10569 Commits

Author SHA1 Message Date
David Horstmann
5d64c6acca Generate memory poisoning in wrappers
Generate memory poisoning code in test wrappers for:
* psa_sign_hash_start()
* psa_sign_hash_complete()
* psa_verify_hash_start()

Signed-off-by: David Horstmann <david.horstmann@arm.com>
2024-03-11 15:56:13 +00:00
David Horstmann
63dfb45e5e
Merge pull request #1181 from tom-daubney-arm/key_agreement_buffer_protection
Implement safe buffer copying in key agreement
2024-03-11 15:10:49 +00:00
tom-daubney-arm
d4c57c0ad2
Merge branch 'development-restricted' into key_agreement_buffer_protection
Signed-off-by: tom-daubney-arm <74920390+tom-daubney-arm@users.noreply.github.com>
2024-03-06 16:47:13 +00:00
Thomas Daubney
a4866945b8 Fix issue with large allocation in tests
In test_suite_psa_crypto_op_fail.generated.function
the function key_agreement_fail was setting the
public_key_length variable to SIZE_MAX which meant that
a huge allocation was being attempted.

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
2024-03-06 16:32:25 +00:00
David Horstmann
a5175634b0
Merge branch 'development-restricted' into copying-pake
Signed-off-by: David Horstmann <david.horstmann@arm.com>
2024-03-06 11:18:28 +00:00
Gábor Mezei
716cf2d4e0
Merge branch 'development-restricted' into buffer_protection_for_cipher
Signed-off-by: Gábor Mezei <63054694+gabor-mezei-arm@users.noreply.github.com>
2024-03-04 15:38:05 +00:00
David Horstmann
c5688a2629
Merge branch 'development-restricted' into generate-random-buffer-protection
Signed-off-by: David Horstmann <david.horstmann@arm.com>
2024-02-29 14:25:56 +00:00
David Horstmann
7581363122 Fix incorrect conflict resolution
A return statement was missing in the wrapper generation script.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
2024-02-29 11:26:45 +00:00
tom-daubney-arm
840dfe8b41
Merge branch 'development-restricted' into asymmetric_encrypt_buffer_protection
Signed-off-by: tom-daubney-arm <74920390+tom-daubney-arm@users.noreply.github.com>
2024-02-28 15:42:38 +00:00
Gabor Mezei
f1dd0253ec
Remove write check in driver wrappers tests
This check is intended to ensure that we do not write intermediate
results to the shared output buffer. This check will be made obselete
by generic memory-poisoning-based testing for all functions.

Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2024-02-28 15:18:21 +00:00
Gabor Mezei
b74ac66c8b
Update test wrapper functions for ciper buffer protection
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2024-02-28 15:17:18 +00:00
Gabor Mezei
b8f97a1f3f
Add test wrapper functions for cipher buffer protection
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2024-02-28 15:17:17 +00:00
David Horstmann
075c5fb76f Generate test wrappers for psa_generate_random()
Signed-off-by: David Horstmann <david.horstmann@arm.com>
2024-02-26 17:12:34 +00:00
Thomas Daubney
4a46d73bb0 Suppress pylint
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
2024-02-26 13:49:26 +00:00
tom-daubney-arm
5cd611d144
Merge branch 'development-restricted' into mac_buffer_protection
Signed-off-by: tom-daubney-arm <74920390+tom-daubney-arm@users.noreply.github.com>
2024-02-22 15:26:06 +00:00
David Horstmann
cf3457ef26
Merge pull request #1132 from davidhorstmann-arm/copying-aead
Copy buffers in AEAD
2024-02-20 16:07:30 +00:00
Thomas Daubney
fe2bda3257 Generate test wrappers
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
2024-02-15 13:35:06 +00:00
David Horstmann
b539126670
Merge pull request #1156 from Ryan-Everett-arm/key-derivation-buffer-protection
Add buffer copying to the Key Derivation API
2024-02-15 11:54:20 +00:00
Thomas Daubney
54e6b412bd Generate all test wrappers
One was missed due to a typo

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
2024-02-12 12:49:22 +00:00
Thomas Daubney
27b48a312f Generate test wrappers
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
2024-02-12 12:49:19 +00:00
Thomas Daubney
a1cf1010cc Generate test wrappers for mac functions
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
2024-02-12 12:07:35 +00:00
Thomas Daubney
45c8586a91 Generate test wrappers for hash functions
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
2024-02-12 11:43:03 +00:00
Ronald Cron
90abb224f7 ssl-opt.sh: Establish TLS 1.3 then TLS 1.2 session
Add a test where first we establish a
TLS 1.3 session, then a TLS 1.2 one
with the same server.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-02-08 12:12:58 +01:00
Ronald Cron
587cfe65ca ssl-opt.sh: Establish TLS 1.2 then TLS 1.3 connection
Add a test where first we establish a
TLS 1.2 session, then a TLS 1.3 one
with the same server.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-02-08 12:09:42 +01:00
Ryan Everett
eb8c665a53 Reformat wrapper generation code
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
2024-02-07 17:32:16 +00:00
Ryan Everett
0f54727bf4 Restructure wrapper script
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
2024-02-07 17:32:16 +00:00
Ryan Everett
198a4d98d5 Generate test wrappers for key derivation
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
2024-02-07 17:32:16 +00:00
David Horstmann
b8dc2453f1 Update buffer start and length in multipart test
This fixes a test failure in which the buffer was not properly filled.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
2024-02-06 17:03:13 +00:00
David Horstmann
30a61f2ec8 Add testcase to fail multipart cipher tests
Encrypt more than 2 blocks of data, causing both update() calls to
output data as well as the call to finish().

