yuzu-mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-mirror/mbedtls.git synced 2025-12-06 07:12:32 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity
27312 commits 89 branches 205 tags 114 MiB
Commit graph

711 commits

Author SHA1 Message Date
Przemek Stekiel 8258ea7b7d test_suite_psa_crypto: adapt dependenies and guards so the test can run in the driver-only build 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-10-19 13:20:20 +02:00
Manuel Pégourié-Gonnard f155ab9a91 Abort on errors when we should 
We're not strictly required to abort, but at least to leave the context
is an invalid state. For "late" functions like input() and output(),
calling abort() is the easiest way to do that. Do it systematically for
input() and output() by using a wrapper. psa_pake_get_implicit_key() was
already doing it. For "early" function, we can just leave the operation
in its current state which is already invalid.

Restore previous tests about that. Not adding systematic tests, though,
just test the two functions that are the most important, and more likely
to return errors.

Since we now abort in more cases, we need to make sure we don't
invalidate the operation that's going to be re-used later in the test.
For that reason, use a copy of the operation for calls to input() and
output() that are expected to return errors.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-10-13 13:20:31 +02:00
Manuel Pégourié-Gonnard b63a9ef09f Fix buffer sizes in ecjpake_setup test function 
Also, the error code changed from INSUFFICIENT_MEMORY to INVALID_DATA.

Temporarily remove a test about aborting the operation on error.
Auto-abort will be re-introduced in the next commit in a more systematic
way.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-10-13 13:17:20 +02:00
Manuel Pégourié-Gonnard ec7012dbc7 Fix I/O format of PSA EC J-PAKE for compliance 
The format used by the mbedtls_ecjpake_xxx() APIs and that defined by
the PSA Crypto PAKE extension are quite different; the former is
tailored to the needs of TLS while the later is quite generic and plain.
Previously we only addressed some part of this impedance mismatch: the
different number of I/O rounds, but failed to address the part where the
legacy API adds some extras (length bytes, ECParameters) that shouldn't
be present in the PSA Crypto version. See comments in the code.

