Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Backport 3.6: Switch generate_psa_test.py to automatic dependencies for positive test cases #9796

Open
wants to merge 10 commits into
base: mbedtls-3.6
Choose a base branch
from

Conversation

gilles-peskine-arm
Copy link
Contributor

Mostly happening in the framework.

Status: work in progress.

Follows #9782. Will be rebased once that is merged.

PR checklist

@gilles-peskine-arm gilles-peskine-arm added needs-work component-crypto Crypto primitives and low-level interfaces component-platform Portability layer and build scripts needs-ci Needs to pass CI tests needs-preceding-pr Requires another PR to be merged first priority-high High priority - will be reviewed soon size-xs Estimated task size: extra small (a few hours at most) labels Nov 21, 2024
@gilles-peskine-arm gilles-peskine-arm force-pushed the psa-storage-test-cases-never-supported-positive-3.6 branch from 090cbec to 6e6cebd Compare November 22, 2024 09:41
Uniformly return PSA_ERROR_NOT_SUPPORTED if given an algorithm that includes
a hash, but that hash algorithm is not supported. This will make it easier
to have a uniform treatment of unsupported hashes in automatically generated
tests.

Signed-off-by: Gilles Peskine <[email protected]>
Allow imports of an ECC public key on an unsupported curve to return
INVALID_ARGUMENT rather than NOT_SUPPORTED. This can happen in our library
code in edge cases when only certain curve families are supported, and it's
acceptable.

The new code does not trigger yet, but it will be useful for a future commit
"Do run not-supported test cases on not-implemented mechanisms"
(forward port of 995d7d4).

Signed-off-by: Gilles Peskine <[email protected]>
Following "PSA sign/verify: more uniform error on an unsupported hash", some
error cases are detected earlier, so there is some sloppiness in test case
dependencies that is not longer acceptable.

* In test_suite_psa_crypto, one test case for a hash+sign algorithm now
  returns NOT_SUPPORTED rather than INVALID_ARGUMENT when the hash is not
  supported and the key is invalid.
* In test_suite_psa_crypto_se_driver_hal_mocks, some test cases now error
  out before reaching the mocks rather than after when they attempt to
  use an unsupported hash.

Signed-off-by: Gilles Peskine <[email protected]>
ECDSA has two variants: deterministic (PSA_ALG_DETERMINISTIC_ECDSA) and
randomized (PSA_ALG_ECDSA). The two variants are different for signature but
identical for verification. Mbed TLS accepts either variant as the algorithm
parameter for verification even when only the other variant is supported,
so we need to handle this as a special case when generating not-supported
test cases.

In this commit:

* Add manually written not-supported test cases for the signature
  operation when exactly one variant is supported.
* Add manually written positive test cases for the verification
  operation when exactly one variant is supported.
* Register that !ECDSA but DETERMINISTIC_ECDSA is not tested yet
  (Mbed-TLS#9592).

A commit in the framework will take care of automatically generated test cases.

Signed-off-by: Gilles Peskine <[email protected]>
In particular, if interruptible ECDSA is supported but not the deterministic
variant, detect this in psa_sign_hash_start(), whereas before start() would
succeed and psa_sign_hash_complete() would fail. This avoids an
inconsistency between psa_sign_hash() and psa_sign_hash_start() that would
be annoying to handle in test_suite_psa_crypto_op_fail.

Signed-off-by: Gilles Peskine <[email protected]>
For ECDSA verification, there is no difference between the deterministic and
randomized algorithm. The PSA core consider the two variants as identical as
far as key policies are concerned, and the built-in implementation accepts
either variant even if only the other variant is supported for signature.

In p256-m, accept to perform an ECDSA verification when the algorithm is
specified as deterministic ECDSA. This makes the behavior identical to the
built-in implementation, which is less surprising for users and saves us
from having to cope with a difference in our testing.

Signed-off-by: Gilles Peskine <[email protected]>
Running `make library/foo`, `make programs/foo` or `make tests/foo` only
rebuilt the given target if it was not an existing file, because the
toplevel makefile does not know the file's dependencies and thus thought
that every such target had empty dependencies. Fix this by always invoking
make recursively.

Signed-off-by: Gilles Peskine <[email protected]>
Signed-off-by: Gilles Peskine <[email protected]>
@gilles-peskine-arm gilles-peskine-arm force-pushed the psa-storage-test-cases-never-supported-positive-3.6 branch from 6e6cebd to 99afe62 Compare November 27, 2024 22:05
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
component-crypto Crypto primitives and low-level interfaces component-platform Portability layer and build scripts needs-ci Needs to pass CI tests needs-preceding-pr Requires another PR to be merged first needs-work priority-high High priority - will be reviewed soon size-xs Estimated task size: extra small (a few hours at most)
Projects
Development

Successfully merging this pull request may close these issues.

1 participant