PLUS_ONE - 1 )
will fail. It will also fail if we make the set of flag numbers
non-consecutive, which is ok.

This reveals that three algorithm flags had been added but not tested (in
two separate occasions). Also, one key type flag that is no longer used by
the library was still defined but not tested, which is not a test gap but is
inconsistent. It's for DSA, which is relevant to the PSA encoding even if
Mbed TLS doesn't implement it, so keep the flag and do test it.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-11-03 14:25:41 +01:00
Gilles Peskine
e65be27eea Correct block size for MD2
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-11-03 13:19:02 +01:00
Gilles Peskine
cc14ce08c2 Add PSA_ALG_IS_HASH_AND_SIGN to the metadata tests
The status of signature wildcards with respect to PSA_ALG_IS_HASH_AND_SIGN
is unclear in the specification. A wildcard is usually instantiated with a
specific hash, making the implementation hash-and-sign, but it could also be
instantiated with a non-hash-and-sign algorithm. For the time being, go with
what's currently implemented, which is that they are considered
hash-and-sign.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-11-03 13:19:02 +01:00
Gilles Peskine
8cb22c8d87 Untangle PSA_ALG_IS_HASH_AND_SIGN and PSA_ALG_IS_SIGN_HASH
The current definition of PSA_ALG_IS_HASH_AND_SIGN includes
PSA_ALG_RSA_PKCS1V15_SIGN_RAW and PSA_ALG_ECDSA_ANY, which don't strictly
follow the hash-and-sign paradigm: the algorithm does not encode a hash
algorithm that is applied prior to the signature step. The definition in
fact encompasses what can be used with psa_sign_hash/psa_verify_hash, so
it's the correct definition for PSA_ALG_IS_SIGN_HASH. Therefore this commit
moves definition of PSA_ALG_IS_HASH_AND_SIGN to PSA_ALG_IS_SIGN_HASH, and
replace the definition of PSA_ALG_IS_HASH_AND_SIGN by a correct one (based
on PSA_ALG_IS_SIGN_HASH, excluding the algorithms where the pre-signature
step isn't to apply the hash encoded in the algorithm).

In the definition of PSA_ALG_SIGN_GET_HASH, keep the condition for a nonzero
output to be PSA_ALG_IS_HASH_AND_SIGN.

Everywhere else in the code base (definition of PSA_ALG_IS_SIGN_MESSAGE, and
every use of PSA_ALG_IS_HASH_AND_SIGN outside of crypto_values.h), we meant
PSA_ALG_IS_SIGN_HASH where we wrote PSA_ALG_IS_HASH_AND_SIGN, so do a
global replacement.
```
git grep -l IS_HASH_AND_SIGN ':!include/psa/crypto_values.h' | xargs perl -i -pe 's/ALG_IS_HASH_AND_SIGN/ALG_IS_SIGN_HASH/g'
```

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-11-03 12:44:08 +01:00
Gilles Peskine
1b06d09fc6 Test PSA_HASH_BLOCK_LENGTH
Only tested for algorithms for which we support HMAC, since that's all we
use PSA_HASH_BLOCK_LENGTH for at the moment.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-11-03 12:38:57 +01:00
Andrzej Kurek
b4206b146d Add a missing psa_crypto test suite test name
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2021-11-02 20:06:08 +01:00
Manuel Pégourié-Gonnard
1f1bc2df7c
Merge pull request #5117 from gilles-peskine-arm/psa-rsa-pss_any_salt-2.x
Backport 2.x: PSA: fix salt length for PSS verification
2021-10-29 16:36:46 +02:00
Manuel Pégourié-Gonnard
6295dcb600
Merge pull request #5051 from gilles-peskine-arm/psa-add-aria-2.x
Backport 2.x: Add ARIA to the PSA API
2021-10-29 09:38:13 +02:00
Manuel Pégourié-Gonnard
0c81ba7856
Merge pull request #4944 from gilles-peskine-arm/remove-greentea-2.x
Backport 2.x: Remove on-target testing
2021-10-29 09:33:26 +02:00
Gilles Peskine
ff30bd0111 Always set a build type for cmake when building for testing
Set the build type to Release (-O2) when running CPU-intensive tests (ssl-opt,
or unit tests with debug features). A build type of Check (-Os) would be best
when the main objective of the build is to check for build errors or warnings
and there aren't many tests to run; in this commit there are no such test
cases to change. Only use cmake with no build type (which results in not
passing a -O option, and thus missing some GCC warnings) when exercising cmake
features.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-10-28 14:28:53 +02:00
Gilles Peskine
31fdda1262 Fix cmake invocation syntax
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-10-28 14:28:53 +02:00
Gilles Peskine
2531970772 Switch cmake -O2 builds around to where we test a lot
Use Release mode (-O2) for component_test_full_cmake_clang which runs SSL
tests.

