Commit Graph

184 Commits

Author SHA1 Message Date
Gilles Peskine
c3e0e8fe97 Fix copypasta
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-12-09 18:31:59 +01:00
Gilles Peskine
de7aae1ba0 PSA interruptible sign/verify: detect unsupported mechanism in start
In particular, if interruptible ECDSA is supported but not the deterministic
variant, detect this in psa_sign_hash_start(), whereas before start() would
succeed and psa_sign_hash_complete() would fail. This avoids an
inconsistency between psa_sign_hash() and psa_sign_hash_start() that would
be annoying to handle in test_suite_psa_crypto_op_fail.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-12-09 18:31:59 +01:00
Gilles Peskine
27c604af08 Add missing resource cleanup on test failure
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-12-09 18:31:59 +01:00
Gilles Peskine
eafc2751e6 Fix edge case with half-supported ECDSA (manual test cases)
ECDSA has two variants: deterministic (PSA_ALG_DETERMINISTIC_ECDSA) and
randomized (PSA_ALG_ECDSA). The two variants are different for signature but
identical for verification. Mbed TLS accepts either variant as the algorithm
parameter for verification even when only the other variant is supported,
so we need to handle this as a special case when generating not-supported
test cases.

In this commit:

* Add manually written not-supported test cases for the signature
  operation when exactly one variant is supported.
* Add manually written positive test cases for the verification
  operation when exactly one variant is supported.
* Register that !ECDSA but DETERMINISTIC_ECDSA is not tested yet
  (https://github.com/Mbed-TLS/mbedtls/issues/9592).

A commit in the framework will take care of automatically generated test cases.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-12-09 18:31:59 +01:00
Gilles Peskine
070fbca351 Add some missing test case dependencies
Following "PSA sign/verify: more uniform error on an unsupported hash", some
error cases are detected earlier, so there is some sloppiness in test case
dependencies that is not longer acceptable.

* In test_suite_psa_crypto, one test case for a hash+sign algorithm now
  returns NOT_SUPPORTED rather than INVALID_ARGUMENT when the hash is not
  supported and the key is invalid.
* In test_suite_psa_crypto_se_driver_hal_mocks, some test cases now error
  out before reaching the mocks rather than after when they attempt to
  use an unsupported hash.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-12-09 18:31:59 +01:00
Gilles Peskine
8a4ff2f338 import_not_supported: edge case of unsupported curves
Allow imports of an ECC public key on an unsupported curve to return
INVALID_ARGUMENT rather than NOT_SUPPORTED. This can happen in our library
code in edge cases when only certain curve families are supported, and it's
acceptable.

The new code does not trigger yet, but it will be useful for a future commit
"Do run not-supported test cases on not-implemented mechanisms"
(forward port of 995d7d4c15).