Add some length testing as well; would have caught the issue.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-10-05 12:52:48 +02:00
Manuel Pégourié-Gonnard f3f9e450b6
Merge pull request #6115 from AndrzejKurek/ecjpake-kdf-tls-1-2 
Ad-hoc KDF for EC J-PAKE in TLS 1.2
 2022-09-28 09:47:32 +02:00
Andrzej Kurek 3539f2c90b Improve readability in ecjpake tests 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-09-26 10:56:02 -04:00
Andrzej Kurek 2be1689504 Add capacity testing to EC J-PAKE to PMS tests 
Let the caller restrict the capacity but limit it to 32 bytes.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-09-16 07:14:04 -04:00
Andrzej Kurek d37850404a Add derivation step testing to EC J-PAKE to PMS tests 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-09-16 06:45:44 -04:00
Andrzej Kurek d8705bc7b7 Add tests for the newly created ad-hoc EC J-PAKE KDF 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-09-14 08:39:41 -04:00
Neil Armstrong 2a73f21878 Fixup expected status handling in ecjpake_setup() and add more coverage for psa_pake_set_password_key() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-09-06 11:34:54 +02:00
Neil Armstrong 78c4e8e9cb Make ecjpake_do_round() return void and use TEST_ASSERT with a descriptive text instead of returning a value 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-09-05 18:08:13 +02:00
Neil Armstrong 51009d7297 Add comment in ecjpake_do_round() explaining input errors can be detected any time in the input sequence 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-09-05 17:59:54 +02:00
Neil Armstrong eae1dfcc46 Change to more efficient error injection in ecjpake_do_round() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-08-31 10:49:18 +02:00
Neil Armstrong db5b960a7e Permit any psa_pake_input() step to fail when error injected in input 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-08-31 10:49:18 +02:00
Neil Armstrong 75673abef5 Only build ecjpake_do_round() is PSA_WANT_ALG_JPAKE is defined 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-08-31 10:49:18 +02:00
Neil Armstrong 8c2e8a6cda Add ecjpake_rounds_inject tests to exercise error injection 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-08-31 10:49:18 +02:00
Neil Armstrong f983caf6c4 Move JPAKE rounds into a common function, add reordering and error injection 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-08-31 10:49:18 +02:00
Neil Armstrong 1e855601ca Fix psa_pake_get_implicit_key() state & add corresponding tests in ecjpake_rounds() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-08-31 10:49:18 +02:00
Neil Armstrong a557cb8c8b Fixing XXX_ALG_ECJPAKE to XXX_ALG_JPAKE to match specification 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-08-31 10:49:18 +02:00
Neil Armstrong 9c8b492052 Add advanced psa_pake_input/psa_pake_output test in ecjpake_setup() test 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-08-31 10:49:18 +02:00
Neil Armstrong 50de0ae0c4 Add check calling psa_pake_setup() on an already initialized operation in ecjpake_setup() test 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-08-31 10:49:18 +02:00
Neil Armstrong 98506ab677 Add checks for INVALID_ARGUMENT for psa_pake_output/psa_pake_input in ecjpake_setup() test 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-08-31 10:49:18 +02:00
Neil Armstrong 645cccd6a8 Add checks for BAD_STATE before calling psa_pake_setup() in ecjpake_setup() test 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-08-31 10:49:18 +02:00
Neil Armstrong 707d9574f8 Add checks for psa_pake_set_user/psa_pake_set_peer in test_suite_psa_crypto 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-08-31 10:49:18 +02:00
Neil Armstrong ebd9a03743 Cleanup PSA pake test dependency 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-08-31 10:49:18 +02:00
Neil Armstrong d597bc705f Add PSA PAKE tests 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-08-31 10:49:18 +02:00
Gilles Peskine 36aeb7f163
Merge pull request #5834 from mprse/HKDF_1 
HKDF 1: PSA: implement HKDF_Expand and HKDF_Extract algorithms
 2022-06-20 15:27:46 +02:00
Przemek Stekiel 0e99391afe derive_output test: fix output key bit length 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-06-03 16:18:15 +02:00
Przemek Stekiel fcdd023ba6 derive_output tests: add invalid input secret test for HKDF-Expand 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-05-19 10:28:58 +02:00
Gilles Peskine 7be11a790d Use TEST_LE_U in some places where it applies 
Systematically replace "TEST_ASSERT( $x <= $y )" by "TEST_LE_U( $x, $y )" in
test_suite_psa_crypto. In this file, all occurrences of this pattern are
size_t so unsigned.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-05-16 19:37:53 +02:00
Gilles Peskine 3ff25443c8 Separate the validation of the size macros and of the function 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-05-16 19:33:11 +02:00
Gilles Peskine d4a258a08f Improve PSA_RAW_KEY_AGREEMENT_OUTPUT_SIZE validation 
We want to check:
1. actual output <= PSA_RAW_KEY_AGREEMENT_OUTPUT_SIZE (the output fits
   if the caller uses the key-specific buffer size macro)
2. actual output <= PSA_RAW_KEY_AGREEMENT_OUTPUT_MAX_SIZE (the output fits
   if the caller uses the generic buffer size macro)
3. PSA_RAW_KEY_AGREEMENT_OUTPUT_SIZE <= PSA_RAW_KEY_AGREEMENT_OUTPUT_MAX_SIZE
   (consistency in the calculation)

We were only testing (1) and (2). Test (3) as well. (1) and (3) together
imply (2) so there's no need to test (2).

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-05-16 19:33:11 +02:00
Gilles Peskine 992bee8b6e Test psa_raw_key_agreement with a larger/smaller buffer 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-05-16 19:33:11 +02:00
Shaun Case 8b0ecbccf4 Redo of PR#5345. Fixed spelling and typographical errors found by CodeSpell. 
Signed-off-by: Shaun Case <warmsocks@gmail.com>
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2022-05-11 21:25:51 +01:00
Przemek Stekiel ead1bb9987 derive_output test: Adapt for HKDF-Extract/Expand algs 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-05-11 12:22:57 +02:00
Gilles Peskine 2b5d898eb4
Merge pull request #5644 from gilles-peskine-arm/psa-storage-format-test-exercise 
PSA storage format: exercise key
 2022-04-28 18:20:02 +02:00
Przemek Stekiel 4e47a91d2e Fix indentation issues 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-04-21 11:53:57 +02:00
Przemek Stekiel 4daaa2bd05 derive_output mix-psk test: add more cases for derivation of output key 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-04-21 11:53:57 +02:00
Przemek Stekiel 6aabc473ce derive_output test: remove redundant tests with raw key agreement 
Already handled by input_bytes().
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-04-21 11:53:57 +02:00
Przemek Stekiel e665466a80 derive_output test: add other key type value 11 to handle raw key type 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-04-21 11:53:57 +02:00
Przemek Stekiel 38647defa8 derive_output() test: fix code style 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-04-21 11:53:57 +02:00
Przemek Stekiel cd00d7f724 test PSA key derivation: add positive and negative cases for mixed-psk 
Mix-PSK-to-MS test vectors are generated using python-tls library:
https://github.com/python-tls/tls