To have some coverage with Check mode (which enables more compiler warnings
but compiles with -Os), change a few other builds that only run unit tests
at most to Check mode.

Don't add any new builds, to keep the total build volume down. We don't need
extensive coverage of all combinations, just a reasonable set.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-10-28 14:28:53 +02:00
Gilles Peskine
a0c51fb53e Clarify a comment
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-10-28 14:28:53 +02:00
Gilles Peskine
3daa83e99a Correct support function name
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-10-28 14:28:53 +02:00
Gilles Peskine
6fa69864a2 Build with -O2 when running ssl-opt
SSL testing benefits from faster executables, so use -O2 rather than -O1.
Some builds use -O1, but that's intended for jobs that only run unit tests,
where the build takes longer than the tests.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-10-28 14:28:53 +02:00
Gilles Peskine
44fa40cd56 Fix PSA_ALG_RSA_PSS verification accepting an arbitrary salt length
PSA_ALG_RSA_PSS algorithm now accepts only the same salt length for
verification that it produces when signing, as documented.

Fixes #4946.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-10-28 10:07:27 +02:00
Gilles Peskine
d79af3a522 Test PSS verification with different salt lengths
Test the following combinations:
* 1024-bit key, SHA-256, salt=0
* 1024-bit key, SHA-256, salt=31 (1 byte shorter than standard)
* 1024-bit key, SHA-256, salt=32 (standard length)
* 1024-bit key, SHA-256, salt=94 (maximum possible length)
* 1024-bit key, SHA-512, salt=61 (1 byte shorter than standard)
* 1024-bit key, SHA-512, salt=62 (standard = maximum possible length)
* 528-bit key, SHA-512, salt=0 (only possible length)

Test psa_verify_hash() for both PSA_ALG_RSA_PSS and PSA_ALG_RSA_PSS_ANY_SALT
with all of these combinations. For psa_verify_message(), just test once
with the standard length and once with a different length.

Note that as of this commit, both PSA_ALG_RSA_PSS and
PSA_ALG_RSA_PSS_ANY_SALT accept any salt length during verification, hence
all the new test cases are positive.

The verify test cases were generated using the Python script below.

```
from Cryptodome import Hash
from Cryptodome.Hash import SHA512
from Cryptodome import PublicKey
from Cryptodome.PublicKey import RSA
from Cryptodome.Signature import pss

key = {
    528: RSA.import_key(bytes.fromhex("30820145020100024300e31c246d46485984261fd174cab3d4357344602ecd793c47dbe54252d37bb350bc634359b19515542080e4724a4b672291be57c7648f51629eaef234e847d99cc65f0203010001024300b166322e09504a5c274b83592f5cf8ce2793a96de5a265abdbe060c641dbc65db0d11c782fe133a7e60aea686d21058d928cad3ef58924c4bb26b9206a03001d0241022200f85d72e463b406ffa282c34b5f0c2d6c2aacf210246af53d5bc7a0b7fa036e1cdb022200ea176c3d9a7fb355fb9fb7707e679b4acfb7bcb645b907e27cdf1764bc340971cd02212e13380342b3dd3083777abf7acc8988ad8a1406069b890f6efd63c57dae31394d022200c3602d3cf537e3cbbda93e072bd8f92965586aae8e5eb20ffc3c8e5fcb1c7b4d7902220098a04f18e48c689ad2f5b9bd404333def54cb2506cd0075c967a2968261e8b8f10")),
    1024: RSA.import_key(bytes.fromhex("3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24")),
}
hash_module = {
    256: Hash.SHA256,
    512: Hash.SHA512,
}

def print_test_case(remark, pub, kbits, hbits, input, output):
    key_hex = pub.hex()
    input_hex = input.hex()
    output_hex = output.hex()
    print(f"""\
PSA verify hash: RSA-{kbits} PSS SHA-{hbits}, {remark}
depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_{hbits}:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C
verify_hash:PSA_KEY_TYPE_RSA_PUBLIC_KEY:"{key_hex}":PSA_ALG_RSA_PSS(PSA_ALG_SHA_{hbits}):"{input_hex}":"{output_hex}"

PSA verify hash: RSA-{kbits} PSS-any-salt SHA-{hbits}, {remark}
depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_{hbits}:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C
verify_hash:PSA_KEY_TYPE_RSA_PUBLIC_KEY:"{key_hex}":PSA_ALG_RSA_PSS_ANY_SALT(PSA_ALG_SHA_{hbits}):"{input_hex}":"{output_hex}"
""")

def rand(n):
    return bytes(x & 0xff for x in range(n))

def test_case(kbits, hbits, slen):
    priv = key[kbits]
    pub_spki = priv.publickey().export_key('DER')
    pub_raw = PublicKey._expand_subject_public_key_info(pub_spki)[1]
    hash_op = hash_module[hbits].new(b'abc')
    digest = hash_op.copy().digest()
    output = pss.new(priv, salt_bytes=slen, rand_func=rand).sign(hash_op)
    print_test_case(f"slen={slen}", pub_raw, kbits, hbits, digest, output)

test_case(1024, 256, 0)
test_case(1024, 256, 31)
test_case(1024, 256, 32)
test_case(1024, 256, 94)
test_case(1024, 512, 61)
test_case(1024, 512, 62)
test_case(528, 512, 0)
```