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-12-09 18:31:59 +01:00
Ronald Cron
ce3c2dd30c
Merge pull request #9806 from ronald-cron-arm/finalize-split-preparation-1
Finalize split preparation-1
2024-12-05 13:23:09 +00:00
Ronald Cron
6924564970 Move back timing.c to mbedtls
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-12-04 14:25:02 +01:00
Ronald Cron
aae9db440a tf-psa-crypto: cmake: Fix hard coded path to framework
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-12-04 14:25:02 +01:00
Ronald Cron
a9166b6218 tf-psa-crypto: cmake: Switch to TF_PSA_CRYPTO_FRAMEWORK_DIR
Switch to TF_PSA_CRYPTO_FRAMEWORK_DIR for the
variable holding the path to the framework
submodule. In case of the standalone
TF-PSA-Crypto repo, the path to the
framework submodule has nothing to do
with Mbed TLS.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-12-04 14:25:02 +01:00
Ronald Cron
3ed75c5b4f Move psa_test_wrappers.h/c to tf-psa-crypto
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-12-04 14:25:02 +01:00
Minos Galanakis
23452f5c0b libtestdriver: Addded crypto_config_test_driver
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
2024-12-04 09:57:56 +00:00
Janos Follath
62e79dc913
Merge pull request #9665 from waleed-elmelegy-arm/add-iop-key-gen-get-num-ops
Add PSA interruptible key generation get num ops API
2024-12-02 09:15:36 +00:00
Paul Elliott
017722f043
Merge pull request #9785 from waleed-elmelegy-arm/add-iop-export-pub-key-setup-abort
Add PSA interruptible export public-key setup & abort APIs
2024-11-29 21:07:34 +00:00
Waleed Elmelegy
19d418a471 Clarify why we set num_ops to 1 in iop key generation
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
2024-11-29 17:29:39 +00:00
Waleed Elmelegy
6305f5d6ef Improve clarity of num_ops comparison in iop key generation testing
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
2024-11-29 17:28:14 +00:00
Waleed Elmelegy
c05a7f82cc Add testing for PSA iop key generation get num ops API
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
2024-11-27 16:56:35 +00:00
David Horstmann
8cf83c04aa
Merge pull request #9763 from eleuzi01/issue-39-fw
Add project and branch detection in shell
2024-11-27 16:51:19 +00:00
Waleed Elmelegy
568d057b0a Add iop prefix to interruptible export-public key testing function
to distinguish it from non-interruptible.

Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
2024-11-27 16:08:01 +00:00
Waleed Elmelegy
c2790c60a0 Add negative tests for interruptible export public-key
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
2024-11-27 16:08:01 +00:00
Waleed Elmelegy
ea35fac4f1 Add iop export public-key initializers test
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
2024-11-27 16:08:01 +00:00
Waleed Elmelegy
5bcc1b9835 Add iop export public-key tests
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
2024-11-27 16:08:01 +00:00
Elena Uziunaite
8993fecae4 Define FRAMEWORK
Signed-off-by: Elena Uziunaite <elena.uziunaite@arm.com>
2024-11-27 13:15:04 +00:00
Janos Follath
49e6115443
Merge pull request #9651 from waleed-elmelegy-arm/add-iop-key-gen-complete
Add PSA interruptible key generation complete API
2024-11-26 18:34:40 +00:00
David Horstmann
3aefa5b705
Merge pull request #7977 from ivq/update_gcm_doc
Fix doc on GCM API
2024-11-21 17:35:52 +00:00
Ronald Cron
93ba625b96 Remove MBEDTLS_PSA_CRYPTO_CONFIG configuration option
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-11-21 15:52:06 +01:00
Ronald Cron
e0ebf55a19 Move back *config_test_driver* headers from the framework
config_test_driver.h and
crypto_config_test_driver_extension.h are
configuration files thus they better fit in
mbedtls branches than in the framework.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-11-21 15:51:58 +01:00
David Horstmann
5b93d97b95 Update references to test helpers
Replace:
* tests/src -> framework/tests/src
* tests/include -> framework/tests/include

Except for occurrences of:
* tests/src/test_helpers (since this only contains ssl_helpers.c)
* tests/src/test_certs.h
* tests/include/alt_dummy