This exposes a test bug where the pointer to a buffer is not updated
as it is filled with data.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
2024-02-06 16:55:19 +00:00
David Horstmann
86e6fe0cce Generate poisoning wrappers for AEAD
Modify wrapper generation script to generate poisoning calls and
regenerate wrappers.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
2024-02-06 13:39:02 +00:00
David Horstmann
52402ec0fe Fix bug in PSA AEAD test
Resize buffer used to hold the nonce to twice the maximum nonce size.
Some test cases were requesting more than the maximum nonce size
without actually having backing space. This caused a buffer overflow
when PSA buffer-copying code was added.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
2024-02-06 13:39:02 +00:00
Dave Rodgman
e883870cc7
Merge branch 'development-restricted' into update-development-r
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2024-02-02 18:03:29 +00:00
Ryan Everett
8d606857da Remove unnecessary dependencies from psa_crypto_helpers.h
The psa_test_wrappers.h inclusion was breaking the examples in programs/
on functions with poisoning added

Signed-off-by: Ryan Everett <ryan.everett@arm.com>
2024-02-02 10:33:09 +00:00
Ryan Everett
4c74c4fe84 Fix line-too-long in script
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
2024-02-02 10:33:09 +00:00
Ryan Everett
84a666daa8 Re-add cipher_encrypt to test wrapper script
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
2024-02-02 10:33:09 +00:00
Ryan Everett
77b91e3930 Generate test wrappers for key management
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
2024-02-02 10:33:09 +00:00
David Horstmann
b2c9f0e2df Disable poisoning with PSA_CRYPTO_DRIVER_TEST
This option causes nested calls to PSA functions, so is not compatible
with memory poisoning as it currently stands.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
2024-01-31 14:38:15 +00:00
Thomas Daubney
f430f47434 Generate test wrappers
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
2024-01-30 12:25:35 +00:00
Dave Rodgman
047c724c22 Merge remote-tracking branch 'restricted/development-restricted' into update-development-r
Conflicts:
	programs/Makefile
	tests/scripts/check-generated-files.sh
2024-01-26 12:42:51 +00:00
David Horstmann
433a58c170 Fix magic numbers in more J-PAKE tests
In the ecjpake_do_round(), fix a magic number that was causing buffer
size to be incorrectly advertised.

Followup of 'Fix magic number buffer length in J-PAKE tests' for what
seem to be duplicate tests.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
2024-01-25 16:29:26 +00:00
David Horstmann
6076fe486b Generate poisoning in PAKE test wrappers
Enable memory poisoning for all functions whose names start with
'psa_pake'. Regenerate the wrappers and commit the result.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
2024-01-24 15:42:11 +00:00
David Horstmann
fdedbb78a5 Fix magic number buffer length in J-PAKE tests
The buffer size was advertised as 512-bytes, despite sometimes being
smaller. This did not cause a crash until buffer copying, which always
copies all of the buffer, was added.

When copying back to the original, we would cause a heap buffer
overflow, which ASan detected.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
2024-01-24 15:42:11 +00:00
David Horstmann
9c5c9c351d
Merge pull request #1141 from davidhorstmann-arm/memory-poisoning-runtime-enable
Enable and disable memory poisoning at runtime
2024-01-24 14:46:43 +00:00
Dave Rodgman
13f2f4e7f1 Merge remote-tracking branch 'restricted/development' into mbedtls-3.5.2rc 2024-01-24 09:49:15 +00:00
Dave Rodgman
e23d6479cc Bump version
./scripts/bump_version.sh --version 3.5.1

Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2024-01-22 15:45:49 +00:00
Jonathan Winzig
af553bf719 Add required dependency to the testcase
Co-authored-by: Paul Elliott <62069445+paul-elliott-arm@users.noreply.github.com>
Signed-off-by: Jonathan Winzig <jwinzig@hilscher.com>
2024-01-22 15:31:05 +00:00
Jonathan Winzig
acd35a55c8 Remove unneeded testcase
Signed-off-by: Jonathan Winzig <jwinzig@hilscher.com>
2024-01-22 15:31:05 +00:00
Jonathan Winzig
144bfde1cd Update test-data to use SIZE_MAX
Co-authored-by: David Horstmann <david.horstmann@arm.com>
Signed-off-by: Jonathan Winzig <jwinzig@hilscher.com>
2024-01-22 15:31:05 +00:00
Jonathan Winzig
93f5240ae5 Add missing newline at the end of test_suite_x509write.data
Signed-off-by: Jonathan Winzig <jwinzig@hilscher.com>
2024-01-22 15:31:05 +00:00
Jonathan Winzig
1c7629c1c0 Add tests for Issue #8687
Signed-off-by: Jonathan Winzig <jwinzig@hilscher.com>
2024-01-22 15:31:05 +00:00