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-10-28 10:07:24 +02:00
Gilles Peskine
19ff9a6173 Test that a PSS policy doesn't allow PSS_ANY_SALT and vice versa
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-10-28 10:07:21 +02:00
Gilles Peskine
72215f6336 Shorten some test descriptions
Ensure the unique part fits in the 66 columns that the test runner displays.
Leave room for an additional distinguisher on signature key policy negative
test cases.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-10-28 10:07:15 +02:00
Gilles Peskine
bb2d17cec6 Add test cases for PSA_ALG_RSA_PSS_ANY_SALT
The test cases strictly replicate a subset of the test cases for
PSA_ALG_RSA_PSS. The subset validates that PSA_ALG_RSA_PSS_ANY_SALT is
recognized wherever PSA_ALG_RSA_PSS is.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-10-28 10:06:50 +02:00
Gilles Peskine
ac6181ca1c Update metadata tests with the new IS_ALG_RSA_PSS_xxx_SALT predicates
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-10-28 10:06:41 +02:00
Gilles Peskine
35115f9c1a New algorithm PSA_ALG_RSA_PSS_ANY_SALT
This is a variant of PSA_ALG_RSA_PSS which currently has exactly the same
behavior, but is intended to have a different behavior when verifying
signatures.

In a subsequent commit, PSA_ALG_RSA_PSS will change to requiring the salt
length to be what it would produce when signing, as is currently documented,
whereas PSA_ALG_RSA_PSS_ANY_SALT will retain the current behavior of
allowing any salt length (including 0).

Changes in this commit:

* New algorithm constructor PSA_ALG_RSA_PSS_ANY_SALT.
* New predicates PSA_ALG_IS_RSA_PSS_STANDARD_SALT (corresponding to
  PSA_ALG_RSA_PSS) and PSA_ALG_IS_RSA_PSS_ANY_SALT (corresponding to
  PSA_ALG_RSA_PSS_ANY_SALT).
* Support for the new predicates in macro_collector.py (needed for
  generate_psa_constant_names).