Signed-off-by: David Horstmann <david.horstmann@arm.com>
2024-11-18 15:50:44 +00:00
Janos Follath
fe4b02cc69
Merge pull request #9602 from paul-elliott-arm/add_key_agreement_negative_tests
Add key agreement negative tests
2024-11-18 13:02:03 +00:00
Ronald Cron
fee08b45e2
Merge pull request #9760 from ronald-cron-arm/tf-psa-crypto-cmake
Finalize the integration of the TF-PSA-Crypto build system into the Mbed TLS one
2024-11-15 17:05:16 +00:00
Paul Elliott
c54fcc765e Add new psa_key_agreement() to key_agreement_fail()
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2024-11-15 14:09:03 +00:00
Ronald Cron
b7d0e52e16 cmake: Rename mbedcrypto target to tfpsacrypto
Rename mbedcrypto target to tfpsacrypto and
prefix all cmake related variables with
tfpsacrypto instead of mbedcrypto.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-11-14 09:28:27 +01:00
Ronald Cron
020e026779 cmake: tf-psa-crypto: Add cmake_subproject test program
The empty framework directory is temporary. It will be
removed when TF-PSA-Crypto uses its framework submodule.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-11-14 09:28:21 +01:00
Ronald Cron
2609fe9155 cmake: tf-psa-crypto: Rename mbedtls_test to tf_psa_crypto_test
To avoid conflict between the two targets when
the integration of the TF-PSA-Crypto cmake build
system into the Mbed TLS one is completed.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-11-14 09:06:47 +01:00
Ronald Cron
13a7ccec76 Align all.sh tf-psa-crypto components naming
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-11-14 09:06:29 +01:00
Waleed Elmelegy
bd36c4746a Stop IOP generate key complete test in case expected value is not success
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
2024-11-13 13:08:26 +00:00
Manuel Pégourié-Gonnard
30e8eb9847 Update path to all-core.sh
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2024-11-12 11:57:46 +01:00
Harry Ramsey
8ad56b822b Fix TEST_CALLOC issues with GCM buffer overlap tests
This commit fixes issues with TEST_CALLOC in GCM buffer overlap tests
cases.

Signed-off-by: Harry Ramsey <harry.ramsey@arm.com>
2024-11-11 10:09:01 +00:00
Janos Follath
241b9012a0
Merge pull request #9490 from waleed-elmelegy-arm/add-iop-key-agrmnt-api
Add PSA interruptible key agreement APIs
2024-11-11 09:29:16 +00:00
Manuel Pégourié-Gonnard
e248de54bf
Merge pull request #9720 from mpg/all.sh-tf-psa-crypto-dev
All.sh add support for tf-psa-crypto components
2024-11-07 08:49:44 +00:00
Paul Elliott
fc140d0c6b
Merge pull request #9672 from gilles-peskine-arm/coverity-20241004
Fix edge cases of mbedtls_psa_raw_to_der and mbedtls_psa_der_to_raw
2024-11-06 19:03:13 +00:00
Gilles Peskine
b48d5263c5
Merge pull request #9758 from gilles-peskine-arm/move-test_suite_psa_crypto_ecp
Move new test suite to the tf-psa-crypto directory
2024-11-06 17:56:30 +00:00
Waleed Elmelegy
30437e6408 Add PSA interruptible key generation complete API
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
2024-11-06 16:57:47 +00:00
Waleed Elmelegy
3783acae26 Improve key agreement iop basic testing
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
2024-11-06 16:03:49 +00:00
Waleed Elmelegy
57fb2a687c Refactor interuptible key agreement testing helper function
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
2024-11-06 16:03:49 +00:00
Waleed Elmelegy
a7fc0a676e Add PSA interruptible key agreement tests
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
2024-11-06 16:03:49 +00:00
Janos Follath
6eb9df7fc5
Merge pull request #9752 from gilles-peskine-arm/psa_init-20241104-dev
Fix MD_PSA_INIT called before initializing some data structures
2024-11-06 09:15:32 +00:00
Janos Follath
502ff7bcef
Merge pull request #9639 from waleed-elmelegy-arm/add-iop-key-gen-setup
Add PSA interruptible key generation setup & abort APIs
2024-11-06 09:10:42 +00:00
Gilles Peskine
ae5353bb62 Move new test suite to the tf-psa-crypto directory
It's a crypto test suite, but it was added in the main tree in a careless
forward port from 3.6.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-11-05 17:43:02 +01:00
Waleed Elmelegy
1ea62b11e1 Remove generate key brainpool160r1 & SECP224K1 test cases
Remove generate key brainpool160r1 & SECP224K1 test cases
as they are scheduled to be removed in 4.0 .

Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
2024-11-05 12:39:16 +00:00