Steps to generate test vectors:
1. git clone git@github.com:python-tls/tls.git
2. cd tls
3. python3 setup.py build
4. sudo python3 setup.py install
5. Use the python script below to generate Master Secret (see description for details):

"""
Script to derive MS using mixed PSK to MS algorithm.

Script can be used to generate expected result for mixed PSK to MS tests.

Script uses python tls library:
https://github.com/python-tls/tls

Example usage:
derive_ms.py <secret> <other_secret> <seed> <label> <hash>
derive_ms.py 01020304 ce2fa604b6a3e08fc42eda74ab647adace1168b199ed178dbaae12521d68271d7df56eb56c55878034cf01bd887ba4d7 5bc0b19b4a8b24b07afe7ec65c471e94a7d518fcef06c3574315255c52afe21b5bc0b19b872b9b26508458f03603744d575f463a11ae7f1b090c012606fd3e9f 6d617374657220736563726574 SHA256

secret          : 01020304
other_secret    : ce2fa604b6a3e08fc42eda74ab647adace1168b199ed178dbaae12521d68271d7df56eb56c55878034cf01bd887ba4d7
pms             : 0030ce2fa604b6a3e08fc42eda74ab647adace1168b199ed178dbaae12521d68271d7df56eb56c55878034cf01bd887ba4d7000401020304
seed            : 5bc0b19b4a8b24b07afe7ec65c471e94a7d518fcef06c3574315255c52afe21b5bc0b19b872b9b26508458f03603744d575f463a11ae7f1b090c012606fd3e9f
label           : 6d617374657220736563726574
output          : 168fecea35190f9df34c042f24ecaa5e7825337f2cd82719464df5462f16aae84cb38a65c0d612ca9273f998ad32c05b
"""
from cryptography.hazmat.primitives import hashes
from tls._common.prf import prf
import os
import sys

def build_pms(other_secret: bytes, secret: bytes) -> bytes:
    other_secret_size = len(other_secret).to_bytes(2, byteorder='big')
    secret_size = len(secret).to_bytes(2, byteorder='big')
    return(other_secret_size + other_secret + secret_size + secret)

def derive_ms(secret: bytes, other_secret: bytes, seed: bytes, label: bytes, hash: hashes.HashAlgorithm) -> bytes:
    return prf(build_pms(other_secret, secret), label, seed, hash, 48)

def main():
    #check args
    if len(sys.argv) != 6:
        print("Invalid number of arguments. Expected: <secret> <other_secret> <seed> <label> <hash>" )
        return
    if sys.argv[5] != 'SHA384' and sys.argv[5] != 'SHA256':
        print("Invalid hash algorithm. Expected: SHA256 or SHA384" )
        return

    secret = bytes.fromhex(sys.argv[1])
    other_secret = bytes.fromhex(sys.argv[2])
    seed = bytes.fromhex(sys.argv[3])
    label = bytes.fromhex(sys.argv[4])
    hash_func = hashes.SHA384() if sys.argv[5] == 'SHA384' else hashes.SHA256()
    pms = build_pms(other_secret, secret)

    actual_output = derive_ms(secret, other_secret, seed, label, hash_func)

    print('secret       : ' + secret.hex())
    print('other_secret : ' + other_secret.hex())
    print('pms          : ' + pms.hex())
    print('seed         : ' + seed.hex())
    print('label        : ' + label.hex())
    print('output       : ' + actual_output.hex())

if __name__ == "__main__":
    main()

Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-04-21 11:41:41 +02:00
Gilles Peskine 286c314ae3 cipher_alg_without_iv: also test multipart decryption 
For multipart encrpytion, call psa_cipher_finish(). This is not actually
necessary for non-pathological implementations of ECB (the only currently
supported IV-less cipher algorithm) because it requires the input to be a
whole number of blocks and non-pathological implementations emit the output
block from update() as soon as an input block is available. But in principle
a driver could delay output and thus require a call to finish().