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-10-28 10:06:38 +02:00
Manuel Pégourié-Gonnard
d599dc7f1b
Merge pull request #4932 from tom-daubney-arm/all.sh-subshells-2.x
Backport 2.x: Run all.sh components in a subshell
2021-10-28 09:33:22 +02:00
paul-elliott-arm
460d779773
Merge pull request #5097 from gilles-peskine-arm/ssl-opt-resend-retry-2.x
Backport 2.x: Retry a test case if it fails due to an unexpected resend
2021-10-27 16:24:41 +01:00
Manuel Pégourié-Gonnard
8e8251a6fa
Merge pull request #4835 from gilles-peskine-arm/base64-no-table-2.2x
Backport 2.2x: range-based constant-flow base64
2021-10-27 12:18:29 +02:00
Paul Elliott
ce77738d95 Remove bash specific code
Use case pattern matching instead of multiline split, given there is
only the well formatted PIDs to match on this should be safe.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-10-26 11:02:16 +01:00
Paul Elliott
6cd97ceba0 Remove use of -p with lsof
On machines with more modern kernels (>5.4 from testing so far) the
useage of -b seems to conflict with the usage of -p. Whilst the usage of
-b seems like a good idea to avoid blocks as we are tight looping on it,
the usage of -p seems to require the usage of stat() (specifically in
/proc) which -b forbids. All you get is a load of warnings
(suppressable by -w) but never a positive result, which means that all
servers are reported as "Failed to start". We are not keen on losing
-b, so instead parse the output of lsof (using -F to format it) to
check the if PIDs that it outputs match that we are looking for.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-10-26 11:02:10 +01:00
Manuel Pégourié-Gonnard
05ee09eae7
Merge pull request #5107 from mprse/issue_4056_b2x
Backport 2.x: Use PSA_HASH_LENGTH instead hardcoded integer values
2021-10-26 10:35:47 +02:00
Gilles Peskine
d3e5dd3f3a Rename variable to avoid a name clash
digits is also a local variable in host_test.function, leading to compilers
complaining about that shadowing the global variable in
test_suite_base64.function.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-10-25 21:24:23 +02:00
Gilles Peskine
fd489f97c1 Move the list of Base64 digits out of the test data
This is part of the definition of the encoding, not a choice of test
parameter, so keep it with the test code.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-10-25 21:24:23 +02:00
Gilles Peskine
a138802230 Move declarations of testing-only base64 functions to their own header
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-10-25 21:24:23 +02:00
Gilles Peskine
0f4e3fbd10 Mark output as public before testing it
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-10-25 21:24:23 +02:00
Gilles Peskine
3b1f4c0d7e Add unit tests for base64 internal functions
Add unit tests for mask_of_range(), enc_char() and dec_value().

When constant-flow testing is enabled, verify that these functions are
constant-flow.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-10-25 21:24:23 +02:00
Przemyslaw Stekiel
645703c8a3 Use PSA_HASH_LENGTH instead hardcoded integer values
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2021-10-25 16:48:25 +02:00
Gilles Peskine
b436649a25 Show values when TEST_EQUAL fails
When TEST_EQUAL fails, show the two numerical values in the test log (only
with host_test). The values are printed in hexa and signed decimal.

The arguments of TEST_EQUAL must now be integers, not pointers or floats.
The current implementation requires them to fit in unsigned long long
Signed values no larger than long long will work too. The implementation
uses unsigned long long rather than uintmax_t to reduce portability
concerns. The snprintf function must support "%llx" and "%lld".

