Commit Graph

8254 Commits

Author SHA1 Message Date
Gilles Peskine
be00a71c90 Add tests for shorter-tag AEAD (CCM, GCM) 2018-10-08 14:45:35 +02:00
Gilles Peskine
23cc2ff9a8 Add support for non-default-tag-size AEAD (CCM and GCM) 2018-10-08 14:42:11 +02:00
Gilles Peskine
7da96b0d91 Reorder parameters of AEAD unit tests to be more logical
Pass the nonce first, then the AD, then the input. This is the order
in which the data is processed and it's the order of the parameters to
the API functions.
2018-10-08 14:42:11 +02:00
Gilles Peskine
edf9a6576d Refactor AEAD setup into a common function
There was a lot of repetition between psa_aead_encrypt and
psa_aead_decrypt. Refactor the code into a new function psa_aead_setup.
The new code should behave identically except that in some cases where
multiple error conditions apply, the code may now return a different
error code.

Internally, I rearranged some of the code:

* I removed a check that the key type was in CATEGORY_SYMMETRIC because
  it's redundant with mbedtls_cipher_info_from_psa which enumerates
  supported key types explicitly.
* The order of some validations is different to allow the split between
  setup and data processing. The code now calls a more robust function
  psa_aead_abort in case of any error after the early stage of the setup.
2018-10-08 14:42:11 +02:00
Gilles Peskine
d911eb7915 Add support for truncated MAC algorithms 2018-10-08 14:42:11 +02:00
Gilles Peskine
a7aa442c7c Add tests for mac_sign 2018-10-08 14:42:11 +02:00
Gilles Peskine
f18c146d6b Remove a redundant test case 2018-10-08 14:42:11 +02:00
Jaeden Amero
a9fe789517
Merge pull request #154 from ARMmbed/psa-fix_all.sh-201809
Fix all.sh
2018-10-03 12:30:07 +01:00
Gilles Peskine
c426352ec5 check-files: exclude .git and third-party files
Exclude ".git" directories anywhere. This avoids spurious errors in git
checkouts that contain branch names that look like a file
check-files.py would check.

Exclude "mbed-os" anywhere and "examples" from the root. Switch to the
new mechanism to exclude "yotta/module". These are directories where
we store third-party files that do not need to match our preferences.

Exclude "cov-int" from the root. Fix #1691
2018-10-02 19:01:16 +02:00
Gilles Peskine
e04d4e6d13 Don't try to disable ASLR
We don't need to disable ASLR, so don't try. If gdb tries but fails,
the test runs normally, but all.sh then trips up because it sees
`warning: Error disabling address space randomization: Operation not permitted`
and interprets it as an error that indicates a test failure.
2018-09-27 13:57:46 +02:00
Gilles Peskine
2bb56095ec Remove redundant check in all.sh
test -s can't fail if the subsequent grep succeeds.
2018-09-27 13:57:46 +02:00
Jaeden Amero
3a33c01a98 mbed_crypto: Always describe the current version
Even with a shallow clone of the repo where there are no tags available
to version with, don't error and instead show a unique abbreviated
commit hash as fallback.
2018-09-27 13:57:46 +02:00
Gilles Peskine
3e954cf84d In keep-going mode, don't hard-fail on some tests
Add if_build_succeeded in front of the invocation of some test runs
where it was missing.
2018-09-27 13:57:45 +02:00
Gilles Peskine
f7ab5ad13a Skip calling memset when the size is 0
memset(NULL, c, 0) has undefined behavior, so don't do it. clang-asan
complains.
2018-09-27 13:57:45 +02:00
Gilles Peskine
99ca35e968 Look for documentation only in specific directories
Generate the documentation from include and doxygen/input only. Don't
get snared by files containing Doxygen comments that lie in other
directories such as tests, yotta, crypto/include, ...

