Commit Graph

16393 Commits

Author SHA1 Message Date
Ronald Cron
d54303da7c psa: test driver: Move driver test entry points prototypes
In preparation of the driver test entry points to be
provided by a test driver library, move their prototypes
to tests directory.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-11-30 14:49:19 +01:00
Ronald Cron
088d5d0c1b psa: Add driver initialization and termination
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-11-30 14:49:19 +01:00
Ronald Cron
485559eeb5 psa: Fix unused variable warnings
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-11-30 14:49:19 +01:00
Ronald Cron
7207d574ab psa: asymmetric_encrypt/decrypt: Improve error code consistency
In psa_asymmetric_encrypt/decrypt(), always return
PSA_ERROR_INVALID_ARGUMENT if the key is a PSA key
and the algorithm is not a PSA algorithm we know
about, whether RSA is supported or not.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-11-30 14:48:35 +01:00
Ronald Cron
2091eed609 psa: driver: Reduce the scope of test driver entry points
Define test driver entry points that provide an alternative
to Mbed TLS driver entry points only when the PSA configuration
is used. Their purpose is only to test the PSA configuration
thus there is no good reason to use them out of this scope.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-11-30 13:24:47 +01:00
Ronald Cron
3a95d2b530 psa: Fix the size of hash buffers
Fix the size of hash buffers for PSA hash
operations.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-11-30 13:24:47 +01:00
Ronald Cron
0859fe20f6 psa: Fix hash max sizes
The PSA max hash size has to be 64 if SHA512 or
SHA384 is supported by the library or an
accelerator, not just in case of the library.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-11-30 13:24:47 +01:00
Ronald Cron
0c677c287b psa: Fix hash and mac operation type
The test entry points defined in psa_crypto_hash.c
and psa_crypto_mac.c are supposed to be exact
clones of the Mbed TLS driver entry points. Thus
the operation type should be the Mbed TLS operation
type not a test one. There was no compilation error
as the hash and cipher operation test types are
currently equal to the Mbed TLS ones.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-11-30 13:24:47 +01:00
Ronald Cron
fefa4580a5 tests: psa: Fix guards
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-11-30 13:24:47 +01:00
Ronald Cron
41f275018a tests: psa: Fix the dependencies on some driver wrappers fallback tests
The driver wrappers fallback tests depend on the builtin
support not builtin or driver.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-11-30 13:24:47 +01:00
Ronald Cron
a23d9bb97d tests: psa: Fix MD5 support not available dependencies
MD5 should not be supported by the library and any driver.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-11-30 13:24:47 +01:00
Ronald Cron
92becc6659 tests: ssl: Add misssing dependencies on SHA-1
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-11-30 13:24:47 +01:00
Ronald Cron
ae2e4a7225 tests: Fix x509parse test dependency
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-11-30 13:24:47 +01:00
Ronald Cron
f7e83d5bfb tests: psa: Remove wrong test function dependencies
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-11-30 13:24:47 +01:00
Ronald Cron
4bcccc6956 tests: psa driver: Align RSA/ECP sign/verify hash dispatch
Align RSA/ECP sign/verify hash dispatch with the
corresponding code of the library. The library
code was modified recently but not the test code
one and these modifications ease the following work.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-11-30 13:24:47 +01:00
Ronald Cron
a2dbe66770 tests: psa: driver: mac: Remove opaque entry points in library
Opaque test entry points will be implemented only in
test code.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-11-30 13:24:47 +01:00
Ronald Cron
4c224fe3cc psa: cipher: Fix invalid output buffer usage in psa_cipher_encrypt()
Don't use the output buffer in psa_cipher_encrypt()
to pass the generated IV to the driver as local
attacker could potentially control it.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-11-26 15:35:49 +01:00
Ronald Cron
732a6e250d test: psa driver wrapper: Add non regression test for psa_cipher_encrypt()
Add non regression test for invalid usage of
the output buffer in psa_cipher_encrypt().
The output buffer should not be used to pass
the IV to the driver as a local attacker could
be able to control the used IV.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-11-26 15:35:49 +01:00
Ronald Cron
3563210c10 test: psa driver wrapper: Add cipher_encrypt negative testing
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-11-26 15:35:49 +01:00
Ronald Cron
a833169914 psa: cipher: Add IV parameters to cipher_encrypt entry point
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-11-26 15:35:49 +01:00
Ronald Cron
e25351ad5b test: psa driver: Remove unnecessary IV generation
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-11-26 15:35:49 +01:00
Ronald Cron
1637707929 psa: cipher: Align APIs execution flow
Align the execution of cipher one-shot APIs with
that of cipher multi-part APIs: always exit
through the exit-labelled section.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-11-26 15:35:49 +01:00
Ronald Cron
c423acbe0f psa: cipher: Fix invalid output buffer usage in psa_cipher_generate_iv()
Don't use the output buffer in psa_cipher_generate_iv()
to pass the generated IV to the driver as local
attacker could potentially control it.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-11-26 15:35:49 +01:00
Ronald Cron
6fbc057786 test: psa driver wrapper: Add non regression test for psa_cipher_generate_iv()
Add non regression test for invalid usage of
the output buffer in psa_cipher_generate_iv().
The output buffer should not be used to pass
the IV to the driver as a local attacker could
be able to control the used IV.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-11-26 15:35:49 +01:00
Ronald Cron
33c6968d0f test: psa cipher: Add unexpected IV setting/generation negative tests
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-11-26 15:35:49 +01:00
Gilles Peskine
dbfc6510b0
Merge pull request #5232 from gilles-peskine-arm/dlopen-test-2.x
Dlopen test 2.x
2021-11-25 22:03:36 +01:00
Gilles Peskine
005887dcfd
Merge pull request #5231 from ronald-cron-arm/psa-opaque-key-checks-2.x
Backport 2.x: PSA opaque key checks
2021-11-25 22:03:13 +01:00
Gilles Peskine
3f5c2232f0
Merge pull request #5235 from paul-elliott-arm/fix_test_suite_ssl_2.x
Backport 2.x: Fix test_suite_ssl compilation errors with GCC11
2021-11-25 22:02:46 +01:00
Gilles Peskine
9501bd7d6e Make PSA headers more self-contained
Several files among include/psa/crypto_*.h are not meant to be included
directly, and are not guaranteed to be valid if included directly. This
makes it harder to perform some static analyses. So make these files more
self-contained so that at least, if included on their own, there is no
missing macro or type definition (excluding the deliberate use of forward
declarations of structs and unions).

