This commit adds a test exercising the reader in a random way
and comparing the outcomes against what we expect based on the
abstract model of the reader from the producer's and consumer's
perspective.
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
This commit adds an MPS unit test suite `test_suite_mps` which will
subsequently be populated with unit tests for all components of MPS.
As a start, a test case
```
mbedtls_mps_reader_no_pausing_single_step_single_round()
```
is added which exercises the most basic usage of the MPS reader
component; see the test case description for more details.
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
Add the test keys from RFC 8032 (§7.1 Ed25519 "TEST 1", §7.4 Ed448 "Blank").
This replaces the generic byte-sized data used for unknown key types
which no longer works now that Ed25519 is considered to have 255 bits.
Re-generate the automatically generated test data accordingly.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Define algorithms for PureEdDSA and for HashEdDSA, the EdDSA variants
defined by RFC 8032.
The encoding for HashEdDSA needs to encode the hash algorithm so that
the hash can be calculated by passing PSA_ALG_SIGN_GET_HASH(sig_alg)
to psa_hash_compute() or psa_hash_setup(). As a consequence,
Ed25519ph (using SHA-512) and Ed448ph (using SHAKE256) need to have
different algorithm encodings (the key is enough to tell them apart,
but it is not known while hashing). Another consequence is that the
API needs to recognize the Ed448 prehash (64 bytes of SHAKE256 output)
as a hash algorithm.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Add an elliptic curve family for the twisted Edwards curves
Edwards25519 and Edwards448 ("Goldilocks"). As with Montgomery curves,
since these are the only two curves in common use, the family has a
generic name.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Given the PSA_WANT_* config options added lately,
update set_psa_test_dependencies.py and run it
on test_suite_psa_crypto*.data files but the SE
and generated ones.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
Fix likely harmless undefined behavior in cipher tests pointed out by
UBSan with recent compilers (e.g. Clang 10). When the complete output
is empty, the output buffer is NULL. Adding an integer to a null
pointer is undefined behavior even when the integer is 0, so make a
special case for that.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Replace MBEDTLS_* config options for which there is
an associated PSA_WANT_* to the PSA_WANT_* one. That
way the tests are also run when the dependency is
provided by a driver.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
Update expected return values of psa_get_key_attributes(),
psa_export_key() and other key api(s) to PSA_ERROR_INVALID_HANDLE
for invalid key.
Signed-off-by: Maulik Patel <Maulik.Patel@arm.com>
Generate test cases for all algorithms without parameters. Only the encoding
of the algorithm in the key metadata is covered: the test keys are not of a
type that permits the algorithm to be used in an operation.
This commit only covers algorithms without parameters. A subsequent commit
will generate algorithms with parameters.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Update this based on the output of the generator script. The Brainpool
curves are now supported, since they are spelled properly in the config.
Signed-off-by: David Brown <david.brown@linaro.org>
The commit
commit dcdde59c6f3a4cedc3e3e51d73970bfc6ec1a2d7
Author: David Brown <david.brown@linaro.org>
Date: Tue Feb 23 15:48:13 2021 -0700
tests: psa: Change Elliptic curve defines to PSA names
when rebased on
commit bb9cbc7a23c117437e3ef58076da76601053caf4
Author: Ronald Cron <ronald.cron@arm.com>
Date: Thu Mar 4 17:09:00 2021 +0100
psa: ecdsa: Prefer NOT_SUPPORTED error code
had an incorrect merge conflict resolution. Correct this, allowing the
test "PSA sign: invalid algorithm for ECC key" to pass again.
Signed-off-by: David Brown <david.brown@linaro.org>
Generate test cases for all key types. These test cases cover the key
representation (checked with export) and the encoding of the key type and
the bit-size.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Start generating storage format test cases. This commit introduces two test
data files: test_suite_psa_crypto_storage_format.v0.data for reading keys in
storage format version 0 (the current version at this time), and
test_suite_psa_crypto_storage_format.current.data for saving keys in the
current format (version 0 at this time).
This commit kicks off the test case generation with test cases to exercise
the encoding of usage flags. Subsequent commits will cover other aspects of
keys.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Save tests are for forward compatibility: import a key in the current format
and check that it has the expected storage format so that future versions
will still be able to read it.
Read tests are for backward compatibility: read a key in the format of a
past version (injected into storage) and check that this version can use it.
Exercise the key unless it is meant to test metadata storage only.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Now that PSA crypto config supports the new PSA_WANT_ECC_xxx defines,
change the psa-specific test suites to use these new names.
Signed-off-by: David Brown <david.brown@linaro.org>
Printf could potentially produce 2 64 bit numbers here when there is
only space for one, thus causing a buffer overflow. This was caught by
the new warning flags.
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
`entropy_poll.h` is not supposed to be used by application code and
is therefore being made internal.
Signed-off-by: Chris Jones <christopher.jones@arm.com>