For this purpose, add room for two lines of text to the mbedtls_test_info
structure. This adds 154 bytes of global data.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-10-22 11:06:52 +02:00
Gilles Peskine
aa1d6ad9d2 Move is-it-resend logic into a function
Improve the code structure in case we want to add other similar conditions
later. Document better what we're doing, and document why we're doing it.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-10-21 11:00:35 +02:00
Gilles Peskine
2d3c9f898b Retry if a test case fails because of an unexpected resend
Palliative for https://github.com/ARMmbed/mbedtls/issues/3377. If a test
case fails due to an unexpected resend, allow retrying, like in the case of
a client timeout.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-10-21 11:00:35 +02:00
Gilles Peskine
a28fd41ed1 Move retry logic into check_test_failure
This will allow having other retry conditions, in particular based on
run_test options.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-10-21 11:00:35 +02:00
Gilles Peskine
5d8e702ab8 Move the core loop of run_test into an auxiliary function
No behavior change.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-10-21 11:00:35 +02:00
Gilles Peskine
f9022b056b Move some code of run_test into auxiliary functions
No behavior change.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-10-21 11:00:35 +02:00
Gilles Peskine
a093d76a26 Update generated files
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-10-19 22:39:45 +02:00
Gilles Peskine
a686bf46f7
Merge pull request #5083 from mprse/issue_5065_2x
backport 2.x: backport only new test in all.sh from #5072
2021-10-18 17:51:53 +02:00
Przemyslaw Stekiel
7ce979a4f5 all.sh: tests/scripts/all.sh full minus MBEDTLS_CHACHAPOLY_C without PSA_WANT_ALG_GCM and PSA_WANT_ALG_CHACHA20_POLY1305
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2021-10-18 11:47:32 +02:00
Gilles Peskine
e4739ab5ef
Merge pull request #5038 from mprse/issue_4551_2x
Backport 2.x: Fix psa_generate_key(): return PSA_ERROR_INVALID_ARGUMENT for public key #5037
2021-10-18 10:39:26 +02:00
Gilles Peskine
95f2324c5e
Merge pull request #4845 from mstarzyk-mobica/ecb-alt-ret-2.2x
Backport 2.2x: Catch failures of mbedtls_aes_crypt_ecb and its DES equivalents
2021-10-14 12:11:04 +02:00
Paul Elliott
ccba129c5a Use 127.0.0.1 rather than localhost
This was causing some tests using the openssl s_client to not connect -
I suspect this was due to localhost (at least on my machine) resolving
to ::1 rather than 127.0.0.1. Note that the error seen would have been
that the session file specified with -sess_out did not get created.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-10-13 18:33:28 +01:00
Paul Elliott
405fcccf75 Fix incorrect check for DTLS
Missing wildcards meant that some servers were not identified as DTLS,
which lead to port checking on TCP rather than UDP, and thus mistakenly
cancelling tests as the server had not come up.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-10-13 18:33:28 +01:00
Paul Elliott
7ca2f39d91 Spelling fix
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-10-13 18:33:28 +01:00
Manuel Pégourié-Gonnard
d76c47d74d Use newer OpenSSL for tests failing with the old
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2021-10-13 18:33:20 +01:00
Paul Elliott
633a74e9fb Backport OPENSSL_NEXT to ssl-opt.sh
Add support for a newer version of OpenSSL, as well as a legacy version.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-10-13 18:31:07 +01:00
Przemyslaw Stekiel
96de45e7e8 Re-generate test_suite_psa_crypto_not_supported.generated.data
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2021-10-12 09:08:35 +02:00
Przemyslaw Stekiel
d6ead7ca84 Address review comments
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2021-10-11 16:39:32 +02:00
Gilles Peskine
8eb3c95590 Add --restore option to clean up but not necessarily run components
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-10-11 14:29:16 +01:00
Gilles Peskine
6702ce9f73 Documentation improvements
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-10-11 14:29:16 +01:00
Gilles Peskine
a25c5675e2 Documentation improvement
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-10-11 14:29:16 +01:00
Gilles Peskine
4fa948feb7 Documentation improvements
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-10-11 14:29:16 +01:00
Gilles Peskine
8bfe15f291 Disable wildcards when checking for unsupported components
Otherwise $COMMAND_LINE_COMPONENTS would try to expand wildcard patterns
based on files in the current directory.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-10-11 14:29:16 +01:00
Gilles Peskine
76d40fa977 Improve the detection of keep-going commands
Have simpler patterns related to 'test' (the central objective being to keep
going if 'make test' or 'tests/...' fails, but not if 'make tests' fails).

Add 'cd' as a can't-keep-going command.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-10-11 14:29:16 +01:00
Gilles Peskine
202e9b4ed4 Improve --error-test reporting
Count invocations from 1 to n instead of n to 1.

Explain how changing the loop variable would cause an error if the function
was not executed in a subshell.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-10-11 14:29:16 +01:00
Gilles Peskine
cb4bfac119 Clarify some comments
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-10-11 14:29:16 +01:00
Gilles Peskine
ef64e7fb3b Don't unconditionally restore **/Makefile
all.sh restores **/Makefile from git in case the version in the worktree was
from doing a cmake in-tree build. Instead of doing this unconditionally, do
it only if the toplevel Makefile seems to have been automatically
generated (by cmake or otherwise, e.g. by mbedtls-prepare-build). This way
all.sh no longer silently wipes changes made to Makefile but not committed yet.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-10-11 14:29:16 +01:00
Gilles Peskine
24bdf02e4e Don't restore *config.h before backing it up
Back up the config files at the beginning of all.sh, rather than before each
component. In particular, create the backup before running cleanup for the
first time. This fixes #3139 (all.sh using a config.h.bak from a previous
job), and makes all.sh more robust against accidentally using a modified
config.h midway through because a component messed with the backup.

Use a different extension (*.all.bak rather than *.bak) for the backups.
This is necessary to ensure that auxiliary scripts such as depends*.pl that
make their own backup don't remove all.sh's backup, which the code from this
commit does not support.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-10-11 14:29:16 +01:00
Gilles Peskine
9b35640e3f Generate cpp_dummy_build.cpp dynamically
Generate programs/test/cpp_dummy_build.cpp dynamically instead of
maintaining it manually. This removes the need to update it when the list of
headers changes.