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-11-25 20:34:05 +01:00
Paul Elliott
14148c4fbe Fix Changelog
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-11-25 18:08:30 +00:00
Paul Elliott
954578644f Fix compilation errors.
Under gcc11(+) both message and received would cause errors for
potentially being used uninitialised. We fixed many of these issues in
another PR, but this one is only seen under certain configs.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-11-25 18:08:23 +00:00
Gilles Peskine
6fa5c1d20c Use the normal idiom to support MBEDTLS_CONFIG_FILE
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-11-25 18:12:44 +01:00
Gilles Peskine
8e8e96500a Fix dynamic library extension on macOS
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-11-25 18:02:17 +01:00
Gilles Peskine
eea9c74d81 More explicit output for the test program
Without that, the logs were a bit hard to understand if you didn't know what
to expect.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-11-25 18:02:17 +01:00
Gilles Peskine
3dbb3e7e07 Avoid undefined variable warning without MBEDTLS_MD_C
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-11-25 18:02:17 +01:00
Gilles Peskine
99d8486f8e Use CMake's knowledge of what system library has dlopen()
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-11-25 18:02:17 +01:00
Gilles Peskine
507c787b44 Don't build dlopen when building for Windows
Windows doesn't have dlopen, not even Linux emulation environments such as
MinGW.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-11-25 18:02:17 +01:00
Gilles Peskine
71fcb3c994 Only link with libdl on Linux
Requiring an extra library for dlopen is a Linux non-POSIX-compliance.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-11-25 18:00:53 +01:00
Gilles Peskine
27482f17f1 Run the dlopen test in shared library builds
Non-regression for the fix in https://github.com/ARMmbed/mbedtls/pull/5126:
libmbedtls and libmbedx509 did not declare their dependencies on libmbedx509
and libmbedcrypto when built with make.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-11-25 18:00:53 +01:00
Gilles Peskine
e94335399f New test app for dynamic loading of libmbed* with dlopen
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-11-25 18:00:53 +01:00
Ronald Cron
f8f425d95d psa: Remove psa_key_slot_is_external()
Remove psa_key_slot_is_external() that is not used anymore.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-11-25 17:40:58 +01:00
Ronald Cron
41e8006fa2 psa: Remove buggy report of RSA public exponent for opaque keys
The report of RSA public exponent for opaque keys is not
supported. Do not attempt to compute the RSA public
exponent of an RSA opaque key associated to a driver
implementing the new driver interface when
MBEDTLS_PSA_CRYPTO_SE_C is disabled.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-11-25 17:40:58 +01:00
Ronald Cron
0518f61e1a psa: Fix slot number key attribute
Slot number key attribute is specific of dynamically
registered drivers and should thus not be computed/
returned in case of keys associated to drivers
implementing the new unified driver interface.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-11-25 17:40:58 +01:00
Ronald Cron
8a0466a052 Clarify psa_get_and_lock_transparent_key_slot_with_policy() purpose
Clarify the purpose of
psa_get_and_lock_transparent_key_slot_with_policy() and
define it even when MBEDTLS_PSA_CRYPTO_SE_C is disabled
for the purpose of static drivers.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-11-25 17:40:58 +01:00
Gilles Peskine
c668de6f7f
Merge pull request #5200 from AndrzejKurek/fix-getting-started-2_x
Backport 2.x: Fix duplicate variable name in getting_started.md
2021-11-24 20:51:03 +01:00
Gilles Peskine
3107b337e1
Merge pull request #5154 from gabor-mezei-arm/3649_bp2x_move_constant_time_functions_into_separate_module
[Backport 2.x] Move constant-time functions into a separate module
2021-11-24 19:33:03 +01:00
Gilles Peskine
989a4e9388
Merge pull request #5132 from openluopworld/origin/development_2.x
Backport 2.x: Fix GCM calculation with very long IV
2021-11-22 22:22:47 +01:00
Gilles Peskine
b80aa7c609
Merge pull request #5214 from tom-cosgrove-arm/pr5105_2.x
Backport 2.x: doc improvements in aes and sha256 includes
2021-11-22 22:21:56 +01:00
Tom Cosgrove
8100bf5d67 further improvements to sha256 docs
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2021-11-22 15:35:58 +00:00
Tom Cosgrove
bcd2f67624 doc improvements in aes and sha256 includes
- Add return value description to the docs of mbedtls_sha256
- Remove description of non-existing "mode" parameter from the docs of mbedtls_aes_crypt_ctr

Backport of #5105

Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2021-11-22 15:02:29 +00:00