This commit adds test cases for input and output buffer overlap. The
data for the test cases is a duplicate of existing encrypt/decrypt test
cases.
The two test functions gcm_<encrypt/decrypt>_input_output_buffer_overlap
are modified to use a single malloc buffer rounded to the nearest
128-bits/16-bytes for input and output.
Signed-off-by: Harry Ramsey <harry.ramsey@arm.com>
Variables that are in any way destructed on exit should be initialised
prior to any tests that might jump to exit, to save potential
uninitialised memory accesses.
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
Split the "many transient keys" test function in two: one that expects to
successfully create many keys, and one that expects to fill the key store.
This will make things easier when we add a dynamic key store where filling
the key store is not practical unless artificially limited.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Restricting the built-in key range would be an API break since applications
can hard-code a built-in key value and expect that it won't clash with
anything else. Make it harder to accidentally break the API.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
mbedtls_psa_register_se_key() is not usable with volatile keys, since there
is no way to return the implementation-chosen key identifier which would be
needed to use the key. Document this limitation. Reject an attempt to create
such an unusable key. Fixes#9253.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
TLS 1.3 is still experimental and partial, and SSL3 is obsolete, so we don't
expect much coverage about them, in particular we don't expect them to be
the sole supported version. TLS 1.0 and 1.1 exist and we expect good
coverage for them.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Add a test suite intended to report configuration options in the outcome
file: we're only interested in SKIP vs PASS.
Add a few test cases for some interesting combinations of options. The
selection here is just for illustration purposes, more will be added later.
A subsequent commit will automatically generate test cases for single options.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
ECDSA has two variants: deterministic (PSA_ALG_DETERMINISTIC_ECDSA) and
randomized (PSA_ALG_ECDSA). The two variants are different for signature but
identical for verification. Mbed TLS accepts either variant as the algorithm
parameter for verification even when only the other variant is supported,
so we need to handle this as a special case when generating not-supported
test cases.
In this commit:
* Automatically generated not-supported test cases for ECDSA now require
both variants to be disabled.
* Add manually written not-supported test cases for the signature
operation when exactly one variant is supported.
* Add manually written positive test cases for the verification
operation when exactly one variant is supported.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Following "PSA sign/verify: more uniform error on an unsupported hash", some
error cases are detected earlier, so there is some sloppiness in test case
dependencies that is not longer acceptable.
* In test_suite_psa_crypto, one test case for a hash+sign algorithm now
returns NOT_SUPPORTED rather than INVALID_ARGUMENT when the hash is not
supported and the key is invalid.
* In test_suite_psa_crypto_se_driver_hal_mocks, some test cases now error
out before reaching the mocks rather than after when they attempt to
use an unsupported hash.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
When we generate a test case for a mechanism that is not implemented,
comment out the test case rather than giving it a never-fulfilled
dependency. That way we don't create test cases that cannot be executed.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
In automatically generated PSA test cases, we detect cryptographic
mechanisms that are not implemented, and skip the corresponding test cases.
Originally this detection was intended for mechanisms for which the PSA_WANT
symbols were not implemented, but then it morphed into skipping mechanisms
that are declared in crypto_values.h but not actually implemented. So it no
longer makes sense to skip the test cases for which a negative
dependency (!PSA_WANT_xxx) is not implemented.
This causes more not-supported test cases to run.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Use psa_information.TestCase for operation failure test cases.
This changes the generated output in two ways:
* Not-implemented mechanisms now have a `DEPENDENCY_NOT_IMPLEMENTED_YET_xxx`
dependency in addition to the never-fulfilled `PSA_WANT_xxx` dependency.
This does not affect when test cases run.
* ECC test cases now have correct dependency symbols, e.g.
`PSA_WANT_ECC_SECP_R1_192` instead of `PSA_WANT_ECC_FAMILY_SECP_R1`. This
is a bug fix: ECC test cases were formerly never executed because of
incorrect dependency symbols.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
In automatically generated PSA test cases, annotate the test cases that are
expected to be never executed due to a dependency that is not implemented.
This was already done for not-supported test cases and for key generation,
but not for positive test cases of key usage.
You can audit which mechanisms are detected as not-implemented with
```
grep -hEo 'DEPENDENCY_NOT_IMPLEMENTED_YET_\w+' tests/suites/*.data | sort -u
```
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
The output is less nice, since it no longer mostly matches the order in
which symbols are used in the test case arguments. But this makes the output
more canonical, so it will be easier to notice if semantic changes occur in
subsequent commits.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Indicate which dependencies are not implemented. This makes it feasible to
audit the not-implemented detection.
The generated test cases that are detected as never-executed now have one or
more `DEPENDENCY_NOT_IMPLEMENTED_YET_PSA_WANT_xxx` instead of a single
`DEPENDENCY_NOT_IMPLEMENTED`. This does not affect when the test cases run.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
The guards for the declaration and use were not consistent. This could
be resolved either way; I chose the way that matches development.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
A previous commit backported the declaration of this field as part of
conflict resolution in the hope of preventing further conflicts in the
future. But if we backport it we should do it properly. This commit
finishes the job.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
- "in-driver" test should depend on the present
of a driver.
- add new counter in key manangement driver test
hook which counts the calls of generate_key.
- We only care about the hits when processing
`psa_generate_key`.
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
- MBEDTS_X509_INFO is incorrect in all branches: the macro is called
REMOVE_INFO and also starts with MBEDTLS not MBEDTS... this caused the
test to be always skipped.
- !MBEDTLS_X509_REMOVE_INFO is the correct way to express this but info
functions are not optional in the 2.28 branch. Since this is a negative
dependency, I don't think it was causing the test to be skipped, but I'm
removing it anyway for clarity's sake.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
These test cases were backported from 3.x and use FFDH. 2.28 doesn't have
FFDH. 2.28 doesn't have a key agreement other than ECDH, so use 0 in the
policy, which still allows the key to be created.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
In test_suite_psa_crypto_op_fail.generated.function
the function key_agreement_fail was setting the
public_key_length variable to SIZE_MAX which meant that
a huge allocation was being attempted.
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
This check is intended to ensure that we do not write intermediate
results to the shared output buffer. This check will be made obselete
by generic memory-poisoning-based testing for all functions.
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
Document and test the current behavior, even if it is weird:
* For Weierstrass keys, the error is MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL,
not MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL.
* For Weierstrass keys, a smaller output buffer is ok if the output fits.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Add non-regression tests. Update some test functions to not assume that
byte_length == bit_length / 8.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
In some configurations (e.g. ECDH but no ECDSA or RSA), the PK module is
useful but cannot perform any signatures. Then modern GCC complains:
```
../source/tests/suites/test_suite_pk.function: In function ‘test_pk_sign_verify’:
../source/tests/suites/test_suite_pk.function:1136:12: error: array subscript 0 is outside array bounds of ‘unsigned char[0]’ [-Werror=array-bounds]
../source/tests/suites/test_suite_pk.function:1094:19: note: while referencing sig’
…
```
This fixes test-ref-configs.pl with a modern GCC (specifically with
config-thread.h).
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Encrypt more than 2 blocks of data, causing both update() calls to
output data as well as the call to finish().
This exposes a test bug where the pointer to a buffer is not updated
as it is filled with data.
Signed-off-by: David Horstmann <david.horstmann@arm.com>
