Commit Graph

32543 Commits

Author SHA1 Message Date
Paul Elliott
99ed26e0f7
Merge pull request #9808 from waleed-elmelegy-arm/add-iop-export-pub-key-complete
Add PSA interruptible export public-key complete API
2024-12-11 17:47:54 +00:00
Ronald Cron
f3720c7ca9
Merge pull request #9828 from ronald-cron-arm/finalize-split-preparation-2
Finalize split preparation-2
2024-12-11 14:07:27 +00:00
Ronald Cron
2d40a24a64 Update framework to the merge of #99
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-12-11 12:08:23 +01:00
Janos Follath
54f19e5372
Merge pull request #9783 from gilles-peskine-arm/psa-storage-test-cases-never-supported-preliminaries-dev
Make some edge cases of not-supported or invalid mechanisms more uniform
2024-12-10 18:15:54 +00:00
Ronald Cron
8a09a411fc make: Add missing dependency
Add missing dependency of visualc
file generation on programs and
tests generated files.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-12-10 17:00:48 +01:00
Ronald Cron
a747fa6127 make: Fix psa_constant_names_generated.c generation
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-12-10 16:59:52 +01:00
Ronald Cron
bced0c782d Fix check that psa_test_wrappers.[hc] are up to date
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-12-10 16:58:02 +01:00
Ronald Cron
9fb40d7e01 Move PSA documentation to tf-psa-crypto
Move the docuumentation files that after
the split will fit better in TF-PSA-Crypto
than Mbed TLS. No comment update.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-12-10 16:56:49 +01:00
Ronald Cron
faadfc2513 cmake: Remove unnecessary file generation disablement
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-12-10 16:56:49 +01:00
Ronald Cron
3dd1d3d1de Fix test_sha3_variations
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-12-10 16:56:49 +01:00
Ronald Cron
42ba65d892 Fix test_malloc_0_null
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-12-10 16:56:49 +01:00
Ronald Cron
bfa03a2c3a Fix build_zeroize_checks
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-12-10 16:56:49 +01:00
Ronald Cron
b7adf7bb77 Fix tls13_only
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-12-10 16:56:49 +01:00
Ronald Cron
9d262d7c13 Fix test_ccm_aes_sha256
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-12-10 16:56:49 +01:00
Ronald Cron
2654081885 Adapt TF-M configurations to config split
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-12-10 16:56:49 +01:00
Ronald Cron
5096b4cb4b Revert "Remove mbedtls_test"
This reverts commit 939ce9d0d5.

Build mbedtls_test library of objects to link
with TLS and x509 test suites and programs
with mbedtls framework not TF-PSA-Crypto
one (when it will be there).

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-12-10 16:56:49 +01:00
Ronald Cron
f6eee5ad55 Move test_keys.h to include/test
Move test_keys.h to tests/include/test
instead of tests/src as it is used
outside of tests/src namely by
test_suite_pk.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-12-10 16:56:42 +01:00
Ronald Cron
04baacb228 cmake: Try and simplify test_keys/certs.h generation
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-12-10 16:54:05 +01:00
Ronald Cron
cec78c33df libtesdriver1: Copy only scripts from framework
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-12-10 16:54:05 +01:00
Ronald Cron
ce3bcf04d8 Restore 3.6 PSA constants generation check
Just to ease the eventual migration
of check-generated-files.sh to
the framework.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-12-10 16:54:05 +01:00
Ronald Cron
8392f189e2 Move build of PSA programs to tf-psa-crypto
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-12-10 16:54:05 +01:00
Manuel Pégourié-Gonnard
e9d036ab11
Merge pull request #9788 from eleuzi01/issue-74-fw
Move scripts used by all-core.sh to the framework
2024-12-10 12:42:06 +00:00
Waleed Elmelegy
e330e58bd7 Improve iop export public-key testing
* Improve wording of comments.
* Zeroize buffer before doing iop testing to
  avoid comparing with previous values in
  case they are not overwritten.
* Remove redundant testing.

Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
2024-12-10 11:44:58 +00:00
Elena Uziunaite
f37cbf8c2f Update submodule with the merge
Signed-off-by: Elena Uziunaite <elena.uziunaite@arm.com>
2024-12-10 09:42:48 +00:00
Waleed Elmelegy
0843214dee Remove Invalid import/export key test
The test is supposed to be an opaque key test but the
testing function does not support specifying an
opaque driver.

Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
2024-12-09 18:14:21 +00:00
Waleed Elmelegy
c66147df72 Refactor & improve internal iop export public-key setup and complete APIs
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
2024-12-09 18:13:45 +00:00
Waleed Elmelegy
1daabc113b Refactor and improve iop export public-key setup and abort APIs
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
2024-12-09 18:13:42 +00:00
Waleed Elmelegy
3c46535ff9 Rename mbedtls_psa_export_public_key_iop_operation_t
Rename it to mbedtls_psa_export_public_key_iop_t as
iop stands for "interuptible operation" already.

Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
2024-12-09 18:12:16 +00:00
Waleed Elmelegy
e283ed9e20 Add testing of complete API of interruptible export public-key
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
2024-12-09 18:12:16 +00:00
Waleed Elmelegy
a04e88adf0 Fix export public-key opaque key test paramters
The test is marked as opaque but the parameter was set
to PSA_KEY_LIFETIME_VOLATILE.

Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
2024-12-09 18:12:16 +00:00
Waleed Elmelegy
81a525849c Add interuptible export public-key to current export public-key tests
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
2024-12-09 18:12:16 +00:00
Waleed Elmelegy
54ba963575 Add interuptible export public-key testing to invalid key tests
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
2024-12-09 18:12:16 +00:00
Waleed Elmelegy
f466a284c1 Fix checks for key type in psa_export_public_key_iop_setup()
Key type must be a key pair or public-key if not we return
PSA_ERROR_INVALID_ARGUMENT.