The only difference this makes in a fresh checkout is that the
documentation no longer lists target_config.h. This file is from
yotta, does not contain any Doxygen comment, and its inclusion in the
rendered documentation was clearly an oversight.
2018-09-27 13:57:45 +02:00
Gilles Peskine
899c652195 In keep-going mode, don't hard-fail on some auxiliary script
Add record_status in front of the invocation of several scripts where
it was missing.
2018-09-27 13:57:45 +02:00
Gilles Peskine
1596554c99 Fix "make WINDOWS_BUILD=1 clean" on non-Windows hosts
The clean rule was not using the correct names for the compiled
executable files.
2018-09-27 13:57:45 +02:00
Gilles Peskine
a84f97c9bd Update build script for tests after mbedcrypto exporter
Update to the latest syntax changes of generate_test_code.py. This was
missed in the rebase onto mbedtls-2.13.
2018-09-27 13:57:45 +02:00
Gilles Peskine
79722b0672 Fix incorrect test dependencies for MBEDTLS_PKCS1_V21 2018-09-27 13:57:45 +02:00
Gilles Peskine
bd7dea9e64 Use ASSERT_COMPARE instead of memcmp in PSA tests
This commit fixes some missing size comparison. In
aead_encrypt_decrypt, aead_encrypt and aead_decrypt, the test code
would not have noticed if the library function had reported an output
length that was not the expected length.
2018-09-27 13:57:19 +02:00
Gilles Peskine
3c22596d9b New macro ASSERT_COMPARE to compare two buffers
ASSERT_COMPARE tests that the two buffers have the same size and
content. The intended use is to replace TEST_ASSERT( size1 == size2 )
followed by memcmp on the content. Keep using memcmp when comparing
two buffers that have the same size by construction.
2018-09-27 13:56:31 +02:00
Gilles Peskine
8cebbba7e6 Use ASSERT_ALLOC instead of mbedtls_calloc in PSA tests
This commit resolves a bug whereby some test cases failed on systems
where mbedtls_calloc returns NULL when the size of 0, because the test
case asserted `pointer != NULL` regardless of the size.
2018-09-27 13:54:18 +02:00
Gilles Peskine
b75125c5ff New macro ASSERT_ALLOC to allocate memory in tests
The new macro ASSERT_ALLOC allocates memory with mbedtls_calloc and
fails the test if the allocation fails. It outputs a null pointer if
the requested size is 0. It is meant to replace existing calls to
mbedtls_calloc.
2018-09-27 13:52:29 +02:00
Gilles Peskine
8954d0c274 Write documentation for TEST_ASSERT 2018-09-27 13:51:25 +02:00
Gilles Peskine
159ebf3b8e
Merge pull request #142 from ARMmbed/psa-metadata_validation
Algorithm and key type encoding validation
2018-09-24 10:38:39 +02:00
Jaeden Amero
3bfe5f0388
Merge pull request #150 from ARMmbed/psa-rsa-verify-error
Don't return INVALID_PADDING on an invalid RSA signature
2018-09-21 16:15:10 +01:00
Jaeden Amero
40363fe3f5
Merge pull request #139 from ARMmbed/psa-PSA_ALG-block_cipher_padding
Correct and simplify block-based cipher modes
2018-09-21 09:38:27 +01:00
Gilles Peskine
fa764b161b Add curve sizes to ECC curve metadata validation tests 2018-09-20 12:00:21 +02:00
Gilles Peskine
3052f53c37 Add block sizes to HMAC metadata validation tests 2018-09-20 12:00:21 +02:00
Gilles Peskine
d9c8260f23 Add dependencies to metadata validation tests
If some algorithms are excluded in the build, it's ok for the corresponding
macros not to give the correct results. Therefore the corresponding test cases
should depend on the implementation of the algorithm. For example, it's ok for
PSA_HASH_MAX_SIZE to be less than PSA_HASH_SIZE(PSA_ALG_SHA_512) if we build
without SHA-512 support, and we indeed do this. It's even ok for an
implementation to return 0 for PSA_ALG_IS_HASH(PSA_ALG_SHA_512) if it doesn't
support SHA-512; we return 1 anyway but the tests are less
implementation-specific if we don't enforce it.

This commit adds dependencies on symbols that don't exist in Mbed TLS,
for algorithms that Mbed TLS doesn't implement. These are:
MBEDTLS_SHA512_256 for SHA-512/256, MBEDTLS_SHA3_C for SHA-3,
MBEDTLS_DSA_C and MBEDTLS_DSA_DETERMINISTIC for DSA, and
MBEDTLS_ECP_DP_xxx_ENABLED for elliptic curves that have a PSA
encoding but are not supported in Mbed TLS.
2018-09-20 12:00:21 +02:00
Gilles Peskine
49cd329908 Key type validation tests
For all key types, validate feature test macros (PSA_KEY_TYPE_IS_xxx).

For asymmetric keys (public key or key pair), validate the
corresponding public/pair type.

For ECC keys, validate GET_CURVE.
2018-09-20 12:00:21 +02:00
Gilles Peskine
17351eb7f2 Algorithm validation tests
For all algorithms, validate feature test macros (PSA_ALG_IS_xxx).

For hash algorithms, validate the exact hash size, and validate
xxx_GET_HASH macros on dependent algorithms.