Include all the headers unconditionally except for the ones that cannot be
included directly.

Support this dynamic generation both with make and with cmake.

Adapt all.sh accordingly. Remove the redundant C build from
component_build_default_make_gcc_and_cxx (it was also done in
component_test_default_out_of_box), leaving a component_test_make_cxx. Also
run the C++ program, because why not. Do this in the full configuration
which may catch a bit more problems in headers.

Fixes #2570 for good.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Signed-off-by: Thomas Daubney <>
2021-10-11 14:29:16 +01:00
Gilles Peskine
8890f64338 Add ARIA to the PSA API
Use the encoding from an upcoming version of the specification.

Add as much (or as little) testing as is currently present for Camellia.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-10-08 18:28:15 +02:00
Przemyslaw Stekiel
81be6e275c enerate_psa_tests.py fix format
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2021-10-08 15:40:16 +02:00
Przemyslaw Stekiel
330e460ef3 Addapt psa_generate_key() tests
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2021-10-08 12:56:45 +02:00
Gilles Peskine
85229acf04 Limit make parallelism to the number of CPUs
Don't default to unbridled -j, which causes a load spike and isn't really
faster.

"Number of CPUs" is implemented here as a reasonable compromise between
portability, correctness and simplicity. This is just a default that can be
overridden by setting MAKEFLAGS in the environment.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-10-06 17:21:57 +02:00
Gilles Peskine
a4e060b87b
Merge pull request #5000 from mprse/mbedtls_cipher_setup_psa_ECB_2x
Backport 2.x: Fix test gap: mbedtls_cipher_setup_psa() with ECB
2021-10-01 14:49:25 +02:00
Gilles Peskine
f315d6a718
Merge pull request #4957 from gilles-peskine-arm/make-tests-v-2.2x
Backport 2.x: Facilitate reproducing unit tests from all.sh
2021-09-30 16:08:56 +02:00
Przemyslaw Stekiel
39f4e75120 Address review comments
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2021-09-30 12:29:27 +02:00
Przemyslaw Stekiel
6c866689e3 test_suite_cipher: add tests for mbedtls_cipher_setup_psa() with ECB
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2021-09-30 12:27:34 +02:00
Ronald Cron
8489f64f37
Merge pull request #4991 from gilles-peskine-arm/psa-aead-invalid_nonce_length-2.x
2.x only: PSA AEAD invalid nonce length tests
2021-09-29 22:47:03 +02:00
Gilles Peskine
377a310da4 Catch failures of AES or DES operations
Declare all AES and DES functions that return int as needing to have
their result checked, and do check the result in our code.

A DES or AES block operation can fail in alternative implementations of
mbedtls_internal_aes_encrypt() (under MBEDTLS_AES_ENCRYPT_ALT),
mbedtls_internal_aes_decrypt() (under MBEDTLS_AES_DECRYPT_ALT),
mbedtls_des_crypt_ecb() (under MBEDTLS_DES_CRYPT_ECB_ALT),
mbedtls_des3_crypt_ecb() (under MBEDTLS_DES3_CRYPT_ECB_ALT).
A failure can happen if the accelerator peripheral is in a bad state.
Several block modes were not catching the error.

This commit does the following code changes, grouped together to avoid
having an intermediate commit where the build fails:

* Add MBEDTLS_CHECK_RETURN to all functions returning int in aes.h and des.h.
* Fix all places where this causes a GCC warning, indicating that our code
  was not properly checking the result of an AES operation:
    * In library code: on failure, goto exit and return ret.
    * In pkey programs: goto exit.
    * In the benchmark program: exit (not ideal since there's no error
      message, but it's what the code currently does for failures).
    * In test code: TEST_ASSERT.
* Changelog entry.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-09-29 20:40:31 +02:00
Gilles Peskine
1b8a294d7e Test invalid nonce length for one-shot AEAD decryption
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-09-29 17:07:21 +02:00
Gilles Peskine
ffc2a80b36
Merge pull request #4983 from mstarzyk-mobica/backport_hash_message_psa_flags
Backport 2.x: PSA MAC computation with _HASH flag implies _MESSAGE.
2021-09-29 16:07:32 +02:00