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-04-21 11:27:17 +02:00
Gilles Peskine 9e38f2c8fd cipher_alg_without_iv: generalized to also do decryption 
Test set_iv/generate_iv after decrypt_setup. Test successful decryption.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-04-21 11:25:00 +02:00
Gilles Peskine 9b9b614a02 cipher_encrypt_alg_without_iv: validate size macros independently 
Validate the size macros directly from the output length in the test data,
rather than using the value returned by the library. This is equivalent
since the value returned by the library is checked to be identical.

Enforce that SIZE() <= MAX_SIZE(), in addition to length <= SIZE(). This is
stronger than the previous code which merely enforced length <= SIZE() and
length <= MAX_SIZE().

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-04-21 11:24:48 +02:00
Przemek Stekiel ffbb7d35fc derive_output: add optional step for derivation 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-04-12 11:27:00 +02:00
Manuel Pégourié-Gonnard c11bffe989
Merge pull request #5139 from mprse/key_der_ecc 
PSA: implement key derivation for ECC keys
 2022-03-14 09:17:13 +01:00
Przemek Stekiel c85f0912c4 psa_crypto.c, test_suite_psa_crypto.function: fix style 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-03-08 11:37:54 +01:00
Gilles Peskine 6bf5c8cb1d
Merge pull request #5506 from superna9999/4964-extend-psa-one-shot-multipart 
Extend PSA operation setup tests to always cover both one-shot and multipart
 2022-03-07 17:04:37 +01:00
Neil Armstrong fd4c259a7b Use PSA_INIT() in mac_multipart_internal_func() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-03-07 10:11:11 +01:00
Neil Armstrong fe6da1c35c Fix style issues in mac_sign_verify_multi() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-03-03 16:29:14 +01:00
Gilles Peskine 92e08fba4c
Merge pull request #5475 from miudr/fix_issue_5140 
Fix AEAD multipart incorrect offset in test_suite_psa_crypto.function
 2022-03-01 20:45:54 +01:00
Neil Armstrong 4766f99fe5 Add multi-part mac sign/verify test 
The test is based on the AEAD multi-part test, re-using the
design on aead_multipart_internal_func() to test differnet
sequence of psa_mac_update() for MAC update or verify.

Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-02-28 18:37:30 +01:00
Neil Armstrong 60234f87a6 Revert "Introduce new mac_key_policy_multi() variant of mac_key_policy() testing multiple updates occurences" 
This reverts commit 3ccd08b343.

Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-02-28 15:21:38 +01:00
Neil Armstrong 3ccd08b343 Introduce new mac_key_policy_multi() variant of mac_key_policy() testing multiple updates occurences 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-02-25 16:15:08 +01:00
Neil Armstrong ee9686b446 Fix style issue in hash_setup() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-02-25 15:47:34 +01:00
Przemyslaw Stekiel 696b120650 Add tests for ECC key derivation 
Test code and test vectors are taken from PR #5218

Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-02-22 13:35:26 +01:00
Neil Armstrong 66a479f8fb Add Cipher Decrypt Fail multi-part case 
Make `PSA symetric decrypt: CCM*-no-tag, input too short (15 bytes)`
depend on MBEDTLS_CCM_C otherwise the multi-part test fails on
the missing CCM* instead on the input length validity for CCM*.

Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-02-22 10:56:18 +01:00
Neil Armstrong d8dba4e0aa Add Cipher Encrypt Fail multi-part case 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-02-22 10:56:18 +01:00
Neil Armstrong 3ee335dbe3 Add Cipher Encrypt multi-part case 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-02-22 10:56:18 +01:00
Neil Armstrong 752d811015 Add AEAD Key Policy check multi-part cases 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-02-22 10:56:18 +01:00
Neil Armstrong 78aeaf8ad7 Add Cipher Key Policy check one-shot cases 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-02-22 10:56:18 +01:00
Neil Armstrong 3af9b97a29 Add Multipart Message authentication Compute & Verify cases 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-02-22 10:56:18 +01:00
Neil Armstrong ca30a00aad Add Multipart Hash Compute & Compare tests 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-02-22 10:56:18 +01:00
Neil Armstrong 55a1be1f48 Add Multipart Hash Compare fail tests 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-02-22 10:56:18 +01:00
Neil Armstrong 161ec5c368 Add Multipart Hash Compute fail tests 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-02-22 10:56:18 +01:00
Neil Armstrong edb20865c7 Add One-Shot Hash setup test 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-02-22 10:56:18 +01:00
Manuel Pégourié-Gonnard 1ab2d6966c
Merge pull request #5385 from AndrzejKurek/use-psa-crypto-reduced-configs 
Resolve problems with reduced configs using USE_PSA_CRYPTO
 2022-02-02 10:20:26 +01:00
Mircea Udrea 657ff4fd09 Fix AEAD multipart incorrect offset in test_suite_psa_crypto.function 
When working with block cipher modes like GCM(PSA_ALG_IS_AEAD_ON_BLOCK_CIPHER),
aead_multipart_internal_func() should calculate the offset in output buffer
based on output_length, not using the offset of the input buffer(part_offset).

Signed-off-by: Mircea Udrea <mircea.udrea@silexinsight.com>
 2022-01-31 13:51:56 +01:00
Gilles Peskine c6753a6c90
Merge pull request #5363 from AndrzejKurek/clarify-testing-set-nonce-set-lengths 
PSA AEAD: extend testing of set_nonce + set_lengths
 2022-01-25 17:02:26 +01:00
Andrzej Kurek f881601c91 Detect invalid tag lengths in psa_aead_setup 
Read tag lengths from the driver and validate against preset values.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-01-20 07:40:12 -05:00
Andrzej Kurek 031df4a93a Clarify test descriptions 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-01-19 12:44:49 -05:00
Andrzej Kurek e5f94fb556 PSA AEAD: test long plaintext lengths for psa_set_lengths 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-01-19 12:36:50 -05:00
Andrzej Kurek 1e8e1745a8 PSA AEAD: test more combinations of set_nonce and set_lengths 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-01-19 12:36:50 -05:00
Andrzej Kurek a2ce72e5bf Test calling psa_aead_set_lengths and set_nonce in various order 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-01-19 12:36:50 -05:00
Andrzej Kurek 77b8e098f9 Add missing MBEDTLS_ASN1_WRITE_C dependency in test_suite_psa_crypto 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-01-19 12:34:23 -05:00
Manuel Pégourié-Gonnard a15503fcdd
Merge pull request #5344 from AndrzejKurek/psa-aead-more-generate-nonce-combinations 
PSA AEAD: test more combinations of generate_nonce and set_lengths
 2022-01-17 13:12:04 +01:00
Andrzej Kurek ad83752811 PSA AEAD: test more combinations of generate_nonce and set_lengths 
Extend PSA AEAD testing by adding CCM and ChaChaPoly.
Add more combinations of functions to test the API.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2021-12-15 15:30:29 +01:00
Ronald Cron 8188d19b0e Merge branch 'development-restricted' into mbedtls-3.1.0rc-pr 2021-12-14 10:58:18 +01:00
Gilles Peskine d5b2a59826
Merge pull request #5047 from paul-elliott-arm/psa-m-aead-ccm 
PSA Multipart AEAD CCM Internal implementation and tests.
 2021-12-09 14:49:42 +01:00
Paul Elliott 37ec16b579 Add explanation for workaround in test code 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2021-12-09 09:44:11 +00:00
Manuel Pégourié-Gonnard 39c2aba920
Merge pull request #849 from ronald-cron-arm/fix-cipher-iv 
Avoid using encryption output buffer to pass generated IV to PSA driver
 2021-12-08 13:30:06 +01:00
Ronald Cron 6c9bb0f71e test: psa cipher: Add unexpected IV setting/generation negative tests 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2021-11-26 15:46:20 +01:00
Dave Rodgman 491d849ad1 Fix derive_input test ignoring parameter 
Fix derive_input test hardcoding key type instead of using test argument.

Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2021-11-16 16:05:06 +00:00
Manuel Pégourié-Gonnard 087f04783d
Merge pull request #5076 from mstarzyk-mobica/psa_ccm_no_tag 
PSA CCM*-no-tag
 2021-11-10 10:18:55 +01:00
Gilles Peskine f7b4137e69 Untangle PSA_ALG_IS_HASH_AND_SIGN and PSA_ALG_IS_SIGN_HASH 
The current definition of PSA_ALG_IS_HASH_AND_SIGN includes
PSA_ALG_RSA_PKCS1V15_SIGN_RAW and PSA_ALG_ECDSA_ANY, which don't strictly
follow the hash-and-sign paradigm: the algorithm does not encode a hash
algorithm that is applied prior to the signature step. The definition in
fact encompasses what can be used with psa_sign_hash/psa_verify_hash, so
it's the correct definition for PSA_ALG_IS_SIGN_HASH. Therefore this commit
moves definition of PSA_ALG_IS_HASH_AND_SIGN to PSA_ALG_IS_SIGN_HASH, and
replace the definition of PSA_ALG_IS_HASH_AND_SIGN by a correct one (based
on PSA_ALG_IS_SIGN_HASH, excluding the algorithms where the pre-signature
step isn't to apply the hash encoded in the algorithm).

In the definition of PSA_ALG_SIGN_GET_HASH, keep the condition for a nonzero
output to be PSA_ALG_IS_HASH_AND_SIGN.

Everywhere else in the code base (definition of PSA_ALG_IS_SIGN_MESSAGE, and
every use of PSA_ALG_IS_HASH_AND_SIGN outside of crypto_values.h), we meant
PSA_ALG_IS_SIGN_HASH where we wrote PSA_ALG_IS_HASH_AND_SIGN, so do a
global replacement.
```
git grep -l IS_HASH_AND_SIGN ':!include/psa/crypto_values.h' | xargs perl -i -pe 's/ALG_IS_HASH_AND_SIGN/ALG_IS_SIGN_HASH/g'
```

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-11-03 15:48:15 +01:00
Mateusz Starzyk ed71e92730 Add tests for CCM*-no-tag. 
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
 2021-10-21 11:33:41 +02:00
Paul Elliott 76bda48f8c Add Multipart AEAD CCM Finish buffer tests 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2021-10-07 18:06:03 +01:00
Paul Elliott 47b9a14dc6 Add Multipart AEAD CCM update buffer tests 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2021-10-07 18:06:03 +01:00
Paul Elliott d79c5c5105 Add Multipart AEAD CCM generate nonce tests 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2021-10-07 18:06:03 +01:00
Paul Elliott e4c08ed257 Add Multipart AEAD CCM set nonce tests 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2021-10-07 18:06:03 +01:00
Paul Elliott fec6f37669 Add Multipart AEAD CCM verify tests 
Known failures, concentrating on verify (bad signature etc.)

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2021-10-07 18:06:03 +01:00
Paul Elliott 32f46ba16a Remove ability to turn off chunked ad/data tests 
This is no longer required, as both PolyChaCha and GCM now support
both chunked body data and additional data.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2021-09-24 11:20:10 +01:00
Paul Elliott 71b0567c87 Merge remote-tracking branch 'upstream/development' into psa-m-aead-merge 
Also fiixed the following merge problems:

crypto_struct.h   : Added MBEDTLS_PRIVATE to psa_aead_operation_s
                    members (merge conflict)
psa_crypto_aead.c : Added ciphertext_length to mbedtls_gcm_finish
                    call (change of API during development)

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2021-09-24 11:18:13 +01:00
Paul Elliott 3db0b70263 Remove unnecessary test steps 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2021-09-22 22:34:18 +01:00
Paul Elliott 88ecbe176d Test generated nonce test generates expected sizes 
(But only in the positive test cases)