For MAC algorithms, validate the MAC size. For AEAD algorithms,
validate the tag size.

There is a separate test case for each HMAC algorithm, which is
necessary because each has its own MAC size. For other hash-dependent
algorithms, there is no interesting variation to test here, so only
one hash gets tested.
2018-09-20 12:00:21 +02:00
Gilles Peskine
35fe2034c1 PSA_MAC_FINAL_SIZE: we don't use key_bits at the moment
None of the currently defined MAC algorithms have a MAC size that
depends on the key size, so the key_bits parameter is unused. The
key_type parameter may be unused on an implementation where there is
no block cipher MAC. Declare the key_type and key_bits parameters as
used so that callers who define a variable just for this don't risk
getting "unused variable" warnings.
2018-09-20 12:00:21 +02:00
Gilles Peskine
00709fafb8 Rename PSA_ALG_HMAC_HASH to PSA_ALG_HMAC_GET_HASH
Be consistent with other GET_HASH macros.
2018-09-20 12:00:21 +02:00
Gilles Peskine
9df2dc87ab Fix name of PSA_ALG_IS_BLOCK_CIPHER_MAC
The macro was used under the name PSA_ALG_IS_BLOCK_CIPHER_MAC but
defined as PSA_ALG_IS_CIPHER_MAC. That wouldn't have worked if we used
this macro (we currently don't but it may become useful).
2018-09-20 12:00:21 +02:00
Gilles Peskine
70ce2c6170 FFDHE groups are not elliptic curves
TLS now defines named curves in the "TLS Supported Groups registry",
but we're using the encoding only for elliptic curves, so don't
include values that aren't named curve.

While we're at it, upgrade the reference to the shiny new RFC 8422.
2018-09-20 12:00:21 +02:00
Gilles Peskine
583b55d97d Add PSA_KEY_TYPE_IS_DSA to go with PSA_KEY_TYPE_IS_RSA
Also move PSA_KEY_TYPE_IS_RSA to a more logical location.
2018-09-20 12:00:21 +02:00
Gilles Peskine
44fed61e01 Create infrastructure for metadata validation unit tests 2018-09-20 12:00:21 +02:00
Gilles Peskine
daea26f70f Correct and simplify block-based cipher modes
OFB and CFB are streaming modes. XTS is a not a cipher mode but it
doesn't use a separate padding step. This leaves only CBC as a block
cipher mode that needs a padding step.

Since CBC is the only mode that uses a separate padding step, and is
likely to remain the only mode in the future, encode the padding mode
directly in the algorithm constant, rather than building up an
algorithm value from a chaining mode and a padding mode. This greatly
simplifies the interface as well as some parts of the implementation.
2018-09-20 11:58:22 +02:00
Gilles Peskine
ef12c63de0 RSA verification: don't report an invalid padding error
Mbed TLS distinguishes "invalid padding" from "valid padding but the
rest of the signature is invalid". This has little use in practice and
PSA doesn't report this distinction. We just report "invalid
signature".
2018-09-17 14:33:43 +02:00
Gilles Peskine
821adfe51c Add exercise tests for RSA public keys and for PSS 2018-09-17 14:33:43 +02:00
Gilles Peskine
acec7b6fa1 exercise_export_key: fix public key case
Public keys are always exportable, even if their usage doesn't include
the EXPORT flag.
2018-09-17 14:33:43 +02:00
Gilles Peskine
d1efab58b8
Merge pull request #148 from ARMmbed/fix_issue_146
Make psa_generate_random fail if psa_crypto_init hasn't been called
2018-09-17 11:52:02 +02:00
Gilles Peskine
81ba4abb02 Fix bad algorithm and key type values in some tests 2018-09-17 11:20:27 +02:00
itayzafrir
1861709e5c Add documentation describing behavior of not calling psa_crypto_init 2018-09-16 12:42:53 +03:00
itayzafrir
90d8c7a728 Ensure the module is initialized in key based functions 2018-09-16 12:15:47 +03:00
itayzafrir
0adf0fc31c Ensure the module is initialized in psa_generate_random 2018-09-16 12:15:46 +03:00
Jaeden Amero
e852df8466 fixup! Add PSA crypto module 2018-09-14 12:00:46 +01:00
Jaeden Amero
5ee4ee2659 Merge pull request #133 from jen3andruska/patch-2
Update README.md
2018-09-14 10:02:30 +01:00
Jaeden Amero
c0454a7369 Merge pull request #135 from ARMmbed/export_sanity_tests
Document asymmetric key export formats
2018-09-14 10:02:30 +01:00