The key type must be ECC key as this is what we support for
now otherwise we return PSA_ERROR_NOT_SUPPORTED.

Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
2024-12-09 18:12:16 +00:00
Waleed Elmelegy
4cffd5d4f3 Add implementaion for psa_export_public_key_iop_complete()
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
2024-12-09 18:12:16 +00:00
Waleed Elmelegy
2cfce63fe6 Fix status variable type in mbedtls_psa_ecp_export_public_key_iop_setup()
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
2024-12-09 18:12:16 +00:00
Waleed Elmelegy
af2595b4a7 Add implementation for mbedtls_psa_ecp_export_public_key_iop_complete()
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
2024-12-09 18:12:16 +00:00
Waleed Elmelegy
c1fc136b14 Add Header for mbedtls_psa_ecp_export_public_key_iop_complete()
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
2024-12-09 18:12:16 +00:00
Gilles Peskine
c3e0e8fe97 Fix copypasta
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-12-09 18:31:59 +01:00
Gilles Peskine
e7e704ac83 p256-m: allow deterministic ECDSA verification
For ECDSA verification, there is no difference between the deterministic and
randomized algorithm. The PSA core consider the two variants as identical as
far as key policies are concerned, and the built-in implementation accepts
either variant even if only the other variant is supported for signature.

In p256-m, accept to perform an ECDSA verification when the algorithm is
specified as deterministic ECDSA. This makes the behavior identical to the
built-in implementation, which is less surprising for users and saves us
from having to cope with a difference in our testing.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-12-09 18:31:59 +01:00
Gilles Peskine
de7aae1ba0 PSA interruptible sign/verify: detect unsupported mechanism in start
In particular, if interruptible ECDSA is supported but not the deterministic
variant, detect this in psa_sign_hash_start(), whereas before start() would
succeed and psa_sign_hash_complete() would fail. This avoids an
inconsistency between psa_sign_hash() and psa_sign_hash_start() that would
be annoying to handle in test_suite_psa_crypto_op_fail.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-12-09 18:31:59 +01:00
Gilles Peskine
27c604af08 Add missing resource cleanup on test failure
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-12-09 18:31:59 +01:00
Gilles Peskine
eafc2751e6 Fix edge case with half-supported ECDSA (manual test cases)
ECDSA has two variants: deterministic (PSA_ALG_DETERMINISTIC_ECDSA) and
randomized (PSA_ALG_ECDSA). The two variants are different for signature but
identical for verification. Mbed TLS accepts either variant as the algorithm
parameter for verification even when only the other variant is supported,
so we need to handle this as a special case when generating not-supported
test cases.

In this commit:

* Add manually written not-supported test cases for the signature
  operation when exactly one variant is supported.
* Add manually written positive test cases for the verification
  operation when exactly one variant is supported.
* Register that !ECDSA but DETERMINISTIC_ECDSA is not tested yet
  (https://github.com/Mbed-TLS/mbedtls/issues/9592).

A commit in the framework will take care of automatically generated test cases.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-12-09 18:31:59 +01:00
Gilles Peskine
070fbca351 Add some missing test case dependencies
Following "PSA sign/verify: more uniform error on an unsupported hash", some
error cases are detected earlier, so there is some sloppiness in test case
dependencies that is not longer acceptable.

* In test_suite_psa_crypto, one test case for a hash+sign algorithm now
  returns NOT_SUPPORTED rather than INVALID_ARGUMENT when the hash is not
  supported and the key is invalid.
* In test_suite_psa_crypto_se_driver_hal_mocks, some test cases now error
  out before reaching the mocks rather than after when they attempt to
  use an unsupported hash.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-12-09 18:31:59 +01:00
Gilles Peskine
8a4ff2f338 import_not_supported: edge case of unsupported curves
Allow imports of an ECC public key on an unsupported curve to return
INVALID_ARGUMENT rather than NOT_SUPPORTED. This can happen in our library
code in edge cases when only certain curve families are supported, and it's
acceptable.

The new code does not trigger yet, but it will be useful for a future commit
"Do run not-supported test cases on not-implemented mechanisms"
(forward port of 995d7d4c15).

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-12-09 18:31:59 +01:00
Gilles Peskine
c5f518357d PSA sign/verify: more uniform error on an unsupported hash
Uniformly return PSA_ERROR_NOT_SUPPORTED if given an algorithm that includes
a hash, but that hash algorithm is not supported. This will make it easier
to have a uniform treatment of unsupported hashes in automatically generated
tests.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-12-09 18:31:59 +01:00
Elena Uziunaite
827e2a9391 Update submodule
Signed-off-by: Elena Uziunaite <elena.uziunaite@arm.com>
2024-12-09 15:36:38 +00:00
Elena Uziunaite
9f5487406d Adapt paths for scripts/quiet
Signed-off-by: Elena Uziunaite <elena.uziunaite@arm.com>
2024-12-09 15:35:04 +00:00
Elena Uziunaite
d92e24e83f Adapt paths for output_env.sh
Signed-off-by: Elena Uziunaite <elena.uziunaite@arm.com>
2024-12-09 15:35:04 +00:00
Elena Uziunaite
7b51437f8c Move files out of Mbed TLS
Signed-off-by: Elena Uziunaite <elena.uziunaite@arm.com>
2024-12-09 15:35:04 +00:00
Ronald Cron
2ce86b0a1b
Merge pull request #9792 from gabor-mezei-arm/9157_minimal_tf_psa_crypto_config.py
Minimal `config.py` for TF-PSA-Crypto
2024-12-09 11:47:12 +00:00