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2021-09-22 22:34:17 +01:00
Paul Elliott fbb4c6d9a2 Replace AEAD operation init func with macro 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2021-09-22 22:34:17 +01:00
Paul Elliott a2a09b096c Remove double initialisation of AEAD operation 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2021-09-22 22:34:17 +01:00
Paul Elliott bb979e7748 Rename enum types 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2021-09-22 22:34:17 +01:00
Paul Elliott bdc2c68d97 Add missing not setting nonce tests 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2021-09-22 22:34:17 +01:00
Paul Elliott 64555bd98c Add missing initialisation to setup test. 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2021-09-20 18:47:28 +01:00
Paul Elliott 4a760882bb Fix leaked test buffer 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2021-09-20 09:43:46 +01:00
Paul Elliott 6043e49039 Fix missed documentation header pt 2 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2021-09-20 09:43:46 +01:00
Paul Elliott 8eec8d4436 Fix missed documentation header 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2021-09-19 22:39:06 +01:00
Paul Elliott f94bd99368 Add missing aead state tests. 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2021-09-19 18:43:17 +01:00
Paul Elliott 5221ef638a Add aead setup tests 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2021-09-19 18:43:17 +01:00
Paul Elliott 1c67e0b38c Add extra verify edge test cases 
Add ability to pass NULL tag buffer (with length zero)

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2021-09-19 18:43:17 +01:00
Paul Elliott 9961a668bd Remove negative tests from multipart_decrypt 
Multipart decrypt now always expects positive result (i.e. the plaintext
that is passed in). Added new test that expects fail, and does no
multipart versions and concentrates on aead_verify.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2021-09-19 18:43:17 +01:00
Paul Elliott fd0c154ce3 Add tests to oversend data/ad when lengths set 
Previous tests only tested when the expected lengths were set to zero.
New test sends all data/ad then goes over by one byte.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2021-09-19 18:43:17 +01:00
Paul Elliott f38adbe558 Ensure tests expected to fail actually fail 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2021-09-19 18:43:16 +01:00
Paul Elliott e49fe45478 Remove unneccesary nesting 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2021-09-19 18:43:16 +01:00
Paul Elliott 4e4d71a838 Move hidden logic into loop 'for' statement 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2021-09-19 18:43:16 +01:00
Paul Elliott 33746aac32 Convert set lengths options over to enum 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2021-09-19 18:43:16 +01:00
Paul Elliott 9454cfa911 Remove unneccesary safety check in test 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2021-09-19 18:43:16 +01:00
Paul Elliott 6bfd0fbbc6 Convert all uint32_t lengths over to size_t 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2021-09-19 18:43:16 +01:00
Paul Elliott 5a9642ff28 Correct switched blocks for output sizes 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2021-09-19 18:43:16 +01:00
Paul Elliott 719c1324a1 Add tag buffer size tests to finish buffer tests 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2021-09-19 18:43:16 +01:00
Paul Elliott e58cb1e0cf Aligh finish_buffer_test vars with PSA standard 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2021-09-19 18:43:16 +01:00
Paul Elliott 4023ffd275 Re-add option of NULL buffer for nonce tests 
NULL/zero length or valid buffer/zero length both now tested

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2021-09-19 18:43:16 +01:00
Paul Elliott e64deda873 Add missing check to multipart decrypt 
Ensure that the test actually does something, rather than skipping both
parts, also add comment to this effect.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2021-09-19 18:43:16 +01:00
Archana 9d17bf4215
Styling and refactoring 
Signed-off-by: Archana <archana.madhavan@silabs.com>
 2021-09-10 07:16:08 +05:30
Archana 8a180368fb
Add opaque test driver support for copy key 
A minimal test driver extension is added to support
copy of opaque keys within the same location.
Test vector support is extended to cover opaque keys.

Signed-off-by: Archana <archana.madhavan@silabs.com>
 2021-09-08 22:04:07 +05:30
Archana 4d7ae1d8cf
Add test driver support for opaque key import 
-Add test driver support to import/export while wrapping keys
 meant to be stored in the PSA core as opaque( emulating an
 SE without storage ).
-Export validate_unstructured_key_bit_size as
 psa_validate_unstructured_key_bit_size, thereby changing its scope.
-Improve the import/export test cases in test_suite_psa_crypto to also
 cover opaque keys, thereby avoiding duplication.

Signed-off-by: Archana <archana.madhavan@silabs.com>
 2021-09-08 22:03:54 +05:30
Paul Elliott b0450febe6 Tests for sending too much data after set lengths 
We previously had tests for not sending enough (additional) data, but
were missing tests for sending too much. I have added these to the state
tests, as I don't think this is complex enough to deserve a standalone
test.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2021-09-01 15:09:15 +01:00
Paul Elliott 7f62842247 Add test for calling update when nonce not set 
Previously only testing calling update_ad in this state.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2021-09-01 15:09:15 +01:00
Paul Elliott c6d11d02f5 Aligh update buffer test variables with psa naming 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2021-09-01 15:09:15 +01:00
Mateusz Starzyk 1ebcd55afa Extend mac_key_policy test. 
Add checks for psa_mac_compute and psa_mac_verify.

Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
 2021-08-30 17:11:01 +02:00
Paul Elliott 5e69aa5709 Remove NULL check for set nonce 
Also remove tests which would pass NULL to this function.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2021-08-25 17:40:40 +01:00
Paul Elliott 6f0e72038d Align set nonce variables with psa convention 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2021-08-25 17:40:40 +01:00
Paul Elliott f127763ec9 Align generate nonce variables with psa convention 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2021-08-25 17:40:40 +01:00
Mateusz Starzyk d07f4fc30f Use separate expected results for MAC sign and verify key policy. 
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
 2021-08-24 14:16:55 +02:00
Mateusz Starzyk cb0a7cd142 Fix mac_key_policy test function 
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
 2021-08-20 11:34:49 +02:00
Paul Elliott 66696b5591 Improve nonce length checks 
Add the missing nonce length checks (this function is being used by
oneshot functions as well as multipart, and thus all cipher suites are
being used) and cover the case where a NULL buffer gets passed in.
Extended the set nonce test to cover this.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2021-08-16 18:44:50 +01:00
Paul Elliott 91b021e4c7 Add finish buffer size test 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2021-07-23 18:53:54 +01:00
Paul Elliott 43fbda648d Add test for update buffer size 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2021-07-23 18:53:53 +01:00
Paul Elliott 693bf312d9 Fix _arg argument not being cast to correct type 
Also change to TEST_EQUAL, as this is now possible.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2021-07-23 18:53:53 +01:00
Paul Elliott 863864a2f7 Add multipart set nonce test 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2021-07-23 18:53:53 +01:00
Paul Elliott 41ffae17b1 Fix incorrect function documentation 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2021-07-22 21:53:12 +01:00
Paul Elliott ebf91638b5 Move set nonce / set length tests to positive test 
Previous test in state test was not actually making sure that the
operatioon could be completed using set lengths / set nonce in either
order, thus changed the 'normal' encrypt / decrypt tests to run in
alternating order.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2021-07-22 18:52:20 +01:00
Paul Elliott 329d5381a5 Add 0 length part tests 
Add tests to do zero length part, n length part until done, to exercise
the zero length edge case.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2021-07-22 18:52:20 +01:00
Paul Elliott 243080ca7d Clarify comments on state test. 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2021-07-22 18:52:20 +01:00
Paul Elliott 97fd1bad83 Convert over to using a single internal test func 
Make all encrypt/decrypt tests use the same function. Cleanup arguments
that were poorly named and document internal function. Removed one test
as I didn't want to write another test purely for it, when its already
tested in one shot.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2021-07-22 18:52:20 +01:00
Paul Elliott e0fcb3b99e Add 'too big' tests for nonce generation 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2021-07-21 18:51:23 +01:00
Paul Elliott d85f547b65 Add expected size to nonce generation test 
Also add unneeded copy-paste in the test descriptions.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2021-07-21 18:51:23 +01:00
Paul Elliott 374a2be588 Add missing state test coverage 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2021-07-21 18:51:23 +01:00
Paul Elliott 481be341ef Make state tests more readable 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2021-07-21 18:51:23 +01:00
Paul Elliott a417f56d28 Add non regression test for cipher output size 
Call the output size macros specifically with asymmetric keys, which
would cause a crash (and thus test fail) should this fix get regressed.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2021-07-14 12:39:54 +01:00
Dave Rodgman 9f5774f56d
Merge pull request #4739 from gabor-mezei-arm/3258_fp30_implement_one-shot_MAC_and_cipher 
Implement one-shot cipher
 2021-06-30 17:04:23 +01:00
gabor-mezei-arm 95aad8378c
Unify multipart cipher operation tester functions 
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
 2021-06-29 19:55:24 +02:00
gabor-mezei-arm a56756ed45
Rename test functions 
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
 2021-06-29 19:55:24 +02:00